Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-01360 netlabHui Wang, Alex.Turing, Jinye, houliuyang, Chai Linyuan
@online{wang:20210701:miraiptea:3ba235e, author = {Hui Wang and Alex.Turing and Jinye and houliuyang and Chai Linyuan}, title = {{Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability}}, date = {2021-07-01}, organization = {360 netlab}, url = {https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/}, language = {English}, urldate = {2021-07-11} } Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
Mirai
2021-05-27360 netlabAlex.Turing, Jinye, Chai Linyuan
@online{alexturing:20210527:analysis:bc5ec0e, author = {Alex.Turing and Jinye and Chai Linyuan}, title = {{Analysis report of the Facefish rootkit}}, date = {2021-05-27}, organization = {360 netlab}, url = {https://blog.netlab.360.com/ssh_stealer_facefish_en/}, language = {English}, urldate = {2021-06-07} } Analysis report of the Facefish rootkit
Facefish
2021-04-29360 netlabLiu Ya, YANG XU, Jinye
@online{ya:20210429:threat:56c2d1e, author = {Liu Ya and YANG XU and Jinye}, title = {{Threat Alert: New update from Sysrv-hello, now infecting victims‘ webpages to push malicious exe to end users}}, date = {2021-04-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/threat-alert-new-update-from-sysrv-hello-now-infecting-victims-webpages-to-push-malicious-exe-to-end-users/}, language = {English}, urldate = {2021-05-03} } Threat Alert: New update from Sysrv-hello, now infecting victims‘ webpages to push malicious exe to end users
2021-03-18360 netlabJinye, YANG XU
@online{jinye:20210318:necro:e22f5c1, author = {Jinye and YANG XU}, title = {{Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux}}, date = {2021-03-18}, organization = {360 netlab}, url = {https://blog.netlab.360.com/necro-upgrades-again-using-tor-dynamic-domain-dga-and-aiming-at-both-windows-linux/}, language = {English}, urldate = {2021-03-19} } Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux
N3Cr0m0rPh
2021-03-04360 netlabJinye
@online{jinye:20210304:gafgtyttor:ba71f67, author = {Jinye}, title = {{Gafgtyt_tor and Necro are on the move again}}, date = {2021-03-04}, organization = {360 netlab}, url = {https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/}, language = {English}, urldate = {2021-03-06} } Gafgtyt_tor and Necro are on the move again
Bashlite N3Cr0m0rPh
2021-01-21NetlabJinye
@online{jinye:20210121:necropyinstallerdga:895bc13, author = {Jinye}, title = {{Necro在频繁升级,新版本开始使用PyInstaller和DGA}}, date = {2021-01-21}, organization = {Netlab}, url = {https://blog.netlab.360.com/not-really-new-pyhton-ddos-bot-n3cr0m0rph-necromorph/}, language = {Chinese}, urldate = {2021-01-25} } Necro在频繁升级,新版本开始使用PyInstaller和DGA
N3Cr0m0rPh
2020-05-23360 netlabJinye
@online{jinye:20200523:new:20aa28f, author = {Jinye}, title = {{New activity of DoubleGuns Group, control hundreds of thousands of bots via public cloud service}}, date = {2020-05-23}, organization = {360 netlab}, url = {https://blog.netlab.360.com/shuangqiang/}, language = {English}, urldate = {2020-05-26} } New activity of DoubleGuns Group, control hundreds of thousands of bots via public cloud service
2019-12-17NetlabJinye, GenShen Ye
@online{jinye:20191217:lazarus:f97fffd, author = {Jinye and GenShen Ye}, title = {{Lazarus Group uses Dacls RAT to attack Linux platform}}, date = {2019-12-17}, organization = {Netlab}, url = {https://blog.netlab.360.com/dacls-the-dual-platform-rat/}, language = {Chinese}, urldate = {2020-01-07} } Lazarus Group uses Dacls RAT to attack Linux platform
Dacls Log Collector Dacls