{"id":2951,"date":"2023-12-29T13:50:16","date_gmt":"2023-12-29T05:50:16","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2951"},"modified":"2023-12-29T13:52:33","modified_gmt":"2023-12-29T05:52:33","slug":"%e4%b8%ad%e5%9c%8bapt%e9%a7%ad%e5%ae%a2%e5%88%a9%e7%94%a8barracuda%e9%9b%bb%e5%ad%90%e9%83%b5%e4%bb%b6%e5%ae%89%e5%85%a8%e9%96%98%e9%81%93%e5%99%a8%e4%b8%ad%e7%9a%84%e9%9b%b6%e6%97%a5%e6%bc%8f","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2951","title":{"rendered":"\u4e2d\u570bAPT\u99ed\u5ba2\u5229\u7528Barracuda\u96fb\u5b50\u90f5\u4ef6\u5b89\u5168\u9598\u9053\u5668\u4e2d\u7684\u96f6\u65e5\u6f0f\u6d1e \u9396\u5b9a\u7f8e\u570b\u3001\u4e9e\u592a\u53ca\u65e5\u672c\u7684\u653f\u5e9c\u3001\u79d1\u6280\u7d44\u7e54"},"content":{"rendered":"\n

#CVE-2023-7102<\/p>\n\n\n\n

\"\"
Photo Credit: Barracuda<\/figcaption><\/figure>\n\n\n\n

\u7f8e\u570b\u8cc7\u5b89\u5ee0\u5546Barracuda \u900f\u9732<\/a>\uff0c\u4e2d\u570b\u570b\u5bb6\u7d1a\u99ed\u5ba2\u5229\u7528\u5176\u96fb\u5b50\u90f5\u4ef6\u5b89\u5168\u7db2\u95dc\uff08ESG\uff09\u8a2d\u5099\u4e2d\u7684\u96f6\u65e5\u6f0f\u6d1e\u5728\u300c\u6709\u9650\u6578\u91cf\u300d\u7684\u8a2d\u5099\u4e0a\u90e8\u7f72\u5f8c\u9580\uff0cESG\u6f0f\u6d1e\uff08\u7de8\u865f\u70ba CVE-2023-7102\uff09\u662f\u4e00\u500b\u5f71\u97ff\u300cSpreadsheet::ParseExcel\u300d\u7684\u4efb\u610f\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\uff0c\u300cSpreadsheet::ParseExcel\u300d\u662f ESG \u88dd\u7f6e\u7528\u4f86\u6aa2\u67e5 Excel \u96fb\u5b50\u90f5\u4ef6\u9644\u4ef6\u662f\u5426\u6709\u60e1\u610f\u8edf\u9ad4\u7684\u958b\u6e90\u7a0b\u5f0f\u5eab\u3002\u653b\u64ca\u8005\u53ef\u4ee5\u5728\u7279\u88fd\u7684 Excel \u6a94\u6848\u4e2d\u690d\u5165\u60e1\u610f\u7a0b\u5f0f\u78bc\uff0c\u4e26\u5c07\u5176\u4f5c\u70ba\u9644\u4ef6\u767c\u9001\u7d66\u76ee\u6a19\u7d44\u7e54\u3002\u7576 ESG \u88dd\u7f6e\u6383\u63cf\u96fb\u5b50\u90f5\u4ef6\u6642\uff0c\u60e1\u610f\u7a0b\u5f0f\u78bc\u6703\u5728\u6c92\u6709\u4efb\u4f55\u4f7f\u7528\u8005\u4e92\u52d5\u7684\u60c5\u6cc1\u4e0b\u57f7\u884c\uff0c\u4f7f\u653b\u64ca\u8005\u80fd\u5920\u5b58\u53d6\u7cfb\u7d71\u4e26\u7aca\u53d6\u6709\u50f9\u503c\u7684\u8cc7\u6599\u3002<\/p>\n\n\n\n

Barracuda\u5c07\u8a72\u6d3b\u52d5\u6b78\u56e0\u65bcMandiant<\/a> \u8ffd\u8e2a\u7684\u4e2d\u570bAPT\u99ed\u5ba2UNC4841\uff0c\u8a72\u7d44\u7e54\u6b64\u524d\u66fe\u7a4d\u6975\u5229\u7528<\/a>Barracuda \u8a2d\u5099\u4e2d\u53e6\u4e00\u500b\u96f6\u65e5\u6f0f\u6d1e\uff08CVE-2023-2868\uff0cCVSS \u8a55\u5206\uff1a9.8 \uff09\u3002UNC4841\u65bc12 \u670820 \u65e5\u88ab\u767c\u73fe\u5229\u7528\u96f6\u65e5\u6f0f\u6d1eCVE-2023-7102\uff0c\u4f46\u6709\u8b49\u64da\u8868\u660e\u8a72\u6d3b\u52d5\u65bc11 \u670830 \u65e5\u5de6\u53f3\u958b\u59cb\u3002\u99ed\u5ba2\u5229\u7528 CVE-2023-7102 \u5411 Barracuda \u5ba2\u6236\u63d0\u4f9b SeaSpy \u548c SaltWater \u60e1\u610f\u8edf\u9ad4\u7684\u65b0\u8b8a\u7a2e\u3002\u9019\u4e9b\u653b\u64ca\u662f UNC4841 \u7db2\u8def\u9593\u8adc\u6d3b\u52d5\u7684\u4e00\u90e8\u5206\uff0c\u91dd\u5c0d\u7684\u662f\u653f\u5e9c\u3001IT \u548c\u9ad8\u79d1\u6280\u7d44\u7e54\uff0c\u4e3b\u8981\u4f4d\u65bc\u7f8e\u570b\u4ee5\u53ca\u4e9e\u592a\u548c\u65e5\u672c (APJ) \u5730\u5340\u3002<\/p>\n\n\n\n

Barracuda\u8fc5\u901f\u505a\u51fa\u56de\u61c9\uff0c\u90e8\u7f72\u66f4\u65b0\u4f86\u4fee\u5fa9\u6f0f\u6d1e\u4ee5\u53ca\u53ef\u80fd\u53d7\u5230\u65b0\u767c\u73fe\u7684\u60e1\u610f\u8edf\u9ad4\u8b8a\u9ad4\u5371\u5bb3\u7684 ESG \u8a2d\u5099\u3002Barracuda\u767c\u5e03\u4e86\u4e00\u500b\u5b89\u5168\u66f4\u65b0\uff0c\u8a72\u66f4\u65b0\u5df2\u65bc 2023 \u5e74 12 \u6708 21 \u65e5\u201c\u81ea\u52d5\u61c9\u7528\u201d\uff0c\u5ba2\u6236\u7121\u9700\u63a1\u53d6\u9032\u4e00\u6b65\u884c\u52d5\u3002Barracuda\u9084\u9032\u4e00\u6b65\u6307\u51fa\uff0c\u5b83\u4e00\u5929\u5f8c\u300c\u90e8\u7f72\u4e86\u4e00\u500b\u4fee\u88dc\u4f86\u4fee\u5fa9\u53d7\u5165\u4fb5\u7684 ESG \u8a2d\u5099\uff0c\u8a72\u8a2d\u5099\u986f\u793a\u51fa\u8207\u65b0\u8b58\u5225\u7684\u60e1\u610f\u8edf\u9ad4\u8b8a\u9ad4\u76f8\u95dc\u7684\u5165\u4fb5\u8de1\u8c61\u300d\uff0c\u7136\u800c\u5b83\u6c92\u6709\u900f\u9732\u5165\u4fb5\u7684\u898f\u6a21\u3002\u4e5f\u5c31\u662f\u8aaa\uff0cSpreadsheet::ParseExcel Perl \u6a21\u7d44\uff08\u7248\u672c 0.65\uff09\u4e2d\u7684\u539f\u59cb\u6f0f\u6d1e\u4ecd\u672a\u4fee\u88dc\uff0c\u4e26\u5df2\u88ab\u6307\u6d3e CVE \u8b58\u5225\u78bcCVE-2023-7101<\/a>\uff0c\u9700\u8981\u4e0b\u6e38\u4f7f\u7528\u8005\u63a1\u53d6\u9069\u7576\u7684\u88dc\u6551\u63aa\u65bd\u3002<\/p>\n\n\n\n

\u64da\u4e00\u76f4\u5728\u8abf\u67e5\u8a72\u7d44\u7e54\u6d3b\u52d5\u7684 Mandiant \u7a31\uff0c\u81ea 2022 \u5e74 10 \u6708\u4ee5\u4f86\uff0c\u4f30\u8a08\u81f3\u5c11\u6709 16 \u500b\u570b\u5bb6\u7684\u4e00\u4e9b\u79c1\u71df\u548c\u516c\u5171\u90e8\u9580\u7d44\u7e54\u53d7\u5230\u4e86\u5f71\u97ff\u3002Google Cloud \u8868\u793a\uff0c\u4e0d\u65e9\u65bc 2023 \u5e74 11 \u6708 30 \u65e5\uff0c\u5b83\u89c0\u5bdf\u5230\u91dd\u5c0d\u9ad8\u79d1\u6280\u3001\u8cc7\u8a0a\u79d1\u6280\u4f9b\u61c9\u5546\u548c\u653f\u5e9c\u5be6\u9ad4\u7684 CVE-2023-7102 \u6f0f\u6d1e\u5229\u7528\uff0c\u9019\u4e9b\u5be6\u9ad4\u4e3b\u8981\u4f4d\u65bc\u7f8e\u570b\u548c\u4e9e\u592a\u5730\u5340\u3002\u6700\u65b0\u7684\u767c\u5c55\u518d\u6b21\u8b49\u660e\u4e86UNC4841 \u7684\u9069\u61c9\u6027\uff0c\u5229\u7528\u65b0\u7684\u7b56\u7565\u548c\u6280\u8853\u5728\u73fe\u6709\u6f0f\u6d1e\u88ab\u5835\u4f4f\u7684\u60c5\u6cc1\u4e0b\u4fdd\u7559\u5c0d\u9ad8\u512a\u5148\u76ee\u6a19\u7684\u5b58\u53d6\u6b0a\u3002Mandiant \u9810\u8a08\uff0cUNC4841\u672a\u4f86\u53ef\u80fd\u6703\u5c07\u5176\u76ee\u6a19\u653b\u64ca\u9762\u64f4\u5927\u5230\u5176\u4ed6\u8a2d\u5099\uff0c\u4e26\u5229\u7528\u66f4\u591a\u7a2e\u985e\u7684\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

Barracuda\u96fb\u5b50\u90f5\u4ef6\u5b89\u5168\u9598\u9053\u8a2d\u5099\uff08ESG\uff09\u6f0f\u6d1e\u7684\u90e8\u5206\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n

SHA 256<\/p>\n\n\n\n

803cb5a7de1fe0067a9eeb220dfc24ca 56f3f571a986180e146b6cf387855bdd  <\/p>\n\n\n\n

952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acd<\/p>\n\n\n\n

118fad9e1f03b8b1abe00529c61dc3edf da043b787c9084180d83535b4d177b7<\/p>\n\n\n\n

IP<\/p>\n\n\n\n

23.224.99.242<\/p>\n\n\n\n

23.225.35.238<\/p>\n\n\n\n

107.148.41.146<\/p>\n","protected":false},"excerpt":{"rendered":"

#CVE-2023-7102 \u7f8e\u570b\u8cc7\u5b89\u5ee0\u5546Barracuda \u900f\u9732\uff0c\u4e2d\u570b\u570b\u5bb6\u7d1a\u99ed\u5ba2\u5229\u7528\u5176\u96fb\u5b50\u90f5\u4ef6\u5b89\u5168\u7db2\u95dc\uff08ES READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[165],"class_list":["post-2951","post","type-post","status-publish","format-standard","hentry","category-6","tag-apt"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2951"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2951\/revisions"}],"predecessor-version":[{"id":2954,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2951\/revisions\/2954"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}