¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20180704

°ä²¼¹¦·ò 2018-07-04

¡¾·ì϶²¹¶¡¡¿Î¢Èí×êÑÐÈËÔ±Åû¶AdobeºÍWindowsÄÚºËÖеÄÁ½¸ö0day·ì϶


΢Èí×êÑÐÈËÔ±Åû¶2¸ö0day·ì϶µÄÓйؼ¼Êõϸ½Ú¡£¡£¡£¡£¡£3ÔÂÏÂÑ®ESET×êÑÐÈËÔ±ÔÚVirusTotalÉÏ·¢ÏÖÒ»¸ö¶ñÒâPDFÎļþ£¬£¬£¬£¬£¬ £¬£¬£¬²¢½«¸ÃÎļþÓë΢ÈíµÄ°²È«ÍŶӹ²Ïí¡£¡£¡£¡£¡£Î¢ÈíÍŶӷ¢ÏÖ¸ÃÎļþÔ̺¬2¸ö0day·ì϶£¬£¬£¬£¬£¬ £¬£¬£¬Ò»¸öÊÇAdobe AcrobatºÍReaderÖеÄÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2018-4990£©£¬£¬£¬£¬£¬ £¬£¬£¬ÁíÒ»¸öÊÇWindowsÖеÄÌáȨ·ì϶£¨CVE-2018-8120£©¡£¡£¡£¡£¡£ÕâÁ½¸ö·ì϶¶¼ÒÑÔÚ5Ô·ݵݲȫ¸üÐÂÖн¨¸´¡£¡£¡£¡£¡£

 

Ô­ÎÄÁ´½Ó£ºhttps://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/


¡¾Íþвµý±¨¡¿°²È«³§ÉÌ·¢ÏÖÒÁÀÊAPT×éÖ¯Charming KittenµÄй¥»÷»î¶¯


ÒÔÉ«ÁÐÍøÂ簲ȫ¹«Ë¾ClearSky Security·¢ÏÖÒÁÀÊAPT×éÖ¯Charming Kitten¸´ÔìÁËÆä¹Ù·½ÍøÕ¾£¬£¬£¬£¬£¬ £¬£¬£¬²¢ÍйÜÔÚclearskysecurity.netÓòÃûÉÏ£¨¹ÙÍøÓòÃûÊÇClearSkySec.com£©¡£¡£¡£¡£¡£¸ÃÍøÕ¾Ô̺¬¶à¸öµÇ¼ѡÏ£¬£¬£¬£¬ £¬£¬£¬ÓÃÓÚÌáÒé´¹µö¹¥»÷£¬£¬£¬£¬£¬ £¬£¬£¬»ñÈ¡Óû§µÄÍ´´¦¡£¡£¡£¡£¡£×êÑÐÈËÔ±³Æ¸ÃÍøÕ¾ËÆºõ»¹ÔÚ½¨ÉèÖУ¬£¬£¬£¬£¬ £¬£¬£¬ÓÉÓÚÆä²¿ÃÅÍøÒ³ÒÀÈ»Ô̺¬ÃýÎóÐÅÏ¢¡£¡£¡£¡£¡£

 

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/iranian-apt-poses-as-israeli-cyber-security-firm-that-exposed-its-operations/


¡¾Íþвµý±¨¡¿×êÑÐÈËÔ±³ÆWin 10ÖеÄÐÂÎļþÀàÐͿɱ»¶ñÒâÈí¼þÀÄÓÃ


SpecterOps°²È«×êÑÐÔ±Matt Nelson·¢ÏÖWindows 10ÖеÄÐÂÎļþÀàÐͿɱ»ÀÄÓÃÓÚÔÚÓû§ÍÆËã»úÉÏÔËÐжñÒâ´úÂë¡£¡£¡£¡£¡£¸ÃÎļþÀàÐÍÊÇ.SettingContent-ms£¬£¬£¬£¬£¬ £¬£¬£¬ÊÇ2015ÄêWin 10ÖÐÒýÈëµÄÐÂÎļþÌåʽ£¬£¬£¬£¬£¬ £¬£¬£¬ÓÃÓÚ´´½¨ÉèÖÃÒ³ÃæµÄ¿ì½Ý·½Ê½¡£¡£¡£¡£¡£ÕâÖÖÎļþÆäʵÊÇÔ̺¬±êÇ©µÄXMLÎļþ£¬£¬£¬£¬£¬ £¬£¬£¬×êÑÐÈËÔ±·¢ÏÖ¿ÉÓÃÈκοÉÖ´ÐÐÎļþµÄÁ´½Ó´úÌæ¸Ã±êÇ©£¬£¬£¬£¬£¬ £¬£¬£¬´Ó¶øÖ´ÐжñÒâ´úÂë¡£¡£¡£¡£¡£ÕâÖÖÖ´ÐжñÒâ´úÂëµÄ·½Ê½»¹Äܹ»ÈƹýWindows DefenderµÄ·À»¤¡£¡£¡£¡£¡£

 

Ô­ÎÄÁ´½Ó£ºhttps://www.sentinelone.com/blog/new-windows-10-file-type-can-abused-running-malicious-applications/


¡¾¶ñÒâÈí¼þ¡¿×êÑÐÍŶӰ䲼¹ØÓÚSmoke LoaderµÄбäÌåµÄ·ÖÎö»ã±¨


˼¿ÆTalos×êÑÐÍŶӰ䲼¹ØÓÚ¶ñÒâÈí¼þSmoke LoaderµÄбäÌåµÄ·ÖÎö»ã±¨¡£¡£¡£¡£¡£¸ÃбäÌåµÄ³õʼϰȾÏòÁ¿ÊÇÔ̺¬¶ñÒâWordÎļþµÄµç×ÓÓʼþ¡£¡£¡£¡£¡£Smoke LoaderÖØÒªÓÃÓÚÏÂÔØºÍÖ´ÐÐÆäËü¶ñÒâÈí¼þ£¬£¬£¬£¬£¬ £¬£¬£¬Ô̺¬ÀÕË÷Èí¼þºÍ¶ñÒâÍÚ¿óÈí¼þµÈ¡£¡£¡£¡£¡£¸Ã±äÌåûÓн»¸¶¶î±íµÄ¿ÉÖ´ÐÐÎļþ£¬£¬£¬£¬£¬ £¬£¬£¬ÕâÅú×¢Ëü¿ÉÄܲ»Ïñ֮ǰÄÇôÊÜ»¶Ó­£¬£¬£¬£¬£¬ £¬£¬£¬»òÕß½öÓÃÓÚ¸öÈËÖ÷ÕÅ¡£¡£¡£¡£¡£Smoke LoaderµÄ²å¼þÄܹ»ÇÔÈ¡Óû§µÄÃô¸ÐÐÅÏ¢£¬£¬£¬£¬£¬ £¬£¬£¬Ô̺¬¸÷ÀàµÇ¼ʹ´¦µÈ¡£¡£¡£¡£¡£

 

Ô­ÎÄÁ´½Ó£ºhttps://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html


¡¾¶ñÒâÈí¼þ¡¿×êÑÐÍŶӷ¢ÏÖÖØÒªÕë¶Ô²¨À¼µÄÐÂÀÕË÷Èí¼þNozelesn


MalwareHunterTeam·¢ÏÖÖØÒªÕë¶Ô²¨À¼µÄÐÂÀÕË÷Èí¼þNozelesnµÄ¹¥»÷»î¶¯¡£¡£¡£¡£¡£¸Ã»î¶¯ÆðÍ·ÓÚ7ÔÂ1ÈÕ£¬£¬£¬£¬£¬ £¬£¬£¬¿ÉÄÜÊÇͨ¹ýÀ¬»øÓʼþ½øÐзַ¢¡£¡£¡£¡£¡£Nozelesn»á¼ÓÃÜÓû§µÄÎļþ²¢ÔÚÆäºó¸½¼Ó.nozelesnÀ©´óÃû£¬£¬£¬£¬£¬ £¬£¬£¬Ä¿Ç°ÆäÊê½ðΪ0.10±ÈÌØ±Ò£¨Ô¼660ÃÀÔª£©£¬£¬£¬£¬£¬ £¬£¬£¬µ«²¢²»½¨ÒéÓû§Ö§¸¶ÈκÎÊê½ð¡£¡£¡£¡£¡£

 

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/nozelesn-ransomware-reportedly-using-spam-to-target-poland/


¡¾¶ñÒâÈí¼þ¡¿×êÑÐÈËÔ±·¢ÏÖеÄÀÕË÷Èí¼þ±äÌåGandCrab V4


×êÑÐÈËÔ±Fly·¢ÏÖͨ¹ýÐéÎ±ÆÆ½âÍøÕ¾·Ö·¢µÄGandCrab v4±äÌå¡£¡£¡£¡£¡£¸Ã±äÌåŤתΪʹÓÃSalsa20¼ÓÃÜËã·¨£¬£¬£¬£¬£¬ £¬£¬£¬²¢ÔÚ¼ÓÃܵÄÎļþºó¸½¼Ó.KRABÀ©´óÃû¡£¡£¡£¡£¡£¸Ã±äÌåÒªÇóÓû§½Ó¼ûÔì¶©µÄTorÍøÕ¾£¨gandcrabmfe6mnef.onion£©ÒÔ»ñÈ¡½âÃÜÃÜÔ¿£¬£¬£¬£¬£¬ £¬£¬£¬ÆäÊê½ðΪԼ1200ÃÀÔª£¬£¬£¬£¬£¬ £¬£¬£¬ÒªÇóʹÓôïÊÀ±Ò£¨DSH£©Ö§¸¶¡£¡£¡£¡£¡£×êÑÐÈËÔ±³ÆÄ¿Ç°»¹ÎÞ·¨Ãâ·Ñ½âÃܸñäÌå¼ÓÃܵÄÎļþ¡£¡£¡£¡£¡£

 

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/gandcrab-v4-released-with-the-new-krab-extension-for-encrypted-files/