{"id":4168,"date":"2026-02-13T11:53:43","date_gmt":"2026-02-13T03:53:43","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=4168"},"modified":"2026-02-13T12:09:58","modified_gmt":"2026-02-13T04:09:58","slug":"reynolds-%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94%e6%96%b0%e6%89%8b%e6%b3%95%ef%bc%9a%e5%85%a7%e5%bb%ba-byovd-%e9%a9%85%e5%8b%95%ef%bc%8c%e7%9b%b4%e6%8e%a5%e9%97%9c%e9%96%89-edr-%e9%98%b2%e8%ad%b7","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=4168","title":{"rendered":"Reynolds \u52d2\u7d22\u8edf\u9ad4\u65b0\u624b\u6cd5\uff1a\u5167\u5efa BYOVD \u9a45\u52d5\uff0c\u76f4\u63a5\u95dc\u9589 EDR \u9632\u8b77"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"693\" height=\"501\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/02\/image-4.png\" alt=\"\" class=\"wp-image-4169\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/02\/image-4.png 693w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/02\/image-4-300x217.png 300w\" sizes=\"auto, (max-width: 693px) 100vw, 693px\" \/><figcaption class=\"wp-element-caption\">Photo Credit: Symantec and Carbon Black<\/figcaption><\/figure>\n\n\n\n<p>\u8fd1\u4f86\u8cc7\u5b89\u7814\u7a76\u63ed\u9732\uff0c\u4e00\u500b\u540d\u70ba <strong>Reynolds<\/strong> \u7684\u65b0\u8208\u52d2\u7d22\u8edf\u9ad4\u5bb6\u65cf\uff0c\u958b\u59cb\u5c07 <strong>BYOVD<\/strong><strong>\uff08Bring Your Own Vulnerable Driver<\/strong><strong>\uff09\u6f0f\u6d1e\u9a45\u52d5<\/strong> \u76f4\u63a5\u6574\u5408\u9032\u52d2\u7d22\u8edf\u9ad4\u672c\u9ad4\uff0c\u7528\u4ee5\u898f\u907f\u7d42\u7aef\u9632\u8b77\u5de5\u5177\uff08EDR\uff09\u3002\u9019\u7a2e\u624b\u6cd5\u8b93\u653b\u64ca\u8005\u80fd\u5728\u76ee\u6a19\u7cfb\u7d71\u4e0a\u300c\u6084\u7121\u8072\u606f\u300d\u5730\u95dc\u9589\u5b89\u5168\u9632\u8b77\uff0c\u589e\u52a0\u52d2\u7d22\u653b\u64ca\u6210\u529f\u7387\u3002<\/p>\n\n\n\n<p><strong>\u4ec0\u9ebc\u662f BYOVD<\/strong><strong>\uff1f<\/strong><\/p>\n\n\n\n<p>BYOVD \u662f\u4e00\u7a2e\u5229\u7528\u300c\u5408\u6cd5\u4f46\u5b58\u5728\u6f0f\u6d1e\u7684\u9a45\u52d5\u7a0b\u5f0f\u300d\u4f86\u53d6\u5f97\u7cfb\u7d71\u6b0a\u9650\u4e26\u95dc\u9589\u9632\u8b77\u5de5\u5177\u7684\u6280\u8853\u3002\u50b3\u7d71\u4e0a\uff0c\u9019\u985e\u6f0f\u6d1e\u9a45\u52d5\u6703\u7531\u653b\u64ca\u8005\u5148\u884c\u90e8\u7f72\u5728\u53d7\u5bb3\u7cfb\u7d71\uff0c\u518d\u57f7\u884c\u52d2\u7d22\u8edf\u9ad4\u3002\u4f46 <strong>Reynolds<\/strong> \u5c07\u9019\u500b\u6f0f\u6d1e\u9a45\u52d5\u76f4\u63a5\u6253\u5305\u5728\u52d2\u7d22\u8edf\u9ad4\u672c\u9ad4\u4e2d\uff0c\u653b\u64ca\u6d41\u7a0b\u66f4\u7dca\u5bc6\uff0c\u4e5f\u66f4\u96e3\u88ab\u5075\u6e2c\u3002<\/p>\n\n\n\n<p>\u8cc7\u5b89\u516c\u53f8Symantec \u8207 Carbon Black \u7684\u5718\u968a<a href=\"https:\/\/www.security.com\/threat-intelligence\/black-basta-ransomware-byovd\">\u6307\u51fa<\/a>\uff0c\u6b64\u6b21\u653b\u64ca\u4e2d\u4f7f\u7528\u7684\u9a45\u52d5\u7a0b\u5f0f\u70ba <strong>NsecSoft NSecKrnl<\/strong>\uff0c\u53ef\u85c9\u7531\u5df2\u77e5\u6f0f\u6d1e\uff08CVE-2025-68947\uff0cCVSS 5.7\uff09\u7d42\u6b62\u76ee\u6a19\u7cfb\u7d71\u4e0a\u4efb\u610f\u9032\u7a0b\uff0c\u5305\u62ec Avast\u3001CrowdStrike\u3001Palo Alto Cortex XDR\u3001Sophos\u3001Symantec Endpoint Protection \u7b49\u5b89\u5168\u8edf\u9ad4\uff0c\u8b93\u52d2\u7d22\u8edf\u9ad4\u80fd\u7121\u963b\u57f7\u884c\u3002<\/p>\n\n\n\n<p>\u904e\u53bb\u4e00\u5e74\uff0c\u8cc7\u5b89\u7814\u7a76\u4e5f\u89c0\u5bdf\u5230 Silver Fox \u7b49\u653b\u64ca\u7d44\u7e54\u66fe\u5229\u7528\u76f8\u540c\u6216\u985e\u4f3c\u6f0f\u6d1e\u9a45\u52d5\uff0c\u5148\u884c\u300c\u6e05\u9664\u300d\u5b89\u5168\u5de5\u5177\uff0c\u518d\u90e8\u7f72\u5f8c\u7e8c\u60e1\u610f\u7a0b\u5f0f\u3002<\/p>\n\n\n\n<p><strong>\u5c07\u9632\u79a6\u898f\u907f\u8207\u52d2\u7d22\u5408\u800c\u70ba\u4e00\uff1a\u653b\u64ca\u66f4\u6c89\u9ed8\u3001\u66f4\u6709\u6548<\/strong><\/p>\n\n\n\n<p>\u5c07\u9632\u79a6\u898f\u907f\u529f\u80fd\u8207\u52d2\u7d22\u8edf\u9ad4\u672c\u9ad4\u6574\u5408\uff0c\u6709\u5169\u5927\u512a\u52e2\uff1a<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>\u6e1b\u5c11\u5916\u90e8\u75d5\u8de1<\/strong>\uff1a\u4e0d\u9700\u984d\u5916\u4e0b\u8f09\u6216\u57f7\u884c\u5de5\u5177\uff0c\u964d\u4f4e\u88ab\u5075\u6e2c\u6a5f\u7387<\/li>\n\n\n\n<li><strong>\u7c21\u5316\u653b\u64ca\u6d41\u7a0b<\/strong>\uff1a\u52d2\u7d22\u8edf\u9ad4\u64cd\u4f5c\u8005\u4e0d\u9700\u984d\u5916\u6574\u5408\u6b65\u9a5f\uff0c\u653b\u64ca\u66f4\u6d41\u66a2<\/li>\n<\/ol>\n\n\n\n<p>Symantec \u8207 Carbon Black \u4e5f\u89c0\u5bdf\u5230\uff0c\u5728 Reynolds \u653b\u64ca\u524d\uff0c\u53d7\u5bb3\u7db2\u8def\u66fe\u51fa\u73fe\u53ef\u7591 side-loaded loader \u5e7e\u9031\uff0c\u52d2\u7d22\u8edf\u9ad4\u90e8\u7f72\u5f8c\uff0c\u653b\u64ca\u8005\u53c8\u4f7f\u7528 GotoHTTP \u9060\u7aef\u5b58\u53d6\u7a0b\u5f0f\uff0c\u986f\u793a\u5176\u76ee\u6a19\u662f\u5efa\u7acb\u9577\u671f\u6ef2\u900f\u8207\u6301\u7e8c\u63a7\u5236\u80fd\u529b\u3002<\/p>\n\n\n\n<p>\u8cc7\u5b89\u5c08\u5bb6\u6307\u51fa\uff0cBYOVD \u6280\u8853\u53d7\u5230\u9752\u775e\uff0c\u6b63\u56e0\u70ba\u5b83\u5229\u7528<strong>\u5408\u6cd5\u7c3d\u540d\u6a94\u6848<\/strong>\uff0c\u6bd4\u7d14\u60e1\u610f\u7a0b\u5f0f\u66f4\u96e3\u5f15\u8d77\u8b66\u793a\u3002<\/p>\n\n\n\n<p><strong>\u52d2\u7d22\u7522\u696d\u6301\u7e8c\u6f14\u9032<\/strong><\/p>\n\n\n\n<p>Reynolds \u7684\u65b0\u624b\u6cd5\u4e5f\u53cd\u6620\u52d2\u7d22\u8edf\u9ad4\u7522\u696d\u65e5\u76ca\u5c08\u696d\u5316\u8207\u9ad8\u6548\u7387\u7684\u8da8\u52e2\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u5168\u7403\u5316\u653b\u64ca\u8207\u81ea\u52d5\u5316<\/strong>\uff1aLockBit 5.0 \u5c0e\u5165 ChaCha20 \u52a0\u5bc6\u3001\u591a\u5e73\u53f0\u652f\u63f4\u3001\u9032\u968e\u53cd\u5206\u6790\u8207\u8a18\u61b6\u9ad4\u52a0\u5bc6\u6280\u8853<\/li>\n\n\n\n<li><strong>\u96f2\u7aef\u8207\u8cc7\u6599\u7aca\u53d6<\/strong>\uff1a\u653b\u64ca\u8005\u5c07\u76ee\u6a19\u5f9e\u5167\u90e8\u7db2\u8def\u8f49\u5411\u96f2\u7aef\u5b58\u5132\uff0c\u6feb\u7528 AWS S3 \u6b04\u4f4d\u932f\u8aa4\u8a2d\u5b9a\uff0c\u4f4e\u98a8\u96aa\u9ad8\u6548\u7387\u5730\u9032\u884c\u8cc7\u6599\u7aca\u53d6\u6216\u7834\u58de<\/li>\n\n\n\n<li><strong>\u5c08\u696d\u5316\u52d2\u7d22\u670d\u52d9<\/strong>\uff1aDragonForce \u63d0\u4f9b\u300c\u516c\u53f8\u8cc7\u6599\u5be9\u6838\u300d\u670d\u52d9\uff0c\u5305\u542b\u98a8\u96aa\u5831\u544a\u3001\u57f7\u884c\u624b\u518a\u8207\u7b56\u7565\u6307\u5c0e\uff0c\u5e6b\u52a9\u52a0\u76df\u5925\u4f34\u9ad8\u6548\u52d2\u7d22<\/li>\n<\/ul>\n\n\n\n<p>\u6839\u64da\u8cc7\u5b89\u516c\u53f8Cyble <a href=\"https:\/\/cyble.com\/knowledge-hub\/10-new-ransomware-groups-of-2025-threat-trend-2026\/\">\u8cc7\u6599<\/a>\uff0c2025 \u5e74\u52d2\u7d22\u8edf\u9ad4\u4e8b\u4ef6\u5171\u8a08 4,737 \u8d77\uff0c\u8f03 2024 \u5e74\u7565\u589e\uff1b\u50c5\u4f9d\u8cf4\u8cc7\u6599\u7aca\u53d6\u7684\u653b\u64ca\u66f4\u6210\u9577 23%\uff0c\u986f\u793a\u52d2\u7d22\u624b\u6cd5\u6b63\u5f9e\u55ae\u7d14\u52a0\u5bc6\u8f49\u5411\u591a\u5143\u5316\u5a01\u8105\u3002<\/p>\n\n\n\n<p>\u5e73\u5747\u8d16\u91d1\u4e5f\u660e\u986f\u63d0\u9ad8\uff0c2025 \u5e74\u7b2c\u56db\u5b63\u70ba 591,988 \u7f8e\u5143\uff0c\u8f03\u4e0a\u4e00\u5b63\u6210\u9577 57%\uff0c\u51f8\u986f\u653b\u64ca\u8005\u5229\u7528\u8cc7\u6599\u8207\u52a0\u5bc6\u96d9\u7ba1\u9f4a\u4e0b\uff0c\u7372\u5229\u80fd\u529b\u65e5\u76ca\u63d0\u5347\u3002<\/p>\n\n\n\n<p><strong>\u8cc7\u5b89\u89c0\u5bdf<\/strong><\/p>\n\n\n\n<p>\u5f9e Reynolds \u4e8b\u4ef6\u53ef\u898b\uff0c\u9ad8\u968e\u52d2\u7d22\u8edf\u9ad4\u4e0d\u518d\u53ea\u9760\u55ae\u4e00\u60e1\u610f\u7a0b\u5f0f\uff0c\u800c\u662f\u7d50\u5408 <strong>\u6f0f\u6d1e\u9a45\u52d5\u3001EDR <\/strong><strong>\u95dc\u9589\u3001\u9060\u7aef\u5b58\u53d6\u8207\u5f8c\u7e8c\u6301\u7e8c\u6ef2\u900f<\/strong>\uff0c\u5f62\u6210\u5b8c\u6574\u653b\u64ca\u93c8\u3002\u5c0d\u4f01\u696d\u800c\u8a00\uff0c\u9632\u79a6\u7b56\u7565\u4e0d\u80fd\u50c5\u4f9d\u8cf4\u50b3\u7d71\u9632\u6bd2\u6216\u52a0\u5bc6\u4fdd\u8b77\uff0c\u800c\u5fc5\u9808\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u5f37\u5316\u6f0f\u6d1e\u9a45\u52d5\u7ba1\u7406<\/strong><\/li>\n\n\n\n<li><strong>\u76e3\u63a7\u7570\u5e38\u7cfb\u7d71\u9032\u7a0b\u7d42\u6b62\u884c\u70ba<\/strong><\/li>\n\n\n\n<li><strong>\u63d0\u5347\u7db2\u8def\u5165\u4fb5\u5075\u6e2c\u8207\u6a6b\u5411\u79fb\u52d5\u9632\u8b77\u80fd\u529b<\/strong><\/li>\n<\/ul>\n\n\n\n<p>\u63db\u8a00\u4e4b\uff0c\u9762\u5c0d\u65b0\u4e00\u4ee3\u52d2\u7d22\u5a01\u8105\uff0c\u4f01\u696d\u9632\u8b77\u5fc5\u9808\u5f9e\u300c\u88dd\u7f6e\u5b89\u5168\u300d\u5347\u7d1a\u81f3 <strong>\u7cfb\u7d71\u8207\u6d41\u7a0b\u6574\u5408\u7684\u5168\u65b9\u4f4d\u9632\u8b77<\/strong>\u3002<\/p>\n\n\n\n<p>Reynolds\u52d2\u7d22\u8edf\u9ad4\u7684\u90e8\u5206\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n<p>5213706ae67a7bf9fa2c0ea5800a4c358b0eaf3fe8481be13422d57a0f192379<\/p>\n\n\n\n<p>e09686fde44ae5a804d9546105ebf5d2832917df25d6888aefa36a1769fe4eb4<\/p>\n\n\n\n<p>bf6686858109d695ccdabce78c873d07fa740f025c45241b0122cecbdd76b54e<\/p>\n\n\n\n<p>6bd8a0291b268d32422139387864f15924e1db05dbef8cc75a6677f8263fa11d<\/p>\n\n\n\n<p>206f27ae820783b7755bca89f83a0fe096dbb510018dd65b63fc80bd20c03261<\/p>\n\n\n\n<p>230b84398e873938bbcc7e4a1a358bde4345385d58eb45c1726cee22028026e9<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8fd1\u4f86\u8cc7\u5b89\u7814\u7a76\u63ed\u9732\uff0c\u4e00\u500b\u540d\u70ba Reynolds \u7684\u65b0\u8208\u52d2\u7d22\u8edf\u9ad4\u5bb6\u65cf\uff0c\u958b\u59cb\u5c07 BYOVD\uff08Bring Your O <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=4168\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174,213],"class_list":["post-4168","post","type-post","status-publish","format-standard","hentry","category-6","tag-news","tag-ransomware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4168"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4168\/revisions"}],"predecessor-version":[{"id":4170,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4168\/revisions\/4170"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}