{"id":11711,"date":"2020-10-16T00:56:30","date_gmt":"2020-10-16T00:56:30","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=11711"},"modified":"2026-04-17T18:07:47","modified_gmt":"2026-04-17T18:07:47","slug":"analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/","title":{"rendered":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><h2 class=\"wp-block-heading\"><strong>Overview<\/strong><\/h2>\n\n\n\n<p>In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families.<\/p>\n\n\n\n<p>In 2020 H1, DDoS attack means were dominated by UDP floods, CC, and TCP floods.<\/p>\n\n\n\n<p>In 2020 H1, Hostwinds, Digital Ocean, and OVH were the major hosted cloud service providers of C&amp;C servers. We predict that it will remain unchanged in 2020 H2.<\/p>\n\n\n\n<p>In the same period, 128 types of vulnerabilities were detected to be spread and exploited by the Internet of Things (IoT) trojans. Of all these vulnerabilities, CVE-2017-17215 (in Huawei HG532 routers), CVE-2014-8361 (Realtek rtl81xx SDK remote code execution vulnerability), and ThinkPHP remote code execution vulnerability were the most frequently exploited.<\/p>\n\n\n\n<p>Through NSFOCUS&#8217;s threat hunting system, we have kept an eye on a botnet specializing in Monero cryptomining for a long time. The botnet intrudes upon hosts by cracking weak passwords and gains control privileges by implanting bot programs. Meanwhile, it downloads and executes Monero cryptomining scripts via the downloader for malicious cryptomining. The cryptomining botnet became increasingly active in 2020 H1, involving a total of 20,830 active bots. China was the country with the most bots, which were as many as 8304, accounting for 40% of the total. Port 22 was opened on 13,664 bots, approximately 66% of all bots. According to known asset intelligence, routers and cameras were dominant device types reduced to bots.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Botnet Trends<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Botnet Attacks in 2020 H1<\/h3>\n\n\n\n<p>In the DDoS botnet activities in 2020 H1, major attacks were connected to Mirai, Gafgyt, and other families.<\/p>\n\n\n\n<p>In 2020 H1, DDoS attack means were dominated by UDP floods, CC, and TCP floods.<\/p>\n\n\n\n<p>In 2020 H1, Hostwinds, Digital Ocean, and OVH were the major hosted cloud service providers of C&amp;C servers. We predict that it will remain unchanged in 2020 H2. In the same period, 128 types of vulnerabilities were detected to be spread and exploited by IoT trojans. Of all these vulnerabilities, CVE-2017-17215 (in Huawei HG532 routers), CVE-2014-8361 (Realtek rtl81xx SDK remote code execution vulnerability), and ThinkPHP remote code execution vulnerability were the most frequently exploited.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Attack Count and Family Distribution<\/strong><\/li><\/ul>\n\n\n\n<p>In 2020 H1, we detected a total of 131,687 attacks, which were launched by 10 families, as shown in Figure 2-1.<\/p>\n\n\n\n<p class=\"has-text-align-center\">Table 2-1 Botnet attack count and family distribution<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"722\" height=\"329\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-1-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11713\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-1-1.jpg 722w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-1-1-300x137.jpg 300w\" sizes=\"(max-width: 722px) 100vw, 722px\" \/><\/figure><\/div>\n\n\n\n<p>Monthly attack trends in 2020 H1 are as follows.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"940\" height=\"588\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-2-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11715\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-2-1.jpg 940w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-2-1-300x188.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-2-1-768x480.jpg 768w\" sizes=\"(max-width: 940px) 100vw, 940px\" \/><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-center\">Figure 2-1 Attack trends<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Attack Events and Family Variants<\/strong><\/li><\/ul>\n\n\n\n<p>The percentages of family variants in various attacks are as follows:<\/p>\n\n\n\n<p class=\"has-text-align-center\">Table 2-2 Number and percentage of attacks initiated by each family\/variant<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"722\" height=\"734\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-3-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11717\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-3-1.jpg 722w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-3-1-295x300.jpg 295w\" sizes=\"(max-width: 722px) 100vw, 722px\" \/><\/figure><\/div>\n\n\n\n<p>Obviously, gafgyt_builds overshadowed other variants in the Gafgyt family, and S1P0R3.WV was the most active in the Nitol family. Since gafgyt_builds was abnormally inactive in May and June, Gafgyt was far behind Mirai in terms of attack count in 2020 H1. Mirai contributed almost a half of the DDoS attacks.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Attack C&amp;C Distribution<\/strong><\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\">Table 2-3 Geographical distribution<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"613\" height=\"1024\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-4-1-613x1024.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11719\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-4-1-613x1024.jpg 613w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-4-1-179x300.jpg 179w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-4-1.jpg 722w\" sizes=\"(max-width: 613px) 100vw, 613px\" \/><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"598\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-5-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11721\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-5-1.jpg 700w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-5-1-300x256.jpg 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-center\">Figure 2-2 Distribution of C&amp;C cloud services and operators<\/p>\n\n\n\n<p>C&amp;C was mainly hosted in cloud services, with Hostwinds most favored, closely followed by Digital Ocean and OVH.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Daily Distribution of the Activity Level of Attack Instructions<\/strong><\/li><\/ul>\n\n\n\n<p>Mirai (in dark blue) was almost always active in 2020 H1 and reached peaks in early January, early April, and mid-June, becoming a family with the most stable active state. Sdbot (in red) reached ultra-high peaks between late January and early February, far exceeding other families. <\/p>\n\n\n\n<p>However, it was inactive in other periods. Activities of Gafgyt were mainly carried out by the variant gafgyt_builds (in yellow). gafgyt_builds was stably active from January to March and gradually became sluggish in the next three months. YoYo (in dark green) was on the contrary. It was stably active from March to June. Dofloo (in lavender) and Tianfa DDoS (in gray) were occasionally active in some periods.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"441\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-6-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11723\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-6-1.jpg 800w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-6-1-300x165.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-6-1-768x423.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Distribution of Flood Types Used in Attacks<\/strong><\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\">Table 2-4 Distribution of flood types used in attacks<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"722\" height=\"599\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-7-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11725\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-7-1.jpg 722w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-7-1-300x249.jpg 300w\" sizes=\"(max-width: 722px) 100vw, 722px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Distribution of Linux\/IoT Vulnerabilities Exploited in Attacks<\/strong><\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\">Table 2-5 Distribution of Linux\/IoT vulnerabilities exploited in attacks<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"627\" height=\"1024\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-8-1-627x1024.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-11727\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-8-1-627x1024.jpg 627w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-8-1-184x300.jpg 184w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1016-8-1.jpg 722w\" sizes=\"(max-width: 627px) 100vw, 627px\" \/><\/figure><\/div>\n\n\n\n<p>TO be continued.<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1, DDoS attack means were dominated by UDP floods, CC, and TCP floods. In 2020 H1, Hostwinds, Digital Ocean, and OVH were the major hosted cloud service providers of C&amp;C servers. We predict [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11427,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,15],"tags":[118,446],"class_list":["post-11711","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-research-reports","tag-botnet","tag-honeypot-captured"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-16T00:56:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1,\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1\",\"datePublished\":\"2020-10-16T00:56:30+00:00\",\"dateModified\":\"2026-04-17T18:07:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/\"},\"wordCount\":668,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"keywords\":[\"Botnet\",\"Honeypot-captured\"],\"articleSection\":[\"Blog\",\"Research &amp; Reports\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/\",\"name\":\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"datePublished\":\"2020-10-16T00:56:30+00:00\",\"dateModified\":\"2026-04-17T18:07:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"width\":468,\"height\":200,\"caption\":\"Earth horizon with digital code overlay.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/","og_locale":"pt_BR","og_type":"article","og_title":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS","og_description":"Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1,","og_url":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/","og_site_name":"NSFOCUS","article_published_time":"2020-10-16T00:56:30+00:00","article_modified_time":"2026-04-17T18:07:47+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS","twitter_description":"Overview In the distributed denial-of-service (DDoS) botnet activities in 2020 H1, most were from Mirai, Gafgyt, and other major families. In 2020 H1,","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1","datePublished":"2020-10-16T00:56:30+00:00","dateModified":"2026-04-17T18:07:47+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/"},"wordCount":668,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","keywords":["Botnet","Honeypot-captured"],"articleSection":["Blog","Research &amp; Reports"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/","url":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/","name":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1 - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","datePublished":"2020-10-16T00:56:30+00:00","dateModified":"2026-04-17T18:07:47+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","width":468,"height":200,"caption":"Earth horizon with digital code overlay."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-1"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/11711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=11711"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/11711\/revisions"}],"predecessor-version":[{"id":32721,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/11711\/revisions\/32721"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/11427"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=11711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=11711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=11711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}