{"id":3769,"date":"2024-05-02T08:31:05","date_gmt":"2024-05-02T08:31:05","guid":{"rendered":"https:\/\/chuyendoiso.haiphong.gov.vn\/?p=3769"},"modified":"2025-04-17T08:32:16","modified_gmt":"2025-04-17T08:32:16","slug":"phan-tich-phan-mem-doc-hai-dinodasrat-tren-linux","status":"publish","type":"post","link":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/2024\/05\/02\/phan-tich-phan-mem-doc-hai-dinodasrat-tren-linux\/","title":{"rendered":"Ph\u00e2n t\u00edch ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i DinodasRAT tr\u00ean Linux"},"content":{"rendered":"

DinodasRAT hay c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 XDealer l\u00e0 m\u1ed9t backdoor \u0111a n\u1ec1n t\u1ea3ng \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n b\u1eb1ng ng\u00f4n ng\u1eef C++ cung c\u1ea5p nhi\u1ec1u t\u00ednh n\u0103ng \u0111\u1ed9c h\u1ea1i. DinodasRAT cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng theo d\u00f5i v\u00e0 thu th\u1eadp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m t\u1eeb m\u00e1y t\u00ednh c\u1ee7a m\u1ee5c ti\u00eau. M\u1ed9t phi\u00ean b\u1ea3n cho h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o c\u00e1c th\u1ef1c th\u1ec3 c\u1ee7a Ch\u00ednh ph\u1ee7 Guyana v\u00e0 \u0111\u01b0\u1ee3c c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u t\u1edbi t\u1eeb c\u00f4ng ty b\u1ea3o m\u1eadt ESET (Slovakia) b\u00e1o c\u00e1o v\u1edbi t\u00ean g\u1ecdi l\u00e0 chi\u1ebfn d\u1ecbch Jacana. B\u00e0i vi\u1ebft s\u1ebd ph\u00e2n t\u00edch c\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i DinodasRAT d\u1ef1a tr\u00ean b\u00e1o c\u00e1o c\u1ee7a h\u00e3ng b\u1ea3o m\u1eadt Kaspersky.<\/strong><\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

T\u1ed5ng quan v\u1ec1 DinodasRAT<\/strong><\/p>\n

V\u00e0o \u0111\u1ea7u th\u00e1ng 10\/2023, c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u c\u1ee7a Kaspersky \u0111\u00e3 ph\u00e1t hi\u1ec7n ra phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a DinodasRAT tr\u00ean\u00a0Linux\u00a0v\u00e0 cho r\u1eb1ng phi\u00ean b\u1ea3n n\u00e0y (V10) c\u00f3 th\u1ec3 \u0111\u00e3 b\u1eaft \u0111\u1ea7u ho\u1ea1t \u0111\u1ed9ng t\u1eeb\u00a0n\u0103m 2022, m\u1eb7c d\u00f9 bi\u1ebfn th\u1ec3 Linux \u0111\u1ea7u ti\u00ean \u0111\u01b0\u1ee3c bi\u1ebft \u0111\u1ebfn (V7) v\u1eabn ch\u01b0a \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 c\u00f4ng khai, \u0111\u00e3 c\u00f3 t\u1eeb n\u0103m 2021.<\/p>\n

Phi\u00ean b\u1ea3n DinodasRAT tr\u00ean Linux ch\u1ee7 y\u1ebfu nh\u1eafm v\u00e0o c\u00e1c b\u1ea3n ph\u00e2n ph\u1ed1i d\u1ef1a tr\u00ean Red Hat v\u00e0 Ubuntu. Khi \u0111\u01b0\u1ee3c th\u1ef1c thi l\u1ea7n \u0111\u1ea7u ti\u00ean, ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd t\u1ea1o m\u1ed9t t\u1ec7p \u1ea9n trong c\u00f9ng th\u01b0 m\u1ee5c v\u1edbi t\u1ec7p th\u1ef1c thi, theo \u0111\u1ecbnh d\u1ea1ng \u201c.[executable_name].mu\u201d. T\u1ec7p n\u00e0y \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng nh\u01b0 m\u1ed9t gi\u00e1 tr\u1ecb mutex \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i ch\u1ec9 ch\u1ea1y m\u1ed9t phi\u00ean b\u1ea3n v\u00e0 cho ph\u00e9p n\u00f3 ti\u1ebfp t\u1ee5c n\u1ebfu c\u00f3 th\u1ec3 t\u1ea1o th\u00e0nh c\u00f4ng t\u1ec7p n\u00e0y.\u00a0Backdoor\u00a0DinodasRAT duy tr\u00ec s\u1ef1 b\u1ec1n b\u1ec9 v\u00e0 \u0111\u01b0\u1ee3c th\u1ef1c thi trong m\u00e3 ngu\u1ed3n m\u00f4 t\u1ea3\u00a0H\u00ecnh 1.<\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

H\u00ecnh 1. \u0110o\u1ea1n m\u00e3 c\u1ee7a backdoor DinodasRAT<\/em><\/p>\n

Backdoor n\u00e0y thi\u1ebft l\u1eadp t\u00ednh b\u1ec1n v\u1eefng v\u1edbi 3 b\u01b0\u1edbc. \u0110\u1ea7u ti\u00ean,\u00a0ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i\u00a0th\u1ef1c thi m\u00e0 kh\u00f4ng c\u00f3 b\u1ea5t k\u1ef3 \u0111\u1ed1i s\u1ed1 n\u00e0o, khi\u1ebfn n\u00f3 ch\u1ea1y \u1edf ch\u1ebf \u0111\u1ed9 n\u1ec1n b\u1eb1ng c\u00e1ch g\u1ecdi h\u00e0m \u201cdaemon\u201d t\u1eeb Linux. Sau \u0111\u00f3, DinodasRAT thi\u1ebft l\u1eadp t\u00ednh b\u1ec1n v\u1eefng tr\u00ean h\u1ec7 th\u1ed1ng b\u1ecb nhi\u1ec5m b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng c\u00e1c t\u1eadp l\u1ec7nh kh\u1edfi \u0111\u1ed9ng SystemV ho\u1eb7c SystemD. Cu\u1ed1i c\u00f9ng, DinodasRAT th\u1ef1c thi l\u1ea1i ch\u00ednh n\u00f3 v\u1edbi ID ti\u1ebfn tr\u00ecnh g\u1ed1c (PPID) l\u00e0m \u0111\u1ed1i s\u1ed1: Ti\u1ebfn tr\u00ecnh m\u1edbi \u0111\u01b0\u1ee3c t\u1ea1o (child) ti\u1ebfp t\u1ee5c l\u00e2y nhi\u1ec5m backdoor trong khi ti\u1ebfn tr\u00ecnh parent ch\u1edd \u0111\u1ee3i. K\u1ef9 thu\u1eadt n\u00e0y gi\u00fap cho DinodasRAT \u1ea9n m\u00ecnh v\u00e0 kh\u00f3 b\u1ecb ph\u00e1t hi\u1ec7n h\u01a1n b\u1eb1ng c\u00e1c c\u00f4ng c\u1ee5 gi\u00e1m s\u00e1t v\u00e0 g\u1ee1 l\u1ed7i.<\/p>\n

T\u1ea1o v\u00e0 duy tr\u00ec ID n\u1ea1n nh\u00e2n<\/strong><\/p>\n

Tr\u01b0\u1edbc khi thi\u1ebft l\u1eadp li\u00ean l\u1ea1c v\u1edbi m\u00e1y ch\u1ee7 \u0111i\u1ec1u khi\u1ec3n v\u00e0 ra l\u1ec7nh (C2), backdoor s\u1ebd thu th\u1eadp th\u00f4ng tin v\u1ec1 m\u00e1y b\u1ecb nhi\u1ec5m v\u00e0 th\u1eddi gian l\u00e2y nhi\u1ec5m \u0111\u1ec3 t\u1ea1o ra m\u00e3 \u0111\u1ecbnh danh duy nh\u1ea5t. \u0110\u00e1ng ch\u00fa \u00fd, nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng thu th\u1eadp b\u1ea5t k\u1ef3 d\u1eef li\u1ec7u c\u1ee5 th\u1ec3 n\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 t\u1ea1o UID n\u00e0y. C\u00e1c gi\u00e1 tr\u1ecb UID th\u01b0\u1eddng bao g\u1ed3m:<\/p>\n

– Ng\u00e0y b\u1ecb l\u00e2y nhi\u1ec5m.<\/p>\n

– H\u00e0m b\u0103m MD5 c\u1ee7a \u0111\u1ea7u ra l\u1ec7nh dmidecode.<\/p>\n

– S\u1ed1 \u0111\u01b0\u1ee3c t\u1ea1o ng\u1eabu nhi\u00ean d\u01b0\u1edbi d\u1ea1ng ID.<\/p>\n

– Phi\u00ean b\u1ea3n backdoor.<\/p>\n

M\u00e3 \u0111\u1ecbnh danh duy nh\u1ea5t c\u00f3 \u0111\u1ecbnh d\u1ea1ng nh\u01b0 sau: Linux_{DATE} _{HASH} _{RAND_NUM} _{VERSION} .<\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

H\u00ecnh 2. T\u1ea1o m\u00e3 \u0111\u1ecbnh danh duy nh\u1ea5t tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n<\/em><\/p>\n

Ti\u1ebfp theo, ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i l\u01b0u tr\u1eef t\u1ea5t c\u1ea3 th\u00f4ng tin c\u1ee5c b\u1ed9 v\u1ec1 ID, \u0111\u1eb7c quy\u1ec1n c\u1ee7a n\u1ea1n nh\u00e2n v\u00e0 c\u00e1c chi ti\u1ebft li\u00ean quan kh\u00e1c trong m\u1ed9t t\u1ec7p \u1ea9n c\u00f3 t\u00ean l\u00e0 \u201c\/etc\/.netc.conf\u201d. T\u1ec7p n\u00e0y ch\u1ee9a si\u00eau d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c thu th\u1eadp hi\u1ec7n t\u1ea1i c\u1ee7a backdoor. N\u1ebfu t\u1ec7p kh\u00f4ng t\u1ed3n t\u1ea1i, DinodasRAT s\u1ebd t\u1ea1o n\u00f3.<\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

H\u00ecnh 3. C\u1ea5u h\u00ecnh DinodasRAT trong t\u1ec7p \u201c\/etc\/.netc.conf\u201d<\/em><\/p>\n

DinodasRAT c\u0169ng \u0111\u1ea3m b\u1ea3o r\u1eb1ng m\u1ecdi quy\u1ec1n truy c\u1eadp v\u00e0o t\u1ec7p n\u00e0y kh\u00f4ng c\u1eadp nh\u1eadt th\u1eddi gian \u201caccess\u201d, ch\u1ee9a d\u1ea5u th\u1eddi gian (timestamp) truy c\u1eadp c\u1ee7a m\u1ed9t t\u1ec7p nh\u1ea5t \u0111\u1ecbnh trong h\u1ec7 th\u1ed1ng t\u1ec7p. N\u00f3 th\u1ef1c hi\u1ec7n \u0111i\u1ec1u n\u00e0y b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng l\u1ec7nh \u201ctouch\u201d v\u1edbi tham s\u1ed1 \u201c-d\u201d \u0111\u1ec3 s\u1eeda \u0111\u1ed5i si\u00eau d\u1eef li\u1ec7u n\u00e0y.<\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

H\u00ecnh 4. S\u1eeda \u0111\u1ed5i th\u1eddi gian truy c\u1eadp<\/em><\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

H\u00ecnh 5. Th\u1eddi gian truy c\u1eadp \u0111\u00e3 \u0111\u01b0\u1ee3c s\u1eeda \u0111\u1ed5i trong t\u1ec7p th\u1ef1c thi c\u1ee7a backdoor<\/em><\/p>\n

Phi\u00ean b\u1ea3n DinodasRAT Linux t\u1eadn d\u1ee5ng hai phi\u00ean b\u1ea3n c\u1ee7a tr\u00ecnh qu\u1ea3n l\u00fd d\u1ecbch v\u1ee5 Linux \u0111\u1ec3 thi\u1ebft l\u1eadp t\u00ednh b\u1ec1n v\u1eefng tr\u00ean h\u1ec7 th\u1ed1ng b\u1ecb \u1ea3nh h\u01b0\u1edfng, \u0111\u00f3 l\u00e0 Systemd v\u00e0 SystemV. Khi ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c kh\u1edfi ch\u1ea1y, m\u1ed9t h\u00e0m s\u1ebd \u0111\u01b0\u1ee3c g\u1ecdi \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh b\u1ea3n ph\u00e2n ph\u1ed1i Linux tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n. Hi\u1ec7n t\u1ea1i c\u00f3 hai b\u1ea3n ph\u00e2n ph\u1ed1i m\u00e0 c\u00e1c tin t\u1eb7c nh\u1eafm t\u1edbi d\u1ef1a tr\u00ean th\u00f4ng s\u1ed1 \u201c\/proc\/version\u201d l\u00e0 RedHat v\u00e0 Ubuntu 16\/18.<\/p>\n

Tuy nhi\u00ean, ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i c\u00f3 th\u1ec3 l\u00e2y nhi\u1ec5m b\u1ea5t k\u1ef3 b\u1ea3n ph\u00e2n ph\u1ed1i n\u00e0o h\u1ed7 tr\u1ee3 m\u1ed9t trong c\u00e1c phi\u00ean b\u1ea3n qu\u1ea3n l\u00fd d\u1ecbch v\u1ee5 h\u1ec7 th\u1ed1ng tr\u00ean. Sau khi h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c nh\u1eadn d\u1ea1ng, n\u00f3 s\u1ebd c\u00e0i \u0111\u1eb7t m\u1ed9t t\u1eadp l\u1ec7nh init ph\u00f9 h\u1ee3p \u0111\u1ec3 cung c\u1ea5p t\u00ednh b\u1ec1n v\u1eefng cho DinodasRAT. T\u1eadp l\u1ec7nh n\u00e0y \u0111\u01b0\u1ee3c th\u1ef1c thi sau khi qu\u00e1 tr\u00ecnh thi\u1ebft l\u1eadp m\u1ea1ng ho\u00e0n t\u1ea5t v\u00e0 kh\u1edfi ch\u1ea1y backdoor.<\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

H\u00ecnh 6. \u0110\u0103ng k\u00fd d\u1ecbch v\u1ee5 SystemD<\/em><\/p>\n

\u0110\u1ed1i v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng RedHat v\u00e0 Ubuntu, c\u00e1c t\u1eadp l\u1ec7nh kh\u1edfi t\u1ea1o d\u1ecbch v\u1ee5 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 ki\u1ec3m tra t\u00ednh b\u1ec1n v\u1eefng xem c\u00f3 s\u1ef1 hi\u1ec7n di\u1ec7n c\u1ee7a t\u1ec7p nh\u1ecb ph\u00e2n chkconfig hay kh\u00f4ng. \u0110\u00e2y l\u00e0 m\u1ed9t c\u00e1ch \u0111\u1ec3 ch\u1ec9 ra r\u1eb1ng vi\u1ec7c kh\u1edfi t\u1ea1o \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n v\u1edbi SysV thay v\u00ec Systemd. N\u1ebfu kh\u00f4ng t\u1ed3n t\u1ea1i, ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd m\u1edf ho\u1eb7c t\u1ea1o t\u1ec7p t\u1eadp l\u1ec7nh \u201c\/etc\/rc.d\/rc.local\u201d v\u00e0 t\u1ef1 th\u00eam n\u00f3 v\u00e0o chu\u1ed7i th\u1ef1c thi backdoor trong qu\u00e1 tr\u00ecnh kh\u1edfi t\u1ea1o h\u1ec7 th\u1ed1ng. N\u1ebfu chkconfig t\u1ed3n t\u1ea1i, SysV s\u1ebd \u0111\u01b0\u1ee3c ng\u1ea7m \u0111\u1ecbnh v\u00e0 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1ebd t\u1ea1o ra c\u00e1c t\u1eadp l\u1ec7nh trong t\u1ec7p \u201c\/etc\/init.d\u201d.<\/p>\n

K\u1ebft n\u1ed1i m\u00e1y ch\u1ee7 C2<\/strong><\/p>\n

Phi\u00ean b\u1ea3n DinodasRAT tr\u00ean Linux giao ti\u1ebfp v\u1edbi m\u00e1y ch\u1ee7 C2 gi\u1ed1ng nh\u01b0 phi\u00ean b\u1ea3n l\u00e2y nhi\u1ec5m tr\u00ean\u00a0Windows. N\u00f3 giao ti\u1ebfp qua giao th\u1ee9c TCP ho\u1eb7c UDP. Trong \u0111\u00f3, t\u00ean mi\u1ec1n C2 \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a c\u1ee9ng nh\u01b0 H\u00ecnh 7.<\/p>\n

\"Ph\u00e2n<\/a><\/div>\n

H\u00ecnh 7. M\u00e1y ch\u1ee7 v\u00e0 c\u1ed5ng C2 \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a c\u1ee9ng<\/em><\/p>\n

DinodasRAT c\u00f3 m\u1ed9t kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh \u0111\u1ec3 g\u1eedi th\u00f4ng tin tr\u1edf l\u1ea1i m\u00e1y ch\u1ee7 C2, m\u1eb7c d\u00f9 \u0111\u00e2y kh\u00f4ng ph\u1ea3i l\u00e0 kho\u1ea3ng th\u1eddi gian c\u1ed1 \u0111\u1ecbnh cho t\u1ea5t c\u1ea3 ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c t\u1ea5t c\u1ea3 c\u00e1c k\u1ebft n\u1ed1i.<\/p>\n

N\u1ebfu l\u00e0 t\u00e0i kho\u1ea3n root (EUID = 0), DinodasRAT s\u1ebd kh\u00f4ng ch\u1edd \u0111\u1ec3 g\u1eedi th\u00f4ng tin tr\u1edf l\u1ea1i C2. Trong tr\u01b0\u1eddng h\u1ee3p kh\u00f4ng ph\u1ea3i l\u00e0 t\u00e0i kho\u1ea3n si\u00eau ng\u01b0\u1eddi d\u00f9ng (superuser) c\u00f3 c\u1ea5u h\u00ecnh \u0111\u01b0\u1ee3c \u0111\u1eb7t th\u00e0nh checkroot, n\u00f3 s\u1ebd \u0111\u1ee3i hai ph\u00fat cho th\u1eddi gian ch\u1edd \u201cshort\u201d (m\u1eb7c \u0111\u1ecbnh) v\u00e0 10 gi\u1edd cho th\u1eddi gian ch\u1edd \u201clong\u201d. Th\u1eddi gian ch\u1edd \u0111\u1ee3i \u201clong\u201d \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t khi c\u00f3 k\u1ebft n\u1ed1i t\u1eeb xa \u0111\u1ebfn m\u00e1y ch\u1ee7 b\u1ecb nhi\u1ec5m \u0111\u1ebfn t\u1eeb m\u1ed9t trong c\u00e1c \u0111\u1ecba ch\u1ec9 IP \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh C2.<\/p>\n

M\u00e3 h\u00f3a<\/strong><\/p>\n

\u0110\u1ec3 m\u00e3 h\u00f3a v\u00e0 gi\u1ea3i m\u00e3 th\u00f4ng tin li\u00ean l\u1ea1c gi\u1eefa ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i v\u00e0 m\u00e1y ch\u1ee7 C2, c\u0169ng nh\u01b0 m\u00e3 h\u00f3a d\u1eef li\u1ec7u, DinodasRAT s\u1eed d\u1ee5ng c\u00e1c ch\u1ee9c n\u0103ng th\u01b0 vi\u1ec7n libqq qq_crypt c\u1ee7a Pidgin. Th\u01b0 vi\u1ec7n n\u00e0y s\u1eed d\u1ee5ng\u00a0thu\u1eadt to\u00e1n\u00a0TEA \u1edf ch\u1ebf \u0111\u1ed9 CBC \u0111\u1ec3 m\u00e3 h\u00f3a v\u00e0 gi\u1ea3i m\u00e3 d\u1eef li\u1ec7u, gi\u00fap vi\u1ec7c chuy\u1ec3n \u0111\u1ed5i gi\u1eefa c\u00e1c n\u1ec1n t\u1ea3ng kh\u00e1 d\u1ec5 d\u00e0ng.<\/p>\n

C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng<\/strong><\/p>\n

C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u \u0111\u00e3 x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c m\u1ed9t \u0111\u1ecba ch\u1ec9 IP ph\u00e2n gi\u1ea3i cho c\u1ea3 t\u00ean mi\u1ec1n C2 c\u1ee7a c\u00e1c bi\u1ebfn th\u1ec3 Windows v\u00e0 Linux. Phi\u00ean b\u1ea3n Windows c\u1ee7a DinodasRAT s\u1eed d\u1ee5ng t\u00ean mi\u1ec1n update[.]microsoft-settings[.]com, ph\u00e2n gi\u1ea3i th\u00e0nh \u0111\u1ecba ch\u1ec9 IP 199[.]231[.]211[.]19. \u0110\u1ecba ch\u1ec9 IP n\u00e0y c\u0169ng ph\u00e2n gi\u1ea3i th\u00e0nh t\u00ean mi\u1ec1n update[.]centos-yum[.]com.<\/p>\n

Theo th\u1ed1ng k\u00ea c\u1ee7a Kaspersky, c\u00e1c n\u1ea1n nh\u00e2n b\u1ecb \u1ea3nh h\u01b0\u1edfng nhi\u1ec1u nh\u1ea5t t\u1edbi t\u1eeb\u00a0Trung Qu\u1ed1c, \u0110\u00e0i Loan, Th\u1ed5 Nh\u0129 K\u1ef3 v\u00e0 Uzbekistan.<\/p>\n

B\u00e1o c\u00e1o li\u00ean quan<\/strong><\/p>\n

H\u00e3ng b\u1ea3o m\u1eadt Check Point trong m\u1ed9t ph\u00e2n t\u00edch v\u1ec1 DinodasRAT \u0111\u00e3 m\u00f4 t\u1ea3 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i n\u00e0y ban \u0111\u1ea7u d\u1ef1a tr\u00ean m\u1ed9t d\u1ef1 \u00e1n ngu\u1ed3n m\u1edf c\u00f3 t\u00ean SimpleRemoter, m\u1ed9t c\u00f4ng c\u1ee5 truy c\u1eadp t\u1eeb xa c\u00f3 n\u1ec1n t\u1ea3ng l\u00e0 Gh0st RAT. C\u00f4ng ty an ninh m\u1ea1ng c\u1ee7a Israel \u0111ang theo d\u00f5i bi\u1ebfn th\u1ec3 Linux d\u01b0\u1edbi t\u00ean Linodas.<\/p>\n

Check Point cho r\u1eb1ng phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t c\u1ee7a DinodasRAT c\u00f2n c\u00f3 kh\u1ea3 n\u0103ng t\u1ea1o nhi\u1ec1u lu\u1ed3ng \u0111\u1ec3 th\u1ef1c hi\u1ec7n gi\u00e1m s\u00e1t h\u1ec7 th\u1ed1ng, t\u1ea3i xu\u1ed1ng m\u1ed9t m\u00f4-\u0111un b\u1ed5 sung c\u00f3 th\u1ec3 can thi\u1ec7p v\u00e0o ho\u1ea1t \u0111\u1ed9ng c\u1ee7a m\u1ed9t s\u1ed1 t\u1ec7p nh\u1ecb ph\u00e2n nh\u1ea5t \u0111\u1ecbnh trong h\u1ec7 th\u1ed1ng v\u00e0 lo\u1ea1i b\u1ecf c\u00e1c phi\u00ean reverse shell kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng trong g\u1ea7n m\u1ed9t gi\u1edd.<\/p>\n

M\u1ee5c \u0111\u00edch ch\u00ednh c\u1ee7a m\u00f4-\u0111un ph\u1ee5 tr\u1ee3\u00a0\u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 m\u00f4-\u0111un b\u1ed9 l\u1ecdc ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t proxy th\u1ef1c thi v\u00e0 ki\u1ec3m so\u00e1t \u0111\u1ea7u ra c\u1ee7a n\u00f3, cho ph\u00e9p c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda thu th\u1eadp th\u00f4ng tin t\u1eeb m\u00e1y ch\u1ee7 m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3 v\u00e0 tr\u1ed1n tr\u00e1nh s\u1ef1 ph\u00e1t hi\u1ec7n hi\u1ec7u qu\u1ea3 h\u01a1n.<\/p>\n

Check Point cho bi\u1ebft: \u201cS\u1ef1 ph\u1ee9c t\u1ea1p v\u00e0 c\u00e1c kh\u1ea3 n\u0103ng c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i DinodasRAT nh\u1ea5n m\u1ea1nh c\u00e1c m\u1ed1i \u0111e d\u1ecda tinh vi c\u1ee7a c\u00e1c tin t\u1eb7c trong vi\u1ec7c nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o c\u00e1c m\u00e1y ch\u1ee7 Linux\u201d.<\/p>\n

Ngu\u1ed3n tin: https:\/\/antoanthongtin.v<\/em>n\/<\/p>\n","protected":false},"excerpt":{"rendered":"

DinodasRAT hay c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 XDealer l\u00e0 m\u1ed9t backdoor \u0111a n\u1ec1n t\u1ea3ng \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n b\u1eb1ng ng\u00f4n ng\u1eef C++ cung c\u1ea5p nhi\u1ec1u t\u00ednh n\u0103ng \u0111\u1ed9c h\u1ea1i. DinodasRAT cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng theo d\u00f5i v\u00e0 thu th\u1eadp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m t\u1eeb m\u00e1y t\u00ednh c\u1ee7a m\u1ee5c ti\u00eau. M\u1ed9t phi\u00ean b\u1ea3n cho h\u1ec7 \u0111i\u1ec1u h\u00e0nh […]<\/p>\n","protected":false},"author":6,"featured_media":3771,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[13],"tags":[],"class_list":{"0":"post-3769","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tin-tuc"},"_links":{"self":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/3769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/comments?post=3769"}],"version-history":[{"count":2,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/3769\/revisions"}],"predecessor-version":[{"id":3773,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/posts\/3769\/revisions\/3773"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/media\/3771"}],"wp:attachment":[{"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/media?parent=3769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/categories?post=3769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chuyendoiso.haiphong.gov.vn\/index.php\/wp-json\/wp\/v2\/tags?post=3769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}