Zi 字媒體

2017年7月31日至8月06日，國家互聯網應急中心通過自主監測和樣本交換形式共發現91個竊取用戶個人信息的惡意程序變種，該類病毒通過簡訊進行傳播會私自竊取用戶簡訊和通訊錄，對用戶信息安全造成嚴重的安全威脅。01樣本惡意行為分析1）運行后隱藏安裝圖標,同時誘騙用戶點擊激活設備管理器功能，導致用戶無法正常卸載；2）私自向黑客指定的手機號發送提示簡訊，「軟體安裝完畢\n識別碼：IMEI號碼，型號，手機系統版本」和「激活成功」；3）私自將用戶手機里已存在的所有簡訊和通訊錄上傳至指定的郵箱；4）私自接收指定手機號碼發來簡訊控制指令，執行控制指令內容;5) 私自將用戶接收到新的簡訊轉發至指定的手機號，同時在用戶的收件箱中刪除該簡訊。02樣本惡意數據共享2.1 本次事件涉及的惡意程序變種文件MD5信息分別如下:樣本MD5程序名稱9F7FAD92BAD277508056AE28353B19C9資料圖片C91FC3BF46785E632E07F1635DBE8A90資料圖片6AD963A390BA47D7F0694B3906A10E0E影集36C99C5764DAE8BEB44C9297C6B00D20影 集6DAD9ABDA9BB5CDEC20D4FCE6EA0053D樣板7F9EBFEEB9B2740F6AB0D2EE7C8061C8樣板8D4B96BFBF9986CB509C4A3013AD6C65樣板9E3A10CF632BE36E656CF004BD815E2B學習信息表3640BD09BD7858C153E5260B64ACC67E學生檔案6AC9BDAC155D9928668835C138DC020C學生檔案621551F77126F202D59C4BD4EB094821新的影集A8CBE405C77BE8B760E2415BB42D7C7E新的影集35B5E6E7CE8CA0A9CB9F7A858CA294B2相片8D31B8304635651851C05FC866BA2DCC相片25BE4FB3510DCAEE096429705AFD140C相冊27A3352D871F4AB5326992FF046D794A相冊6D4BE36A05CD70037CFE9E2039EF1D5F相冊63100097F2096E7D7C5E80046A33736C5285D6BB86C9B839E65E0D9E20FBCB19通訊名錄8C6DD755089DC3EDF20A822EA3A0E2BE通訊名錄6918301BBEFFFA9255D9819689BC4AC7體檢報告單97C75BDC0C955DD484194C895449989E體檢報告單042CE2537CD239D6BB45B584449456D3視頻25AD80AC5EBF63CF804F4583447B0EFB視頻25DB66C001AA3645B1A65B056AFDF927視頻28AEDB6956A71A300B47FEE17DA13314視頻28AF133D4FB7172375321AF3BF8E8C4A視頻31A2D1598BFF7939D90CC6BF7F258B8B視頻31EBA4F4FABD5F164D3727D3356FE1A1視頻40B64312B7AB0E0478EA9BF1C08981E6視頻40DBCB1436B69CCA404C2056439C5B24視頻40F09DADC628F41AF3FD1B21C2510BA5視頻41E265EE662AE88A12E6263DE7EFFFAD視頻57C56B466CC0C6BD1048396D4104A0B3視頻6DA944700ED48819F5BEA84520D8B3BA視頻7ED3A79B26A2E0B60798A2FA95674984視頻7ED3E9C569E7BE23D719F523CE867A02視頻7EE3CCFB94027348F4D838AA4A2955C2視頻7F1D091D78313B445FA66AB3360D2726視頻7F5D4FF15A83491AF906ADF2D15638AE視頻8C93DF6AE706D0E39E0D746D4991EB7D視頻8E52B51CB9840F4A39CE57DDFBEA58EA視頻8E87007E41A92C1D8BE8720B81BF37E8視頻8FB9554056E0D1AC3DE80B7454F89D80視頻9E5E2FBC16A2D3FB5F9497DA060526FF視頻9EAA43FBE61BA3B7A40126222ADEF757視頻9F5B2F2D2C2318B0C55557926AEE3EA4視頻186570A7A108DBB9D0B06EEE08CD80D6錄像26F29E50756F99E12A1B224F320B26C8錄像26FF9461E707C14552EB670578A12D75錄像28CFDD03425567DA069B0383A95286C8錄像32AD3FD0E347DA3F624F7D6D9B8BE3FC錄像34CF0250DBCC5D94F99FA3018584D4A5錄像39EF5EBEF31F64903FC960CFAFD3026A錄像42E7D933D3C46AF27EC5DF1B7E30A6C9錄像6A7C290FFA8697DD79625565A84576BC錄像6AAA06EC0995AFA40524A8482DB6B76F錄像6ACEDDC027160CA7C6155E4BED84E198錄像6AE5B5101223F6AF622A4B4E603D3853錄像6D7DAA5ABF08E04A28822F69CA5252B9錄像7CD3FDA4328C8AE6D4C8AFFDCF8C5E5F錄像7CEB86E209074DAE0366A093D8F04FFA錄像7EEE6B1F7AC36AB550BF32E6DE61540A錄像7FA2AF81B583057286C078F04D0EC2A6錄像8C7807C23726D8BC98942F3E166551FF錄像8D542309AAB68A55FB7C06453EF78668錄像8D73DE65871C3FA55E9DBCDF2752C0BA錄像8F823A8301A0BCFBD941074033DC80F0錄像8FAB017301A25C7923598EB53ADCCC1C錄像8FEEDC95EA4AB72E0A22DD5228AAF237錄像8FFEEDB7176355A5BE5A9EDA586B8C2C錄像9ED2F98DAE3CE708860EE5E2FAF65C89錄像B2D4B257B88F50A98F5870B031072C6E錄像32B07550525B581FC7D4EA182B28754E錄 像33EDA173CA56EE7F24EE16CA4CFCB4AE錄 像36A9AE45DFD20451461CB06B92D022C0錄 像38A882FCFFDE9A0A5A00FC2BCEF17DC4錄 像38B14CF869629CE7B851FAED7A43B344錄 像40CB33A786412A7EA7A5EA79426A23AF錄 像4D804CD5D14CF920C443A6A190473FE3錄 像8D2DDC919DE4EE3810ECC8D2E5CBD566錄 像8D835458A9B5E733AB94600041E597F7錄 像9A000D6D1A62A783BE1D461B3F5F754A錄 像39DDF922DD3083BEB342EA22EB0FBF12紀念冊41C0A4227B82BC4C62D4E45CCCC17D23紀念冊59A64600BE9D8AA9BEED04C1EBF0EC66紀念冊6C542A8F429CF6B4C3697DB5E2043E36積分客戶端353D648E27CFF70FA597D00865A4501B回憶過去7FA9EA62F803A3D3BE2B0B2313194F82回憶過去10D26A73916C8992187DFC30D448E98F工行手機控制項6A9F4F1E0A8B04E72E91093DEF26475DAndroid2.2 本次事件威脅安全的郵箱賬戶MD5信息分別如下:郵箱賬戶MD5郵箱服務商1945CDA187AC083242E560C064172515126郵箱88E5DF272F5A73FAAB280D7BBF1247E8163VIP郵箱50BBC2BE9BD10399A1625017D3019B8F163郵箱04362CA2D6793BBF90495C6A48B323F3163郵箱2A93210126A703637FF98F655BDDB58D163郵箱F497998B04C9DC15F656FBEC464ACCA2189郵箱967709BEE062227E185AE9990AD2594D189郵箱A1BD79FD35FF96D6312F2CE7A086FD7F189郵箱E79E621EF09E97AB3C5A547B57C4EC36189郵箱C08298FF47AD90B7192B45FBCE0521FD189郵箱6575681C237B43600C2632696F004E33189郵箱FADBB59D8C1F286E201892FD35F4AFD3189郵箱4340EB06F8CEC91023994E0A7B71076A189郵箱C480040B968043B10250CC179A156A45189郵箱E6850F28E0EAEEB494EF9A624FA602CA189郵箱A1766B22BBB3DE33D16B4B2E54321B81189郵箱E62D5D39AD246652C396ABF4E6BF9962189郵箱ED7AC9FBD5674BDFF4DE4FFEBD06F65B189郵箱8C4E37984FFA93E48A5C5C5BB175F5F3189郵箱021B89DE301D89A96107B12F29900037189郵箱E72AC985A0E959B77B1FAC0EB78EA258189郵箱EBF4298D76B050FD41C14B9797FD1BEB189郵箱AE8054C61785105729D31BA0C879D9CC189郵箱119E085BD4153633F88DE14C68771F8D189郵箱AB94E44140AC67804A08AAEE838F9A1D189郵箱2C5E97A2BC41257F4BF5F5D509A1B4A4189郵箱50C4086695179C086199F08242644238189郵箱FD65A847957343AEB342EC1DEDFB8130189郵箱1EADC6EADAEBDB5BF72C0DDDDFF01636189郵箱C9EEB51E90D376648ABC8782BD19BEFF189郵箱EE2BD5D4F2E27EEA76D610D8BF23B8AA263郵箱262E7BC2B49DFBE191597BADA4CB25C4263郵箱07FD9F3381A771435E104C8D005C41D0263郵箱FA789F3E8BE43FD2D2C09DCB87F529FD阿里雲企業郵箱87F259D76B8EA1AD391A71F577E6AE94阿里雲企業郵箱EE6BC828953B569765893D8B14ECDA8C阿里雲企業郵箱752D6D7956238B986DE34D3DB338E0D4阿里雲企業郵箱1E3B5980C67DF36D290932E5CCF04389阿里雲企業郵箱CFFE916522D2B33952BB1890D07C9EA1阿里雲郵箱9E0E4ED2C5A58BF7D05BEF135AC4354D阿里雲郵箱C2C188C34C8A1F3F9341EE6EB5D117E1阿里雲郵箱9848A991808227CCDD4E508E789B3729沃郵箱D90AED46E0C843D2C3284721D53C86B3新浪VIP郵箱3D6F3C6B14158A4369F28C6C32A7531E新浪郵箱86C0F5D06B34E199EF766713D71A31FA新浪郵箱D81D99EE32451A6F317F98AE91A0E112新浪郵箱87603B257EBDB6AD075D58C18B76A239新浪郵箱C33336342C772B6939FED37119DAF379阿里雲企業郵箱F1E392D71B8CA7784D334A9C1A1CA5C2阿里雲企業郵箱7420A2E524799B2902241063BD82530E阿里雲企業郵箱2.3本次事件威脅安全的手機號碼MD5信息分別如下:手機號碼MD5運營商歸屬地FA713C53A747700C6FB73BCB15978767移動安徽B76A8F4EA35C0E27B495014947F0710D移動安徽0C3F2720DB2C96946E66FE7B9D8D46CE移動安徽3E6CD299424091856CE659CEDCD9E7B5移動安徽D4DD7CEE18329CC280466385BFBCF46A移動安徽650E4A4D01976AD84A173899695680FF移動北京50176993DBAD968D420F2E04096C23B6聯通北京6A7CBCA2D24D05D6BB05EADB126AD552移動北京7FC90509198FAA7F987E9ED9C5012E82移動北京120557A101B4029ABFA5D9A826B8166C移動北京FF40BF93845854C5C830FED8029B505F移動廣東25F62818578F07D3FE8D6D280A667901電信廣東9AB948689F17FB3F36D9E47065076CAC移動廣東05749F94E065BE881FD0FEC10737175D聯通廣東B1C0D4FD4720F3D0A3950A15A6BD62D3移動廣東BE38138EB49B06518D00D18D29C83B2D電信廣東E80C755557FD8BBF20127137937E9211聯通廣東A8AB71438A5FE1C046DD50130BEE457B聯通廣東FA2365BCA440244AB26DA125967F6028移動廣東3E7C9BDBF9C167E404B9B1A123E71A28移動廣東CD11A40807082937F51E391B5AE33FE3移動廣東6449CE6423ACE6E4AE8D876215ADB738移動廣東A9C89D2A02897785A26978E0DBD4ACD6電信廣東BCAF76F9A005116FE17BA57B896FAEFB移動廣東D36D876D463FED8A40204235C4041315聯通廣東8F1ACB2C86E49EEE457F3BECB1B2558B聯通廣東FC9694A28AB39FFC7AC41E8E01904AD7移動廣東790C194A628F5F753CDDEC434E98542A聯通廣東611A2FCB7B6BCB5537F433F3E3457529聯通廣東60A78ED0B62D8D75309D7FCC3FED9F1D聯通廣東64FC0BEBC56020758796D36E209648A1移動廣東D19399CFFE48667B08BE823F09D98EC3聯通廣東F3BBA7509362D3CF2DACA5DEF6860E50移動廣東AACC48DD9A1B7D4FC04908472D4A2566移動廣東58C1A9E28FD6E2985233FC1FE0C7A1CE聯通廣東8E66AED646D4516CF2A2EBDDCE1F5AB3移動廣東AAD1B03CCB0D24B317DD7F57C10E687A移動廣東2B5915CF6D1C6226157FBB21329491ED聯通廣西64D37D5C71E9071FA46461216F91A403聯通廣西262219A7BD38DA85499CE42E902BBF19聯通廣西CA4878CDCE1E3E80415B3AF2FA420715電信河北F17B22377E8E70BAC1B64D95D3BEBAA8電信河北27EAAB68F13BFB1FD58210F1A6DC25EF聯通黑龍江D948A8FED4474EF9F22E939757DCCDB0聯通湖北8CA66D23BAA67F6925992E73995D43D8聯通湖北49AD8F5F4098606D38B8027E3C35A7B1聯通湖北1AE7FDEEBB652076D73290E6E189D9A1聯通湖北731ED2F83CCE5D9807793563E005B68F聯通湖南FA263036271F5EAFDF09CC092ED44FF9聯通江蘇3D75EF0059C1246E034A25C1BF87DBC1聯通江蘇1019D2AE2CC296893D74B7EB4323C115移動江蘇6EB784C24FBA7005AE18E47B75709E40聯通遼寧2AD2AA4BF57BFC3AABEB7553008CE5DB聯通遼寧14C2FA14C3CCA8AA2CFF18ED682ABF7E聯通遼寧1964EFF612426FD29157CF6D60D1762D聯通遼寧CC1D93A66C742D99387C4E63A1A3C782聯通遼寧A644D4CDD3DE168879D2AA738C06FC7B電信山東B878A37D591DAD79049F191A02446ACD電信山東623689FF70BE558A6039A4F0850D56BB電信山東3755522F4CDED56E9FBD388460413D7A電信山東992FC0E69DCADD6DF2B7FE8B2ADA7D87電信山東268C5D68FBF9BCBA2001C2AECD41E267濟南山東4F02CABA185A49BB3D8A9410C2FC6E5E電信山東56A8014FC11039DE93AC5C1E01EF088F電信山東5C0C7144C51B2127C29BD26E38EA9543電信山東D1EDFAAE59CD4E4FE2C1C723C061BF10電信山東CCE4EB1CD142D0626BD66C0C0FF204DF電信山東958BFD0C60C83D830E08E0901AC0840C電信山東BDBA1C6D539D6E132953F3E7DAA0DFEB電信山東72D4987C7E07C236EC849A485D4EB373電信山東F7C34C623492C111BF69F77AB3732EDC電信山東6BC44827C60A58A6CDDDABE0B26A99C9電信山東C1F2DB72DF34A03C4EA4EF21D071ADA5電信山東6F1727971855799A1FA4BAA6904C9050移動上海7295039B06D0E38A8BD5004407FF6C36移動上海各成員單位可在網路安全威脅信息共享平台獲取該移動互聯網惡意程序樣本信息。網路安全威脅信息共享平台地址：網路安全威脅信息共享平台由互聯網協會反網路病毒聯盟（ANVA）主持並建設， 以方便企業共享威脅信息為出發點，以建立網路安全縱深防禦體系為目標，匯總基礎電信運營企業、網路安全企業等各渠道提供的惡意程序、惡意地址、惡意手機號、惡意郵箱等網路安全威脅信息數據，建立公開透明、公平公正的信息評價體系，利於各企業獲得想要的數據，激勵企業貢獻有價值的數據，促進信息共享的發展，遏制威脅信息在網路中的泛濫。 關注我們