資安威脅趨勢 - 駭客正利用網路監視器與路由器的零時差漏洞來散布Mirai殭屍病毒
駭客正利用網路監視器與路由器的零時差漏洞來散布Mirai殭屍病毒
一、摘要
資安業者Akamai於近期揭露,發現駭客正在利用網路監視器(NVR)與路由器的零時差漏洞來散布JenX Mirai變種病毒,其將受感染的裝置納入可操控的殭屍網路。
二、存在風險
Akamai長期利用誘捕系統來觀察網路上的惡意活動,今年10月下旬起發現小規模且頻率不一的攻擊探測行動,駭客先藉由POST請求以通過身分驗證,成功後再企圖注入命令。
IoC:
C2:
- opewu[.]homes
- wu[.]qwewu[.]site
- dfvzfvd[.]help
- husd8uasd9[.]online
- homehitter[.]tk
- shetoldmeshewas12[.]oss
- shetoldmeshewas12[.]geek
- shetoldmeshewas12[.]pirate
- shetoldmeshewas12[.]dyn
- shetoldmeshewas12[.]libre
- shetoldmeshewas12[.]gopher
- shetoldmeshewas12[.]parody
- shetoldmeshewas13[.]oss
- shetoldmeshewas13[.]geek
- shetoldmeshewas13[.]pirate
- shetoldmeshewas13[.]dyn
- shetoldmeshewas13[.]libre
- shetoldmeshewas13[.]gopher
- shetoldmeshewas13[.]parody
- hujunxa[.]cc
- skid[.]uno
- dogeating[.]monster
- chinkona[.]buzz
- dogeatingchink[.]uno
- infectedchink[.]cat
- infectedchink[.]online
- sdfsd[.]xyz
- gottalovethe[.]indy
- pqahzam[.]ink
- cooldockmantoo[.]men
- chinks-eat-dogs[.]africa
- cnc[.]kintaro[.]cc
- fuckmy[.]site
- fuckmy[.]store
- hbakun[.]geek
- ksarpo[.]parody
- rwziag[.]pirate
- metbez[.]gopher
- rmdtqq[.]libre
- pektbo[.]libre
- mqcgbs[.]gopher
- cbdgzy[.]pirate
- czbrwa[.]geek
- edrnhe[.]oss
- hfoddy[.]dyn
- fawzpp[.]indy
- hxqytk[.]geek
- iaxtpa[.]parody
- mfszki[.]gopher
- qhedye[.]oss
- wnisyi[.]libre
- asdjjasdhioasdia[.]online
- jiggaboojones[.]tech
- dabdd4b5a3a70c64c031126fad36a4c45feb69a45e1028d79da6b443291addb8 arm
- 3f3c2e779f8e3d7f2cc81536ef72d96dd1c7b7691b6e613f5f76c3d02909edd8 arm5
- 75ef686859010d6164bcd6a4d6cf8a590754ccc3ea45c47ace420b02649ec380 arm6
- f8abf9fb17f59cbd7381aa9f5f2e1952628897cee368defd6baa6885d74f3ecc arm7
- 8777f9af3564b109b43cbcf1fd1a24180f5cf424965050594ce73d754a4e1099 kdvrarm7
- ac43c52b42b123e2530538273dfb12e3b70178aa1dee6d4fd5198c08bfeb4dc1 mips
- a4975366f0c5b5b52fb371ff2cb034006955b3e3ae064e5700cc5365f27a1d26 mpsl
- cd93264637cd3bf19b706afc19944dfb88cd27969aaf0077559e56842d9a0f87 nigga.sh
- 8e64de3ac6818b4271d3de5d8e4a5d166d13d12804da01ce1cdb7510d8922cc6 ok.sh
- 35fcc2058ae3a0af68c5ed7452e57ff286abe6ded68bf59078abd9e7b11ea90a ppc
- 7cc62a1bb2db82e76183eb06e4ca84e07a78cfb71241f21212afd1e01cb308b2 sh4
- 29f11b5d4dbd6d06d4906b9035f5787e16f9e23134a2cc43dfc1165127c89bff spc
- cfbcbb876064c2cf671bdae61544649fa13debbbe58b72cf8c630b5bfc0649f9 x86
- a3b78818bbef4fd55f704c96c203765b5ab37723bc87aac6aa7ebfcc76dfa06d mpsl
- ac43c52b42b123e2530538273dfb12e3b70178aa1dee6d4fd5198c08bfeb4dc1 mips
建議改善措施:儘速導入雲智維服務,進行資安威脅情資偵測與聯防,降低企業資安風險