Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-01360 netlabHui Wang, Alex.Turing, Jinye, houliuyang, Chai Linyuan
@online{wang:20210701:miraiptea:3ba235e, author = {Hui Wang and Alex.Turing and Jinye and houliuyang and Chai Linyuan}, title = {{Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability}}, date = {2021-07-01}, organization = {360 netlab}, url = {https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/}, language = {English}, urldate = {2021-07-11} } Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
Mirai
2021-05-27360 netlabAlex.Turing, Jinye, Chai Linyuan
@online{alexturing:20210527:analysis:bc5ec0e, author = {Alex.Turing and Jinye and Chai Linyuan}, title = {{Analysis report of the Facefish rootkit}}, date = {2021-05-27}, organization = {360 netlab}, url = {https://blog.netlab.360.com/ssh_stealer_facefish_en/}, language = {English}, urldate = {2021-06-07} } Analysis report of the Facefish rootkit
Facefish
2021-05-06360 netlabAlex Turing
@online{turing:20210506:rotajakiro:3e85531, author = {Alex Turing}, title = {{RotaJakiro, the Linux version of the OceanLotus}}, date = {2021-05-06}, organization = {360 netlab}, url = {https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/}, language = {English}, urldate = {2021-05-08} } RotaJakiro, the Linux version of the OceanLotus
RotaJakiro
2021-04-29360 netlabLiu Ya, YANG XU, Jinye
@online{ya:20210429:threat:56c2d1e, author = {Liu Ya and YANG XU and Jinye}, title = {{Threat Alert: New update from Sysrv-hello, now infecting victims‘ webpages to push malicious exe to end users}}, date = {2021-04-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/threat-alert-new-update-from-sysrv-hello-now-infecting-victims-webpages-to-push-malicious-exe-to-end-users/}, language = {English}, urldate = {2021-05-03} } Threat Alert: New update from Sysrv-hello, now infecting victims‘ webpages to push malicious exe to end users
2021-04-28360 netlabAlex Turing, Hui Wang
@online{turing:20210428:rotajakiro:3d85cc1, author = {Alex Turing and Hui Wang}, title = {{RotaJakiro: A long live secret backdoor with 0 VT detection}}, date = {2021-04-28}, organization = {360 netlab}, url = {https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/}, language = {English}, urldate = {2021-05-04} } RotaJakiro: A long live secret backdoor with 0 VT detection
RotaJakiro
2021-03-18360 netlabJinye, YANG XU
@online{jinye:20210318:necro:e22f5c1, author = {Jinye and YANG XU}, title = {{Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux}}, date = {2021-03-18}, organization = {360 netlab}, url = {https://blog.netlab.360.com/necro-upgrades-again-using-tor-dynamic-domain-dga-and-aiming-at-both-windows-linux/}, language = {English}, urldate = {2021-03-19} } Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux
N3Cr0m0rPh
2021-03-12360 netlabAlex.Turing, liuyang, YANG XU
@online{alexturing:20210312:new:37158fe, author = {Alex.Turing and liuyang and YANG XU}, title = {{New Threat: ZHtrap botnet implements honeypot to facilitate finding more victims}}, date = {2021-03-12}, organization = {360 netlab}, url = {https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/}, language = {English}, urldate = {2021-03-16} } New Threat: ZHtrap botnet implements honeypot to facilitate finding more victims
ZHtrap
2021-03-09360 netlabJiaYu
@online{jiayu:20210309:threat:fa2a2a3, author = {JiaYu}, title = {{Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities}}, date = {2021-03-09}, organization = {360 netlab}, url = {https://blog.netlab.360.com/threat-alert-z0miner-is-spreading-quickly-by-exploiting-elasticsearch-and-jenkins-vulnerabilities/}, language = {English}, urldate = {2021-03-11} } Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities
2021-03-05360 netlabYanlong Ma, JiaYu, GenShen Ye
@online{ma:20210305:qnap:c353950, author = {Yanlong Ma and JiaYu and GenShen Ye}, title = {{QNAP NAS users, make sure you check your system}}, date = {2021-03-05}, organization = {360 netlab}, url = {https://blog.netlab.360.com/qnap-nas-users-make-sure-you-check-your-system/}, language = {English}, urldate = {2021-03-22} } QNAP NAS users, make sure you check your system
QNAPCrypt
2021-03-04360 netlabJinye
@online{jinye:20210304:gafgtyttor:ba71f67, author = {Jinye}, title = {{Gafgtyt_tor and Necro are on the move again}}, date = {2021-03-04}, organization = {360 netlab}, url = {https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/}, language = {English}, urldate = {2021-03-06} } Gafgtyt_tor and Necro are on the move again
Bashlite N3Cr0m0rPh
2021-03-03360 netlabGenShen Ye, Alex Turing
@online{ye:20210303:fbot:4bee771, author = {GenShen Ye and Alex Turing}, title = {{Fbot is now riding the traffic and transportation smart devices}}, date = {2021-03-03}, organization = {360 netlab}, url = {https://blog.netlab.360.com/fbot-is-now-riding-the-traffic-and-transportation-smart-devices-en/}, language = {English}, urldate = {2021-03-04} } Fbot is now riding the traffic and transportation smart devices
FBot
2021-02-10360 netlabLiu Ya
@online{ya:20210210:rinfo:52ad312, author = {Liu Ya}, title = {{Rinfo Is Making A Comeback and Is Scanning and Mining in Full Speed}}, date = {2021-02-10}, organization = {360 netlab}, url = {https://blog.netlab.360.com/rinfo-is-making-a-comeback-and-is-scanning-and-mining-in-full-speed/}, language = {English}, urldate = {2021-02-20} } Rinfo Is Making A Comeback and Is Scanning and Mining in Full Speed
2021-01-21NetlabJinye
@online{jinye:20210121:necropyinstallerdga:895bc13, author = {Jinye}, title = {{Necro在频繁升级,新版本开始使用PyInstaller和DGA}}, date = {2021-01-21}, organization = {Netlab}, url = {https://blog.netlab.360.com/not-really-new-pyhton-ddos-bot-n3cr0m0rph-necromorph/}, language = {Chinese}, urldate = {2021-01-25} } Necro在频繁升级,新版本开始使用PyInstaller和DGA
N3Cr0m0rPh
2020-12-03360 netlabYanlong Ma, GenShen Ye
@online{ma:20201203:another:bb8fa99, author = {Yanlong Ma and GenShen Ye}, title = {{Another LILIN DVR 0-day being used to spread Mirai}}, date = {2020-12-03}, organization = {360 netlab}, url = {https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/}, language = {English}, urldate = {2020-12-08} } Another LILIN DVR 0-day being used to spread Mirai
Mirai
2020-11-24360 netlabJiaYu
@online{jiayu:20201124:blackrota:8a46a54, author = {JiaYu}, title = {{Blackrota, a heavily obfuscated backdoor written in Go}}, date = {2020-11-24}, organization = {360 netlab}, url = {https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go-en/}, language = {English}, urldate = {2020-12-03} } Blackrota, a heavily obfuscated backdoor written in Go
Blackrota
2020-11-20360 netlabHui Wang, Alex Turing, CNCERT, Qihoo 360
@online{wang:20201120:moobot:bee7c03, author = {Hui Wang and Alex Turing and CNCERT and Qihoo 360}, title = {{MooBot on the run using another 0 day targeting UNIX CCTV DVR}}, date = {2020-11-20}, organization = {360 netlab}, url = {https://blog.netlab.360.com/moobot-0day-unixcctv-dvr-en/}, language = {English}, urldate = {2020-11-23} } MooBot on the run using another 0 day targeting UNIX CCTV DVR
MooBot
2020-11-20360 netlabJiaYu
@online{jiayu:20201120:blackrota:ee43da1, author = {JiaYu}, title = {{Blackrota, a highly obfuscated backdoor developed by Go}}, date = {2020-11-20}, organization = {360 netlab}, url = {https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go/}, language = {Chinese}, urldate = {2020-11-23} } Blackrota, a highly obfuscated backdoor developed by Go
Cobalt Strike
2020-11-13NetlabAlex Turing, Hui Wang
@online{turing:20201113:quick:fd9e5d2, author = {Alex Turing and Hui Wang}, title = {{Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices}}, date = {2020-11-13}, organization = {Netlab}, url = {https://blog.netlab.360.com/linux-ngioweb-v2-going-after-iot-devices-en/}, language = {English}, urldate = {2020-11-18} } Quick update on the Linux.Ngioweb botnet, now it is going after IoT devices
Ngioweb
2020-10-06360 netlabJiaYu
@online{jiayu:20201006:heh:48e69cc, author = {JiaYu}, title = {{HEH, a new IoT P2P Botnet going after weak telnet services}}, date = {2020-10-06}, organization = {360 netlab}, url = {https://blog.netlab.360.com/heh-an-iot-p2p-botnet/}, language = {English}, urldate = {2020-10-07} } HEH, a new IoT P2P Botnet going after weak telnet services
2020-09-30360netlabHui Wang, Alex Turing
@online{wang:20200930:ttint:fb14c9f, author = {Hui Wang and Alex Turing}, title = {{Ttint: 一款通过2个0-day漏洞传播的IoT远控木马}}, date = {2020-09-30}, organization = {360netlab}, url = {https://blog.netlab.360.com/ttint-an-iot-rat-uses-two-0-days-to-spread/}, language = {Chinese}, urldate = {2020-10-04} } Ttint: 一款通过2个0-day漏洞传播的IoT远控木马