NoaBot Botnet: The Latest Mirai Offspring – Gridinsoft Blogs
A new Mirai platform-based botnet called NoaBot targets vulnerable to brute-force Linux SSH servers for illegal crypto mining.| Gridinsoft Blogs
Overview Recently, US officials claimed to have successfully gained control of RapperBot, effectively curbing this powerful source of DDoS attacks. The operation pinpointed the key figure behind the botnet, Ethan Foltz. According to the investigation, Foltz has been developing and operating RapperBot since 2021, with his residence in Eugene, Oregon, USA. Since its activity, the […] The post US Officials Claim to Have Gained Control of the RapperBot appeared first on NSFOCUS, Inc., a global ...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview On Oct 21, 2022, 360Netlab's honeypot system captured a suspicious ELF file ee07a74d12c0bb3594965b51d0e45b6f, which propagated via F5 vulnerability with zero VT detection, our system observces that it communicates with IP 45.9.150.144 using SSL with forged Kaspersky certificates, this caught our attention. After further lookup,| 360 Netlab Blog - Network Security Research Lab at 360
概述 2022年10月21日,360Netlab的蜜罐系统捕获了一个通过F5漏洞传播,VT 0检测的可疑ELF文件ee07a74d12c0bb3594965b51d0e45b6f,流量监控系统提示它和| 360 Netlab Blog - Network Security Research Lab at 360
概述 近期,我们的BotMon系统连续捕获到一个由Go编写的DDoS类型的僵尸网络家族,它用于DDoS攻击,使用了包括SSH/Telnet弱口| 360 Netlab Blog - Network Security Research Lab at 360
Background On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our article was published, Fodcha suffered a crackdown from the relevant authorities, and its authors quickly responded by leaving "Netlab pls leave me alone I surrender" in an updated sample.No surprise, Fodcha's authors| 360 Netlab Blog - Network Security Research Lab at 360
背景 2022年4月13日,360Netlab首次向社区披露了Fodcha僵尸网络,在我们的文章发表之后,Fodcha遭受到相关部门的打击,其作者| 360 Netlab Blog - Network Security Research Lab at 360
In our daily botnet analysis work, it is common to encounter various loaders.Compared to other types of malware, loaders are unique in that they are mainly used to "promote", i.e., download and run other malware on the infected machine. According to our observations, most loaders are| 360 Netlab Blog - Network Security Research Lab at 360
DGA is one of the classic techniques for botnets to hide their C2s, attacker only needs to selectively register a very small number of C2 domains, while for the defenders, it is difficult to determine in advance which domain names will be generated and registered. 360 netlab has long focused| 360 Netlab Blog - Network Security Research Lab at 360
A new Mirai platform-based botnet called NoaBot targets vulnerable to brute-force Linux SSH servers for illegal crypto mining.| Gridinsoft Blogs
The FBI has neutralized the IPStorm botnet's activity, including over 20,000 infected computers, and arrested its operator, Sergei Makinin.| Gridinsoft Blogs
In 2023, the number of IoT malware detections in the U.S., Mexico, Brazil, and Colombia increased 400% year-over-year.| Gridinsoft Blogs
InfectedSlurs botnet appears to be a new spreading point for Mirai malware: it targets IoT devices using a 0-day vulnerability.| Gridinsoft Blogs
A phishing campaign promoting the DarkGate and PikaBot malware is carried out by the authors or heirs of the QBot Trojan| Gridinsoft Blogs
Cybersecurity - Cybersecurity Threats - What is Cybersecurity Threat? - Types of Cybersecurity Threats - Cybersecurity Attacks| Gridinsoft Blogs
Mirai botnet Pandora has been discovered infiltrating inexpensive Android-based TV sets. through the firmware spread via third party websites.| Gridinsoft Blogs
GorillaBot is a new offspring of Mirai virus, posessing all the qualities of the original malware and bringing even more threatening features| Gridinsoft Blogs
Overview In June 2025, NSFOCUS Fuying Lab Global Threat Hunting System detected that a new botnet family developed based on Go language was spreading on a large scale, and continued to iterate versions and develop rapidly. We named it “hpingbot” and put it under intensive monitoring. hpingbot is a cross-platform botnet family that supports Windows […] The post Hpingbot: A New Botnet Family Based on Pastebin Payload Delivery Chain and Hping3 DDoS Module appeared first on NSFOCUS, Inc., a...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
A sophisticated cyberattack campaign has emerged, exploiting a critical vulnerability in Langflow, a widely-used Python-based framework.| GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Cloudflare Sees a Big Jump in DDoS Attacks Article Link: https://www.bleepingcomputer.com/news/security/cloudflare-mitigates-record-number-of-ddos-attacks-in-2025/ Bring Your Own Computer Trend Gives Cyber Pros Chills, Yet It’s Here to Stay Article Link: https://cybernews.com/security/cyber-pros-terified-of-bring-your-own-computer-trend Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis Article Link: https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-tren...| Project Hyphae
Millions of Internet-of-Things (IoT) devices running the open-source version of Android are part of the Badbox 2.0 botnet.| Help Net Security
Analysts discovered a new FritzFrog malware sample that uses exploitation of Log4Shell and PwnKit flaws for self-propagation| Gridinsoft Blogs
概述 2024年5月29日,美国司法部发布通告,声称其执法活动摧毁了"史上最大的僵尸网络" 911 S5,查封了相关域名| 360 Netlab Blog - Network Security Research Lab at 360
在我们的日常botnet分析工作中,碰到各种loader是常事。跟其它种类的malware相比,loader的特殊之处在于它主要用来“推广”,即在被感染机器上下载并运行其它的恶意软件。根据我们的观察,大部分loader是专有的,它们和推广的家族之间存在绑定关系。而少数loader家族会将自己做成通用的推广平台,可以传播其它任意家族,实现所谓的malware-as-a-service(MaaS)。跟专有loader相比...| 360 Netlab Blog - Network Security Research Lab at 360
引子 2025 年 2 月 24 日,美国全国广播公司新闻(NBC News)报道称:“华盛顿特区的美国住房与城市发展部(HUD)总部的电视设备突然播放了一段未经授权的 AI 生成视频。视频画面中,唐纳德·特朗普总统弯腰亲吻埃隆·马斯克的脚趾,并配以LONG LIVE THE REAL KING的醒目字幕。工作人员无法关闭只能被迫拔掉所有电视电源”。这一事件迅速引发舆论热议,公众广泛讨论。网络安全...| 奇安信 X 实验室
Discover PolarEdge, a newly identified botnet targeting edge devices via CVE-2023-20118, using a stealthy TLS backdoor.| Sekoia.io Blog
Russian threat actors combine domain name vulnerabilities with hidden router proxy techniques to scale their attacks while remaining shielded from detection.| Infoblox Blog
本文作者:马延龙,涂凌鸣,叶根深,刘宏达 当我们研究Botnet时,我们一般看到的是攻击者通过N-day漏洞植入Bot程序。但慢慢的,我们看到一个新的趋势,一些攻击者开始更多地利用0-day漏洞发起攻击,利用手段也越发成熟。我们希望安全社区关注到这一现象,积极合作共同应对0-day漏洞攻击威胁。 背景介绍 从2019年8月30号开始,360Netlab未知威胁检测系统持续监测到多个攻击...| 360 Netlab Blog - Network Security Research Lab at 360
Overview On 2021-06-22 we detected a sample of a mirai variant that we named mirai_ptea propagating through a new vulnerability targeting KGUARD DVR. Coincidently, a day later, on June 23, we received an inquiry from the security community asking if we had seen a new DDoS botnet, cross-referencing some| 360 Netlab Blog - Network Security Research Lab at 360
Overview In August 2024, XLab observed a premeditated large-scale DDoS attack targeting the distribution platforms of the chinese game Black Myth: Wukong, namely Steam and Perfect World.This attack operation was divided into four waves, with the attackers carefully selecting the peak online hours of gamers in various time zones| 奇安信 X 实验室
概述 2024年8月XLab观察到一次有预谋的针对国产游戏《黑神话悟空》发行平台 Steam 和 完美世界的大规模DDoS攻击事件。此次攻击行动分为四个波次,攻击者精心挑选在各个时区的游戏玩家在线高峰时段发起长达数小时的持续攻击。并且同时攻击Steam和完美世界分布在全球13个地区的上百个服务器,以实现最大的破坏效果。而参与此次攻击行动的僵尸网络当时自称为AISURU。本文将...| 奇安信 X 实验室
Overview Countless script kiddies, dreaming of getting rich, rush into the DDoS black-market industry armed with Mirai source code, imagining they can make a fortune with botnets. Reality, however, is harsh—these individuals arrive full of ambition but leave in dismay, leaving behind a series of Mirai variants that survive| 奇安信 X 实验室
概述 无数脚本小子怀揣着发财梦,拿着 Mirai 的源码兴高采烈地杀入 DDoS 黑产行业,幻想着靠僵尸网络大赚一笔。现实是残酷的,这些人来时满怀雄心,去时却灰头土脸,只给安全社区留下一个又一个只能活跃 3–4 天的 Mirai 变种。然而,今天的主角Gayfemboy是一个例外。 Gayfemboy 僵尸网络首次于 2024 年 2 月初被 XLab 捕获,并持续活跃至今。它的早期版本并不起眼,仅仅是一个...| 奇安信 X 实验室
Tracking the many iterations of this stealer| OALABS Research
Summary XLab's Cyber Threat Insight and Analysis system(CTIA) recently detected a sophisticated malicious payload delivery and upgrade framework, which we have named DarkCracks. This framework is characterized by its zero detection rate on VirusTotal, high persistence, stealth, and a well-designed upgrade mechanism, leveraging high-performance, stable online infrastructure as its| 奇安信 X 实验室
摘要 我们的XLab大网威胁感知系统最近捕获了一个VirusTotal 0检测, 高持续、高隐匿、高完善升级设计、并利用高性能稳定在线设备作为其基础设施的恶意载荷投递&升级框架系统。 从我们的数据来看,这个我们命名为DarkCracks的恶意程序设计精良,背后的攻击者绝非普通的脚本小子。虽然我们对他的载荷投递&升级框架体系已经掌握,但由于高隐匿性,它的Launcher组件我们截止目...| 奇安信 X 实验室
Incident Review On the evening of August 24th, Steam platform suddenly went down, with players around the world reporting that they were unable to log in. Many players speculate that the crash is caused by too many people online in Black Myth: Wukong. However, according to the announcement of Perfect| 奇安信 X 实验室
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Overview On June 17, 2024, we discovered an ELF sample written in C language with a detection rate of 0 on VT. This sample was packed with a modified upx packer. After unpacking, another modified upx-packed elf file was obtained which was written in CGO mode. After analysis, it was| 奇安信 X 实验室
一、概述 2024年6月17号我们发现了一个VT 0检测的使用c语言编写的ELF样本,这个样本使用变形的upx加壳,脱壳后得到了另一个变形的upx加壳的elf文件,使用cgo的方式编写。经过分析发现这是来自“8220“挖矿团伙的新工具,用来安装其他恶意软件执行,主要是构建Tsunami DDoS僵尸网络和安装PwnRig挖矿程序。根据样本中的函数名称将其命名为“k4spreader”,进一步分析了VT的和蜜罐的...| 奇安信 X 实验室
Background On May 20, 2024, while everyone was happily celebrating the holiday, the tireless XLab CTIA(Cyber Threat Insight Analysis) system captured a suspicious ELF file around 2 PM, located at /usr/bin/geomi. This file was packed with a modified UPX, had a magic number of 0x30219101, and was| 奇安信 X 实验室
背景 2024年5月20日,当大家都在愉快地庆祝节日时,不知疲倦的XLab大网威胁感知系统于14点左右捕获了一个可疑的ELF文件,路径为/usr/bin/geomi。该文件使用变形的UPX加壳,幻数为0x30219101,从俄罗斯上传到VirusTotal,未被任何杀软引擎检测出恶意行为。当晚22点,另一个使用相同UPX幻数的geomi文件从德国上传到VT。可疑的文件路径的,变形的UPX壳,以及多国上传的情况引起了我们...| 奇安信 X 实验室
Overview XLab's CTIA(Cyber Threat Insight Analysis) System continuously tracks and monitors the active mainstream DDoS botnets. Recently, our system has observed that CatDDoS-related gangs remain active and have exploited over 80 vulnerabilities over the last three months. Additionally, the maximum number of targets has been observed to exceed 300+| 奇安信 X 实验室
概述 XLab大网威胁感知系统会对当前活跃的主流DDoS僵尸网络家族进行持续跟踪和监控,最近3个月,这套系统观察到CatDDoS系团伙持续活跃,利用的漏洞数量达80+,攻击目标数量最大峰值300+/d,鉴于其活跃程度,我们整理了一份近期的各种数据分享给社区以供参考。 漏洞利用 根据视野内的数据,我们观察到CatDDoS系团伙最近3个月使用了大量的已知漏洞传播样本,总数达80多个。...| 奇安信 X 实验室
Summary On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently registered and had no detections, drawing our attention. Upon| 奇安信 X 实验室
简介 2024年4月18日,XLab的未知威胁狩猎系统发现一个VT 0检测的ELF文件正通过2个不同的域名传播,其中一个域名已被3家安全产商标注为恶意,另一个域名为近期注册且无任何检测,这个异常点引起了我们的注意。经过分析,我们确认此ELF是一个针对Android系统的恶意软件,基于它使用被黑的WORD PRESS站点做为中转C2,我们将其命名为Wpeeper。 Wpeeper是一个针对Android系统的典型后门...| 奇安信 X 实验室
About two days ago, hundreds of thousands of leeches were reported on Ubuntu's torrent tracker - downloading gigabits of data, but never reporting that they'd completed any chunks. My precious Linux ISOs (yes, really) were under attack. But whose botnet is this, why are they all downloading Ubuntu, and just how big is the botnet they're controlling? Let's dig in.| tweedge's blog
Overview The Mirai family, as the evergreen tree of botnet, exists numerous variants, but rarely appear Mirai variants using DGA(Domain Generation Algorithm), according to our observation, the last Mirai variant using DGA appeared in 2016. in March 2024, we captured new suspicious ELF samples, which we learnt through analysis| 奇安信 X 实验室
Whenever I reverse a sample, I am mostly interested in how it was developed, even if in the end the techniques employed are generally the same, I am always curious about what was the way to achieve a task, or just simply understand the code philosophy of a piece of code. It is a very... » read more| Fumik0_'s box
背景 一段时间之前,我们捕获了一个VT 0 检测,使用变形UPX加壳,名为pandoraspear,MD5为9a1a6d484297a4e5d6249253f216ed69的可疑ELF样本。在分析过程中,我们发现它硬编码了9个C2域名,其中有2个域名过期的保护期已过,于是我们注册了这2个域名用以度量botnet的规模。在我们能观测的时间内bot的巅峰日活为17万左右,绝大部分位于巴西。 当这个团伙发现我们注册了他的域名之后,通过D...| 奇安信 X 实验室
时间回到两年前,2021年6月360netlab捕获到一个全新的mirai变种,根据使用的TEA算法给它取名为mirai_ptea,没想到在向社区公布了该变种之后,作者在随后更新的样本里吐槽了360netlab的命名: “-_- you guys didnt pick up on the name? really??? its RI-MA-SU-TA. not MIRAI_PTEA this is dumb name.” 鉴于作者吐槽,360netlab也是将后续命名更改为Mirai_ptea_Rimasuta。当时以为又是一个生命短暂的僵尸网络,然而...| 奇安信 X 实验室
Malware is any piece of software that was created to harm devices, data, and people. Malicious software is written with malicious intent. If malware infects a| IPConfig.in - What is My IP Address?
DGA是一种经典的botnet对抗检测的技术,其原理是使用某种DGA算法,结合特定的种子和当前日期,定期生成大量的域名,而攻击者只是选择性的注册其中的极少数。对于防御者而言,因为难以事先确定哪些域名会被生成和注册,因而防御难度极大。 360 netlab长期专注于botnet攻防技术的研究,维护了专门的DGA算法和情报库,并通过订阅情报的方式与业界分享研究成果。近期我们在...| 360 Netlab Blog - Network Security Research Lab at 360
Overview Recently, CNCERT and 360netlab worked together and discovered a rapidly spreading DDoS botnet on the Internet. The global infection looks fairly big as just in China there are more than 10,000 daily active bots (IPs) and alsomore than 100 DDoS victims beingtargeted on a daily basis. We named| 360 Netlab Blog - Network Security Research Lab at 360
本报告由国家互联网应急中心(CNCERT)与三六零数字安全科技集团有限公司共同发布。 概述 近期,CNCERT和三六零数字安全科技集团有限公司共同监测发现一个新的且在互联网上快速传播的DDoS僵尸网络,通过跟踪监测发现其每日上线境内肉鸡数(以IP数计算)已超过1万、且每日会针对超过100个攻击目标发起攻击,给网络空间带来较大威胁。由于该僵尸网络最初使用的C2域名fol...| 360 Netlab Blog - Network Security Research Lab at 360
This is a follow-up to my previous post. For background on this post, please read that post. The botnet master behind the attacks described in the last post could be*: Romanian trancetears@yahoo.c…| my 20%
First of all, I want to apologize for not getting around to writing part 2 of my previous post yet. I have more free time now and have started research for that post, but haven’t had a chance…| my 20%
