From 31b7c28b5ac3e6ed0b3a969dfcf8a32dbcbd0553 Mon Sep 17 00:00:00 2001
From: mether049 <cstt17009@g.nihon-u.ac.jp>
Date: Wed, 18 Mar 2020 01:59:10 +0900
Subject: [PATCH] Update malware-tech_ref_and_memo.md

---
 malware-tech_ref_and_memo.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md
index 33f512b..d4ab906 100644
--- a/malware-tech_ref_and_memo.md
+++ b/malware-tech_ref_and_memo.md
@@ -408,6 +408,31 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
 - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
 - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
 ```
+# Gathering Information
+## Public IP address
+  - HTTP経由
+    - webサービスを利用してコンピュータのPublic IP addressを確認する
+    - サービス一覧とcurlコマンド例
+      ```
+      curl http://httpbin.org/ip
+      curl http://ifconfig.me
+      curl http://whatismyip.akamai.com
+      curl http://icanhazip.com
+      curl http://ident.me
+      curl http://v6.ident.me # IPv6
+      curl http://checkip.amazonaws.com/
+      curl http://wgetip.com/
+      curl http://wtfismyip.com/text
+      ```
+  - DNS経由
+    - dnsサービスでコンピュータのPublic IP addressを確認する
+    - [opendnsがUrsnifで用いられていた](https://unit42.paloaltonetworks.jp/wireshark-tutorial-examining-ursnif-infections/)
+      - サービス一覧とdigコマンドでの例
+      ```
+      dig myip.opendns.com @resolver1.opendns.com
+      dig  -t txt o-o.myaddr.l.google.com @8.8.8.8 # TXT record
+      dig whoami.akamai.net @ns1-1.akamaitech.net
+      ```
 
 # Shell Backdoor
 - Web Shell等