xdr33 is a backdoor born from the CIA Hive project, its main purpose is to collect sensitive information and provide a foothold for subsequent intrusions. For network communication, xdr33 uses XTEA or AES algorithm to encrypt the original traffic.

PureCrypter continues to be active this year and has propagated more than 10 other malware families including Formbook, SnakeKeylogger, AgentTesla, Redline, AsyncRAT, and others.

B1txor20 uses DNS Tunnel to establish C2 channel, support direct connection and relay, while using ZLIB compression, RC4 encryption, BASE64 encoding to protect the traffic of the backdoor.

Researchers at 360 Netlab captured samples of different malware families exploiting the Log4Shell vulnerability, including the likes of Muhstik, Mirai, Elknot, SitesLoader, and others.

According to 360 Netlab, so far, EwDoor has undergone three versions of updates, and its main functions can be summarized into two main categories of DDoS attacks and backdoor.

This technique is yet another attempt from the malicious actor to hide control channels to avoid being tracked, monitored, or blocked and it probably has served them well.

According to 360 Netlab researchers, Pink is the largest botnet observed in the last six years. During peak time, it had a total infection of over 1.6 million devices, with 96% located in China.

Mirai_ptea_Rimasuta now has a built-in mechanism to check if the running environment is a sandbox. It also encrypts the network traffic to counter the network level detection.

Mozi uses a robust P2P network structure so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices.

Researchers from 360 Netlab discovered a variant of the Mirai botnet named mirai_ptea was found exploiting a previously unknown vulnerability in KGUARD DVR for launching DDoS attacks.