ʻO ka pule i hala Kommersant , "ʻo nā kumu kūʻai o Street Beat a me Sony Center aia i loko o ka lehulehu," akā i ka ʻoiaʻiʻo, ʻoi aku ka hewa o nā mea āpau ma mua o ka mea i kākau ʻia ma ka ʻatikala.
Ua hana mua wau i kahi ʻike loea kikoʻī o kēia leak. , no laila e hele mākou i nā mea nui wale nō.
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.Ua loaʻa manuahi kekahi kikowaena Elasticsearch me nā index:
- graylog2_0
- readme
- unauth_text
- http:
- graylog2_1
В graylog2_0 loaʻa nā lāʻau mai Nowemapa 16.11.2018, 2019 a Malaki XNUMX, a ma graylog2_1 - nā lāʻau mai Malaki 2019 a 04.06.2019/XNUMX/XNUMX. Aia a pani ʻia ke komo ʻana iā Elasticsearch, ka helu o nā moʻolelo i loko graylog2_1 ulu.
Wahi a ka ʻimi ʻimi ʻo Shodan, ua loaʻa manuahi kēia Elasticsearch mai Nowemapa 12.11.2018, 16.11.2018 (e like me ka mea i kākau ʻia ma luna, ʻo nā helu mua i nā lāʻau i hoʻopaʻa ʻia ma Nowemapa XNUMX, XNUMX).
I nā lāʻau, i ke kula gl2_remote_ip Ua kuhikuhi ʻia nā helu IP 185.156.178.58 a me 185.156.178.62, me nā inoa DNS. srv2.inventive.ru и srv3.inventive.ru:
Ua hoʻolaha wau Hui Kūʻai Kūʻai Noʻonoʻo (www.inventive.ru) e pili ana i ka pilikia ma 04.06.2019/18/25 ma 22:30 (Moscow manawa) a ma ka XNUMX:XNUMX ua nalowale ke kikowaena mai ka lehulehu.
Loaʻa nā lāʻau (ʻo nā ʻikepili āpau, ʻaʻole i wehe ʻia nā kope mai ka helu ʻana, no laila ʻoi aku ka liʻiliʻi o ka nui o ka ʻike leaked maoli):
- ʻoi aku ma mua o 3 miliona mau leka uila o nā mea kūʻai mai re: Store, Samsung, Street Beat a me Lego hale kūʻai
- ʻoi aku ma mua o 7 miliona mau helu kelepona o nā mea kūʻai mai re: Store, Sony, Nike, Street Beat a me Lego hale kūʻai
- ʻoi aku ma mua o 21 tausani kau inoa / ʻōlelo huna mai nā moʻolelo pilikino o nā mea kūʻai aku o nā hale kūʻai ʻo Sony a me Street Beat.
- ʻO ka hapa nui o nā moʻolelo me nā helu kelepona a me nā leka uila i loaʻa nā inoa piha (pinepine ma ka Latin) a me nā helu kāleka kūpaʻa.
Ka laʻana mai ka log pili i ka mea kūʻai aku hale kūʻai Nike (ua pani ʻia nā ʻikepili koʻikoʻi āpau me nā huaʻōlelo "X"):
"message": "{"MESSAGE":"[URI] /personal/profile/[МЕТОД ЗАПРОСА] contact[ДАННЫЕ POST] Arrayn(n [contact[phone]] => +7985026XXXXn [contact[email]] => [email protected] [contact[channel]] => n [contact[subscription]] => 0n)n[ДАННЫЕ GET] Arrayn(n [digital_id] => 27008290n [brand] => NIKEn)n[ОТВЕТ СЕРВЕРА] Код ответа - 200[ОТВЕТ СЕРВЕРА] stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7985026XXXXn [email] => [email protected] [channel] => 0n [subscription] => 0n )nn)n","DATE":"31.03.2019 12:52:51"}",A eia kahi laʻana o ka mālama ʻana i nā logins a me nā ʻōlelo huna mai nā moʻolelo pilikino o nā mea kūʻai aku ma nā pūnaewele sc-store.ru и alanui-beat.ru:
"message":"{"MESSAGE":"[URI]/action.php?a=login&sessid=93164e2632d9bd47baa4e51d23ac0260&login=XXX%40gmail.com&password=XXX&remember=Y[МЕТОД ЗАПРОСА] personal[ДАННЫЕ GET] Arrayn(n [digital_id] => 26725117n [brand]=> SONYn)n[ОТВЕТ СЕРВЕРА] Код ответа - [ОТВЕТ СЕРВЕРА] ","DATE":"22.04.2019 21:29:09"}"Hiki ke heluhelu ʻia ka ʻōlelo kūhelu IRG e pili ana i kēia hanana , ʻāpana mai ia mea:
ʻAʻole hiki iā mākou ke haʻalele i kēia wahi a hoʻololi i nā ʻōlelo huna i nā moʻokāki pilikino o nā mea kūʻai aku i nā moʻolelo pilikino, i mea e pale aku ai i ka hoʻohana ʻana i ka ʻikepili mai nā moʻokāki pilikino no nā kumu hoʻopunipuni. ʻAʻole hōʻoia ka hui i nā leaks o ka ʻikepili pilikino o nā mea kūʻai aku street-beat.ru. Ua nānā hou ʻia nā papahana a pau o ka Inventive Retail Group. ʻAʻohe mea hoʻoweliweli i ka ʻikepili pilikino o nā mea kūʻai aku i ʻike ʻia.
He mea maikaʻi ʻole ʻaʻole hiki i ka IRG ke ʻike i ka mea i lele a me ka mea ʻaʻole. Eia kekahi laʻana mai ka log e pili ana i ka mea kūʻai hale kūʻai Street Beat:
"message": "{"MESSAGE":"'DATA' => ['URI' => /local/components/multisite/order/ajax.php,'МЕТОД ЗАПРОСА' = contact,'ДАННЫЕ POST' = Arrayn(n [contact[phone]] => 7915545XXXXn)n,'ДАННЫЕ GET' =nttArrayn(n [digital_id] => 27016686n [brand] => STREETBEATn)n,'ОТВЕТ СЕРВЕРА' = 'Код ответа - '200,'RESPONCE' = stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7915545XXXXn [email] => [email protected]","Дата":"01.04.2019 08:33:48"}",Eia nō naʻe, e neʻe kākou i ka nūhou maikaʻi loa a wehewehe i ke kumu o kēia leak o ka ʻikepili pilikino o nā mea kūʻai aku IRG.
Inā ʻoe e nānā pono i nā papa kuhikuhi o kēia Elasticsearch i loaʻa manuahi, e ʻike ʻoe i ʻelua inoa i loko o lākou: readme и unauth_text. He hōʻailona kēia o kekahi o nā palapala ransomware he nui. Ua hoʻopilikia ʻia ma mua o 4 tausani mau kikowaena Elasticsearch a puni ka honua. Maʻiʻo readme ʻano like ʻole o kēia:
"ALL YOUR INDEX AND ELASTICSEARCH DATA HAVE BEEN BACKED UP AT OUR SERVERS, TO RESTORE SEND 0.1 BTC TO THIS BITCOIN ADDRESS 14ARsVT9vbK4uJzi78cSWh1NKyiA2fFJf3 THEN SEND AN EMAIL WITH YOUR SERVER IP, DO NOT WORRY, WE CAN NEGOCIATE IF CAN NOT PAY"ʻOiai ʻo ka server me nā lāʻau IRG hiki ke loaʻa, ua loaʻa i kahi script ransomware ke komo i ka ʻike o nā mea kūʻai aku a, e like me ka memo i waiho ʻia, ua hoʻoiho ʻia ka ʻikepili.
Eia kekahi, ʻaʻohe oʻu kānalua ua loaʻa kēia waihona ma mua oʻu a ua hoʻoiho ʻia. E ʻōlelo paha wau ua maopopo iaʻu kēia. ʻAʻohe mea huna e ʻimi ʻia a hoʻokuʻu ʻia kēlā mau waihona wehe.
Hiki ke loaʻa mau nā nūhou e pili ana i ka leaks ʻike a me nā mea komo ma kaʻu kahawai Telegram "»: .
Source: www.habr.com