Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Based on IP addresses, the Elknot botnet only targeted IPs in 5 different countries while under<br />
observation. The bulk of the attacks were against Chinese IPs followed by US IP addresses.<br />
TARGET COUNTRY<br />
# OF ATTACK<br />
COMMANDS ISSUED<br />
UNIQUE IP’s<br />
DURATION OF ATTACKS<br />
(IN SECONDS)<br />
China 384 95 26045<br />
United States 133 45 9510<br />
South Korea 19 6 7920<br />
Hong Kong 8 5 450<br />
Canada 5 1 600<br />
When viewed from an ASN perspective, the observed attacks targeted only 32 ASNs belonging to<br />
only 28 unique companies. The ASNs span a range of interests from ISPs (such as Chinanet, China<br />
Unicom, Korea Telecom), to DDoS protection providers (such as CloudDDOS Technologies, SharkTech<br />
and ClearDDoS Technologies), VPS providers (Krypt Technologies and VpsQuan), and CDNs<br />
(CloudFlare, Alibaba Advertising).<br />
Novetta observed three different attack methods being issued by the Elknot C2 servers:<br />
ATTACK TYPE<br />
# OF ATTACK<br />
COMMANDS ISSUED<br />
SYN Flood (0x80) 394<br />
UDP Flood (0x81) 153<br />
Ping Flood (0x82) 2<br />
THE ELASTIC BOTNET REPORT<br />
56