{"id":2071,"date":"2022-07-22T15:37:19","date_gmt":"2022-07-22T07:37:19","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2071"},"modified":"2023-02-13T10:43:18","modified_gmt":"2023-02-13T02:43:18","slug":"%e7%be%8e%e5%9c%8b%e7%b6%b2%e8%b7%af%e5%8f%b8%e4%bb%a4%e9%83%a8-uscybercom-%e7%99%bc%e5%b8%83%e4%ba%86%ef%bc%8c%e6%9c%80%e8%bf%91%e9%87%9d%e5%b0%8d%e7%83%8f%e5%85%8b%e8%98%ad%e6%94%bb%e6%93%8a","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2071","title":{"rendered":"\u7f8e\u570b\u7db2\u8def\u53f8\u4ee4\u90e8 (USCYBERCOM) \u767c\u5e03\u4e86\uff0c\u6700\u8fd1\u91dd\u5c0d\u70cf\u514b\u862d\u653b\u64ca\u4e2d\u767c\u73fe\u7684\u60e1\u610f\u8edf\u9ad4\u76f8\u95dc\u7684\u5165\u4fb5\u6307\u6a19!"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

\u7f8e\u570b<\/a>\u7db2\u8def\u53f8\u4ee4\u90e8<\/a>(USCYBERCOM)\u5468\u4e09(7\/20)\u62ab\u9732\u4e86\u6578\u5341\u7a2e\u5f62\u5f0f\u7684\u60e1\u610f\u8edf\u9ad4\uff0c\u9019\u4e9b\u60e1\u610f\u8edf\u9ad4\u5df2\u88ab\u7528\u65bc\u653b\u64ca\u70cf\u514b\u862d\u7684\u7db2\u8def\uff0c\u5176\u4e2d\u5305\u62ec 20 \u500b\u524d\u6240\u672a\u898b\u7684\u60e1\u610f\u7a0b\u5f0f\u6a23\u672c<\/a>\u3002\u60e1\u610f\u8edf\u9ad4\u6a23\u672c\u662f\u7531\u70cf\u514b\u862d\u5b89\u5168\u5c40\u5728\u8a72\u570b\u7684\u5404\u7a2e\u53d7\u611f\u67d3\u7db2\u8def\u4e0a\u767c\u73fe\u7684\uff0c\u64da\u4fe1\uff0c\u81ea 2022 \u5e74 2 \u6708\u4fc4\u7f85\u65af\u5165\u4fb5\u958b\u59cb\u4e4b\u524d\uff0c\u7db2\u8def\u6d3b\u52d5\u5c31\u6709\u6240\u589e\u52a0\u3002<\/p>\n\n\n\n

\u7f8e\u570b\u7db2\u8def\u53f8\u4ee4\u90e8\u6307\u51fa\uff0c\u6b64\u6b21\u62ab\u9732\u7684\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs)\u662f\u4ed6\u5011\u548c\u5176\u4ed6\u7f8e\u570b\u6a5f\u69cb\u5b9a\u671f\u52aa\u529b\u7684\u4e00\u90e8\u5206\uff0c\u65e8\u5728\u7a81\u51fa\u4fc4\u7f85\u65af\u3001\u4e2d\u570b\u3001\u4f0a\u6717\u548c\u5317\u97d3\u7b49\u653b\u64ca\u8005\u7528\u4f86\u524a\u5f31\u70cf\u514b\u862d\u7db2\u8def\u7684\u99ed\u5ba2\u5de5\u5177\u4e26\u65e8\u5728\u52a0\u5f37\u96c6\u9ad4\u7684\u7db2\u8def\u5b89\u5168\uff0c\u7e7c\u7e8c\u5728\u7db2\u8def\u5b89\u5168\u65b9\u9762\u5efa\u7acb\u5f37\u6709\u800c\u529b\u7684\u4f19\u4f34\u95dc\u4fc2\u3002<\/p>\n\n\n\n

\u7f8e\u570b\u7db2\u8def\u53f8\u4ee4\u90e8\u9032\u4e00\u6b65\u89e3\u91cb\u5165\u4fb5\u6307\u6a19\u7684\u91cd\u8981\u6027\uff0c\u7531\u65bc\u5165\u4fb5\u6307\u6a19\u662f\u4e3b\u6a5f\u7cfb\u7d71\u6216\u7db2\u8def\u88ab\u5165\u4fb5\u7684\u8b49\u64da\uff0c\u80fd\u5145\u7576\u6f5b\u5728\u6f0f\u6d1e\u7684\u7db2\u8def\u9632\u79a6\u8005\u7684\u6578\u4f4d\u53d6\u8b49\uff0c\u901a\u904eIOCs\u4f7f\u7528\u6236\u80fd\u5920\u5728\u8a72\u4e3b\u6a5f\u7cfb\u7d71\u6216\u7db2\u8def\u4e2d\u641c\u7d22\u548c\u8b58\u5225\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u6839\u64da Mandiant<\/a>\u7684\u8aaa\u6cd5\uff0c\u70cf\u514b\u862d\u7684\u516c\u5171\u548c\u79c1\u4eba\u5be6\u9ad4\u90fd\u6210\u70ba\u4e86\u5e7e\u500b\u7db2\u8def\u9593\u8adc\u7d44\u7e54\u7684\u76ee\u6a19\uff0c\u9019\u4e9b\u7d44\u7e54\u4f7f\u7528\u7db2\u8def\u91e3\u9b5a\u548c\u8a98\u990c\uff0c\u4e26<\/a>\u5728\u5165\u4fb5\u4e2d\u4f7f\u7528\u7684\u60e1\u610f\u8edf\u9ad4\u652f\u63f4\u591a\u7a2e\u64cd\u4f5c\uff0c\u800c\u9019\u4e9b\u7d44\u7e54\u6b64\u524d\u66fe\u9032\u884c\u904e\u9593\u8adc\u6d3b\u52d5\u3001\u5047\u8a0a\u606f\u64cd\u4f5c\u548c\u7834\u58de\u6027\u653b\u64ca\u7b49\u3002<\/p>\n\n\n\n

\u4e00\u500b\u91dd\u5c0d\u70cf\u514b\u862d\u7684\u99ed\u5ba2\u7d44\u7e54\u662f UNC1151\uff0c\u8207\u767d\u4fc4\u7f85\u65af\u60c5\u5831\u90e8\u9580\u6709\u95dc\u9023\uff0c\u4e26\u70baGhostwriter \u7684\u5047\u8a0a\u606f\u6d3b\u52d5<\/a>\u63d0\u4f9b\u6280\u8853\u652f\u63f4\u3002UNC1151 \u4e00\u76f4\u91dd\u5c0d\u70cf\u514b\u862d\u3001\u62c9\u812b\u7dad\u4e9e\u3001\u7acb\u9676\u5b9b\u3001\u5fb7\u570b\u548c\u6ce2\u862d\u7684\u653f\u5e9c\u548c\u5a92\u9ad4\u5be6\u9ad4\uff0c\u81ea 2 \u6708 24 \u65e5\u4fc4\u70cf\u6230\u722d\u7206\u767c\u4ee5\u4f86\uff0cUNC1151 \u4e00\u76f4\u7a4d\u6975\u91dd\u5c0d\u70cf\u514b\u862d\u3002\u64da\u89c0\u5bdf\uff0c\u8a72\u7db2\u8def\u9593\u8adc\u7d44\u7e54\u4f7f\u7528\u4e86 Cobalt Strike Beacon(\u4e00\u500b\u5177\u6709\u6a94\u6848\u50b3\u8f38\u548cshell \u547d\u4ee4\u57f7\u884c\u529f\u80fd )\u548c Microbackdoor (\u53ef\u4ee5\u50b3\u8f38\u6a94\u6848\u3001\u57f7\u884c\u547d\u4ee4\u3001\u622a\u5716\u548c\u81ea\u6211\u66f4\u65b0) \u7684\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n\n\n\n

\u53e6\u4e00\u500b\u6d3b\u8e8d\u5728\u70cf\u514b\u862d\u7684\u99ed\u5ba2\u7d44\u7e54\u662f\u4fc4\u7f85\u65af\u570b\u5bb6\u7d1a\u99ed\u5ba2UNC2589\uff0c\u7814\u7a76\u4eba\u54e1\u8a8d\u70ba\uff0c\u8a72\u7d44\u7e54\u662f 1 \u6708\u4efd\u90e8\u7f72\u4e86WhisperGate<\/a> \u60e1\u610f\u8edf\u9ad4\uff0c\u5c0d\u70cf\u514b\u862d\u5be6\u9ad4\u7834\u58de\u6027\u653b\u64ca\u7684\u5e55\u5f8c\u9ed1\u624b\u3002WhisperGate \u88ab\u7528\u65bc\u4e00\u7cfb\u5217\u5165\u4fb5\uff0c\u5f71\u97ff\u4e86\u81f3\u5c11 70 \u500b\u5c6c\u65bc\u70cf\u514b\u862d\u653f\u5e9c\u7684\u7db2\u7ad9\u7db2\u57df\u3002\u5728\u904e\u53bb\u7684\u5e7e\u500b\u6708\u4e2d\uff0c\u9084\u89c0\u5bdf\u5230\u8a72\u99ed\u5ba2\u7d44\u7e54\u91dd\u5c0d\u5317\u7f8e\u548c\u6b50\u6d32\u7684\u5317\u7d04\u6210\u54e1\u570b\u3002UNC2589 \u64c5\u9577\u7db2\u8def\u91e3\u9b5a\uff0c\u5229\u7528\u4f8b\u5982 Covid-19\u3001\u653f\u5e9c\u76f8\u95dc\u8a98\u990c\u3001\u70cf\u514b\u862d\u6230\u722d\u7b49\u4e3b\u984c\u4f86\u90e8\u7f72\u60e1\u610f\u8edf\u9ad4–Grimplant\uff08\u4e00\u7a2e\u57fa\u65bc Go \u7684\u5f8c\u9580\uff0c\u7528\u65bc\u57f7\u884c\u7cfb\u7d71\u76e3\u8996\u548c\u547d\u4ee4\u57f7\u884c\uff09\u548c Graphsteel (\u4e00\u7a2e\u958b\u6e90\u7684\u6ef2\u900f\u5de5\u5177\uff0c\u53ef\u4ee5\u5f9e\u76ee\u6a19\u7cfb\u7d71\u4e2d\u6536\u96c6\u5404\u7a2e\u985e\u578b\u7684\u8cc7\u6599\u3002)<\/p>\n\n\n\n

\u00a0“\u8f49\u8cbc\u3001\u5206\u4eab\u6216\u5f15\u7528\u6587\u7ae0\u5167\u5bb9\uff0c\u8acb\u8a3b\u660e\u51fa\u8655\u70ba\u7ae3\u76df\u79d1\u6280\u00a0https:\/\/www.billows.com.tw<\/a>\u00a0, \u4ee5\u514d\u89f8\u6cd5”<\/p>\n","protected":false},"excerpt":{"rendered":"

\u7f8e\u570b\u7db2\u8def\u53f8\u4ee4\u90e8(USCYBERCOM)\u5468\u4e09(7\/20)\u62ab\u9732\u4e86\u6578\u5341\u7a2e\u5f62\u5f0f\u7684\u60e1\u610f\u8edf\u9ad4\uff0c\u9019\u4e9b\u60e1\u610f\u8edf\u9ad4\u5df2\u88ab\u7528\u65bc\u653b\u64ca\u70cf\u514b READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-2071","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2071"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2071\/revisions"}],"predecessor-version":[{"id":2420,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2071\/revisions\/2420"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}