{"id":1557,"date":"2021-12-10T11:25:19","date_gmt":"2021-12-10T03:25:19","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1557"},"modified":"2021-12-10T11:37:25","modified_gmt":"2021-12-10T03:37:25","slug":"emotet-%e6%94%b9%e8%ae%8a%e7%ad%96%e7%95%a5%ef%bc%8c%e8%b7%b3%e9%81%8e%e4%b8%ad%e9%96%93%e7%9a%84%e6%9c%a8%e9%a6%ac%e7%a8%8b%e5%bc%8f%ef%bc%8c%e7%9b%b4%e6%8e%a5%e6%8a%95%e6%94%becobalt-strike%e7%9a%84","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1557","title":{"rendered":"Emotet \u6539\u8b8a\u7b56\u7565\uff0c\u8df3\u904e\u4e2d\u9593\u7684\u6728\u99ac\u7a0b\u5f0f\uff0c\u76f4\u63a5\u6295\u653eCobalt Strike\u7684Beacon"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Emotet\u7684\u56de\u6b78<\/a>\u662f\u4e00\u500b\u5de8\u5927\u7684\u5a01\u8105\uff0c\u540c\u6642\u5b83\u7684\u767c\u5c55\u4e5f\u4ee4\u4eba\u64d4\u6182\uff0c\u5728\u904e\u53bbEmotet\u6703\u5728\u53d7\u611f\u67d3\u7684\u8a2d\u5099\u4e0a\u5b89\u88ddTrickBot\u6216Qbot\u6728\u99ac\uff0c\u9032\u800c\u5728\u53d7\u611f\u67d3\u7684\u7cfb\u7d71\u4e0a\u90e8\u7f72 Cobalt Strike\u3002\u5728\u5178\u578b\u7684\u653b\u64ca\u4e2d\uff0c\u53d7\u5bb3\u8005\u5728\u6700\u521d\u611f\u67d3\u548c\u88ab\u90e8\u7f72\u52d2\u7d22\u8edf\u9ad4\u4e4b\u9593\u6703\u6709\u5927\u7d04\u4e00\u500b\u6708\u7684\u6642\u9593\u3002\u4f46\u73fe\u5728\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u7531\u65bcEmotet\u8df3\u904e\u4e86\u4e2d\u9593\u6728\u99acTrickBot \u548c Qbot \u7684\u521d\u59cb\u6709\u6548\u8ca0\u8f09\uff0c\u99ed\u5ba2\u5c07\u53ef\u7acb\u5373\u5b58\u53d6\u7db2\u8def\u3001\u6a6b\u5411\u50b3\u64ad\u3001\u5feb\u901f\u90e8\u7f72\u52d2\u7d22\u8edf\u9ad4\u4e26\u7aca\u53d6\u6578\u64da\uff0c\u9019\u81ea\u7136\u610f\u5473\u8457\u5f9e Emotet \u611f\u67d3\u5230\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u7684\u6642\u9593\u5927\u5927\u7e2e\u77ed\u3002\u64da\u6089\uff0cEmotet\u7684\u6372\u571f\u91cd\u4f86\uff0c\u662f\u7531\u64cd\u4f5cConti\u52d2\u7d22\u8edf\u9ad4\u7684\u99ed\u5ba2\u63a8\u6ce2\u52a9\u703e\u7684\uff0c\u800cCobalt Strike\u7684Beacon\u5feb\u901f\u5b89\u88dd\u6709\u671b\u52a0\u901f\u52d2\u7d22\u8edf\u9ad4\u7684\u90e8\u7f72\u3002<\/p>\n\n\n\n

\n

\ud83d\udea8\ud83d\udea8WARNING \ud83d\udea8\ud83d\udea8 We have confirmed that #Emotet<\/a> is dropping CS Beacons on E5 Bots and we have observed the following as of 10:00EST\/15:00UTC. The following beacon was dropped: https:\/\/t.co\/imJDQTGqxV<\/a> Note the traffic to lartmana[.]com. This is an active CS Teams Server. 1\/x<\/p>— Cryptolaemus (@Cryptolaemus1) December 7, 2021<\/a><\/blockquote>