{"id":49025,"date":"2017-04-21T09:00:32","date_gmt":"2017-04-21T01:00:32","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=49025"},"modified":"2017-04-19T16:57:52","modified_gmt":"2017-04-19T08:57:52","slug":"locky-%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92%e7%ad%89%e6%83%a1%e6%84%8f%e7%a8%8b%e5%bc%8f%e5%a6%82%e4%bd%95%e5%8f%8d%e5%88%b6%e5%82%b3%e7%b5%b1%e7%9a%84%e6%b2%99%e7%9b%92%e6%a8%a1%e6%93%ac%e5%88%86","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=49025","title":{"rendered":"Locky \u52d2\u7d22\u75c5\u6bd2\u7b49\u60e1\u610f\u7a0b\u5f0f,\u5982\u4f55\u53cd\u5236\u50b3\u7d71\u7684\u6c99\u76d2\u6a21\u64ec\u5206\u6790?"},"content":{"rendered":"

\"\"<\/a><\/h1>\n

<\/h2>\n

\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u7d93\u5e38\u662f\u50b3\u7d71\u7aef\u9ede\u9632\u8b77\u8207\u7db2\u8def\u9632\u8b77\u7684\u6700\u5f8c\u4e00\u9053\u9632\u7dda\u3002\u6240\u8b02\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u6b63\u5982\u5176\u540d\u6240\u8a00\uff0c\u5c31\u662f\u8b93\u60e1\u610f\u7a0b\u5f0f\u6216\u53ef\u7591\u6a94\u6848\u5728\u865b\u64ec\u5316\u7684\u63a7\u5236\u74b0\u5883\u7576\u4e2d\u6beb\u7121\u9867\u5fcc\u5730\u57f7\u884c\uff0c\u7136\u5f8c\u5206\u6790\u5176\u884c\u70ba\uff0c\u85c9\u6b64\u5224\u65b7\u6a94\u6848\u662f\u5426\u5b89\u5168\u3002\u6b64\u65b9\u6cd5\u6709\u52a9\u65bc\u78ba\u4fdd\u7aef\u9ede\u5b89\u5168\uff0c\u5c07\u4e0d\u4fe1\u4efb\u7684\u6a94\u6848\u9694\u96e2\uff0c\u4ee5\u514d\u5c0d\u7cfb\u7d71\u9020\u6210\u640d\u5bb3\uff0c\u751a\u81f3\u5371\u5bb3\u4f01\u696d\u57fa\u790e\u67b6\u69cb\u3002<\/p>\n

\u7136\u800c\uff0c\u5982\u679c\u60e1\u610f\u7a0b\u5f0f\u627e\u5230\u4e86\u53ef\u4ee5\u907f\u958b\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u7684\u65b9\u6cd5\u5462\uff1f\u5982\u679c\u60e1\u610f\u7a0b\u5f0f\u53ef\u4ee5\u77e5\u9053\u81ea\u5df1\u6b63\u5728\u6c99\u76d2\u6a21\u64ec\u74b0\u5883\u7576\u4e2d\u57f7\u884c\u5462\uff1f\u5982\u679c\u60e1\u610f\u7a0b\u5f0f\u523b\u610f\u96b1\u85cf\u81ea\u5df1\u7684\u60e1\u610f\u884c\u70ba\uff0c\u8b93\u6c99\u76d2\u6a21\u64ec\u74b0\u5883\u770b\u4e0d\u51fa\u4f86\u5462\uff1f<\/p>\n

\u4ee5\u4e0b\u63a2\u8a0e\u7576\u524d\u4e00\u4e9b\u77e5\u540d\u7684\u60e1\u610f\u7a0b\u5f0f\uff0c\u770b\u770b\u5b83\u5011\u5982\u4f55\u9a19\u904e\u50b3\u7d71\u8cc7\u5b89\u9632\u8b77\u3001\u5982\u4f55\u5728\u7cfb\u7d71\u4e0a\u66a2\u884c\u7121\u963b\uff0c\u4ee5\u53ca\u65b0\u7684\u300c\u9032\u968e\u300d\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u6280\u5de7\u5982\u4f55\u89e3\u6c7a\u9019\u4e9b\u554f\u984c\u3002<\/p>\n

\u4e0d\u6015\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u6280\u5de7\u7684\u77e5\u540d\u60e1\u610f\u7a0b\u5f0f<\/strong><\/h2>\n

Locky<\/a> \u00a0\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cf<\/a>\u00a0 (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba\uff1aRANSOM_LOCKY) \u662f\u6700\u7d93\u5178\u7684\u7bc4\u4f8b\uff0c\u5b83\u6700\u8457\u540d\u7684\u5c31\u662f\u80fd\u5920\u5229\u7528\u591a\u7a2e\u65b9\u6cd5\u4f86\u611f\u67d3\u7cfb\u7d71\uff0c\u5305\u62ec\uff1a\u00a0\u52a0\u5bc6\u7684 DLL<\/a>\u3001\u00a0Windows \u8173\u672c\u6a94<\/a>\u4ee5\u53ca\u793e\u4ea4\u5de5\u7a0b\u00a0\u5783\u573e\u90f5\u4ef6\u9644\u4ef6\u6a94\u6848\u00a0 <\/a>(\u6697\u85cf\u60e1\u610f\u5de8\u96c6\u7684\u6587\u4ef6\u6a94\u3001.RAR \u58d3\u7e2e\u6a94\uff0c\u4ee5\u53caJavaScript \u548c VBScript \u8173\u672c)\uff0c\u6216\u8005\u5229\u7528\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u00a0 <\/a>(\u4f8b\u5982\u4e4b\u524d\u6536\u9304\u4e86 Flash \u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\u7684\u67d0\u500b\u653b\u64ca\u5957\u4ef6)\u3002<\/p>\n

Locky \u5728 2016 \u5e74\u56e0\u70ba\u4f7f\u7528\u4e86\u7cfb\u7d71\u6838\u5fc3\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6<\/a>\u800c\u5099\u53d7\u77da\u76ee\u3002\u5176\u653b\u64ca\u7a0b\u5e8f\u4f7f\u7528\u4e86\u4e00\u500b\u6728\u99ac\u7a0b\u5f0f (TROJ_LOCKY.DLDRA<\/a>) \u4f86\u7576\u4f5c\u6a94\u6848\u4e0b\u8f09\u5de5\u5177\uff0c\u8a72\u6728\u99ac\u7a0b\u5f0f\u6703\u5229\u7528\u4e00\u500b\u672c\u6a5f\u6b0a\u9650\u5347\u7d1a\u6f0f\u6d1e (CVE-2015-1701<\/a>\uff1a\u65e9\u5728 2015 \u5e74 5 \u6708 12 \u65e5\u5373\u5df2\u4fee\u88dc)\uff0c\u507d\u88dd\u6210\u4e00\u500b\u7cfb\u7d71\u57f7\u884c\u7a0b\u5e8f\u4f86\u9a19\u904e\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u3002\u85c9\u7531\u7cfb\u7d71\u6838\u5fc3\u6f0f\u6d1e\uff0c\u99ed\u5ba2\u5c31\u80fd\u900f\u904e\u7cfb\u7d71\u6838\u5fc3\u6a5f\u5236 (\u5982\uff1a\u5de5\u4f5c\u9805\u76ee\u3001\u7cfb\u7d71\u57f7\u884c\u7dd2\u3001\u975e\u540c\u6b65\u7a0b\u5e8f\u547c\u53eb) \u4f86\u9023\u7dda\u81f3\u5e55\u5f8c\u64cd\u7e31 (C&C) \u4f3a\u670d\u5668\u4e26\u4e0b\u8f09\u52d2\u7d22\u75c5\u6bd2\u3002\u6240\u4ee5\uff0c\u99ed\u5ba2\u4e0d\u9700\u5728\u7cfb\u7d71\u4e0a\u7522\u751f\u6a94\u6848\u5c31\u80fd\u8b93\u7cfb\u7d71\u611f\u67d3\u60e1\u610f\u7a0b\u5f0f\u3002\u6b64\u6280\u5de7\u901a\u5e38\u6703\u914d\u5408\u7576\u5e74 Magnitude \u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u6240\u6536\u9304\u7684\u67d0\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\u00a0 (CVE-2016-1019<\/a>\uff1a2016 \u5e74 4 \u6708 5 \u65e5\u5df2\u4fee\u88dc)\u3002<\/p>\n

\u6700\u8fd1\u8f03\u65b0\u7684\u00a0\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cf\u00a0<\/a>\u4e5f\u958b\u59cb\u7a4d\u6975\u5229\u7528\u67d0\u4e9b\u6280\u5de7\u4f86\u5224\u65b7\u81ea\u5df1\u662f\u5426\u5728\u865b\u64ec\u6a5f\u5668 (VM) \u6216\u6c99\u76d2\u6a21\u64ec\u74b0\u5883\u7576\u4e2d\u57f7\u884c\u3002\u4f8b\u5982 Locky \u7684\u8b8a\u7a2e\u5c31\u6703\u5229\u7528\u5c64\u5c64\u7de8\u78bc\u7684\u60e1\u610f JavaScript \u4f86\u4e0b\u8f09\u4e26\u57f7\u884c\u58d3\u7e2e\u7684 DLL \u6a94\u6848\uff0c\u5167\u542b\u5075\u6e2c\u865b\u64ec\u6a5f\u5668\u548c\u57f7\u884c\u74b0\u5883\u7684\u7a0b\u5f0f\u78bc\u3002KeRanger<\/a> (OSX_KERANGER) \u662f\u4e00\u500b\u6697\u85cf\u5728\u6a94\u6848\u5206\u4eab\u8edf\u9ad4\u8207\u60e1\u610f Mach-O \u6a94\u6848<\/a>\u7684 Mac \u5e73\u53f0\u52d2\u7d22\u75c5\u6bd2\uff0c\u53ef\u5728\u88ab\u611f\u67d3\u7684\u7cfb\u7d71\u4e0a\u87c4\u4f0f\u4e09\u5929\u4e4b\u5f8c\u518d\u958b\u59cb\u52a0\u5bc6\u7cfb\u7d71\u4e0a\u7684\u6a94\u6848\u3002<\/p>\n

Shamoon\/Disttrack<\/a>\u00a0(WORM_DISTTRACK \u5bb6\u65cf) \u6700\u65e9\u767c\u73fe\u65bc 2012 \u5e74\uff0c\u901a\u5e38\u51fa\u73fe\u5728\u91dd\u5c0d\u6027\u653b\u64ca\u7576\u4e2d\uff0c\u4e3b\u8981\u653b\u64ca\u5c0d\u8c61\u70ba\u4e2d\u6771\u5730\u5340\u77e5\u540d\u6a5f\u69cb\u3002\u5b83\u6703\u5c07\u7cfb\u7d71\u4e3b\u958b\u6a5f\u78c1\u5340 (MBR) \u6e05\u9664\uff0c\u8b93\u53d7\u5bb3\u6a5f\u69cb\u7db2\u57df\u4e0b\u7684\u96fb\u8166\u548c\u4f3a\u670d\u5668\u7121\u6cd5\u958b\u6a5f\u3002\u7576\u5b83\u5728 2016 \u5e74 12 \u6708\u91cd\u51fa\u6c5f\u6e56\u6642\uff0c\u958b\u59cb\u591a\u4e86\u4e00\u500b\u53cd\u5236\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u74b0\u5883\u7684\u6280\u5de7\uff0c\u611f\u67d3\u7576\u4e0b\u4e0d\u6703\u51fa\u73fe\u60e1\u610f\u884c\u70ba\uff0c\u800c\u662f\u8a2d\u5b9a\u4e86\u4e00\u500b\u5b9a\u6642\u70b8\u5f48\u5728\u7279\u5b9a\u65e5\u671f\u548c\u6642\u9593\u89f8\u767c\uff0c\u6b64\u6642\u624d\u6703\u5728\u7cfb\u7d71\u4e0a\u690d\u5165\u60e1\u610f\u5143\u4ef6\u3002<\/p>\n

\u7121\u6a94\u6848\u5f0f\u60e1\u610f\u7a0b\u5f0f\u5982\u4f55\u907f\u958b\u6c99\u76d2\u6a21\u64ec\u5206\u6790?<\/strong><\/h2>\n

\u5c0d\u65bc\u7121\u6a94\u6848\u5f0f\u653b\u64ca\u4f86\u8aaa\uff0c\u5143\u4ef6\u8d8a\u5c11\u8d8a\u597d\u3002\u56e0\u70ba\u9019\u985e\u653b\u64ca\u4e00\u822c\u4e26\u7121\u5be6\u969b\u7684\u6a94\u6848\uff0c\u4e5f\u4e0d\u6703\u4e0b\u8f09\u6a94\u6848\u5230\u53d7\u5bb3\u96fb\u8166\u6216\u5beb\u5165\u786c\u789f\uff0c\u60e1\u610f\u7a0b\u5f0f\u901a\u5e38\u76f4\u63a5\u5728\u7cfb\u7d71\u8a18\u61b6\u9ad4\u4e2d\u57f7\u884c\u3002\u5c0d\u99ed\u5ba2\u4f86\u8aaa\uff0c\u6c92\u6709\u5be6\u9ad4\u53ef\u5206\u6790\u7684\u6a94\u6848\u5c31\u4e0d\u6703\u7559\u4e0b\u592a\u591a\u75d5\u8de1\uff0c\u6709\u52a9\u65bc\u53cd\u5236\u50b3\u7d71\u7684\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u3002<\/p>\n

\u7531\u65bc\u76f4\u63a5\u9032\u5165\u7cfb\u7d71\u8a18\u61b6\u9ad4\u6216\u7cfb\u7d71\u767b\u9304\u662f\u963b\u7919\u6700\u5c0f\u7684\u5165\u4fb5\u9014\u5f91\uff0c\u6240\u4ee5\u7121\u6a94\u6848\u5f0f\u653b\u64ca\u6280\u5de7\u5728\u7db2\u8def\u72af\u7f6a\u96c6\u5718\u4e4b\u9593\u958b\u59cb\u6d41\u884c\u8d77\u4f86\u3002\u00a0\u4e00\u4e9b\u5c08\u9580\u653b\u64ca\u4f01\u696d\u6a5f\u69cb\u7684\u6728\u99ac\u7a0b\u5f0f<\/a>\u00a0\u548c\u00a0\u92b7\u552e\u6ac3\u53f0\u7cfb\u7d71 (PoS) \u60e1\u610f\u7a0b\u5f0f<\/a>\u90fd\u662f\u85c9\u7531\u9019\u7a2e\u65b9\u5f0f\u6563\u5e03\u3002\u4f8b\u5982\uff0c\u7db2\u8def\u9593\u8adc\u7a0b\u5f0f Duqu 2.0 \u5c31\u662f\u5728\u53d7\u5bb3\u7cfb\u7d71\u7684\u8a18\u61b6\u9ad4\u4e2d\u76f4\u63a5\u57f7\u884c\u5176\u60e1\u610f\u6a21\u7d44\u3002\u5b83\u5229\u7528\u77e5\u540d\u7684\u6ef2\u900f\u6e2c\u8a66\u5de5\u5177 Metasploit \u76f4\u63a5\u5f9e\u53d7\u5bb3\u7cfb\u7d71\u7684\u8a18\u61b6\u9ad4\u4e2d\u7aca\u53d6\u5bc6\u78bc\uff0c\u7136\u5f8c\u5c07\u81ea\u5df1\u63d0\u5347\u5230\u7cfb\u7d71\u7684\u6b0a\u9650\u3002<\/p>\n

\u53e6\u4e00\u7a2e\u7121\u6a94\u6848\u5f0f\u653b\u64ca\u662f\u5229\u7528\u8173\u672c\u548c\u7cfb\u7d71\u5de5\u5177\u4f86\u904b\u4f5c\uff0c\u4f8b\u5982\uff0cVBA (Visual Basic for Applications) \u548c JavaScript (.JS) \u8173\u672c\u4ee5\u53ca HTML Application (.HTA)\u3001Publisher (.PUB) \u548c Compiled HTML (.CHM) \u90fd\u662f\u7121\u6a94\u6848\u5f0f\u653b\u64ca\u7d93\u5e38\u4f7f\u7528\u7684\u65b9\u5f0f\u3002\u4e00\u4e9b\u7cfb\u7d71\u5167\u5efa\u5de5\u5177\uff0c\u5982 PowerShell\u3001\u547d\u4ee4\u63d0\u793a\u5b57\u5143\u3001.Net Framework \u4e5f\u90fd\u662f\u6b79\u5f92\u5229\u7528\u7684\u5c0d\u8c61\u3002<\/p>\n

\u4ee5\u4e0b\u5217\u51fa\u5e7e\u7a2e\u7121\u6a94\u6848\u5f0f\u653b\u64ca\u8eb2\u907f\u6280\u5de7\u4f86\u5c0d\u7167\u5b83\u5011\u6240\u907f\u958b\u7684\u50b3\u7d71\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u6a5f\u5236\uff1a<\/p>\n\n\n\n\n\n\n\n
\u8eb2\u907f\u6280\u5de7<\/strong><\/td>\n\u7121\u6a94\u6848\u5f0f\u653b\u64ca<\/strong><\/td>\n\u50b3\u7d71\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u6a5f\u5236<\/strong><\/td>\n<\/tr>\n
\u907f\u958b\u6a94\u6848\u6383\u7784<\/td>\n\u4e0d\u4f7f\u7528\u6a94\u6848<\/td>\n\u96a8\u9078\u6a94\u6848\u6383\u7784<\/td>\n<\/tr>\n
\u907f\u958b\u884c\u70ba\u95dc\u806f\u5206\u6790<\/td>\n\u4f7f\u7528\u8173\u672c\u6216\u547d\u4ee4\u63d0\u793a\u5b57\u5143\u6307\u4ee4\uff0c\u8eb2\u85cf\u5728\u7cfb\u7d71\u57f7\u884c\u7a0b\u5e8f\u7576\u4e2d<\/td>\n\u6514\u622a\u7cfb\u7d71\u5c64\u6b21 API<\/td>\n<\/tr>\n
\u907f\u958b\u6c99\u76d2\u6a21\u64ec\u5206\u6790<\/td>\n\u00a0\u5ef6\u5f8c\u57f7\u884c (\u5efa\u7acb\u6392\u7a0b\u5de5\u4f5c)<\/td>\n\u00a0\u89c0\u5bdf\u6642\u9593\u6709\u9650<\/td>\n<\/tr>\n
\u907f\u958b\u9451\u8b58\u5206\u6790<\/td>\n\u8a18\u61b6\u9ad4\u5167\u7684\u611f\u67d3\u75d5\u8de1\u4e0d\u4e45\u5c31\u6703\u6d88\u5931<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/h2>\n

\u7531\u65bc\u8eb2\u907f\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u7684\u6280\u5de7\u5728\u60e1\u610f\u7a0b\u5f0f\u4e4b\u9593\u65e5\u6f38\u6d41\u884c\uff0c\u56e0\u6b64\u5f88\u91cd\u8981\u7684\u4e00\u9ede\u662f\uff0c\u6c99\u76d2\u74b0\u5883\u5fc5\u9808\u8981\u80fd\u5ba2\u88fd\u5316\uff0c\u624d\u80fd\u76e1\u53ef\u80fd\u7cbe\u78ba\u53cd\u6620\u771f\u5be6\u751f\u7522\u74b0\u5883\u7684\u7cfb\u7d71\u7d44\u614b (\u5305\u542b\u8edf\u9ad4\u5728\u5167)\u3002\u9019\u6709\u52a9\u65bc\u771f\u6b63\u5f15\u51fa\u53ef\u7591\u6a94\u6848\u7684\u60e1\u610f\u884c\u70ba (\u4f8b\u5982\u653b\u64ca\u7cfb\u7d71\u6838\u5fc3\u6f0f\u6d1e)\u3002\u6c99\u76d2\u6a21\u64ec\u74b0\u5883\u82e5\u80fd\u5f9e\u5404\u7a2e\u4e0d\u540c\u5c64\u9762\u4f86\u5206\u6790\u60e1\u610f\u6a94\u6848\u7684\u884c\u70ba\u548c\u7a0b\u5f0f\u78bc<\/a>\uff0c\u5305\u62ec\uff1a\u8173\u672c\u3001\u547d\u4ee4\u63d0\u793a\u5b57\u5143\u6307\u4ee4\u3001\u690d\u5165\u7cfb\u7d71\u7684\u6a94\u6848\u7b49\u7b49\uff0c\u5c31\u66f4\u80fd\u767c\u73fe\u7d93\u904e\u7de8\u78bc\u53ca\u64c5\u9577\u8eb2\u907f\u7684\u60e1\u610f\u7a0b\u5f0f\uff0c\u9019\u662f\u4e00\u822c\u50b3\u7d71\u6c99\u76d2\u6a21\u64ec\u74b0\u5883\u6240\u7121\u6cd5\u505a\u5230\u7684\u3002<\/p>\n

\u60e1\u610f\u7a0b\u5f0f\u53cd\u5236\u865b\u64ec\u6a5f\u5668\u7684\u7a0b\u5f0f\u78bc\u901a\u5e38\u6703\u7d93\u904e\u58d3\u7e2e\uff0c\u53ea\u6709\u8981\u57f7\u884c\u6642\u624d\u6703\u89e3\u958b\uff0c\u56e0\u6b64\u6c99\u76d2\u6a21\u5206\u6790\u5fc5\u9808\u8981\u80fd\u5728\u57f7\u884c\u6642\u671f\u767c\u6398\u53ca\u5075\u6e2c\u9019\u985e\u8eb2\u907f\u6280\u5de7\u624d\u80fd\u52a0\u4ee5\u9632\u7bc4\u3002<\/p>\n

\u5e02\u9762\u4e0a\u8a31\u591a\u6c99\u76d2\u89e3\u6c7a\u65b9\u6848\u901a\u5e38\u53ea\u6aa2\u67e5\u7cfb\u7d71 API (\u61c9\u7528\u7a0b\u5f0f\u4ecb\u9762)\uff0c\u800c\u9019\u53ea\u9700\u63a1\u7528\u7121\u6a94\u6848\u5f0f\u653b\u64ca\u5c31\u80fd\u907f\u958b (\u4f8b\u5982\u4f7f\u7528\u8173\u672c\u548c\u7cfb\u7d71\u5de5\u5177)\u3002\u8981\u9632\u7bc4\u9019\u985e\u653b\u64ca\uff0c\u9700\u8981\u66f4\u5168\u9762\u7684\u7cfb\u7d71\u76e3\u63a7\uff0c\u4e0d\u80fd\u53ea\u6aa2\u67e5\u7cfb\u7d71 API\uff0c\u9084\u8981\u6aa2\u67e5\u662f\u5426\u6709\u60e1\u610f\u901a\u8a0a\u3002<\/p>\n

\u50b3\u7d71\u7684\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u5927\u591a\u4ef0\u8cf4\u52d5\u614b\u7a0b\u5e8f\u5206\u6790 (\u5728\u6a21\u64ec\u74b0\u5883\u4e2d\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\u6a94\u6848\u4f86\u67e5\u770b\u5176\u884c\u70ba)\u3002\u4f46\u50cf CrypMIC (RANSOM_CRYPMIC) \u548c Cerber (RANSOM_CERBER) \u9019\u985e\u52d2\u7d22\u75c5\u6bd2\u537b\u6703\u5075\u6e2c\u7cfb\u7d71\u7684 CPU \u578b\u865f<\/a>\u00a0\u4f86\u5224\u65b7\u81ea\u5df1\u662f\u5426\u6b63\u5728\u6c99\u76d2\u6a21\u64ec\u74b0\u5883\u7576\u4e2d\u57f7\u884c\u3002<\/p>\n

\u300c\u9032\u968e\u300d\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u6280\u5de7\u5982\u4f55\u9632\u7bc4\u64c5\u9577\u8eb2\u907f\u7684\u60e1\u610f\u7a0b\u5f0f\uff1f<\/strong><\/h2>\n

\u8da8\u52e2\u79d1\u6280\u7684\u6c99\u76d2\u6a21\u64ec\u74b0\u5883\u53ef\u91dd\u5c0d\u4f7f\u7528\u8005\u5be6\u969b\u7684\u7cfb\u7d71\u7d44\u614b\u800c\u5ba2\u88fd\u5316\uff0c\u4e26\u7d50\u5408\u52d5\u614b\u7a0b\u5e8f\u5206\u6790\u8207\u975c\u614b\u6a94\u6848\u5206\u6790\u4f86\u63d0\u4f9b\u66f4\u512a\u7570\u7684\u9451\u8b58\u5206\u6790\u80fd\u529b\u3002\u80fd\u91dd\u5c0d\u6a94\u6848\u7684\u5404\u74b0\u7bc0\u9032\u884c\u53cd\u5411\u5de5\u7a0b\u5206\u6790\uff0c\u9032\u800c\u63d0\u5347\u6a94\u6848\u60e1\u610f\u7a0b\u5f0f\u78bc\u8207\u884c\u70ba\u7684\u5075\u6e2c\u7387\u3002\u4f8b\u5982 Shamoon \u7576\u4e2d\u7684\u5b9a\u6642\u70b8\u5f48\u5c31\u80fd\u7d93\u7531\u975c\u614b\u6a94\u6848\u5206\u6790\u4f86\u5075\u6e2c\uff0c\u76f4\u63a5\u6aa2\u67e5\u4e8c\u9032\u4f4d\u6a94\u6848\u4e2d\u7684\u65e5\u671f\u8cc7\u6599\uff0c\u7136\u5f8c\u900f\u904e\u52d5\u614b\u7a0b\u5e8f\u5206\u6790\u5728\u67d0\u4e9b\u7cfb\u7d71\u4e0a\u5075\u6e2c\u5176\u60e1\u610f\u884c\u70ba\u3002\u53e6\u4e00\u500b\u4f8b\u5b50\u662f\u4f7f\u7528\u547d\u4ee4\u63d0\u793a\u5b57\u5143\u6307\u4ee4\u6216\u5229\u7528 Component Model Object (COM) \u4f86\u5c07\u60e1\u610f\u7a0b\u5f0f\u78bc\u63d2\u5165\u57f7\u884c\u7a0b\u5e8f\u7576\u4e2d\uff0c\u9019\u662f\u55ae\u7d14\u7684\u884c\u70ba\u5206\u6790\u6240\u7121\u6cd5\u5075\u6e2c\u7684\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280 Deep Discovery<\/a>\u2122\u3001\u00a0Deep Security<\/a>\u2122 \u548c\u8da8\u52e2\u79d1\u6280\u8da8\u52e2\u79d1\u6280 OfficeScan<\/a>\u2122 \u7aef\u9ede\u9632\u8b77\u7576\u4e2d\u6240\u5305\u542b\u7684\u5ba2\u88fd\u5316\u6c99\u76d2\u6a21\u64ec\u5206\u6790\uff0c\u53ef\u6514\u622a API \u4f86\u5206\u6790\u8edf\u9ad4\u5143\u4ef6\u4e4b\u9593\u7684\u6e9d\u901a\u548c\u4e92\u52d5\uff0c\u6aa2\u67e5\u662f\u5426\u6709\u60e1\u610f\u7a0b\u5f0f\u8eb2\u907f\u6280\u5de7\u6240\u6703\u4f7f\u7528\u7684\u6574\u4e32\u7a0b\u5f0f\u78bc\u3002\u6b64\u5916\uff0c\u9084\u80fd\u52d5\u614b\u8ffd\u8e64\u3001\u63a7\u5236\u3001\u5206\u6790\u9019\u4e9b\u6307\u4ee4\u7684\u610f\u6db5\u4f86\u770b\u770b\u662f\u5426\u6697\u85cf\u8eb2\u907f\u6280\u5de7\u7684\u908f\u8f2f\u3002\u540c\u6642\u9084\u53ef\u5f9e\u9019\u4e9b\u6307\u4ee4\u9032\u4e00\u6b65\u627e\u51fa\u7a0b\u5f0f\u53ef\u80fd\u7684\u57f7\u884c\u8def\u5f91\u3002\u7136\u5f8c\u5206\u6790\u6bcf\u4e00\u689d\u8def\u5f91\u662f\u5426\u6709\u53ef\u7591\u6216\u60e1\u610f\u7684\u884c\u70ba (\u4f8b\u5982\u5148\u87c4\u4f0f\u4e00\u6bb5\u6642\u9593\u4e4b\u5f8c\u518d\u958b\u59cb\u57f7\u884c)\u3002<\/p>\n

\u4e8b\u5be6\u4e0a\uff0c\u4eca\u65e5\u7684\u5a01\u8105\u60c5\u52e2\u6709\u5982\u4e00\u5834\u8ecd\u5099\u7af6\u8cfd\u3002\u8cc7\u5b89\u7522\u696d\u96a8\u6642\u4e0d\u65b7\u5728\u63a8\u51fa\u65b0\u7684\u6280\u8853\uff0c\u7576\u7136\u7db2\u8def\u72af\u7f6a\u96c6\u5718\u4e5f\u4e0d\u9051\u591a\u8b93\u3002\u672a\u4f86\uff0c\u6b79\u5f92\u7684\u00a0\u72af\u7f6a\u624b\u6cd5\u3001\u6280\u5de7\u548c\u7a0b\u5e8f\u5c07\u66f4\u52a0\u8907\u96dc\u3001\u4e5f\u66f4\u52a0\u7d14\u719f<\/a>\u3002\u60e1\u610f\u7a0b\u5f0f\u5c07\u5177\u5099\u5404\u7a2e\u8eb2\u907f\u50b3\u7d71\u8cc7\u5b89\u9632\u8b77\u7684\u6280\u5de7\u3002\u5982\u540c\u6211\u5011\u5728 2016 \u5e74\u6240\u898b\uff0c\u6b79\u5f92\u7684\u884c\u70ba\u5df2\u958b\u59cb\u66f4\u52a0\u96b1\u5bc6\uff0c\u6253\u64ca\u9762\u4e5f\u66f4\u5ee3\uff0c\u56e0\u6b64\u6f0f\u6d1e\u653b\u64ca\u8207\u611f\u67d3\u65b9\u5f0f\u4ea6\u5c07\u5982\u6b64\u767c\u5c55\u3002\u9664\u4e86\u8173\u672c\u6a94 (.JS\u3001.VBS\u3001.VBA\u3001PowerShell \u7b49\u7b49) \u4e4b\u5916\uff0c\u6211\u5011\u9810\u6599 PE \u57f7\u884c\u6a94\u4e5f\u5c07\u51fa\u73fe\u66f4\u591a\u9019\u985e\u8eb2\u907f\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u7684\u6280\u5de7\u3002<\/p>\n

\u5118\u7ba1\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u7279\u5225\u64c5\u9577\u5075\u6e2c\u672a\u77e5\u5a01\u8105\u8207\u00a0\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca<\/a>\uff0c\u4f46\u5b83\u4e26\u975e\u842c\u9748\u4e39\uff0c\u56e0\u6b64\u6700\u597d\u5c07\u5b83\u7528\u4f86\u88dc\u5f37\u00a0\u9598\u9053<\/a>\u00a0\u3001\u00a0\u4f3a\u670d\u5668<\/a>\u00a0\u3001\u00a0\u7db2\u8def<\/a>\u00a0\u53ca\u00a0\u7aef\u9ede\u88dd\u7f6e<\/a>\u7b49\u591a\u5c64\u5f0f\u8de8\u4e16\u4ee3\u8cc7\u5b89\u9632\u8b77\u3002<\/p>\n

 <\/p>\n

\u539f\u6587\u51fa\u8655\uff1aHow can Advanced Sandboxing Techniques Thwart Elusive Malware?<\/a> \u4f5c\u8005\uff1aMoony Li <\/em>\u8207 Jerry Liu (<\/em>\u8da8\u52e2\u79d1\u6280\u7814\u767c\u5de5\u7a0b\u5e2b)<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u7d93\u5e38\u662f\u50b3\u7d71\u7aef\u9ede\u9632\u8b77\u8207\u7db2\u8def\u9632\u8b77\u7684\u6700\u5f8c\u4e00\u9053\u9632\u7dda\u3002\u6240\u8b02\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u6b63\u5982\u5176\u540d\u6240\u8a00\uff0c\u5c31\u662f\u8b93\u60e1\u610f\u7a0b\u5f0f\u6216\u53ef\u7591\u6a94\u6848 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[1268,2267],"tags":[2559,298,3145],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/49025"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=49025"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/49025\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=49025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=49025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=49025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}