FuYingLab

We discovered a new botnet family, gorillabot, which launched more than 300,000 attacks in more than 100 countries and regions.nsfocusglobal.com/over-300000-go…

#APT #Gamaredon from Ukraine "Шановний Володимире Олександровичу!" 18b0b361525bf37fc69e8ab86f3316c2 http[:]//salts.faith48.legolaba[.]ru/USER-ПК/perceived.accdw

Our team capture a new APT group as Actor240524 which targeting Azerbaijan and Israel on July 1, 2024 ,we naming the new type of Trojan program used by the group as ABCloader and ABCsync. nsfocusglobal.com/new-apt-group-…

We released a tactical analysis report about this #APT #DarkPink campaign nsfocusglobal.com/apt-group-dark… blog.nsfocus.net/aptdarkpinkwin… Thanks @RexorVc0 and @xanda for sharing!

#APT #DarkPink #Saaiwc CVE-2023-38831 #TelePowerBot #KamiKakaBot #threat #malware 📍🏴 💥🇻🇳🇲🇾 ⛓️ #Phishing > RAR + #CVE > Dropp dll > Side-Loading > Injection > Persistence + UAC bypass > Telegram API connection 🔗 Nsfocus Report: blog.nsfocus.net/aptdarkpinkwin…

In September, @NSFOCUS_Intl global threat hunting system monitored several new #botnet variant families developed based on #Mirai, among which #hailBot, #kiraiBot and #catDDoS are the most active, are accelerating their spread, and are widely deployed. nsfocusglobal.com/mirai-botnets-…

.@NSFOCUS_Intl discovered a previously unknown advanced persistent threat group targeted victims using an American Red Cross blood drive phishing lure and two novel trojan horse malware tools. #cybersecurity #infosec #ITsecurity bit.ly/3tadS25

#APT #DarkPink #CVE202338831 zip files: dd9146bf793ac34de3825bdabcd9f0f3 5504799eb0e7c186afcb07f7f50775b2 c5331b30587dcaf94bfde94040d4fc89 dropper: 6a3948a3602f11e58d8a9300d50984d6 final payload is #TelePowerBot

#APT #Gamaredon #maldoc targeting police of Ukraine file: 358242ac0768977888138a00b9e99b00 remote link: http[:]//shone.endeavour31.alpansa[.]ru/DESKTOP-3VASB0N/falcon/family.n64

@random_0_9 Yes, it was captured by our lab's global threat hunting system. We capture many new families every day.

@fuyinglab this file is not in VT

A new type of #Botnet called #Komorebi is spreading quickly. #ip：91.239.100.100 #Komorebi-init #Domorebi #hash：19691fed2a086ca0aa17c4b38434c433

The author of #Tbot( #RobinBot ) is an avid racial discriminator, leaving "#fucking.blackpeople.lol" in the latest version of Botnet. hash: 4b4ba7527786d48192c5c970927416b1

Recently, a new type of Botnet family calling itself #Kirin is spreading widely, which is modified from Gafgyt code but with many new changes. CC：#37.44.238.182 hash：#43dc824d5c5a0f1dcd5cbbd42c86ce86

English Version： blog-nsfocus-net.translate.goog/luoyefeihua/?_…

"#luoyefeihua", a very large #botnet gang that controls multiple botnet families including #XorDDoS and #Mediocre blog.nsfocus.net/luoyefeihua/

#Gobot has been upgraded, adding attack methods

We recently discovered a new Botnet family written in Golang, which is spread in the name of "#Bins_Bot_hicore" and supports multiple DDoS attack methods. It has gone through multiple version updates. We name this family "hicoreBot". #GobotV1

Recently, we found that a #Botnet claiming to be #Kosha Qbot Variant is being built rapidly hash：83734a32709d9667cc136b9cedf71d7360ec574d527f4a87744f436676b2e7fd

You can learn more about #Peacy Botnet through the following article blog.nsfocus.net/peachy-botnet/

Recently, our researchers have discovered a new #Botnet family called "#Peachy Botnet", which is constructed in a very simple way and is rapidly iterating versions. connect：37.0.11[.]160

Recently, we found that #KekSec gang began to develop #Moobot botnet string:#watudoinglookingatdis #w5q6he3dbrsgmclkiu4to18npavj702f IoC: #15.204.5.85:10275