360 Netlab

Our latest blog, a malware based on CIA’s HIVE attack kit has been observed by us. blog.netlab.360.com/headsup_xdr33_…

So, we published our Fodcha botnet blog two days ago, and the author behind this botnet pushed an updated new sample with the following message inside....🤪

What are the most active P2P based botnets on the internet now, and what are their sizes? We(360netlab) have a tracking system in place for a while and here are some basic information about Pink,Mozi,Hajime,FritzFrog and Panchan. blog.netlab.360.com/p2p-botnets-re…

New version of Fodcha is bigger and probably better, and attacking various websites like there is no tomorrow. (in previous version, the author left a note saying "Netlab pls leave me alone I surrender", it does not seem so) blog.netlab.360.com/fodcha-is-comi…

@virusbtn English version is here now, blog.netlab.360.com/purecrypter-is…

Netlab researchers look into the PureCrypter loader's communication activities from the perspective of C2 and the communication chain, and analyse its operation process. blog.netlab.360.com/purecrypter/

We have noticed that some malware authors pay attention to who downloads their malwares from their downloader servers, aka, they do their security data analysis, if a device other than their own bots connect to their downloader, they DDoS these device IPs.

Our latest blog is about a new Monroe coin mining botnet Orchard, among other things, this botnet uses Satoshi Nakamoto's Bitcoin account transaction information to generate DGA domain names to evade detection. blog.netlab.360.com/a-new-botnet-o…

Okay, one botnet author has this written in his new program..🤪

A new updated fbot have been attacking various big names, it is now one of the most active DDos botnets that we have observed recently, more details can be found from our recently published blog blog.netlab.360.com/botnet-group-b… (in Chinese, but google translate will do the trick).

Analysing hundreds of billions of daily DNS queries to produce actionable threat intelligence. #Skidmap and malicious DNS data mining by @360Netlab's Zhang Zaifeng: blog.apnic.net/2021/04/19/ski… #Malware #threatintelligence #Throwback

Here at Quad9, we saw fridgexperts[.]cc skyrocket to our top blocked site with a whopping 30M+ blocks in just under 24 hours--starting ~noon UTC on the 14th! #Fodcha #DDoS #botnet #DNS

Fodcha author on the move again after we published our blog. The C2 IPs have changed.

Our latest blog, a new DDoS botnet Fodcha, which is big, and very active attacking various targets, some of the victims are the world top popular domains(top 10 companies) blog.netlab.360.com/fodcha-a-new-d…

👍

@pgl @johullrich @DNSFilter Most likely it is still in developing stage. We will see what happens

@johullrich Hey @360Netlab, nice report, thanks for this. Just checking into our logs, we haven't seen this domain in use @DNSFilter so far. We're still looking but it doesn't seem very active.

Interesting new Linux backdoor that's using DNS tunneling: blog.netlab.360.com/b1txor20-use-o… (h/t to @johullrich, thanks!)

Our latest blog, blog.netlab.360.com/b1txor20-use-o… B1txor20, a new Linux backdoor rides on the Log4J vulnerability and uses DNS tunnel for C2 communications.

We observed that ripprbot botnet has instructed its bots to attack targets 147.237.0.0, 147.237.64.0 and 147.237.68.0, all belong to Israeli Government Network

@campuscodi @AdamJanofsky @martinmatishak @kansasalps @NPRDina Good luck Catalin!

Our latest blog about the recent Ukraine and Russia DDoS attacks, takeaway: botnets are actively been recruited for attacks on both sides and Russia actually receives more DDoS than Ukraine does. blog.netlab.360.com/some_details_o…

We also see multiple botnets related DDos targeting Russian websites, for example, kremlin.ru, fsb.ru, digital.gov.ru, baltbank.ru got attacked about 2 hours ago, and duma.gov.ru is being DDosed right now