2019ÄêQ1ÍøÂç·¸×ïÕ½ÊõºÍ¼¼Êõ»ã±¨;Windows¸üÐÂÓëɱ¶¾Ã¬¶Ü£¬£¬£¬£¬£¬µ¼ÖÂϵͳ¿¨ËÀ£»£»£»£»£»£»GootkitºÍAzorult
°ä²¼¹¦·ò 2019-04-29
Malwarebytes Labs°ä²¼2019ÄêµÚÒ»¼¾¶ÈµÄÍøÂç·¸×ïÕ½ÊõÓë¼¼Êõ»ã±¨£¬£¬£¬£¬£¬¸Ã»ã±¨Ö¸³öÆóÒµÔÚµÚÒ»¼¾¶ÈÔâ·êµÄÍþвÔö³¤ÁË235%£¬£¬£¬£¬£¬ÓÈÆäÊÇEmotetµÈľÂíºÍÀÕË÷Èí¼þÍþв¡£¡£¡£¡£¡£Õë¶ÔÓ×ÎÒÏû·ÑÕߵĶñÒâÈí¼þÍþв½µÂäÁ˽ü40%¡£¡£¡£¡£¡£Òƶ¯É豸ºÍMacÉ豸ԽÀ´Ô½³ÉΪ¸æ°×Èí¼þµÄÖ¸±ê£¬£¬£¬£¬£¬Mac¶ñÒâÈí¼þ´Ó2018ÄêQ4µ½2019ÄêQ1Ôö³¤ÁË60%£¬£¬£¬£¬£¬¸æ°×Èí¼þÔòÔö³¤ÁË200%¡£¡£¡£¡£¡£ÔÚÈ«ÇòÍþв¼ì²âÂÊÖÐÃÀ¹ú×î¸ß£¬£¬£¬£¬£¬Îª47£¥£¬£¬£¬£¬£¬Ó¡¶ÈÄáÎ÷ÑÇΪ9£¥£¬£¬£¬£¬£¬°ÍÎ÷Ϊ8£¥¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://blog.malwarebytes.com/cybercrime/2019/04/labs-cybercrime-tactics-and-techniques-report-finds-businesses-hit-with-235-percent-more-threats-in-q1/2.¹¥»÷ÕßÀûÓÃJasperLoader·Ö·¢ÒøÐÐľÂíGootkit£¬£¬£¬£¬£¬ÖØÒªÕë¶ÔÖÐÅ·
ÔÚ´Óǰ¼¸¸öÔÂÄÚ˼¿ÆTalos¹Û²ìµ½JasperLoaderµÄ¶ñÒâ¹¥»÷»î¶¯µÄÔö³¤£¬£¬£¬£¬£¬¸Ã¹¥»÷»î¶¯ÖØÒªÕë¶ÔÖÐÅ·¹ú¶È£¬£¬£¬£¬£¬ÓÈÆäÊǵ¹úºÍÒâ´óÀû¡£¡£¡£¡£¡£JasperLoaderѡȡ¶à½×¶ÎϰȾ¹ý³Ì£¬£¬£¬£¬£¬²¢Ô̺¬¶àÖÖ»ìºÏ¼¼Êõ£¬£¬£¬£¬£¬×îÖÕ·Ö·¢ÒøÐÐľÂíGootKit¡£¡£¡£¡£¡£JasperLoaderͨ¹ýÀ¬»øÓʼþ½øÐд«²¼£¬£¬£¬£¬£¬ÕâЩÀ¬»øÓʼþʹÓÃÁËÓÐЧ֤ÊéµÄÊðÃûÒÔÌá¸ß¿ÉÐŶȡ£¡£¡£¡£¡£×êÑÐÈËÔ±Ôڻ㱨ÖÐÁгöÁ˹¥»÷»î¶¯µÄ¾ßÌåIoC¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://blog.talosintelligence.com/2019/04/jasperloader-targets-italy.html3.AzorultľÂí¼Ù×°³ÉÐéαWindowsÇå½à¹¤¾ßG-Cleaner½øÐд«²¼
×êÑÐÈËÔ±Benkow·¢ÏÖAZORultľÂí¼Ù×°³ÉÒ»¸öWindowsÇå½à¹¤¾ß½øÐд«²¼£¬£¬£¬£¬£¬¸Ã¹¤¾ßÃûΪG-Cleaner»òGarbage Cleaner£¬£¬£¬£¬£¬¹¥»÷ÕßÉõÖÁ´´½¨ÁËÒ»¸öÍøÕ¾gcleaner[.]infoÀ´·Ö·¢¸ÃľÂí¡£¡£¡£¡£¡£¸ÃÍøÕ¾Ôì×÷Á¼ºÃ£¬£¬£¬£¬£¬¿´ÆðÀ´ÀàËÆÓںϷ¨µÄÈí¼þ¹ÙÍø£¬£¬£¬£¬£¬²¢ÇÒÈÔÔÚÕý³£ÔËÐÓ×£¡£¡£¡£¡£Ò»µ©Óû§×°ÖøöñÒâÈí¼þ£¬£¬£¬£¬£¬Ä¾Âí¾Í»áÇÔȡϵͳÉϵÄÃÜÂë¡¢Êý¾Ý¼°¼ÓÃÜÇ®±ÒÇ®°üµÈÐÅÏ¢¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/fake-windows-pc-cleaner-drops-azorult-info-stealing-trojan/4.×êÑÐÈËÔ±°ä²¼ÐÂÀÕË÷Èí¼þRobbinHoodµÄÑù±¾·ÖÎö
MalwareHunterTeam°ä²¼ÀÕË÷Èí¼þRobbinHoodµÄÑù±¾·ÖÎö¡£¡£¡£¡£¡£RobbinHoodÊÇÀÕË÷Èí¼þÁìÓòµÄ×îгÉÔ±£¬£¬£¬£¬£¬ÆäÖ¸±êÊÇÆóÒµºÍÍøÂçÉϵÄÍÆËã»ú£¬£¬£¬£¬£¬¸ÃÀÕË÷Èí¼þÖØÒªÍ¨¹ýRDP·þÎñ»òľÂí½øÐзַ¢¡£¡£¡£¡£¡£¸ÃÑù±¾ÔÚÔËÐÐʱ½«É±ËÀ181¸öÓëɱ¶¾Èí¼þ¡¢Êý¾Ý¿â¡¢Óʼþ·þÎñµÅ×йصÄWindows¹ý³Ì£¬£¬£¬£¬£¬²¢¶Ï¿ªÍøÂç¹²ÏíÏνӡ£¡£¡£¡£¡£¸ÃÑù±¾ÔÚ¼ÓÃÜÎļþʱ£¬£¬£¬£¬£¬»áΪÿһ¸öÎļþ´´½¨·ÖÆçµÄAESÃÜÔ¿£¬£¬£¬£¬£¬¶øºóÓÃRSA¹«Ô¿¼ÓÃÜAESÃÜÔ¿ºÍÔʼÎļþÃû¡£¡£¡£¡£¡£¼ÓÃܺóµÄÎļþ±»³Á¶¨ÃûΪEncrypted_[randomstring].enc_robbinhoodµÄÌåʽ¡£¡£¡£¡£¡£Ä¿Ç°ÉÐûÓиÃÀÕË÷Èí¼þµÄ½âÃÜÆ÷¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/a-closer-look-at-the-robbinhood-ransomware/5.LAZARUS APTй¥»÷»î¶¯£¬£¬£¬£¬£¬ÀûÓöñÒâWORDÎļþ¶Ô×¼MACÓû§
SentinelOne°ä²¼¹ØÓÚLazarus APTй¥»÷»î¶¯µÄ·ÖÎö»ã±¨¡£¡£¡£¡£¡£¹¥»÷ÕßÀûÓöñÒâWordÎĵµÕë¶ÔMACÓû§£¬£¬£¬£¬£¬¸ÃÎĵµµÄVBA¾ç±¾Ê×Ïȼì²âÊÇ·ñÔÚMacÉÏÔËÐУ¬£¬£¬£¬£¬ÈôÊÇÊÇ£¬£¬£¬£¬£¬ÔòcurlÎļþhttps//nzssdm.com/assets/mt.datµ½±¾µØ¡£¡£¡£¡£¡£mt.datµÄpayloadÊÇÒ»¸öMach-OµÄ64λ¿ÉÖ´ÐÐÎļþ£¬£¬£¬£¬£¬¸ÃÎļþÊÇÒ»¸ö¶¨ÔìµÄºóÃÅ£¬£¬£¬£¬£¬µ«Ö°ÄÜÉв»Ã÷È·£¬£¬£¬£¬£¬ÆäC2·þÎñÆ÷µÄIPµØÖ·ÒÀÈ»¿ÉÓᣡ£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/6.×î½üµÄWindows°²È«¸üÐÂÓëɱ¶¾Èí¼þì¶Ü£¬£¬£¬£¬£¬µ¼ÖÂϵͳ¿¨ËÀ
4ÔÂ9ÈÕ΢Èí°ä²¼Windows°²È«¸üк󣬣¬£¬£¬£¬Windows 7¡¢Windows 8.1¡¢Windows 2008¡¢Windows 2008 R2¡¢Windows 2012ºÍWindows 2012 R2µÄÓû§¶¼»ã±¨ÁË»úÄܽµÂäºÍ¿¨ËÀÎÊÌâ¡£¡£¡£¡£¡£Æ¾¾ÝMcAfeeºÍAvastµÄ²¼¸æ£¬£¬£¬£¬£¬¸ÃÎÊÌâÓëWindows¿Í»§¶Ë·þÎñÆ÷ÔËÐÐʱ×Óϵͳ£¨CSRSS£©·þÎñµÄ¸ü¸ÄÓйء£¡£¡£¡£¡£ÆäËü´æÔÚì¶ÜµÄɱ¶¾Èí¼þ»¹Ô̺¬Avira¡¢SophosµÈ¡£¡£¡£¡£¡£Î¢ÈíÉÐδ¾ÍÕâÒ»ÎÊÌâ½øÐлØÓ¦¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/software/windows-security-update-caused-recent-antivirus-conflicts-and-freezes/


¾©¹«Íø°²±¸11010802024551ºÅ