服务器被ddos_国内_温州斗地主高防-墨者安全-墨者盾
DDOS防御_CC防护_高防CDN服务器_【墨者安全】—墨者盾墨者盾—你的网站贴身保镖!

QQ:800185041
高防免费接入:400-0797-119

渠道合作:156 2527 6999

主页 > 高防服务器 > 服务器被ddos_国内_温州斗地主高防

服务器被ddos_国内_温州斗地主高防

小墨安全管家 2021-04-08 10:19 高防服务器 89 ℃
DDoS防御

服务器被ddos_国内_温州斗地主高防

facebook0linkedin0twitter0Reading Time:~ 4分钟Overthe last couple of days,we've been monitoring a persistent attempt to infect tens of thousands of users with malware through a systematic rotation of multiple social engineering themes.啥是所有这些运动在共同的事实,他们分享相同的malicious infrastructure。"Le s profile one of the most recently spamvertised campaigns",CC防御,and expose the cybercriminals'complete portfolio of malicious domains,their related name servers,dropped MD5 and its associated run time behavior.更多细节:Sample screenshot of the spamvertised email:Sample spamvertised compromised URLs:hxp=/2555.ruksadindan.com/page-329.htmhxp=/www.athenassoftware.com.br/page-329.htmhxxp:/www.sweetgarden.ca/page-329.htmhxp=/lab.monohrom.uz page-329.htmhxp=/easy2winpoker.com/page-329.htmhxp=/ideashtor.ru page-329.htmSample client-side exploits serving URL:hxxp+202.72.245.146/8080/forum links/public/。version.phpThe following malicious domains also respond to the same IP(russia.rudekamerionka.ruevskindarka.ru经过honeybunny 同步esigbsoahd.rudmssmgf.ruepianokif.ruelist.ru经过n17t01 同步esekundi.ruegihurinak.ru经过honeybunny 同步经过n17t01 同步efjjdopkam.ru经过n17t01 同步电子邮件epionkalom.ru经过honeybunny 同步俄罗斯你的epilarikko.rudamagalko.ruemalenoko.ruepiratko.ru你的bananamor.rueminakotpr.ru相关的服务(server:ns1.russia.ru85.143.166.174。server:ns2.russia.ru41.168.5.140。server:ns3.russia.ru42.121.116.38。server:ns4.russia.ru110.164.58.250。server:ns5.russia.ru210.71.250.131。server:ns1.dekamerionka.ru62.76.185.169。server:ns2.dekamerionka.ru41.168.5.140。server:ns3.dekamerionka.ru42.121.116.38。server:ns4.dekamerionka.ru110.164.58.250。server:ns5.dekamerionka.ru210.71.250.131。server:ns1.evskindarka.ru85.143.166.174。server:ns2.evskindarka.ru41.168.5.140。server:ns3.evskindarka.ru42.121.116.38。server:ns4.evskindarka.ru110.164.58.250。server:ns5.evskindarka.ru210.71.250.131。server:ns1.经过honeybunny 同步85.143.166.174。server:ns2.经过honeybunny 同步41.168.5.140。server:ns3.经过honeybunny 同步42.121.116.38。server:ns4.经过honeybunny 同步110.164.58.250。server:ns5.经过honeybunny 同步210.71.250.131。server:ns1.esigbsoahd.ru——62.76.40.244server:ns2.esigbsoahd.ru41.168.5.140。server:ns3.esigbsoahd.ru110.164.58.250。server:ns4.esigbsoahd.ru210.71.250.131。server:ns5.esigbsoahd.ru203.171.234.53。server:ns1.dmssmgf.ru62.76.185.169。server:ns2.dmssmgf.ru41.168.5.140。server:ns3.dmssmgf.ru42.121.116.38。server:ns4.dmssmgf.ru110.164.58.250。server:ns5.dmssmgf.ru210.71.250.131。server:ns1.epianokif.ru——62.76.40.244server:ns2.epianokif.ru41.168.5.140。server:ns3.epianokif.ru110.164.58.250。server:ns4.epianokif.ru210.71.250.131。server:ns1.elist.ru——62.76.40.244server:ns2.elist.ru41.168.5.140。server:ns3.elist.ru110.164.58.250。server:ns4.elist.ru210.71.250.131。server:ns1.经过n17t01 同步62.76.185.169。server:ns2.经过n17t01 同步41.168.5.140。server:ns3.经过n17t01 同步42.121.116.38。server:ns4.经过n17t01 同步110.164.58.250。server:ns5.经过n17t01 同步210.71.250.131。server:ns1.esekundi.ru85.143.166.174。server:ns2.esekundi.ru41.168.5.140。server:ns3.esekundi.ru42.121.116.38。server:ns4.esekundi.ru110.164.58.250。server:ns5.esekundi.ru210.71.250.131。server:ns1.egihurinak.ru85.143.166.174。server:ns2.egihurinak.ru41.168.5.140。server:ns3.egihurinak.ru42.121.116.38。server:ns4.egihurinak.ru110.164.58.250。server:ns5.egihurinak.ru210.71.250.131。server:ns1.经过honeybunny 同步85.143.166.174。server:ns2.经过honeybunny 同步41.168.5.140。server:ns3.经过honeybunny 同步42.121.116.38。server:ns4.经过honeybunny 同步110.164.58.250。server:ns5.经过honeybunny 同步210.71.250.131。server:ns1.经过n17t01 同步——62.76.40.244server:ns2.经过n17t01 同步41.168.5.140。server:ns3.经过n17t01 同步110.164.58.250。server:ns4.经过n17t01 同步210.71.250.131。server:ns5.经过n17t01 同步203.171.234.53。server:ns1.efjjdopkam.ru——62.76.40.244server:ns2.efjjdopkam.ru41.168.5.140。server:ns3.efjjdopkam.ru110.164.58.250。server:ns4.efjjdopkam.ru210.71.250.131。server:ns5.efjjdopkam.ru203.171.234.53。server:ns1.经过n17t01 同步——62.76.40.244server:ns2.经过n17t01 同步41.168.5.140。server:ns3.经过n17t01 同步110.164.58.250。server:ns4.经过n17t01 同步210.71.250.131。server:ns5.经过n17t01 同步203.171.234.53。server:ns1.电子邮件——62.76.40.244server:ns2.电子邮件41.168.5.140。server:ns3.电子邮件110.164.58.250。server:ns4.电子邮件210.71.250.131。server:ns1.epionkalom.ru——62.76.40.244server:ns2.epionkalom.ru41.168.5.140。server:ns3.epionkalom.ru110.164.58.250。server:ns4.epionkalom.ru210.71.250.131。server:ns5.epionkalom.ru203.171.234.53。server:ns1.经过honeybunny 同步62.76.185.169。server:ns2.经过honeybunny 同步41.168.5.140。server:ns3.经过honeybunny 同步42.121.116.38。server:ns4.经过honeybunny 同步110.164.58.250。server:ns5.经过honeybunny 同步210.71.250.131。server:ns1.俄罗斯——62.76.40.244server:ns2.俄罗斯41.168.5.140。server:ns3.俄罗斯110.164.58.250。server:ns4.俄罗斯210.71.250.131。server:ns1.你的——62.76.40.244server:ns2.你的41.168.5.140。server:ns3.你的110.164.58.250。server:ns4.你的210.71.250.131。server:ns5.你的203.171.234.53。server:ns1.epilarikko.ru85.143.166.174。server:ns2.epilarikko.ru41.168.5.140。server:ns3.epilarikko.ru42.121.116.38。server:ns4.epilarikko.ru110.164.58.250。server:ns5.epilarikko.ru210.71.250.131。server:ns1.damagalko.ru62.76.185.169。server:ns2.damagalko.ru41.168.5.140。server:ns3.damagalko.ru42.121.116.38。server:ns4.damagalko.ru110.164.58.250。server:ns5.damagalko.ru210.71.250.131。server:ns1.emalenoko.ru——62.76.40.244server:ns2.emalenoko.ru41.168.5.140。server:ns3.emalenoko.ru110.164.58.250。server:ns4.emalenoko.ru210.71.250.131。server:ns1.epiratko.ru85.143.166.174。server:ns2.epiratko.ru41.168.5.140。server:ns3.epiratko.ru42.121.116.38。server:ns4.epiratko.ru110.164.58.250。server:ns5.epiratko.ru210.71.250.131。server:ns1.你的85.143.166.174。server:ns2.你的41.168.5.140。server:ns3.你的42.121.116.38。server:ns4.你的110.164.58.250。server:ns5.你的210.71.250.131。server:ns1.bananamor.ru62.76.186.24。server:ns2.bananamor.ru41.168.5.140。server:ns3.bananamor.ru42.121.116.38。server:ns4.bananamor.ru110.164.58.250。server:ns5.bananamor.ru210.71.250.131。server:ns1.eminakotpr.ru——62.76.40.244server:ns2.eminakotpr.ru41.168.5.140。server:ns3.eminakotpr.ru110.164.58.250。server:ns4.eminakotpr.ru210.71.250.131。server:ns5.eminakotpr.ru203.171.234.53。server:ns1.。server:ns2.。server:ns3.。server:ns4.。server:ns5.。Sample malicious payload dropping URL:hxxp+202.72.245.146/8080/forum links/public/。version.php?mmltejvt=1g:2v:2w&pstvw=3d&xrej=1j:33::Sample client-side exploits served:CVE-2010-0188Upon successful client-side exploitation,防DDoS,the campaign drops MD5:04e9d4167c9a1b82e622e04ad85f8e99–detected by 31 out of 46 antivirus scanners asTrojan.Win32♪♪Yakes.cdxy♪♪Once executed,the sample creates the following Registry Keys:HKEY \ U LOCAL \ u MACHINESYSTEMControl Set001 Control MediResourcesmvideoHKEY \ U LOCAL \ u MACHINESYSTEMCurrentcontrollSetcontrollMediaResourcesmvideoHKEY \CURRENT \U USERSoftwareMicrosoft MultimediaDrawdib和挪移他们在后面的路:[HEY]vga.drv640x480x32)(BGR 0)=31,31,31,31"[HKEY.u CURRENT \u USERSoftwareMicrosoftWindows NTCurrentVersionWinlog]>shell="explorer.exe爱AppData%skype.dat联合国Once executed,DDoS防御,the sample phones back to the following URLs:hxxp:/gpbxn.ru/rzprxtgxtyebms-qtda-nmxt-ndfvohvndd-cbdh-qtorpp-fprg-sdqj-yszh-vnamvylalippykeawkdastfttuky.php*hxp=/jhlxk.su/oyxioyxi-oyxiobcvnosrqrprar-nbjk-ndelquqjoheyowmsndxp-ltwgysxixsnceksdm*u rzbi u aumr-ysix.php*hxp=/gpbxn.ru/itqukqcbkydftmysmrrqfqnbptfpxlyedapffv-uqxfakkoqp-orzmsd-cupz-atqc u ybeh**u ohtfsi-ykjz**u prdmuq-yk.phphxp=/jhlxk.su/cnpmezeamv-kort-ioouäu wkzjvr-alpb-cuqsfv-lipt・u nhuk-jzgx-acix・u abgn-fvca-oept-zhgjtmqtdnkg-pvzo-zauuqk--php*hxp=/gpbxn.ru/rkow-pvpz-turnndgkgnrueglazvrdqmvdhsukkuzjxofuynn-kkhj-wpli-lxca-auwbybppplyjouivno*u xf.phphxp:/jhlxk.su/qnjt-ixjjtixjxyeppoycn-qzgb-gbihspkftiqu-syqtdhxydk???hxxp:/gpbxn.ru/rnnd-gkjkp-phacouypfsrhcawshpi-prmx-nfuyqzdnxopygt-pyko-acus-tugaxfiqegybqcdheabi-zmirikkuli.php/hxp:/jhlxk.su/my-nsoe-exjlbwipnafquq-nbqk-cglx-cexcdaykcn u@baohzaiirkfy-qzdn-gdva**u yhlzif-jtca-cgclrcngpvcxx.php/piqjteitqqqcbyvyteptofxxsyerksrfmvp-jpjxej-uswi-kkjl-xytewpeg

,CC防御


DDoS防御

当前位置:主页 > 高防服务器 > 服务器被ddos_国内_温州斗地主高防

标签列表
DDoS防御
网站分类
X
 

QQ客服

400-0797-119