¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20181019
°ä²¼¹¦·ò 2018-10-22
McAfee×êÑÐÈËÔ±Åû¶Õë¶Ôº«¹ú¡¢ÃÀ¹úºÍ¼ÓÄôóµÄй¥»÷»î¶¯Operation Oceansalt¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±¹Û²ìµ½Õë¶Ô·ÖÆçÖ¸±êµÄ5²¨¹¥»÷º£³±£¬£¬£¬£¬£¬¹¥»÷ÕßʹÓõĴúÂëÓë8ÄêǰµÄºÚ¿ÍÍÅ»ïAPT1¼«¶ÈÀàËÆ£¬£¬£¬£¬£¬µ«Õâ²¢²»ÁÏζ×ÅAPT1ÒѾ¾íÍÁ³ÁÀ´£¬£¬£¬£¬£¬Ò²ÓпÉÄÜÊÇ·¸×ïÍÅ»ïÖ®¼ä¹²ÏíÁ˲¿ÃÅ´úÂë»òÔʼ´úÂ뱻й¶»òÇÔÈ¡£¡£¡£¡£¡£¡£¡£¬£¬£¬£¬£¬»òÕßÊǹ¥»÷ÕßÓÐÒâÉèÖõÄÓÃÓÚÎóµ¼×êÑÐÈËÔ±µÄFalse Flag¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://securingtomorrow.mcafee.com/mcafee-labs/operation-oceansalt-delivers-wave-after-wave/2£¬£¬£¬£¬£¬°²È«³§ÉÌÅû¶Õë¶ÔÒâ´óÀûˮʦ¹¤ÒµµÄÐÂÍøÂç¼äµý»î¶¯MartyMcFly
°²È«³§ÉÌYoroiÅû¶Õë¶ÔÒâ´óÀûˮʦ¹¤ÒµµÄÐÂÍøÂç¼äµý»î¶¯MartyMcFly¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õßͨ¹ý´¹µöÓʼþ·Ö·¢¶ñÒâµÄxlsÎļþ£¬£¬£¬£¬£¬Æä×îÖÕÓÐЧºÉÔØÊÇ´ÓÒ»¸öÍÁ¶úÆäÍøÕ¾ÏÂÔØµÃµ½¡£¡£¡£¡£¡£¡£¡£¸ÃÍøÕ¾ÊôÓÚÒ»¼ÒºÏ·¨µÄ»úеÅä¼þÏúÊÛ¹«Ë¾£¬£¬£¬£¬£¬µ«ºÜ¿ÉÄÜÒÑÔâµ½ÈëÇÖ¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±ÒÔΪÕâ¿ÉÄÜÊÇÒ»¸öÕë¶Ôˮʦ¹¤ÒµµÄÐÂÐËÍþв£¬£¬£¬£¬£¬Ä¿Ç°»¹Ã»Óз¨×Ó¶ÔÆä½øÐйéÒò¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://securityaffairs.co/wordpress/77195/malware/martymcfly-malware-cyber-espionage.html3£¬£¬£¬£¬£¬GandCrab¿ª·¢ÕßΪÐðÀûÑÇÊܺ¦Õß°ä²¼½âÃÜÃÜÔ¿
ÔÚÒ»¸öÐðÀûÑÇÊܺ¦Õß°µÊ¾ËûÒѹʺ¢×ÓµÄÕÕÆ¬±»GandCrab¼ÓÃܲ¢ÔÚtwitterÉÏ×·ÇóÔ®ÊÖÖ®ºó£¬£¬£¬£¬£¬GandCrab¿ª·¢Õß°ä²¼ÁËËùÓÐÐðÀûÑÇÊܺ¦ÕߵĽâÃÜÃÜÔ¿¡£¡£¡£¡£¡£¡£¡£ÆäÅû¶µÄSY_keys.txtÎļþÔ̺¬978¸öÐðÀûÑÇÊܺ¦ÕߵĽâÃÜÃÜÔ¿£¬£¬£¬£¬£¬°æ±¾Ô̺¬1.0.0rµ½5.0¡£¡£¡£¡£¡£¡£¡£GandCrab¿ª·¢Õß»¹°µÊ¾£¬£¬£¬£¬£¬ÐðÀûÑDz»ÔÚGandCrabµÄ°×Ãûµ¥ÁбíÖÐÊÇÒ»¸öÃýÎ󣬣¬£¬£¬£¬µ«Ã»ÓÐ×¢Ã÷ÊÇ·ñ»áÔÚ½«À´½«Æä²ÎÓë°×Ãûµ¥¡£¡£¡£¡£¡£¡£¡£¶ÔÓÚÆäËü¹ú¶ÈµÄÊܺ¦Õߣ¬£¬£¬£¬£¬¿ª·¢Õß°µÊ¾Ê¼ÖÕ²»»á°ä²¼½âÃÜÃÜÔ¿¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/gandcrab-devs-release-decryption-keys-for-syrian-victims/4£¬£¬£¬£¬£¬×êÑÐÍŶÓÅû¶APT×éÖ¯TickÕë¶Ô¶«ÑǵÄй¥»÷»î¶¯
˼¿ÆTalosÍŶÓÅû¶APT×éÖ¯Tick½üÆÚÕë¶Ô¶«ÑǵØÓòµÄй¥»÷»î¶¯¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÕßʹÓõÄжñÒâÈí¼þÊÇDatper£¬£¬£¬£¬£¬¸Ã¶ñÒâÈí¼þ¿ÉÔÚÊܺ¦ÕßµÄÍÆËã»úÉÏÖ´ÐÐshellºÅÁîºÍ»ñÈ¡Ö÷»ú/Ó²ÅÌÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£DatperµÄC2·þÎñÆ÷ÊÇλÓÚº«¹úºÍÈÕ±¾µÄÍøÕ¾¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±·¢ÏÖ¶ñÒâÈí¼þ¼Ò×åDatper¡¢ºóÃÅxxmmºÍEmdiviʹÓÃÁËÒ»ÑùµÄ»ù´¡ÉèÊ©£¬£¬£¬£¬£¬ÕâÈý¸ö¶ñÒâÈí¼þ¶¼ÊôÓÚAPT×éÖ¯Tick¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html5£¬£¬£¬£¬£¬Tumblr½¨¸´¹ÙÍøÖеĿɵ¼ÖÂÓû§ÐÅϢй¶µÄ·ì϶
Tumblr½¨¸´Ò»¸ö¿Éµ¼ÖÂÓû§Ãô¸ÐÐÅϢй¶µÄ°²È«·ì϶¡£¡£¡£¡£¡£¡£¡£¸Ã·ì϶´æÔÚÓÚTumblr×ÀÃæ°æµÄ²©¿ÍÍÆ¼öÖ°ÄÜÖУ¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÀûÓø÷ì϶ÇÔÈ¡Óû§µÄµç×ÓÓʼþµØÖ·¡¢¼ÓÑεĹþÏ£ÃÜÂë¡¢µØÎ»¡¢º¹Çàµç×ÓÓʼþµØÖ·¡¢×îºóµÇ¼IPÒÔ¼°ÕË»§¹ØÁªµÄ²©¿ÍÃû³ÆµÈÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£¸Ã¹«Ë¾Ã»ÓÐй©·ì϶µÄÓйؼ¼Êõϸ½Ú£¬£¬£¬£¬£¬Ò²Ã»ÓÐй©ÊÜÓ°ÏìµÄÓû§ÊýÁ¿¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://thehackernews.com/2018/10/tumblr-account-hacking.html6£¬£¬£¬£¬£¬D-Link·ÓÉÆ÷±»ÆØ´æÔÚ3¸ö°²È«·ì϶£¬£¬£¬£¬£¬¿Éµ¼ÖÂÉ豸ÊÕÊÜ
²¨À¼Î÷ÀïÎ÷ÑÇÀí¹¤´óѧµÄ×êÑÐÈËÔ±B?a?ejAdamczyk·¢ÏÖ¶à¸öÐͺŵÄD-Link·ÓÉÆ÷Ò×ÊÜÈý¸ö°²È«·ì϶µÄÓ°Ïì¡£¡£¡£¡£¡£¡£¡£ÕâЩ·ì϶Ô̺¬õè¾¶±éÀú·ì϶£¨CVE-2018-10822£©¡¢ÃÜÂëÃ÷ÎÄ´æ´¢·ì϶£¨CVE-2018-10824£©ºÍshellºÅÁî×¢Èë·ì϶£¨CVE-2018-10823£©£¬£¬£¬£¬£¬×ÛºÏÀûÓÃÕâЩ·ì϶¿Éµ¼Ö´úÂëÖ´ÐкÍÉ豸ÊÕÊÜ¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±Åû¶ÁËÓйØPoC´úÂë¡£¡£¡£¡£¡£¡£¡£¹²ÓÐ8¸öÐͺŵÄD-Link·ÓÉÆ÷Êܵ½Ó°Ï죬£¬£¬£¬£¬µ«¹©¸øḚ́µÊ¾Ö»ÔÚÁ½¸öÐͺÅÖн¨¸´ÁËÕâЩ·ì϶£¬£¬£¬£¬£¬ÆäËüÐͺÅÒÑÖÕ³¡Ö§³Ö¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/bug-trio-affecting-eight-d-link-models-leads-to-full-compromise/ÉêÃ÷£º±¾×ÊѶÓÉ8827Ì«Ñô¼¯ÍÅάËûÃü°²È«Ó××é·ÒëºÍÕû¶Ù


¾©¹«Íø°²±¸11010802024551ºÅ