• Technologies
    • Black Lotus Labs
    • Cloud
    • Edge Compute
    • Collaboration
    • Managed Services
    • Network
    • Security
  • Business Advice
    • 4th Industrial Revolution
    • Business Continuity & Disaster Recovery
    • Customer Experience
    • Data Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Healthcare
    • Gaming
    • Manufacturing
    • Media and Entertainment
    • Pharmaceutical
    • Public Sector
    • Retail
    • Technology
  • About Us
    • Leadership Perspectives
    • NewsRoom
    • LATAM Blog
  • Technologies
    • Black Lotus Labs
    • Cloud
    • Edge Compute
    • Collaboration
    • Managed Services
    • Network
    • Security
  • Business Advice
    • 4th Industrial Revolution
    • Business Continuity & Disaster Recovery
    • Customer Experience
    • Data Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Healthcare
    • Gaming
    • Manufacturing
    • Media and Entertainment
    • Pharmaceutical
    • Public Sector
    • Retail
    • Technology
  • About Us
    • Leadership Perspectives
    • NewsRoom
    • LATAM Blog

Mylobot Continues Global Infections

Black Lotus LabsBlack Lotus Labs Posted On November 15, 2018
0


0
Shares
  • Share On Facebook
  • Tweet It

Cybersecurity and global communication, secure data network, elements from NASA

CenturyLink Threat Research Labs has been tracking the Mylobot botnet, a sophisticated malware family that is categorized as a downloader. What makes Mylobot dangerous is its ability to download and execute any type of payload after it infects a host. This means at any time it could download any other type of malware the attacker desires. A detailed walkthrough and reverse engineering analysis of Mylobot was first reported in June by Deep Instinct. During the time we have been monitoring Mylobot we have observed it downloading the Khalesi malware as a second stage to infected hosts. Kaspersky Lab reports that the information stealing Khalesi malware is one of the top downloaded malware families in 2018.

We were first alerted to the botnet’s behavior by IPs interacting with our honeypot network. Our team is constantly monitoring attack patterns and looking for common behaviors in these attacks. In this case, we observed a common behavior to DNS lookups coming from a distinct group of these IPs. Each of the hosts performed DNS lookups for domains that we had flagged as likely to be algorithmically generated.

The common behavior was detected by combining the IPs extracted from our honeypot logs with DNS resolution data, and applying unsupervised clustering techniques to isolate large clusters of similarly-behaving devices. The resulting behavior appeared to be callbacks to Domain Generation Algorithm (DGA) generated domains. Our DGA domains list is generated by monitoring lookups to estimate the probability that a domain was generated using a variety of techniques. These techniques could include randomly choosing letters or numbers, or randomly choosing words from a dictionary to make up a domain. The domains being queried by this particular cluster of IPs appeared to be seven randomly-chosen letters with the TLDs .ru, .net and .com. The subdomains ranged from m0 to m42.

dns_queries.png

Our investigation in to these domains found that they are hardcoded into samples of the Mylobot malware. Mylobot contains sophisticated anti-VM and anti-sandboxing techniques. For example, it sits idle for 14 days before attempting to contact the C2.1 This delaying technique is used to wait out the sandbox environment to avoid detection. When it attempts to contact the C2, the malware uses a set of 1,404 hard-coded domain name and port pairs.

For each domain-port pair, the malware first attempts to resolve 43 subdomains, which are the same as those we saw in passive DNS (m0 through m42). If one of the FQDNs resolves to an IP, the malware tries to connect to the IP on the port that was hard-coded with that domain. With 1,404 domains and 43 subdomains, this results in 60,372 DNS queries from each bot.

The large volume of queries from an individual host can be used as an indication of an infection by this malware. The internet-wide impact of this behavior can be seen when looking at a two-week period. As each region of infected hosts is powered on to begin the day, a large volume of queries occurs, slowly dropping off as each host finds the C2. Below is a graph showing the total number of queries to these domains we see in our DNS traffic over this period.

num_pdns_queries.png

Through our analysis it was important to understand if the botnet had shown any noticeable variation in size. We found, that while day-to-day sizes may vary due to normal botnet maintenance and data sampling, the botnet’s total size has remained relatively consistent throughout the year. The below graph displays the number of IPs we see in passive DNS traffic querying the domains in question for the current year.

num_bots.png

At CenturyLink Threat Research Labs, we leverage our global visibility to identify botnet infrastructure. Analyzing DNS response data allowed us to generate a list of potential C2s from the FQDNs that resolved to IP addresses. Searching our sampled Netflow for traffic from these IPs, we can identify the active C2s and their ports. Below are the active C2s from November and the number of IPs the C2 sent responses to on the C2 port.

C2 IP Port FQDN Number of IPs
74.222.19.103 7432 m20.fywkuzp.ru 2,675
74.222.19.63 7432 m19.fywkuzp.ru 2,511
217.23.13.62 7432 m7.fywkuzp.ru 2,420
89.39.107.19 7432 m12.fywkuzp.ru 2,289
70.36.107.38 7432 m21.fywkuzp.ru 2,259
89.39.105.82 7432 m8.fywkuzp.ru 2,133
89.38.98.48 7432 m10.fywkuzp.ru 2,128
109.236.85.147 7432 m25.fywkuzp.ru 2,108
217.23.6.62 7432 m11.fywkuzp.ru 2,082
89.38.98.165 7432 m6.fywkuzp.ru 1,632
109.236.85.21 7432 m4.fywkuzp.ru 1,532
217.23.3.15 7432 m13.fywkuzp.ru 1,119
109.236.85.150 7432 m1.fywkuzp.ru 986
109.236.85.154 7432 m5.fywkuzp.ru 971
46.166.173.180 7432 m24.fywkuzp.ru 943
109.236.85.153 7432 m3.fywkuzp.ru 917
109.236.85.135 7432 m2.fywkuzp.ru 840
109.236.87.49 7432 m9.fywkuzp.ru 683
70.36.107.39 7432 m22.fywkuzp.ru 666
75.126.102.251 9529 m9.qjwhpfe.net 344
109.236.85.93 7432 m26.fywkuzp.ru 184
70.36.107.154 7432 m0.fywkuzp.ru 135

In total, there were 9,874 unique IPs that received responses from the C2s on the C2 port for this particular day. Comparing this with other time intervals, we have observed the total number of unique IPs reach as high as 17,979.

There was speculation in the Deep Instinct analysis that a GeoIP filter was being used by the C2s, since researchers were unable to get a response from C2s in certain geographic areas. We were able to get a response from one of the C2s, 70.36.107.154, from an IP located in a different geographic region. Therefore, it is unclear to us if there is any GeoIP filtering taking place. Below is a heatmap showing the concentration of IPs that communicated with the C2s on the C2 port.

heatmap_new.png

Below are the top 10 countries we observed communicating with the C2 on the C2 port on November 10.

Country Number of IPs
Iraq 3,014
Iran 2,788
Argentina 2,602
Russia 1,919
Vietnam 1,786
China 1,202
India 926
Saudi Arabia 914
Chile 844
Egypt 798

When the malware receives a response from the C2, it XORs it with the byte 0xDE. The resulting string contains up to two URLs. Each URL contains an IP and a file ending in .gif. Below is the decoded response we received from the C2.

'\xde\xde\xde\xde\xd6http://138.128.150.133/winme.gif\x00\xde\xde\xde\xde\xd9http://138.128.150.133/winext.gif\x00\xde\xde\xde\xde\xd8'

The malware connects to this downloader IP and executes the downloaded file. The two files we saw in the C2 response were PE32 executables. These downloaded files appear to be modified quite frequently. While the sizes are always the same, we observed that the file hashes change approximately every 30 minutes. We have included the below hashes as examples for further industry analysis.

winme.gif (267776 bytes) 4ca8ef5d00bde49659ca97faf2a2a47445e6a3e82c151f18f0923392826d5af0
winext.gif (180224 bytes) b7245ed896cd4199b410a326e1295aafb3e23c3311d301b1cdaf964cf7c008d9

Through collaboration with Kurt Baumgartner at Kaspersky Lab, we believe we can positively identify the second stage payload as the information stealing Khalesi malware. Using a graph analysis technique to find IPs of interest that communicated with a large number of bots, we were able to identify two downloaders. One of the downloaders, 138.128.150.133, is currently very active and was also the one contained in the response we decoded from the C2. VirusTotal confirms this IP as a malware distribution host. All the URLs associated to this IP have similar names to the ones above ending in .gif and are flagged as Khalesi or Zusy malware. This behavior appears as far back as April.

The other downloader, 38.130.218.117, was active until the beginning of the year. The plot below shows the number of connections to both, with a clear transition of infrastructure occurring at the beginning of the year.

downloader_counts.png

By combining different data sources, such as DNS and Netflow, and using unsupervised clustering and graph analysis techniques, CenturyLink Threat Research Labs has been able to track the bots, C2s and downloaders for the Mylobot botnet. This analysis, performed without access to specific malware samples shows the power that network forensics can play in tracking malicious infrastructure. CenturyLink has blocked this infrastructure on our network to mitigate risk to our customers and notified the owners of any components operating within their environments to clean up and protect the global internet.

IOCs

Known C2 Domains and IPs

46.166.173.180

74.222.19.63

70.36.107.38

74.222.19.103

70.36.107.39

217.23.13.62

89.38.98.48

89.39.107.19

89.39.105.82

109.236.85.147

109.236.85.93

217.23.6.62

109.236.85.135

109.236.85.153

217.23.3.15

109.236.85.150

70.36.107.154

75.126.102.251

109.236.87.49

89.38.98.165

109.236.85.21

109.236.85.154

 

aamsqec.com

aapwdqx.in

aawgiow.biz

acfwftg.com

adbnsrt.me

aekqtdz.org

aemmfiu.cc

afcytwc.com

afgnckn.com

agcdnsk.org

aghpmly.com

agnxomu.com

ahblatp.com

aiejedp.in

aimzxmj.com

ajirkxs.cc

ajqnsrc.com

akjlcbb.com

akpsxcf.com

akscwor.net

alerafn.cc

alidxwr.com

alykwzd.com

amnoboe.com

amrjcad.com

amsdkmt.in

andhttz.com

anksjac.com

antkizk.com

aoofgan.in

aopgwes.cc

apbjhiu.com

apgapmz.biz

apkorcb.com

aqfyrgb.in

aqnepqy.com

aqnlgpx.com

aqokwpj.org

aqphfgh.cc

aqxmfmi.in

aqzwctf.me

ardydzj.in

ashphhp.com

asnycoq.com

asspccy.com

asufqtg.net

asuqjow.in

atfwuia.com

atoifmo.com

atzbggz.com

atznarx.net

aubefwb.net

augplqr.in

awakwuo.net

awdgxjg.com

awgutqp.cc

awsgbxb.net

axikbay.com

aykxbcd.com

aytxmbg.com

azaobrm.com

baouque.me

bbcieyz.net

bbdaowk.com

bbdbwom.com

bbxqxbn.com

bcgzsrx.com

bcolyyp.in

bcpbamn.com

bdhkrzo.net

bdlfrtt.com

bduwxpz.com

bdxykim.com

beokdlr.net

besfalz.com

bfbfkhz.cc

bfrixzs.com

bgcaknx.net

bgmrzxl.me

bgtkuuc.com

bgyunmr.net

bhelhqq.in

bhsexgy.com

bhsfsui.com

bicrxrm.net

biirfry.org

biqbitd.com

bjamaag.org

bjherjm.net

bkoobfl.net

blgujzi.com

blpuwos.biz

bmjzhoy.com

bnwqcxl.com

boazzqu.biz

bolcmuk.net

bosraaa.cc

botbqkh.biz

bpgqgwu.biz

bpjczuy.biz

bpywqfn.cc

bqpthdh.cc

bqrycsh.com

brchily.com

brcttuc.com

brmgkod.com

btbfpuz.com

btytnsr.com

bwmconb.biz

bwqdhue.com

bydnmbu.com

byhmzxm.com

bywycda.net

bzbrwsq.cc

bzeyggq.biz

bzgelji.com

bzjjfrf.org

cafbnqf.org

cbpwhri.me

cbtfylt.me

cceognr.com

ccmebxk.com

ccnmbpx.cc

ccnshks.in

ccxzmma.biz

cdprryx.net

cdyxwya.com

celzwhn.com

ceuhbwj.net

cflefdn.com

cfmxsgh.org

cfopazn.com

cfqryrc.com

channoj.com

chbzsem.com

cijtxig.com

cioufak.org

citfbcb.com

cixfjai.me

cjbjzrn.biz

cjdmbfn.com

cjhthhg.com

cjlheud.com

cjlthgd.com

cjnunpb.net

cjzhqbz.biz

ckjxece.com

cklbjgl.net

cknauue.org

clantln.me

cldbnzm.com

clijdbq.com

clkufmg.me

cnahymy.me

cndfdcu.net

cnoyucn.com

cnqrtay.com

cnusiot.com

cogrjsx.com

cpfsolf.com

cprgggy.in

cqfjzxp.net

crcyiif.com

csdkbuh.com

csekhyk.com

cskhscc.net

csxpzlz.com

ctpugwd.cc

culmkzy.net

cumdoii.me

curxibq.net

curxwrh.net

cwbwlei.com

cwefsaz.com

cwxluaq.com

cxbzucc.in

cxpalfa.com

cygkijf.net

czcgtqi.org

czhilni.com

czlxzql.net

czwaikg.com

dabdtfb.net

dagfzjr.in

dbggepx.com

dbwrtps.com

dcbxlrj.org

dcothzr.biz

dddsorm.me

ddgjwrj.cc

ddjctyf.biz

ddjhlet.biz

ddocmix.com

ddsrubz.com

dfdcjwj.com

dfkkfos.net

dftlmtp.com

dfwpmpm.me

dgeuerk.com

dgpdfxy.net

dgpwxgw.com

djalfei.com

djcxtew.com

djmjwzd.net

dlcmaxq.com

dlfynky.net

dlqmaup.com

dlwmxyd.com

dnkxsay.com

dnxoyku.com

dodbcks.com

doillnj.in

dopxiod.com

dphfhpd.com

dpuayfi.me

dpwqcns.org

dqagyks.com

dqugfga.me

drrfnky.cc

dtchnsu.me

dtljuqw.net

dudccob.in

dufcrun.com

dugheid.com

duwabbh.com

dxqiueu.net

dxzmadd.org

dycdbyk.net

dyopshw.com

dysjtdw.in

dzhyqet.com

dzpacei.me

dzwuxrt.com

eacompz.com

eahqyrh.com

ecdkhxj.com

ecftmll.net

eckyqwb.biz

ecsnmgj.com

edclnay.org

eeakuno.net

eegmqhk.in

eehhbij.in

eemnckg.me

egddlkh.com

egqwdwh.net

egwzuzl.in

ehgeqxn.me

ehmmuub.cc

eicbgmq.com

eiqxhmc.org

eitznua.net

eizcott.in

eizrqdm.com

ejumwfq.biz

ejxqfzs.com

eknjsiu.me

eleaiok.in

emwtlmf.com

ennwaao.biz

enuaepn.biz

eoerkfc.com

epakejl.org

eqesdfs.biz

eqzswxq.com

ercmkzq.cc

erehirz.net

erntxpc.biz

essxwhx.com

estxqdl.in

etqokoh.org

euumwmw.net

euxesgi.com

euygrwb.cc

ewspgaw.cc

exiegzm.org

exrwalq.net

eyjqjpj.me

eypzztn.net

eyskszl.com

ezrkghn.com

ezzpznc.org

fahirqz.biz

fayiadd.com

fbteyne.net

fcglzsx.me

fckoyhl.net

fcryhex.net

fcsyzii.com

fcwhbdf.com

fcyrsbe.com

fegadcn.net

fejydfe.com

feuoadj.biz

ffbfwmj.biz

ffdswwi.com

ffsdtao.com

fjijxch.com

fjpiobz.me

fkjhjnb.com

fkktckb.com

flzcwed.com

fmniltb.com

fmwesgr.com

fnfdjue.com

fnjxpwy.com

fnshrdw.com

fnsitld.in

fofxngn.com

foigwaq.com

fpapfra.com

fpktmtw.com

fptriaj.org

fpwwiem.com

fqnrhrx.biz

fqtbrep.com

frhjtrk.in

ftbupbx.com

fteenfa.cc

fthoaiu.com

ftmuksx.com

ftpiesg.me

ftqalql.org

ftugqid.com

fupppzz.net

fxbmrgm.net

fxlxwxb.net

fxucecy.in

fysauey.me

fywkuzp.ru

fzlbnmm.net

fzypain.com

gaeqkhd.com

gbobrrq.me

gbxswyu.net

gcenjzt.com

gcsrqiy.net

gdeetxd.com

gdgfche.me

gdlsinj.com

gehkfwf.com

gekerie.com

geluhsx.com

geqtaou.biz

gfmmqfa.com

gfpehmx.net

gfyjwdr.com

ggyrlii.biz

ghezfum.com

ghjajna.me

ghludad.com

ghmbjjn.com

ghzqxnm.com

gijnohl.cc

giktmlk.com

giukuxg.me

giuwzmh.net

gjngtcm.net

gjycjdu.com

gkzwzzk.net

glbecnr.com

gmdmpdm.com

gmtdpuo.cc

goaawik.com

goaciqf.com

goccxuw.net

gohlmau.me

gpblzdo.org

gpllaid.com

greqtkj.biz

grsaspj.org

gsjxycs.com

gthdnhx.com

guegyro.com

gumqkle.net

gwoicjd.org

gwoturm.com

gwryfkd.cc

gwtqtsy.com

gwurnyx.biz

gwxitnd.com

gxazatd.com

gyeglsh.cc

gzankeb.com

gzginqi.org

harsnic.biz

hbjwhhn.com

hbrmazu.in

hcatcmd.me

hcbbriu.com

hccohcb.in

hcmcbeu.com

hcmejrf.com

hdmxgll.org

hefxosi.com

herodqa.com

heugeqm.com

hfncugb.com

hfzknql.biz

hgkdndo.in

hhqbikx.com

hidhyef.in

hihrfxy.com

hiixbda.net

hilyudl.in

hiqrgwq.org

hjajzyz.com

hjbotih.cc

hjjorcw.me

hjmbruz.com

hjzosou.com

hkdywjd.in

hkwwrwp.net

hlsbhpf.me

hmyjgpw.net

hnajpls.com

hnjnsfr.com

hnqszgr.biz

hntazys.me

hnwkfmm.com

hoaqbpk.biz

hpeobmp.com

hpqxfes.net

hsoxawm.com

htdenni.org

hubmnyx.org

hwiieod.com

hwzzhlz.com

hxiabno.net

hxpyzdn.com

hyiqppb.com

hywaxgm.com

hzglasg.com

hzkilhz.com

iabgniy.cc

iaerfmr.com

iahnmsj.in

iatuxiz.com

ibdtsff.biz

ibdzief.com

ibpicqg.com

icmkhlh.com

iddzndo.in

idykmzo.com

ietyxrh.biz

iewybck.com

ifmpdod.com

ifxrtcm.com

ifzwmwe.com

igohiao.com

igoxzza.com

igqsnob.me

ihbkbdj.com

ihesocn.com

ihgersr.com

ihmbgfp.net

iimtjwd.com

iisdkda.com

ikfekxi.com

ikgsbac.com

ikhzxwy.in

ilquige.com

imoqhty.me

inkitjf.me

inrwfea.biz

inzgzwn.me

ioalrxm.net

ioamydf.in

iooptqm.com

iowbimu.com

ipgbytl.in

ipsfwrw.com

iqjeetk.com

iqncjxw.com

iqwfmfi.net

irmhpoq.net

irtfzyh.com

itiiuan.in

itnrlax.com

itpkimo.org

itwjrgn.com

itxwspz.net

itzaxrk.biz

iuetoju.com

iwmjrpk.com

iwticym.cc

ixdknwj.org

ixnqjwg.com

iycsbwc.com

iydipho.com

iyeutya.in

iypgdps.com

iypofkc.com

izgbroj.com

izphlan.biz

jagctea.in

jbspqko.biz

jdkwrjb.net

jetbkql.com

jfdfdth.net

jfezcru.cc

jfpfpmd.net

jhaewrm.me

jhpirob.cc

jhzyorn.net

jiawiqf.biz

jimalae.com

jirykbi.org

jjartcm.com

jjipogp.com

jjlgbyd.in

jjmitsd.com

jjnctjd.com

jjwelph.org

jkfuexp.org

jkgncyk.com

jlrylzw.com

jmhwdaa.org

jmqidcg.com

jmqxise.in

jmspwbp.com

jnmdymn.com

jnucpww.net

jodzcxi.com

joeahbq.net

joetqhf.com

joparpd.com

josfmmq.com

jpgfsiu.biz

jqizuas.com

jqjfomk.com

jqlwhsl.com

jqpgxwl.in

jqphuor.in

jqpnnib.com

jqzrapc.com

jqzssja.com

jrkhnqs.com

jrwykxk.com

jsdqdtj.org

jsoderz.com

jsojybj.net

jsqahgh.com

jtalnib.com

jtumdod.com

juukwez.me

jwjcmah.net

jwkqljr.com

jwxofdp.in

jwzsiit.net

jxikhzp.com

jxmlznf.cc

jxpgogd.com

jyxuwax.com

jzlerit.net

jzzoozd.in

kcmpifh.com

kcurbjo.com

kdlclkh.cc

kecwpwu.org

kezkkks.cc

kfpirfg.in

kfxtjzb.biz

khasffr.com

khbutla.cc

khbwzzt.biz

kheytkh.biz

khrebez.com

kiajrcx.com

kitfndb.com

kitxezl.com

kjecppw.cc

kjkdkpj.net

kjoodmh.net

kkaruca.com

kkswpzh.com

klexmkp.com

klrecbw.com

klrfyid.cc

knkyszc.com

knzuwpl.com

koonbqw.com

kozuxqd.biz

kpkzatj.net

kpljbsi.com

kpnjxjh.in

kprnpfi.biz

kpzgczu.net

krcmcmp.com

ksotdcm.cc

kstpcri.org

ksulzbr.com

ktlegmh.com

ktslzhn.com

kuilzqn.com

kuwgxyk.com

kxoxpdw.in

kxttpxp.com

kxwfayj.me

kygixed.me

kymtojq.com

kypnlaa.in

kyyepzh.com

lbkalko.com

lbljgxy.cc

lcjpudf.com

lcptjbn.com

lcsnhgl.com

lcxeyzb.biz

ldjfifi.com

ldwubwd.me

ldxtzjo.com

lefefdg.org

leibqdu.in

lfkjkqh.cc

lfpoolp.biz

lgdlgqy.com

lgnmegh.cc

lgtqugq.com

lgzoido.me

lhajdxx.com

lhsjtcl.com

lhydyta.com

lhyklwh.com

ljnbyzo.net

ljxdqzu.com

ljzpnbc.com

lkubdog.net

lnjkisb.com

lnwugnr.com

locrxea.net

logibrj.com

loqiqat.net

loqnaol.cc

louqzrf.com

lpxlcfw.org

lqfsnws.cc

lqjicwi.com

lqmnwoq.cc

lqsuuke.cc

lsamkrs.com

lsmdgkn.net

lupqxal.org

lwbojdn.com

lwqrwys.in

lwrwkyd.in

lxfibrc.cc

lxwaccq.in

lzafhej.biz

lzcxzes.com

lzkjchn.me

lzpbfmc.in

lzxemfc.com

maabilo.com

mabiaje.me

mamhwke.me

mbdntre.biz

mbksjzr.org

mcidddh.biz

mdcqrxw.com

mdhrfnx.com

mdjedmj.com

mdjlugj.biz

mdxxuif.me

meayart.com

mecbtbw.com

meshzxe.com

mfpbdbc.org

micposd.cc

mihribb.com

mixrlnl.com

mjmhchi.org

mjnmipr.com

mjyaxjr.in

mkeamjf.com

mkerxwn.com

mkfooxg.org

mkgdmpp.in

mkqrmbz.me

mleiwkb.net

mlhxekq.com

mljwibu.cc

mmnpzcp.com

mmrpyku.me

mngbqpz.cc

mnoohua.com

mnykjui.com

mnyqckl.com

mosaefr.cc

motugqw.net

mpcotwy.com

mqnrqbl.in

mqwbebx.com

msjbsiq.com

msnjizy.com

mtcmilr.net

mthsbsq.net

mtwumhu.me

muaejwt.com

muhkpyk.in

mutqwqm.biz

muuiaxf.com

muzrojw.org

mwjlyzj.com

mwlzwwr.biz

mwoapjj.com

mxkrorx.cc

mxsbgyh.cc

mxybawp.cc

myfylks.com

mygceqd.com

myjraqu.net

mynfwwk.com

myylfuf.in

mzrpnxe.biz

naaflwc.cc

napjsdy.com

nbedwwb.in

nbnxlgf.net

nbwwzxe.com

ncjaxwj.com

nclttox.in

ncnijgb.com

ncrejzk.net

nctpkes.com

ndbiier.org

ndctmns.com

nealriz.com

nefqoef.com

neksmnp.com

neuauua.com

nfclmca.me

nflotan.cc

nhlqfaf.com

nhpyige.cc

nilqdqh.com

nimazxz.com

njdpqim.net

njiqnig.com

nkksufy.net

nlnbkdu.in

nmcfaul.org

nmpiido.org

nnbqgxo.cc

nnqjjyp.me

nnryeuh.me

noibocl.com

notwljg.com

nqguhil.com

nqwpgxf.net

nsudurh.com

nsuyguf.com

nsziung.me

Related posts:

  1. It Takes a Village – Collaborative Steps to Breaking Botnets: How Level 3 and Cisco Worked Together to Improve the Internet’s Security and Stop SSHPsychos
  2. Swipe At Your Own Risk: What you need to know to combat Point of Sale malware PoSeidon
  3. A New DDoS Reflection Attack: Portmapper; An Early Warning to the Industry
  4. The Linux Mint Backdoor: How Bad Was It?
0
Shares
  • Share On Facebook
  • Tweet It


CybersecurityLumen


Black Lotus Labs
Author

Black Lotus Labs

The mission of Black Lotus Labs is to leverage our network visibility to help protect customers and keep the internet clean.

Trending Now
Banking and Financial Services: Trends to Look Out For in 2021
Emily Lyons February 24, 2021
It’s Time for the Next Generation of 9-1-1
Michael Zody February 18, 2021
You may also like
How to Get More out of Your WAF with an Integrated Approach
February 18, 2021
New Year’s Resolutions: Exercise, Eat Healthy… Protect Your Data
January 22, 2021
The Reemergence of Ransom-based Distributed Denial of Service (RDDoS) Attacks
January 14, 2021
When Milliseconds Matter, you need the Right Cloud, the Right Network, and the Right Experts
Read Next

When Milliseconds Matter, you need the Right Cloud, the Right Network, and the Right Experts

  • Categories

    Adaptive Networking

    Connected Security

    Hybrid Cloud

    Communications and Collaboration

    Edge Computing


  • Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure platform for applications and data to help businesses, government and communities deliver amazing experiences.

Services not available everywhere. ©2021 Lumen Technologies. All Rights Reserved.
Press enter/return to begin your search