Please update your browser.

Our site no longer supports this browser. Using another one will help provide a better experience.


We are defenders of a clean internet, proactively disrupting ~150 C2s per month through takedowns and notifications.

We see more, 

so we can stop more.

The Black Lotus Labs® mission is to leverage our network visibility to both help protect your business and keep the internet clean. Follow us on Twitter @BlackLotusLabs®.


  • ~200B+ NetFlow sessions monitored daily
  • ~1B DNS queries collected per day for continuous learning
  • ~46,000 C2s monitored daily


Black Lotus Labs


Windows Subsystem For Linux (WSL): Threats Still Lurk Below the (Sub) Surface

Since our initial report, Black Lotus Labs continues to monitor the WSL attack surface for new developments. In the last few months, we have identified several different samples that indicate the capability is evolving. 

Emotet Redux

Since its re-emergence on 14 Nov. 2021, Black Lotus Labs has once again been tracking Emotet, one of the world’s most prolific malware distribution families which previously infected more than 1.6M devices and caused hundreds of millions of dollars in damage across critical infrastructure, healthcare, government organisations and enterprises around the world.

New Konni Campaign Kicks Off The New Year By Targeting Russian Ministry Of Foreign Affairs

Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federation’s Ministry of Foreign Affairs (MID).

No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders

Black Lotus Labs recently identified several malicious files that were written primarily in Python and compiled in the Linux binary format ELF (Executable and Linkable Format) for the Debian operating system.

ReverseRat Re-emerges with a (Night)Fury New Campaign and New Developments, Same Familiar Side-Actor

After publishing our initial research, we have continued to track this actor and recently uncovered an updated version of the ReverseRat agent, which we are calling ReverseRat 2.0.

Black Lotus Labs® Blog Archive

Read our full archive of blogs to learn more about the threat landscape.

Powered by GlobalLink OneLink SoftwarePowered By OneLink