FuYingLab @fuyinglab - Twitter Profile

over 1 year ago

We discovered a new botnet family, gorillabot, which launched more than 300,000 attacks in more than 100 countries and regions.https://t.co/Oi3t6xAvzy

0

1

0

140

FuYingLab @fuyinglab

over 1 year ago

#APT #Gamaredon from Ukraine "Шановний Володимире Олександровичу!" 18b0b361525bf37fc69e8ab86f3316c2 http[:]//salts.faith48.legolaba[.]ru/USER-ПК/perceived.accdw

fuyinglab's tweet photo. #APT #Gamaredon from Ukraine

"Шановний Володимире Олександровичу!"

18b0b361525bf37fc69e8ab86f3316c2

http[:]//salts.faith48.legolaba[.]ru/USER-ПК/perceived.accdw https://t.co/mKfmdksZK1

0

3

2

1

13K

FuYingLab @fuyinglab

almost 2 years ago

Our team capture a new APT group as Actor240524 which targeting Azerbaijan and Israel on July 1, 2024 ,we naming the new type of Trojan program used by the group as ABCloader and ABCsync. https://t.co/2pcPKaGjd1

0

2

1

126

FuYingLab @fuyinglab

over 2 years ago

We released a tactical analysis report about this #APT #DarkPink campaign https://t.co/TsRLh9Lquu https://t.co/D2wxuHCi3D Thanks @RexorVc0 and @xanda for sharing!

FuYingLab @fuyinglab

over 2 years ago

#APT #DarkPink #CVE202338831 zip files: dd9146bf793ac34de3825bdabcd9f0f3 5504799eb0e7c186afcb07f7f50775b2 c5331b30587dcaf94bfde94040d4fc89 dropper: 6a3948a3602f11e58d8a9300d50984d6 final payload is #TelePowerBot

fuyinglab's tweet photo. #APT #DarkPink #CVE202338831

zip files:
dd9146bf793ac34de3825bdabcd9f0f3
5504799eb0e7c186afcb07f7f50775b2
c5331b30587dcaf94bfde94040d4fc89

dropper:
6a3948a3602f11e58d8a9300d50984d6

final payload is #TelePowerBot https://t.co/TJiwfwAB0O

1

42

11

4

17K

1

30

11

8

5K

Who to follow

avallach (@[email protected])

@xorhex

🇺🇦Malware Researcher 🇺🇦 Tweets are my own and do not reflect my employer. On Mastodon as @[email protected] Creator of https://t.co/woQLhjSmV0

Johann Aydinbas

@jaydinbas

Reverse engineering, malware

Michele Campa

@s1ckb017

VR at @XI_Research - my opinions are my own and do not represent the views of my employer

fuyinglab retweeted

Aaron Jornet

@RexorVc0

over 2 years ago

#APT #DarkPink #Saaiwc CVE-2023-38831 #TelePowerBot #KamiKakaBot #threat #malware 📍🏴 💥🇻🇳🇲🇾 ⛓️ #Phishing > RAR + #CVE > Dropp dll > Side-Loading > Injection > Persistence + UAC bypass > Telegram API connection 🔗 Nsfocus Report: https://t.co/EDvx0d2G96

RexorVc0's tweet photo. #APT #DarkPink #Saaiwc CVE-2023-38831 #TelePowerBot #KamiKakaBot #threat #malware

📍🏴
💥🇻🇳🇲🇾

⛓️ #Phishing > RAR + #CVE > Dropp dll > Side-Loading > Injection > Persistence + UAC bypass > Telegram API connection

🔗 Nsfocus Report: https://t.co/EDvx0d2G96 https://t.co/GkpnX1APWr

1

72

22

19

11K

fuyinglab retweeted

NSFOCUS @NSFOCUS_Intl

over 2 years ago

In September, @NSFOCUS_Intl global threat hunting system monitored several new #botnet variant families developed based on #Mirai, among which #hailBot, #kiraiBot and #catDDoS are the most active, are accelerating their spread, and are widely deployed. https://t.co/lnLoQArXs9

0

1

2

0

363

fuyinglab retweeted

SC Media @SCMagazine

over 2 years ago

.@NSFOCUS_Intl discovered a previously unknown advanced persistent threat group targeted victims using an American Red Cross blood drive phishing lure and two novel trojan horse malware tools. #cybersecurity #infosec #ITsecurity https://t.co/WcIkVDP5qh

0

2

1

0

864

FuYingLab @fuyinglab

over 2 years ago

#APT #DarkPink #CVE202338831 zip files: dd9146bf793ac34de3825bdabcd9f0f3 5504799eb0e7c186afcb07f7f50775b2 c5331b30587dcaf94bfde94040d4fc89 dropper: 6a3948a3602f11e58d8a9300d50984d6 final payload is #TelePowerBot

1

42

11

4

17K

FuYingLab @fuyinglab

almost 3 years ago

#APT #Gamaredon #maldoc targeting police of Ukraine file: 358242ac0768977888138a00b9e99b00 remote link: http[:]//shone.endeavour31.alpansa[.]ru/DESKTOP-3VASB0N/falcon/family.n64

fuyinglab's tweet photo. #APT #Gamaredon #maldoc targeting police of Ukraine

file:
358242ac0768977888138a00b9e99b00

remote link:
http[:]//shone.endeavour31.alpansa[.]ru/DESKTOP-3VASB0N/falcon/family.n64 https://t.co/rWPHFAZz6E

1

16

2

0

2K

FuYingLab @fuyinglab

about 3 years ago

@random_0_9 Yes, it was captured by our lab's global threat hunting system. We capture many new families every day.

0

1

0

72

FuYingLab @fuyinglab

about 3 years ago

A new type of #Botnet called #Komorebi is spreading quickly. #ip：91.239.100.100 #Komorebi-init #Domorebi #hash：19691fed2a086ca0aa17c4b38434c433

fuyinglab's tweet photo. A new type of #Botnet called #Komorebi is spreading quickly.
#ip：91.239.100.100
#Komorebi-init
#Domorebi
#hash：19691fed2a086ca0aa17c4b38434c433 https://t.co/O98GfMLEYb

1

3

2

901

FuYingLab @fuyinglab

about 3 years ago

The author of #Tbot( #RobinBot ) is an avid racial discriminator, leaving "#fucking.blackpeople.lol" in the latest version of Botnet. hash: 4b4ba7527786d48192c5c970927416b1

fuyinglab's tweet photo. The author of #Tbot( #RobinBot ) is an avid racial discriminator, leaving "#fucking.blackpeople.lol" in the latest version of Botnet.
hash: 4b4ba7527786d48192c5c970927416b1 https://t.co/ScxmrC3kTp

0

5

1

0

612

FuYingLab @fuyinglab

about 3 years ago

Recently, a new type of Botnet family calling itself #Kirin is spreading widely, which is modified from Gafgyt code but with many new changes. CC：#37.44.238.182 hash：#43dc824d5c5a0f1dcd5cbbd42c86ce86

fuyinglab's tweet photo. Recently, a new type of Botnet family calling itself #Kirin is spreading widely, which is modified from Gafgyt code but with many new changes.
CC：#37.44.238.182
hash：#43dc824d5c5a0f1dcd5cbbd42c86ce86 https://t.co/i8PmiWBd6e

0

10

2

0

3K

FuYingLab @fuyinglab

about 3 years ago

English Version： https://t.co/1LTTiStHTl

0

221

FuYingLab @fuyinglab

about 3 years ago

"#luoyefeihua", a very large #botnet gang that controls multiple botnet families including #XorDDoS and #Mediocre https://t.co/AfERdNY4UE

fuyinglab's tweet photo. "#luoyefeihua", a very large #botnet gang that controls multiple botnet families including #XorDDoS and #Mediocre
https://t.co/AfERdNY4UE https://t.co/RTU62y7Xat

1

6

0

2

594

FuYingLab @fuyinglab

about 3 years ago

#Gobot has been upgraded, adding attack methods

0

221

FuYingLab @fuyinglab

over 3 years ago

We recently discovered a new Botnet family written in Golang, which is spread in the name of "#Bins_Bot_hicore" and supports multiple DDoS attack methods. It has gone through multiple version updates. We name this family "hicoreBot". #GobotV1

fuyinglab's tweet photo. We recently discovered a new Botnet family written in Golang, which is spread in the name of "#Bins_Bot_hicore" and supports multiple DDoS attack methods. It has gone through multiple version updates. We name this family "hicoreBot".
#GobotV1 https://t.co/jROpIaX0iO

1

2

3

0

FuYingLab @fuyinglab

over 3 years ago

Recently, we found that a #Botnet claiming to be #Kosha Qbot Variant is being built rapidly hash：83734a32709d9667cc136b9cedf71d7360ec574d527f4a87744f436676b2e7fd

fuyinglab's tweet photo. Recently, we found that a #Botnet claiming to be #Kosha Qbot Variant is being built rapidly
hash：83734a32709d9667cc136b9cedf71d7360ec574d527f4a87744f436676b2e7fd https://t.co/Y9rUDVENlN

0

12

4

0

3K

FuYingLab @fuyinglab

over 3 years ago

You can learn more about #Peacy Botnet through the following article https://t.co/1vYMhGU8Uk

0

2

1

0

286

FuYingLab @fuyinglab

over 3 years ago

Recently, our researchers have discovered a new #Botnet family called "#Peachy Botnet", which is constructed in a very simple way and is rapidly iterating versions. connect：37.0.11[.]160