{"id":3182,"date":"2024-06-12T14:56:03","date_gmt":"2024-06-12T06:56:03","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3182"},"modified":"2024-06-12T15:17:56","modified_gmt":"2024-06-12T07:17:56","slug":"%e5%82%b3%e5%87%ba%e5%8f%b0%e7%81%a3%e6%9f%90%e4%b8%8a%e5%b8%82%e5%85%89%e7%ba%96%e7%b6%b2%e8%b7%af%e8%a8%ad%e5%82%99%e5%a4%a7%e5%bb%a0-%e9%81%ad%e4%bb%99%e4%ba%ba%e6%8e%8c%e5%8b%92%e7%b4%a2%e8%bb%9f","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3182","title":{"rendered":"\u50b3\u51fa\u53f0\u7063\u67d0\u4e0a\u5e02\u5149\u7e96\u7db2\u8def\u8a2d\u5099\u5927\u5ee0 \u906d\u4ed9\u4eba\u638c\u52d2\u7d22\u8edf\u9ad4\u52a0\u5bc6"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Key Points:<\/p>\n\n\n\n

*\u4ed9\u4eba\u638c\u52d2\u7d22\u8edf\u9ad4\u81ea 2023 \u5e74 3 \u6708\u4ee5\u4f86\u4e00\u76f4\u6d3b\u8e8d\uff0c\u8fc4\u4eca\u4e00\u76f4\u91dd\u5c0d\u77e5\u540d\u76ee\u6a19\u3002<\/p>\n\n\n\n

*\u4e3b\u8981\u91dd\u5c0d VPN \u8a2d\u5099\uff0c\u5c24\u5176\u662f Fortinet VPN \u4e2d\u7684\u6f0f\u6d1e\u3002\u5f9e\u4e8b\u4ef6\u4e2d\u89c0\u5bdf\u5230\u7684\u8da8\u52e2\u8868\u660e\uff0c\u672a\u7d93\u6388\u6b0a\u7684\u5b58\u53d6\u901a\u5e38\u662f\u4f7f\u7528 VPN \u670d\u52d9\u5e33\u6236\u900f\u904e VPN \u4f3a\u670d\u5668\u7372\u5f97\u7684\u3002<\/p>\n\n\n\n

*\u4ed9\u4eba\u638c\u52d2\u7d22\u8edf\u9ad4\u6700\u5947\u7279\u7684\u4e00\u9ede\u662f\u5b83\u6703\u4ee5\u81ea\u6211\u52a0\u5bc6\u9003\u907f\u5075\u6e2c\u3002<\/p>\n\n\n\n

6\u670811\u65e5\u7ae3\u76df\u79d1\u6280<\/a>\u5728\u4ed9\u624b\u638c\u63ed\u79d8\u7684\u6697\u7db2\u4e2d\u767c\u73fe\u6709\u53f0\u7063\u67d0\u5149\u7e96\u7db2\u8def\u8a2d\u5099\u696d\u8005\u7684\u9801\u9762\uff0c\u99ed\u5ba2\u8072\u7a31\u5df2\u76dc\u5f97\u8a72\u696d\u8005\u7684\u516c\u53f8\u6a5f\u654f\u8cc7\u6599\uff0c\u5305\u62ec\u5de5\u7a0b\u6a94\u6848\u3001\u8ca1\u52d9\u8cc7\u6599\u3001\u5ba2\u6236\u8cc7\u8a0a\u3001\u500b\u4eba\u8eab\u4efd\u6587\u4ef6\uff0c\u8cc7\u6599\u5eab\u5099\u4efd\u7b49\u3002\u4f5c\u70ba\u8b49\u64da\uff0c\u99ed\u5ba2\u516c\u4f48\u7591\u4f3c\u8a72\u4f01\u696d\u53f0\u7063\u54e1\u5de5\u7684\u8b77\u7167\u53ca\u4e2d\u570b\u7c4d\u54e1\u5de5\u7684\u901a\u884c\u8b49\u3002\u7136\u800c\u76ee\u524d\u6c92\u770b\u5230\u99ed\u5ba2\u52d2\u7d22\u7684\u91d1\u984d\u53ca\u8ac7\u5224\u6700\u7d42\u7684\u6709\u6548\u671f\u9650\uff0c\u76f8\u5c0d\u65bc\u5176\u4ed6\u88ab\u52d2\u7d22\u7684\u516c\u53f8\uff0c\u672c\u6b21\u7684\u53f0\u7063\u696d\u8005\u88ab\u76dc\u7684\u8cc7\u6599\u986f\u7136\u8f03\u5c11\uff0c\u4ed9\u4eba\u638c\u7a31\u76dc\u7aca\u4e8693GB\u7684\u6578\u64da\u3002<\/p>\n\n\n\n

\u81ea 2023 \u5e74 3 \u6708\u4ee5\u4f86\u4ed9\u4eba\u638c(Cactus)\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u5df2\u6210\u70ba\u4e00\u500b\u91cd\u5927\u5a01\u8105\uff0c\u5229\u7528\u5404\u7a2e\u7b56\u7565\u4f86\u7834\u58de\u4f01\u696d\u7db2\u8def\u4e26\u90e8\u7f72\u52d2\u7d22\u8edf\u9ad4\u3002\u64da\u89c0\u5bdf\uff0c\u8a72\u7d44\u7e54\u4ee5 VPN \u8a2d\u5099\u70ba\u521d\u59cb\u5b58\u53d6\u76ee\u6a19\uff0c\u4e26\u5229\u7528\u5df2\u77e5\u6f0f\u6d1e\u5728\u53d7\u5bb3\u8005\u74b0\u5883\u4e2d\u7ad9\u7a69\u8173\u8ddf\uff0c\u540c\u6642\u4ed9\u4eba\u638c\u6703\u6feb\u7528\u5408\u6cd5\u7684\u9060\u7aef\u76e3\u63a7\u548c\u7ba1\u7406 (RMM) \u5de5\u5177\u4f86\u5be6\u73fe\u53d7\u611f\u67d3\u7cfb\u7d71\u7684\u6301\u4e45\u6027\u3002Cactus \u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u65bc2023 \u5e743\u6708\u51fa\u73fe\uff0c\u900f\u904e\u5229\u7528\u5df2\u77e5\u6f0f\u6d1e\uff08\u5c24\u5176\u662fVPN \u8a2d\u5099\u4e2d\u7684\u6f0f\u6d1e\uff09\u3001\u63a1\u7528Living-off-the-Land \u7b49\u8907\u96dc\u6280\u8853\u4ee5\u53ca\u5229\u7528\u5408\u6cd5\u7db2\u8def\u5de5\u5177\u9032\u884c\u6a6b\u5411\u79fb\u52d5\uff0c\u8fc5\u901f\u5347\u7d1a\u4e86\u5176\u884c\u52d5\u3002\u8a72\u7d44\u7e54\u7684\u65b9\u6cd5\u6d89\u53ca\u4f7f\u7528\u9700\u8981\u89e3\u5bc6\u91d1\u9470\u624d\u80fd\u57f7\u884c\u7684\u52a0\u5bc6\u6709\u6548\u8ca0\u8f09\uff0c\u9019\u6709\u52a9\u65bc\u9003\u907f\u5b89\u5168\u5de5\u5177\u7684\u5075\u6e2c\u3002 \u4ed9\u4eba\u638c\u4e5f\u4f7f\u7528 Cobalt Strike \u7b49\u5de5\u5177\uff0c\u4e26\u5229\u7528 TotalExec \u7b49\u8173\u672c\u4f86\u81ea\u52d5\u5316\u52a0\u5bc6\u904e\u7a0b\uff0c\u9019\u8207 BlackBasta \u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u4f7f\u7528\u7684\u7b56\u7565\u975e\u5e38\u76f8\u4f3c\u3002 \u4ed9\u624b\u638c\u52d2\u7d22\u8edf\u9ad4\u4e0d\u50c5\u50c5\u6b62\u65bc\u52a0\u5bc6\u3002\u99ed\u5ba2\u70ba\u78ba\u4fdd\u5176\u5b58\u5728\u6df1\u690d\u65bc\u53d7\u611f\u67d3\u7684\u7cfb\u7d71\u4e2d\uff0c\u63a1\u7528\u8907\u96dc\u7684\u611f\u67d3\u93c8\u4e26\u5229\u7528\u591a\u5c64\u6df7\u6dc6\u4f86\u96b1\u85cf\u5176\u6d3b\u52d5\u3002\u5f9e\u4f7f\u7528UPX \u6253\u5305\u548c\u5229\u7528OpenSSL\u3001AES OCB\u548cChaCha20_Poly1305\u7b49\u52a0\u5bc6\u6f14\u7b97\u6cd5\uff0c\u5230\u7d44\u7e54\u91cd\u65b0\u555f\u52d5\u57f7\u884c\u548c\u679a\u8209\u7db2\u8def\u5171\u4eab\uff0cCactus \u5c55\u793a\u4e86\u591a\u65b9\u9762\u7684\u653b\u64ca\u65b9\u6cd5\uff0c\u78ba\u4fdd\u5176\u6d3b\u52d5\u4e0d\u50c5\u6210\u529f\uff0c\u800c\u4e14\u4fdd\u6301\u79d8\u5bc6\u6027\u3002Cactus \u52d2\u7d22\u8edf\u9ad4\u900f\u904e\u5efa\u7acb\u4e00\u500b\u540d\u70ba\u300c\u66f4\u65b0\u6aa2\u67e5\u4efb\u52d9\u300d\u7684\u6392\u7a0b\u4efb\u52d9\uff08\u6bcf 5 \u5206\u9418\u904b\u884c\u4e00\u6b21\uff09\u4f86\u78ba\u4fdd\u5176\u5728\u53d7\u611f\u67d3\u7cfb\u7d71\u4e2d\u6301\u7e8c\u5b58\u5728\uff0c\u5f9e\u800c\u5c07\u52d2\u7d22\u8edf\u9ad4\u4f5c\u70baSYSTEM \u904b\u884c\uff0c\u4e26\u78ba\u4fdd\u5176\u60e1\u610f\u6d3b\u52d5\u7e7c\u7e8c\u9806\u5229\u9032\u884c\u3002<\/p>\n\n\n\n

\u4ed9\u4eba\u638c\u662f\u96d9\u91cd\u52d2\u7d22\u8edf\u9ad4\u8b8a\u7a2e\u7684\u4e00\u500b\u4f8b\u5b50\uff0c\u9664\u4e86\u7d50\u5408\u4f7f\u7528 RSA \u548c AES \u4f86\u52a0\u5bc6\u8cc7\u6599\u5916\uff0c\u60e1\u610f\u8edf\u9ad4\u9084\u5617\u8a66\u7aca\u53d6\u8cc7\u6599\u3002\u64da\u89c0\u5bdf\uff0c\u4ed9\u4eba\u638c\u53ef\u4ee5\u4f7f\u7528 Rclone \u4f86\u5be6\u73fe\u6b64\u76ee\u7684\uff0c\u5b83\u5c07\u88ab\u76dc\u7684\u6587\u4ef6\u79fb\u52d5\u5230\u96f2\u7aef\u5132\u5b58\u3002\u4e00\u65e6\u52a0\u5bc6\u548c\u6d29\u6f0f\u5b8c\u6210\uff0c\u4ed9\u4eba\u638c\u5c31\u6703\u5728\u4f7f\u7528\u8005\u7684\u96fb\u8166\u4e0a\u767c\u5e03\u52d2\u7d22\u8cc7\u8a0a\u3002<\/p>\n\n\n\n

\"\"
\u4ed9\u4eba\u638c\u767c\u5e03\u7684\u52d2\u7d22\u4fe1–cAcTuS.readme.txt<\/figcaption><\/figure>\n\n\n\n

\u4ee5\u4e0b\u63d0\u4f9b\u4ed9\u4eba\u638c\u76f8\u95dc\u7684\u90e8\u5206\u7684\u5165\u4fb5\u6307\u6a19\uff08IOCs\uff09:<\/p>\n\n\n\n

be139fc480984eb31de025f25a191035<\/p>\n\n\n\n

08d2c800c93015092e14738c941ac492<\/p>\n\n\n\n

02e4da16377fc85e71a8c8378b2a8a96<\/p>\n\n\n\n

8b37df9d295bbc2906961f72b7cdc5fb<\/p>\n\n\n\n

8af259ad55c3746926e992c82bc7e850<\/p>\n\n\n\n

55e42014424c0d120ff17f11e207e4f0<\/p>\n\n\n\n

5f7c3cda7759ef6e577552ad322c1f64<\/p>\n\n\n\n

39fe99d2250954a0d5ed0e9ff9c41d81<\/p>\n\n\n\n

0e4ee38fe320cfb573a30820198ff442<\/p>\n\n\n\n

8d2e4bef47e3f2ee0195926bbf4a25d5<\/p>\n\n\n\n

f7a6d1e6e5436bd3c10f3a26f3e9b9b9<\/p>\n\n\n\n

fb467a07f44e8d58e93e3567fd7ff016<\/p>\n\n\n\n

\u201c\u8f49\u8cbc\u3001\u5206\u4eab\u6216\u5f15\u7528\u6587\u7ae0\u5167\u5bb9\uff0c\u8acb\u8a3b\u660e\u51fa\u8655\u70ba\u7ae3\u76df\u79d1\u6280\u00a0https:\/\/www.billows.tech<\/a>\u00a0, \u4ee5\u514d\u89f8\u6cd5\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Key Points: *\u4ed9\u4eba\u638c\u52d2\u7d22\u8edf\u9ad4\u81ea 2023 \u5e74 3 \u6708\u4ee5\u4f86\u4e00\u76f4\u6d3b\u8e8d\uff0c\u8fc4\u4eca\u4e00\u76f4\u91dd\u5c0d\u77e5\u540d\u76ee\u6a19\u3002 *\u4e3b\u8981\u91dd READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[213,235],"class_list":["post-3182","post","type-post","status-publish","format-standard","hentry","category-6","tag-ransomware","tag-235"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3182"}],"version-history":[{"count":6,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3182\/revisions"}],"predecessor-version":[{"id":3195,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3182\/revisions\/3195"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}