1 Sample Introduction Banjori is a banking trojan that has been active since it was first spotted in 2013. It identifies personal online banking users in France, Germany, and the USA as major targets. After infecting a user, the trojan injects a malicious payload into the user's active processes and...
Category: DDoS Mitigation
IP Reputation Report-08192019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 19, 2019. Top 10 countries in attack percentage: The Palestine is in first place. The Curacao is in the second place....
Botnet Trend Report-10
4.2 BillGates: Best Cross-Platform Family In February 2014, a new botnet family was reported by the Russian website, habr5 and named BillGates because of its bill and gates modules. Subsequently the research group, MalwareMustDie reported that botnet family was operated by a Chinese hacker group, closely related with other known...
Botnet Trend Report-9
This chapter explores further into active botnet families detected in 2018. We concentrate on four distinct families and tools focusing our analysis on their behavior changes, sample version changes, sample variants, and average age of C&C servers, to better understand the dynamic lifecycle of botnet families throughout 2018. (more…)
IP Reputation Report-08122019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 11, 2019. (more…)
Botnet Trend Report-8
3.5 Delivery and Propagation 3.5.1 Behavior Seen Studying 25 million intrusion logs extracted from NSFOCUS managed services customers in 2018, we found that approximately 14 million logs recorded intrusions using weak password cracking mainly against Telnet, RDP, and SSH services. From other logs, a large portion of intrusions seen were...
