{"id":3414,"date":"2024-11-06T16:30:11","date_gmt":"2024-11-06T08:30:11","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3414"},"modified":"2024-11-06T17:17:05","modified_gmt":"2024-11-06T09:17:05","slug":"%e5%8f%b0%e7%81%a3-facebook-%e5%95%86%e6%a5%ad%e7%b6%b2%e9%a0%81%e9%81%ad%e9%81%87-infostealer-%e7%b6%b2%e8%b7%af%e9%87%a3%e9%ad%9a%e6%94%bb%e6%93%8a","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3414","title":{"rendered":"\u53f0\u7063\u4f01\u696d\u7684FB\u7c89\u5c08\u6210\u70ba\u99ed\u5ba2\u7684\u76ee\u6a19 \u906d\u53d7\u6563\u4f48\u7aca\u8cc7\u8edf\u9ad4\u7684\u653b\u64ca\u5a01\u8105"},"content":{"rendered":"\n<p>Infostealer Phishing \u653b\u64ca\u6b63\u7784\u6e96\u53f0\u7063\u4f01\u696d\u7684\u7c89\u7d72\u5c08\u9801\u7ba1\u7406\u54e1\u53ca\u5ee3\u544a\u7ba1\u7406\u54e1<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/11\/67de8170-e9f9-4b98-a60a-8ae7306b5199.jpg\" alt=\"\" class=\"wp-image-3415\" style=\"width:497px;height:auto\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/11\/67de8170-e9f9-4b98-a60a-8ae7306b5199.jpg 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/11\/67de8170-e9f9-4b98-a60a-8ae7306b5199-150x150.jpg 150w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption class=\"wp-element-caption\">Photo Credit: Infosecurity Magazine<\/figcaption><\/figure>\n\n\n\n<p>\u4e00\u500b\u5c1a\u672a\u8fa8\u8b58\u7684\u7db2\u8def\u5a01\u8105\u8005\u6b63\u5728\u91dd\u5c0d\u53f0\u7063\u4f01\u696d\u7c89\u7d72\u5c08\u9801\u6216\u662f\u5ee3\u544a\u7ba1\u7406\u54e1\u7528\u6236\u9032\u884c\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\uff0c\u5176\u76ee\u7684\u662f\u6563\u5e03\u50cf\u662f Lumma \u6216 Rhadamanthys \u9019\u6a23\u7684\u8cc7\u8a0a\u7aca\u53d6\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n\n\n\n<p>\u9019\u4e9b\u8a98\u990c\u8a0a\u606f\u5167\u542b\u4e00\u500b\u9023\u7d50\uff0c\u7576\u53d7\u5bb3\u8005\u9ede\u64ca\u5f8c\uff0c\u4fbf\u6703\u88ab\u5f15\u5c0e\u81f3Dropbox\u6216Google Appspot\u7db2\u57df\uff0c\u9032\u800c\u89f8\u767c\u4e0b\u8f09\u52d5\u4f5c\uff0c\u4e0b\u8f09\u7684\u662f\u5305\u88f9\u8457\u5047PDF\u57f7\u884c\u6a94\u7684RAR\u58d3\u7e2e\u6a94\uff0c\u85c9\u800c\u7531\u6b64\u50b3\u9001\u8cc7\u8a0a\u7aca\u53d6\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n\n\n\n<p>\u8a98\u990c\u96fb\u5b50\u90f5\u4ef6\u548c\u507d\u9020\u7684PDF\u6a94\u540d\u5047\u5192\u516c\u53f8\u6cd5\u5f8b\u90e8\u9580\u7684\u6a23\u5b50\uff0c\u8a66\u5716\u5f15\u8a98\u53d7\u5bb3\u8005\u4e0b\u8f09\u4e26\u57f7\u884c\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n\n\n\n<p>\u6b64\u5916\uff0c\u9019\u4e9b\u4e0d\u6cd5\u884c\u70ba\u8005\u9084\u4ee5\u53f0\u7063\u4e00\u5bb6\u77e5\u540d\u5de5\u696d\u99ac\u9054\u88fd\u9020\u5546\u548c\u53e6\u4e00\u5bb6\u77e5\u540d\u7db2\u8def\u5546\u5e97\u7684\u540d\u7fa9\u767c\u9001\u7db2\u8def\u91e3\u9b5a\u90f5\u4ef6\uff0c\u8072\u7a31\u53d7\u5bb3\u8005\u7684\u696d\u52d9\u4e0a\u6709\u4fb5\u72af\u7248\u6b0a\u7684\u884c\u4e8b\u3002<\/p>\n\n\n\n<p>\u6839\u64da\u5a01\u8105\u60c5\u8cc7\u5718\u968a <a href=\"https:\/\/blog.talosintelligence.com\/threat-actors-use-copyright-infringement-phishing-lure-to-deploy-infostealers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cisco Talos \u7814\u7a76\u4eba\u54e1\u8868\u793a<\/a>\uff1a\u300c\u9019\u4e9b\u90f5\u4ef6\u8981\u6c42\u53d7\u5bb3\u8005\u572824\u5c0f\u6642\u5167\u79fb\u9664\u4fb5\u6b0a\u5167\u5bb9\uff0c\u505c\u6b62\u672a\u7d93\u6388\u6b0a\u7684\u4f7f\u7528\uff0c\u4e26\u8b66\u544a\u5018\u82e5\u4e0d\u9075\u5faa\uff0c\u5c07\u6703\u9762\u81e8\u53ef\u80fd\u7684\u6cd5\u5f8b\u884c\u52d5\u548c\u8ce0\u511f\u7d22\u6c42\u3002\u300d<\/p>\n\n\n\n<p>\u4ed6\u5011\u9084\u6307\u51fa\uff0c\u9019\u4e9b\u7db2\u8def\u5a01\u8105\u8005\u9084\u4f7f\u7528\u4e86\u591a\u7a2e\u7684\u6280\u8853\u548c\u5de5\u5177\uff0c\u4ee5\u898f\u907f\u9632\u6bd2\u8edf\u9ad4\u5075\u6e2c\u548c\u6c99\u7bb1\u5206\u6790\uff0c\u4f8b\u5982Shellcode\u52a0\u5bc6\u3001\u7a0b\u5f0f\u78bc\u6df7\u6dc6\uff0c\u4e26\u5c07LummaC2\u548cRhadamanthys\u7b49\u8cc7\u8a0a\u7aca\u53d6\u60e1\u610f\u8edf\u9ad4\u5d4c\u5165\u5408\u6cd5\u7684\u7cfb\u7d71\u7a0b\u5f0f\u4e4b\u4e2d\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/trick-captcha-lumma-stealer-malware\">Lumma Stealer<\/a> \u662f\u4e00\u7a2e\u5c08\u9580\u5f9e\u88ab\u5165\u4fb5\u7cfb\u7d71\u4e2d\u7aca\u53d6\u8cc7\u8a0a\u7684\u60e1\u610f\u8edf\u9ad4\uff0c\u5176\u76ee\u6a19\u5305\u62ec\u7cfb\u7d71\u8a73\u7d30\u8cc7\u8a0a\u3001\u7db2\u9801\u700f\u89bd\u5668\u53ca\u700f\u89bd\u5668\u64f4\u5145\u529f\u80fd\u7b49\u8cc7\u6599\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/oil-gas-sector-falling-for-fake-vehicle-incident-email-lure\">Rhadamanthys<\/a> \u662f\u4e00\u7a2e\u5728\u5730\u4e0b\u8ad6\u58c7\u51fa\u552e\u7684\u9ad8\u968e\u8cc7\u8a0a\u7aca\u53d6\u5de5\u5177\uff0c\u9996\u6b21\u6d6e\u51fa\u6aaf\u9762\u662f\u5728\u5169\u5e74\u524d\uff0c\u9019\u652f\u60e1\u610f\u8edf\u9ad4\u5c08\u9580\u7528\u4f86\u8490\u96c6\u7cfb\u7d71\u8cc7\u8a0a\u3001\u5e33\u6236\u6191\u8b49\u3001\u52a0\u5bc6\u8ca8\u5e63\u9322\u5305\u3001\u5bc6\u78bc\u3001Cookies\u4ee5\u53ca\u5176\u4ed6\u61c9\u7528\u7a0b\u5f0f\u4e2d\u7684\u8cc7\u6599\u3002<\/p>\n\n\n\n<p>\u9019\u6b21\u7684\u7db2\u8def\u91e3\u9b5a\u884c\u52d5\u81f3\u5c11\u81ea7\u6708\u4ee5\u4f86\u6301\u7e8c\u9032\u884c\u4e2d\uff0c\u6700\u521d\u7684\u653b\u64ca\u624b\u6cd5\u662f\u900f\u904e\u7db2\u8def\u91e3\u9b5a\u90f5\u4ef6\u9644\u5e36\u7684\u60e1\u610f\u8edf\u9ad4\u4e0b\u8f09\u9023\u7d50\u3002\u9019\u4e9b\u90f5\u4ef6\u4e2d\u4f7f\u7528\u7e41\u9ad4\u4e2d\u6587\u7684\u8a98\u9a19\u5167\u5bb9\uff0c\u7531\u6b64\u53ef\u63a8\u65b7\u5176\u76ee\u6a19\u5c0d\u8c61\u70ba\u4f7f\u7528\u4e2d\u6587\u7684\u7528\u6236\u3002<\/p>\n\n\n\n<p>\u53e6\u5916\uff0c\u4e5f\u6709\u89c0\u5bdf\u5230\u4e00\u4e9b\u7db2\u8def\u91e3\u9b5a\u6d3b\u52d5\u662f\u5047\u5192OpenAI\u4f86\u9032\u884c\uff0c\u5176\u76ee\u6a19\u6307\u5411\u5168\u7403\u7684\u4f01\u696d\uff0c\u6307\u793a\u4ed6\u5011\u9ede\u64ca\u4ee4\u4eba\u6df7\u6dc6\u7684\u8d85\u9023\u7d50\u4ee5\u66f4\u65b0\u4ed8\u6b3e\u8cc7\u8a0a\u3002<\/p>\n\n\n\n<p>\u300c\u9019\u6b21\u653b\u64ca\u4e8b\u4ef6\u662f\u7531\u55ae\u4e00\u7db2\u57df\u5411\u8d85\u904e1000\u4f4d\u6536\u4ef6\u8005\u767c\u9001\u7684\u300d\uff0c\u6839\u64daBarracuda\u7684<a href=\"https:\/\/blog.barracuda.com\/2024\/10\/31\/impersonate-openai-steal-data\" target=\"_blank\" rel=\"noreferrer noopener\">\u5831\u544a\u6307\u51fa<\/a>\uff1a\u300c\u90f5\u4ef6\u5167\u5bb9\u4f7f\u7528\u4e86\u4e0d\u540c\u7684\u8d85\u9023\u7d50\uff0c\u53ef\u80fd\u662f\u70ba\u4e86\u898f\u907f\u5075\u6e2c\u3002\u9019\u4e9b\u90f5\u4ef6\u901a\u904e\u4e86DKIM\u548cSPF\u9a57\u8b49\uff0c\u8868\u793a\u90f5\u4ef6\u662f\u5f9e\u8a72\u7db2\u57df\u6388\u6b0a\u7684\u90f5\u4ef6\u4f3a\u670d\u5668\u767c\u51fa\u7684\u3002\u7136\u800c\uff0c\u8a72\u7db2\u57df\u672c\u8eab\u537b\u662f\u975e\u5e38\u53ef\u7591\u3002\u300d<\/p>\n\n\n\n<p>LummaC2 \u548c Rhadamanthys\u76f8\u95dc\u7684\u90e8\u5206\u7684\u5165\u4fb5\u6307\u6a19\uff08IOCs\uff09:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>03ed5c2b3a8b34f8c7ef110f78926c42<\/td><\/tr><tr><td>ff1156ab3a8226f8ac89bae78c990ebb85f3138b<\/td><\/tr><tr><td>1b80e9c51d418ce5ac3a6741e70a6a0235b43bb7548299278865f604d41d7675<\/td><\/tr><tr><td>1ccf7f8b3a9b20bb87bc18a3fcfb41948f65dfb43b2fad1440a0eaef2656f414<\/td><\/tr><tr><td>213c8a51972fdd17d3f8c20a94e76123004d4e8f21a4a06d50f87d2c65379ac0<\/td><\/tr><tr><td>2175a1f8f798b0daf05965eb860166c65a8d227d1309cd3545dba3174fd2292f<\/td><\/tr><tr><td>33aaf3109c1c8a477cbcdd942a9b60acc236fe56ddd8d0262d7ad63d9434e12f<\/td><\/tr><tr><td>51c1e25a546dbf2d9a17ccd1f0e95cff68ead96d4dc77c995fe3d9cb67d4ee17<\/td><\/tr><tr><td>76c711c56c95009506347691c44ba9cc61ce0056e47784799f6429642c224d3a<\/td><\/tr><tr><td>80231f19168b5f326bd1fbcd7a093aeb0415c84e5036c7991b3eaef2f9be77a2<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Infostealer Phishing \u653b\u64ca\u6b63\u7784\u6e96\u53f0\u7063\u4f01\u696d\u7684\u7c89\u7d72\u5c08\u9801\u7ba1\u7406\u54e1\u53ca\u5ee3\u544a\u7ba1\u7406\u54e1 \u4e00\u500b\u5c1a\u672a\u8fa8\u8b58\u7684\u7db2\u8def\u5a01 <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=3414\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[183,174],"class_list":["post-3414","post","type-post","status-publish","format-standard","hentry","category-6","tag-iocs","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3414"}],"version-history":[{"count":4,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3414\/revisions"}],"predecessor-version":[{"id":3423,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3414\/revisions\/3423"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}