{"id":13516,"date":"2015-08-05T11:00:35","date_gmt":"2015-08-05T03:00:35","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=13516"},"modified":"2015-08-19T10:43:52","modified_gmt":"2015-08-19T02:43:52","slug":"%e5%8f%b0%e7%81%a3%e5%92%8c%e9%a6%99%e6%b8%af%e6%95%b8%e5%ae%b6%e9%9b%bb%e8%a6%96%e5%92%8c%e6%94%bf%e5%ba%9c%e7%b6%b2%e7%ab%99%e9%81%adhacking-team-flash%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8a","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=13516","title":{"rendered":"\u53f0\u7063\u548c\u9999\u6e2f\u6578\u5bb6\u96fb\u8996\u548c\u653f\u5e9c\u7db2\u7ad9\u906dHacking Team Flash\u6f0f\u6d1e\u653b\u64ca"},"content":{"rendered":"

Hacking Team \u8cc7\u6599\u5916\u6d29<\/a>\u76f8\u95dc\u7684Flash\u6f0f\u6d1e\u653b\u64ca\uff0c\u88ab\u767c\u73fe\u5165\u4fb5\u4e86\u53f0\u7063\u548c\u9999\u6e2f\u7684\u7db2\u7ad9, \u6b64\u4e00\u653b\u64ca\u6d3b\u52d5\u5f9e 7\u67089\u65e5\u958b\u59cb,\u4e5f\u5c31\u662fHacking Team \u8cc7\u6599\u5916\u6d29<\/a>\u5ba3\u5e03\u88ab\u99ed<\/a>\u7684\u5e7e\u5929\u5f8c\u96a8\u5373\u53d7\u99ed\u3002\u6703\u4e0b\u8f09\u00a0Poison Ivy<\/em>\u9060\u7aef\u5b58\u53d6\u5de5\u5177<\/em><\/a>\u548c\u5176\u4ed6\u60e1\u610f\u8edf\u9ad4\u5230\u4f7f\u7528\u8005\u96fb\u8166\u4e0a\u3002<\/p>\n

PoisonIvy<\/a>\u662f\u500b\u5728\u5730\u4e0b\u5e02\u5834\u4e2d\u6d41\u884c\u7684RAT\u5f8c\u9580\u7a0b\u5f0f\uff0c\u901a\u5e38\u88ab\u7528\u5728\u300c\u9032\u968e\u6301\u7e8c\u6027\u6ef2\u900f\u653b\u64ca\u300d\uff08Advanced Persistent Threat\uff0c\u4ee5\u4e0b\u7c21\u7a31APT\u653b\u64ca\uff09<\/a>\u653b\u64ca\u4e2d\u3002\u9019\u500b\u5f8c\u9580\u7a0b\u5f0f\u5df2\u77e5\u6703\u6293\u53d6\u87a2\u5e55\u622a\u5716\u3001\u7db2\u8def\u651d\u5f71\u6a5f\u5f71\u50cf\u548c\u8072\u97f3\uff1b\u8a18\u9304\u6309\u9375\u548c\u6d3b\u52d5\u8996\u7a97\uff1b\u522a\u9664\u3001\u641c\u5c0b\u548c\u4e0a\u50b3\u6a94\u6848\u4e26\u57f7\u884c\u5176\u4ed6\u4fb5\u5165\u6027\u884c\u70ba\u3002<\/p>\n

\u9019\u4e00\u6ce2\u653b\u64ca\u5165\u4fb5\u4e86\u53f0\u7063\u7684\u96fb\u8996\u53f0\u3001\u6559\u80b2\u55ae\u4f4d\u3001\u5b97\u6559\u5718\u9ad4\u53ca\u4e00\u77e5\u540d\u653f\u9ee8\u7684\u7db2\u7ad9\uff1b\u9084\u6709\u4e00\u500b\u53d7\u6b61\u8fce\u7684\u9999\u6e2f\u65b0\u805e\u7db2\u7ad9\u3002\u9019\u4e9b\u53d7\u99ed\u7684\u7db2\u7ad9\u6709\u8457\u56fa\u5b9a\u7684\u4f7f\u7528\u8005,\u6bd4\u65b9\u8aaa\u63d0\u4f9b\u5c31\u696d\u8003\u8a66\u7d66\u653f\u5e9c\u50f1\u54e1\u7684\u6559\u80b2\u55ae\u4f4d,\u5df2\u7d93\u88fd\u4f5c\u548c\u9032\u53e3\u96fb\u8996\u7bc0\u76ee\u548c\u96fb\u5f71\u9577\u9054\u5341\u5e74\u7684\u53f0\u7063\u7db2\u8def\u96fb\u8996\u3002<\/p>\n

\u6211\u5011\u5df2\u7d93\u901a\u77e5\u4e86\u53d7\u653b\u64ca\u5f71\u97ff\u7db2\u7ad9\u7684\u6240\u6709\u8005\uff1b\u7136\u800c\u5230\u672c\u6587\u64b0\u5beb\u6642\uff0c\u9084\u6709\u4e09\u500b\u7db2\u7ad9\u8655\u5728\u53d7\u99ed\u72c0\u614b\u3002<\/p>\n

 <\/p>\n

Hacking Team<\/em><\/strong>\u7684\u75d5\u8de1\u4ecd\u7136\u5728\u90a3<\/em><\/strong><\/p>\n

\u653b\u64ca\u8005\u4e00\u958b\u59cb\u50b3\u9001Hacking Team\u6240\u6d41\u51fa\u7684Flash Player\u6f0f\u6d1e<\/a>\uff08CVE-2015-5119\uff09\u5230\u9810\u5148\u5165\u4fb5\u597d\u7684\u7db2\u7ad9\u4e0a\uff0c\u5c31\u5728\u8a72\u516c\u53f8\u5ba3\u5e03\u906d\u53d7\u99ed\u5ba2\u653b\u64ca\uff087\u67085\u65e5\uff09\u548cAdobe\u4fee\u88dc\u6f0f\u6d1e\uff087\u67087\u65e5\uff09\u7684\u5e7e\u5929\u5f8c\u3002\u653b\u64ca\u8005\u5011\u9032\u884c\u53e6\u4e00\u6ce2\u7684\u653b\u64ca\uff0c\u5c0e\u81f4\u53e6\u4e00\u500bHacking Team\u76f8\u95dc\u7684Flash\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca<\/a>\uff08CVE-2015-5122\uff09\u3002<\/p>\n

\"\"<\/p>\n

 <\/p>\n

\u57161<\/em>\u3001Hacking Team<\/em>\u76f8\u95dcFlash<\/em>\u6f0f\u6d1e\u653b\u64ca\u9001\u81f3\u53f0\u7063\u548c\u9999\u6e2f\u7db2\u7ad9\u7684\u6642\u9593\u8868<\/em><\/p>\n

 <\/p>\n

\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u5728\u7b2c\u4e00\u6ce2\u548c\u7b2c\u4e8c\u6ce2\u653b\u64ca\u958b\u59cb\u6642\uff0c\u5169\u500b\u53f0\u7063\u6559\u80b2\u6a5f\u69cb\u7db2\u7ad9\u7686\u5728\u653b\u64ca\u76ee\u6a19\u4e2d\u3002<\/p>\n

 <\/p>\n

\"\"<\/p>\n

\u57162<\/em>\u3001\u53f0\u7063\u53d7\u99ed\u7684\u5b97\u6559\u5718\u9ad4\u7db2\u7ad9<\/em><\/p>\n

 <\/p>\n

PoisonIvy<\/em><\/strong>\u548c\u5176\u4ed6\u60e1\u610f\u8edf\u9ad4<\/em><\/strong><\/p>\n

\u8da8\u52e2\u79d1\u6280<\/a>\u767c\u73fe\u6240\u6709\u53d7\u99ed\u7db2\u7ad9\uff08\u9664\u4e86\u4e00\u77e5\u540d\u53f0\u7063\u653f\u9ee8\u5b98\u65b9\u7db2\u7ad9\uff09\u90fd\u88ab\u7528iframe\u4f86\u6ce8\u5165\u4e00\u60e1\u610fSWF\uff0c\u6703\u5c0e\u81f4\u9060\u7aef\u8a2a\u554f\u5de5\u5177\uff08RAT\uff09\u00a0Poison Ivy<\/em><\/a> (BKDR_POISON.TUFW)\u3002<\/p>\n

\u800c\u53e6\u4e00\u65b9\u9762\uff0c\u8a72\u653f\u9ee8\u7db2\u7ad9\u6703\u5e36\u4f86\u5d4c\u5165\u5728\u5716\u7247\u5167\u7684\u4e0d\u540c\u60e1\u610f\u8edf\u9ad4\uff0c\u5075\u6e2c\u70baTROJ_JPGEMBED.F\u3002\u653f\u9ee8\u7db2\u7ad9\u8ddf\u5176\u4ed6\u53d7\u99ed\u7db2\u7ad9\u4e00\u6a23\u6703\u5c07\u8cc7\u6599\u767c\u9001\u5230\u540c\u4e00\u4f3a\u670d\u5668\uff08223[.]27[.]43[.]32\uff09\uff0c\u63a8\u6e2c\u9019\u662f\u540c\u4e00\u6ce2\u653b\u64ca\u6d3b\u52d5\u7684\u4e00\u90e8\u5206\u3002<\/p>\n

\"Hacking<\/a><\/p>\n

\u57163<\/em>\u3001Hacking Team Flash<\/em>\u6f0f\u6d1e\u653b\u64ca\u6240\u5d4c\u5165\u7684\u5716\u7247<\/em><\/p>\n

 <\/p>\n

\u96d6\u7136\u5206\u6790\u5de5\u4f5c\u4ecd\u5728\u9032\u884c\u4e2d\uff0c\u597d\u78ba\u5b9a\u9019\u6ce2\u653b\u64ca\u6d3b\u52d5\u662f\u5426\u70ba APT\u653b\u64ca<\/a>\uff0c\u8da8\u52e2\u79d1\u6280<\/a>\u5df2\u7d93\u770b\u5230\u4e00\u500b\u53ef\u7591\u7db2\u57dfwut[.]mophecfbr[.]com\u5d4c\u5165\u5728\u60e1\u610f\u8edf\u9ad4\u4e2d\uff0c\u5b83\u4e5f\u51fa\u73fe\u5728\u4e4b\u524d\u5831\u5c0e\u88ab\u7a31\u70ba\u300cTomato Garden\uff08\u756a\u8304\u82b1\u5712\uff09\u300d\u91dd\u5c0d\u6027\u653b\u64ca\u6240\u4f7f\u7528\u547d\u4ee4\u548c\u63a7\u5236\uff08C&C\uff09\u5217\u8868\u5167\u3002<\/p>\n

 <\/p>\n

\u5efa\u8b70<\/em><\/strong><\/p>\n

 <\/p>\n

\u70ba\u4e86\u9632\u6b62\u96fb\u8166\u906d\u53d7\u6f0f\u6d1e\u653b\u64ca\u548c\u60e1\u610f\u5f8c\u9580\u7a0b\u5f0f\u690d\u5165\uff0c\u4f7f\u7528\u8005\u8981\u66f4\u65b0Adobe Flash Player\u3002\u4f60\u53ef\u4ee5\u900f\u904eAdobe Flash Player\u7db2\u9801<\/a>\u4f86\u6aa2\u67e5\u81ea\u5df1\u662f\u5426\u4f7f\u7528\u6700\u65b0\u7684\u7248\u672c\u3002\u96a8\u6642\u4e86\u89e3\u5e38\u7528\u8edf\u9ad4\u7684\u6700\u65b0\u6d88\u606f\u4e5f\u6709\u5e6b\u52a9\u3002\u53c3\u8003\u6211\u5011\u7684\u90e8\u843d\u683c\u6587\u7ae0 \u2013 \u300cAdobe Flash\u96e3\u984c\uff1a\u7a4d\u91cd\u96e3\u8fd4<\/a>\u300d\u4f86\u4e86\u89e3\u66f4\u591a\u6700\u8fd1\u7684Flash\u76f8\u95dc\u4e8b\u4ef6\uff0c\u4ee5\u53ca\u4f7f\u7528\u8005\u548c\u4f01\u696d\u53ef\u4ee5\u505a\u4e9b\u4ec0\u9ebc\u3002<\/p>\n

 <\/p>\n

\u8da8\u52e2\u79d1\u6280\u53ef\u4ee5\u5075\u6e2c\u6b64\u4e8b\u4ef6\u4e2d\u7684\u6240\u6709\u60e1\u610f\u8edf\u9ad4\u548c\u6f0f\u6d1e\u653b\u64ca\u78bc\u3002SHA1\u503c\u5982\u4e0b\uff1a<\/p>\n