Its name stems from the heavy usage of XOR encryption in both malware and network communication to the C&Cs.
Noteworthy about XOR DDoS is the ability to hide itself with an embedded rootkit component which is obtained by multiple installation steps.
[1] It was discovered in September 2014 by MalwareMustDie, a white hat malware research group.
[6] Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.
[7] It is believed to be of Asian origin based on its targets, which tend to be located in Asia.