{"id":65401,"date":"2020-08-06T09:00:00","date_gmt":"2020-08-06T01:00:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=65401"},"modified":"2020-08-03T17:33:26","modified_gmt":"2020-08-03T09:33:26","slug":"mirai-%e6%ae%ad%e5%b1%8d%e7%b6%b2%e8%b7%af%e5%8f%af%e8%a2%ab%e7%94%a8%e4%be%86%e9%80%8f%e9%81%8e%e6%bc%8f%e6%b4%9e-cve-2020-5902%e6%94%bb%e6%93%8a%e7%89%a9%e8%81%af%e7%b6%b2%e8%a3%9d%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=65401","title":{"rendered":"Mirai \u6bad\u5c4d\u7db2\u8def\u53ef\u88ab\u7528\u4f86\u900f\u904e\u6f0f\u6d1e CVE-2020-5902\u653b\u64ca\u7269\u806f\u7db2\u88dd\u7f6e"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/03\/Vulnerability-200x125.jpg\" alt=\"\"\/><\/figure><\/div>\n\n\n\n<p>\u81ea\u5f9e\u5169\u500bF5 BIG-IP\u6f0f\u6d1e\u57287\u6708\u7b2c\u4e00\u5468\u88ab<a href=\"https:\/\/support.f5.com\/csp\/article\/K52145254\">\u62ab\u9732<\/a>\u4e4b\u5f8c\uff0c<a href=\"https:\/\/t.rend.tw\/?i=OTQzMw\">\u8da8\u52e2\u79d1\u6280<\/a>\u5c31\u6301\u7e8c\u5730\u76e3\u8996\u4e26\u5206\u6790\u9019\u4e9b\u6f0f\u6d1e\u53ca\u76f8\u95dc\u6d3b\u52d5\u4f86\u9032\u4e00\u6b65\u8a55\u4f30\u5176\u56b4\u91cd\u6027\u3002\u6839\u64da\u5c0d<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-5902\">CVE-2020-5902<\/a>\u6240\u767c\u5e03\u7684\u89e3\u6c7a\u65b9\u6cd5\uff0c\u6211\u5011\u767c\u73fe\u4e00\u500b\u7269\u806f\u7db2\uff08IoT\uff09<a href=\"https:\/\/blog.trendmicro.com.tw\/?s=Mirai&amp;submit=Search\">Mirai<\/a>\u6bad\u5c4d\u7db2\u8def\u4e0b\u8f09\u5668\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70ba<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/trojan.sh.mirai.boi\">Trojan.SH.MIRAI.BOI<\/a>\uff09\u53ef\u4ee5\u88ab\u52a0\u5165\u65b0\u60e1\u610f\u8edf\u9ad4\u4f86\u6383\u63cf\u627e\u51fa\u5c0d\u5916\u66b4\u9732\u7684Big-IP\u88dd\u7f6e\uff0c\u9032\u800c\u5165\u4fb5\u4e26\u9032\u884c\u60e1\u610f\u884c\u70ba\u3002<\/p>\n\n\n\n\n\n<p>\u6211\u5011\u767c\u73fe\u7684\u6a23\u672c\u9084\u6703\u53bb\u653b\u64ca\u5e38\u898b\u88dd\u7f6e\u53ca\u8edf\u9ad4\u6700\u8fd1\u88ab\u62ab\u9732\u800c\u53ef\u80fd\u5c1a\u672a\u4fee\u88dc\u7684\u6f0f\u6d1e\u3002\u5efa\u8b70\u7cfb\u7d71\u7ba1\u7406\u54e1\u548c\u76f8\u95dc\u88dd\u7f6e\u4f7f\u7528\u8005\u8981\u7acb\u5373\u4fee\u88dc\u81ea\u5df1\u7684\u5de5\u5177\u3002<\/p>\n\n\n\n<p><strong>\u884c\u70ba<\/strong><\/p>\n\n\n\n<p>\u5982\u5148\u524d\u6240<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/patch-now-f5-vulnerability-with-cvss-10-severity-score\">\u5831\u5c0e<\/a>\uff0c\u6b64\u5b89\u5168\u6f0f\u6d1e\u662f\u91dd\u5c0dBIG-IP\u6d41\u91cf\u7ba1\u7406\u7528\u6236\u4ecb\u9762\uff08TMUI\uff09\u7684\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\uff08RCE\uff09\u6f0f\u6d1e\u3002\u5206\u6790\u5df2\u767c\u5e03\u7684<a href=\"https:\/\/github.com\/f5devcentral\/f5-azure-saca\/commits\/master\/SACAv2\/STIG\/bigipstig.sh\">\u8cc7\u8a0a<\/a>\u4e4b\u5f8c\uff0c\u6211\u5011\u5f9eApache httpd\u7684\u7de9\u89e3\u898f\u5247\u88e1\u6ce8\u610f\u5230\u4e00\u7a2e\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u505a\u6cd5\u662f\u5728HTTP GET\u8acb\u6c42\u7684URI\u88e1\u5305\u542b\u5206\u865f\u3002\u5206\u865f\u5728Linux\u547d\u4ee4\u4e2d\u4ee3\u8868\u5df2\u5b8c\u6210\uff0c\u9019\u4e5f\u662f\u89f8\u767c\u6f0f\u6d1e\u6240\u9700\u8981\u7684\u5b57\u5143\u3002\u70ba\u4e86\u9032\u4e00\u6b65\u5206\u6790\uff0c\u6211\u5011\u7528\u4e0b\u5217Yara\u898f\u5247\u4f86\u6e2c\u8a66IoT\u6bad\u5c4d\u7db2\u8def\u4f5c\u8005\u662f\u5426\u53ef\u4ee5\u5728\u73fe\u6709\u6216\u65b0\u60e1\u610f\u8edf\u9ad4\u52a0\u5165\u6383\u63cf\u529f\u80fd\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/07\/possible_xpl_yara_rule.png\" alt=\"\"\/><figcaption>\u57161. \u6aa2\u67e5\u60e1\u610f\u8edf\u9ad4\u7528\u7684Yara\u898f\u5247<\/figcaption><\/figure>\n\n\n\n<!--more-->\n\n\n\n<p>\u5118\u7ba1\u6e2c\u8a66\u7528\u898f\u5247\u770b\u8d77\u4f86\u5f88\u7c21\u55ae\uff0c\u4f46\u53ef\u4ee5\u8b93\u6211\u5011\u6aa2\u67e5\u5927\u91cf\u7684\u60e1\u610f\u8edf\u9ad4\u3001Python\u6216Ruby\u6982\u5ff5\u8b49\u660e\uff08PoC\uff09\u7a0b\u5f0f\u78bc\u3002\u5f9e7\u67081\u65e5\u7684\u62ab\u9732\u65e5\u958b\u59cb\uff0c\u6211\u5011\u57287\u670811\u65e5\u767c\u73fe\u4e86\u7b2c\u4e00\u500b\u7de8\u8b6f\u6210MIPS\u67b6\u69cb\u7684ELF\u683c\u5f0f\u6a23\u672c\u4e26\u53d6\u5f97\u5169\u500b\u5730\u5740\uff1ahxxp[:]\/\/79[.]124[.]8[.]24\/bins\/\uff08\u6a19\u8b58\u70ba\u611f\u67d3\u8f09\u9ad4\uff09\u548chxxp[:]\/\/78[.]142[.]18[.]20\uff08\u6a19\u8b58\u70ba\u547d\u4ee4\u548c\u63a7\u5236\uff08C&amp;C\uff09\u4f3a\u670d\u5668\uff09\u3002\u50cfMirai\u9019\u985eIoT\u60e1\u610f\u8edf\u9ad4\u7684\u4e00\u7a2e\u5e38\u898b\u6a21\u5f0f\u662f\u6703\u5728\u7db2\u7ad9\u5167\u8a17\u7ba1\u4e0d\u540c\u526f\u6a94\u540d\u7684\u6a94\u6848\u7528\u4f86\u91dd\u5c0d\u4e0d\u540c\u7684\u8655\u7406\u5668\u67b6\u69cb\u3002\u6aa2\u67e5\u4e3b\u6a5f\u5f8c\uff0c\u6211\u5011\u767c\u73fe\u4e86\u4e0b\u5217\u6a94\u6848\uff1a<\/p>\n\n\n\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td>\u96dc\u6e4a\u503c<\/td><td><strong>\u6a94\u6848<\/strong><\/td><\/tr><tr><td>acb930a41abdc4b055e2e3806aad85068be8d85e0e0610be35e784bfd7cf5b0e<\/td><td>fetch.sh<\/td><\/tr><tr><td>037859323285e0bbbc054f43b642c48f2826924149cb1c494cbbf1fc8707f942<\/td><td>sora.arm5<\/td><\/tr><tr><td>55c4675a84c1ee40e67209dfde25a5d1c1979454ec2120047026d94f64d57744<\/td><td>sora.arm6<\/td><\/tr><tr><td>03254e6240c35f7d787ca5175ffc36818185e62bdfc4d88d5b342451a747156d<\/td><td>sora.arm7<\/td><\/tr><tr><td>204cbad52dde24ab3df41c58021d8039910bf7ea07645e70780c2dbd66f7e90b<\/td><td>sora.m68k<\/td><\/tr><tr><td>3f8e65988b8e2909f0ea5605f655348efb87565566808c29d136001239b7dfa9<\/td><td>sora.mips<\/td><\/tr><tr><td>15b2ee07246684f93b996b41578ff32332f4f2a60ef3626df9dc740405e45751<\/td><td>sora.mpsl<\/td><\/tr><tr><td>0ca27c002e3f905dddf9083c9b2f8b3c0ba8fb0976c6a06180f623c6acc6d8ca<\/td><td>sora.ppc<\/td><\/tr><tr><td>ecc1e3f8332de94d830ed97cd07867b90a405bc9cc1b8deccec51badb4a2707c<\/td><td>sora.sh4<\/td><\/tr><tr><td>e71aca778ea1753973b23e6aa29d1445f93dc15e531c706b6165502d6cf0bfa4<\/td><td>sora.x86<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u88681. C&amp;C\u8a17\u7ba1\u7684\u6a94\u6848<\/p>\n\n\n\n<p>\u9032\u4e00\u6b65\u6aa2\u8996IP\u5730\u5740\u5f8c\uff0c\u6211\u5011\u767c\u73fe\u5b83\u81ea6\u6708\u958b\u59cb\u5c31\u88ab\u7528\u4f86\u90e8\u7f72IoT\u60e1\u610f\u8edf\u9ad4\uff0c\u5305\u62ec\u4e86\u5176\u4ed6Mirai\u8b8a\u7a2e\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/sora-and-unstable-2-mirai-variants-target-video-surveillance-storage-systems\">SORA<\/a>\u5df2\u7d93\u88ab\u6a19\u8b58\u70baMirai\u8b8a\u7a2e\uff0c\u53ef\u4ee5\u7528\u4f86\u9032\u884c\u66b4\u529b\u7834\u89e3\u653b\u64ca\u53ca\u5229\u7528\u5176\u4ed6\u6f0f\u6d1e\u9032\u884cRCE\u548c\u5c0d\u88dd\u7f6e\u9032\u884c\u672a\u7d93\u6388\u6b0a\u7684\u63a7\u5236\u548c\u7ba1\u7406\u3002\u6b64\u5916\uff0cfetch.sh\u662f\u5177\u5099\u4ee5\u4e0b\u5167\u5bb9\u7684shell\u8173\u672c\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"\" alt=\"A screenshot of a computer\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/07\/fetch_sh-CVE20205902-mirai-botnet-exploit-iot-devices-weaponize-attack-devices-scaled.jpg\" alt=\"\"\/><figcaption>\u57162. fetch.sh\u8173\u672c<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>fetch.sh\u6703\u9023\u5230http[:]\/\/79[.]124[.]8[.]24\/bins\/sora.{\u67b6\u69cb}\u4e0b\u8f09\u4e26\u57f7\u884c\u5c0d\u61c9\u7684sysctl\u60e1\u610f\u6a94\u6848\u3002fetch.sh\u540c\u6642\u9084\u6703\u5efa\u7acbcron\u6392\u7a0b\u4f86\u81ea\u52d5\u57f7\u884c\u4e0b\u8f09\u7684\u60e1\u610f\u6a94\u6848\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"\" alt=\"A picture containing orange, sitting, food, people\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/07\/create-cron-jobs.png\" alt=\"\"\/><figcaption>\u57163. \u5efa\u7acbcron\u6392\u7a0b<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\u9019\u500b\u8173\u672c\u6703\u7528iptables\u5c07\u6240\u6709\u9001\u5230\u5e38\u7528TCP\u7aef\u53e3\uff08\u5982Telnet\u3001SSH\u53ca\u88dd\u7f6e\u7db2\u9801\u4e3b\u63a7\u53f0\u6240\u7528\u7684HTTP\u7aef\u53e3\uff09\u7684\u5c01\u5305\u4e1f\u68c4\u3002\u9019\u53ef\u80fd\u6709\u5169\u7a2e\u7528\u610f\uff1a<\/p>\n\n\n\n<ul><li>\u4e0d\u8b93\u5176\u4ed6\u60e1\u610f\u8edf\u9ad4\u80fd\u5920\u9023\u5230\u53d7\u611f\u67d3\u88dd\u7f6e\u7684\u5c0d\u5916\u670d\u52d9<\/li><li>\u8b93\u88dd\u7f6e\u6240\u6709\u8005\u7121\u6cd5\u9023\u4e0a\u7ba1\u7406\u4ecb\u9762<\/li><\/ul>\n\n\n\n<p>\u9019\u4e5f\u8b93\u4eba\u60f3\u5230\u6211\u5011\u6700\u8fd1\u7684<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/internet-of-things\/caught-in-the-crossfire-defending-devices-from-battling-botnets\">\u7814\u7a76\u5831\u544a<\/a>\u4e2d\u63d0\u5230\u63a7\u5236\u76ee\u524d\u9023\u63a5\u7684\u7269\u806f\u7db2\u88dd\u7f6e\u3002<\/p>\n\n\n\n<p>\u5206\u6790\u6bad\u5c4d\u7db2\u8def\u7684x86\u6a23\u672c\u5f8c\uff0c\u6211\u5011\u767c\u73fe\u5b83\u6703\u653b\u64ca\u6709\u6f0f\u6d1e\u7684BIG-IP\u88dd\u7f6e\uff0c\u5411\u53d7\u5bb3\u7aef\u53e3443\/TCP\uff08HTTPS\uff09\u767c\u9001GET\u8acb\u6c42\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"\" alt=\"A screenshot of a social media post\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/07\/bigip-xpl-CVE20205902-mirai-botnet-exploit-iot-devices-weaponize-attack-devices.jpg\" alt=\"\"\/><figcaption>\u57164. GET\u8acb\u6c42\u6703\u653b\u64ca\u6f0f\u6d1eCVE-2020-5902<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\u60f3\u5230\u6b64\u6f0f\u6d1e\u7684\u56b4\u91cd\u6027\uff0c\u53ea\u8981\u5728\u5c0dtmshCmd.jsp\u7684GET\u8acb\u6c42\u88e1\u52a0\u5165\u5e36\u6709\u6b63\u78baID\u8def\u5f91\u7684\u547d\u4ee4\u53c3\u6578\u53ef\u4ee5\u5728\u53d7\u611f\u67d3\u88dd\u7f6e\u4e0a\u9060\u7aef\u57f7\u884c\u547d\u4ee4\u3002<\/p>\n\n\n\n<p><strong>\u5176\u4ed6\u906d\u53d7\u653b\u64ca\u7684\u6f0f\u6d1e<\/strong><\/p>\n\n\n\n<p>\u9032\u4e00\u6b65\u6aa2\u67e5\u9019\u500b\u8b8a\u7a2e\u5f8c\uff0c\u6211\u5011\u9084\u767c\u73fe\u5b83\u6703\u5c0d\u96a8\u6a5f\u751f\u6210\u7684\u76ee\u6a19\u5617\u8a66\u653b\u64ca\u6700\u8fd1\u62ab\u9732\u7684\u6f0f\u6d1e\u3002\u5e95\u4e0b\u662f\u6b64\u8b8a\u7a2e\u6240\u4f7f\u7528\u6f0f\u6d1e\u653b\u64ca\u7684\u5b8c\u6574\u5217\u8868\uff1a<\/p>\n\n\n\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td><strong>\u88dd\u7f6e<\/strong><\/td><td><strong>\u6f0f\u6d1e<\/strong><\/td><td><strong>CVE<\/strong><strong>\u7de8\u865f<\/strong><\/td><\/tr><tr><td>Apache Kylin 3.0.1<\/td><td>\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e<\/td><td><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-1956\">CVE-2020-1956<\/a><\/td><\/tr><tr><td>Aruba ClearPass Policy Manager 6.7.0<\/td><td>\u672a\u7d93\u6388\u6b0a\u9060\u7aef\u547d\u4ee4\u57f7\u884c<\/td><td><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-7115\">CVE-2020-7115<\/a><\/td><\/tr><tr><td>Big-IP 15.0.0 &lt; 15.1.0.3 \/ 14.1.0 &lt; 14.1.2.5 \/ 13.1.0 &lt; 13.1.3.3 \/ 12.1.0 &lt; 12.1.5.1 \/ 11.6.1 &lt; 11.6.5.1<\/td><td>TMUI\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c<\/td><td><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-5902\">CVE-2020-5902<\/a><\/td><\/tr><tr><td>Comtrend VR-3033<\/td><td>\u547d\u4ee4\u6ce8\u5165<\/td><td><a href=\"https:\/\/www.exploit-db.com\/exploits\/48142\">CVE-2020-10173<\/a> &nbsp;<\/td><\/tr><tr><td>HP LinuxKI 6.01<\/td><td>\u9060\u7aef\u547d\u4ee4\u6ce8\u5165<\/td><td><a href=\"https:\/\/packetstormsecurity.com\/files\/157739\/HP-LinuxKI-6.01-Remote-Command-Injection.html\">CVE-2020-7209<\/a> &nbsp;<\/td><\/tr><tr><td>Tenda AC15 AC1900<\/td><td>\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c<\/td><td><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-10987\">CVE-2020-10987<\/a><\/td><\/tr><tr><td>Nexus Repository Manger 3<\/td><td>\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c<\/td><td><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-10204\">CVE-2020\u201310204<\/a><\/td><\/tr><tr><td>Netlink GPON Router 1.0.11<\/td><td><a href=\"https:\/\/www.exploit-db.com\/exploits\/48225\">\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c<\/a><\/td><td>N\/A<\/td><\/tr><tr><td>Netgear R7000 Router<\/td><td><a href=\"https:\/\/blog.grimm-co.com\/2020\/06\/soho-device-exploitation.html\">\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c<\/a><\/td><td>N\/A<\/td><\/tr><tr><td>Sickbeard 0.1<\/td><td><a href=\"https:\/\/www.exploit-db.com\/exploits\/48646\">\u9060\u7aef\u547d\u4ee4\u6ce8\u5165<\/a><\/td><td>N\/A<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u88682. \u5176\u4ed6\u6a23\u672c\u6240\u7528\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc<\/p>\n\n\n\n<p><strong>\u7d50\u8ad6\u548c\u5b89\u5168\u5efa\u8b70<\/strong><\/p>\n\n\n\n<p>F5 Networks\u6eff\u8db3\u8a31\u591a\u4f01\u696d\u7684\u7db2\u8def\u8a2d\u5099\u9700\u6c42\uff0cBIG-IP\u66f4\u662f\u653f\u5e9c\u548c\u4f01\u696d\u6700\u5e38\u7528\u7684\u7522\u54c1\u4e4b\u4e00\uff0c\u7279\u5225\u662f\u73fe\u5728\u7a81\u7136\u5f97\u5728\u5bb6\u5de5\u4f5c\u7684\u60c5\u6cc1\u4e0b\u3002\u9019\u500b\u6f0f\u6d1e\u5f71\u97ff\u4e86\u5927\u91cf\u7684\u7522\u54c1\u53ca\u7248\u672c\uff0c\u5305\u62ec\u6f0f\u6d1e\u62ab\u9732\u6642\u6700\u65b0\u767c\u8868\u7684\u7522\u54c1\u548c\u7248\u672c\u3002CVE-2020-5902\u5728\u901a\u7528\u6f0f\u6d1e\u8a55\u5206\u7cfb\u7d71\uff08CVSS\uff09v3.0\u6f0f\u6d1e\u7b49\u7d1a\u4e2d\u8a55\u7d1a\u70ba10\u5206\uff0c\u800c\u4e14\u76f8\u7576\u5bb9\u6613\u88ab\u6feb\u7528\u4e26\u9032\u884c\u81ea\u52d5\u5316\u653b\u64ca\u3002\u800c\u4e14\u5b83\u4e0d\u9700\u8981\u5e33\u5bc6\u6216\u9032\u968e\u7684\u7a0b\u5f0f\u80fd\u529b\u5c31\u53ef\u4ee5\u5229\u7528\u3002<\/p>\n\n\n\n<p>\u4e0d\u904eF5\u5df2\u7d93\u767c\u8868\u4e86\u5167\u5bb9\u8a73\u76e1\u7684\u7de9\u89e3<a href=\"https:\/\/support.f5.com\/csp\/article\/K52145254\">\u6b65\u9a5f<\/a>\u4f86\u5c01\u9396\u5305\u542b\u5206\u865f\u7684\u8acb\u6c42\u3002\u6b64\u5916\uff0c\u96d6\u7136\u5728\u9810\u8a2d\u60c5\u6cc1\u4e0b\u7ba1\u7406\u4ecb\u9762\u4e0d\u6703\u5c0d\u5916\u66b4\u9732\uff0c\u4f46\u6211\u5011\u7684Shodan\u6383\u63cf\u986f\u793a\u7dda\u4e0a\u7d04\u67097,000\u500b\u66b4\u9732\u7684\u4e3b\u6a5f\uff08\u53ea\u7b97\u9032\u8046\u807d\u5728\u7aef\u53e3443\u548c8443\u7684\u4e3b\u6a5f\uff09\u3002\u9019\u88e1\u7684\u201c\u66b4\u9732\u201d\u6307\u7684\u662f\u53ef\u7d93\u7531\u7db2\u969b\u7db2\u8def\u5b58\u53d6\u7684\u4e3b\u6a5f\uff0c\u4e26\u4e0d\u78ba\u5b9a\u662f\u5426\u6709\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p>\u610f\u8b58\u5230\u6b64\u6f0f\u6d1e\u7684\u56b4\u91cd\u6027\uff0c\u7f8e\u570b\u7db2\u6230\u53f8\u4ee4\u90e8\u5728\u62ab\u9732\u5f8c\u4e09\u5929\u767c\u8868\u4e86\u4e00\u5247<a href=\"https:\/\/twitter.com\/CNMF_CyberAlert\/status\/1279151966178902016\">\u63a8\u6587<\/a>\uff0c\u5efa\u8b70\u7acb\u5373\u4fee\u88dc\u8a72\u6f0f\u6d1e\u3002\u8003\u616e\u5230\u8a72\u6f0f\u6d1e\u7684\u62ab\u9732\u65e5\u671f\u53ca\u958b\u767c\u6f0f\u6d1e\u653b\u64ca\u78bc\u6700\u591a\u9700\u8981\u82b1\u8cbb\u7684\u6642\u9593\uff0810\u5929\uff09\uff0c\u99ed\u5ba2\u5011\u61c9\u8a72\u6b63\u5728\u5bc6\u5207\u95dc\u6ce8\u6700\u65b0\u7684\u62ab\u9732\u548c\u5831\u544a\u4f86\u88fd\u4f5c\u81ea\u5df1\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc\u3002\u5118\u7ba1\u6709\u4e9b\u53ea\u662f\u5728\u90e8\u843d\u683c\u6587\u7ae0\u88e1\u8a0e\u8ad6\u800c\u6c92\u6709\u516c\u958b\u6f0f\u6d1e\u653b\u64ca\u78bc\uff0c\u4e0d\u904e\u9019\u4e9b\u99ed\u5ba2\u77e5\u9053\u4e86\u5169\u4ef6\u4e8b\uff1a\u9996\u5148\uff0c\u5ee0\u5546\u5c1a\u672a\u63d0\u51fa\u76f8\u61c9\u7684\u4fee\u88dc\u7a0b\u5f0f\uff1b\u5176\u6b21\uff0c\u7cfb\u7d71\u7ba1\u7406\u54e1\u5728\u9019\u6bb5\u6642\u9593\u5167\u4e26\u672a\u4e0b\u8f09\u4e26\u90e8\u7f72\u767c\u5e03\u7684\u4fee\u88dc\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<p>\u7cfb\u7d71\u7ba1\u7406\u54e1\u548c\u8cc7\u5b89\u5718\u968a\u53ef\u4ee5\u900f\u904e\u4e0b\u5217\u7684\u6700\u4f73\u5be6\u4f5c\u4f86\u4fdd\u8b77IoT\u88dd\u7f6e\u62b5\u79a6\u9019\u4e9b\u985e\u578b\u7684\u5a01\u8105\uff1a<\/p>\n\n\n\n<ul><li>\u6301\u7e8c\u95dc\u6ce8\u5ee0\u5546\u767c\u5e03\u7684\u7248\u672c\u4f86\u78ba\u4fddIoT\u88dd\u7f6e\u904b\u884c\u6700\u65b0\u7248\u672c\u7684\u97cc\u9ad4\u3002<\/li><li>\u4f7f\u7528\u865b\u64ec\u5c08\u7528\u7db2\u8def\uff08VPN\uff09\u4f86\u9632\u6b62\u7ba1\u7406\u4ecb\u9762\u76f4\u63a5\u66b4\u9732\u5728\u7db2\u969b\u7db2\u8def\u4e0a\u3002<\/li><li>\u5229\u7528\u7db2\u8def\u5206\u6bb5\u4f86\u9650\u5236\u611f\u67d3\u6563\u64ad\u4e26\u4e14\u8a2d\u5b9a\u597d\u88dd\u7f6e\u7684\u5b89\u5168\u8a2d\u5b9a\u3002<\/li><li>\u78ba\u4fdd\u90e8\u7f72\u4e86\u5177\u5099\u826f\u597d\u7684\u7db2\u9801\u61c9\u7528\u7a0b\u5f0f\u9632\u706b\u7246\uff08WAF\uff09\u7684\u7db2\u8def\u6d41\u91cf\u76e3\u63a7\u53ca\u5075\u6e2c\u7cfb\u7d71\u3002\u9019\u6a23\u80fd\u5920\u76e3\u63a7\u57fa\u6e96\u7dda\u548c\u7570\u5e38\u4f7f\u7528\u7bc4\u570d\u4f86\u4fdd\u8b77\u53ef\u5728\u7dda\u5b58\u53d6\u7684\u7ba1\u7406\u4ecb\u9762\u3002<\/li><li>\u5b89\u88dd\u591a\u5c64\u6b21\u4fdd\u8b77\u7cfb\u7d71\u4f86\u5075\u6e2c\u3001\u5c01\u9396\u548c\u9632\u6b62\u5982\u66b4\u529b\u7834\u89e3\u653b\u64ca\u4e4b\u985e\u7684\u5a01\u8105\uff0c\u9019\u4e9b\u5a01\u8105\u80fd\u5920\u6feb\u7528\u6b64\u985e\u5b89\u5168\u6f0f\u6d1e\u4f86\u9032\u884c\u5165\u4fb5\u3002<\/li><\/ul>\n\n\n\n<p>\u9023\u7db2\u8a2d\u5099\u9084\u53ef\u4ee5\u900f\u904e<a href=\"https:\/\/t.rend.tw\/?i=OTI5OQ\">\u8da8\u52e2\u79d1\u6280\u667a\u6167\u7db2\u5b89\u7ba1\u5bb6 Trend Micro Home Network Security (HNS)<\/a><\/p>\n\n\n\n<p>\u9019\u6a23\u7684\u5b89\u5168\u89e3\u6c7a\u65b9\u6848\u4f86\u7372\u5f97\u9632\u8b77\uff0c\u9019\u4e9b\u8edf\u9ad4\u80fd\u5920\u6aa2\u67e5\u8def\u7531\u5668\u8207\u6240\u6709\u9023\u63a5\u8a2d\u5099\u9593\u7684\u7db2\u8def\u6d41\u91cf\uff0c\u5e6b\u52a9\u4f7f\u7528\u8005\u8a55\u4f30\u6f0f\u6d1e\u72c0\u6cc1\u3002<\/p>\n\n\n\n<p><strong>\u5165\u4fb5\u6307\u6a19\uff08IoC<\/strong><strong>\uff09<\/strong><\/p>\n\n\n\n<p>\u8acb\u5728<a href=\"https:\/\/documents.trendmicro.com\/assets\/IoCs_Appendix_Mirai-Botnet-Exploit-Weaponized-to-Attack-IoT-Devices-via-CVE-2020-5902.pdf\">\u6b64\u8655<\/a>\u4f86\u67e5\u770b\u5b8c\u6574\u7684IoC\u5217\u8868\u3002<\/p>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/mirai-botnet-exploit-weaponized-to-attack-iot-devices-via-cve-2020-5902\/\">Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902<\/a> \u4f5c\u8005\uff1aFernandoMerc\u00eas\uff08\u9ad8\u7d1a\u5a01\u8105\u7814\u7a76\u54e1\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u81ea\u5f9e\u5169\u500bF5 BIG-IP\u6f0f\u6d1e\u57287\u6708\u7b2c\u4e00\u5468\u88ab\u62ab\u9732\u4e4b\u5f8c\uff0c\u8da8\u52e2\u79d1\u6280\u5c31\u6301\u7e8c\u5730\u76e3\u8996\u4e26\u5206\u6790\u9019\u4e9b\u6f0f\u6d1e\u53ca\u76f8\u95dc\u6d3b\u52d5\u4f86\u9032\u4e00\u6b65\u8a55\u4f30 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[1723,1335,11],"tags":[3088,23,1593],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/65401"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=65401"}],"version-history":[{"count":1,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/65401\/revisions"}],"predecessor-version":[{"id":65402,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/65401\/revisions\/65402"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=65401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=65401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=65401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}