ProHoster > Blog > Utongi > Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

Kuferefeta nyaya dzine chekuita ne phishing, botnets, hunyengeri hwekutengeserana uye mapoka evapambi vemhosva, Boka-IB nyanzvi dzave dzichishandisa girafu kuongorora kwemakore akawanda kuona mhando dzakasiyana dzekubatanidza. Mhosva dzakasiyana dzine yavo seti yedata, yavo maalgorithms ekuona zvinongedzo, uye mainterface akagadzirirwa mamwe mabasa. Maturusi ese aya akagadzirwa mukati neBoka-IB uye aingowanikwa kune vashandi vedu chete.

Grafu kuongororwa kwe network network (network graph) chakava chishandiso chekutanga chemukati chatakavaka mune zvese zvekambani zvigadzirwa zveveruzhinji. Tisati tagadzira girafu yedu yetiweki, takaongorora zviitiko zvakawanda zvakafanana pamusika uye hatina kuwana chigadzirwa chimwe chete chinogutsa zvatinoda. Muchikamu chino tichataura nezve magadzirirwo atakaita network network, mashandisiro atinoita uye matambudziko api atakasangana nawo.

Dmitry Volkov, CTO Boka-IB uye mukuru wecyber intelligence

Chii chingaite Group-IB network graph?

Kuferefeta

Kubva pakavambwa Boka-IB muna 2003 kusvika pari zvino, kuziva, kudhirowa uye kuunza matsotsi epamhepo pakururamisira kwave kuri pamberi pabasa redu. Hapana kana ongororo yecyberattack yakapera pasina kuongorora network network yevanorwisa. Pakutanga kwerwendo rwedu, raive "basa remawoko" rinorwadza kutsvaga hukama hwaigona kubatsira mukuziva matsotsi: ruzivo nezve mazita emadomasi, IP kero, dijitari zvigunwe zvemaseva, nezvimwe.

Vazhinji vanorwisa vanoedza kuita sevasingazivikanwe sezvinobvira pane network. Zvisinei, kufanana nevanhu vose, vanokanganisa. Chinangwa chikuru chekuongorora kwakadaro kutsvaga "chena" kana "grey" mapurojekiti ezvakaitika kare evapambi ane mharadzano nehutsinye hunoshandiswa muchiitiko chatiri kuongorora. Kana zvichikwanisika kuona "mapurojekiti machena", ipapo kuwana anorwisa, sekutonga, inova basa diki. Panyaya ye "grey", kutsvaga kunotora nguva yakawanda uye kushanda nesimba, sezvo varidzi vavo vanoedza kusazivikanwa kana kuvanza data rekunyoresa, asi mikana inoramba yakakwirira. Sezvo mutemo, pakutanga kwemabasa avo ehutsotsi, vanorwisa vanobhadhara zvishoma kuchengetedzeka kwavo uye vanoita zvikanganiso zvakawanda, saka kudzika kwatinogona kunyura munyaya, kunowedzera mikana yekuongorora kwakabudirira. Ndokusaka network girafu ine nhoroondo yakanaka chinhu chakakosha zvakanyanya pakuferefeta kwakadaro. Zvichitaurwa zviri nyore, iyo yakadzama nhoroondo data iyo kambani ine, zviri nani girafu rayo. Ngatitii nhoroondo yemakore mashanu inogona kubatsira kugadzirisa, nemamiriro ezvinhu, 5-1 kunze kwemhosva gumi, uye nhoroondo yemakore gumi nemashanu inopa mukana wekugadzirisa zvose gumi.

Phishing uye Kuona Kubiridzira

Pese patinogashira chinongedzo chekufungidzira kune phishing, hunyengeri kana pirated sosi, isu tinozvigadzira isu tinogadzira girafu yezviwanikwa zvenetiweki zvine hukama uye tarisa ese anowanikwa anotambira kune zvakafanana zvirimo. Izvi zvinokutendera kuti uwane ese ari maviri ekare phishing saiti aive achishanda asi asingazivikanwe, pamwe chete neayo matsva akagadzirirwa kurwiswa mune ramangwana, asi asati ashandiswa. Muenzaniso wekutanga unoitika kazhinji: takawana saiti yekubira pane sevha ine masaiti mashanu chete. Nekutarisa imwe neimwe yadzo, tinowana phishing zvemukati pane mamwe masaiti, zvinoreva kuti tinogona kuvharira 5 pane 5.

Tsvaga kumashure

Maitiro aya anodiwa kuti uone panogara server yakaipa.
99% yezvitoro zvemakadhi, maforamu ehacker, zviwanikwa zvakawanda zvehutsotsi uye mamwe maseva ane hutsinye akavanzwa kuseri kwesevha yavo yeproxy uye proxies yemasevhisi ari pamutemo, semuenzaniso, Cloudflare. Zivo pamusoro peiyo chaiyo backend yakakosha pakuferefeta: mupi wekutambira kubva kwaanogona kutorwa sevha anove anozivikanwa, uye zvinokwanisika kuvaka hukama nemamwe mapurojekiti akashata.

Semuyenzaniso, une saiti yekubira yekunhonga data yekadhi rekubhanga inotsinhirwa kuIP kero 11.11.11.11, uye kero yekadhishop inogadzirisa kuIP kero 22.22.22.22. Panguva yekuongorora, zvinogona kuitika kuti zvose phishing saiti uye cardshop vane common backend IP address, semuenzaniso, 33.33.33.33. Ruzivo urwu runotibvumira kuvaka hukama pakati pekurwiswa kwe phishing uye chitoro chekadhi uko data rebhangi kadhi rinogona kutengeswa.

Chiitiko kuwirirana

Paunenge uine zviviri zvakasiyana zvinokonzeresa (ngatiti paIDS) ine malware akasiyana uye akasiyana maseva kudzora kurwiswa, unovabata sezviitiko zviviri zvakazvimirira. Asi kana paine hukama hwakanaka pakati pezvivakwa zvakashata, zvino zvinova pachena kuti izvi hazvisi kurwisa kwakasiyana, asi nhanho dzeimwe, yakaoma yakawanda-nhanho kurwisa. Uye kana chimwe chezviitiko chave kutonzi kune chero boka revanorwisa, saka yechipiri inogonawo kuverengerwa kune rimwe boka. Ehe, maitiro ekupa akanyanya kuomarara, saka bata izvi semuenzaniso wakapfava.

Chiratidzo kupfumisa

Isu hatizotarise zvakanyanya kune izvi, sezvo ichi ndicho chiitiko chakajairika chekushandisa magirafu mucybersecurity: iwe unopa chiratidzo chimwe chete sekuisa, uye sekubuda iwe unowana akatevedzana ane hukama zviratidzo.

Kuziva mapatani

Kuziva maitiro kwakakosha pakuvhima kunobudirira. Magirafu anokubvumira kwete chete kuwana zvinhu zvine hukama, asi zvakare kuona zvakajairika zvimiro izvo zvinoonekwa zverimwe boka revatsotsi. Kuziva kwehunhu hwakasiyana hwakadai hunotendera iwe kuti uzive zvivakwa zveanorwisa kunyangwe padanho rekugadzirira uye pasina humbowo hunosimbisa kurwiswa, senge phishing emails kana malware.

Sei takagadzira yedu network graph?

Zvekare, takatarisa mhinduro kubva kune vakasiyana vatengesi tisati tasvika pamhedzisiro yekuti taifanira kugadzira yedu chishandiso chaigona kuita chimwe chinhu chisingagone kuitwa. Zvakatora makore akati kuti kuigadzira, panguva iyo takaishandura zvachose kakawanda. Asi, kunyangwe nguva yakareba yebudiriro, hatisati tawana analogue imwe chete yaizogutsa zvatinoda. Tichishandisa chigadzirwa chedu, takazokwanisa kugadzirisa anenge matambudziko ese atakawana mumagirafu etiweki aripo. Pazasi isu tichaongorora matambudziko aya zvakadzama:

dambudziko
chisarudzo

Kushaikwa kweanopa ane akasiyana akaunganidzwa e data: domains, passive DNS, passive SSL, DNS marekodhi, akavhurika ports, anomhanyisa masevhisi pazviteshi, mafaera ari kufambidzana nemazita emazita uye IP kero. Tsanangudzo. Kazhinji, vanopa vanopa akasiyana marudzi e data, uye kuti uwane iyo yakazara mufananidzo, iwe unofanirwa kutenga kunyoreswa kubva kune wese munhu. Kunyange zvakadaro, hazvigoneke nguva dzose kuwana data rese: vamwe vanopa SSL vanopa data chete nezve zvitupa zvakapihwa nemaCA anovimbwa, uye kuvharika kwavo kwezvitupa zvakasaina kwakashata zvakanyanya. Vamwe vanopawo data vachishandisa zvitupa zvekuzvisaina, asi tora chete kubva kumadoko akajairwa.
Isu takaunganidza zvese zviri pamusoro apa. Semuenzaniso, kuti titore data nezve SSL zvitupa, isu takanyora yedu sevhisi inovatora kubva kuCAs akavimbika uye nekutarisa iyo yese IPv4 nzvimbo. Zvitupa zvakaunganidzwa kwete kubva kuIP chete, asiwo kubva kune ese madomain uye subdomain kubva kune yedu dhatabhesi: kana iwe uine iyo domain example.com uye subdomain yayo. www.example.com uye vose vanotsunga IP 1.1.1.1, zvino paunoedza kuwana SSL chitupa kubva pachiteshi 443 pa IP, domain uye subdomain yayo, unogona kuwana migumisiro mitatu yakasiyana. Kuti titore data pazviteshi zvakavhurika uye masevhisi anomhanya, taifanira kugadzira yedu yakagovaniswa scanning system, nekuti mamwe masevhisi aiwanzova neIP kero dzemaseva avo ekuvheneka pa "black list." Masevhisi edu ekuongorora anogumawo ari pamablacklists, asi mhedzisiro yekuona masevhisi atinoda yakakwira kupfuura yeavo vanongotarisa madoko akawanda sezvinobvira uye vachitengesa kuwana kune iyi data.

Kushaikwa kwekuwana dhatabhesi rese rezvinyorwa zvenhoroondo. Tsanangudzo. Wese mupi akajairwa ane nhoroondo yakaunganidzwa yakanaka, asi nezvikonzero zvechisikigo isu, semutengi, takatadza kuwana ruzivo rwese nhoroondo. Avo. Iwe unogona kuwana iyo nhoroondo yese kune imwechete rekodhi, semuenzaniso, nedomasi kana IP kero, asi haugone kuona nhoroondo yezvese - uye pasina izvi haugone kuona iyo yakazara mufananidzo.
Kuti tiunganidze marekodhi akawanda enhoroondo pamadomasi sezvinobvira, takatenga dhatabhesi dzakasiyana-siyana, takabvisa zviwanikwa zvakawanda zvakavhurika zvaive nenhoroondo iyi (zvakanaka kuti pakanga paine mazhinji), uye takataurirana nemazita ezita registrars. Yese inogadziridza kune yedu yekuunganidza inochengetwa iine nhoroondo yakazara yekudzokorora.

Zvese zviripo zvinogadzirisa zvinokutendera iwe kuti uvake girafu nemaoko. Tsanangudzo. Ngatiti iwe wakatenga zvakawanda zvekunyoreswa kubva kune vese vanogona data vanopa (kazhinji vanonzi "enrichers"). Paunenge uchida kugadzira girafu, iwe "maoko" unopa murairo wekuvaka kubva kune yaunoda yekubatanidza chinhu, wozosarudza izvo zvinodiwa kubva kune zvinhu zvinoonekwa uye kupa murairo kuti upedze kubatana kubva kwavari, zvichingodaro. Muchiitiko ichi, mutoro wekuti girafu ichavakwa zvakanaka sei iri pamunhu.
Takagadzira magirafu otomatiki. Avo. kana iwe uchida kuvaka girafu, ipapo zvinongedzo kubva kune yekutanga chinhu zvinovakwa otomatiki, zvino kubva kune ese anotevera, zvakare. Nyanzvi inongoratidza hudzamu hunoda kuvakwa girafu. Maitiro ekuzadzisa otomatiki magirafu ari nyore, asi vamwe vatengesi havaaite nekuti anoburitsa nhamba huru yezvisina basa mhedzisiro, uye isu taifanirawo kutora dhizaini iyi (ona pazasi).

Zvakawanda zvisina basa mhedzisiro idambudziko kune ese network chinhu magirafu. Tsanangudzo. Semuenzaniso, "yakaipa domain" (yakabatanidzwa mukurwiswa) inosanganiswa nesevha ine 10 mamwe madomasi akabatana nawo mumakore gumi apfuura. Paunenge uchiwedzera nemaoko kana kugadzira otomatiki girafu, ese aya 500 domains anofanirwawo kuoneka pagirafu, kunyangwe asina hukama nekurwiswa. Kana, semuenzaniso, iwe unotarisa iyo IP chiratidzo kubva kune chengetedzo report yemutengesi. Kazhinji, mishumo yakadaro inoburitswa nekunonoka kukuru uye kazhinji inotora gore kana kupfuura. Zvingangodaro, panguva yaunoverenga mushumo, sevha ine iyi IP kero yakatorendwa kune vamwe vanhu vane mamwe ma connections, uye kuvaka girafu kuchaita zvakare kuti iwe uwane mhinduro dzisina basa.
Isu takadzidzisa sisitimu kuona zvinhu zvisina basa tichishandisa pfungwa imwechete sezvakaitwa nenyanzvi dzedu pamaoko. Semuenzaniso, uri kutarisa yakaipa domain example.com, iyo zvino inogadzirisa ku IP 11.11.11.11, uye mwedzi wapfuura - kune IP 22.22.22.22. Mukuwedzera kune domain example.com, IP 11.11.11.11 inobatanidzwawo nemuenzaniso.ru, uye IP 22.22.22.22 inobatanidzwa ne 25 zviuru zvemamwe matunhu. Iyo sisitimu, senge munhu, inonzwisisa kuti 11.11.11.11 ingangove yakazvitsaurira sevha, uye sezvo example.ru domain yakafanana mukupereta kune example.com, saka, ine mukana wakakura, iwo akabatana uye anofanirwa kunge ari pa graph; asi IP 22.22.22.22 ndeyekugovera kugovera, saka nzvimbo dzayo dzose hazvidi kuverengerwa mugirafu kunze kwekunge paine zvimwe zvinongedzo zvinoratidza kuti chimwe cheizvi zviuru makumi maviri neshanu zvemadomasi zvinodawo kuiswa (semuenzaniso, example.net) . Sistimu isati yanzwisisa kuti zvinongedzo zvinoda kutyorwa uye zvimwe zvinhu zvisafambiswe kugirafu, zvinotora mundangariro zvinhu zvakawanda zvezvinhu uye zvikwata zvinosanganisirwa zvinhu izvi, pamwe nesimba rezvinobatanidzwa. Semuyenzaniso, kana tiine kasumbu kadiki (25 elements) pagirafu, iyo inosanganisira yakashata domain, uye imwe hombe cluster (50 thousand elements) uye masumbu ese ari maviri akabatana nekubatana (line) ine simba rakaderera kwazvo (uremu) , ipapo kubatana kwakadaro kuchaputswa uye zvinhu kubva muboka guru zvichabviswa. Asi kana pane zvakawanda zvakabatanidzwa pakati pemasumbu maduku uye makuru uye simba rawo rinowedzera zvishoma nezvishoma, ipapo munyaya iyi kubatana hakuzoputsika uye zvinhu zvinodiwa kubva kumasumbu maviri zvicharamba zviri pagirafu.

Iyo server uye domain muridzi nguva haina kuverengerwa. Tsanangudzo. "Dhaini dzakaipa" dzichapera munguva pfupi kana kuti gare gare uye dzichatengwa zvakare nekuda kwezvinangwa zvakaipa kana zviri pamutemo. Kunyangwe bulletproof hosting maseva anorendwa kune akasiyana hacker, saka zvakakosha kuziva uye kufunga nezve nguva iyo imwe domain/server yaive pasi pekutonga kwemuridzi mumwe. Tinowanzosangana nemamiriro ezvinhu apo sevha ine IP 11.11.11.11 ikozvino inoshandiswa seC & C yebhangi rebhangi, uye mwedzi miviri yapfuura yaidzorwa neRansomware. Kana tikavaka hukama tisingafungi nezvenguva dzevaridzi, zvinotaridzika senge pane hukama pakati pevaridzi vebhangi botnet uye ransomware, kunyangwe hazvo pasina. Mubasa redu, kukanganisa kwakadaro kwakakosha.
Isu takadzidzisa hurongwa hwekusarudza nguva dzevaridzi. Kune domains izvi zviri nyore, nekuti whois kazhinji ine kunyoresa kutanga uye mazuva ekupera uye, kana paine nhoroondo yakazara yekuchinja kwewhois, zviri nyore kuona nguva. Kana kunyoreswa kwedomasi kusati kwapera, asi manejimendi ayo akaendeswa kune vamwe varidzi, inogona zvakare kuteverwa. Iko hakuna dambudziko rakadaro reSSL zvitupa, nekuti zvinopihwa kamwe chete uye hazvina kuvandudzwa kana kutamiswa. Asi nezvitupa zvakasaina wega, haugone kuvimba nemazuva akatsanangurwa munguva yechokwadi yechitupa, nekuti unogona kugadzira chitupa cheSSL nhasi, uye tsanangura zuva rekutanga retifiketi kubva 2010. Chinhu chakanyanya kuoma ndechekuona nguva yevaridzi yemaseva, nekuti chete vanopa vanopa vane mazuva uye nguva dzekurenda. Kuti tione nguva yevaridzi veseva, takatanga kushandisa mhedzisiro yekutarisa pachiteshi uye kugadzira zvigunwe zvekumhanya masevhisi pachiteshi. Tichishandisa ruzivo urwu, tinogona kunyatsotaura kana muridzi weseva achinja.

Kubatana kushoma. Tsanangudzo. Mazuvano, harisi kana dambudziko kuwana runyoro rwemahara rwemadomasi ane whois ine chaiyo email kero, kana kutsvaga ese madomasi aisanganiswa neakananga IP kero. Asi kana zvasvika kune vanobira vanoita zvavanogona kuti vaomese kuteedzera, isu tinoda mamwe matipi ekutsvaga zvivakwa zvitsva uye kuvaka zvitsva zvinongedzo.
Takapedza nguva yakawanda tichitsvaga kuti tingabvisa sei data yaisawanikwa nenzira yakajairika. Isu hatigone kutsanangura pano kuti inoshanda sei nekuda kwezvikonzero zviri pachena, asi mune mamwe mamiriro ezvinhu, hackers, kana vachinyoresa domains kana kurenda uye kuseta maseva, vanoita zvikanganiso zvinovabvumira kuwana email kero, hacker aliases, uye backend kero. Iyo yakawanda yekubatanidza iwe yaunobvisa, iwo akanyanya kunaka magirafu aunogona kuvaka.

Kuti girafu yedu inoshanda sei

Kuti utange kushandisa network graph, unofanirwa kuisa iyo domain, IP kero, email, kana SSL chitupa chigunwe mubhara yekutsvaga. Pane zvinhu zvitatu izvo muongorori anogona kudzora: nguva, nhanho kudzika, uye kujekesa.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

ВрСмя

Nguva - zuva kana kupindirana apo chinhu chakatsvagwa chakashandiswa kuita zvakaipa. Kana iwe ukasatsanangudza iyi parameter, iyo system pachayo ndiyo ichasarudza iyo yekupedzisira nguva yemuridzi yechishandiso ichi. Semuenzaniso, muna Chikunguru 11, Eset yakabudiswa chirevo nezve mashandisiro anoita Buhtrap iyo 0-zuva kushandiswa kwecyber espionage. Pane 6 zviratidzo pamagumo emushumo. Imwe yacho, safe-telemetry[.]net, yakanyoreswa zvakare musi wa16 Chikunguru. Naizvozvo, kana iwe ukavaka girafu mushure meChikunguru 16, iwe unowana zvisina basa. Asi kana iwe ukaratidza kuti iyi domain yakashandiswa zuva rino risati rasvika, ipapo girafu rinosanganisira 126 madomasi matsva, 69 IP kero isina kunyorwa mushumo weEset:

  • ukrfreshnews[.]com
  • unian-search[.]com
  • vesti-world[.] info
  • runewsmeta[.]com
  • foxnewsmeta[.]biz
  • sobesednik-meta[.]info
  • rian-ua[.] mambure
  • uye vamwe.

Pamusoro pezviratidzo zvetiweki, isu tinobva tangowana zvinongedzo nemafaira ane hutsinye aive nehukama neichi chivakwa uye ma tag anotiudza kuti Meterpreter neAZORult zvakashandiswa.

Chinhu chikuru ndechekuti iwe unowana iyi mhedzisiro mukati mesekondi imwe uye iwe hauchadi kupedza mazuva uchiongorora iyo data. Zvechokwadi, nzira iyi dzimwe nguva inoderedza zvakanyanya nguva yekuongorora, iyo inowanzokosha.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

Nhamba yematanho kana kudzika kwekudzokorora iyo girafu ichavakwa nayo

Nekutadza, kudzika kuri 3. Izvi zvinoreva kuti zvinhu zvese zvine hukama zvakananga zvichawanikwa kubva kune chinodiwa chinhu, ipapo mitsva yekubatanidza ichavakwa kubva kune chimwe nechimwe chinhu chitsva kuenda kune zvimwe zvinhu, uye zvinhu zvitsva zvichagadzirwa kubva kune zvitsva kubva kune yekupedzisira. step.

Ngatitorei muenzaniso usina hukama neAPT uye 0-day exploits. Munguva ichangopfuura, imwe nyaya inofadza yekubiridzira ine chokuita nekristptocurrencies yakatsanangurwa paHabrΓ©. Chirevo chinotaura nezve domain themcx[.]co, inoshandiswa nevatsotsi kugamuchira webhusaiti inodaidzira kuve Miner Coin Exchange uye runhare-kutarisa[.]xyz kukwezva traffic.

Zviri pachena kubva mutsanangudzo kuti chirongwa chinoda hupfumi hwakakura hwekukwezva traffic kune zviwanikwa zvehunyengeri. Isu takasarudza kutarisa iyi hupfumi nekuvaka girafu mumatanho mana. Iyo yakabuda yaive graph ine 4 domains uye 230 IP kero. Tevere, tinogovanisa madomasi muzvikamu zviviri: iwo akafanana nemasevhisi ekushanda nemakristptocurrencies uye ayo anoitirwa kutyaira traffic kuburikidza nefoni yekuongorora masevhisi:

Zvinoenderana cryptocurrency
Yakabatana nefoni punching masevhisi

coinkeeper[.] cc
caller-record[.]saiti.

mcxwallet[.]co
marekodhi efoni[.]nzvimbo

btcnoise[.]com
fone-uncover[.]xyz

cryptominer[.]tarisa
nhamba-vhura[.] ruzivo

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

Kuchenesa

Nekutadza, iyo "Grafu Kucheneswa" sarudzo inogoneswa uye zvese zvisina basa zvinobviswa kubva pagirafu. Nenzira, yakashandiswa mumienzaniso yose yapfuura. Ini ndinofanoona mubvunzo wechisikigo: tingaite sei chokwadi chekuti chimwe chinhu chakakosha hachina kubviswa? Ini ndichapindura: kune vaongorori vanofarira kugadzira magirafu nemaoko, kuchenesa otomatiki kunogona kuremara uye nhamba yematanho inogona kusarudzwa = 1. Zvadaro, muongorori achakwanisa kupedzisa girafu kubva kune zvinhu zvaanoda uye kubvisa zvinhu kubva. girafu risingakoshi pabasa racho.

Yatova pane girafu, nhoroondo yekuchinja muwhois, DNS, pamwe nekuvhurika zviteshi uye masevhisi ari kushanda pazviri inove inowanikwa kune muongorori.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

Zvemari phishing

Isu takaongorora zviitiko zverimwe boka reAPT, iro kwemakore akati wandei rakarwisa hutsotsi kune vatengi vemabhangi akasiyana munzvimbo dzakasiyana. Chimiro cheboka iri kwaive kunyoreswa kwemazita akafanana chaizvo nemazita emabhangi chaiwo, uye mazhinji enzvimbo dzephishing aive neyakafanana dhizaini, misiyano chete iri mumazita emabhangi uye logos yavo.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu
Mune ino kesi, otomatiki graph kuongororwa kwakatibatsira zvakanyanya. Tichitora imwe yenzvimbo dzavo - lloydsbnk-uk[.]com, mumasekonzi mashoma takavaka girafu rine hudzamu hwematanho matatu, iro rakaratidza nzvimbo dzinodarika mazana maviri nemakumi mashanu dzakashandiswa neboka iri kubva 3 uye dziri kuramba dzichishandiswa. . Mamwe emadomasi aya akatotengwa nemabhanga, asi nhoroondo dzezvakaitika kare dzinoratidza kuti dzakambonyoreswa kune vanorwisa.

Kuti zvive pachena, mufananidzo unoratidza girafu rine hudzamu hwematanho maviri.

Zvinokosha kuziva kuti kare muna 2019, vapambi vakachinja maitiro avo uye vakatanga kunyoresa kwete chete madomasi emabhangi ekubata webhu phishing, asiwo madomasi emakambani akasiyana ekubvunzana ekutumira maemail e phishing. Semuenzaniso, iyo domains swift-department.com, saudconsultancy.com, vbgrigoryanpartners.com.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

Cobalt chikwata

Muna Zvita 2018, boka rehacker Cobalt, rinonyanya kurwisa kwakanangana nemabhangi, rakatumira mushandirapamwe wekutumira wakamiririra National Bank yeKazakhstan.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu
Mavara aya ane zvinongedzo kuhXXps://nationalbank.bz/Doc/Prikaz.doc. Gwaro rakadhaunirodwa raive nemacro rakatangisa Powershell, yaizoedza kurodha nekuita faira kubva hXXp://wateroilclub.com/file/dwm.exe mu%Temp%einmrmdmy.exe. Iyo faira %Temp%einmrmdmy.exe aka dwm.exe iCobInt stager yakagadziridzwa kuti idyidzane nesevha hXXp://admvmsopp.com/rilruietguadvtoefmuy.

Fungidzira kusakwanisa kugamuchira maemail aya ephishing uye kuita ongororo yakazara yemafaira akashata. Girafu renzvimbo yakaipa yenyika yebhangi[.] bz rinobva raratidza kubatanidza nemamwe madhomeini ane hutsinye, rinoratidza kuboka uye rinoratidza mafaera akashandiswa pakurwisa.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu
Ngatitorei IP kero 46.173.219[.]152 kubva mugirafu iyi uye tigadzire girafu kubva mairi mune imwe pass todzima kuchenesa. Pane 40 domains ane chekuita nazvo, semuenzaniso, bl0ckchain[.]ug
paypal.co.uk.qlg6[.]pw
cryptoelips[.]com

Tichitarisa nemazita emazita, zvinoita sekuti anoshandiswa muzvirongwa zvekubiridzira, asi algorithm yekuchenesa yakaziva kuti yakanga isina hukama nekurwiswa uku uye haina kuaisa pagirafu, iyo inorerutsa zvakanyanya maitiro ekuongorora uye kupihwa.

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu
Kana ukavaka patsva girafu uchishandisa nationalbank[.]bz, asi ukadzima girafu yekuchenesa algorithm, ichange iine zvinhu zvinopfuura mazana mashanu, mazhinji acho asina chekuita neboka reCobalt kana kurwisa kwavo. Muenzaniso wekuti girafu rakadaro rinotaridzika sei wakapihwa pazasi:

Nzira yako yekubuda, girafu: sei isu hatina kuwana yakanaka network girafu uye takagadzira yedu

mhedziso

Mushure memakore akati wandei ekugadzirisa kwakanaka, kuyedzwa mukuferefeta chaiko, kutsvagisa kwekutyisidzira uye kuvhima varwisi, hatina kukwanisa chete kugadzira chishandiso chakasarudzika, asiwo kushandura maitiro enyanzvi mukati mekambani pachiri. Pakutanga, nyanzvi dzehunyanzvi dzinoda kutonga kwakazara pamusoro peiyo grafu yekuvaka maitiro. Kuvanyengetedza kuti kugadzira magirafu otomatiki kwaigona kuita ikoku zviri nani kupfuura munhu ane ruzivo rwokuzviwanira rwamakore akawanda kwakanga kwakaoma zvikuru. Zvese zvakasarudzwa nenguva uye akawanda "manual" cheki yemhedzisiro yezvakagadzirwa negirafu. Iye zvino nyanzvi dzedu hadzingovimbi nehurongwa, asi zvakare dzinoshandisa mhedzisiro yainowana mubasa ravo rezuva nezuva. Iyi tekinoroji inoshanda mukati meimwe neimwe yemasisitimu edu uye inotibvumira kuona zvirinani kutyisidzira kwechero mhando. Iyo interface yebhuku rekuongorora girafu inovakwa mune zvese Boka-IB zvigadzirwa uye inowedzera zvakanyanya kugona kwekuvhima cybercrime. Izvi zvinosimbiswa neanoongorora wongororo kubva kune vatengi vedu. Uye isu, isu, tinoenderera mberi nekupfumisa iyo girafu nedata uye tichishanda pane nyowani algorithms tichishandisa hungwaru hwekugadzira kugadzira iyo yakanyanya kurongeka network graph.

Source: www.habr.com

Voeg