サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
体力トレーニング
blog.netlab.360.com
Overview On March 25, 2021, 360 NETLAB's BotMon system flagged a suspiciousELF file (MD5=64f6cfe44ba08b0babdd3904233c4857) with 0 VT detection, the sample communicates with 4 domains on TCP 443 (HTTPS), but the traffic is not of TLS/SSL. A close look at the sample revealed it to be a backdoor targeting Linux X64 systems, a family that has been around for at least 3 years. We named it RotaJakiro ba
7,500+ MikroTik Routers Are Forwarding Owners’ Traffic to the Attackers, How is Yours? [Update] 2018-09-05 11:00 GMT+8, with the generous help from the AS64073, 103.193.137.211 has been promptly suspended and is no longer a threat. Overview MikroTik is a Latvian company founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivit
Malicious Campaign luoxk Is Actively Exploiting CVE-2018-2893 Author: Zhang Zaifeng, yegenshen, RootKiter, JiaYu On July 18, in an officially released routine patch update, Oracle fixed CVE-2018-2893, an Oracle WebLogic Server remote code execution vulnerability. Three days later, at 2018-07-21 11:24:31 GMT+8, we noticed that a malicious campaign that we have been tracking for a long time start to
Two days ago, on 2018-06-14, we noticed that an updated Satori botnet began to perform network wide scan looking for uc-httpd 1.0.0 devices. Most likely for the vulnerability of XiongMai uc-httpd 1.0.0 (CVE-2018-10088). The scanning activities led to a surge in scanning traffic on ports 80 and 8000. About three hours ago, as we were writing this article, the Satori author released yet another upda
This blog is a joint effort of 360 Beaconlab, 360 CERT, 360 MobileSafe, 360Netlab and 360 Threat Intelligence Center. Overview About 48 hours ago, we reported an Android worm ADB.miner in our previous blog. This malware can replicate itself over Android devices by utilizing the opened ADB debugging interface. The spreading speed is quite fast, doubles about every 12 hours. Over the last 48 hours,
Warning: Satori, a Mirai Branch Is Spreading in Worm Style on Port 37215 and 52869 Author: 360 netlab [Update History] - At 2017-12-05 18:56:40 UTC, 2 hours after our blog goes live, we observed the C2 sending kill scan command to the bots, and that explains why the scan activities on the two ports started to drop on a global scale. - The C2 address 95.211.123.69:7654 is the typo for 95.211.123.69
New Threat Report: A new IoT Botnet is Spreading over HTTP 81 on a Large Scale Overview 360 Network Security Research Lab recently discovered a new botnet that is scanning the entire Internet on a large scale. Taking into account the following factors in the botnet, we decided to disclose our findings to the secure community: Very active, we can now see ~ 50k live scanner IPs daily. Malicious code
このページを最初にブックマークしてみませんか?
『360 Netlab Blog - Network Security Research Lab at 360』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く