1 malware family

Tadashi

Also known asTadashi

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

Consumer Services
Software & Services

MITRE ATT&CK

Tradecraft

32 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

11 of 15 tactics43 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0043

Reconnaissance

1 technique

T1595

Active Scanning

T1595.001

Scanning IP Blocks

TA0001

Initial Access

1 technique

T1190

Exploit Public-Facing Application

TA0002

Execution

2 techniques

T1059

Command and Scripting Interpreter

T1059.004

Unix Shell

T1106

Native API

TA0003

Persistence

1 technique

T1205

Traffic Signaling

TA0005

Stealth

6 techniques

T1027

Obfuscated Files or Information

T1027.002

Software Packing

T1027.013

Encrypted/Encoded File

T1036

Masquerading

T1036.005

Match Legitimate Resource Name or Location

T1070

Indicator Removal

T1070.004

File Deletion

T1205

Traffic Signaling

T1497

Virtualization/Sandbox Evasion

T1497.001

System Checks

T1564

Hide Artifacts

T1564.003

Hidden Window

TA0112

Defense Impairment

1 technique

T1222

File and Directory Permissions Modification

T1222.002

Linux and Mac Permissions

TA0007

Discovery

3 techniques

T1057

Process Discovery

T1082

System Information Discovery

T1497

Virtualization/Sandbox Evasion

T1497.001

System Checks

TA0008

Lateral Movement

2 techniques

T1021

Remote Services

T1210×2

Exploitation of Remote Services

TA0009

Collection

1 technique

T1119

Automated Collection

TA0011

Command and Control

7 techniques

T1008

Fallback Channels

T1071

Application Layer Protocol

T1090

Proxy

T1090.002

External Proxy

T1105×2

Ingress Tool Transfer

T1205

Traffic Signaling

T1568

Dynamic Resolution

T1568.002

Domain Generation Algorithms

T1571

Non-Standard Port

TA0040

Impact

3 techniques

T1489

Service Stop

T1498

Network Denial of Service

T1498.001

Direct Network Flood

T1499

Endpoint Denial of Service

T1499.002

Service Exhaustion Flood

T1499.003

Application Exhaustion Flood

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

xlabs_v1Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks.2May 6, 2026

IOCS

Observables

2 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

2 IOCsView more in app

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

the hacker newsNews

May 6, 2026

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Operator behind the xlabs_v1 Mirai-derived botnet and DDoS-for-hire service targeting internet-exposed devices with ADB enabled, especially Android TV boxes, set-top boxes, smart TVs, routers, and IoT hardware, to launch DDoS attacks against game servers and Minecraft hosts.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping32

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables2

Domains, IPs, and hashes tied to this actor, refreshed continuously.