{"id":3628,"date":"2025-03-19T15:48:43","date_gmt":"2025-03-19T07:48:43","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3628"},"modified":"2025-03-19T15:52:19","modified_gmt":"2025-03-19T07:52:19","slug":"%e6%96%b0%e8%88%88%e9%a7%ad%e5%ae%a2%e7%b5%84%e7%b9%94-mora_001-%e9%8e%96%e5%ae%9a-fortinet-%e7%94%a8%e6%88%b6-%e6%8e%a1%e7%94%a8-lockbit-%e6%94%bb%e6%93%8a%e6%88%b0%e8%a1%93","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3628","title":{"rendered":"\u65b0\u8208\u99ed\u5ba2\u7d44\u7e54 Mora_001 \u9396\u5b9a Fortinet \u7528\u6236 \u63a1\u7528 LockBit \u653b\u64ca\u6230\u8853"},"content":{"rendered":"\n

\u8fd1\u671f\uff0c\u8cc7\u5b89\u5c08\u5bb6\u767c\u73fe\u4e00\u500b\u540d\u70ba Mora_001<\/em> \u7684\u65b0\u8208\u99ed\u5ba2\u7d44\u7e54\u6b63\u5728\u5229\u7528 Fortinet \u7522\u54c1\u4e2d\u7684\u6f0f\u6d1e\u9032\u884c\u653b\u64ca\uff0c\u4e26\u8207\u60e1\u540d\u662d\u5f70\u7684 LockBit<\/em> \u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u6709\u95dc\u806f\u3002<\/p>\n\n\n\n

\u5b89\u5168\u7814\u7a76\u4eba\u54e1\u6307\u51fa\uff0cMora_001<\/em> \u6b63\u5728\u5229\u7528\u5f71\u97ff Fortinet FortiGate \u9632\u706b\u7246\u8a2d\u5099\u7684\u5169\u500b\u6f0f\u6d1e\u2014\u2014CVE-2024-55591<\/a><\/em> \u548c CVE-2025-24472<\/a><\/em>\u3002\u7f8e\u570b \u7db2\u8def\u5b89\u5168\u8207\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA<\/em>\uff09<\/em> \u5728 1 \u6708\u4efd\u767c\u51fa\u7dca\u6025\u6307\u4ee4<\/a>\uff0c\u8981\u6c42\u6240\u6709\u806f\u90a6\u6c11\u7528\u6a5f\u69cb\u5fc5\u9808\u5728\u4e00\u9031\u5167\u4fee\u88dc CVE-2024-55591<\/em>\uff0c\u9019\u662f\u8a72\u6a5f\u69cb\u6b77\u4f86\u6700\u77ed\u7684\u4fee\u88dc\u671f\u9650\u4e4b\u4e00\u3002\u96a8\u5f8c\uff0cFortinet \u78ba\u8a8d\u9019\u4e9b\u6f0f\u6d1e\u5df2\u906d\u5230\u653b\u64ca\u8005\u5229\u7528\uff0c\u4e26\u5728\u516c\u544a\u4e2d\u52a0\u5165\u4e86 CVE-2025-24472<\/em>\u3002<\/p>\n\n\n\n

\u6839\u64da Forescout Research<\/em> \u767c\u4f48\u7684\u5831\u544a<\/a>\uff0c\u5f9e 1 \u6708\u5e95\u5230 3 \u6708\u671f\u9593\uff0c\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u591a\u8d77\u5165\u4fb5\u4e8b\u4ef6\u8207\u9019\u4e9b\u6f0f\u6d1e\u6709\u95dc\uff0c\u6700\u7d42\u5c0e\u81f4\u4e86\u4e00\u7a2e\u65b0\u578b\u52d2\u7d22\u8edf\u9ad4\u7684\u90e8\u7f72\uff0c\u8a72\u8edf\u9ad4\u88ab\u547d\u540d\u70ba SuperBlack<\/em>\u3002<\/p>\n\n\n\n

\"\"
Photo Credit: Forescout<\/figcaption><\/figure>\n\n\n\n

Forescout \u7684\u5206\u6790\u986f\u793a\uff0cMora_001<\/em> \u7684\u653b\u64ca\u624b\u6cd5\u8207 LockBit<\/em> \u985e\u4f3c\uff0c\u4ed6\u5011\u5229\u7528\u4e86 LockBit 3.0<\/em>\uff08LockBit Black<\/em>\uff09<\/em> \u7684\u6d29\u6f0f\u5efa\u69cb\u5668\uff0c\u4f46\u522a\u9664\u4e86 LockBit \u54c1\u724c\u6a19\u8a8c\uff0c\u4e26\u958b\u767c\u4e86\u81ea\u8a02\u6578\u64da\u5916\u6d29\u5de5\u5177\u3002\u9019\u8868\u660e\u8a72\u7d44\u7e54\u53ef\u80fd\u662f LockBit \u7684\u524d\u9644\u5c6c\u6210\u54e1\uff0c\u6b63\u5728\u8abf\u6574\u5176\u7b56\u7565\uff0c\u6216\u4ecd\u8207 LockBit \u751f\u614b\u7cfb\u7d71\u4fdd\u6301\u9593\u63a5\u806f\u7e6b\u3002<\/p>\n\n\n\n

\u8cc7\u5b89\u5c08\u5bb6 Stefan Hostetler<\/em>\uff08Arctic Wolf<\/em> \u8cc7\u6df1\u5a01\u8105\u60c5\u5831\u7814\u7a76\u54e1\uff09\u78ba\u8a8d<\/a>\uff0c\u9019\u4e9b Fortinet \u6f0f\u6d1e\u7684\u653b\u64ca\u884c\u52d5\u65e9\u5728 1 \u6708\u5e95\u5c31\u5df2\u7d93\u958b\u59cb\uff0c\u4e26\u65bc 2 \u6708 2 \u65e5\u89c0\u5bdf\u5230\u5177\u9ad4\u7684\u653b\u64ca\u6d3b\u52d5\u3002\u96d6\u7136 Fortinet<\/a> \u5df2\u91cb\u51fa\u4fee\u88dc\u7a0b\u5f0f\uff0c\u4f46\u653b\u64ca\u8005\u4ecd\u7136\u91dd\u5c0d\u672a\u80fd\u53ca\u6642\u66f4\u65b0\u6216\u5f37\u5316\u9632\u706b\u7246\u914d\u7f6e\u7684\u7d44\u7e54\u767c\u52d5\u653b\u64ca\u3002<\/p>\n\n\n\n

Arctic Wolf \u9032\u4e00\u6b65\u6307\u51fa\uff0c\u91dd\u5c0d FortiGate \u9632\u706b\u7246\u7ba1\u7406\u4ecb\u9762\u7684\u6383\u63cf\u6d3b\u52d5\u65e9\u5728 12 \u6708\u521d\u5c31\u5df2\u51fa\u73fe\uff0c\u9019\u6bd4 Fortinet \u6b63\u5f0f\u62ab\u9732\u6f0f\u6d1e\u7684\u6642\u9593\u9084\u8981\u65e9\uff0c\u986f\u793a\u51fa\u5a01\u8105\u884c\u52d5\u8005\u53ef\u80fd\u5df2\u638c\u63e1\u6f0f\u6d1e\u8cc7\u8a0a\u4e26\u9032\u884c\u9810\u5148\u90e8\u7f72\u3002\u6b64\u4e8b\u4ef6\u518d\u6b21\u51f8\u986f\u4f01\u696d\u61c9 \u53ca\u6642\u4fee\u88dc\u6f0f\u6d1e<\/strong>\uff0c\u4e26\u63a1\u53d6\u7a4d\u6975\u7684\u7db2\u8def\u5b89\u5168\u9632\u8b77\u63aa\u65bd<\/strong>\u3002<\/p>\n\n\n\n

Mora_001<\/em> \u7684\u51fa\u73fe\u53cd\u6620\u51fa\u7576\u524d\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u6a21\u5f0f\u7684\u767c\u5c55\u8da8\u52e2\uff1a\u81ea 2022 \u5e74 LockBit 3.0 <\/em>\u5efa\u69cb\u5668<\/em>\u6d29\u6f0f\u4ee5\u4f86\uff0c\u8a31\u591a\u653b\u64ca\u5718\u9ad4\u958b\u59cb\u958b\u767c\u81ea\u5df1\u7684\u8b8a\u7a2e\uff0c\u4e26\u7d50\u5408\u4e0d\u540c\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u7684\u7b56\u7565\u3002\u4f8b\u5982\uff0cSuperBlack \u5728\u52d2\u7d22\u4fe1\u7d50\u69cb\u8207\u6578\u64da\u5916\u6d29\u6280\u8853\u4e0a\u8207 BlackCat\/ALPHV<\/em> \u7b49\u5176\u4ed6\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u7684\u624b\u6cd5\u76f8\u4f3c\u3002<\/p>\n\n\n\n

Fortinet <\/strong>\u7522\u54c1\u4f7f\u7528\u8005\u5efa\u8b70\u63aa\u65bd\uff1a<\/strong><\/p>\n\n\n\n

\ud83d\udd39 \u7acb\u5373\u5b89\u88dd Fortinet <\/strong>\u5b89\u5168\u66f4\u65b0<\/strong>\uff0c\u4fee\u88dc CVE-2024-55591<\/em> \u548c CVE-2025-24472<\/em> \u6f0f\u6d1e\u3002
\ud83d\udd39 \u6aa2\u67e5\u9632\u706b\u7246\u7ba1\u7406\u4ecb\u9762\u8a2d\u5b9a<\/strong>\uff0c\u78ba\u4fdd\u672a\u66b4\u9732\u65bc\u516c\u7db2\uff0c\u964d\u4f4e\u98a8\u96aa\u3002
\ud83d\udd39 \u76e3\u63a7\u8207 SuperBlack <\/strong>\u52d2\u7d22\u8edf\u9ad4\u76f8\u95dc\u7684\u653b\u64ca\u6307\u6a19\uff08IoCs<\/strong>\uff09<\/strong>\uff0c\u5075\u6e2c\u6f5b\u5728\u5165\u4fb5\u884c\u70ba\u3002
\ud83d\udd39 \u5efa\u7acb\u5b8c\u6574\u7684\u4e8b\u4ef6\u61c9\u8b8a\u8a08\u756b<\/strong>\uff0c\u78ba\u4fdd\u7d44\u7e54\u80fd\u5920\u8fc5\u901f\u61c9\u5c0d\u53ef\u80fd\u7684\u653b\u64ca\u3002<\/p>\n\n\n\n

\u6839\u64da\u8cc7\u5b89\u5a92\u9ad4TechCrunch<\/a>\uff0c\u622a\u81f3\u76ee\u524d\uff0cFortinet \u5c1a\u672a\u5c31\u6b64\u5a01\u8105\u767c\u8868\u9032\u4e00\u6b65\u8072\u660e\u3002\u7531\u65bc\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u624b\u6cd5\u6301\u7e8c\u6f14\u8b8a\uff0c\u4f01\u696d\u8207\u6a5f\u69cb\u61c9\u4fdd\u6301\u9ad8\u5ea6\u8b66\u89ba\uff0c\u78ba\u4fdd\u95dc\u9375\u7cfb\u7d71\u7684\u5b89\u5168\u6027\uff0c\u4ee5\u9632\u6b62\u60e1\u610f\u653b\u64ca\u7684\u5f71\u97ff\u3002<\/p>\n\n\n\n

SuperBlack\u52d2\u7d22\u8edf\u9ad4\u7684\u90e8\u5206\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n

FileHash-MD5          046b64c08f66f1820ae4ce5dd170e761                <\/p>\n\n\n\n

FileHash-MD5          294e9f64cb1642dd89229fff0592856b                             <\/p>\n\n\n\n

FileHash-MD5          4bcc3589bbbbaa013bebf38d28d442ac                         <\/p>\n\n\n\n

FileHash-MD5          5c082bc67a61c822877dab10226044c8<\/p>\n\n\n\n

FileHash-SHA256<\/p>\n\n\n\n

782c3c463809cd818dadad736f076c36cdea01d8c4efed094d78661ba0a57045<\/p>\n\n\n\n

FileHash-SHA256<\/p>\n\n\n\n

813ad8caa4dcbd814c1ee9ea28040d74338e79e76beae92bedc8a47b402dedc2<\/p>\n","protected":false},"excerpt":{"rendered":"

\u8fd1\u671f\uff0c\u8cc7\u5b89\u5c08\u5bb6\u767c\u73fe\u4e00\u500b\u540d\u70ba Mora_001 \u7684\u65b0\u8208\u99ed\u5ba2\u7d44\u7e54\u6b63\u5728\u5229\u7528 Fortinet \u7522\u54c1\u4e2d\u7684\u6f0f\u6d1e\u9032\u884c\u653b\u64ca\uff0c READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174,213],"class_list":["post-3628","post","type-post","status-publish","format-standard","hentry","category-6","tag-news","tag-ransomware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3628"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3628\/revisions"}],"predecessor-version":[{"id":3631,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3628\/revisions\/3631"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}