Kaiji僵尸网络重出江湖,Ares黑客团伙浮出水面?(5)
时间:2023-03-03 01:14 来源:网络整理 作者:默认发布 点击:次
4.2 开启 httpd 服务 Moobot_jack5tr 运行后会开启一个随机 httpd 端口并将端口信息上传C2,该端口用于继续传播样本,简要来说就是开启了一个mini的web服务,将失陷主机用于样本传播的节点之一:4.3 通信协议 Moobot_jack5tr 的通信协议及其他功能与Moobot_Xor 基本保持一致,上线包依旧是 "33 66 99" 这三个字节。5. IoCs MD5:EB33936E405C636CDA405F9D8EB8A5EC 4C49020AA15D1C8830BBDAAB504F0FF1 0AD295E94B262DD3A1C52BFBD028F954 FA9F27C7E1CBD0B6EF96F5E43792E195 C12BCA1EF3EFF76DA18989BE0C237B5B A7124B85C126414AD96ED0143B827B55 A3A697C0E2B18D9CCD53B8FB77BB4176 A2966E013D93A6080EE2795118BCD518 4F8AF0DF4B45FD6A891AB3D1330285B2 7077D4E803FBC23E221FB0E381A3EBDF B20370C5A3747DB5CDF27C1FF2E4B3B7 C&C: Moobot_jack5tr: 104.244.76.7: 56999 s7.backupsuper.cc:56999 vds.hostlookl.cc:56999 adsl.testapiss.online:56999 gang.monster:56999 control.rawrgaming.icu:56999 Kaiji_pro: llkh.net 998n.f3322.net 23.224.143.170:8000 193.29.15.178:19329 193.29.15.178:32677 205.185.117.18:8080 104.218.236.103:32677 163.197.248.66:8888 205.185.117.18:8888 23.224.143.170:8888 (责任编辑:admin) |