Zi 字媒體

2017年8月07日至8月13日，國家互聯網應急中心通過自主監測和樣本交換形式共發現96個竊取用戶個人信息的惡意程序變種，感染用戶15491個。該類病毒通過簡訊進行傳播會私自竊取用戶簡訊和通訊錄，對用戶信息安全造成嚴重的安全威脅。01樣本惡意行為分析1）運行后隱藏安裝圖標,同時誘騙用戶點擊激活設備管理器功能，導致用戶無法正常卸載；2）私自向黑客指定的手機號發送提示簡訊，「軟體安裝完畢\n識別碼：IMEI號碼，型號，手機系統版本」和「激活成功」；3）私自將用戶手機里已存在的所有簡訊和通訊錄上傳至指定的郵箱；4）私自接收指定手機號碼發來簡訊控制指令，執行控制指令內容;5) 私自將用戶接收到新的簡訊轉發至指定的手機號，同時在用戶的收件箱中刪除該簡訊。02樣本惡意數據共享2.1 本次事件感染用戶的分佈信息如下：感染用戶省份感染用戶數量貴州3330山東2745江西2176湖南1190廣東1052四川881河南834浙江501遼寧304江蘇294甘肅287湖北277安徽263上海225廣西192青海173黑龍江130北京129重慶102吉林87福建78陝西52河北51山西39雲南38內蒙古18新疆15天津11海南11寧夏4西藏22.2 本次事件涉及的惡意程序變種文件MD5信息分別如下:樣本MD5程序名稱C5FA1D9C916DD9F319ED379FD3C2C6D4AndroidD5AF1E12BB53B8C4DCFC469BBF6D9C29androidA3F05E9662A8B3FAB2801CBB49A47613成績單E230E0A9ED3BC9D754F5A83515B5EA61回憶過去F3AA86ECFEC5E02F18E7C3A3035B5143回憶過去011E960358A9569FEE1544E68365C6C9紀念冊13FB6EFCB66B5097A2DEC36DE4469875紀念冊1AA5955780C81BC9D71CCD6062975997紀念冊38A26697C04FF5998256639C5E418E57紀念冊40E61486AAD24B0DDA73388AD0020879紀念冊47DF16F339269BDA09B8F3E826B87140紀念冊4F57074891E50C4483067785ED057515紀念冊4F95B2BBB560C4FE51FD12832B061046紀念冊60B839663671B24D1140D69C9D46FB3D紀念冊652136913F221DCBFD6CA31EFDE2A46B紀念冊6A565DAA25D527A45C2331E44AABCEE5紀念冊82039937678DFA4CADB370EC420BBCF2紀念冊8C42A9D2FC86E33D511D09308240FD50紀念冊A068259AC7A1B78DB04043B0E8C3B4AA紀念冊A878E6391822BEB39C68973E7D5E0DE1紀念冊AE62C963C40802780475018B425B90C8紀念冊CE27CFFED817EE64712D25748F65DA9B紀念冊D05BDBFB83144288943CB79F9507F511紀念冊D90BFDAEC3A76EC6314912CF13E8E2C6紀念冊DA025E2C5DAF194A88C7B7E24300043F紀念冊E1A9BECDC1BDBD90297F71D4A0135B4D紀念冊E5304207A7314F0747C973F06E8F086E紀念冊E57F17316C7D20435AEF899AE6323FD8紀念冊F6EB938E29C3C66FC30348C9E853F4DC紀念冊E3845287E78DC14AAB9B0C7C10F89EDC結婚邀請帖A21C9E3B455B52D2441278827887370D聚 會3C12B8C62F26938940269259B2CCB236聚會相冊37E438F84F35EA01A5CCE2D287A6F491聚會照片8E5A8CADD1185C6A11E2552A5D812EE3錄 像A6F72981052F236298E50D9AB8F20F74錄 像6D9472C1BA0073C0E70F6BD1A8ED4AF6錄像9F59E8DC01E04B2D309A7C2D873A13C4錄像BF2FD9B6061724534FE6AD3F32853AAD內部資料D73D79CFAF01DDE2EBD47651A936A77C請柬E4D20BCF27A79964D1D2232C758B55D6請柬196B56AFDCA5BEEC8BA5D4C7BF805965視頻1FBDBA03E6735E4A048B3F3396F91E1E視頻2ABB07715771B11C729DF6FA6B72798E視頻B3D0B742A3E4C2CD5A8104D6A98CF2B5視頻BD8C57A6B9B3FAB81ABB49403C898D79視頻F8998BDC80D8964BE1AD8E354985DFE0視頻89B779A775137C4CC2B1BB046237E5FE體檢表7283C3CFD55039ECE7A3578A2EA542751400964355577C5984B44262E8C6A248違章查詢4FD459903136B53CE3563B43BCFDFBF7違章查詢94C8BB0651A8C3D239ACBA8B2C9E3DFE違章查詢9506CC6EEA88601DE0F77A1576592B73違章查詢9C692760C7E139C274A652CE6566EEEA違章查詢ACA381DB2F5947411B94CE6E274907EA違章查詢C3C2E80683B8FA03D174A68AF77F5579違章查詢06E13E2C35AD71B60E7D815BDE42C2B5違照抓怕查詢1108C509E73F18561C6EAFCAED38A03E文件A0D0F488E4EBC1065BBF7C0CE82EFB57文件0D8AE65F1A700F9ABE97B56DB1362183文-件CC37F5E11A88D679B276172B883B61E5物業通0DDC96B390A65F2C55B806AB07119BD1相冊44BD1130BBFC0A59197C40E63142F95E相冊802B3B42B0679591D6987305ABCE3984相冊80A087777113362D46FC6C78BB17BD37相冊8C460A34588A8F599831421BBB3EFBAC相冊E1136F321887E150AD453B678CCD2D8F相冊EC44772B9E34D84A70B1E8F04E002798相冊18F5A15AF7626FCF737D1EF734472BEC相片193FF29DFE738263487A198AF7ACA95C相片19AF804241F2380E4F28E5ACA2F20365相片1EF0D070EB4658825F8F4EC99BB1DDBF相片2E9075768CBA2C878066B1A6F594D93E相片4961A8B53484D4CA9D0A59984CD7DA37相片678ED674281EA89CDB7EB5D1F72BB288相片679D2BA7CCEE00D82A96B7B2714C1786相片6CD256ED55EE5DA388F7A016FDEE4F7A相片D8E2AA9F04F93832703D3F0C6DA1D126相片F5C9BF95DB8FE385515E24D6887232D8相片FD7900950537CD6BE54D67B21FBFB201相片738FEF714655A86EA2EC22B5580CE7D8校訊通AB5238EB939B81BEED3BE56D2972D74F校訊通0AC2DF6C43396CC0DFE80CA7531C7B94新的影集60015F4B5D9E0D6DFD192F6DDD5B72DE新合照C55508F6AE784063E46D79AC9595139F樣板圖301FC334D241A5B28F2E3347C2E9FCD6翼雲盤188598AC691FA4F3F95354AE72E1A349影 集A779A1FEF7AC6DEE28FE70DE18AA3BD7影 集058A5ECEDDCE2F67AD3C5766D9C32BB6影集7CA720F4EEFB06B2E4B004B9BAB7C5FF影集94D5194FFCF542514FDD35B329F38112影集50038D87E0422BF2354AF96B0584C7FD珍貴相片00F4C70FE690F97E41570B42176BB49C資料圖DA3AC2058785F1579486CA9CAD167FAA資料圖片E7FF9D59A41DE87D25E963DA6595624D資料圖片EDAB6542BEE52350AF103F959D4334B1資料圖片FC93F47F8DA718D764DB4B1815A59723資料圖片2.3 本次事件威脅安全的郵箱賬戶MD5信息分別如下:郵箱賬戶MD5郵箱服務商58CF464B73E6EFAE9948E76D1AB726BD163郵箱6E320B3DD6924D9B917EDDDA80BE891D163郵箱D86CF67DDD8E6E1B380449EBCC487872163郵箱A082479CBB236B2D20439136C7DF6085163郵箱AC0FEEA70FD3CD198710E0813556967B163郵箱2A6778504AFC3C03003B6C22240598D9163郵箱6D34A32F9ED3C0964A0AB2C0189A505E163郵箱0021B8E99E27A0D57216AC56B127E676163郵箱C1E62DB36C2FF540C14678EC5B7CA693163郵箱B11517D3192068775F2268888AC5F343163郵箱915EDF67F5FFDAB0198BFF48E6D13E85189郵箱AC1EA5136DE2BC50DBF872F7FBAB76ED189郵箱9E5CD9F273354E167292907EE99A22BD189郵箱91365A3F3DDD277A23E901862A01D414189郵箱9EF93572B79646A1AFFABFC9BAAF5B65189郵箱DCE33698B1BF84287D286D7FCFA349CA189郵箱20E6F9A319F0D5A012FA89C704D9DF2A189郵箱DF41091491ABFA7DB125CBCE006E48C5189郵箱BB53DE06141148DD9CB2D09F39C8C1F5189郵箱A14C720950E8467AB0F3003A0AB3C0D0189郵箱7627B4D6D13EF34B93ABEC4281283AB1189郵箱4555C5DCFEB7DB623989959D9E6DC66B189郵箱DC60CE459CF5FE9BD846DA4D480C27C0189郵箱21BDC22F333569311179827F2ECD3F0D189郵箱DDCE3F0CAE07D4B6A186579AC0BF7535189郵箱94E7FD63AC22CCD918136C1E5FFA9D69189郵箱BC71E9064C8BC7C4591207CAF9324D96189郵箱C524E11BC7B53B994430C0C23C5B595A189郵箱70992E8AEF2CF6BFBA5D7FE13A8086D7189郵箱7BEFFECA6A0D8F2C16132C06BEE28E26189郵箱3151027463B6808011D0420042C2577A189郵箱1643F5498CB0A13DC7A9FADEB418CD4F189郵箱94DC9D975DCF9568D6429C84EA426902189郵箱8D0021982FC3348F476D18D43EFBAA45189郵箱620B32913D9250432877BB027EA3AC34189郵箱837A68120D6361E0B040DB4479A41CDB189郵箱78C6F6D22EE0B345DE69DB5A2E678CCF189郵箱11000D904A57E969A8A1D181E32B3E8D189郵箱9AF94206E2A902D399F58B56E3E5D2B0189郵箱C8EB24F89E85160503F75ADB5141AF3C189郵箱CA1BDD1D7FD5B47AC2D56CCB9DDDE5D7189郵箱3073F75B43042D515C977DC083C43A73189郵箱8A424C581283B1B1452645A2AE5FDC10189郵箱CFD6028D1F6D679D33C09DE81F454FFB189郵箱6AA7B9EA695805900DC61EB284760874189郵箱48BA4C9081631257F19AB0F1C94F4BF7189郵箱59801415D985A3E320A2995CD7416B11189郵箱BFB0C8E1A8388A57369A410E07F2EF71189郵箱5AE8C9643481CB609EFF3EE0EB206F73189郵箱D8DE20A541089B276D96A3F896BEDC3A189郵箱61E2BEE7EB73B97C5C2EB35409313952189郵箱EFD90385D89D6739A69820A489100E72189郵箱267AA3C62EE8AB667CE6C97D98738023189郵箱331F0A7E70EFC209DB45CEB16747CEFE189郵箱BBE627394FE52A6A0FD74122FB1C0F2B189郵箱A436A96A83FBA522C848299501A3EA62189郵箱E672231DF042920D3E37C0B89691640A189郵箱113B8D2D8F067A8945835018692E9013189郵箱40D91C1017C1F9BB633CF3576529921C189郵箱F1E9EFE566C887F33F0D0BE7C17DA874189郵箱A3F124D27BD455FC83D4D77C900AED96189郵箱2FC8442A6F582374E36EC0F759E95D2421cn郵箱164EC0D7B4D25B952AA8C4B73462CE7A263郵箱F72FF099FA4241C8D6961182797E2D25263郵箱86DC61654D04874BE1B128E9EA0341BD263郵箱2F6E2170421E1F6894FFD87C902F3359263郵箱DF7CD8D7527A1E52FDE8FAA9E17EA662263郵箱389B6FC503D039044F1B2590E13A0D4B263郵箱BF73C7B59A26D3A80CE0EFC8C18E4D21阿里雲企業郵箱CBF90EB26ADC03594D62BC1CB9026107阿里雲郵箱6C84E4FEE48C4D095415246AF4EBF778阿里雲郵箱7D540D1BEC1F1D107A2F1B3C06B8127A阿里雲郵箱84005A0C41EB30261B41AE86EBB0ED20阿里雲郵箱3C8881644BC83119A2AC867467A3C45F阿里雲郵箱2E9616165E960B121FAAA2E120DE7F63阿里雲郵箱71A939538D365EF2D1B3B2FF019E4BEC阿里雲郵箱236AD32D8858572D9C162D05E7766FA7阿里雲郵箱A5DC7E7E070BC8969B5B4AE4918FE357阿里雲郵箱577B60ECC94822EA6E6782B9AEA39B09阿里雲郵箱B2EB281FBFFB3D3BF123BCECD0ADB509沃郵箱D45C26BF773FA281AAE63D9907FE6E7F沃郵箱96920884879AB218E00578C8CBA46DF9新浪VIP郵箱0C7100225BD9EB2C681AAD1D83FE1184新浪VIP郵箱ECDB67726DF4B1C334E3FD6228A3E2FC新浪VIP郵箱6266CBF8AFBA524648738366E635800E新浪VIP郵箱E3BDB2E650EB983C4D3C55155CC8DB7C新浪VIP郵箱568E37F2A1C2F75FA0D0C1D7EC8BC82E新浪VIP郵箱0B07215192A35DE516A86D6F8493FF3F新浪VIP郵箱72BB0596E415B4CB8692AB887DBCCF98新浪VIP郵箱1495282020529F35C3AD5D52F8C4F447新浪VIP郵箱C12B7DF4127331FEE47B4339E8471E50新浪VIP郵箱4EF7D197A2302DAB556615AF7F915CF0新浪郵箱76703777051AD3097417DCD8DCBC7940新浪郵箱6C29A602A671DFF7DD370D846B19932B新浪郵箱CECB059D184A84FB431CC23892A85281新浪郵箱2.4本次事件威脅安全的手機號碼MD5信息分別如下:手機號碼MD5運營商歸屬地A0488B245CFB65FB705FC851C11F4045聯通安徽8F77E10B463257454E2DB1ED4FBC25D8移動安徽FB6D96A5705C58C2FE7337ACC6711040聯通安徽5A89F112B2822A219D4B1E06C1A5B01B聯通安徽15503DB7F7E86BE77630F4D99B6E7929移動安徽09ED6284E3AEE9B44061F860F51CE4D5聯通北京8C9C7E9976840CA47A2B0E243CBC1291移動北京746A9EF410E20B469733A2D834B08526移動北京E6E68B50B04B42A68D0AA3D731C470CE移動北京4C4FBCCC07368FBD8C336806634177C1移動北京D00A0F7D70A93A118A4362F0F2BB0CA4移動北京B4EF781409F0F3B8F70300489A7D836C移動北京D81AC2F4F9B7B9E87F6FC583D8CD74CE聯通北京1849D154F5E2290ACFE01DB1752D7EED聯通廣東B60F62A00AB76DE268BA0489868A86B4移動廣東7BC240C11C6D7D7C7C34B434D0BB208E聯通廣東73B05CFA6C8C6E5FB38B526B4E2E0B55聯通廣東4F82010FFE7744C845753B6C0657BB63聯通廣東90C8EEC4F90BF1422B71C53B7EC12ACD聯通廣東D3CA1CEC98B38E0428A4FD7C7C5F2DE0聯通廣東D34E0BB0EDC6CDDE23481EEBDDB907F3聯通廣東13528D21F350A68871671DBE11A2F3F8聯通廣東6EC8D5BE28F16ED042B472E4829C7EC7聯通廣東0D142413CF5E724F5AE5C2453D32D768移動廣東03115042CC53C7FE945FF21DD12CF057移動廣東43A69525BAD0D0E259574E339AC120AD移動廣東34C353C10B952B6A7DD62F5CFE79A9DB移動廣東7BBDEBA478594AD4622B5AF3AF1627E1移動廣東D1E6EA22371753CCF8B6A3D220AA88E4移動廣東C4938BAB42B7A2679FBC426C7C83E0C0移動廣東781D1365E6234DEC919A5B6EA36A522D移動廣東BCAF76F9A005116FE17BA57B896FAEFB移動廣東178FC34B59D2C2C2CC08C2D0A22F73BE聯通廣東4FEE776D93795D22CE5311B7AC2D384E聯通廣西BCB9B35CA078431D0AFF64709042C2CB聯通廣西2E771AE14805B9814081CD4E9E010428聯通廣西0259EE03B3924A9619532BE5D73FD2D7聯通廣西275B702B947FFF8DEA7E4EBF34A19357聯通廣西29BFCEA742E0EEABDE13F1F2286E95C4移動廣西75379C3C302848F9631007D498541413聯通貴州DBB980FA4A435841800C3564ECB5BC30移動河北2E40082E3F7748B521B37E011D89DA29聯通河南1CC4505C0004B1918DA333984B98EB93聯通河南E23F50AF3E33DA911FF535D5B4E48272聯通黑龍江405454B1884076C14AFADBF5F9BEC0E7聯通湖南E62E40E6F407F31FA3C1AC8D8A29C054聯通湖南66C180F083AB157BF56364FEED469302移動湖南DA48DDE80DC4332FD52F4D20CA91E6CD移動湖南06C31AFB7280CE223FE9487041786BAB聯通湖南D51DB2B33F89E74EABEB07E96F8DD360移動湖南D3D951B89D1DEF719B7955EF9DCF9D10聯通吉林60E09DA66186F45162EC7085823D54C5聯通江蘇96744CDE4E5454374030B0F54E921101聯通江蘇63E0B7A05013BDB83CF2FA1A5834330D聯通遼寧CA07DBB0F6FBCCBF791C587EFC6A9FCF聯通遼寧3112EB13821EE0B1C4A26ACB689BE51A聯通遼寧B2E1F4A09D91D53B7ECEF228032833F7聯通遼寧83479B4277CBB305D61DF48CD47D1447聯通遼寧1964EFF612426FD29157CF6D60D1762D聯通遼寧25E39B44B63820292C3FDB890A2C93A3聯通遼寧0711E4D64884743F311A5B07928FAC15聯通遼寧D5B928489E1FBDC684721A01D0968460聯通遼寧8B5D17A6A58A79FC8B961AD87415296F聯通遼寧B021F610E693E44195FF1755BC3C32A9聯通遼寧BFC25EFC11FDFD8E77D9AD29F15091F0聯通遼寧B78724E6F031C5447C395F7BD51370FD聯通遼寧3649BD187AA533A51894E3C78671C734聯通遼寧476D5A4E8E9F069E1BF9525DDB18E8AE聯通遼寧95AA387D91963FCFDCD8F5A379A805DB聯通遼寧6BC68807B4A7A2ABEE3889F0379C1A05聯通遼寧A3E7B8AF781D4D768C4329316FDDD52E聯通遼寧EA436C7D833CEEED99FEC76AF9254629聯通遼寧D5116D42638C8AD3C8BF4457D43518C5聯通遼寧F591298CF4CD6FBE5348EBE690DFDEBE聯通遼寧C259886C5116E4F55D7CDAF39C183E00聯通山東083D4D4E0DF9CB373C38B39370506E6D聯通山東FA4A2B957F25837546A116FB1B684911聯通山東3CCD2D1D67AF7048D560055086D32F45聯通山東22C6212F4A5B2B578242AC157E4E795C移動山東3129FB04BE455147C193B1DB0C62C641聯通上海6CB156BFB9D5415A2388A3AF24FF685F移動上海6720A28E634C4BC7348B5A9A21A74EFE電信上海80780B2A8D4F837CE63E98FB59B49D24聯通四川0E08AC4351634F2A07F1AA389FF0995C聯通四川AAF6D960D3A470E134E68E17F430D24C聯通四川EEE9FD575620CC5572B9CFAE4C08003D移動天津5F7EADEAAADDE2E6A0C3F624F5E5D5F8聯通雲南A1026BFCB7ACE654C8826F1B25CF6045聯通雲南DCA0356BE99C2F5CCE8B33A6A75290E6聯通雲南69FB93BB18DDD42C301DC09F4A0C6FC9移動雲南6F47D5AB51C300A2FB5D688613C768FA移動浙江BE6D939A7E3A74910C805E73F35A5D99聯通浙江6C595573494A427A0306B1C9895288F6聯通浙江各成員單位可在網路安全威脅信息共享平台獲取該移動互聯網惡意程序樣本信息。網路安全威脅信息共享平台地址：網路安全威脅信息共享平台由互聯網協會反網路病毒聯盟（ANVA）主持並建設， 以方便企業共享威脅信息為出發點，以建立網路安全縱深防禦體系為目標，匯總基礎電信運營企業、網路安全企業等各渠道提供的惡意程序、惡意地址、惡意手機號、惡意郵箱等網路安全威脅信息數據，建立公開透明、公平公正的信息評價體系，利於各企業獲得想要的數據，激勵企業貢獻有價值的數據，促進信息共享的發展，遏制威脅信息在網路中的泛濫。 關注我們