September 27, 2019


根据我们的观察,过去几年185.244.25.0/24这个网段出现了超多的Botnet,包括但不仅限于mirai、gafgyt、tsunami、fbot、moobot、handymanny等,他们属于同一个组织或共享了相关代码。下表是过去一年我们关于该网段的一些统计数据。可以看出该网段有很多的CC和攻击行为。 Count of CC (host:port) Count of attack target host Count of downloader IP Count of loader IP 416 36933 166 181 本文主要介绍和该网段有关最近比较活跃/有趣的几个Botnet家族,包括moobot、fbot、handymanny等。 对于其他Botnet为了方便读者了解该网段下具体有那些Botnet及其变种,我们用该网段下的Loader IP植入样本阶段使用的关键字生成一张Tag cloud图,大致反应该网段下有那些Botnet及其变种。如下图所示: […]
September 27, 2019

The Botnet Cluster on the

In the past few years, we have seen quite a few botnets on the netblock, how many? Readers can take a look at the following […]
October 17, 2019

AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2

Original release date: October 17, 2019 Summary On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating […]
November 11, 2019

The DGA of QSnatch

QSnatch is a malware that infects QNAP NAS devices. It collects and exfiltrates user credentials from vulnerable devices, and can also load malicious code from its […]