Shulou(Shulou.com)11/24 Report--

CTOnews.com February 23 news, according to the network security rating company BitSight released data, named "Mylobot" botnet is rampant around the world, recording more than 50000 infected devices every day.

Source: Trend Micro

Cyber security firm Deep Instinct first documented the "Mylobot" botnet in 2018 and discovered it had anti-analytics technology and the ability to download programs.

Black Lotus Labs of tech company Lumen also reported discovering the botnet a few months later, writing in its blog post: "The danger of Mylobot is that it can download and execute any type of payload after infecting the host. This means that it can download any other type of malware at any time, depending on the attacker's wishes."

CTOnews.com with Mylobot botnet related features:

Anti-virtual machines, sandboxes, and debugging techniques

Encapsulate internal code with encrypted resource files

Process following: A security vulnerability in which an attacker deletes code in an executable file and replaces it with malicious code

Reflective EXE: Executes EXE file behavior directly from memory rather than saving it on disk

The proxy C2 IP address that Mylobot mainly uses:

89.39.105.47

89.38.96.140

89.38.96.14

217.23.12.80

178.132.3.12

168.119.15.229

89.38.98.48

49.12.128.181

37.48.112.111

109.236.82.28

49.12.128.180

144.76.8.93

194.88.106.18

95.211.203.197

89.39.104.201

95.168.169.43

95.211.198.102

91.229.23.112

217.23.13.104

95.211.140.149

62.112.11.245

178.132.2.82

116.202.114.236

217.23.12.50

89.39.104.58

89.38.98.47

194.88.105.108

109.236.83.166

109.236.91.239

89.39.107.92

190.2.134.165

217.23.8.12

89.39.104.62

89.39.107.82

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.