¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20190304

°ä²¼¹¦·ò 2019-03-04
1¡¢APT×éÖ¯Bronze Unionй¥»÷»î¶¯£¬£¬£¬£¬£¬£¬£¬ÖØÒª·Ö·¢ZxShellµÈľÂí

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


´÷¶ûCTU×êÑÐÈËÔ±·¢ÏÖAPT×éÖ¯Bronze Union£¨ÓÖ³ÆAPT27£©ÔÚ2018ÄêµÄй¥»÷»î¶¯Öв¿ÊðÁËеĶñÒâÈí¼þ£¬£¬£¬£¬£¬£¬£¬Ô̺¬ZxShell¡¢Gh0st RATºÍSysUpdate¡£¡£ ¡£¡£¡£¡£¡£¡£¹¥»÷Õßͨ¹ýÍøÂç´¹µö¡¢·ì϶ɨÃèÒÔ¼°Ë®¿Ó¹¥»÷µÈ¼¼Êõ£¬£¬£¬£¬£¬£¬£¬¶Ô×¼ÍÁ¶úÆä¼°ÃɹŵijÁÒª×éÖ¯¡£¡£ ¡£¡£¡£¡£¡£¡£¹¥»÷Õßͨ¹ýÕâЩ¶ñÒâÈí¼þµÄ¸Ä½ø±äÖÖ£¬£¬£¬£¬£¬£¬£¬Ê¹µÃÆä¶ñÒâ»î¶¯Ô½·¢ÄÑÒÔ±»¼ì²âµ½¡£¡£ ¡£¡£¡£¡£¡£¡£

   

Ô­ÎÄÁ´½Ó£º

https://cyware.com/news/apt-group-bronze-union-comes-up-with-upated-rat-malware-dd4ccb28

2¡¢Ð·¸×ïÍÅ»ïPacha Group£¬£¬£¬£¬£¬£¬£¬ÖØÒª¹¥»÷Linux·þÎñÆ÷½øÐÐÍÚ¿ó

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Intezer°²È«×êÑÐÈËÔ±·¢ÏÖÒ»¸öеķ¸×ïÍÅ»ïPacha Group£¬£¬£¬£¬£¬£¬£¬¸ÃÍÅ»ïÖØÒª¹¥»÷Linux·þÎñÆ÷½øÐÐÍڿ󡣡£ ¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÖØÒªÍ¨¹ý±©Á¦¹¥»÷ÈëÇÖÀàËÆWordPress»òPhpMyAdminµÈ·þÎñ£¬£¬£¬£¬£¬£¬£¬²¢×îÖÕ²¿Êð¶ñÒâÈí¼þLinux.GreedyAntd¡£¡£ ¡£¡£¡£¡£¡£¡£Antd´úÂ븴ÔÓ£¬£¬£¬£¬£¬£¬£¬»ùÓÚÄ£¿£¿£¿£¿£¿é»¯Éè¼Æ²¢¿ÉÔÚ¶àC&C·þÎñÆ÷Ϲ¤×÷¡£¡£ ¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±³ÆAntdÓë¸ÃÍÅ»ïµÄÁíÒ»¸ö¶ñÒâÈí¼þLinux.HelloBotµÄ´úÂëÓµÓгÁµþÖ®´¦¡£¡£ ¡£¡£¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/linux-servers-targeted-by-new-chinese-crypto-mining-group/

3¡¢Ð´¹µö¹¥»÷»î¶¯£¬£¬£¬£¬£¬£¬£¬ÖØÒªÀûÓÃXLMºê·Ö·¢FlawedAmmyyľÂí

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

2019Äê2ÔÂSI-LAB²¶»ñÁ˶à¸ö´øÓжñÒâExcel 4.0ºê£¨Ò²³ÆXLMºê£©µÄExcel´¹µöÑù±¾£¬£¬£¬£¬£¬£¬£¬ÕâЩÑù±¾ÓÃÓÚÏÂÔØºÍÖ´ÐÐFlawedAmmyy RAT¡£¡£ ¡£¡£¡£¡£¡£¡£¸Ã´¹µö¹¥»÷±³ºóµÄ¹¥»÷ÕßÊÇ·¸×ïÍÅ»ïTA505£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßµÄC&C·þÎñÆ÷£¨195.123.209.169£©Î»ÓÚÀ­ÍÑάÑÇ£¬£¬£¬£¬£¬£¬£¬µ±Ç°´¦ÓÚÀëÏß״̬¡£¡£ ¡£¡£¡£¡£¡£¡£Æä·Ö·¢µÄFlawedAmmyy RAT¿ÉÇÔȡָ±êµÄÎļþ¡¢Í´´¦¡¢ÆÁÄ»½ØÍ¼ÒÔ¼°½Ó¼ûÉãÏñÍ·ºÍÂó¿Ë·çµÈ¡£¡£ ¡£¡£¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/81857/malware/flawedammyy-undetected-xlm-macros.html

4¡¢×êÑÐÅú×¢Operation SharpshooterÓµÓиü¸ßµÄ¸´ÔӶȺ͸ü¹ãµÄÁìÓò

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

McAfee×êÑÐÈËÔ±ÔÚÒ»·Ýл㱨ÖÐÖ¸³ö£¬£¬£¬£¬£¬£¬£¬Operation SharpshooterµÄ¹¥»÷»î¶¯ÔÚ¸´ÔÓÐÔ¡¢ÁìÓòºÍ¹ã¶ÈÉϱÈ֮ǰÒÔΪµÄÒªÔ½·¢¿í·º¡£¡£ ¡£¡£¡£¡£¡£¡£SharpshooterÓÚ2018Äê12Ô³õ´Î±»Åû¶£¬£¬£¬£¬£¬£¬£¬ÆäÖØÒªÕë¶ÔÈ«ÇòµÄ¹ú·ÀºÍ¹Ø¼ü»ù´¡ÉèÊ©£¬£¬£¬£¬£¬£¬£¬Ô̺¬ºËÄÜ¡¢¹ú·À¡¢ÄÜÔ´ºÍ½ðÈÚÆóÒµ¡£¡£ ¡£¡£¡£¡£¡£¡£ÐÂ×êÑÐÅú×¢£¬£¬£¬£¬£¬£¬£¬Sharpshooter×îÔçÓÚ2017Äê9ÔÂÆðÍ·»î¶¯£¬£¬£¬£¬£¬£¬£¬Õë¶Ô¸ü¶àµÄ¹ú¶ÈºÍÐÐÒµ£¬£¬£¬£¬£¬£¬£¬¸Ã»î¶¯Ä¿Ç°»¹ÔÚ½øÐÐÖ®ÖÓ×£¡£ ¡£¡£¡£¡£¡£¡£Êܵ½¹¥»÷×î¶àµÄÖ¸±êÊǵ¹ú¡¢ÍÁ¶úÆä¡¢Ó¢¹úºÍÃÀ¹ú¡£¡£ ¡£¡£¡£¡£¡£¡£¸Ã»ã±¨»¹Ö¸³öSharpshooterÓëAPT×éÖ¯LazarusµÄ¹¥»÷ÓµÓжà¸öÀàËÆÌØµã¡£¡£ ¡£¡£¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://threatpost.com/sharpshooter-complexity-scope/142359/

5¡¢ÀÕË÷Èí¼þGarrantyDecryptбäÖÖ£¬£¬£¬£¬£¬£¬£¬¼Ù×°³É°²È«ÍŶӽøÐкýŪ

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

2Ô·Ý×êÑÐÈËÔ±Michael Gillespie·¢ÏÖÀÕË÷Èí¼þGarrantyDecryptµÄÒ»¸öбäÖÖ£¬£¬£¬£¬£¬£¬£¬¸Ã±äÖÖѡȡÁËÒ»ÖÖеÄÕ½Êõ½øÐкýŪ£ºÔÚÃûΪSECURITY-ISSUE-INFO.txtµÄÀÕË÷µ¥¾ÝÖУ¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÐû³ÆÖ¸±êÓû§Ôâµ½¡°±í²¿ÈËÔ±¡±µÄ¹¥»÷£¬£¬£¬£¬£¬£¬£¬¶øProton°²È«ÍŶӵÄSECURE-SERVER·þÎñ¶ÔÓû§µÄÊý¾Ý½øÐÐÁ˱£»£»£»£»£»£» £»¤ÐԵļÓÃÜ¡£¡£ ¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÉõÖÁ½«PROTONµÄ°æÈ¨ÉêÃ÷¸éÖÃÔÚÎļþµ×²¿£¬£¬£¬£¬£¬£¬£¬ÒÔÔö³¤ÆäºÏ·¨ÐÔ¡£¡£ ¡£¡£¡£¡£¡£¡£¹¥»÷Õß³ÆProtonµÄSECURE-SERVER·þÎñ±ØÒªÊÕÈ¡780ÃÀÔªµÄÓöÈÄÜÁ¦½âÃÜÎļþ¡£¡£ ¡£¡£¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/ransomware-pretends-to-be-proton-security-team-securing-data-from-hackers/

6¡¢×êÑÐÈËÔ±Åû¶Windows IoT CoreÉ豸Öеķì϶£¬£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂȨÏÞ±»½Ù³Ö

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


SafeBreach°²È«×êÑÐÈËÔ±Dor AzouriÅû¶ÁËÒ»¸öÓ°ÏìWindows IoT CoreϵͳµÄзì϶£¬£¬£¬£¬£¬£¬£¬¸Ã·ì϶´æÔÚÓÚͨѶºÍ̸Sirep/WPConÖУ¬£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÉ豸µÄ½Ó¼ûȨÏÞ±»½Ù³Ö£¬£¬£¬£¬£¬£¬£¬²¢Ê¹µÃ¹¥»÷ÕßÄܹ»ÆëÈ«½ÚÔì¸ÃÉ豸¡£¡£ ¡£¡£¡£¡£¡£¡£Azouri°µÊ¾¸Ã·ì϶½öÓ°ÏìCore°æ±¾µÄϵͳ£¬£¬£¬£¬£¬£¬£¬¶ø²»Ó°ÏìEnterprise°æ¡£¡£ ¡£¡£¡£¡£¡£¡£Azouri»¹¹¹½¨ÁËÒ»¸öÓÃÓÚ²âÊԸ÷ì϶µÄ¹¤¾ßSirepRAT£¬£¬£¬£¬£¬£¬£¬¸Ã¹¤¾ß½«ÔÚGitHubÉϽøÐпªÔ´¡£¡£ ¡£¡£¡£¡£¡£¡£

 

 Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/new-exploit-lets-attackers-take-control-of-windows-iot-core-devices/

ÉêÃ÷£º±¾×ÊѶÓÉ8827Ì«Ñô¼¯ÍÅάËûÃü°²È«Ó××é·­ÒëºÍÕû¶Ù