{"id":1633,"date":"2022-01-21T14:48:30","date_gmt":"2022-01-21T06:48:30","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1633"},"modified":"2022-01-24T14:07:40","modified_gmt":"2022-01-24T06:07:40","slug":"%e5%8d%b0%e5%b0%bc%e4%b8%ad%e5%a4%ae%e9%8a%80%e8%a1%8c-bank-indonesia%e8%ad%89%e5%af%a6%e9%81%ad%e5%88%b0%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94%e6%94%bb%e6%93%8a%ef%bc%8c16%e5%8f%b0%e9%9b%bb%e8%85%a6","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1633","title":{"rendered":"\u5370\u5c3c\u4e2d\u592e\u9280\u884c-Bank Indonesia\u8b49\u5be6\u906d\u5230\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\uff0c16\u53f0\u96fb\u8166\u906d\u6b83\uff0c\u76ee\u524d\u5df2\u670913.88 GB\u6578\u64da\u88ab\u99ed\u5ba2\u638c\u63e1\uff0c\u5e55\u5f8c\u9ed1\u624b\u6307\u5411Conti"},"content":{"rendered":"\n

\u5370\u5c3c\u4e2d\u592e\u9280\u884c-\u5370\u5ea6\u5c3c\u897f\u4e9e\u9280\u884c\uff08Bank Indonesia-BI<\/strong>\uff09\u4eca\u5929\u8b49\u5be6\uff0c\u4e0a\u500b\u6708\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u8972\u64ca\u4e86\u5176\u7db2\u8def\u3002\u64da CNN Indonesia<\/a>\u5831\u5c0e\uff0c\u5728\u6b64\u6b21\u4e8b\u4ef6\u4e2d\uff0c\u653b\u64ca\u8005\u7aca\u53d6\u4e86\u5c6c\u65bc\u5370\u5c3c\u9280\u884c\u54e1\u5de5\u7684\u201c\u975e\u95dc\u9375\u6578\u64da\u201d\uff0c\u7136\u5f8c\u5728\u8a72\u9280\u884c\u7db2\u8def\u4e0a\u768416\u500b\u7cfb\u7d71\u4e0a\u90e8\u7f72\u4e86\u52d2\u7d22\u8edf\u9ad4\u6709\u6548\u8ca0\u8f09 \uff0cBI\u767c\u8a00\u4eba Erwin Haryono\u8868\u793a\uff0c\u6211\u5011\u7684\u7db2\u8def\u906d\u5230\u4e86\u8972\u64ca\uff0c\u4f46\u5230\u76ee\u524d\u70ba\u6b62\uff0c\u6211\u5011\u63a1\u53d6\u4e86\u9810\u671f\u63aa\u65bd\uff0c\u6700\u91cd\u8981\u7684\u662fBank Indonesia\u7684\u516c\u5171\u670d\u52d9\u6c92\u6709\u53d7\u5230\u5f71\u97ff\uff0c\u6b64\u6b21\u653b\u64ca\u7684\u98a8\u96aa\u5df2\u5f97\u5230\u7de9\u89e3\uff0c\u6b63\u5f9e\u7db2\u8def\u653b\u64ca\u4e2d\u5fa9\u539f\u3002<\/p>\n\n\n\n

\"\u5370\u5c3c\u9280\u884c\"\/<\/figure>\n\n\n\n
\"\"


<\/figcaption><\/figure>\n\n\n\n

\u96d6\u7136BI\u767c\u8a00\u4eba Erwin Haryono \u6c92\u6709\u5c07\u9019\u6b21\u653b\u64ca\u6b78\u548e\u65bc\u7279\u5b9a\u7684\u52d2\u7d22\u8edf\u9ad4\uff0c\u4f46Conti\u5728\u5176\u63ed\u79d8\u7db2\u7ad9\u8072\u7a31\u6210\u529f\u653b\u64ca\u4e86BI\u4e26\u5f9eBI\u7db2\u8def\u7aca\u53d6\u4e8617034\u4efd\u6a94\u6848\uff0c\u5982\u679cBI\u4e0d\u4ed8\u8d16\u91d1\uff0c\u8a72\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u5c07\u5916\u6d2913.88 GB \u7684\u6578\u64da\u3002<\/p>\n\n\n\n

Conti\u662f\u4e00\u9805\u52d2\u7d22\u8edf\u9ad4\u5373\u670d\u52d9 (Ransomware as a Service-RaaS)\u64cd\u4f5c\uff0c\u8207Wizard Spider<\/a>\u4fc4\u7f85\u65af\u7db2\u8def\u72af\u7f6a\u7d44\u7e54\u6709\u95dc\u806f\uff0c\u8a72\u7d44\u7e54\u4e5f\u4ee5\u5176\u4ed6\u81ed\u540d\u662d\u8457\u7684\u60e1\u610f\u8edf\u9ad4\u800c\u805e\u540d\uff0c\u5305\u62ec Ryuk\u3001TrickBot\u548cBazarLoader\u3002\u5728\u4eca\u5929FBI\u767c\u5e03\u7684\u65b0Flash\u8aee\u8a62<\/a>\u516c\u544a\u4e2d\uff0cFBI \u5df2\u6b63\u5f0f\u5c07 Diavol<\/em><\/a><\/strong>\u52d2\u7d22\u8edf\u9ad4<\/em>\u8207Wizard Spider\u7d44\u7e54\u806f\u7e6b\u8d77\u4f86\uff0c\u8868\u660eWizard Spider\u5728\u653b\u64ca\u4e2d\u6703\u5229\u7528Conti\u548cDiavol\u9019\u5169\u652f\u52d2\u7d22\u8edf\u9ad4\u3002\u64da\u4e86\u89e3\uff0c\u7814\u7a76\u4eba\u54e1\u57282021\u5e746\u6708\u521d\u7684\u540c\u4e00\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u4e2d\u770b\u5230\u4e86Diavol\u548cConti\u52d2\u7d22\u8edf\u9ad4\u6709\u6548\u8ca0\u8f09\u90e8\u7f72\u5728\u7db2\u8def\u4e0a\u3002\u5728\u5206\u6790\u4e86\u5169\u500b\u52d2\u7d22\u8edf\u9ad4\u6a23\u672c\u5f8c\uff0c\u767c\u73fe\u4e86\u76f8\u4f3c\u4e4b\u8655\uff0c\u4f8b\u5982\u5b83\u5011\u4f7f\u7528\u7570\u6b65I \/ O\u64cd\u4f5c\u9032\u884c\u6a94\u6848\u52a0\u5bc6\uff0c\u4ee5\u53ca\u70ba\u76f8\u540c\u529f\u80fd\u4f7f\u7528\u5e7e\u4e4e\u4e00\u81f4\u7684\u547d\u4ee4\u5217\u53c3\u6578\uff0c\u7531\u6b64\u53ef\u898b\uff0cWizard Spider\u72af\u7f6a\u7d44\u7e54\u7684\u767c\u5c55\u53ca\u52d5\u614b\u662f\u503c\u5f97\u6ce8\u610f\u7684\u3002<\/p>\n\n\n\n

Conti\u4ee5\u653b\u64ca\u77e5\u540d\u53ca\u4f01\u696d\u7d44\u7e54\u800c\u805e\u540d\uff0c\u5728\u904e\u53bb\u5176\u53d7\u5bb3\u8005\u5305\u62ec\u53f0\u7063\u7814\u83ef\u79d1\u6280<\/a>\uff0c\u65e5\u672cJVC KENWOOD<\/a>\uff0c\u611b\u723e\u862d\u885b\u751f\u5065\u5eb7\u7f72<\/a>\uff0c\u904a\u6232\u516c\u53f8\u5361\u666e\u7a7aCapcom<\/a>\u7b49<\/p>\n\n\n\n

\u6709\u95dcConti\u52d2\u7d22\u8edf\u9ad4\u7684\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n

Domain:<\/p>\n\n\n\n

sammitng.com<\/p>\n\n\n\n

SHA 256:<\/p>\n\n\n\n

c867fbc963c6975918f6744e196e0cc648777c7252ca740254e6eed9918c6fd1<\/p>\n\n\n\n

bea4dcabc10ad8b7ef79579a1c511ec42cb98ddd1cf607a5a5ee369b28aa144b<\/p>\n\n\n\n

a290ce75c6c6b37af077b72dc9c2c347a2eede4fafa6551387fa8469539409c7<\/p>\n\n\n\n

63de40c7382bbfe7639f51262544a3a62d0270d259e3423e24415c370dd77a60<\/p>\n\n\n\n

9d63a34f83588e208cbd877ba4934d411d5273f64c98a43e56f8e7a45078275d<\/p>\n\n\n\n

5c649554d9ea77e98dbf0df0d4010255075c6c5324fc7526c667a180c06a050a<\/p>\n\n\n\n

37b264e165e139c3071eb1d4f9594811f6b983d8f4b7ef1fe56ebf3d1f35ac89<\/p>\n\n\n\n

31f8ad3f818ef0635109cecfff8f2e03f5e47a9a62a2fe548bc10393e3318d4f<\/p>\n\n\n\n

24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9<\/p>\n\n\n\n

SHA 1:<\/p>\n\n\n\n

e115f1be72f730bf3a7b7d9e2ec9e4b7b7a4b5e7<\/p>\n\n\n\n

c07dbec39149a3bb20a54b9eeb2e453a7c5bdd2f<\/p>\n\n\n\n

856366815cac27775b944a236ad3a6f523a4136d<\/p>\n\n\n\n

bf92ce7c065568c1b893c1ababa04eeffedadcca<\/p>\n\n\n\n

7ed8d5a2e09d48ccb84d790abfa7a1556b9d4990<\/p>\n\n\n\n

6a31edc3e73957bb25e51abfd4efb4fd5eb51dbc<\/p>\n\n\n\n

4ff45fb8003ab1075bdbbc9d044b7c31374f3cdb<\/p>\n\n\n\n

092ac6f8d072c4cf045e35a839d5bb8f1360f1ae<\/p>\n\n\n\n

MD5<\/p>\n\n\n\n

e35df3e00ca4ef31d42b34bebaa2f86e<\/p>\n\n\n\n

b656845e2755920db24364b42ce2ea18<\/p>\n\n\n\n

abbbd0e30c4e66ad59518b9460dbcdfd<\/p>\n\n\n\n

72296b01b37d6baefaecbc5bdecfadb6<\/p>\n\n\n\n

29154f55df2171ccfe6316a77496d451<\/p>\n\n\n\n

215e0accdf538d48a8a7bf79009e8f9b<\/p>\n\n\n\n

a0e9f5d64349fb13191bc781f81f42e1<\/p>\n\n\n\n

Yara:<\/p>\n\n\n\n

ca8476a53823a9644533a81cb37c52d4eb22750e<\/p>\n\n\n\n

901a241c9bbd91aadda3ee7ed4cdc96eaa27d03a<\/p>\n\n\n\n

d6a13a17c05f84c20b699785efba7b7af4b8cb7f<\/p>\n\n\n\n

e458fa0d1dfe88ada943c9c77c7a17c938f30a2b<\/p>\n\n\n\n

IPv4:<\/p>\n\n\n\n

82.118.21.1<\/p>\n\n\n\n

185.141.63.120<\/p>\n\n\n\n

162.244.80.235<\/p>\n\n\n\n

162.244.83.216<\/p>\n\n\n\n

CVE:<\/p>\n\n\n\n

CVE-2021-34527<\/p>\n\n\n\n

CVE-2020-1472<\/p>\n\n\n\n

1\u670824\u65e5\u66f4\u65b0:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u6700\u65b0\u6d88\u606f\uff0c\u64cd\u4f5cConti\u7684\u99ed\u5ba2\u7d44\u7e54\u6301\u7e8c\u516c\u958b\u5370\u5c3c\u592e\u884c\u7684\u5167\u90e8\u8cc7\u6599\uff0c\u7531\u539f\u5148\u768413.88 GB\u589e\u52a0\u523074.82GB\uff0c \u6839\u64da\u8cc7\u5b89\u696d\u8005DarkTracker\u7a31\uff0c\u906d\u5165\u4fb5\u96fb\u8166\u5f9e\u539f\u672c\u768416\u53f0\u589e\u52a0\u5230237\u53f0\u3002<\/p>\n\n\n\n

\n

Conti ransomware gang continues to upload Bank of Indonesia's internal data. The first leak was 487MB of data but now it reaches 74GB. Compromised internal PCs were estimated at 16 initially, and now go up to 237. pic.twitter.com\/FK2vXpGPXH<\/a><\/p>— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) January 24, 2022<\/a><\/blockquote>