{"id":51199,"date":"2017-07-21T17:32:25","date_gmt":"2017-07-21T09:32:25","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=51199"},"modified":"2017-07-21T17:37:38","modified_gmt":"2017-07-21T09:37:38","slug":"promediads%e6%83%a1%e6%84%8f%e5%bb%a3%e5%91%8a%e8%88%87-sundown-pirate%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8a%e5%a5%97%e4%bb%b6%e8%81%af%e6%89%8b%e6%95%a3%e6%92%ad%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=51199","title":{"rendered":"ProMediads\u60e1\u610f\u5ee3\u544a\u8207 Sundown-Pirate\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u806f\u624b,\u6563\u64ad\u52d2\u7d22\u75c5\u6bd2\u548c\u8cc7\u6599\u7aca\u53d6\u75c5\u6bd2"},"content":{"rendered":"

\u8da8\u52e2\u79d1\u6280<\/a>\u767c\u73fe\u4e00\u500b\u65b0\u7684\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u6703\u900f\u904e \u201cProMediads\u201d\u7684\u60e1\u610f\u5ee3\u544a\u6d3b\u52d5\u6563\u64ad\u3002\u6211\u5011\u5c07\u9019\u65b0\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u7a31\u70ba\u201cSundown Pirate\u201d\uff0c\u9867\u540d\u601d\u7fa9\u5b83\u7684\u78ba\u662f\u76dc\u7248\u81ea\u5176\u524d\u8f29\uff0c\u9019\u540d\u5b57\u540c\u6642\u4e5f\u4f86\u81ea\u65bc\u5176\u63a7\u5236\u53f0\u3002<\/p>\n

ProMediads\u65e9\u57282016\u5e74\u5c31\u958b\u59cb\u6d3b\u52d5\uff0c\u6703\u5229\u7528Rig\u548cSundown\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u4f86\u6563\u64ad\u60e1\u610f\u8edf\u9ad4\u3002\u5b83\u5728\u4eca\u5e742\u6708\u4e2d\u8b8a\u5f97\u6c92\u90a3\u9ebc\u6d3b\u8e8d\uff0c\u4f46\u57286\u670816\u65e5\u53c8\u900f\u904eRig\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u5192\u51fa\u4f86\u3002\u4e0d\u904e\uff0c\u6211\u5011\u6ce8\u610f\u5230ProMediads\u60e1\u610f\u5ee3\u544a\u6d3b\u52d5\u57286\u670825\u65e5\u4e0d\u518d\u4f7f\u7528Rig\u800c\u6539\u9078\u64c7\u4e86Sundown-Pirate\u3002<\/p>\n

\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u8fc4\u4eca\u53ea\u6709ProMediads\u6703\u4f7f\u7528Sundown-Pirate\u3002\u9019\u53ef\u80fd\u4ee3\u8868Sundown-Pirate\u662f\u5c08\u7528\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\uff0c\u5c31\u8ddfGreenFlash Sundown<\/a>\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u4e5f\u53ea\u88ab\u7528\u5728ShadowGate\u653b\u64ca\u6d3b\u52d5\u4e00\u6a23\u3002<\/p>\n

\u6211\u5011\u7684\u5206\u6790\u548c\u76e3\u6e2c\u986f\u793a\uff0cSundown-Pirate\u501f\u7528\u4e86\u524d\u8f29Hunter\u548cTerror\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u7684\u7a0b\u5f0f\u78bc\u3002\u4f46\u5176JavaScript\u7684\u6df7\u6dc6\u6a21\u5f0f\u8207Sundown\u76f8\u4f3c\u3002\u9019\u6a23\u6df7\u5408\u7684\u80fd\u529b\u8b93\u6211\u5011\u8a8d\u70ba\u5b83\u662f\u65b0\u7684\u54c1\u7a2e\u3002<\/p>\n

\"\u57161\uff1aProMediads\u7684\u5f8c\u7aef\u63a7\u5236\u53f0\u51fa\u73fe
\u57161\uff1aProMediads\u7684\u5f8c\u7aef\u63a7\u5236\u53f0\u51fa\u73fe \u201cPirateAds \u2013 Avalanche Group\u201d\u7684\u767b\u9304\u63d0\u793a\u3002<\/figcaption><\/figure>\n

 <\/p>\n

\u00a0<\/em><\/p>\n

\"\u57162\uff1aProMediads\u60e1\u610f\u5ee3\u544a\u7bc4\u4f8b\"
\u57162\uff1aProMediads\u60e1\u610f\u5ee3\u544a\u7bc4\u4f8b<\/figcaption><\/figure>\n

\u00a0<\/em><\/p>\n

\u6bad\u5c4d\u7db2\u8def \/<\/em><\/strong>\u8cc7\u6599\u7aca\u53d6\u75c5\u6bd2\u548c PoS<\/em><\/strong>\u60e1\u610f\u8edf\u9ad4\u5230\u52d2\u7d22\u75c5\u6bd2<\/em><\/strong><\/p>\n

ProMediads\u60e1\u610f\u5ee3\u544a\u5229\u7528Sundown-Pirate\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6,\u8b93\u53d7\u5bb3\u8005\u96fb\u8166\u611f\u67d3\u5404\u7a2e\u60e1\u610f\u8edf\u9ad4\u3002\u4f8b\u5982\u57286\u670825\u65e5\uff0cSundown-Pirate\u6703\u690d\u5165Trojan SmokeLoader\uff08TROJ_SMOKELOAD.A\uff09\uff0c\u5b83\u6703\u5b89\u88dd\u8cc7\u6599\u7aca\u53d6\u6bad\u5c4d\u7db2\u8def\u611f\u67d3\u75c5\u6bd2Zyklon\uff08TSPY_ZYKLON.C\uff09\u3002<\/p>\n

\u76f4\u52307\u670812\u65e5\uff0c\u9019\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u8b8a\u6210\u6563\u64ad\u7aef\u9ede\u92b7\u552e\uff08PoS\uff09\u60e1\u610f\u8edf\u9ad4LockPOS\u3002LockPOS\u56e0\u70baFlokibot\u653b\u64ca\u6d3b\u52d5\u800c\u77e5\u540d\uff0c\u662f\u53e6\u4e00\u500b\u91dd\u5c0d\u92b7\u552e\u7aef\u9ede\/\u4fe1\u7528\u5361\u8cc7\u6599\u7684\u60e1\u610f\u5a01\u8105\u3002<\/p>\n

\u6211\u5011\u9084\u767c\u73feSundown-Pirate\u6563\u64ad\u7684LockPOS\u5e36\u6709\u984d\u5916\u7684\u6578\u4f4d\u8ca8\u5e63\u63a1\u7926<\/a>\u8edf\u9ad4CPUMiner-Multi<\/em>\u3002\u6211\u5011\u4e0d\u8a8d\u70baCPUMiner\u662f\u60f3\u8981\u91dd\u5c0dPoS\u7cfb\u7d71\uff1b\u5b83\u53ea\u662f\u5229\u7528LockPOS\u4f5c\u70ba\u8f09\u9ad4\u6216\u7ba1\u9053\u4f86\u5c07\u4e2d\u6bd2\u7cfb\u7d71\u8b8a\u6210\u63a1\u7926\u6a5f\u5668\u3002LockPOS\u6703\u8b8a\u6210\u96b1\u85cf\u5f8c\u9580\u4f86\u5f9e\u5176C&C\u4f3a\u670d\u5668\u53d6\u5f97\u6bad\u5c4d\u7db2\u8def\u4e3b\u4eba\u7684\u5176\u4ed6\u547d\u4ee4\u3002<\/p>\n

\u57287\u670813\u65e5\uff0cSundown-Pirate\u958b\u59cb\u690d\u5165Stampado\u52d2\u7d22\u75c5\u6bd2<\/a>\uff08RANSOM_STAMPADO.K\uff09\u3002<\/p>\n

\"\u57163\uff1aSundown-Pirate\u57282017\u5e747\u670812\u65e5\u6563\u64adLockPOS\"
\u57163\uff1aSundown-Pirate\u57282017\u5e747\u670812\u65e5\u6563\u64adLockPOS<\/figcaption><\/figure>\n

 <\/p>\n

\"\u57164\uff1aLockPOS\u4e0b\u8f09CPUMiner\u4e26\u6ce8\u5165\u4e00\u500bexplorer\u7a0b\u5e8f\"
\u57164\uff1aLockPOS\u4e0b\u8f09CPUMiner\u4e26\u6ce8\u5165\u4e00\u500bexplorer\u7a0b\u5e8f<\/figcaption><\/figure>\n

 <\/p>\n

 <\/p>\n

ProMediads<\/em><\/strong>\uff0cSmokeLoader<\/em><\/strong>\u548c Flokibot\/LockPOS<\/em><\/strong>\uff1a\u6c92\u6709\u7375\u7269\u5c31\u6c92\u6709\u5831\u916c\uff1f<\/em><\/strong><\/p>\n

\u81ea2016\u5e74\u4ee5\u4f86\uff0c ProMediads\u5229\u7528\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u6563\u64adSmokeLoader\u6bad\u5c4d\u7db2\u8def\uff0c\u5f8c\u8005\u88ab\u8a8d\u70ba\u8207ProMediads\u904b\u4f5c\u8005\u95dc\u4fc2\u5bc6\u5207\u3002\u800c\u6700\u8fd1\uff0c\u6bad\u5c4d\u7db2\u8def\u958b\u59cb\u90e8\u7f72\u8207Sundown-Pirate\u76f8\u540c\u7684LockPOS\u8b8a\u7a2e\u3002<\/p>\n

kafeine\u57282016\u5e748\u6708\u5206\u4eab\u5230\uff0cProMediads\u904b\u4f5c\u8005\u6703\u6563\u64adFlokibot\uff08\u5b83\u57282016\u5e749\u6708\u65bc\u5730\u4e0b\u8ad6\u58c7\u8ca9\u8ce3\u524d\uff09\u3002Flokibot\u653b\u64ca\u6d3b\u52d5\u548cProMediads\u73fe\u5728\u90fd\u6703\u6563\u64adLockPOS\u3002\u9019\u4e9b\u95dc\u806f\u4f3c\u4e4e\u6703\u53d7\u5230\u9019\u4e9b\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u9593\u95dc\u4fc2\u7684\u5f71\u97ff \u2013 \u81f3\u5c11\u5728\u60e1\u610f\u8edf\u9ad4\u65b9\u9762\u662f\u5982\u6b64\u3002<\/p>\n

\"\u57165\uff1aProMediads\u57282017\u5e741\u670824\u65e5\u6563\u64adSmokeLoader\"
\u57165\uff1aProMediads\u57282017\u5e741\u670824\u65e5\u6563\u64adSmokeLoader<\/figcaption><\/figure>\n

 <\/p>\n

 <\/p>\n

\"\u57166\uff1aSmokeLoader\u6bad\u5c4d\u7db2\u8def\u57282017\u5e747\u6708\u4e2d\u524d\u6703\u5b89\u88ddLockPOS\"
\u57166\uff1aSmokeLoader\u6bad\u5c4d\u7db2\u8def\u57282017\u5e747\u6708\u4e2d\u524d\u6703\u5b89\u88ddLockPOS<\/figcaption><\/figure>\n

 <\/p>\n

 <\/p>\n

\u65b0\u74f6\u88dd\u820a\u9152\uff1f<\/em><\/strong><\/p>\n

Sundown-Pirate\u4f7f\u7528\u4e86\u4e09\u500bIE\u700f\u89bd\u5668\u6f0f\u6d1e\u8ddf\u4e00\u500bFlash\u6f0f\u6d1e\uff1a<\/p>\n