酷辣虫

标题: Quick TR069 Botnet Writeup + Triage [打印本页]

作者: 复制你的爱    时间: 5 天前
标题: Quick TR069 Botnet Writeup + Triage
FB7Njar.png (123.12 KB, 下载次数: 2)
  Whois data shows me both domains were registered earlier today.
  [code]$ whois tr069.support
Domain Name: tr069.support  
Domain ID: fec618e5a8fd4ac7bbc5597a04696b08-DONUTS  
WHOIS Server: www.gandi.net/whois  
Referral URL: https://www.gandi.net  
Updated Date: 2016-11-29T10:40:22Z  
Creation Date: 2016-11-29T10:40:22Z  
...[/code]  Conclusion

  There's nothing sophisticated about this malware. It probably doesn't affect your network. But the amount of vulnerable devices on the Internet is something you should give a shit about. This is how botnets happen, and botnets are how big DDoS attacks happen.
  I don't have a Yara signature for this malware because nobody uses Yara on embedded devices.
  My recommendations?
  
   Hit me up on Twitter or shoot me an email if you have any questions. Thanks for reading my post!
  --Andrew








欢迎光临 酷辣虫 (http://www.colabug.com/) © CoLaBug.com