{"id":50474,"date":"2017-06-23T09:00:12","date_gmt":"2017-06-23T01:00:12","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=50474"},"modified":"2017-06-30T17:34:59","modified_gmt":"2017-06-30T09:34:59","slug":"%e5%8d%97%e9%9f%93%e7%b6%b2%e7%ab%99%e4%bb%a3%e7%ae%a1%e5%85%ac%e5%8f%b8%e9%81%ad-erebus-%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92%e8%a5%b2%e6%93%8a-153-%e5%8f%b0-linux-%e4%bc%ba%e6%9c%8d%e5%99%a8","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=50474","title":{"rendered":"\u5357\u97d3\u7db2\u7ad9\u4ee3\u7ba1\u516c\u53f8,\u906d Erebus \u52d2\u7d22\u75c5\u6bd2\u8972\u64ca, 153 \u53f0 Linux \u4f3a\u670d\u5668\u906d\u5230\u611f\u67d3"},"content":{"rendered":"<p>6 \u6708 10 \u65e5\uff0c\u5357\u97d3\u7db2\u7ad9\u4ee3\u7ba1\u516c\u53f8 <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/erebus-linux-ransomware-impact-to-servers-and-countermeasures\">NAYANA \u906d Erebus \u52d2\u7d22\u75c5\u6bd2\u8972\u64ca<\/a> (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba\uff1a<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/RANSOM_ELFEREBUS.A\">RANSOM_ELFEREBUS.A<\/a>)\uff0c\u5171\u6709 153 \u53f0 Linux \u4f3a\u670d\u5668\u8207 3,400 \u500b\u8a72\u516c\u53f8\u4ee3\u7ba1\u7684\u5546\u696d\u7db2\u7ad9\u906d\u5230\u611f\u67d3\u3002<\/p>\n<h3 class=\"page-header\">\u8207\u99ed\u5ba2\u9054\u6210\u5354\u8b70\u5206\u4e09\u671f\u652f\u4ed8\u903e\u767e\u842c\u7f8e\u5143\u8d16\u91d1<\/h3>\n<p>NAYANA \u516c\u53f8 6 \u6708 12 \u65e5\u5728\u5b98\u7db2\u767c\u5e03\u4e86\u4e00\u5247<a href=\"https:\/\/www.nayana.com\/bbs\/set_view.php?b_name=notice&amp;w_no=960\">\u516c\u544a<\/a>\uff0c\u8868\u793a\u99ed\u5ba2\u8981\u6c42 550 \u6bd4\u7279\u5e63 (BTC) \u7684\u5929\u50f9\u8d16\u91d1 (\u7d04\u5408 162 \u842c\u7f8e\u5143) \u4ee5\u89e3\u958b\u6240\u6709\u4f3a\u670d\u5668\u4e0a\u88ab\u52a0\u5bc6\u7684\u6a94\u6848\u30026 \u6708 14 \u65e5\uff0cNAYANA \u53c8\u767c\u5e03<a href=\"https:\/\/www.nayana.com\/bbs\/set_view.php?b_name=notice&amp;w_no=961\">\u65b0\u7684\u6d88\u606f<\/a>\u8868\u793a\u548c\u6b79\u5f92\u8a0e\u50f9\u9084\u50f9\u4e4b\u5f8c\u540c\u610f\u652f\u4ed8 397.6 \u6bd4\u7279\u5e63 (\u7d04\u5408 101 \u842c\u7f8e\u5143\uff1a\u6839\u64da 2017 \u5e74 6 \u6708 19 \u65e5\u532f\u7387)\uff0c\u4e26\u4e14\u7d04\u5b9a\u5206\u671f\u4ed8\u6b3e\u3002 6 \u6708 17 \u65e5\uff0cNAYANA \u7684\u5b98\u7db2\u53c8\u767c\u5e03\u4e00\u5247<a href=\"https:\/\/www.nayana.com\/bbs\/set_view.php?b_name=notice&amp;w_no=966\">\u8072\u660e<\/a>\u8868\u793a\u5df2\u7d93\u532f\u51fa\u7b2c\u4e8c\u671f\u6b3e\u9805\u3002\u5230\u4e86 <a href=\"https:\/\/www.nayana.com\/bbs\/set_view.php?b_name=notice&amp;w_no=967\">6 \u6708 18 \u65e5<\/a>\uff0cNAYANA \u958b\u59cb\u5206\u6279\u5fa9\u539f\u53d7\u5bb3\u4f3a\u670d\u5668\u3002\u4f46\u67d0\u4e9b\u7b2c\u4e8c\u6279\u5fa9\u539f\u7684\u4f3a\u670d\u5668\u537b\u51fa\u73fe\u4e86\u8cc7\u6599\u5eab\u932f\u8aa4\u7684\u60c5\u6cc1\u3002\u9810\u6599\u5728\u7b2c\u4e00\u548c\u7b2c\u4e8c\u6279\u4f3a\u670d\u5668\u6210\u529f\u5fa9\u539f\u4e4b\u5f8c\uff0c\u8a72\u516c\u53f8\u5c07\u518d\u652f\u4ed8\u7b2c\u4e09\u671f\u8d16\u91d1\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2016\/03\/ransomeware-e1474967529220.gif\" width=\"500\" height=\"330\" \/><\/p>\n<p>\u9019\u4e0d\u7981\u8b93\u4eba\u806f\u60f3\u5230\u7576\u5e74\u7f8e\u570b<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/kansas-hospital-hit-by-ransomware-extorted-twice\">\u582a\u85a9\u65af\u91ab\u9662 (Kansas Hospital)<\/a> \u7684\u53d7\u5bb3\u6848\u4f8b (\u5118\u7ba1\u8d16\u91d1\u7121\u6cd5\u76f8\u63d0\u4e26\u8ad6)\u3002\u4e0d\u904e\u582a\u85a9\u65af\u91ab\u9662\u7684\u60c5\u6cc1\u66f4\u60b2\u6158\uff0c\u56e0\u70ba<span class=\"highlight\">\u8a72\u9662\u5728\u4ed8\u4e86\u8d16\u91d1\u4e4b\u5f8c\u9084\u662f\u6c92\u6709\u6551\u56de\u88ab\u52a0\u5bc6\u7684\u6a94\u6848\uff0c\u53cd\u800c\u53c8\u518d\u88ab\u52d2\u7d22\u4e86\u4e00\u6b21\u3002<\/span><\/p>\n<p style=\"margin: 15.6pt 0cm 15.6pt 0cm;\"><span style=\"color: #4a4a4a;\">Erebus \u611f\u67d3\u4e86 NAYANA \u7684 Linux \u4f3a\u670d\u5668\uff0c\u4e26\u5229\u7528\u4e00\u500b\u5047\u7684\u85cd\u7259\u670d\u52d9\u4f86\u8b93\u81ea\u5df1\u5c31\u7b97\u7cfb\u7d71\u91cd\u65b0\u958b\u6a5f\u4e5f\u6703\u518d\u81ea\u52d5\u57f7\u884c\u3002\u6b64\u5916\uff0c\u66f4\u5229\u7528\u4e86 UNIX \u7cfb\u7d71\u7684 cron \u5de5\u4f5c\u6392\u7a0b\u5de5\u5177\u4f86\u5b9a\u671f\u6bcf\u5c0f\u6642\u6aa2\u67e5\u4e00\u6b21\u52d2\u7d22\u75c5\u6bd2\u662f\u5426\u9084\u5728\u57f7\u884c\u3002<\/span><span style=\"color: #4a4a4a;\">\u00a0<\/span><\/p>\n<p>Erebus \u52d2\u7d22\u75c5\u6bd2<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-recap-sept-23-2016\">\u6700\u65e9\u662f\u5728 2016 \u5e74 9 \u6708\u7d93\u7531\u60e1\u610f\u5ee3\u544a\u611f\u67d3<\/a>\uff0c2017 \u5e74 2 \u6708\u53c8\u518d\u5ea6\u73fe\u8eab\uff0c\u4e26\u4e14\u904b\u7528\u4e86\u4e00\u500b<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-recap-january-30-february-15-2017\">\u53ef\u907f\u958b Windows \u4f7f\u7528\u8005\u5e33\u6236\u63a7\u5236\u7684\u4f0e\u5006<\/a>\uff0c\u4ee5\u4e0b\u662f\u6709\u95dc Linux \u7248\u672c Erebus \u52d2\u7d22\u75c5\u6bd2\u76ee\u524d\u767c\u73fe\u5230\u7684\u4e00\u4e9b\u6280\u8853\u7d30\u7bc0\u3002<\/p>\n<figure class=\"thumbnail wp-caption alignnone\" style=\"width: 766px\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/06\/erebus-ransomware-1.jpg\" alt=\" Erebus \u7684\u52d2\u7d22\u8a0a\u606f\u6709\u591a\u570b\u8a9e\u8a00\u7248\u672c (\u672c\u5716\u70ba\u82f1\u6587\u7248\u672c)\u3002\" width=\"756\" height=\"796\" \/><figcaption class=\"caption wp-caption-text\">\u5716 1\uff1aErebus \u7684\u52d2\u7d22\u8a0a\u606f\u6709\u591a\u570b\u8a9e\u8a00\u7248\u672c (\u672c\u5716\u70ba\u82f1\u6587\u7248\u672c)\u3002<\/figcaption><\/figure>\n<p><!--more--><\/p>\n<figure class=\"thumbnail wp-caption alignnone\" style=\"width: 1102px\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/06\/erebus-ransomware-2.jpg\" alt=\"\u99ed\u5ba2\u793a\u7bc4\u5982\u4f55\u89e3\u958b\u88ab\u52a0\u5bc6\u6a94\u6848\u7684\u756b\u9762\u3002\" width=\"1092\" height=\"623\" \/><figcaption class=\"caption wp-caption-text\">\u5716 2\uff1a\u99ed\u5ba2\u793a\u7bc4\u5982\u4f55\u89e3\u958b\u88ab\u52a0\u5bc6\u6a94\u6848\u7684\u756b\u9762\u3002<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><strong><em>\u53ef\u80fd\u7684\u5165\u4fb5\u9014\u5f91<\/em><\/strong><br \/>\n\u9019\u500b Linux \u52d2\u7d22\u75c5\u6bd2\u5230\u5e95\u5982\u4f55\u9032\u5165\u96fb\u8166\u7cfb\u7d71\uff1f\u76ee\u524d\u6211\u5011\u53ea\u80fd\u63a8\u6e2c Erebus \u53ef\u80fd\u662f\u5229\u7528\u7cfb\u7d71\u7684\u6f0f\u6d1e\u6216\u662f\u5728\u672c\u5730\u7aef\u767c\u52d5\u6f0f\u6d1e\u653b\u64ca\u3002\u4f8b\u5982\uff0c\u6839\u64da\u516c\u958b\u8cc7\u8a0a\u986f\u793a\uff0cNAYANA \u516c\u53f8\u7684\u00a0<a href=\"https:\/\/www.nayana.com\/phpinfo.php\">\u7db2\u7ad9<\/a>\u4f7f\u7528\u7684\u662f 2.6.24.2 \u7248\u7684 Linux \u6838\u5fc3\uff0c\u5176\u88fd\u4f5c\u6642\u9593\u70ba 2008 \u5e74\u3002\u6b64\u7248\u672c\u5df2\u77e5\u6709\u4e00\u4e9b\u5b89\u5168\u6f0f\u6d1e (\u5982\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/new-flavor-dirty-cow-attack-discovered-patched\/\">DIRTY COW<\/a>) \u53ef\u8b93\u99ed\u5ba2\u53d6\u5f97\u7cfb\u7d71\u7ba1\u7406\u54e1\u6b0a\u9650\uff0c\u66f4\u5225\u8aaa\u9084\u6709\u5176\u4ed6\u5a01\u8105\u3002<\/p>\n<p>\u6b64\u5916\uff0cNAYANA \u7684\u7db2\u7ad9\u63a1\u7528\u7684\u662f Apache 1.3.36 \u7248\u8207 PHP 5.1.4 \u7248\u8edf\u9ad4\uff0c\u5169\u8005\u90fd\u662f 2006 \u5e74\u7684\u7248\u672c\u3002<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=49537\">Apache \u7684\u6f0f\u6d1e<\/a>\u8207<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/plesk-zero-day-exploit-results-in-compromised-webserver\/\">PHP \u6f0f\u6d1e\u653b\u64ca<\/a>\u65e9\u5df2\u5ee3\u70ba\u4eba\u77e5\uff0c\u4e8b\u5be6\u4e0a\uff0c<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=6045\">\u4e2d\u570b\u5730\u4e0b\u5e02\u5834\u4e0a\u5c31\u5927\u524c\u524c\u5730\u8ca9\u8ce3\u8457\u4e00\u5957\u5c08\u9580\u653b\u64ca Apache Struts \u6f0f\u6d1e\u7684\u5de5\u5177<\/a>\u3002\u9084\u6709\uff0cNAYANA \u6240\u7528\u7684 Apache \u662f\u4ee5\u300c<em>nobody(uid=99)<\/em>\u300d\u9019\u500b\u4f7f\u7528\u8005\u7684\u8eab\u5206\u57f7\u884c\uff0c\u4e5f\u5c31\u662f\u8aaa\uff0c\u6b79\u5f92\u4e5f\u53ef\u80fd\u662f\u4f7f\u7528\u672c\u5730\u7aef\u6f0f\u6d1e\u653b\u64ca\u624b\u6cd5\u3002<\/p>\n<figure class=\"thumbnail wp-caption alignnone\" style=\"width: 1049px\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/06\/erebus-ransomware-3.png\" alt=\"VirusTotal \u6240\u6536\u5230\u7684 Erebus Linux \u52d2\u7d22\u75c5\u6bd2\u901a\u5831\u3002\" width=\"1039\" height=\"671\" \/><figcaption class=\"caption wp-caption-text\">\u5716 3\uff1aVirusTotal \u6240\u6536\u5230\u7684 Erebus Linux \u52d2\u7d22\u75c5\u6bd2\u901a\u5831\u3002<\/figcaption><\/figure>\n<p>\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u6b64\u52d2\u7d22\u75c5\u6bd2\u7684\u6563\u5e03\u5340\u57df\u76f8\u7576\u4fb7\u9650\uff0c\u56b4\u683c\u8aaa\u4f86\u7d55\u5927\u591a\u6578\u90fd\u96c6\u4e2d\u5728\u5357\u97d3\u3002\u96d6\u7136\u9019\u6216\u8a31\u610f\u5473\u8457\u8a72\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u662f\u6709\u8a08\u756b\u7684\u91dd\u5c0d\u6027\u653b\u64ca\uff0c\u4f46\u6839\u64da VirusTotal \u7684\u8cc7\u6599\u986f\u793a\u4e26\u975e\u5982\u6b64\uff0c\u56e0\u70ba\u70cf\u514b\u862d\u548c\u7f85\u99ac\u5c3c\u4e9e\u5730\u5340\u4e5f\u51fa\u73fe\u4e86\u4e00\u4e9b\u6a23\u672c\u3002\u6b64\u5916\uff0c\u5f9e\u9019\u4e9b\u901a\u5831\u8cc7\u6599\u4e5f\u53ef\u770b\u51fa\u6a23\u672c\u662f\u4f86\u81ea\u4e0d\u540c\u7684\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1\u3002<\/p>\n<p><strong><em>\u52a0\u5bc6\u7a0b\u5e8f<\/em><\/strong><br \/>\n\u67d0\u4e9b\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cf\u6703\u5c07\u6a94\u6848\u91cd\u91cd\u52a0\u5bc6\uff0c\u4f8b\u5982\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/wannacry-uiwix-ransomware-monero-mining-malware-follow-suit\/\">UIWIX<\/a>\u3001<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/cerber-ransomware-evolution\/\">\u65b0\u7684 Cerber<\/a> \u4ee5\u53ca <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/new-ransomware-badblock-and-dma-locker-4-0\">DMA Locker<\/a>\u3002Erebus \u7684\u4f5c\u6cd5\u53c8\u66f4\u52a0\u8907\u96dc\uff0c\u6bcf\u500b\u88ab Erebus \u52a0\u5bc6\u7684\u6a94\u6848\u90fd\u63a1\u7528\u4ee5\u4e0b\u683c\u5f0f\uff1a<\/p>\n<table  class=\" table table-hover\" width=\"0\">\n<tbody>\n<tr>\n<td>\u6a19\u982d (0x438 \u500b\u4f4d\u5143\u7d44)<\/td>\n<\/tr>\n<tr>\n<td>\u4f7f\u7528 RSA-2048 \u52a0\u5bc6\u7684\u539f\u59cb\u6a94\u540d<\/td>\n<\/tr>\n<tr>\n<td>\u4f7f\u7528 RSA-2048 \u52a0\u5bc6\u7684 AES \u91d1\u9470<\/td>\n<\/tr>\n<tr>\n<td>\u4f7f\u7528 RSA-2048 \u52a0\u5bc6\u7684 RC4 \u91d1\u9470<\/td>\n<\/tr>\n<tr>\n<td>\u4f7f\u7528 RC4 \u52a0\u5bc6\u7684\u8cc7\u6599<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u9996\u5148\uff0c\u6a94\u6848\u6703\u4f7f\u7528\u96a8\u6a5f\u7522\u751f\u7684\u91d1\u9470\uff0c\u4e26\u4ee5 500KB \u70ba\u5340\u584a\u5927\u5c0f\u7684 RC4 \u6f14\u7b97\u6cd5\u52a0\u5bc6\u3002RC4 \u91d1\u9470\u518d\u7528 AES \u6f14\u7b97\u6cd5\u52a0\u5bc6\u4e4b\u5f8c\u5132\u5b58\u5728\u6a94\u6848\u4e2d\u3002AES \u91d1\u9470\u5247\u518d\u7528 RSA-2048 \u6f14\u7b97\u6cd5\u52a0\u5bc6\u4e4b\u5f8c\uff0c\u540c\u6a23\u4e5f\u5132\u5b58\u5728\u6a94\u6848\u4e2d\u3002<\/p>\n<p>\u96d6\u7136\u6bcf\u500b\u88ab\u52a0\u5bc6\u7684\u6a94\u6848\u90fd\u6709\u81ea\u5df1\u7684 RC4 \u548c AES \u91d1\u9470\uff0c\u4f46\u5176 RSA-2048 \u516c\u958b\u91d1\u9470\u5247\u662f\u5171\u7528\u7684\u3002RSA-2048 \u516c\u958b\u91d1\u9470\u6703\u5728\u672c\u5730\u7aef\u7522\u751f\uff0c\u4f46\u662f\u79c1\u5bc6\u91d1\u9470\u537b\u6703\u7d93\u7531 AES \u6f14\u7b97\u6cd5\u642d\u914d\u96a8\u6a5f\u7522\u751f\u7684\u91d1\u9470\u4f86\u52a0\u5bc6\u3002\u6839\u64da\u6211\u5011\u6301\u7e8c\u7684\u5206\u6790\u986f\u793a\uff0c\u9664\u975e\u62ff\u5230 RSA \u91d1\u9470\uff0c\u5426\u5247\u60f3\u8981\u89e3\u958b\u6a94\u6848\u6839\u672c\u7d55\u7121\u53ef\u80fd\u3002<\/p>\n<p><strong><em>\u53d7\u5bb3\u7684\u6a94\u6848\u985e\u578b<\/em><\/strong><br \/>\nOffice \u6587\u4ef6\u3001\u8cc7\u6599\u5eab\u3001\u5099\u4efd\u6a94\u6848\u3001\u591a\u5a92\u9ad4\u6a94\u6848\u7b49\u7b49\uff0c\u90fd\u662f\u52d2\u7d22\u75c5\u6bd2\u7d93\u5e38\u91dd\u5c0d\u7684\u6a94\u6848\u985e\u578b\u3002\u8a72\u7248\u672c\u7684 Erebus \u4e5f\u4e0d\u4f8b\u5916\uff0c\u5b83\u53ef\u52a0\u5bc6\u7684\u6a94\u6848\u985e\u578b\u5171 433 \u7a2e\u3002\u4e0d\u904e\uff0c\u6b64\u52d2\u7d22\u75c5\u6bd2\u4f3c\u4e4e\u662f\u885d\u8457\u7db2\u7ad9\u4f3a\u670d\u5668\u53ca\u5176\u8cc7\u6599\u800c\u4f86\u3002<\/p>\n<p>\u4e0b\u8868\u986f\u793a Erebus \u6703\u641c\u5c0b\u7684\u76ee\u9304\u8207\u7cfb\u7d71\u8cc7\u6599\u8868\u7a7a\u9593 (TableSpace)\u3002\u8acb\u6ce8\u610f\uff0c\u300c<em>var\/www\/<\/em>\u300d\u662f\u7db2\u7ad9\u6a94\u6848\u53ca\u8cc7\u6599\u5b58\u653e\u7684\u76ee\u9304\uff0c\u800c\u300c<em>ibdata<\/em>\u300d\u5247\u662f MySQL \u7528\u5230\u7684\u6a94\u6848\uff1a<\/p>\n<table  class=\" table table-hover\" width=\"0\">\n<tbody>\n<tr>\n<td width=\"200\"><strong>\u5305\u542b\u7684\u76ee\u9304\uff1a<\/strong><\/td>\n<td width=\"200\"><strong>\u6392\u9664\u7684\u76ee\u9304\uff1a<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"200\">var\/www\/<\/td>\n<td width=\"200\">$\/bin\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\"><strong>\u5305\u542b\u7684\u6a94\u6848\uff1a<\/strong><\/td>\n<td width=\"200\">$\/boot\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata0<\/td>\n<td width=\"200\">$\/dev\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata1<\/td>\n<td width=\"200\">$\/etc\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata2<\/td>\n<td width=\"200\">$\/lib\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata3<\/td>\n<td width=\"200\">$\/lib64\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata4<\/td>\n<td width=\"200\">$\/proc\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata5<\/td>\n<td width=\"200\">$\/run\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata6<\/td>\n<td width=\"200\">$\/sbin\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata7<\/td>\n<td width=\"200\">$\/srv\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata8<\/td>\n<td width=\"200\">$\/sys\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ibdata9<\/td>\n<td width=\"200\">$\/tmp\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ib_logfile0<\/td>\n<td width=\"200\">$\/usr\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ib_logfile1<\/td>\n<td width=\"200\">$\/var\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ib_logfile2<\/td>\n<td width=\"200\">\/.gem\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ib_logfile3<\/td>\n<td width=\"200\">\/.bundle\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ib_logfile4<\/td>\n<td width=\"200\">\/.nvm\/<\/td>\n<\/tr>\n<tr>\n<td width=\"200\">ib_logfile5<\/td>\n<td width=\"200\">\/.npm\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>\u5716 4\uff1aErebus \u6703\u641c\u5c0b\u7684\u7cfb\u7d71\u8cc7\u6599\u8868\u7a7a\u9593 (TableSpace)\u3002<\/em><\/p>\n<p><strong><em>\u843d\u5be6\u6700\u4f73\u5be6\u52d9\u539f\u5247<\/em><\/strong><br \/>\n\u5118\u7ba1<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=47496\">Unix \u548c\u985e Unix \u4f5c\u696d\u7cfb\u7d71 (\u5982 Linux)<\/a> \u7684\u5e02\u5360\u7387\u6709\u9650\uff0c\u4f46\u662f\u7576<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/research-and-analysis\/predictions\/2017\">\u52d2\u7d22\u75c5\u6bd2\u6301\u7e8c\u671d\u591a\u5143\u5316\u767c\u5c55\u4e14\u8d8a\u4f86\u8d8a\u6210\u719f<\/a>\u6642\uff0c\u9019\u4e9b\u7cfb\u7d71\u80af\u5b9a\u5c07\u6210\u70ba\u6b79\u5f92\u7684\u6416\u9322\u6a39\u4e4b\u4e00\u3002\u539f\u56e0\u70ba\u4f55\uff1f\u56e0\u70ba\u9019\u985e\u7cfb\u7d71\u5728\u8a31\u591a\u4f01\u696d\u57fa\u790e\u67b6\u69cb\u7576\u4e2d\u76f8\u7576\u666e\u904d\uff0c\u7d93\u5e38\u7528\u65bc\u5de5\u4f5c\u7ad9\u3001\u4f3a\u670d\u5668\u3001\u7db2\u7ad9\u8207\u61c9\u7528\u7a0b\u5f0f\u958b\u767c\u67b6\u69cb\u3001\u8cc7\u6599\u5eab\u3001\u884c\u52d5\u88dd\u7f6e\u7b49\u7b49\u3002<\/p>\n<p>\u800c\u4e14\u7576\u52d2\u7d22\u75c5\u6bd2\u80fd\u5920\u611f\u67d3\u4f3a\u670d\u5668\u548c\u7db2\u8def\u5171\u7528\u8cc7\u6599\u593e\u6642\uff0c\u5176\u7834\u58de\u529b\u5c07\u66f4\u5f37\uff0c\u5982\u6211\u5011\u5728 <a href=\"https:\/\/blog.trendmicro.com.tw\/?cat=3220\">WannaCry(\u60f3\u54ed)<\/a>\u52d2\u7d22\u8815\u87f2\u3001<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=17699\">SAMSAM<\/a>\u3001<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=17168\">Petya<\/a> \u548c <a href=\"https:\/\/blog.trendmicro.com.tw\/?p=29619\">HDDCryptor<\/a> \u7b49\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cf\u7684\u6848\u4f8b\u6240\u898b\u3002\u6709\u6642\uff0c\u7db2\u8def\u4e0a\u53ea\u8981\u6709\u4e00\u53f0\u96fb\u8166\u5b58\u5728\u8457\u6f0f\u6d1e\uff0c\u5176\u4ed6\u9023\u7db2\u7684\u7cfb\u7d71\u548c\u4f3a\u670d\u5668\u4e5f\u53ef\u80fd\u9023\u5e36\u906d\u6b83\u3002<\/p>\n<p>\u7531\u65bc\u52d2\u7d22\u75c5\u6bd2\u53ef\u80fd\u885d\u64ca\u4f01\u696d\u7684\u71df\u904b\u3001\u5546\u8b7d\u53ca\u7372\u5229\u80fd\u529b\uff0c\u56e0\u6b64\u4f01\u696d\u5fc5\u9808\u4e3b\u52d5\u9632\u7bc4\u50cf\u52d2\u7d22\u75c5\u6bd2\u9019\u6a23\u7684\u5a01\u8105\u3002\u7136\u800c\u8981\u9632\u7bc4\u50cf Erebus \u9019\u6a23\u7684\u52d2\u7d22\u75c5\u6bd2\u4e26\u7121\u55ae\u4e00\u65b9\u6cd5\uff0c\u9019\u4e5f\u6b63\u662f\u70ba\u4f55 IT \u7cfb\u7d71\u7ba1\u7406\u54e1\u5fc5\u9808\u63a1\u53d6\u7e31\u6df1\u9632\u79a6\u7684\u7b56\u7565\u3002<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=49998\">\u4ee5\u4e0b\u662f\u4e00\u4e9b\u9632\u7bc4\u52d2\u7d22\u75c5\u6bd2\u7684\u6700\u4f73\u5be6\u52d9\u539f\u5247<\/a>\uff1a<\/p>\n<ul>\n<li><a href=\"https:\/\/blog.trendmicro.com.tw\/?p=4707\">3-2-1 \u539f\u5247<\/a>\u5099\u4efd\u91cd\u8981\u6a94\u6848<\/li>\n<li>\u505c\u7528\u6216\u76e1\u91cf\u6e1b\u5c11\u7b2c\u4e09\u65b9\u6216\u672a\u7d93\u78ba\u8a8d\u7684\u7a0b\u5f0f\u5eab\u3002<\/li>\n<li>\u63a1\u53d6\u6700\u4f4e\u6388\u6b0a\u7684\u539f\u5247 (\u80fd\u4e0d\u958b\u653e\u7684\u6b0a\u9650\u5c31\u4e0d\u958b\u653e)\u3002<\/li>\n<li>\u78ba\u4fdd\u4f3a\u670d\u5668\u548c\u7aef\u9ede\u88dd\u7f6e\u96a8\u6642\u4fdd\u6301\u66f4\u65b0\uff0c\u6216\u8005\u90e8\u7f72<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/virtual-patching-in-mixed-environments-how-it-protects-you\/\">\u865b\u64ec\u4fee\u88dc\u6280\u8853<\/a>\u3002<\/li>\n<li><a href=\"https:\/\/blog.trendmicro.com.tw\/?p=29626\">\u5e38\u614b\u6027\u76e3\u63a7\u7db2\u8def\u3002<\/a><\/li>\n<li>\u6aa2\u67e5\u4e8b\u4ef6\u8a18\u9304\u6a94\u5167\u662f\u5426\u6709\u906d\u5230\u5165\u4fb5\u6216\u611f\u67d3\u7684\u8de1\u8c61\u3002<\/li>\n<\/ul>\n<p>\u53ef\u8003\u616e\u63a1\u7528\u4ee5\u4e0b\u9632\u8b77\u6a5f\u5236\uff1a<\/p>\n<ul>\n<li>IP \u904e\u6ffe\u8207\u5165\u4fb5\u9632\u8b77\u7cfb\u7d71\u3002<\/li>\n<li>Linux \u5b89\u5168\u64f4\u5145\u529f\u80fd\uff0c\u59a5\u5584\u7ba1\u7406\u6a94\u6848\u8207\u7cfb\u7d71\/\u7db2\u8def\u8cc7\u6e90\uff0c\u4e26\u7ba1\u5236\u5176\u5b58\u53d6\u3002<\/li>\n<li><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/protecting-data-through-network-segmentation\">\u7db2\u8def\u5206\u5272<\/a>\u8207<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=12484\">\u8cc7\u6599\u5206\u985e<\/a>\u53ef\u9650\u5236\u53ca\u9632\u6b62\u611f\u67d3\u64f4\u5927\uff0c\u907f\u514d\u8cc7\u6599\u9032\u4e00\u6b65\u640d\u5931\u3002<\/li>\n<li>\u555f\u7528 Linux \u7684\u6b0a\u9650\u5206\u96e2\u529f\u80fd\u3002<\/li>\n<\/ul>\n<p><em>\u6211\u5011\u5c07\u6301\u7e8c\u5206\u6790\u6b64 Linux \u52d2\u7d22\u75c5\u6bd2\uff0c\u4e00\u6709\u6700\u65b0\u6d88\u606f\u5c31\u6703\u5728\u90e8\u843d\u683c\u4e0a\u516c\u5e03\u3002<\/em><\/p>\n<p><em><strong>\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848<\/strong><\/em><\/p>\n<p><a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">\u8da8\u52e2\u79d1\u6280Deep Security<\/a> \u53ef\u9632\u7bc4\u52d2\u7d22\u75c5\u6bd2\u5165\u4fb5\u4f01\u696d\u7684\u5be6\u9ad4\u3001\u865b\u64ec\u3001\u96f2\u7aef\u6216\u5bb9\u5668\u74b0\u5883\u4e2d\u7684\u4f3a\u670d\u5668\u548c\u5de5\u4f5c\u8ca0\u8f09\u3002<a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">Deep Security<\/a> \u53ef\u85c9\u7531\u5165\u4fb5\u9632\u8b77 (IPS) \u548c\u4e3b\u6a5f\u9632\u706b\u7246\u4f86\u9632\u7bc4\u7db2\u8def\u5a01\u8105\uff0c\u5229\u7528\u865b\u64ec\u4fee\u88dc\u6280\u8853\u4f86\u9632\u5835\u4f3a\u670d\u5668\u6f0f\u6d1e\uff0c\u76f4\u5230\u8edf\u9ad4\u5ee0\u5546\u91cb\u51fa\u4fee\u88dc\u66f4\u65b0\u70ba\u6b62\u3002<a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">Deep Security<\/a> \u7684\u60e1\u610f\u7a0b\u5f0f\u9632\u8b77\u548c\u884c\u70ba\u5206\u6790\u53ef\u9632\u6b62\u5404\u7a2e\u60e1\u610f\u7a0b\u5f0f (\u5305\u62ec\u52d2\u7d22\u75c5\u6bd2) \u9032\u5165\u4f3a\u670d\u5668\uff0c\u5373\u6642\u4e2d\u6b62\u5404\u7a2e\u60e1\u610f\u884c\u70ba\u3002<a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">Deep Security<\/a> \u540c\u6642\u9084\u63d0\u4f9b\u4e86\u7cfb\u7d71\u5c64\u6b21\u7684\u5b89\u5168\u63aa\u65bd\uff0c\u5305\u62ec\u53ef\u9396\u5b9a\u4f3a\u670d\u5668\u7528\u9014\u7684\u61c9\u7528\u7a0b\u5f0f\u63a7\u7ba1\uff0c\u4ee5\u53ca\u53ef\u5075\u6e2c\u6f5b\u5728\u5165\u4fb5\u6307\u6a19 (\u5982\u52d2\u7d22\u75c5\u6bd2) \u7684\u4e00\u81f4\u6027\u76e3\u63a7\u3002<\/p>\n<p><a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/security-risk-management\/deep-discovery\/\">\u8da8\u52e2\u79d1\u6280\u7684Deep Discovery Inspector<\/a>\u5ba2\u6236\u53ef\u900f\u904e\u4ee5\u4e0b DDI \u898f\u5247\u4f86\u9632\u7bc4\u9019\u9805\u5a01\u8105\uff1a<\/p>\n<ul>\n<li>DDI Rule ID 3998 \u2013 \u201cEREBUS \u2013 HTTP (Request)\u201d<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/network\/integrated-atp.html\">TippingPoint<\/a> \u5ba2\u6236\u53ef\u5229\u7528\u4e0b\u5217 ThreatDV \u904e\u6ffe\u689d\u4ef6\u4f86\u9632\u7bc4\u9019\u9805\u5a01\u8105\uff1a<\/p>\n<ul>\n<li>ThreatDV: 28725: HTTP: Erebus Ransomware Check-in<\/li>\n<\/ul>\n<p><a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">\u8da8\u52e2\u79d1\u6280Deep Security<\/a> \u5ba2\u6236\u53ef\u900f\u904e\u4ee5\u4e0b DPI \u898f\u5247\u4f86\u9632\u7bc4\u9019\u9805\u5a01\u8105\uff1a<\/p>\n<ul>\n<li>1008457 \u2013 Ransomware Erebus<\/li>\n<\/ul>\n<p><strong><em>\u5165\u4fb5\u6307\u6a19\u8cc7\u6599\uff1a<\/em><\/strong><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/RANSOM_ELFEREBUS.A\">RANSOM_ELFEREBUS.A<\/a> \u7684 SHA256 \u96dc\u6e4a\u78bc\uff1a<\/p>\n<ul>\n<li>0b7996bca486575be15e68dba7cbd802b1e5f90436ba23f802da66292c8a055f<\/li>\n<li>d889734783273b7158deeae6cf804a6be99c3a5353d94225a4dbe92caf3a3d48<\/li>\n<\/ul>\n<p>\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/erebus-resurfaces-as-linux-ransomware\/\">Erebus Resurfaces as Linux Ransomware<\/a> <strong><em>\u4f5c\u8005<\/em><\/strong><strong><em>\uff1aZiv Chang<\/em><\/strong><strong><em>\u3001<\/em><\/strong><strong><em>Gilbert Sison <\/em><\/strong><strong><em>\u8207<\/em><\/strong><strong><em> Jeanne Jocson<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>6 \u6708 10 \u65e5\uff0c\u5357\u97d3\u7db2\u7ad9\u4ee3\u7ba1\u516c\u53f8 NAYANA \u906d Erebus \u52d2\u7d22\u75c5\u6bd2\u8972\u64ca (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba\uff1aRANSO [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[1268,2266],"tags":[3314,1759,2559,298],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/50474"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50474"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/50474\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}