Kaiji
Surfaced in late April 2020, Intezer describes Kaiji as a DDoS malware written in Go that spreads through SSH brute force attacks. Recovered function names are an English representation of Chinese words, hinting about the origin. The name Kaiji was given by MalwareMustDie based on strings found in samples.
Last 7 days
| Date | C2 Hosts |
|---|---|
| Mar 3, 2026 | 1 |
Further Reading
We detected variants of two Linux botnet malware - XORDDoS and Kaiji - targeting exposed Docker servers. XORDDoS infiltrated the Docker server to infect all containers it hosts, while the Kaiji att...
Kaiji—a new Chinese malware targeting servers and IoT devices with a custom implant—is part of a greater threat actor migration to Golang.
The REF6138 campaign involved cryptomining, DDoS attacks, and potential money laundering via gambling APIs, highlighting the attackers' use of evolving malware and stealthy communication channels.
Year of the Linux threat continued in 2020 with a number of Windows threats launching ELF malware for the first time.