Welcome to WithAName!

If you see this page, you are at the right place to find details about the DDoSia configuration.

DDoSia is a specialized toolkit crafted by the hacker collective NoName057(16) explicitly for executing DDoS (Distributed Denial of Service) attacks, primarily targeting nations critical of the Russian invasion of Ukraine.

Initially coded in Python, DDoSia used CPU threads to launch a lot of network requests simultaneously. However, due to its inefficiency, the hackers transitioned to using Go. The updated Go versions seem to function seamlessly across various platforms, with variants tailored for major operating systems such as Windows, MacOS, Linux, and Android having been identified. The group remains actively engaged in refining the project to maximize the effectiveness of their attacks and preemptively counter any potential defensive measures.

The setup features dynamic configuration, hosted on a Command and Control (C2) server, with only the initial level publicly disclosed. Updates occur with varying frequency, but consistently at least once daily.

For more details please find articles: Malpedia

Because sharing is caring ;-)

Yes this is free and when a new configuration is detected we added it in near realtime. The configuration is in JSON format but we also provide a CSV file lighter with key elements.

No we will not notify you, but feel free to monitor the data section or to follow us on Mastodon !

The configuration is splited in 2 parts "targets" and "randoms"

"targets" contains all targets and the associated rules. The same domain, hostname can appears multiple times but with differents attacks rules.

        {
           "target_id": "target id",
           "request_id": "request id",
           "host": "hostname to attack",
           "ip": "ip of the hostname",
           "type": "http|http2|http3|nginx_loris|tcp|type|udp",
           "method": "|ack|GET|method|PING|POST|syn|SYN|syn_ack|udp_flood",
           "port": Port selected,
           "use_ssl": true|false,
           "path": "Url to attack",
           "body": {
               "type": "|str",
               "value": "Parameter to use for GET request"
           },
           "headers": null|"string to user in headers fields http"
       }

"randoms" is a list of rules used to generated random strings in targets rules. Each $_* in target rules have to be replaced by the output of the linked "randoms" field.

        {
           "name": "Name of the rule",
           "id": "id of the rule",
           "digit": true|false,
           "upper": true|false,
           "lower": true|false,
           "min": minimum length,
           "max": maximum legnth
       }

The following User-Agent are used with the version 41 of DDoSia

• AppleCoreMedia/1.0.0.23A344 (Macintosh; U; Intel Mac OS X 14_0; da_dk)
• Dalvik/2.1.0 (Linux; U; Android 11; Tibuta_MasterPad-E100 Build/RP1A.201005.006)Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021208 Debian/1.2.1-2
• Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6) Gecko/20050319
• Mozilla/5.0 (Linux; Android 11; SM-A115M Build/RP1A.200720.012; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/102.0.5005.125 Mobile Safari/537.36 Instagram 306.0.0.35.109 Android (30/11; 280dpi; 720x1411; samsung; SM-A115M; a11q; qcom; pt_BR; 530130405)
• Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [LinkedInApp]/9.
• Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [LinkedInApp]/9.28.7586
• Mozilla/5.0 (Linux; Android 13; SM-F711U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36 EdgA/114.0.1823.43
• Mozilla/5.0 (X11; U; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/115.0.5738.217 Chrome/115.0.5738.217 Safari/537.36
• Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/102.0.5143.178 Chrome/102.0.5143.178 Safari/537.36
• Mozilla/5.0 (Linux; Android 13; SAMSUNG SM-T220) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/23.0 Chrome/115.0.0.0 Mobile Safari/537.36
• Mozilla/5.0 (Linux; Android 9) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/119.0.6045.66 Mobile DuckDuckGo/1 Lilo/1.2.3 Safari/537.36
• Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/118.0.2088.76 GLS/97.10.7399.100
• Mozilla/5.0 (X11; Linux x86_64; SMARTEMB Build/3.12.9076) AppleWebKit/537.36 (KHTML, like Gecko) Chromium/103.0.5060.129 Chrome/103.0.5060.129 Safari/537.36
• Mozilla/5.0 (iPhone; CPU iPhone OS 15_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/19G82 Instagram 306.0.0.20.118 (iPhone12,1; iOS 15_6_1; en_GB; en; scale=2.00; 828x1792; 529083166) NW/3
• Mozilla/5.0 (Linux; Android 6.0.1; SM-G532MT Build/MMB29T; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/99.0.4844.88 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/436.0.0.35.101;]
• Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1