JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens. Find out more >

The ASEC analysis team has recently discovered ransomware that is being distributed emails after disguising itself as resumes or copyright-related claims. The malicious emails with such content have been steadily distributed from the past. Unlike previous…

The ASEC analysis team has uploaded a post on February 21st about distribution of Cobalt Strike via unsecured MS-SQL servers. Cobalt Strike Being Distributed to Unsecured MS-SQL Servers As for the current case, the distributed Cobalt Strike had a different…

--- 内置未知威胁分析模型介绍

概述
在系列文章2
[https://blog.netlab.360.com/use_dta_to_illuminate_the_path_of_dns_threat_analysis_2/]
，介绍了如何利用DTA进行一轮完整的未知威胁分析，共有3个步骤：

> 1、提出分析思路，从DNS日志里找到可疑线索
2、确认可疑线索有威胁行为
3、借助DNS日志确认资产被感染


其中，这几个步骤里最为安全分析人员所熟悉的应该是步骤2，毕竟日常工作大家都少不了利用各家威胁情…

This blog is a follow-up to the StrRAT discussed before here in K7Labs blog.  A new variant of StrRAT where […]

Popular games such as “Temple Run” or  “Subway Surfer” were found to be malicious Attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine Most of the victims are from Sweden, Bulgaria, Russia, Bermuda and…

Ukraine Targeted Attacks Wiper

The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous…

IcedId is a modular banking Trojan discovered in 2017.

At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks. Equipped with this visibility…

PartyTicket Ransomware Used as a Diversion From Hermetic Wiper Attack

Google Data Studio turns your data into informative dashboards and reports that are easy to read, easy to share, and fully customizable.

This blog was jointly written with Santiago Cortes.  Executive summary LevelBlue Labs™ is writing this report about recently created ransomware malware dubbed BlackCat which was used in a January 2022 campaign against two international oil companies headquartered…

There hasn't been any new activity from the Trickbot malware in 2022. Why?

The ASEC analysis team is constantly monitoring malware distributed to unsecured MS-SQL servers. The previous blogs explained the distribution cases of Cobalt Strike and Remcos RAT, but the majority of the discovered attacks are CoinMiners. – [ASEC Blog] Remcos…

Recently, 360 Security Center observed a state-level cyber warfare attack against Ukraine for the purpose of sabotage, including distributed denial of service (DDoS) attacks, phishing scams, exploits, supply chain attacks, malicious data wipes disguised as…