{"id":1418,"date":"2021-10-08T12:55:16","date_gmt":"2021-10-08T04:55:16","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1418"},"modified":"2021-10-08T14:18:42","modified_gmt":"2021-10-08T06:18:42","slug":"%e9%a6%99%e6%b8%af%e7%9a%84%e6%95%b8%e4%bd%8d%e8%a1%8c%e9%8a%b7%e5%85%ac%e5%8f%b8fimmick%e9%81%adrevil%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94%e5%85%a5%e4%be%b5%ef%bc%8c%e5%ae%98%e7%b6%b2%e7%9b%ae","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1418","title":{"rendered":"\u9999\u6e2f\u7684\u6578\u4f4d\u884c\u92b7\u516c\u53f8Fimmick\u906dREvil\u52d2\u7d22\u8edf\u9ad4\u5165\u4fb5\uff0c\u5b98\u7db2\u76ee\u524d\u95dc\u9589\uff0cREvil\u5ba3\u7a31\u5df2\u76dc1TB\u7684\u6578\u64da"},"content":{"rendered":"\n

\u6839\u64da\u8cc7\u5b89\u5916\u5a92\u7684ZDNet\u5831\u5c0e<\/a>\uff0c\u9999\u6e2f\u7684Fimmick(\u65e5\u5d1a)\u6210\u70ba\u6700\u65b0\u53d7REvil\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u7684\u53d7\u5bb3\u8005\uff01Fimmick\u5728\u9999\u6e2f\u3001\u65e5\u672c\u3001\u53f0\u7063\u53ca\u4e2d\u570b\u5404\u5730\u8a2d\u6709\u8fa6\u516c\u5ba4\uff0c\u5176\u5ba2\u6236\u5305\u62ec\u9ea5\u7576\u52de\u3001\u53ef\u53e3\u53ef\u6a02\u3001Shell\u3001\u83ef\u78a9\u7b49\u591a\u5bb6\u77e5\u540d\u4f01\u696d\uff0c\u73fe\u6642 Fimmick\u7684\u7db2\u7ad9\u5448\u73fe\u300c\u7dad\u8b77\u4e2d\u300d\u7684\u72c0\u614b\u3002<\/p>\n\n\n\n

\"\"
Fimmick\u5b98\u7db2\u5448\u73fe\u7dad\u8b77\u4e2d\u7684\u72c0\u614b<\/figcaption><\/figure>\n\n\n\n

\u6839\u64da\u82f1\u570b\u8cc7\u5b89\u516c\u53f8 X Cyber\u200b\u200b Group \u7684\u57f7\u884c\u9577Matt Lane \u8868\u793a\uff0c\u5728\u7f8e\u570b\u6642\u9593\u7684\u54682\uff0c\u767c\u73fe REvil \u5165\u4fb5\u4e86 Fimmick \u7684\u6578\u64da\u5eab\uff0c\u64da\u6307Fimmick\u7684\u6578\u64da\u5eab\u4e2d\u6709\u200b\u200b\u4f86\u81ea\u591a\u500b\u5168\u7403\u54c1\u724c\u7684\u6578\u64da\uff0c\u64cd\u4f5cREvil\u52d2\u7d22\u8edf\u9ad4\u7684\u99ed\u5ba2\u5728\u5176\u63ed\u79d8\u7db2\u7ad9Happy Blog\u4e2d\uff0c\u4e0a\u50b3\u76dc\u4f86\u7684\u6578\u64da\u76ee\u9304\uff0c\u540d\u55ae\u4e0a\u6709 Cetaphil\u3001\u9ea5\u7576\u52de\u3001\u53ef\u53e3\u53ef\u6a02\u3001Adidas\u548c Kate Spade\u3001 Acuvue\u7b49\u4f01\u696d\u3002<\/p>\n\n\n\n

\"\"
Photo Credit: Darkfeed<\/figcaption><\/figure>\n\n\n\n

\u5c0d\u65bc\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u8005\u800c\u8a00\uff0c\u884c\u92b7\u516c\u53f8\u5177\u6709\u6975\u9ad8\u7a0b\u5ea6\u7684\u5438\u5f15\u529b\uff0c\u7531\u65bc\u8207\u5176\u4ed6\u4f01\u696d\u6709\u7dca\u5bc6\u5408\u4f5c\uff0c\u64c1\u6709\u5f88\u591a\u5927\u516c\u53f8\u7684\u91cd\u8981\u6578\u64da\uff0c\u80fd\u89f8\u767c\u66f4\u591a\u53ef\u653b\u64ca\u7684\u76ee\u6a19\uff0c\u5c31\u50cf\u653b\u64ca\u670d\u52d9\u63d0\u4f9b\u5546\u4e00\u6a23\uff0c\u6216\u6703\u89f8\u767c\u9aa8\u724c\u6548\u61c9\uff0c\u4ee4\u5176\u4ed6\u4f7f\u7528\u53d7\u5bb3\u8005\u670d\u52d9\u7684\u4f01\u696d\u540c\u53d7\u6ce2\u53ca\uff0c\u653b\u64ca\u9019\u5169\u985e\u516c\u53f8\u53ef\u8b93\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u7372\u5f97\u66f4\u5927\u7684\u6536\u76ca\u3002<\/p>\n\n\n\n

\u8cc7\u5b89\u516c\u53f8 Recorded Future\u7684\u52d2\u7d22\u8edf\u9ad4\u5c08\u5bb6Allan Liska \u8868\u793a\uff0c\u7559\u610f\u5230\u884c\u92b7\u516c\u53f8\u76f8\u8f03\u5bb9\u6613\u53d7\u5230\u653b\u64ca\uff0c\u5c24\u5176\u662f\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\uff0c\u56e0\u70ba\u4ed6\u5011\u7d93\u5e38\u63a5\u89f8\u4e0d\u540c\u985e\u578b\u7684\u5ba2\u6236\uff0c\u4e26\u6703\u6536\u5230\u5927\u91cf\u5e36\u6709\u9644\u4ef6\u7684\u96fb\u5b50\u90f5\u4ef6\uff0c\u800c\u9019\u6b63\u6b63\u662f\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u6700\u559c\u6b61\u7684\u521d\u59cb\u63a5\u89f8\u53d7\u5bb3\u8005\u7684\u65b9\u6cd5\uff0c\u53bb\u5e74\u81f3\u5c11\u6709\u5176\u4ed6\u4e09\u9593\u884c\u92b7\u516c\u53f8(Wieden+Kennedy\u3001MBA Group \u548c Empirical Research Partners)\u53d7\u5230\u52d2\u7d22\u8edf\u9ad4\u7684\u653b\u64ca\uff0c\u4f46Liska \u53c8\u6307\uff0c\u88ab\u653b\u64ca\u7684\u884c\u92b7\u516c\u53f8\u7684\u5be6\u969b\u6578\u91cf\u53ef\u80fd\u9084\u8981\u66f4\u591a\uff0c\u4f46\u8207\u5b78\u6821\u6216\u91ab\u9662\u4e0d\u540c\uff0c\u7576\u884c\u92b7\u516c\u53f8\u53d7\u5230\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u6642\uff0c\u5b83\u5f88\u5c11\u6210\u70ba\u982d\u689d\u65b0\u805e\u3002 McAfee \u5728\u6700\u8fd1\u767c\u5e03\u7684\u6df1\u5ea6\u5a01\u8105\u7814\u7a76\u5831\u544aRansomware\u2019s Increasing Prevalence<\/a>\u4e2d\u6307\u51fa\uff0cREvil\u52d2\u7d22\u8edf\u9ad4\u662f\u53602021\u5e74\u7b2c\u4e8c\u5b63\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u7684\u6aa2\u6e2c\u91cf\u7b2c1\u540d\uff0c\u7e3d\u6aa2\u6e2c\u91cf\u70ba73%\uff0c\u7b2c2\u548c3\u540d\u653b\u64ca\u6700\u5147\u7684\u52d2\u7d22\u8edf\u9ad4\u5206\u5225\u662fRansomEXX\u548cRyuk\u3002<\/p>\n\n\n\n

REvil\u4ee5\u5411\u53d7\u5bb3\u8005\u7d22\u53d6\u9ad8\u6602\u8d16\u91d1\u800c\u81ed\u540d\u662d\u8457\uff0c\u7576\u4e2d\u906d\u52d2\u7d22\u7684\u4f01\u696d\u5305\u62ec\uff1a<\/p>\n\n\n\n

*\u65e5\u6708\u5149\u96c6\u5718\u65d7\u4e0b\u5b50Asteelflash Group<\/a>\u66fe\u906d\u52d2\u7d222400\u842c\u7f8e\u5143<\/p>\n\n\n\n

*Acer<\/a>\u66fe\u906d\u52d2\u7d225\u5343\u842c\u7f8e\u5143<\/p>\n\n\n\n

*\u5ee3\u9054<\/a>\u66fe\u906d\u52d2\u7d225\u5343\u842c\u7f8e\u5143<\/p>\n\n\n\n

*\u7f8e\u570bJBS Food<\/a>\u627f\u8a8d\u652f\u4ed81100 \u842c\u7f8e\u5143<\/p>\n\n\n\n

*Kaseya<\/a>\u88abREvil\u52d2\u7d227\u5343\u842c\u7f8e\u5143<\/p>\n\n\n\n

\u6709\u95dcREvil\u52d2\u7d22\u8edf\u9ad4\u7684\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n

SHA 1: 29f16c046a344e0d0adfea80d5d7958d6b6b8cfa<\/p>\n\n\n\n

SHA1: 9586ebc83a1b6949e08820b46faf72ee5b132bca<\/p>\n\n\n\n

SHA1 :45404b862e70a7a1b4db6c73d374b8ac19ddf772<\/p>\n\n\n\n

SHA1: 446771415864f4916df33aad1aa7e42fa104adee<\/p>\n\n\n\n

SHA 256: ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4<\/p>\n\n\n\n

SHA 256 : d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763<\/p>\n\n\n\n

SHA 256:<\/p>\n\n\n\n

796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4<\/p>\n\n\n\n

SHA 256:<\/p>\n\n\n\n

3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d<\/p>\n\n\n\n

MD5:395249d3e6dae1caff6b5b2e1f75bacd<\/p>\n\n\n\n

MD5: ab3229656f73505a3c53f7d2e95efd0e<\/p>\n\n\n\n

MD5: 96a157e4c0bef22e0cea1299f88d4745<\/p>\n","protected":false},"excerpt":{"rendered":"

\u6839\u64da\u8cc7\u5b89\u5916\u5a92\u7684ZDNet\u5831\u5c0e\uff0c\u9999\u6e2f\u7684Fimmick(\u65e5\u5d1a)\u6210\u70ba\u6700\u65b0\u53d7REvil\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u7684\u53d7\u5bb3\u8005\uff01Fimmi READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[100],"class_list":["post-1418","post","type-post","status-publish","format-standard","hentry","category-6","tag-revilransomware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1418"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1418\/revisions"}],"predecessor-version":[{"id":1421,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1418\/revisions\/1421"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}