Skip to content

Dosia

Also known as: DDOSIA

Infrastructure and programs used for, as its name suggests, DDoSing.

It used to be written in Python, nowadays it's written in Go. Clients:

- Are written in Go. (Used to be written in Python.)

- Do not seem to differ significantly across OS deployments. (Confirmed on Windows, MacOS, Linux, Android)

- Seem to be partly run by NoName themselves.

- Partly also run voluntarily, recruited via dedicated Telegram channels. Participants are rewarded with cryptocurrency. Prints a suggestion to use a VPN for Russia-based launches. (This yields IP-based blocking as rather ineffective, consider behavioral analysis instead.)

Configuration:

- Rotates near-daily. Can be browsed on https://witha.name/ (also reachable via http://withanamemwesdvodfhthjq25a5a3uas24cpgoa7qm6gchcerzpis6qd.onion/).

- Is sent encrypted between C2 and Client.

- Specifies target hostname, subpath, vector protocols, methods, ports, whether SSL is used, headers for HTTP, request bodies.

- Any given config property can be randomly generated with per-use constraints.

- Is provided by a multi-level hierarchy of C2 servers.

Linked Threat Actors

NoName057(16)

C2 Infrastructure

Hosting/VPS 100%

Last 7 days

Jul 14, 2026
C2 Hosts: 1

Further Reading

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.