{"id":50235,"date":"2017-05-26T16:52:11","date_gmt":"2017-05-26T08:52:11","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=50235"},"modified":"2017-06-12T17:53:16","modified_gmt":"2017-06-12T09:53:16","slug":"%e8%b3%87%e5%ae%89%e5%a8%81%e8%84%85%e8%b6%a8%e5%8b%a2%ef%bc%9a%e6%94%bb%e6%93%8a%e8%80%85%e4%bd%bf%e7%94%a8-lnk-%e6%aa%94%e6%a1%88%e4%b8%8b%e8%bc%89%e6%83%a1%e6%84%8f%e8%bb%9f%e9%ab%94","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=50235","title":{"rendered":"\u8cc7\u5b89\u5a01\u8105\u8da8\u52e2\uff1a\u653b\u64ca\u8005\u4f7f\u7528 LNK \u6a94\u6848\u4e0b\u8f09\u60e1\u610f\u8edf\u9ad4"},"content":{"rendered":"<p>PowerShell \u662f\u5fae\u8edf\u7684\u591a\u7528\u9014\u547d\u4ee4\u5217\u548c shell \u8173\u672c\u8a9e\u8a00\uff0c\u53ef\u4ee5\u8207\u8a31\u591a\u6280\u8853\u6574\u5408\u4e26\u4e14\u4e92\u52d5\u3002\u5b83\u53ef\u4ee5\u9ed8\u9ed8\u5730\u5728\u80cc\u666f\u57f7\u884c\uff0c\u7121\u9808\u57f7\u884c\u6a94\u5c31\u80fd\u5920\u53d6\u5f97\u7cfb\u7d71\u8cc7\u8a0a\u3002\u63db\u8a00\u4e4b\uff0c\u9019\u662f\u5c0d\u5a01\u8105\u8005\u76f8\u7576\u5177\u6709\u5438\u5f15\u529b\u7684\u5de5\u5177\u3002\u6709\u8a31\u591a\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u60e1\u610f\u4f7f\u7528 PowerShell \u7684\u77e5\u540d\u6848\u4f8b\uff1a\u50cf\u662f2016\u5e743\u6708\u7684\u00a0<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/tax-day-extortion-powerware-crypto-ransomware-targets-tax-files\/\">PowerWare\u52d2\u7d22\u75c5\u6bd2<\/a>\uff0c\u548c2016\u5e744\u6708\u7684\u65b0<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/new-fareit-strain-delivered-abusing-powershell\/\">Fareit\u60e1\u610f\u8edf\u9ad4<\/a>\u00a0\u8b8a\u7a2e\u3002\u56e0\u70ba\u9019\u770b\u8d77\u4f86\u662f\u6b63\u5728\u4e0a\u5347\u7684\u8da8\u52e2\uff0c\u5b89\u5168\u7ba1\u7406\u54e1\u5c0d\u65bc\u5982\u4f55\u9632\u6b62PowerShell\u8173\u672c\u9020\u6210\u640d\u5bb3\u4e5f\u8b8a\u5f97\u66f4\u52a0\u719f\u6089\u3002<\/p>\n<p>\u4e0d\u904e\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u627e\u5230\u53e6\u4e00\u7a2e\u65b9\u6cd5\u4f86\u57f7\u884cPowerShell\u8173\u672c \u2013 Windows LNK\uff08LNK\uff09\u3002\u4f7f\u7528\u8005\u5e38\u5e38\u53ef\u4ee5\u770b\u5230\u7684LNK\u6a94\u6848\u5c31\u662f\u6377\u5f91\uff0c\u51fa\u73fe\u5728\u684c\u9762\u548c\u958b\u59cb\u9078\u55ae\u3002<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/sham-g20-summit-email-carries-split-backdoor\/\">\u4e8b\u5be6\u4e0a\uff0cLNK\u6a94\u65e9\u57282013\u5e74\u5c31\u88ab\u7528\u4f5c\u653b\u64ca\u8f09\u9ad4<\/a>\u3002\u800c\u57282017\u5e74\u521d\uff0c\u6211\u5011\u6ce8\u610f\u5230\u6709\u6728\u99ac\u4e0b\u8f09\u7a0b\u5f0f<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/spam\/3606\/zip-within-a-zip-contains-locky-ransomware\">\u5229\u7528.zip\u5305\u542b.zip\u4f86\u63a9\u98fe\u4e00\u500b\u6703\u5e36\u4f86Locky\u52d2\u7d22\u75c5\u6bd2\u7684LNK\u6a94\u6848<\/a>\u3002<\/p>\n<p>\u73fe\u5728\uff0c\u6211\u5011\u770b\u898b\u8d8a\u4f86\u8d8a\u591a\u653b\u64ca\u4f7f\u7528\u60e1\u610f LNK \u6a94\u4f86\u5229\u7528\u6b63\u5e38\u61c9\u7528\u7a0b\u5f0f\uff08\u5982PowerShell\uff09\u4e0b\u8f09\u60e1\u610f\u8edf\u9ad4\u6216\u5176\u4ed6\u60e1\u610f\u6a94\u6848\u3002\u70ba\u4e86\u8aaa\u660eLNK \u7684\u4e0a\u5347\u4f7f\u7528\u8da8\u52e2\uff0c\u8acb\u770b\u770b\u4e00\u500bLNK \u60e1\u610f\u8edf\u9ad4\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70baLNK_DLOADR.*\uff09\u5982\u4f55\u5f9e2017\u5e74\u4e00\u6708\u958b\u59cb\u4e00\u8def\u98db\u5347\u3002\u9019\u4e0a\u5347\u5e45\u5ea6\u986f\u793a\u51fa\u9019\u6a23\u7684\u65b9\u6cd5\u6b63\u5728\u6210\u70ba\u6d41\u884c\uff1a<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/05\/LNK-01.jpg\" width=\"1260\" height=\"857\" \/><\/p>\n<p><em>\u57161<\/em><em>\u30014<\/em><em>\u500b\u6708\u9593\u7684LNK_DLOADR<\/em><em>\u5075\u6e2c\u6578\u91cf<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u6700\u8fd1\u7684 LNK-PowerShell<\/em><\/strong><strong><em>\u548c ChChes<\/em><\/strong><strong><em>\u653b\u64ca<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u57282016\u5e7410\u6708\uff0c\u6211\u5011\u770b\u5230\u653b\u64ca\u8005\u5229\u7528LNK\u52a0\u4e0aPowerShell\u548cBKDR_ChChes\u4f86\u5c0d\u65e5\u672c\u653f\u5e9c\u6a5f\u69cb\u548c\u5b78\u8853\u55ae\u4f4d\u9032\u884c\u91dd\u5c0d\u6027\u653b\u64ca\u3002\u653b\u64ca\u4e2d\u4f7f\u7528\u4e86\u507d\u88dd\u6210\u5047.jpg\u6a94\u6848\u7684\u60e1\u610fPowerShell\u6a94\u6848\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/05\/LNK-02.jpg\" width=\"1529\" height=\"773\" \/><\/p>\n<p><em>\u57162<\/em><em>\u3001\u57282016<\/em><em>\u5e74\u5341\u6708\u91dd\u5c0d\u65e5\u672c\u76ee\u6a19\u7684\u653b\u64ca<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6211\u5011\u57282017\u5e74\u4e00\u6708\u6ce8\u610f\u5230\u4e00\u500b\u99ed\u5ba2\u96c6\u5718 APT10\uff08\u4e5f\u7a31\u70baMenuPass\u3001POTASSIUM\u3001Stone Panda\u3001Red Apollo\u548cCVNX\uff09\u5728\u4e00\u6ce2\u5927\u898f\u6a21<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=15888\">\u9b5a\u53c9\u5f0f\u91e3\u9b5a\u653b\u64ca\uff08SPEAR PHISHING\uff09<\/a>\u4f7f\u7528\u985e\u4f3c\u624b\u6cd5\u3002\u5728\u6b64\u8d77\u653b\u64ca\u4e2d\uff0cLNK \u6a94\u6848\u57f7\u884ccmd.exe\u4f86\u4e0b\u8f09\u4e00\u500b\u96b1\u85cf\u4e86\u60e1\u610f PowerShell \u8173\u672c\u7684\u5047.jpg\u6a94\u6848\u3002<!--more--><\/p>\n<p>\u9019\u500b\u99ed\u5ba2\u96c6\u5718\u7e7c\u7e8c\u767c\u5c55\u81ea\u5df1\u7684\u7db2\u8def\u9593\u8adc\u6d3b\u52d5\uff0c\u4e26\u57282017\u5e744\u6708\u4e5f\u5229\u7528\u985e\u4f3c\u624b\u6cd5\u4f86\u4e0b\u8f09<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/operation-cloud-hopper-what-you-need-to-know\">BKDR_ChChes<\/a>\uff0c\u9019\u662f\u500b\u5e38\u898b\u65bc\u91dd\u5c0d\u6027\u653b\u64ca\u7684\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n<p><strong><em>\u65b0LNK-PowerShell<\/em><\/strong><strong><em>\u653b\u64ca<\/em><\/strong><\/p>\n<p>\u6211\u5011\u767c\u73fe\u4e86\u4e00\u8d77\u5f88\u53ef\u80fd\u4ecd\u5728\u9032\u884c\u4e2d\u7684\u653b\u64ca\u6d3b\u52d5\uff0c\u5b83\u4f7f\u7528\u4e86\u65b0\u4e14\u8907\u96dc\u7684LNK\u624b\u6cd5\u3002\u9019\u4e9b\u653b\u64ca\u4f3c\u4e4e\u4f7f\u7528\u4e86\u597d\u5e7e\u5c64\u7684Windows\u5167\u5efa\u547d\u4ee4\u5217\u5de5\u5177\u3002\u4ed6\u5011\u5bc4\u9001\u4e86\u91e3\u9b5a\u90f5\u4ef6\u4f86\u8a98\u9a19\u53d7\u5bb3\u8005\u958b\u555f\u5167\u5bb9\uff0c\u901a\u5e38\u662f\u5728DOCX\u6216RTF\u6587\u4ef6\u5167\u5d4c\u5165\u60e1\u610fLNK\u6a94\u3002\u9019LNK\u6a94\u4e26\u4e0d\u6703\u76f4\u63a5\u57f7\u884cPowerShell\uff0c\u800c\u662f\u57f7\u884cMSHTA.exe\uff08\u7528\u4f86\u958b\u555fHTML\u6a94\u6848\u7684\u61c9\u7528\u7a0b\u5f0f\uff09\uff0c\u5b83\u6703\u57f7\u884cJavascript\u6216VBScript\u4f86\u4e0b\u8f09\u4e26\u57f7\u884cPowerShell\u8173\u672c\u3002PowerShell\u63a5\u8457\u6703\u57f7\u884c\u53cd\u5411shell\uff08\u5982Metasploit\u6216Cobalt Strike\uff09\u4f86\u5b8c\u6210\u653b\u64ca\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/05\/LNK-03.jpg\" width=\"1385\" height=\"858\" \/><\/p>\n<p><em>\u57163<\/em><em>\u3001\u5229\u7528MSHTA.exe<\/em><em>\u7684\u8907\u96dcLNK<\/em><em>\u653b\u64ca<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u4e0a\u500b\u6708\u6211\u5011\u767c\u73fe\u53e6\u4e00\u6ce2<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=15888\">\u9b5a\u53c9\u5f0f\u91e3\u9b5a\u653b\u64ca\uff08SPEAR PHISHING\uff09<\/a>\u64ca\u4e5f\u5229\u7528\u4e86LNK\u8ddfPowerShell\u7684\u7d44\u5408\u3002\u4e0d\u904e\u5132\u5b58\u4e3b\u8981\u6709\u6548\u8f09\u8377\u7684\u547d\u4ee4\u8207\u63a7\u5236\uff08C&amp;C\uff09\u4f3a\u670d\u5668\u5df2\u7d93\u9023\u4e0d\u4e0a\u4e86\u3002<\/p>\n<p>\u4ed6\u5011\u7684\u4f5c\u6cd5\u770b\u8d77\u4f86\u6c92\u7528\u90a3\u9ebc\u591a\u5c64\uff1aLNK\u6a94\u5167\u5d4c\u5728\u6587\u4ef6\u4e2d\uff0c\u5982\u679c\u4f7f\u7528\u8005\u958b\u555f\u90f5\u4ef6\uff0c\u5b83\u6703\u57f7\u884cPowerShell\u6a94\uff08\u6216\u985e\u4f3c\u7684Windows\u547d\u4ee4\u884c\u5de5\u5177\uff09\u4f86\u4e0b\u8f09\u53e6\u4e00\u500b\u8173\u672c\u3002\u9019\u500b\u8173\u672c\u518d\u53bb\u4e0b\u8f09\u4e3b\u8981\u6709\u6548\u8f09\u8377\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/05\/LNK-04.jpg\" width=\"1502\" height=\"497\" \/><\/p>\n<p><em>\u57164<\/em><em>\u3001\u6bd4\u8f03\u4e0d\u90a3\u9ebc\u8907\u96dc\u7684LNK-PowerShell<\/em><em>\u653b\u64ca<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6211\u5011\u8a8d\u70ba\u6b64\u6ce2\u653b\u64ca\u53ef\u80fd\u5e36\u6709\u653f\u6cbb\u52d5\u6a5f\uff0c\u56e0\u70ba\u8a98\u990c\u4e3b\u984c\u8ddf\u7d93\u6fdf\u6216\u722d\u8b70\u8a71\u984c\u6709\u95dc\u3002\u4e0d\u904e\u8981\u9032\u884c\u5145\u5206\u5206\u6790\u5f88\u56f0\u96e3\uff0c\u56e0\u70ba\u7576C&amp;C\u4f3a\u670d\u5668\u6b7b\u6389\u5f8c\u4e5f\u6703\u8b93\u8ffd\u67e5\u65b7\u6389\u3002\u5982\u679c\u6c92\u6709\u5f97\u5230\u5168\u8c8c\uff0c\u5f88\u96e3\u5c07\u9019\u985e\u653b\u64ca\u8207\u5df2\u77e5\u653b\u64ca\u6d3b\u52d5\u9032\u884c\u95dc\u806f\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u96b1\u85cfLNK<\/em><\/strong><strong><em>\u547d\u4ee4<\/em><\/strong><\/p>\n<p>\u5728\u8a31\u591a\u6848\u4f8b\u4e2d\uff0c\u9019\u4e9b\u60e1\u610fLNK\u6587\u4ef6\u53ef\u4ee5\u63ed\u9732\u6709\u95dc\u653b\u64ca\u8005\u958b\u767c\u74b0\u5883\u7684\u73cd\u8cb4\u8cc7\u8a0a\u3002\u60f3\u8981\u9032\u884c\u5feb\u901f\u5206\u6790\uff0c\u900f\u904e\u6aa2\u8996\u6a94\u6848\u5c6c\u6027\u4ee5\u53d6\u5f97\u9019\u4e9b\u8cc7\u8a0a\u662f\u53ef\u80fd\u7684\u3002<\/p>\n<p>\u4f46\u6211\u5011\u770b\u898b\u4e86\u547d\u4ee4\u5217\u53c3\u6578\u8d85\u9577\u7684\u6848\u4f8b\uff0c\u900f\u904e\u5c6c\u6027&gt;\u6377\u5f91\u8996\u7a97\u4e5f\u7121\u6cd5\u5b8c\u5168\u770b\u898b\u3002\u67e5\u770b\u6642\u53ea\u80fd\u770b\u5230\u76ee\u6a19\u61c9\u7528\u7a0b\u5f0f\uff08CMD.exe\u3001MSHTA.exe\u53ca\u5176\u4ed6\u975e\u60e1\u610f\u547d\u4ee4\u5217\u61c9\u7528\u7a0b\u5f0f\uff09\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/05\/LNK-05.jpg\" width=\"386\" height=\"533\" \/><\/p>\n<p><em>\u57165<\/em><em>\u3001\u53ea\u80fd\u770b\u5230\u76ee\u6a19\u61c9\u7528\u7a0b\u5f0f<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6211\u5011\u7684\u6e2c\u8a66\u5f97\u51fa\u6377\u5f91&gt;\u5c6c\u6027&gt;\u76ee\u6a19\u7684\u6700\u5927\u9577\u5ea6\u53ea\u6709260\u500b\u5b57\u5143\u3002\u8d85\u904e\u5c31\u770b\u4e0d\u898b\u3002\u4f46\u662f\u547d\u4ee4\u5217\u53c3\u6578\u7684\u6700\u5927\u9577\u5ea6\u662f4096\u500b\u5b57\u5143\u3002<\/p>\n<p>\u653b\u64ca\u8005\u5be6\u969b\u4e0a\u5728\u60e1\u610f\u53c3\u6578\u524d\u52a0\u4e0a\u8a31\u591a\u7a7a\u683c\u6216\u63db\u884c\u7b26\u865f\u3002\u4f7f\u7528\u89e3\u6790\u5de5\u5177\u53ef\u4ee5\u770b\u5230\u66f4\u9577\u7684\u90e8\u5206\uff08\u57166\uff09\uff0c\u9084\u662f\u53ef\u4ee5\u6b63\u5e38\u904b\u4f5c\uff1a<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/05\/LNK-06.jpg\" width=\"677\" height=\"330\" \/><\/p>\n<p><em>\u57166<\/em><em>\u3001\u96b1\u85cf\u60e1\u610f\u7a0b\u5f0f\u78bc\u7684\u6a94\u6848<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u653b\u64ca\u8005\u5229\u7528\u9019\u4e00\u9ede\u4f86\u8a66\u5716\u507d\u88dd\u6216\u96b1\u85cf\u7a0b\u5f0f\u78bc\u7684\u60e1\u610f\u90e8\u5206\u3002\u9019\u7a2e\u586b\u5145\u7b56\u7565\u53ef\u4ee5\u9632\u6b62\u5c0dLNK\u6587\u4ef6\u7684\u5feb\u901f\u5206\u6790\uff0c\u4f46\u4f7f\u7528LNK\u89e3\u6790\u5de5\u5177\u4ecd\u7136\u53ef\u4ee5\u6b63\u5e38\u63d0\u53d6\u53c3\u6578\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u5efa\u8b70\u548c\u6700\u4f73\u5be6\u4f5c<\/strong><\/p>\n<p>\u60e1\u610f\u8edf\u9ad4\u4f5c\u8005\u5728\u6301\u7e8c\u52a0\u5f37\u81ea\u5df1\u7684\u5de5\u5177\u548c\u5c0b\u627e\u4e0d\u540c\u65b9\u5f0f\u4f86\u6d3e\u9001\u81ea\u5df1\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u3002\u5229\u7528\u9019\u4e9bLNK\u6a94\u6848\u53ea\u662f\u53e6\u5916\u4e00\u7a2e\u7b56\u7565\uff0c\u4f46\u662f\u6709\u8fa6\u6cd5\u53ef\u4ee5\u9632\u6b62\u548c\u6e1b\u8f15\u9019\u4e9b\u5a01\u8105\uff1a<\/p>\n<ul>\n<li>\u5347\u7d1aPowerShell\u5230\u7248\u672c5\uff0c\u9019\u5c6c\u65bcWindows\u7ba1\u7406\u6846\u67b6\u7684\u4e00\u90e8\u5206\uff0c\u4e14\u5305\u542b\u5728Windows 10\u5167\uff0c\u503c\u5f97\u63a8\u85a6\u3002\u4f7f\u7528<a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-desktop-optimization-pack\/agpm\/configure-logging-and-tracing\">\u7fa4\u7d44\u653f\u7b56\u4f86\u958b\u555f\u65e5\u8a8c\u529f\u80fd<\/a>\u597d\u66f4\u52a0\u5bb9\u6613\u6aa2\u67e5\u662f\u5426\u6709\u5916\u6d29\u4e8b\u4ef6\u767c\u751f\u3002<\/li>\n<li>\u4f7f\u7528\u8005\u548c\u4f01\u696d\u5728\u57f7\u884c\u90f5\u4ef6\u5167\u7684\u6a94\u6848\u6642\u90fd\u5fc5\u9808\u5c0f\u5fc3\u8b39\u614e\u3002*.EXE\u7684\u6a94\u6848\u901a\u5e38\u90fd\u6703\u81ea\u52d5\u88ab\u90f5\u4ef6\u4f3a\u670d\u5668\u5c01\u9396\uff0c\u4f46\u5982\u679c\u64d4\u5fc3\u5b89\u5168\u554f\u984c\uff0c\u7ba1\u7406\u54e1\u61c9\u8a72\u8003\u616e\u5c07*.LNK\u52a0\u5165\u5c01\u9396\u5217\u8868<\/li>\n<li>\u540c\u6a23\u4e0d\u5efa\u8b70\u6253\u958b\u4f86\u81ea\u90f5\u4ef6\uff08\u6216\u4f86\u81ea\u672c\u6a5f\u4ee5\u5916\u7684\u4efb\u4f55\u5730\u65b9\uff09\u7684\u4efb\u4f55LNK\u6a94\u6848\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u8981\u78ba\u8a8d\u662f\u5426\u70baLNK\u6a94\u6848\uff1a<\/p>\n<p>&nbsp;<\/p>\n<ol>\n<li>\u5982\u679c\u662f\u5728\u58d3\u7e2e\u6a94\uff08\u5982WinRAR\uff0cWinZip\uff09\u5167\uff0c<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2014\/05\/Fig-2_zip-file-powershell.jpg\">\u53ef\u4ee5\u6e05\u695a\u5730\u770b\u5230LNK\u526f\u6a94\u540d\uff0c\u9084\u53ef\u4ee5\u770b\u5230\u201c\u985e\u578b\u201d\uff08\u5b83\u8aaa\u662f\uff1a\u201c\u6377\u5f91\u201d\uff09<\/a>\u3002<\/li>\n<li>\u5c0d\u65bc\u4efb\u4f55Windows\u8cc7\u6599\u593e\uff0c\u6703\u51fa\u73fe\u5c0f\u5c0f\u7684\u7bad\u982d\u7b26\u865f\u5728\u5716\u793a\u53f3\u4e0a\u65b9\uff0c\u9019\u662fLNK\u6a94\u7684\u7279\u5fb5\u4e4b\u4e00\u3002<\/li>\n<\/ol>\n<p>\u53e6\u4e00\u7a2e\u65b9\u5f0f\u662f\uff1a\u5c07Windows\u8cc7\u6599\u593e\u5207\u63db\u5230\u201c\u8a73\u7d30\u8cc7\u8a0a\u6aa2\u8996\u201d\uff0c\u7136\u5f8c\u9078\u201c\u985e\u578b\u201d\u3002<\/p>\n<ol start=\"3\">\n<li>\u5c0d\u65bc\u5167\u5d4c\u5728Word \u7684LNK\u6a94\uff0c\u4f7f\u7528\u8005\u5fc5\u9808\u4e86\u89e3\u9019\u4e9b\u985e\u578b\u7684\u653b\u64ca\u77e5\u9053\u81ea\u5df1\u8981\u5c0b\u627e\u4ec0\u9ebc\u3002\u9632\u79a6\u81f3\u5c11\u8981\u505a\u5230\uff1a\u5728\u6c92\u6709\u78ba\u8a8d\u4f86\u6e90\u524d\u6c38\u9060\u4e0d\u8981\u6253\u958b\u9019\u4e9b\u985e\u578b\u7684\u6a94\u6848\u3002\u5982\u679c\u4f60\u7684\u7d44\u7e54\u4e0d\u9700\u8981\u4efb\u4f55\u5c01\u88dd\u7269\u4ef6\uff0c\u90a3\u9ebc\u9084\u53ef\u4ee5\u7528<a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/926530\">\u7de8\u8f2f\u8a3b\u518a\u8868<\/a>\u4f86<a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2016\/06\/14\/wheres-the-macro-malware-author-are-now-using-ole-embedding-to-deliver-malicious-files\/\">\u5b8c\u5168\u505c\u7528\u8a72\u529f\u80fd<\/a>\u3002<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.trendmicro.tw\/tw\/business\/complete-user-protection\/index.html\">\u8da8\u52e2\u79d1\u6280\u7684Smart Protection for Endpoint<\/a>\u5229\u7528 <a href=\"https:\/\/t.rend.tw\/?i=NTAyMA\">XGen<\/a> \u5b89\u5168\u9632\u8b77\u4f86\u7d50\u5408\u9ad8\u4fdd\u771f\u6a5f\u5668\u5b78\u7fd2\u52a0\u4e0a\u5404\u7a2e\u5a01\u8105\u9632\u8b77\u6280\u8853\u4f86\u6db5\u84cb\u6574\u500b\u4f7f\u7528\u8005\u6d3b\u52d5\u53ca\u6240\u6709\u7aef\u9ede\u4ee5\u6d88\u9664\u5b89\u5168\u96b1\u60a3\uff0c\u76e1\u53ef\u80fd\u5ee3\u6cdb\u5730\u9632\u8b77\u9032\u968e\u653b\u64ca\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/security-risk-management\/deep-discovery\/\">\u8da8\u52e2\u79d1\u6280\u7684Deep Discovery<\/a>\u63d0\u4f9b\u5c0d\u4eca\u65e5\u7684\u96b1\u853d\u6027\u60e1\u610f\u8edf\u9ad4\u548c\u91dd\u5c0d\u6027\u653b\u64ca\u7684\u5373\u6642\u5075\u6e2c\u3001\u6df1\u5165\u5206\u6790\u548c\u4e3b\u52d5\u56de\u61c9\u3002\u5b83\u63d0\u4f9b\u91cf\u8eab\u6253\u9020\u7684\u5168\u9762\u6027\u9632\u79a6\u4f86\u4fdd\u8b77\u7d44\u7e54\u5c0d\u6297\u91dd\u5c0d\u6027\u653b\u64ca\u548c\u9032\u968e\u5a01\u8105\uff0c\u900f\u904e\u7279\u88fd\u5f15\u64ce\u3001\u5ba2\u88fd\u5316\u6c99\u7bb1\u548c\u6a6b\u8de8\u6574\u500b\u653b\u64ca\u751f\u547d\u9031\u671f\u7684\u7121\u7e2b\u95dc\u806f\u6280\u8853\uff0c\u8b93\u5b83\u5373\u4f7f\u6c92\u6709\u66f4\u65b0\u5f15\u64ce\u6216\u75c5\u6bd2\u78bc\u4e5f\u80fd\u5920\u5075\u6e2c\u5a01\u8105\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\uff20\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/rising-trend-attackers-using-lnk-files-download-malware\/\">A Rising Trend: How Attackers are Using LNK Files to Download Malware<\/a> \u4f5c\u8005\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/bensons\/\">Benson Sy\uff08\u5a01\u8105\u7814\u7a76\u54e1\uff09<\/a><\/p>\n<p><a href=\"https:\/\/t.rend.tw\/?i=NTA0OQ\" rel=\"attachment wp-att-48079\"><br \/>\n<\/a><br \/>\n<a href=\"https:\/\/t.rend.tw\/?i=Mzc4NQ\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/08\/Windows10Banner-540x90v5.gif\" \/><br \/>\n<\/a><\/p>\n<p>\u300a \u60f3\u4e86\u89e3\u66f4\u591a\u95dc\u65bc\u7db2\u8def\u5b89\u5168\u7684\u79d8\u8a23\u548c\u5efa\u8b70\uff0c\u53ea\u8981\u5230<a href=\"https:\/\/www.facebook.com\/trendmicrotaiwan\">\u8da8\u52e2\u79d1\u6280\u7c89\u7d72\u7db2\u9801<\/a> \u6216\u4e0b\u9762\u7684\u6309\u9215\u6309\u8b9a \u300b<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.facebook.com\/plugins\/likebox.php?id=255176705131&amp;width=350&amp;connections=0&amp;stream=false&amp;header=false&amp;height=62\" width=\"300\" height=\"150\" frameborder=\"0\" scrolling=\"no\" data-mce-fragment=\"1\"><\/iframe><\/p>\n<p><b><\/b>\u300a\u63d0\u9192\u300b\u5c07\u6ed1\u9f20\u6e38\u6a19\u79fb\u52d5\u5230\u7c89\u7d72\u9801\u53f3\u4e0a\u65b9\u7684<strong>\u300c\u5df2\u8aaa\u8b9a\u300d<\/strong>\u6b04\u4f4d\uff0c\u52fe\u9078<strong>\u300c\u6436\u5148\u770b\u300d<\/strong>\u9078\u9805<strong>,<\/strong>\u6700\u65b0\u8cbc\u6587\u5c31\u6703\u512a\u5148\u986f\u793a\u5728\u52d5\u614b\u6d88\u606f\u9802\u7aef\uff0c\u8b93\u4f60\u4e0d\u6703\u932f\u904e\u4efb\u4f55\u66f4\u65b0\u3002<br \/>\n*\u624b\u6a5f\u7248\u76f4\u63a5\u524d\u5f80\u5c08\u9801\u9996\u9801\uff0c\u4e0b\u62c9\u8ffd\u8e64\u4e2d\uff0c\u5c31\u80fd\u5c07\u7c89\u7d72\u5c08\u9801\u8a2d\u5b9a\u6436\u5148\u770b\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u25bc \u6b61\u8fce\u52a0\u5165\u8da8\u52e2\u79d1\u6280\u793e\u7fa4\u7db2\u7ad9\u25bc<br \/>\n<strong><br \/>\n<\/strong><strong><a href=\"https:\/\/line.me\/ti\/p\/%40fgt4590r\"><img loading=\"lazy\" decoding=\"async\" class=\"\" src=\"https:\/\/biz.line.naver.jp\/line_business\/img\/btn\/addfriends_zh-Hant.png\" alt=\"\u597d\u53cb\u4eba\u6578\" width=\"89\" height=\"30\" border=\"0\" \/><\/a> <\/strong><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2762&amp;name=20111213\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/08\/eNews_images_2015_0161.gif\" alt=\"\" \/><\/a> <a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2764&amp;name=20111213\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/08\/eNews_images_2015_0171.gif\" alt=\"\" \/><\/a> <a href=\"https:\/\/www.trendmicro.tw\/tw\/\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/08\/eNews_images_2015_0131.gif\" alt=\"\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PowerShell \u662f\u5fae\u8edf\u7684\u591a\u7528\u9014\u547d\u4ee4\u5217\u548c shell \u8173\u672c\u8a9e\u8a00\uff0c\u53ef\u4ee5\u8207\u8a31\u591a\u6280\u8853\u6574\u5408\u4e26\u4e14\u4e92\u52d5\u3002\u5b83\u53ef\u4ee5\u9ed8\u9ed8\u5730\u5728 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[65],"tags":[3274,1483,3275],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/50235"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50235"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/50235\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}