又一僵尸网络源代码开源,KekSec组织武器库再添新武器

一、背景

EnemyBot僵尸网络程序于今年三月份首次被安全厂商披露。绿盟科技伏影实验室也于早期捕获到相关样本,并一直处于跟踪监测阶段。

2022年5月4日,F5 针对BIG-IP 产品的 iControlREST 组件中的远程代码执行漏洞发布了安全公告,漏洞的CVE编号为CVE-2022-1388。该漏洞可以绕过身份认证,远程执行任意代码,漏洞评分CVSS达到9.8。自公告发布以来,攻击者寻找未修复的系统,开始进行大规模地漏洞在野利用。绿盟科技伏影实验室全球威胁狩猎系统监测到该漏洞在野传播过程,同时也发现了EnemyBot僵尸网络利用该漏洞进行传播:

图1.1 漏洞利用

此外,我们发现该僵尸网络程序源代码最早于去年三月中旬就已经公开在开源代码托管平台上。但在初始化提交之后,便一直没有进行代码更新,关注度也比较少。一直到今年4月25日以及之后才进行了三次更新,且最后一次更新将Bot程序代码回退到了早期的版本,似乎有隐匿的意图。

二、关联信息

2.1  样本信息

EnemyBot同样由Gafgyt修改而来,属于Keksec僵尸网络的新成员。恶意程序大量复用同属Keksec僵尸网络家族程序的代码,包括LOLFME、Gafgyt、Gafgyt_Tor、Necro等,最新版本代码和结构与去年披露的Gafgyt_Tor高度相似。

经过大量样本的对比,我们发现EnemyBot僵尸网络程序之间也存在些许差别,自3月份出现开始,EnemyBot僵尸网络出现了多个版本。多个版本之间,最大的变化是后期采用Tor网络托管C&C服务器。除此之外,功能有增有减,但总体结构没有太大变化。可能是因为EnemyBot僵尸网络程序仍处于快速开发的过程。

我们对样本中发现的区别汇总如下表,在后面对其中变化的功能进行说明:

版本 简要说明
1 不采用Tor网络

有checkUserNames检查函数

操作watchdog阻止重启

2 采用Tor网络托管C&C服务器

部分程序方法watudoinglookingatdis更名为systemvariable

不对watchdog进行操作

3 采用Tor网络托管C&C服务器

包含与方法watudoinglookingatdis相同的方法systemvariable

特殊字符串“ENEMEYBOT V3.1-ALCAPONE”

支持感染ELF可执行程序

操作watchdog阻止重启

2.2 开源代码

通过关联信息,进一步证实了我们的发现。该僵尸网络源代码最早于去年三月中旬就已经公开在开源代码托管平台上。但在初始化提交之后,便一直没有进行代码更新,关注度也比较少。一直到今年4月25日以及之后才进行了三次更新,且最后一次更新删除了Tor匿名网络相关的通信代码,似乎将Bot程序代码回退到了早期版本的阶段。

图2.1 提交记录

最近的更新将enemy.c从v3.1退回到了v2.1

图2.2 4月25日更新和最新代码对比

该开源代码仓库包含了僵尸网络的控制端和僵尸程序代码,任何人拿到源代码都可以试图搭建僵尸网络,甚至不需要对源代码进行更改。

图2.3 提交记录

从代码仓库中的tor.json和tor.txt文件,可以确认Keksec僵尸网络组织使用的Tor节点来自于shodan搜索结果:

图2.4 Tor代理节点

三、技术分析

3.1 样本分析

从样本分析的过程中,我们发现样本虽然总体上也是分为三大类,但是样本之间细微区别是多于三个版本的。所以在Keksec组织内部应该也是存在代码分支管理,并处于更新迭代过程中。

3.1.1 启动特征

EnemyBot启动后会输出一段报错信息,然后向/tmp/.pwned写入一段声明字符串,属于Keksec僵尸网络一贯高调的风格:

图3.1 KEKSEC

所有发现的EnemyBot恶意程序都会显示该错误提示,但只有近期的样本才有后面的echo命令。

3.1.2 特殊文件检查

EnemyBot僵尸网络程序还会通过函数checkUserNames对目标系统中的/usr/bin目录下的文件名进行检测,如果发现存在虚拟环境相关的文件名称,就会直接退出,逃避检测和分析。但在发现的变种中,有的变种虽然同样有该方法的实现代码,但是没有被使用到:

图3.2 检测字符

3.1.3 加密方法

EnemyBot与早期发现的LOLFME、Gafgyt_Tor使用了相同的解密函数watudoinglookingatdis,后期EnemyBot将函数名称从watudoinglookingatdis变更成systemvariable,该解密方法的解密过程比较简单。与LOLFME不同的是,EnemyBot只将该解密函数用于普通字符串的解密中:

图3.3 解密方法

除了名为systemvariable解密方法,EnemyBot还使用了多种加密函数实现,包括复用了Mirai代码部分的异或加密方法deobf、异或加密xorencrypt及同样思路的解密函数okic和eika。deobf是对爆破过程中使用到的用户和密码进行解密;xorencrypt只用到一次,解密获取匿名网络地址链接。

图3.4 异或解密

Okic和eika使用了不同替换字典,进行替换解密。函数okic负责对内部指令字符串进行解密,并于C&C下发的指令进行对比确认,执行对应的功能。函数eika则主要负责对内部的一些函数执行过程中使用到的特殊字符串进行解密,例如需要关闭的特殊进程名。这些字符串在二进制中是加密存放的,避免被静态检测手段发现。

图3.5 解密方法

3.1.4 感染ELF文件

EnemyBot最近的变种还会对ELF可执行程序进行感染,该感染过程是将僵尸网络程序和原二进制ELF文件合并为同一文件,并以僵尸网络程序作为执行入口。当需要执行目标程序时释放并创建新进程执行该程序。恶意程序会对已感染程序进行标记,标记的方法就是在文件末尾附加用户名:

图3.6 感染二进制程序

3.2 通信方式

早期发现的EnemyBot僵尸网络程序直接从内置的加密字符串中解密获取C&C服务器地址进行连接:

图3.7 连接C&C

近期EnemyBot僵尸网络变种采用Tor网络代理进行C&C通信,与之前披露的同样归属于Keksec组织Gafgyt_Tor、Necro一样。Enemybot内置了多个代理地址,并以索引、IP、端口的方式存放,在连接之前随机选取地址然后进行连接:

图3.8 Tor连接

连接到Tor网络之后发送请求地址xfrvkmokgfb2pajafphw3upl6gq2uurde7de7iexw4aajvslnsmev5id.onion等待后续指令:

图3.9 连接与接收指令

如果连接成功,EnemyBot还会向服务端发送当前程序的架构信息。

3.3 指令功能

EnemyBot指令传输是明文传输的,格式和解析方式与Gafgyt相同。恶意程序中解析部分的指令是经过加密存放的:

图3.10 功能指令

部分指令和功能说明:

表3.1 部分指令和功能

指令 功能
PING 心跳
SH 命令执行
LDSERVER 下载服务器
TCPON/TCPOFF 开启监听回传80、21、25、666、1337、8080端口的流量数据或关闭
RSHELL 反向shell
UDP Udp flood
TCP Tcp flood
HTTP HTTP flood
TLS TLS flood
STD STD flood
DNS DNS flood
SCANNER ON/OFF 扫描传播开关
OVH OVH flood 对OVH保护的服务的攻击
BLACKNURSE ICMP flood
STOP 关闭DDoS攻击
ASSDP 执行ssdp flood

 

3.4 漏洞利用和传播

EnemyBot使用漏洞在目标设备中下载和执行僵尸网络程序或者下载脚本,以此实现传播的目的:

图3.11 漏洞利用传播

EnemyBot使用了多个漏洞,其中包括多个本地文件包含(LFI)漏洞和近期披露的新漏洞。新漏洞的集成表明该僵尸网络程序在对功能的不断更新过程中,也不断提升漏洞利用和感染传播的能力。部分漏洞汇总如下:

表3.2 EnemyBot利用的部分漏洞

漏洞
Archeevo_5_0_Local_File_Inclusion
WordPress_Plugin_cab_fare_calculator_1_0_3_Local_File_Inclusion
Dbltek_GoIP_Local_File_Inclusion
WordPress_Plugin_video_synchro_pdf_1_7_4_Local_File_Inclusion
Zyxel_P660HN_Remote_Command_Execution
Razer_Sila_Command_Injection
ThinkPHP_5_X_Remote_Command_Execution
Netgear_DGN1000_1_1_00_48_Setup_cgi_Remote_Code_Execution
TOTOLink_A3000RU_V5_9c_2280_B20180512_command_injection
Scriptcase_9_7_Remote_Code_Execution
ZyXEL_P660HN_T_v1_ViewLog_asp_privilege_escalation
CVE_2022_1388
CVE_2022_22947
CVE_2022_22954
CVE_2021_4039
CVE_2021_35064
CVE_2020_7961
CVE_2020_5902
CVE_2018_16763
CVE_2015_2051
CVE_2014_9118
CVE_2016_6277

此外,绿盟科技伏影实验室也监测到该僵尸网络引入挖矿程序,同时传播,以实现最大化利益:

图3.12 挖矿

四、总结

从这些发现和分析来看,EnemyBot处于不断开发迭代过程中,持续更新并不断搭载新的漏洞利用载荷进行传播,并且仍会在一段时间内处于活跃状态。EnemyBot的出现,进一步说明Keksec僵尸网络组织仍处于高度活跃的状态中,仍有可能出现新的变种或者新家族。绿盟科技伏影实验室将持续关注Keksec僵尸网络组织的活动,并发布相关信息。

此外,相关代码的开源也值得警惕,该代码同样有可能被其他黑客组织利用并传播。

五、IoC

下载服务器IP:

45.148.10.246

198.12.116.254

84.21.170.68

80.94.92.38

下载脚本SHA256:

cdf2c0c68b5f8f20af448142fd89f5980c9570033fe2e9793a15fdfdadac1281

3aa5d84e62763f4e26facd4bea26ec2ff47a926b041d459152994c339d7a8d3c

cc36cc84d575e953359d82e8716c37ba2cbf20c6d63727ca9e83b53493509723

4d9cd7cdf36453543e608c5170b5f40d7b272b2e319fb74c99b6ee3b51c5346e

6e379ba1a63662dd9cdc83f007fcfa59a5d68e8cd566b30e3eef5057341a2454

51f5770602a3412262e51821a0b94b5b703730cf4110515e993de1a8da24178b

e486b11ba35979245af0790f7c8026c7edd3306cbdbe88ab053cb60379724fd9

Enemybot SHA256:

98d79e9a1318caed194dd17e8bf91c7bfc4eccd63d6386c11ace334789df7461

08cb3585a6ce74b16ec74916a93fb060f1e3a59e307215f962dcef9183bc612e

9e904aeb6eb88d642554c30d019d0ba177351f4299484185d47b9fb87c939d5d

34256e305d670e5e8d09517489327cd4e73a9340cacdc131a923d84d2a033ca8

fb8c0170ce1579c2a0ff11c99c0eba299c5800b162e35689018df293015181be

a88a5d82ef181ee0bd1935c9cb2eba34c504481420806aeb1716831f3d882ee7

796d10f9840f4ecff3adfbb3893de7e2ac16faeec245f7b41eb0eac3fac18340

617ae3dae51f7b73dd22b60432d037422f1f7e8d1a0e8da3da630911fe335417

b90b2d78e39dc3379c082241c620784ff77a54b68c4f51f75ce688bac9c828e0

6b64157e4a5ddda28dfdc79d1dcfd1af39ddfb977b2fc5f5f22e1168791095fd

ce5b20267d4403c5b61ae7b7ddc07ebccf87fad99e5a04963ddbed170ba29a86

d694d9b8b61a7e6826bc40d7acb17a3d0c35fbc7d4654bc07f16c6c9ce830ba5

062dfb05d24910cb6d1913ea1cdd00add5f4c4a1499dd0376e156212ccda713d

085f07271b02751c87fa69903bb0bf9b5eb718c0dbb603cfe56489f70e95cd77

27fc9ac45af84347bf98a04963d8748da15567694911f14119f4a36508f26e06

fa9730340d35573afc2af9f7f57116544bf68038452b8569ec8706bbbdc41be6

1c943202278a6e12f01f3210ac2ea7710f331c6652e73a770279ec55b996b392

28920b402c404a220be5a09dd1f053caa9488818fc9455e4772f5e097ddc5b44

bfcbac62bf0caae315ed564d253f031227a42396fca7726265cb6ed988f8b514

4869c3d443bae76b20758f297eb3110e316396e17d95511483b99df5e7689fa0

853e9b6e3d8e4f294654a283a7fb9baadb46d915ad403cda7adffd880fc08e03

41839f5440bb9913e0bd21d9e7d29b68cd3b9d9ecb4d99c8ee2f5f4fb1ad0414

a19404ec6847d4db53a33292960bf09b011e8690bfb2dc1983114d2e991be048

f9c428f561a9e400d03a070c60531685228bbe162e084a087d75d2498f907433

be1a901e9ff743eedc7026c3d4f131684e571fc91fe3e1739b6a2e44739aa939

da77dcb9717a416195187243824f80a7eee2107f58e18597aecb078e0788cf85

63accebcea496d40f6de9c2093aa1fc9569cadbabcaab7e7aeae6dfdccee445e

478f21e301f29a55b0f594c9d506b3ce9c296b423f644ee87cc115bbc7e044d8

be9bbe69158db33798409f91f5837e88d4b41d21f40875068f39c4398be314e4

6b422e67f33cc2fcba8e5c1fe0ef16216b4561721251f522f130386cc542be5a

84121b081505d740220c3808f8c9ef355ed6530619bf8e0bf615ab5dc1289241

df8dd788fee4314982c6aac503b4604c21c1c6f4071b8a5b9085b187b773961a

a6b551beabc7d52f63cc6ab285c3c22d8b8dba9b8d43d3c6e6444830e5ad6bea

9af7f7dfe6a4a09f06322e5ad588c5466db0f96e63e18d6aeae438609055cef1

fde0fe67ab85bc7dc2504fdecdf7c8e0bec002fa9aec48786e60d4423251156b

3fb969785eef9a832d70069588a18d64cf83cf7103675154add4ceb47c9a3bd7

1f286b1fcea0ab8a60b8cdf5c1377c77bed40daa9d0093b3fa72d5b58f4b29e6

144899b93b5b8897355499c1db791fc160d83f7054a55e05ae1e244e95f8b1cc

75de268af8cf7b4b6c88e90a57d3981c2c211c6b47fd1cff4739f0063ccaf836

982719d728f67cd3a8db879c782b0110ec7213a0116f7d462df04aef84886de1

7207d6ebd3c8a76b59a5f9afec779b938918a428b46f329998968c8e099a4f64

f36421b46c1a9c2b1041dbed476f8ab1a5b634823146364c81e7bb37948af9bf

97364076eac1b2a40598b85bb97a8126d97c86f5012e7fa7b410f7198f35c27d

75aa6891e2b16dd124d19e10c2f844e095add311b1958c64399c0ac033f3cb36

7785efeeb495ab10414e1f7e4850d248eddce6be91738d515e8b90d344ed820d

7c0fe3841af72d55b55bc248167665da5a9036c972acb9a9ac0a7a21db016cc6

7a2a5da50e87bb413375ecf12b0be71aea4e21120c0c2447d678ef73c88b3ba0

ad69e8aa9a87631e34d542cce57bab8cdb2f2d2c40e2ace25f884272e6a49fb3

0d40b67892e5172254da745f36e56990c797d78dfbb82e425103b756bb559927

1911106e72f1b0460be48209ad81791c252079a9142324b0570173cfeef1e588

1b83acd36e37537627900f02578e9684cf870dd7c99db38a3fab57bdc277223e

cf83c10432603e292a49157d305c028b203e4573362504bba29568e36a3da923

ab203b50226f252c6b3ce2dd57b16c3a22033cd62a42076d09c9b104f67a3bc9

2abf6060c8a61d7379adfb8218b56003765c1a1e701b346556ca5d53068892a5

4bd6e530db1c7ed7610398efa249f9c236d7863b40606d779519ac4ccb89767f

31a9c513a5292912720a4bcc6bd4918fc7afcd4a0b60ef9822f5c7bd861c19b8

139e1b14d3062881849eb2dcfe10b96ee3acdbd1387de82e73da7d3d921ed806

70674c30ed3cf8fc1f8a2b9ecc2e15022f55ab9634d70ea3ba5e2e96cc1e00a0

f4f9252eac23bbadcbd3cf1d1cada375cb839020ccb0a4e1c49c86a07ce40e1e

8e711f38a80a396bd4dacef1dc9ff6c8e32b9b6d37075cea2bbef6973deb9e68

cf6d2f35950c86655a1a5dd4f04b1ae05f3c06f4681f2e965ff3888ee2623197

1a7c4eae28cd8778b460b7aa9b9e7d4ab521c167b39631eadf72649c1c44dfb3

3b828935080c5146890b2094d12360d2bb7055fa8a8722dd0f48bb320088d87d

52a9d50b2ae9ba006c8763f8e3bc288b0fb247488e30d4e4e7c4ac2281398f01

db9e4c8a43177721daa171dcd3188c2a20be0ddb0dc677315bee512ac87f033f

ff7d6ddffa2aa55a0773cf48081f80ebed7efce58fac00fd40da027414e1f659

420610eb185f10abc01b18f66ab01f161a84e5cc199c234044a4083981970836

2388fe2153f8340e183b29639238e9f1f66139cda28b217f6cc5e3792dc3ac80

4b2ed665538c1bf781e373f9a9c7d28492476aef75ea4ea74a1b9aadad2e628c

b41190f332845761c7b1e72cfb2295ba9bdbaf02b8f8bfc8dbfeb4977f8427fe

595aafb45ca6de039d8d0ae6a52de44658f8e3621231b390c87e3953e2c849e7

d5b8c48210f88bc22fea8941be67ad3d8fd2962ab1db328e922388547fc586b7

c103afef4105cd2f68a6d40404144f79fa2a03c2de927c2aa43476bd707e54a2

0326c99278079353bc4b3de8eadf378a2103ef84f1bd59638e5807f0c0f8972b

f97e2b9e56de22805424e67057d6964596348a39a6f0a58ec0df88c01f702b7a

a415e67af28a1ec53dd6216b77fdc39670d1c7e56477cf0fea136bfeadca8043

3732354fc5ef95c4047794b1b9832bd274b67e6ca3dcac9001cb7ade5eefdfe7

2a781bc9e9b6dd15c375354500ad06e1c12d0572c6ec2cb5916827e4f5a68cba

42c3ca620465f589d00cc811a0559f22311303cb30429a232eb7768f0e123d28

0d4076001f1496e8dbe22e86bad3b11d1f99acd550a19c13d492db8dfdaa6e5f

6a7242683122a3d4507bb0f0b6e7abf8acef4b5ab8ecf11c4b0ebdbded83e7aa

3d43536b528b48c3d5b8f8ee2902e531a51210b2c6553485b31a8b3fd9855bb9

309744ad5f068b5d586662af7aaacd320dcabd3736434dbe7a501e789441f369

164096c0eaba1c5811a0171ceccf84c22468188924abcb515f3e397ade9983f9

1de31339d3bfaef0547691065d3885bd13ecbe883dc54b7a1eab2627680faa75

03208cb4d37ff04d6b8ef7734f001d281de4afe288ddf7030b621f82f19c4540

79a3adf7f34290ecee721b2829e303c1543250726f504539312952d57d6fb41b

1826dd57f91288458762bd1b49a561c4fa78c540a9cb41c697a36a703b478201

32a872cb97f7bf3ed88bb8ff29df889ed6b56796889fa2a876c9316e345b7016

29d1875f97c00e30095cc9d7de23c87db5eff3909063644863b1a94f1d9c89ce

8cb9de49cbc8cae33de4502440b01c7ef94e151d97e8ab9b399027b266f3385c

2fa38d15a3a21001ec1ac438ab466aa03be7acb6214b7fb043b2673826777560

11fa56253b46f2c336fc86c8f97b27df09de186c09a1b62e4e1f6580c5e87d5b

9558150adbd17b52b315fd9c6fbe1151cdb14d5f442ded0f6ee098d9cc9a9f5c

ad210786bb68b82b2f32db8f1789e44269b28f660bc392b6ab285057c2e31705

8f81b0e124271ce87f3ebda90863cb6f300864ace8dd2c8b13fb790ef043445e

7548bfa150e54b3b17b48bcb9f5d04b3af1cca4bb57501fe6c7f035561c0acb0

843db0ca9189f70faf61dd1fdc7004fadd0cd20a16ea786d6c18ec7ae5a50953

45d0da67f2aa5f18561914aa1ddc52b35fe7c75d31fede7a59ca12782d08e5b5

05317112a3c51839f5a16e34adcdb3fb21b1eef34e18869cf863a469d39e528b

0fbdbd872609d1b1c2af5afc211d2f72f1339bf413665284fc3f899fc1cb36f1

19ed69add363e35ab34738eee65ab79b67446c8211713f93980f1c5f912f8344

8e21e4a9d7f28d446764bf165312b52b8a4b016c65d4e733e202626b528b8afc

ea2255e0939e1eb8f46c6c905232c8789c5c33b74e92da3eb823b6828b626ab9

5ca8b452a95692b3d0268aa543d733494f8c680e26a069b74fcfda440754f098

321eb9ff2b017066232fd82b90c58d0edfd742d1af00e1727ee694571d489e6f

86b1da65cf601c6af6c326ea6b54d3f57aa608a9f65ae1bb335d793857cbc024

5c9ba31718a85e67a1ca841d1dc1156ac11211943b6a3a7154311e98ed51d1ed

622225881c879e2107c8efe54cf0fa704ec862af3c0d71553f09721ac06a07ac

9d52e5f1fb65e9e235fdf0e92ef11786dd7705b783ef67617905667533172671

756ed4f5075abefdc1e960b696b7575996d69bccf75158ae803341b27cc480a7

61f2348d9b2bf8f0ac2c3168f53b9be3e10dae574d1ae60fb7d61842e0699edf

af0516cee38edd29e82b1fb819bc7a6705a63c457b6ddade044340be0bbd166a

e345a8fd307f22801d1e786c4e0050298370cea8cad3f911f8326c2ecf0f5bd5

b01ac0424ca86ce2f02edf4c026f28483c86fe7e54a9b716a8f59da8cbe305df

1f4a144163e5ea0206790da93b4f02c59f93410ebc702b5f122dbade7be1392c

3e9a947cc4d1c95fcacf319492d902d09e0c3a092d46b06ffbac9389ea9909bc

f0495df320d184a7b7b8478673faa18d2d9ad8b3dddd14b37739dcb5c9596434

1b1c0f5b20630cb7dd041edfb2c3be286e0c2cf4ed1d1de958ceeb15970b2b3d

ee6dccc67c2ecc6106868d793508c9b194461fe96f7bfde1eaa7376c95fd7756

4b6b2755c942779717672727a58244727b6d000fc403d421074e264982e580df

29228af2e286c07dbe921ad024f3a2d44df74f77d2c0b79c65b876d5e299b34a

8926abd177fcc4e4a66578b22f58c74928c782d33d6157d10646fa5c4a1a99df

9ea68e462461e397a241cecb9c086cd814c5cb581ed1507831057b0c2a11091f

8e698960962dd5ac538205783bd8ebe440c5378587676e8c6bac7816d9883fd5

7aaf2772cacd2c9acc8c55ff02e28515827046c603f89baeb6b6e7daa61e044d

622d9d8bdb6da3b77a288309cfc06bcd38e6dc1957701a25b72eabf4f758f62b

c25ed3bf76001321e86ccc610fce85c5ea9f0c6b1dd6b2036be5fa614572c16a

4839d2478023c017f3f88e3d1bd0eacc1f2968e9335328f1780026ac277eb132

5a63f6fbaa226529415214e9f3d402b78e7d077b512616e8f3bbae5777b7bb2a

c1e2c8803cf52c72de44524f2c53c5e17f889aee85f0cea6dd584eb3e582e885

9fd6568421ddc823e5cd5ac3d89ae3653346bc33ab27c0cd549e2e2b5bdb7e96

379be0881178f84ba95b8c0d4912c1f40f9560387cce20f94240ae5ff90282de

293db3c1ecff42fbf74cc5295dffd602466eed5e3af719eea8e8d7df8c6b732c

3d79cc836071e86facd919ef4fdc6ca4ca7590aca9a45b5d00c03888a7cceef5

4ad727b5832b108a662e415c72e88f250dcdeed0e39bbdd0e6aea3acfa6b356e

9446e109ccaaf3708f5704b4f0caed5e6d8ddfd7d4215dc1e79550ef0192ea9e

df775f36d46a90735033e1e9da50761c6903e9a1fae11e71609134eefe0f6981

4a00dd7e855ed87b2e8d026a1b4b044bd2afd110431985de2e6b6ef42d660eb9

19e48b43e16b3d34c8fd0185c8c31f02d44615acc0f5e27298d4d3b08abbe357

ab1a5b57372df4d202e66f824c9f02ce3bca0558ee8e35dc07c0cc061be18012

85879f7ddc0a59497b9039db3a07b7c02ce2b6b8cc2a94f8627a53b08e288eac

15c22b480bed1ece09ad206eab03857c0b937257b75a1dbfcf89caf3c0f6c26a

b971ae45f900ba9dd07fdba942cdcc1f923e034f8eca8bd6de70573f6145c358

e5ae897be93a7626882959c37dcbd788ecef2fe5c5c5e615bd69e17654ea999f

06d9fe3c42c17108cc200c67f8dd1a4b438e882629bcb6ed023d631f0a412fda

1264a321d41f444165a8a540eb4c391892aab9f0a6e5ac221b45018fe3b0bb33

b473d39731ef149aad4a1558a2e51ca7576bc4382e41970a4456563a9d4019c2

2583637ea07e69f75b7fcd92e965db8dcf0d416cf38e8b5a24d368fc6296e4b9

df94dd952f4731c4ea6aea9ba8298a411819ee7b7176e03323b3e43851d272e2

f2bf9fda61ce430e3ff49c8ed21eb081059f7c1c6e9a9695bc656ceacc640ebb

8e6f388cc7dcf6dc6e18acf54c0f4b879906af45da0875acf2c96ac918485367

641cc5124c03f42e074426e8cf8ac80bad03a7509ff8e5a5b5e5ba128195df10

efc1fc9efefb96e31f887681bcdea337c3ab3312b4d55c7541b1e7f272a1bf41

01c758742f333d897b6d6fead725d91841f8a17bed6fb7fcc1226d7bd9a70c12

f566e89c45af2300900a522ab004bb1ac1a63301f4dac99e0de85ac5a2aa83f6

12fd76f12e860d2931cc7e8b263933d9b82525f10116738fbd493c7666471cc5

b11676e7e98d54c983b87a6e69054e70670169bdba0bf440eafcf06267b485b3

3b1bbec6edbaf072ef57fa257279497e74ebf80ff038d21a4043ac79656d7e28

1416877edd6c4b18cbca4598b4c91b023113c51e9e8dbaef2266254727f223dc

889857e5c67d4da02cf8c1d7e4e5dcca95944a78fe8e07aaf3dc0a2542f3ea9a

eac697eb6b8d86a7f3f7e50cfe2234fc70f682779d7a90afd02125609500490c

91cfac4ae6739d3490b8ef4ac06004575354c182a936cdbdbcede30c510d21d1

701652e6aa7b288cc85c1078bd23bfac6f945bbded8ca588c5659ff25b7a7806

991ea83c2a9bb3cef912f2571b5480787b0e294d09aa05eeb630990cc7b773ab

ee44f04a5b3aa40e52dc0b33a54527251d149ff1e43f4746a4a75e8101e1f3c6

c9eff0ccd99dd1af5a63a2ee316ef04fe57977cef9fb56df0eec9f1a1f5e721f

53ced60e4c5dd14520328613005f8399c5e9a0455261872ae0e37384898f9da0

763415e53fbb2f67684b653d3d4c4bcc4d39c428edf40906188769c4342973fd

0e4a26700030b4603d4aa4924c94d98b1ed5f17af81d391889972a4beeb9c910

e09ee0fa10f374c8c9f644ad475405a9417585a1536a9d4cd163d078b87a77be

9148f59f106c1074467a573f1b36daa37a9a1fbdf6075c5f0dbe9cd58563f849

57cb930538ce43d82895cf668ac31c874f6d44782159587fdd57d75d9aad84bf

98f5a55f47f39595b69dc6defa397130171895df506f31462d8c7704cb292ea6

2d5b75a15b7ddc56fcb827ba93a5713559b899393f3f47573576c80341605182

0163607b8c0c552cc9044ff4acba2fc2fdd0581665d3eef915892a7e6c0d610c

c40a5dd6359002c9908dc8e1e853fd2ce9ea7c9e951620f36b6f350cb3351acd

b9b0bc1af6684e8a2143ab34b86aaa382a8b461eb09f71cca52fe965fdfa1806

d974a44b1f9521c81efa52988520e70b7da0879fa5700a9a6cdec57202b5d5f1

d9578aa16ad922127131971242c7cf1c223e7dca19059cc62c05090ab78d5a01

5728241faa813bb0e3ec92621c2c09e4af17c197548a2b59fd36cb17b55dad3f

91c60e8a96266b9767fc594d08b648e6e9c20c61dca743d0ff9c076e5dd4c5ee

a6a0e34a292206b00b45d51f1f65256032c754f9bc81f99c0dc8e79df840812a

cb20879ee1c2b921590fb9cd400bc88d36175a73cc349c232df072995287d85a

7bad951099559deec3c363ad7d58724d1316b82146dbdca5a841b92d2944649e

7880e8f6f8c3f7b4153b7415d86d3cefe389289f8e9de3330ca385d6f72fe29f

f22a9c891a3324b4c2abbea01a02dfa2ff8326b94abdcf7d2b2bddf8ee10363d

a67cded4e5b5d536f9ae07188e65710eddfa7fd4a692591c75052c67a282f3df

e21b055fe1dc9fb0bfd65e4871ba0070ba94b6ac0318961af7b16c2d19dfae74

b530ae661691eb4a45e166d7bdfc781f7726ffff5dd0c5002b53deed6e65b754

4dc210da4efc55c32442a87eeeb3c45fc1e4001a99536503698708ff668ff262

effddfe0e246b069f48e91e03dcd361998b773283834d9ebfd9703369bf663e4

12be4047b17c39993ea540b7bd857a665be2e205d455d0664dd4a96d763348ce

2ec4d6fad356e771ecc18491d931c3cf510e10d3ff49d8ab06e0da0e5eb8d120

4485c594dce7c8444c2d9fbffc180a44795c98531d41ebd9a46f76ca052c8fa3

1adfc65c5ba75668d6f45e65ccb31100f9f8bf510435960b6038c7c7b746be62

4c31d578ad4bac892f0dcb307080f24196360765fe007c316c6f1878f9310d03

f97d74ac49a75219ac40e8612a0ec0a829ed9daac2d913221115562c219c99b7

631ddce47e2af455dcd985eb5f5e3fd8319b16b3db97b8ed915bba077d12ce49

2c91a412ecedf9e6998997d90467398e2a55373c0b9b3395848184210705d7e6

81891ec2d391fb3ef95f04aa7c13cd99a7c4f939fec7ccddada2dc4811b78411

dd607c9a74ce0183b94b06e550f77814678c23cb11c67841e5a75c842c36c0ad

edff8ce767dcec6300e05e7eb0712ab25673571503c2ac68690c7d257d2b2e29

563cb8c26e7a5867f24f3ba21ad1d7cf923703e02788a96984c6a7f38f2d481e

97684ae157687ede7bf91bebe6d495da66e8496c0c273255a8e6134697994966

f0cd9e36e2cdf45e59efab2761d606debd085fb7a6477b8be0e3cc813a279d42

9482dccd63983272e610041d4bbf262b9e2ac23d721c097074e405fcd9a897c0

65dbdc04b1574683304457cd7c78541ead165201f89a1b2a7285313bc9b08bff

fd07ef316187f311bec7d2ff9eb793cc3886463ebae9445c9f89903b66727832

336008e2b7f2bf194a44984b36d0594d03103e3636540273eed82c01af407001

4aa7b83b9d83db23b2a3dbfb6078a866928fc61655d0bc8ecc2fce5c3679c6b4

1c441e606233bbac68175731b0f35c0760a2da8e4002ef3ea36f341cf342cc79

200c0d1c71d5c3faaba9ec5abcd1445b34c14fa66001557c11c574776b8baea7

d1f4dfba13d5407d367a847f213826f3a434e7af8f3daae482909473550c4e89

2f08cab642d4da5ab2a1d9ed6e816b5dd20bff21b10b7014d0ff19bde5b7890f

5d38e81de505e6eeb887e10566ac09796db4bfeb9f4c13054c490064f1ff2eba

5dc6318d8d50fb903ee4a79080769fd25a04ec6633cab32b0f890875c0780290

27b5e1f1bbde28fbd2d6d31f64a1b96c32d064a23f5832c7f6b04f32886c1929

23e718def31c7a37bcbfae15a4eb0725e106f7b73b238d9ae42a19036e618dd7

73808dc4480bf696a4abc90c41b988886a6fa749c0b56098958471bb9c867af7

aba0bbab7988849ebc4446dc6e097edb2b4aab7ecb00f439e611ed4722a3adc0

ff340a5cfd9555040333b2f6f7daec1e2981cdb484fe8579a877f29b9e54da7b

12d242e330addf58c5ded2e37f4f99229e82b070e40354711c8de6f47dfb5fd7

861df9e462bc65420ea71361ad9d7a9ea02d74f21838b4b0ff89c7a0a6700842

a1ab7aa53b54589e7d98fc250ba24805c2a242059f1f51e04fe334aa5a15ba5e

38d9cf486b96bce46efc94b05f094b469abad6e49706f3de3e106f7cd882a7f5

807e5a16735cec34f91d166082475799c8c607e04fc8cc6445a47d96651ff3e9

74dfcdeaec1305c56769b61b34d3e1d5afe2ab3a879f1fbc71a7674ae8ff2daa

e81310ca7c8048fb68f4ec8b6003070d9b3c48b3a4c16dc8cc4d4b95fedc1050

114ef0737038fd0e54b9b7faf3aa56265f8e3a75ce9129e28a4036e4234915d6

20e53b059dc54759ad88924702d6750fe63def602af3a9000947f3921c6f64b2

2d29f3904975b4cbeeb87d4e7760d449f55cd80ccc9eb4e614ed1ad57dae86e2

39f3936e5607c1dd042838e215dd2b5b2e1a31fa7c2955605ee062ab463c70b2

9203dbc1d8346aaba6748efc455c2361041d2448491424938b5ad913e797c1b6

a9777d52fbf94a5e5ffa489cb2b3bd14cd0de7af36a1a308d64b85ea58097bb3

1e8aaccc7511c60c7b369ebb40c27685e488d0af53d019176b95795f65dbf75a

2424c3168d93525f12b45e5f46d0a7779abea08318aef7cc452f11367dee5725

760f2303f1f9f7cd2f343a8243044e62aa3e9af18404ac0910840a90ff9c8318

ea2b35692db6b038b3045550a4969db40782eacf50abe379d2755eebff92e5b9

e4f6b7175a08c6223d0730df1f9d77d8b9f83a214facdcc993d40a73eac21f94

cadac6b80362ccc22e5f25ec1c57c43d66c893539306193a271ad78afa7d47c0

5f6b65a372bfe982bca49e99f1ba17a57cbb5976a007bc07f1f645a2e9e6c22a

6381ea65b83ea2e2a4eed2c9f6fe6c2b0e31d4df2daf8201fa901782bfa5b019

208ffbdc18d19de0691d523fc3acddc1390223d8f5a5e62f2526e26626086c38

3d73aea855fc012e2a49a4c98f293dc4836a284ddf7481486b9948f6b6adbc00

07177233647e1ff382dde4803bc0651e5b052112a5450bd78858d945c4bc2e0b

a00f249d4d86941b2b2d66c3431467ae8abac4ef8111c3b9d0f5b631e07d702b

00bc1ce81f79089670a7d2956df112ff29ee86d51ecad0d7fb5012d54cbfaf4a

c1566f52e2f69008aa9afd6ea9a82972bdf2a51d90a7a85842858134ea74de40

b351a8b608f6e223ad8afd75d2f7121a4c7eec04ae1fd501619204bdac35a8ba

57594c0ebdf7365f6ccd6a576f32870e14bd87e627789de43626093e51d63050

5b266c9bd119725dda27c91c08dd3b61659f2b91a487b420b21514f3235cbbb9

ea0762fbdd49c6be02ef533ca14c8f33303ce21f3510ab12b1164a2299480cfe

0801d8f5c028457b5bad66917d39d17471659eb522c5813f893c76bf4bc3148e

e880481a7a40b7b13dc50241646d64a61814c11f0e7edb65006fc61da4f9f52a

98121e22dcb0b5ff2a05e49072b623ffd497b08c655ad200352b8fbfd94f4bc3

9936afc821410d4ee8cc0a3d0bce6ef6b490392f4f13ae31f84a94c959a2fc03

b3f05948bdcff16464125fbb87bd6dab3b55510b8ed093abb37a7ba2b7e78297

59845f9e4a5ad158c9021dbe7dcdec5ec7fe388549c01ca6207badfb24133d2b

f0b828e78df7156fd9213947c1542e9aedcb797595da5374bce05cc5af5c8255

c3bff052096f85673dcbdf9038114d55b9a7b9b84b4049caee5612d50a8a734b

8f8f61f95649f523e12533051dd55dd0d4da84da56873cb544dd12f01ea81ee0

d437b362e0bade3bdbb0e0e729b28b0068225671eda83df4309cea5898353289

c495527a844ddb6220ec8c333477e8d630b7552db38082a32f692f3b892ca9ce

72d34977b8f4b4734e89da4a1e8a9468173b69364ebf6150ab0fe3605123e98e

25d1056593f131f9c8d20954f594aec8406889fa6f946c95da333ba46368ecac

4aeead5c63fed97e7311b244f33b8a92bf86f7549f4ca0f830c6709a5b118803

b08749ce15ffeb4d8c2c8349b5a8354464c0abf68e9b95c5fd9f08286ec6ebd1

9bf23d2ef24eb8c86a9e5ee9e7f65de069b23d24b986190c634767544582156d

0d4e8ab544242aa6d11f7a2f81d1770ba0594e61ffbfd54b9f75d1f29bf02cc7

e1575a81b1a094059afe2423da57140546e5a35bdd813accd796e1f1923190a0

fb8f7c363cade737ad3b6e19b6f3d9cd38298941a1dcabb16d511d856e7c13ce

55d4743d6b95d9e8f65bb03173b081c22a5aebafcfd2657be2a5f9b2fdd53e1e

87df81c6ec9b9f06198fc0d4da56d41a6bf54999b59e4c4398fd778f6eb5dd53

6d301382656ec3cc71b1988e969d5e55ba680702aa1a6c14b77c428e7e5c45e2

bb5221693c0e0f5ab97059ab9bf61b79f8b5be063f322c6c283441ba353c41fd

4574baa233b6aee9ae4cc56c1ddcfc45d8f0853cd7b4cd9a4b97df34c8058c63

4ab269c438f9c37507e139a6bb2cf97ae83e60e02bc349891e31e300ea5d4c53

7277d0d8ae277959fd97f789cdcc2602c5175dd3364aba11b70f7229922e7fe3

640ab2b1af0b3f4f2cf2c0ecdfdc3e7460f1e44f410f82298959ea49fc71c38d

a4ed50064f10f28fcbe7952efcb8cf0a89b3b9ed869c243f8f31af4a69d8c510

0dc9a2e9d6bd422e1025248ac7b222001170bd3bb48159b48d657aea6893982c

e3a6b7101fca35d022394db91390065fbe86cfbe40b7504dfc1dca2b77cd62cd

216f356ee670b495945af6a13417d6a688fe637f8be78e654091a7501aae7dab

6df514766c0a36edc67d60a24373b00cc3878c0ebc5414b51f7409925aece25f

702fbcccb008437b59ebef98d336d471d2ff9908563478cfec89e9599fb709d0

7cf4bc518db73e8e8c70ed171b9de73365f621bd3a9b5082df604ba7fea1cd87

1dd30eabe24b97e81f2ac3c3e469e4b9c3ca9568be67c22dbf627b6d01de58d3

b84bd71aa138c525959c338a1a47dea7bf3d8481130f34ebff952c240bc91967

ba22fa5f64d10d5d8b10fdfb0d93ab8e75a1d3de8662786c67ff5200162771f0

3a6c965213832961836b8d91282103de512509de2c9f02ae445540372df06ec0

44a556064059d930fe374d81ed16bc47b15314d860c7733fda4b082c9ef40726

c9d19a24e5fd6075325baa5b8c3bddbcbee954869f6059d8f20f6347ca39cf6e

755d5e5131c5d59a133ff64c0b97625632daf4be28330c25e7f970d5763a3f03

826ac12e0b142a2ce62beeda5c4293a562e12098dae8bed0fbe9b8479fdff639

d7c82bf909e58e5b0a41ba21b22e8a6a5c1cf69ee3638413e11d966aed3b375d

9f9ec01088013bb247b07bd68958ee12e1879f9f3fe0d2158abc31949fe8171f

4d9c174b48874a159c66ebc088b5eb20fbc44a38fd00ab67a1de672e258676f1

5795c9a3ab01b025c6a31fb28f53de88277a458b188b54ea72f660d74b04f5b2

c64aa4226b5817e7fbdc0aadbe754339db6a0d0dec428389cd88ce05504d8c1e

e0b1a1c498cec48a3f19eb019c509e5825268de1992a46e758ca0b59a65781ae

1eeeb8ba0e5af802de708d95647f25bc621b7c39dfefb8e52bd46edfb5b7a0a8

e5af4e4c28c3c416a37bd885aa7c386bf7d52135f725b6641b114fa5f8bb9f77

41d0ae5cfd3aeb0a95840e344c6d6e649c5e49bbe41c875a7bd3176dfa2c2311

dc8720babe2274b2f59e32b5493d0bfde37f923ccc2c18ad8abd373152f3904a

6fe471ccf3b06f43f28b52c0121415bed099d84f036f435f36995c2d4267a635

6fee4c7f3b6540fc9e7a76da17faf41e47be87ca171947dcea7b3861ad949224

bd415f2081f4992ebf23d9ddddd5e21139bc1bf3e865ae9d1ebea2039628ba46

b78540e7c12d8f1fb20575bdd34f04dd54c56ea2b5c7431feccbb5040a7aab13

a4e404f0c78150a4638b7348ff52448fe0e266a0b006780d61b60a711aaba749

5b9188cbeaf1c25cce688a5c9dd70b5082ebfaecc401f2bdeb9771b99b25cf5c

e652c5079e9953e58cefc5c9193f71fa6d0f7118dc50d9e9308fd0e14740155d

5a92688148ad54a178aa4e41088e17f00fd34b9567349100007a6ee2fcb51c3f

77d6eade29648592f61fb9ed4361e06e5530a7668a9b4e8095bac34865b1ed11

76979eccc20039c9165eee7d69f187530fe2b7afc59e9d84e5c5757b0c83b8c0

85e4bf7f18afe9cc5a16c4af69251337351a70bf40b327e7d37c472593ee40e5

ab5163d4f449c663d29d82c21ebe1486217679bce2d518cd6e48cda8d9ed5efc

35eb9c9a404de2a342c7d61cf86282ac17ef9d33683f846e57ba195ae0b10cac

6814d8b863387d9c7f3a0cbb295570dca417632192d83175bf2c94f1bfd22c5e

93b5d120addb5d23e10617659051cd7f7e726374c2bd7fe2ba550644dfb1f166

95896bbbc442973841d5b3d715257d76efe0337650156aafe6034b982fffcaff

3ee76d0692954a29b7d8a0271f833c98a17908780450dfc9c8aa0a219556ca76

39a6816734543263bbe3a602c41e76411981cfc41182c8a3fca1345365b0d853

9d0d9af795e4c3e1cf1623fe4aaaa7400bc166b65a9e682e2acfd127d983ff52

5e2511828c9e85fa0fab8e51aa2d74739c14c684bcf394e2020e24a0d4b0ef43

92e24adb38b7418d352c32e5b8b9c2a7282ef9ddd6d2e094a6e5e58b301aad50

504c1a16b43938b86aae7911d8b0dec94d430e0a28aef5b5d0dcadc7f898589a

c14e87b33697dfe57fa0ead51e6b6d12b857a6e0e0c0f9ac648f9a3487f2d965

9e2b5e80d7444d06dc07c5376a8a97dc4219f65f2f511fe2b502a1448bd19eda

ade2d275a6d79217c1b1d871c85575ab1b17eb7c644f1b829467222505d41c5a

b3f921580abe178390ce5e0b18816730303d749480ed201778b727ade424e202

c6dd8f1cb44ed93fc5420064630b59fc7ed24e0969bee38bac5f023e39e1af1c

aebcb313b3b7acdc449674e1163287aa95d698c18f5f5923a8c4c1fe021f69f5

8bf658be4b0afbcb171f706890eef2d57aa9f29fc3f813275aa4cee2a192a2f7

19080eb1765a07603f77d46e5f01653264bbd3246a9cff47982cfa8631c9f931

b14e42285de5709cfb41b513a70d9bad9426b3f65f314e5de081ed786fdc9e8c

cbaf53b0957708e36713767bc1336313c5c73e94061bad994e3885aa160f73ae

5e912fdefe6481d84dfade45ac1c56be2aae3847fb7dcfcfba3123812930a33e

599c6ce9b4a35e6ed41b454f4cf7a4c0343225df7d9cd75152255d124b3fd05e

02e6b14f6a0bb76bdc01bc1d4e009e80c32fc28df580d5af5805c14049fe72b2

205cbc9f7bbd3f932cc33b3961016548b8b0705e8d5a59400ff699da533fb090

dcaabffae3dc641aeeffc9f78bac9cc1ef3d24a8b719eb8655805c9b8f82fa20

fd4438679eec0835a0c40d714aa7c54a807d85b5af7289962a17bfb04d3bd6c2

1d1ed1248f82827302db1c39897fd7ee0c2647b818cab711b5749ea9d888710f

cebe20b0c3a794c4dd91d3019eb8c5f94e1809a1443c971e69944de9b6c1ecaa

2bfa22723f1b2088d155c7494741a052881b8625cc4901c8526dabcf80e7dc6e

551e28e131a0a9ee8e489a6ed8cc070c164a22e2d5900bf64c90925daab78ef1

88aaad1a70563b6452def2aeed6d4d6c68dfbd008bd4b98dfa19a42f56d7bd44

02a13450ae1ec928d66db6a5bb564ed571cfa8590a0d869d649aeae562b2b204

b5bbfbdeb71f9528141b0f5dffcea1850c304890d908668e8a3097dabfc6eae4

4c2d191b530f5394e7b7aecfd0f96c9a331c57a8596b6005911f3e25c58c88ab

71ffd881812800adf52fb5318bc8427038782327ca959f35b890ffb7b4260436

d8e685bc2160d4b12f0a9feac29721e31a66ec1d0b27925f79d4e336625f97fd

7ed00f34851720b83b87e357912cf9d07d793dc821a75349a04235c7d3205dc7

4624c1a4cb4cfda636aa9f3b2270497a341ba4d444dedb0854f32713958c7b0c

f51e3dfe79263b7923c6e71f0f388b0f252466b755c445859c8db6a7762b3035

5536ec9f84dd4daed2b69cbe93f7382d049f5e662c1fb3cfba25570c9f85de02

32bac19aca07e0228244605ab2735774187b7e5ef2815ae2c541426eeac8165c

2e6305521d4ac770fc661658da6736d658eef384a9aa68bc49613d2be2d23a0d

9dae83264b59bbc5fd181dfd4c19fc237ddcc3cf6490591bd7db107d24e9d760

bf504196cf8007ed9c7dfcf5c59d80c85c648ea9f76340711c7c22abab003fb8

1b7c8c9ce0bfb57eb900ddefe16fbe68ece64ed1364d55973fd737e674785945

4f2245f9028da73b4b937da904874809ca81546c7cab888e4d0da5fdf372a4fd

6e2e535caaba9e328361c245e828d7a910115987bbf805f4d844c08fa937a28b

bdb1dadcc80b0ffbfe15948a9434c2fc8fc42a369bf6cb656e96124aa53f210a

e2250478610b7f25b6cf4a5441411d9734ccf311219afdc104214c664dd810da

523d79b715892578f1496a3dd82586e1b175f7dc29218c1c43a574bf5243ce9c

b70e3cdf27caa9a43fbf30b7439201b29f5b26d342177a3e16bd9d05ec3ac0ab

638b6c068e058482be81e7a835aca3c6334da79d8ac26aaaa23b251f2727ac91

9fe3637758f842c54634901a18f55e72a4d5d422f49b04d24c5d1fecc45adaa7

dddf045b2e2425e10ce50ab8d7985a4dc570bcb267b832caddb3e8e8c13cbab5

542ed4ceed21d24f3951bd912db7b160aa4894ddf027128280554e592aecb657

1ec258397824fe2ab56e7617dd826413e3fb7cc363e759bb308273e3b8650614

2b4a520f9b89939ac4fbaab6c6405f93904af8b5673c51e86ae6445aa1a85e65

91b8c34a60a876196079a9cdd94655e16a12281e31248e1c22d69fd9481a9c30

05539726057c85a21e743551fe709f69e01bae32176deb196321359fc4fbb8e9

1de619e9c5b16b5055ba1c10385b889ae636bdc8bd9f9f5c15235ef10694714d

5083fc9eb147ea9a3434ca28aaf517890956ec8b85aad24929b1bb9611dbc233

cf5deb752118652a21dce16aeb46ca59d0241db13225ec248a751f12227289bd

8c74447a91a6cdc5d4fbf698e3e7b259c3d782cebec7c1f27f6984066edb4b1f

009b0111a76943880ff1d99ff522428925ee4de16cc8ab6e566ad2b89acb9447

4a56746051472fe9f95b604f6264a56ee81b12cba9ca7713e371b90f03146447

c946f1af8373b188a2f479abd33405c02b770eb4796f6b009689869eb932087c

1dcd3d0f4c7b027711de6735e71634bbb29c6c505f1e85e210bbb758f891fb6a

95cd2a9aab92e0932601113d076852b18c1cd0aeeb9b6051332743da51c82877

b7738589dd764b3c295b4dffaee312722b7b0581e860457619262c70b4529aed

b14780fc1aee262a62294bc40c67983790d814eae939ac87d53baae83612a676

525dcb822838f8df8f54a01d8370460c4fcec2adcba3441f847cc449f47946ee

590ce5f56d9f89886f12bfdd25dd53e170dfea0cf011bb87ef4b5de3b07609bc

f50b147067f90a0ae8a104bf357d3fe6058181fb1919dece1b9d9a2a8e6a29a7

72cc564f58096c158f0337cb4ac63dff2c53b730b72f4a3e1e0ed756516b7592

bf4a421aab194bcab72c63c98e4994b9fde910e2b1f70a6ff68e6ae50c31adb9

29efdfee268beb4bef2b6ec00fdc90b1f89fe0200b81ecd932ac351ebd084afd

87c5d5d6db6e1f12f084a3e9841bb8bb47dc5a30ff3108dcdbb5ed14a812aff5

c8baa7ddd91194604e79b88cccfa9419400ed9747805c1c9f7dfb5be767c4475

f805f22f668bd0414497ddc061e021c5b80b80c9702053d72fc809f19307073b

1aeb23e6f6596fd93c42a539e28f4e6c41b8ee9204ca617cd7ec25bf9b10292c

9830ba7799adb273afebfec23cb44cb6ca9aa9ac9c8d336044b0a9866eb93bc5

0db497004be066dd605395d8d9939c66aceb96ae4dfa7e8bc8b74395f02b5701

fa10e82d230a2600a76103abcbde2d07ed48886c42bfc59c0822c044c5d3aebe

283f8a9787bd22c404d066b8e92415bfe3b1e2d1f8fb2c026e994eaf56dd781a

ea730a93306ce365eb406d3f7bcc35343785bd036b7235383476e0e137f23d4a

cbf1ba23fe95cfaa445d2c607fb96af9b6f9483369822302ed5782e0ec75b010

1eca7d74ae1178f018b9d5acd8462abfb9e17e6db8e867e37a912414503a9cef

54e4f6008fbc916835793e4a524e15a6681e4502ea672865ff2bb5cebd1f7485

bb014bc40a170ef89596ca8bad91582e2d5a7ed6fcfc99de8ae411edbb9390f0

539ecc43fd9510f346d94ded758885d7ca7f97a7eae2563f812bf7822d135760

a5aa37fcf5a797c3ebdd7eb06826d83cf18bf53c58ba2b6a71074825729a4675

9c5fa6ca6cbc9638e9179929add7095a88bc49abe2981df7e1a8395c55159c29

1629457fab25fb01abe9d8aad61d5f98a772d1d67e60baea4b42affbff1f2a8f

462c52b40f35f913f79134b5c8d63bfc08b26f8740af2897e7a75fa9e1cdf148

032688d302ae8ca40943a504d2215a0b68bdf12ca1f068c63103ead4512e3c1c

43217c1685d1c91da605e2801e64967345121ff0b0cb73bf03b1edb06b57ca1b

69ba5b6697b09d11cfdf15509c933ac27d124ae31721f500f921e39c3ea819de

2720876bb2f2cd3aa107ba04ac1603d565c5746a67eb5056a85123c5168e6f6e

716ad1ca1d13c3901e71827a44bf154ff7a98614c0b2991af85462cd7dadc1a1

0a5cfe34b2141ef9d00896befab53253e8d552ad405220a3b6db2ccda9a7a7d0

575ed5b7962dbd32a776c1e8e2e64bd0cf2871465ade8ca6ea81d0080c6d9a95

c3ed91e64a0a2ca71e4a747fed7a6a70eef2715e6c9b55886e11bf22eef33409

附录A 参考

KEKSEC组织运营网络再添新成员:LOLFME僵尸网络

https://www.securonix.com/blog/detecting-the-enemybot-botnet-advisory/

https://blog.netlab.360.com/gafgtyt_Tor-and-necro-are-on-the-move-again/

https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet

https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1

https://github.com/freakanonymous/enemy

版权声明

本站“技术博客”所有内容的版权持有者为绿盟科技集团股份有限公司(“绿盟科技”)。作为分享技术资讯的平台,绿盟科技期待与广大用户互动交流,并欢迎在标明出处(绿盟科技-技术博客)及网址的情形下,全文转发。
上述情形之外的任何使用形式,均需提前向绿盟科技(010-68438880-5462)申请版权授权。如擅自使用,绿盟科技保留追责权利。同时,如因擅自使用博客内容引发法律纠纷,由使用者自行承担全部法律责任,与绿盟科技无关。

Spread the word. Share this post!

Meet The Author

伏影实验室专注于安全威胁监测与对抗技术研究。
研究目标包括Botnet、APT高级威胁,DDoS对抗,WEB对抗,流行服务系统脆弱利用威胁、身份认证威胁,数字资产威胁,黑色产业威胁及新兴威胁。通过掌控现网威胁来识别风险,缓解威胁伤害,为威胁对抗提供决策支撑。