{"id":60752,"date":"2019-06-03T09:00:32","date_gmt":"2019-06-03T01:00:32","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=60752"},"modified":"2019-08-21T12:45:14","modified_gmt":"2019-08-21T04:45:14","slug":"%e6%83%a1%e6%84%8f%e8%b2%a8%e5%b9%a3%e6%8c%96%e7%a4%a6%e5%ae%b9%e5%99%a8%e9%87%9d%e5%b0%8d%e6%9a%b4%e9%9c%b2api%e7%9a%84docker%e4%b8%bb%e6%a9%9f%ef%bc%8c%e4%b8%a6%e4%b8%94%e7%94%a8-shodan-%e6%89%be","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=60752","title":{"rendered":"\u60e1\u610f\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u5bb9\u5668,\u91dd\u5c0d\u66b4\u9732API \u7684 Docker\u4e3b\u6a5f\uff0c\u4e26\u7528 Shodan \u627e\u51fa\u5176\u4ed6\u53d7\u5bb3\u76ee\u6a19"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"alignleft is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2016\/09\/feature_vul-200x200.jpg\" alt=\"\u00e9\u0080\u0099\u00e5\u00bc\u00b5\u00e5\u009c\u0096\u00e7\u0089\u0087\u00e7\u009a\u0084 alt \u00e5\u00b1\u00ac\u00e6\u0080\u00a7\u00e5\u0080\u00bc\u00e7\u0082\u00ba\u00e7\u00a9\u00ba\u00ef\u00bc\u008c\u00e5\u00ae\u0083\u00e7\u009a\u0084\u00e6\u00aa\u0094\u00e6\u00a1\u0088\u00e5\u0090\u008d\u00e7\u00a8\u00b1\u00e7\u0082\u00ba feature_vul-200x200.jpg\" width=\"179\" height=\"179\"\/><\/figure><\/div>\n\n\n\n<p><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u67b6\u8a2d\u4e86\u4e00\u53f0\u6a5f\u5668\u6a21\u64ecDocker\u4e3b\u6a5f\u4f86\u76e3\u63a7\u91dd\u5c0d<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/container?utm_source=trendmicroresearch&amp;utm_medium=socal\">\u5bb9\u5668<\/a>\u7684\u60e1\u610f\u6d3b\u52d5\uff0c\u9019\u500b\u871c\u7f50\u7cfb\u7d71\u7684\u4e3b\u6a5f\u6709\u8457\u5c0d\u5916\u66b4\u9732\u7684API\uff0c\u9019\u662f<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/security-technology\/container-security-examining-potential-threats-to-the-container-environment\">\u5bb9\u5668\u76f8\u95dc\u5a01\u8105<\/a>\u6700\u5e38\u653b\u64ca\u7684\u76ee\u6a19\u4e4b\u4e00\u3002\u6211\u5011\u7684\u76ee\u6a19\u662f\u900f\u904e\u76e3\u63a7\u871c\u7f50\u7cfb\u7d71\u4f86\u5075\u6e2c\u662f\u5426\u6709\u4eba\u627e\u5230\u5b83\u4e26\u7528\u4f86\u90e8\u7f72\u6709\u554f\u984c\u7684\u5bb9\u5668\uff0c\u6700\u7d42\u5e0c\u671b\u53ef\u4ee5\u627e\u51fa\u653b\u64ca\u7684\u6e90\u982d\u3002\u6211\u5011\u6700\u8fd1\u6aa2\u67e5\u4e86\u871c\u7f50\u72c0\u614b\uff0c\u767c\u73fe\u5df2\u7d93\u6709\u5bb9\u5668\u88ab\u90e8\u7f72\u9032\u53bb\u3002<\/p>\n\n\n\n<p>\u5206\u6790\u871c\u7f50\u7cfb\u7d71\u7684\u65e5\u8a8c\u548c\u6d41\u91cf\u8cc7\u6599\u5f8c\u767c\u73fe\u6b64\u5bb9\u5668\u4f86\u81ea\u540d\u70bazoolu2\u7684\u516c\u958b\uff08\u56e0\u6b64\u53ef\u4ee5\u9023\u4e0a\uff09Docker Hub\u5132\u5b58\u5eab\u3002\u6aa2\u67e5\u4e26\u4e0b\u8f09\u5132\u5b58\u5eab\u7684\u5167\u5bb9\u5f8c\uff0c\u6211\u5011\u767c\u73fe\u5b83\u5305\u542b\u4e869\u500b\u6620\u50cf\uff0c\u88e1\u9762\u542b\u6709\u5ba2\u88fd\u5316shell\u3001Python\u8173\u672c\u3001\u8a2d\u5b9a\u6a94\uff0c\u9084\u6709Shodan\u548c\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\u3002\u8acb\u6ce8\u610f\uff0cDocker\u81ea\u5df1\u4e5f\u767c\u73fe\u4e86\u6b64\u5132\u5b58\u5eab\uff0c\u4e26\u5728\u672c\u6587\u64b0\u5beb\u6642\u5df2\u7d93\u8b93\u5176\u96e2\u7dda\u3002<\/p>\n\n\n\n<p>zoolu2\u5132\u5b58\u5eab\u5167\u7684\u6240\u6709\u6620\u50cf\u90fd\u5305\u542b\u4e86\u9580\u7f85\u5e63\uff08XMR\uff09\u6316\u7926\u7a0b\u5f0f\u3002\u9019\u5f15\u8d77\u4e86\u6211\u5011\u7684\u8208\u8da3\uff0c\u56e0\u70ba\u6211\u5011\u4e4b\u524d\u770b\u904e\u4e86<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/exposed-docker-control-api-and-community-image-abused-to-deliver-cryptocurrency-mining-malware\/\">\u5c07\u5bb9\u5668\u90e8\u7f72\u6210\u7926\u5de5<\/a>\u3002\u6b64\u5916\uff0c\u6709\u4e9b\u6620\u50cf\u5305\u542b\u4e86\u5217\u51fa\u6709\u5c0d\u5916\u66b4\u9732API\nDocker\u4e3b\u6a5f\u7684Shodan\u8173\u672c\uff0c\u6211\u5011\u63a8\u6e2c\u9019\u4e9b\u8173\u672c\u662f\u7528\u4f86\u627e\u51fa\u9032\u4e00\u6b65\u6563\u64ad\u7684\u76ee\u6a19\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-1.png\" alt=\" Figure 1. The zoolu2 Docker Hub repository\"\/><\/figure>\n\n\n\n<p><em>\u57161. zoolu2 Docker Hub<\/em><em>\u5132\u5b58\u5eab<\/em><\/p>\n\n\n\n<!--more-->\n\n\n\n<p><strong>\u90e8\u7f72\u548c\u884c\u70ba<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/Figure-1-Infected-crypto-container.jpg\" alt=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/Figure-1-Infected-crypto-container.jpg\"\/><\/figure>\n\n\n\n<p><em>\u57162. <\/em><em>\u611f\u67d3\u93c8<\/em><\/p>\n\n\n\n<p>\u6211\u5011\u6c7a\u5b9a\u5206\u6790\u9019\u4e5d\u500b\u6620\u50cf\u4ee5\u4e86\u89e3\u66f4\u591a\u8cc7\u8a0a\u3002\u6211\u5011\u767c\u73fe\u9019\u4e9b\u6620\u50cf\u5148\u900f\u904e\u8173\u672c\uff08ubu.sh\uff0c\u5075\u6e2c\u70baPUA.Linux.XMRMiner.AA.component\uff09\u90e8\u7f72\uff0c\u5b83\u6703\u6aa2\u67e5\u6709\u5c0d\u5916\u66b4\u9732API\u7684\u4e3b\u6a5f\u3002\u63a5\u8457\u7528Docker\u547d\u4ee4\uff08POST \/containers\/create\uff09\u9060\u7aef\u5efa\u7acb\u60e1\u610f\u5bb9\u5668\u3002\u6b64\u8173\u672c\u9084\u6703\u5728\u5bb9\u5668\u5167\u555f\u52d5SSH\u670d\u52d9\u4ee5\u63a5\u6536\u9060\u7aef\u9023\u7dda\u3002<\/p>\n\n\n\n<p>\u6b64\u8173\u672c\u63a5\u8457\u6703\u547c\u53eb\u9580\u7f85\u5e63\u6316\u7926\u7a0b\u5f0fdarwin\uff08\u5075\u6e2c\u70baPUA.Linux.XMRMiner.AA\uff09\u5728\u80cc\u666f\u57f7\u884c\u3002\u8ddf\u5176\u4ed6\u7684\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\u4e00\u6a23\uff0c\u5b83\u6703\u5728\u4f7f\u7528\u8005\u4e0d\u77e5\u60c5\u4e0b\u4f7f\u7528\u4e3b\u6a5f\u7cfb\u7d71\u8cc7\u6e90\u4f86\u6316\u6398\u865b\u64ec\u8ca8\u5e63\uff08\u5728\u672c\u6848\u4f8b\u4e2d\u662f\u9580\u7f85\u5e63\uff09\u3002\u6b64\u6b21\u653b\u64ca\u7684\u4e00\u500b\u6709\u8da3\u7279\u9ede\u662f\uff0c\u5b83\u6240\u7528\u7684\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\u662f\u91cd\u65b0\u88fd\u4f5c\u800c\u975e\u4f7f\u7528\u73fe\u6210\u7684\u8edf\u9ad4\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-3.png\" alt=\" Figure 3. Docker image entry calling the coin miner binary (darwin) and then the script to find other misconfigured Docker hubs (rip)\"\/><\/figure>\n\n\n\n<p><em>\u57163. Docker<\/em><em>\u6620\u50cf\u547c\u53eb\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\uff08darwin<\/em><em>\uff09\uff0c\u63a5\u8457\u8173\u672c\u6703\u5c0b\u627e\u5176\u4ed6\u8a2d\u5b9a\u4e0d\u7576\u7684Docker<\/em><em>\u4e3b\u6a5f\uff08rip<\/em><em>\uff09<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-4.png\" alt=\" Figure 4. Cryptocurrency miner binary details\"\/><\/figure>\n\n\n\n<p><em>\u57164. <\/em><em>\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u7a0b\u5f0f\u6a94\u7684\u8a73\u7d30\u8cc7\u8a0a<\/em><\/p>\n\n\n\n<p>\u9019\u500b\u6a94\u6848\u9084\u5305\u542b\u4e86\u7528Shodan API\u4f86\u5c0b\u627e\u5176\u4ed6\u6709\u5c0d\u5916\u66b4\u9732API Docker\u4e3b\u6a5f\u7684\u8173\u672c\uff0c\u4e3b\u8981\u662f\u7528\u201cport:2375+product:Docker\u201d\u67e5\u8a62\u3002\u6211\u5011\u61f7\u7591\u9019\u662f\u627e\u51fa\u53ef\u4f9b\u653b\u64ca\u65b0\u4e3b\u6a5f\u7684\u4e00\u7a2e\u65b9\u6cd5\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-5.png\" alt=\" Figure 5. Code showing the function used to log into Shodan and search for Docker hubs with open default ports\"\/><\/figure>\n\n\n\n<p><em>\u57165. <\/em><em>\u7528\u4f86\u767b\u5165Shodan<\/em><em>\u4e26\u5c0b\u627e\u958b\u555f\u9810\u8a2d\u7aef\u53e3Docker<\/em><em>\u4e3b\u6a5f\u7684\u7a0b\u5f0f\u78bc<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-6.png\" alt=\" Figure 6. Usernames and passwords to be used for brute-force attacks on the open ports found via Shodan search \"\/><\/figure>\n\n\n\n<p><em>\u57166. <\/em><em>\u5c0dShodan<\/em><em>\u641c\u5c0b\u6240\u627e\u5230\u7684\u958b\u653e\u7aef\u53e3\u9032\u884c\u66b4\u529b\u653b\u64ca\u6240\u7528\u7684\u4f7f\u7528\u8005\u540d\u7a31\u548c\u5bc6\u78bc<\/em><\/p>\n\n\n\n<p>\u6211\u5011\u5c0dIP\u5217\u8868\u7528\u9014\u7684\u61f7\u7591\u662f\u6b63\u78ba\u7684\uff1a\u4e00\u65e6\u627e\u5230\u5c0d\u5916\u66b4\u9732\u7684Docker\u4e3b\u6a5f\uff0c\u5c31\u6703\u52a0\u5165\u5217\u8868\uff08iplist.txt\u6587\u4ef6\uff09\u4e2d\uff0c\u8a72\u5217\u8868\u6703\u7528\u4e0d\u91cd\u8907IP\u4f86\u9032\u884c\u6392\u5e8f\u3002\u9084\u6703\u6aa2\u67e5\u76ee\u6a19\u4e3b\u6a5f\u662f\u5426\u5df2\u7d93\u904b\u884c\u4e86\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u5bb9\u5668\uff0c\u5982\u679c\u6709\u5c31\u5c07\u5176\u79fb\u9664\u3002<\/p>\n\n\n\n<p>\u7136\u5f8c\u5b83\u6703\u9023\u5230C&amp;C\u4f3a\u670d\u5668\uff0c\u6839\u64daIP\u5217\u8868\u5c07\u5bb9\u5668\u90e8\u7f72\u5230\u5176\u4ed6\u5c0d\u5916\u66b4\u9732\u7684\u4e3b\u6a5f\u3002\u7136\u5f8c\u7e7c\u7e8c\u91cd\u8907\u524d\u9762\u6240\u63d0\u5230\u7684\u904e\u7a0b\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-7.png\" alt=\" Figure 7. Function to remotely deploy the image as a container \"\/><\/figure>\n\n\n\n<p><em>\u57167. <\/em><em>\u9060\u7aef\u90e8\u7f72\u6620\u50cf\u6210\u5bb9\u5668\u7684\u7a0b\u5f0f\u78bc<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-8.png\" alt=\" Figures 8, 9, and 10. C&amp;C with backup of the scripts and previous search terms.\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-9.png\" alt=\" Figures 8, 9, and 10. C&amp;C with backup of the scripts and previous search terms.\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-10.png\" alt=\"\"\/><\/figure>\n\n\n\n<p><em>\u6ce8\u610f\uff1a\u96d6\u7136\u6709\u4e9b\u53c3\u6578\u5305\u542b\u7279\u5b9a\u5340\u57df\u548c\u7279\u5b9a\u670d\u52d9\uff0c\u4f46\u641c\u7d22Docker API<\/em><em>\u7aef\u53e3\u548c\u7522\u54c1\u6a19\u7c64\u662f\u4e0d\u8b8a\u7684\u3002<\/em><\/p>\n\n\n\n<p><em>\u57168,9<\/em><em>\u548c10. C&amp;C<\/em><em>\u4ee5\u53ca\u8173\u672c\u5099\u4efd\u548c\u4e4b\u524d\u7684\u641c\u5c0b\u5b57\u4e32\u3002<\/em><\/p>\n\n\n\n<p>zoolu2\u6620\u50cf\u7684\u5f8c\u8a2d\u8cc7\u6599\u986f\u793a\u5143\u4ef6\u662f\u57282019\u5e745\u6708\u52a0\u5165\u3002\u4f46\u9019\u53ef\u80fd\u4e0d\u6e96\uff0c\u56e0\u70ba\u6620\u50cf\u6703\u4e0d\u65b7\u5730\u66f4\u65b0\uff0c\u9019\u53ef\u80fd\u4ee3\u8868\u88fd\u4f5c\u6620\u50cf\u7684\u99ed\u5ba2\u6b63\u5728\u52a0\u5165\u66f4\u591a\u7684\u884c\u70ba\u6216\u529f\u80fd\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/05\/infected-cryptominer-shodan-11.png\" alt=\" Figure 11. Deep Discovery\u00e2\u0084\u00a2 Smart Check alert for the SSH key left inside the container for future connections\"\/><\/figure>\n\n\n\n<p><em>\u571611. Deep Discovery Smart Check<\/em><em>\u8b66\u544a\u5bb9\u5668\u5167\u51fa\u73feSSH<\/em><em>\u91d1\u9470\u53ef\u88ab\u9023\u7dda<\/em><\/p>\n\n\n\n<p><strong>\u5efa\u8b70\u53ca\u89e3\u6c7a\u65b9\u6848<\/strong><\/p>\n\n\n\n<p>\u5bb9\u5668\u6280\u8853\u7684\u63a5\u53d7\u5ea6\u8d8a\u4f86\u8d8a\u9ad8\u4e5f\u5c0e\u81f4\u4e86\u76f8\u95dc\u5a01\u8105\u7684\u589e\u52a0\u3002\u9019\u4e9b\u5a01\u8105\u7d93\u5e38\u90fd\u6703\u653b\u64ca\u6210\u529f\uff0c\u4e0d\u50c5\u662f\u7531\u65bc\u5bb9\u5668\u8edf\u9ad4\u51fa\u73fe\u6f0f\u6d1e\uff0c\u800c\u4e14\u9084\u56e0\u70ba<a href=\"https:\/\/redirect.viglink.com\/?format=go&amp;jsonp=vglnk_155789726142311&amp;key=0d3176c012db018d69225ad1c36210fa&amp;libId=jvoocl4n0102jdmu000DAblpnp2vi&amp;subId=f9f1a771608a24e84c49a8532e282dc1&amp;cuid=f9f1a771608a24e84c49a8532e282dc1&amp;loc=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Fexposed-docker-control-api-and-community-image-abused-to-deliver-cryptocurrency-mining-malware%2F&amp;v=1&amp;out=https%3A%2F%2Fwww.trendmicro.com%2Fvinfo%2Fus%2Fsecurity%2Fnews%2Fvirtualization-and-cloud%2F-misconfigured-cloud-services-pose-high-security-risks-for-organizations%2F%3F_ga%3D2.138214640.1536095050.1557801005-94385647.1557215823&amp;ref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%3Fs%3Ddocker&amp;title=Exposed%20Docker%20Control%20API%20and%20Community%20Image%20Abused%20to%20Deliver%20Cryptocurrency-Mining%20Malware%20-%20TrendLabs%20Security%20Intelligence%20Blog&amp;txt=Misconfiguration\">\u8a2d\u5b9a\u4e0d\u7576<\/a>\uff0c\u9019\u5c0d\u7d44\u7e54\u4f86\u8aaa\u662f\u6301\u7e8c\u9762\u81e8\u7684\u6311\u6230\u3002\u5728\u6b64\u60c5\u6cc1\u4e0b\uff0c\u5177\u6709\u5c0d\u5916\u66b4\u9732API\u7684\u4e3b\u6a5f\u4e0d\u50c5\u662f\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u653b\u64ca\u7684\u53d7\u5bb3\u8005 \u2013 \u5b83\u5011\u4e5f\u5354\u52a9\u6563\u64ad\u4e86\u60e1\u610f\u5bb9\u5668\u3002<\/p>\n\n\n\n<p>\u60e1\u610f\u7684\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u6d3b\u52d5\u53ef\u80fd\u6703\u5c0e\u81f4\u7cfb\u7d71\u984d\u5916\u7684\u8cc7\u6e90\u8ca0\u64d4\u3002\u5728\u6b64\u6848\u4f8b\u4e2d\uff0c\u5982\u679cDocker\u4e3b\u6a5f\u662f\u5728\u5167\u90e8\u7db2\u8def\u4e2d\u904b\u4f5c\uff0c\u5247\u53ef\u80fd\u6703\u5f71\u97ff\u5230\u5176\u4ed6\u4e3b\u6a5f\u3002\u53e6\u4e00\u65b9\u9762\uff0c\u5982\u679cDocker\u4e3b\u6a5f\u4f7f\u7528\u7684\u662f\u96f2\u7aef\u670d\u52d9\uff0c\u7d44\u7e54\u4e5f\u53ef\u80fd\u56e0\u70ba\u8cc7\u6e90\u4f7f\u7528\u7387\u8b8a\u9ad8\u800c\u6536\u5230\u984d\u5916\u7684\u8cbb\u7528\u3002<\/p>\n\n\n\n<p>\u70ba\u4e86\u9632\u6b62\u91dd\u5c0d\u5bb9\u5668\u53ca\u4e3b\u6a5f\u7684\u653b\u64ca\u5f71\u97ff\u5230\u958b\u767c\u74b0\u5883\uff0c<a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u5efa\u8b70\u8981\u63a1\u7528\u4ee5\u4e0b\u6700\u4f73\u5be6\u4f5c\uff1a<\/p>\n\n\n\n<ul><li>\u5fc5\u9808\u8981\u6b63\u78ba\u5730\u8a2d\u5b9a\u5bb9\u5668\u548cAPI\u4f86\u78ba\u4fdd\u6b64\u985e\u653b\u64ca\u767c\u751f\u7387\u964d\u5230\u6700\u4f4e\u3002\u9019\u5305\u62ec\u53ea\u80fd\u5f9e\u5167\u90e8\u7db2\u8def\u6216\u53d7\u4fe1\u4efb\u4f86\u6e90\u5b58\u53d6\u5b83\u5011\u3002\u6b64\u5916\uff0cDocker\u4e5f\u63d0\u4f9b\u4e86\u5177\u9ad4\u7684<a href=\"https:\/\/docs.docker.com\/develop\/dev-best-practices\/\">\u6307\u5357<\/a>\u4f86\u5354\u52a9\u4f7f\u7528\u8005\u52a0\u5f37\u5b89\u5168\u9632\u8b77\u3002<\/li><li>Docker\u59cb\u7d42\u5efa\u8b70\u8981\u4f7f\u7528\u5b98\u65b9\u6216\u8a8d\u8b49\u6620\u50cf\uff0c\u78ba\u4fdd\u53ea\u5728\u74b0\u5883\u5167\u904b\u884c\u53d7\u4fe1\u4efb\u7684\u5167\u5bb9\u3002<\/li><li>\u4e0d\u8a72\u7528root\u6b0a\u9650\u904b\u884c\u5bb9\u5668 \u2013 \u61c9\u8a72\u53ea\u80fd\u7528\u61c9\u7528\u7a0b\u5f0f\u4f7f\u7528\u8005\u3002<\/li><\/ul>\n\n\n\n<p>\u4f01\u696d\u9084\u53ef\u4ee5\u8003\u616e\u4f7f\u7528\u5168\u9762\u6027\u7684\u5b89\u5168\u8edf\u9ad4\uff0c\u5354\u52a9\u4ed6\u5011\u5efa\u69cb\u5b89\u5168\u3001\u5feb\u901f\u4ea4\u4ed8\u4e26\u4e14\u96a8\u8655\u57f7\u884c\u3002\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848\u901a\u904e<a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">\u8da8\u52e2\u79d1\u6280HYPERLINK &#8220;https:\/\/t.rend.tw\/?i=Mzc4MQ&#8221;Deep\nSecurity<\/a>\u548c<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=55761\">Deep Security Smart Check<\/a>\u4f86\u70ba<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud\/container.html\">\u5bb9\u5668<\/a>\u52a0\u591a\u4e00\u5c64\u7684\u4fdd\u8b77\uff0cDeep Security\nSmart Check\u53ef\u4ee5\u5728\u90e8\u7f72\u904e\u7a0b\u7684\u4efb\u4f55\u6642\u5019\u6383\u63cf\u5bb9\u5668\u6620\u50cf\u662f\u5426\u6709\u60e1\u610f\u8edf\u9ad4\u6216\u6f0f\u6d1e\uff0c\u5728\u90e8\u7f72\u524d\u9810\u9632\u5a01\u8105\u767c\u751f\u3002<\/p>\n\n\n\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n<table  class=\"wp-block-table table table-hover\" ><tbody><tr><td>\n  <strong>\u8a73\u7d30\u8cc7\u8a0a<\/strong>\n  <\/td><td>\n  <strong>\u96dc\u6e4a\u503c<\/strong>\n  <\/td><td>\n  <strong>\u5075\u6e2c\u540d\u7a31<\/strong>\n  <\/td><\/tr><tr><td>\n  <em>Darwin <\/em><em>\uff08\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u6a94\uff09<\/em>\n  <\/td><td>\n  fb4e9e2e919d2e4cc6d1caa9745df16d65ce87c0ffb9874edf33bc1db1259607\n  <\/td><td>\n  PUA.Linux.XMRMiner.AA\n  <\/td><\/tr><tr><td>\n  <em>ubu.sh<\/em><em>\uff08<\/em>shell\u8173\u672c\uff09\n  <\/td><td>\n  99ec380972a0808ff66c3e9638ea578a5b938cc821df38d2882a3440037994b7\n  <\/td><td>\n  PUA.Linux.XMRMiner.AA.component\n  <\/td><\/tr><\/tbody><\/table>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims\/\">Infected\nCryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use\nShodan to Find Additional Victims<\/a> \u4f5c\u8005\uff1aAlfredo Oliveira\uff08\u8cc7\u6df1\u5a01\u8105\u7814\u7a76\u54e1\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8da8\u52e2\u79d1\u6280\u67b6\u8a2d\u4e86\u4e00\u53f0\u6a5f\u5668\u6a21\u64ecDocker\u4e3b\u6a5f\u4f86\u76e3\u63a7\u91dd\u5c0d\u5bb9\u5668\u7684\u60e1\u610f\u6d3b\u52d5\uff0c\u9019\u500b\u871c\u7f50\u7cfb\u7d71\u7684\u4e3b\u6a5f\u6709\u8457\u5c0d\u5916\u66b4\u9732\u7684API\uff0c\u9019 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[3647,4126],"tags":[4296,3575,3723],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/60752"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=60752"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/60752\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=60752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=60752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=60752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}