Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18360 netlabHui Wang, Alex.Turing, litao3rd, YANG XU
@online{wang:20211118:pitfall:23ff4ea, author = {Hui Wang and Alex.Turing and litao3rd and YANG XU}, title = {{The Pitfall of Threat Intelligence Whitelisting: Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service}}, date = {2021-11-18}, organization = {360 netlab}, url = {https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/}, language = {English}, urldate = {2021-11-19} } The Pitfall of Threat Intelligence Whitelisting: Specter Botnet is 'taking over' Top Legit DNS Domains By Using ClouDNS Service
Specter
2021-11-12360 netlabAlex.Turing, Hui Wang, YANG XU
@online{alexturing:20211112:malware:70f965d, author = {Alex.Turing and Hui Wang and YANG XU}, title = {{Malware uses namesilo Parking pages and Google's custom pages to spread}}, date = {2021-11-12}, organization = {360 netlab}, url = {https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/}, language = {English}, urldate = {2021-11-17} } Malware uses namesilo Parking pages and Google's custom pages to spread
2021-11-09360 netlabAlex.Turing, Hui Wang
@online{alexturing:20211109:abcbot:8e1eee4, author = {Alex.Turing and Hui Wang}, title = {{Abcbot, an evolving botnet}}, date = {2021-11-09}, organization = {360 netlab}, url = {https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/}, language = {English}, urldate = {2021-11-17} } Abcbot, an evolving botnet
Abcbot
2021-10-29360 netlabGhost
@online{ghost:20211029:pink:1464c64, author = {Ghost}, title = {{Pink, a botnet that competed with the vendor to control the massive infected devices}}, date = {2021-10-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/pink-en/}, language = {English}, urldate = {2021-11-03} } Pink, a botnet that competed with the vendor to control the massive infected devices
Pink
2021-09-01360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210901:aptc56:0f08cce, author = {Advanced Threat Institute}, title = {{APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert}}, date = {2021-09-01}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/xUM2x89GuB8uP6otN612Fg}, language = {Chinese}, urldate = {2021-09-09} } APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert
Crimson RAT NetWire RC
2021-08-30360 netlabAlex.Turing, Hui Wang, GenShen Ye
@online{alexturing:20210830:mostly:d4d0f30, author = {Alex.Turing and Hui Wang and GenShen Ye}, title = {{The Mostly Dead Mozi and Its’ Lingering Bots}}, date = {2021-08-30}, organization = {360 netlab}, url = {https://blog.netlab.360.com/the-mostly-dead-mozi-and-its-lingering-bots/}, language = {English}, urldate = {2021-08-31} } The Mostly Dead Mozi and Its’ Lingering Bots
Mozi
2021-08-02360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210802:operation:af54e15, author = {Advanced Threat Institute}, title = {{Operation Hunting - The latest attack by the CNC (APT-C-48) has been revealed}}, date = {2021-08-02}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/dMFyLxsErYUZX7BQyBL9YQ}, language = {Chinese}, urldate = {2021-08-02} } Operation Hunting - The latest attack by the CNC (APT-C-48) has been revealed
2021-07-29360 Total Securitykate
@online{kate:20210729:netfilter:27b34a6, author = {kate}, title = {{“Netfilter Rootkit II ” Continues to Hold WHQL Signatures}}, date = {2021-07-29}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/netfilter-rootkit-ii-continues-to-hold-whql-signatures/}, language = {English}, urldate = {2021-08-02} } “Netfilter Rootkit II ” Continues to Hold WHQL Signatures
NetfilterRootkit
2021-07-27360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210727:summary:219ae9b, author = {Advanced Threat Institute}, title = {{Summary of Kimsuky's secret stealing activities in the first half of 2021}}, date = {2021-07-27}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ}, language = {Chinese}, urldate = {2021-07-27} } Summary of Kimsuky's secret stealing activities in the first half of 2021
2021-07-16360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210716:aptc61:4736008, author = {Advanced Threat Institute}, title = {{APT-C-61 attacks against South Asia}}, date = {2021-07-16}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/Jpw7TqyPzOy57RAZDQdlWA}, language = {Chinese}, urldate = {2021-07-20} } APT-C-61 attacks against South Asia
2021-07-01360 netlabHui Wang, Alex.Turing, Jinye, houliuyang, Chai Linyuan
@online{wang:20210701:miraiptea:3ba235e, author = {Hui Wang and Alex.Turing and Jinye and houliuyang and Chai Linyuan}, title = {{Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability}}, date = {2021-07-01}, organization = {360 netlab}, url = {https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/}, language = {English}, urldate = {2021-07-11} } Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
Mirai
2021-06-15360 Threat Intelligence Center360 Fiberhome Laboratory
@online{laboratory:20210615:pjobrat:df97e9c, author = {360 Fiberhome Laboratory}, title = {{PJobRAT: Spyware targeting Indian military personnel}}, date = {2021-06-15}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/VTHvmRTeu3dw8HFyusKLqQ}, language = {Chinese}, urldate = {2021-06-21} } PJobRAT: Spyware targeting Indian military personnel
PjobRAT
2021-05-27360 netlabAlex.Turing, Jinye, Chai Linyuan
@online{alexturing:20210527:analysis:bc5ec0e, author = {Alex.Turing and Jinye and Chai Linyuan}, title = {{Analysis report of the Facefish rootkit}}, date = {2021-05-27}, organization = {360 netlab}, url = {https://blog.netlab.360.com/ssh_stealer_facefish_en/}, language = {English}, urldate = {2021-06-07} } Analysis report of the Facefish rootkit
Facefish
2021-05-21360 Total Securitykate
@online{kate:20210521:darksides:fd45119, author = {kate}, title = {{DarkSide’s Targeted Ransomware Analysis Report for Critical U.S. Infrastructure}}, date = {2021-05-21}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/darksides-targeted-ransomware-analysis-report-for-critical-u-s-infrastructure-2/}, language = {English}, urldate = {2021-05-26} } DarkSide’s Targeted Ransomware Analysis Report for Critical U.S. Infrastructure
DarkSide
2021-05-06360 netlabAlex Turing
@online{turing:20210506:rotajakiro:3e85531, author = {Alex Turing}, title = {{RotaJakiro, the Linux version of the OceanLotus}}, date = {2021-05-06}, organization = {360 netlab}, url = {https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/}, language = {English}, urldate = {2021-05-08} } RotaJakiro, the Linux version of the OceanLotus
RotaJakiro
2021-04-29360 netlabLiu Ya, YANG XU, Jinye
@online{ya:20210429:threat:56c2d1e, author = {Liu Ya and YANG XU and Jinye}, title = {{Threat Alert: New update from Sysrv-hello, now infecting victims‘ webpages to push malicious exe to end users}}, date = {2021-04-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/threat-alert-new-update-from-sysrv-hello-now-infecting-victims-webpages-to-push-malicious-exe-to-end-users/}, language = {English}, urldate = {2021-05-03} } Threat Alert: New update from Sysrv-hello, now infecting victims‘ webpages to push malicious exe to end users
2021-04-28360 netlabAlex Turing, Hui Wang
@online{turing:20210428:rotajakiro:3d85cc1, author = {Alex Turing and Hui Wang}, title = {{RotaJakiro: A long live secret backdoor with 0 VT detection}}, date = {2021-04-28}, organization = {360 netlab}, url = {https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/}, language = {English}, urldate = {2021-05-04} } RotaJakiro: A long live secret backdoor with 0 VT detection
RotaJakiro
2021-04-20360 Threat Intelligence CenterAdvanced Threat Institute
@online{institute:20210420:transparent:1033b04, author = {Advanced Threat Institute}, title = {{Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry}}, date = {2021-04-20}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/ELYDvdMiiy4FZ3KpmAddZQ}, language = {Chinese}, urldate = {2021-04-28} } Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry
Crimson RAT
2021-04-02360 Total Securitykate
@online{kate:20210402:txt:1216a3c, author = {kate}, title = {{A “txt file” can steal all your secrets}}, date = {2021-04-02}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/a-txt-file-can-steal-all-your-secrets/?web_view=true}, language = {English}, urldate = {2021-04-06} } A “txt file” can steal all your secrets
Poulight Stealer
2021-03-23360 Core Security360 Core Security
@online{security:20210323:remrat:895cb4e, author = {360 Core Security}, title = {{RemRAT: Android spyware that has been lurking in the Middle East for many years}}, date = {2021-03-23}, organization = {360 Core Security}, url = {https://blogs.360.cn/post/analysis-of-RemRAT.html}, language = {Chinese}, urldate = {2021-03-25} } RemRAT: Android spyware that has been lurking in the Middle East for many years
RemRAT