{"id":50374,"date":"2017-06-10T11:35:53","date_gmt":"2017-06-10T03:35:53","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=50374"},"modified":"2017-06-19T11:54:24","modified_gmt":"2017-06-19T03:54:24","slug":"%e6%96%b0%e5%9e%8b%e7%97%85%e6%af%92%e6%bb%91%e9%bc%a0%e6%bb%91%e9%81%8epowerpoint%e5%b0%b1%e4%b8%ad%e6%af%92","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=50374","title":{"rendered":"\u65b0\u578b\u75c5\u6bd2!\u6ed1\u9f20\u6ed1\u904ePowerPoint,\u5c31\u4e2d\u6bd2"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full alignleft\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2016\/08\/rootkit-feature-200x200.png\" width=\"200\" height=\"200\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u6700\u8fd1\u767c\u73fe\u53e6\u4e00\u7a2e\u6563\u64ad\u60e1\u610f\u8edf\u9ad4\u7684\u7368\u7279\u65b9\u6cd5\uff0c\u7576\u6ed1\u9f20\u505c\u5728PowerPoint\u6295\u5f71\u7247\u8d85\u9023\u63a5\u7684\u5716\u7247\u6216\u6587\u5b57\u6642\u5c31\u6703\u4e2d\u6bd2\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u4ee5\u507d\u88dd\u7684\u767c\u7968\u6216\u63a1\u8cfc\u8a02\u55ae\uff0c\u5305\u88dd\u6210PPSX<\/strong><strong>\u6216PPS<\/strong><strong>\u6a94\u6848,<\/strong><strong>\u8a98\u4f7f\u4f01\u696d\u63a1\u8cfc\u76f8\u95dc\u627f\u8fa6\u4eba\u9ede\u64ca<\/strong><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/TROJ_POWHOV.A\">POWHOV.A<\/a>\u6728\u99ac \u00a0\u4ee5\u507d\u88dd\u7684\u767c\u7968\u6216\u63a1\u8cfc\u8a02\u55ae\uff0c\u5305\u88dd\u6210\u5fae\u8edfPowerPoint Open XML Slide Show\uff08PPSX\uff09\u6216PowerPoint Show\uff08PPS\uff09\u6a94\u6848,\u8a98\u4f7f\u4f01\u696d\u63a1\u8cfc\u76f8\u95dc\u627f\u8fa6\u4eba\u9ede\u64ca\u3002<\/p>\n<p>\u63d0\u9192\u60a8:PPS\/PPSX\u8ddfPowerPoint\u6295\u5f71\u7247\u6a94\u6848\uff08PPT\u6216PPTX\uff09\u4e0d\u540c\uff0cPPSX\u6216PPS\u6a94\u6848\u6253\u958b\u5c31\u76f4\u63a5\u662f\u6295\u5f71\u6a21\u5f0f,\u800c\u5f8c\u8005\u53ef\u4ee5\u9032\u884c\u7de8\u8f2f\u3002<\/p>\n<p>\u4e00\u65e6\u53d7\u5bb3\u8005\u4e0b\u8f09\u4e26\u6253\u958b\u6a94\u6848\uff0c\u5c07\u6ed1\u9f20\u79fb\u904e\u5167\u5d4c\u60e1\u610f\u9023\u7d50\u7684\u6587\u5b57\u6216\u5716\u7247\u5373\u6703\u89f8\u767c\u6ed1\u9f20\u61f8\u505c\u52d5\u4f5c\uff0c\u5167\u5bb9\u88ab\u555f\u7528\u5f8c\uff0c\u5167\u5d4c\u7684\u60e1\u610fPowerShell\u8173\u672c\u6703\u88ab\u57f7\u884c\u4e0b\u8f09\u53e6\u4e00\u500bJScript\u7de8\u78bc\u6a94\u6848\u683c\u5f0f\uff08JSE\uff09\u7684\u4e0b\u8f09\u7a0b\u5f0f\uff08<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/JS_NEMUCOD.ELDSAUGH\">JS_NEMUCOD.ELDSAUGH<\/a>\uff09\uff0c\u6700\u5f8c\u6703\u5f9e\u547d\u4ee4\u8207\u63a7\u5236\uff08C&amp;C\uff09\u4f3a\u670d\u5668\u53d6\u5f97\u6709\u6548\u8f09\u8377\u3002<\/p>\n<p>\u4e26\u4e14\u5728\u5b89\u5168\u63d0\u793a\u8996\u7a97\u8df3\u51fa\u6642\u9078\u64c7\u555f\u7528\u5167\u5bb9\u3002<\/p>\n<p>\u7531\u65bc\u5fae\u8edf\u9810\u8a2d\u505c\u7528\u53ef\u7591\u6a94\u6848\u7684\u5167\u5bb9\uff0c\u900f\u904eOffice\u5f8c\u671f\u7248\u672c\u7684\u4fdd\u8b77\u700f\u89bd\u529f\u80fd\u4f86\u6e1b\u5c11Office\u529f\u80fd\u88ab\u60e1\u610f\u4f7f\u7528\uff0c\u50cf\u662f\u5de8\u96c6\u548c\u7269\u4ef6\u9023\u7d50\u8207\u5d4c\u5165\uff08OLE\uff09\u3002\u56e0\u6b64\uff0c\u5f15\u8a98\u53d7\u5bb3\u4eba\u6253\u958b\u6a94\u6848\u4e26\u555f\u7528\u60e1\u610f\u5167\u5bb9\u5728\u7cfb\u7d71\u4e0a\u57f7\u884c\u7684\u95dc\u9375\u662f<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=101\">\u793e\u4ea4\u5de5\u7a0b\uff08social engineering \uff09<\/a>\u9677\u9631\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/06\/mouseover-4.jpg\" alt=\"\u51fa\u73fe\u5b89\u5168\u901a\u77e5\/\u63d0\u793a\u7684\u60e1\u610fPPSX\u6a94\u6848\u6a23\u672c\" width=\"1024\" height=\"768\" \/><\/p>\n<p>\u51fa\u73fe\u5b89\u5168\u901a\u77e5\/\u63d0\u793a\u7684\u60e1\u610fPPSX\u6a94\u6848\u6a23\u672c<em>\u00a0<\/em><!--more--><\/p>\n<p>\u9019\u4f5c\u6cd5\u5728Microsoft PowerPoint\u7dda\u4e0a\u7248\u6216Office 365\u7db2\u9801\u7248\u4e26\u7121\u6cd5\u4f5c\u7528\uff0c\u56e0\u70ba\u5b83\u5011\u4e26\u4e0d\u63d0\u4f9b\u96e2\u7dda\/\u684c\u9762\u7248\u672c\u7684\u9019\u4e9b\u529f\u80fd\u3002\u4f46\u662fOffice 365\u7528\u6236\u4ecd\u7136\u53ef\u80fd\u5b58\u53d6\u5e33\u865f\u4e26\u900f\u904e\u5ba2\u6236\u7aef\uff08\u5b89\u88dd\u5728\u672c\u6a5f\u7684PowerPoint\uff09\u6253\u958b\u60e1\u610f\u6a94\u6848\u800c\u53d7\u5230\u5f71\u97ff\u3002<\/p>\n<p><strong>\u6ed1\u9f20\u61f8\u505c\u529f\u80fd\u8b93\u653b\u64ca\u93c8\u8b8a\u5f97\u66f4\u7cbe\u7c21<\/strong><\/p>\n<p>\u60e1\u610f\u7684\u6ed1\u9f20\u61f8\u505c\u6280\u8853\u4e0d\u9700\u8981\u4f9d\u9760\u5176\u4ed6\u8f09\u9ad4\u4f86\u63d0\u4f9b\u6709\u6548\u8f09\u8377\uff0c\u5c0d\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u4f86\u8aaa\u53ef\u4ee5\u8b93\u653b\u64ca\u93c8\u8b8a\u5f97\u66f4\u7cbe\u7c21\u3002\u5728\u6211\u5011\u6240\u53d6\u5f97\u548c\u5206\u6790\u7684\u5176\u4e2d\u4e00\u500b\u6a23\u672c\uff0c\u9019\u6709\u6548\u8f09\u8377\u88ab\u5d4c\u5165\u6a94\u6848\u7684<em>ppt\/slides\/_rels\/slide1.xml.rels<\/em>\uff1a<\/p>\n<figure class=\"thumbnail wp-caption alignnone\" style=\"width: 1080px\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/06\/mouseover-5.jpg\" alt=\"\u5d4c\u5165PPS\/PPSX\u6a94\u6848\u7684\u6709\u6548\u8f09\u8377\" width=\"1070\" height=\"291\" \/><figcaption class=\"caption wp-caption-text\">\u5d4c\u5165PPS\/PPSX\u6a94\u6848\u7684\u6709\u6548\u8f09\u8377<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p>Microsoft Office\u6587\u4ef6\uff08\u5982PowerPoint\u6a94\u6848\uff09\u662f\u8a31\u591a\u60e1\u610f\u8edf\u9ad4\u653b\u64ca\u4f01\u696d\u7684\u4e3b\u529b\uff0c\u56e0\u70ba\u9019\u985e\u578b\u7684\u6587\u4ef6\u5728\u5de5\u4f5c\u5834\u6240\u6703\u983b\u7e41\u51fa\u73fe\u3002\u800c\u50cf\u5de8\u96c6\u3001OLE\u548c\u6ed1\u9f20\u61f8\u505c\u7b49\u529f\u80fd\u4e5f\u6709\u6b63\u5e38\u7684\u7528\u9014\uff0c\u53ea\u662f\u843d\u5165\u4e86\u58de\u4eba\u4e4b\u624b\u3002\u793e\u4ea4\u5de5\u7a0b\u90f5\u4ef6\u52a0\u4e0a\u6ed1\u9f20\u61f8\u505c\uff08\u5982\u679c\u5f8c\u8005\u88ab\u505c\u7528\u7684\u8a71\u53ef\u80fd\u9700\u8981\u9ede\u4e00\u4e0b\uff09\u5c31\u53ef\u80fd\u6703\u8b93\u53d7\u5bb3\u8005\u4e2d\u6bd2\u3002\u9019\u96bb\u65b0\u578b\u75c5\u6bd2\u76ee\u524d\u5728\u6b50\u6d32\u51fa\u6c92\uff0c\u7279\u5225\u662f\u82f1\u570b\u3001\u6ce2\u862d\u3001\u8377\u862d\u548c\u745e\u5178\u3002\u53d7\u5f71\u97ff\u7684\u7522\u696d\u5305\u62ec\u88fd\u9020\u696d\u3001\u8a2d\u5099\u5546\u3001\u6559\u80b2\u3001\u7269\u6d41\u548c\u7159\u706b\u516c\u53f8\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u6700\u4f73\u4f5c\u6cd5<\/em><\/strong><\/p>\n<p>\u5efa\u8b70\u4f7f\u7528\u8005\u7528\u5fae\u8edf\u9810\u8a2d\u7684<a href=\"https:\/\/support.office.com\/zh-TW\/article\/%E4%BD%95%E8%AC%82%E5%8F%97%E4%BF%9D%E8%AD%B7%E7%9A%84%E6%AA%A2%E8%A6%96%EF%BC%9F-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653\">\u53d7\u4fdd\u8b77\u7684\u6aa2\u8996\u6a21\u5f0f<\/a>\uff0c\u5c24\u5176\u4e0b\u8f09\u81ea\u53ef\u80fd\u4e0d\u5b89\u5168\u5730\u65b9\u7684\u6587\u4ef6\u3002\u53d7\u4fdd\u8b77\u700f\u89bd\u6a21\u5f0f\u8b93\u4f7f\u7528\u8005\u53ef\u4ee5\u8b80\u53d6\u672a\u77e5\u6216\u53ef\u7591\u6587\u4ef6\u7684\u5167\u5bb9\uff0c\u540c\u6642\u53c8\u80fd\u5920\u986f\u8457\u5730\u6e1b\u5c11\u611f\u67d3\u6a5f\u6703\u3002\u5c0d\u65bcIT\/\u7cfb\u7d71\u7ba1\u7406\u54e1\u548c\u8cc7\u5b89\u5c08\u5bb6\u4f86\u8aaa\uff0c\u53ef\u4ee5\u505c\u7528\u9019\u4e9b\u529f\u80fd\u4f86\u6e1b\u5c11\u9019\u985e\u5a01\u8105\uff0c\u53ea\u8981\u900f\u904e\u4fee\u6539\u8a3b\u518a\u8868\u6216\u5be6\u65bd\u7fa4\u7d44\u539f\u5247\u4f86\u5c01\u9396\u4f7f\u7528\u8005\u6b0a\u9650\uff0c\u8b93\u9019\u4e9b\u5a01\u8105\u5f9e\u4e00\u958b\u59cb\u5c31\u4e0d\u6703\u88ab\u57f7\u884c\u3002<\/p>\n<p>\u9084\u9700\u8981\u5f37\u5236\u57f7\u884c\u6700\u4f4e\u6b0a\u9650\u539f\u5247\uff0c\u9650\u5236\u7cfb\u7d71\u4e0a\u7684root\u6216\u7ba1\u7406\u54e1\u6b0a\u9650\u3002\u53e6\u4e00\u500b\u4f5c\u6cd5\u662f\u5728<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/security-technology\/security-101-the-rise-of-fileless-threats-that-abuse-powershell\">\u4f7f\u7528\u548c\u9632\u8b77\u5de5\u5177\u548c\u670d\u52d9\uff08\u5982PowerShell\uff09\u6642\u9075\u5faa\u6700\u4f73\u4f5c\u6cd5<\/a>\uff0c\u6728\u99ac\u4e0b\u8f09\u7a0b\u5f0f\u9700\u8981\u7528\u5b83\u4f86\u53d6\u5f97\u548c\u5e36\u5165\u5176\u4ed6\u60e1\u610f\u8edf\u9ad4\u5230\u7cfb\u7d71\u5167\u3002<\/p>\n<p>\u5982\u679c\u5de8\u96c6\u548c\u6ed1\u9f20\u61f8\u505c\u7b49\u529f\u80fd\u662f\u696d\u52d9\u6d41\u7a0b\u6240\u5fc5\u9808\uff0c\u53ea\u5141\u8a31\u6703\u7528\u5230\u5b83\u5011\u7684\u61c9\u7528\u7a0b\u5f0f\/\u8edf\u9ad4\u4f7f\u7528\uff0c\u6216\u53ea\u5141\u8a31\u5df2\u7c3d\u7ae0\/\u5141\u8a31\u7684\u5de8\u96c6\u3002\u4e0d\u904e\uff0c\u9019\u4e9b\u4e0d\u80fd\u963b\u6b62\u60e1\u610f\u8edf\u9ad4\u6feb\u7528\u5de8\u96c6\u548c\u6ed1\u9f20\u61f8\u505c\u7b49\u529f\u80fd\uff1b\u6bd4\u65b9\u8aaa\uff0c\u7c3d\u7ae0\u5de8\u96c6\u7528\u7684\u6191\u8b49\u4e5f\u53ef\u80fd\u88ab\u7aca\u3002\u591a\u5c64\u6b21\u9632\u8b77\u4f5c\u6cd5\u624d\u662f\u95dc\u9375\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u8003\u616e\u4f7f\u7528<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/security-technology\/how-can-advanced-sandboxing-techniques-thwart-elusive-malware\">\u80fd\u5920\u9694\u96e2\u548c\u5206\u6790\u53ef\u7591\u9644\u52a0\u6a94\u6848\u7684\u6c99\u7bb1\u6280\u8853<\/a>\u3002<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/identifying-and-dividing-networks-and-users\/\">\u8cc7\u6599\u5206\u985e<\/a>\u548c<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/protecting-data-through-network-segmentation\">\u7db2\u8def\u5206\u6bb5<\/a>\u4e5f\u6709\u52a9\u65bc\u9650\u5236\u8cc7\u6599\u7684\u66b4\u9732\u9762\u548c\u6bc0\u640d\u3002<\/p>\n<p>\u8003\u616e\u5230\u96fb\u5b50\u90f5\u4ef6\u662f\u9019\u4e9b\u60e1\u610f\u8edf\u9ad4\u9032\u5165\u7cfb\u7d71\u7684\u5927\u9580\uff0c<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/infosec-guide-email-threats\">\u4fdd\u8b77\u90f5\u4ef6\u9598\u9053\u548c\u89e3\u6c7a\u90f5\u4ef6\u5a01\u8105<\/a>\u4e5f\u662f\u5fc5\u9808\u7684\u3002\u9451\u65bc\u793e\u4ea4\u5de5\u7a0b\u5728\u9019\u4e9b\u653b\u64ca\u626e\u6f14\u81f3\u95dc\u91cd\u8981\u7684\u89d2\u8272\uff0c\u589e\u5f37\u54e1\u5de5\u7684\u7db2\u8def\u5b89\u5168\u610f\u8b58\u6709\u52a9\u65bc\u5f37\u5316\u6c92\u6709\u842c\u9748\u4e39\u53ef\u89e3\u7684\u5f31\u9ede \u2013 \u4eba\u5fc3\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848<\/em><\/strong><\/p>\n<p>\u89e3\u6c7a\u9019\u4e9b\u985e\u578b\u7684\u5a01\u8105\u9700\u8981\u591a\u5c64\u6b21\u548c\u7a4d\u6975\u7684\u5b89\u5168\u4f5c\u6cd5 \u2013 \u5f9e<a href=\"https:\/\/www.trendmicro.com\/us\/business\/complete-user-protection\/index.html\">\u9598\u9053<\/a>\u3001<a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/product-security\/vulnerability-protection\/\">\u7aef\u9ede<\/a>\u3001<a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/security-risk-management\/deep-discovery\/#network-protection\">\u7db2\u8def<\/a>\u548c<a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/cloud-solutions\/deep-security\/software\/\">\u4f3a\u670d\u5668<\/a>\u3002\u8da8\u52e2\u79d1\u6280\u7aef\u9ede\u89e3\u6c7a\u65b9\u6848\uff08\u5982\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/www.trendmicro.tw\/tw\/business\/complete-software-protection\/index.html\">\u8da8\u52e2\u79d1\u6280HYPERLINK &#8220;https:\/\/www.trendmicro.tw\/tw\/business\/complete-software-protection\/index.html&#8221; Smart Protection Suites<\/a>\u00a0\u548c<a href=\"https:\/\/t.rend.tw\/?i=NDI1OA==\">Worry-Free Pro<\/a>\uff09\u80fd\u5920\u5075\u6e2c\u60e1\u610f\u6a94\u6848\u3001\u5783\u573e\u90f5\u4ef6\u53ca\u5c01\u9396\u6240\u6709\u76f8\u95dc\u60e1\u610f\u7db2\u5740\u4f86\u4fdd\u8b77\u4f7f\u7528\u8005\u548c\u4f01\u696d\u5c0d\u6297\u6b64\u985e\u5a01\u8105\u3002\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/security-risk-management\/deep-discovery\/\">Deep Discovery<\/a>\u5177\u5099\u96fb\u5b50\u90f5\u4ef6\u6aa2\u67e5\u80fd\u529b\u53ef\u4ee5\u5075\u6e2c\u60e1\u610f\u9644\u4ef6\u6a94\u548c\u7db2\u5740\u4f86\u4fdd\u8b77\u4f01\u696d\u3002<\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/www.trendmicro.com\/us\/small-business\/hosted-email-security\/\">Hosted Email Security<\/a>\u662f\u7121\u9700\u5ba2\u6236\u7dad\u8b77\u7684\u96f2\u7aef\u89e3\u6c7a\u65b9\u6848\uff0c\u53ef\u4ee5\u63d0\u4f9b\u6301\u7e8c\u66f4\u65b0\u7684\u9632\u8b77\u4f86\u963b\u6b62\u5783\u573e\u90f5\u4ef6\u3001\u60e1\u610f\u8edf\u9ad4\u3001\u9b5a\u53c9\u5f0f\u7db2\u8def\u91e3\u9b5a\u3001\u52d2\u7d22\u75c5\u6bd2\u53ca\u9032\u968e\u91dd\u5c0d\u6027\u653b\u64ca\uff0c\u751a\u81f3\u5728\u5b83\u5011\u62b5\u9054\u7db2\u8def\u4e4b\u524d\u3002\u5b83\u53ef\u4ee5\u4fdd\u8b77Microsoft Exchange\u3001<a href=\"https:\/\/www.trendmicro.com\/us\/business\/saas\/cloud-app-security\/office-365\/index.html\">\u5fae\u8edfOffice 365<\/a>\u3001Google Apps\u548c\u5176\u4ed6\u4ee3\u7ba1\u6216\u5167\u90e8\u90e8\u7f72\u7684\u96fb\u5b50\u90f5\u4ef6\u89e3\u6c7a\u65b9\u6848\u3002<\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/t.rend.tw\/?i=Mzk3OQ==\">\u8da8\u52e2\u79d1\u6280 OfficeScan<\/a>\u2122\u5177\u5099<a href=\"https:\/\/t.rend.tw\/?i=NTAyMA\">XGen<\/a>\u7aef\u9ede\u9632\u8b77\u529f\u80fd\uff0c\u878d\u5408\u4e86\u9ad8\u4fdd\u771f\u6a5f\u5668\u5b78\u7fd2\u8207\u5176\u4ed6\u5075\u6e2c\u6280\u8853\uff0c\u52a0\u4e0a\u5168\u7403\u5a01\u8105\u60c5\u5831\u4f86\u91dd\u5c0d\u9032\u968e\u60e1\u610f\u8edf\u9ad4\u63d0\u4f9b\u5168\u9762\u6027\u7684\u4fdd\u8b77\u3002<\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/network\/deep-discovery.html\">Deep Discovery Inspector<\/a>\u900f\u904e\u4ee5\u4e0bDDI\u898f\u5247\u4f86\u4fdd\u8b77\u5ba2\u6236\u514d\u65bc\u6b64\u5a01\u8105\uff1a<\/p>\n<ul>\n<li>DDI Rule 18 : DNS response of a queried malware Command and Control domain<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u4f7f\u7528\u9032\u968e\u5a01\u8105\u6383\u63cf\u5f15\u64ce\u7684\u8da8\u52e2\u79d1\u6280\u7522\u54c1\u5ba2\u6236\u53ef\u4ee5\u900f\u904e\u4ee5\u4e0b\u555f\u767c\u5f0f\u898f\u5247\u53d7\u5230\u4fdd\u8b77\uff1a<\/p>\n<ul>\n<li>SL\uff1a\u5167\u5d4c\u5728PowerPoint\u7684\u53ef\u7591\u6307\u4ee4<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><em>\u5165\u4fb5\u6307\u6a19\uff1a<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><em>\u76f8\u95dc\u54c8\u5e0c\u503c\uff08SHA256<\/em><em>\uff09\uff1a<\/em><\/p>\n<ul>\n<li>796a386b43f12b99568f55166e339fcf43a4792d292bdd05dafa97ee32518921 \u2013 <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/TROJ_POWHOV.A\">A<\/a><\/li>\n<li>55821b2be825629d6674884d93006440d131f77bed216d36ea20e4930a280302 \u2013 <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/JS_NEMUCOD.ELDSAUGH\">ELDSAUGH<\/a><\/li>\n<li>55c69d2b82addd7a0cd3bebe910cd42b7343bd3faa7593356bcdca13dd73a0ef \u2013 TROJ_OTLARD.TY<\/li>\n<\/ul>\n<p><em>\u5075\u6e2c\u70baP2KM_POWHOV.A<\/em><em>\uff08SHA256<\/em><em>\uff09\uff1a<\/em><\/p>\n<ul>\n<li>556d9cefd63d305cb03f0a37535b3951cdb6d9d191400e40dc1a85bc2f67f720<\/li>\n<li>ad48d4d432a76f92a52eb0869cbba754f9ea73df280a30c28eac88712bfbd479<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em>\u76f8\u95dc\u7684C&amp;C<\/em><em>\u7db2\u57df\uff1a<\/em><\/p>\n<ul>\n<li>hxxp:\/\/cccn[.]nl\/c[.]php<\/li>\n<li>hxxp:\/\/cccn[.]nl\/2[.]2<\/li>\n<li>hxxp:\/\/basisinkomen[.]nl\/a[.]php<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em>\u7528\u65bcC&amp;C<\/em><em>\u4f3a\u670d\u5668\u548c\u5783\u573e\u90f5\u4ef6\u767c\u9001\u7684\u53d7\u5bb3\u7db2\u7ad9\u76f8\u95dcIP<\/em><em>\u5730\u5740\u548c\u7db2\u5740\uff1a<\/em><\/p>\n<ul>\n<li>hxxp:\/\/netart[.]pl<\/li>\n<li>hxxp:\/\/chnet[.]se<\/li>\n<li>77[.]55[.]8[.]61<\/li>\n<li>85[.]128[.]212[.]154<\/li>\n<li>91[.]211[.]2[.]112<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\uff20\u53c3\u8003\u539f\u6587\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/mouseover-otlard-gootkit\/\">Mouse Over, Macro: Spam Run in Europe Uses \u00a0Action to Deliver Banking Trojan<br \/>\n<\/a>\u4f5c\u8005\uff1aRubio Wu\u548cMarshall Chen\uff08\u5a01\u8105\u5206\u6790\u5e2b\uff09<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; \u8da8\u52e2\u79d1\u6280\u6700\u8fd1\u767c\u73fe\u53e6\u4e00\u7a2e\u6563\u64ad\u60e1\u610f\u8edf\u9ad4\u7684\u7368\u7279\u65b9\u6cd5\uff0c\u7576\u6ed1\u9f20\u505c\u5728PowerPoint\u6295\u5f71\u7247\u8d85\u9023\u63a5\u7684\u5716\u7247\u6216 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[12,1268,31,65],"tags":[3296,1801],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/50374"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50374"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/50374\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}