{"id":51859,"date":"2017-08-26T09:00:32","date_gmt":"2017-08-26T01:00:32","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=51859"},"modified":"2017-08-24T17:15:20","modified_gmt":"2017-08-24T09:15:20","slug":"shadowpad-%e5%be%8c%e9%96%80%e7%a8%8b%e5%bc%8f%e8%97%8f%e5%8c%bf%e5%9c%a8%e4%bc%ba%e6%9c%8d%e5%99%a8%e7%ae%a1%e7%90%86%e8%bb%9f%e9%ab%94%e4%b8%ad","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=51859","title":{"rendered":"ShadowPad \u5f8c\u9580\u7a0b\u5f0f\u85cf\u533f\u5728\u4f3a\u670d\u5668\u7ba1\u7406\u8edf\u9ad4\u4e2d"},"content":{"rendered":"

\u5b89\u5168\u7814\u7a76\u4eba\u54e1\u5728\u7f8e\u570b\u8207\u5357\u97d3\u516c\u53f8 NetSarang \u7684\u4f3a\u670d\u5668\u7ba1\u7406\u7522\u54c1\u5167\u767c\u73fe<\/a>\u5f37\u5927\u7684\u5f8c\u9580\u7a0b\u5f0f:ShadowPad\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70baBKDR_SHADOWPAD.A<\/a>\uff09\uff0c\u5b83\u80fd\u5920\u4e0b\u8f09\u4e26\u57f7\u884c\u5176\u4ed6\u60e1\u610f\u8edf\u9ad4\u53ca\u7aca\u53d6\u8cc7\u6599\u3002<\/p>\n

<\/p>\n

\u53d7\u5f71\u97ff\u7684\u7d44\u7e54\u5305\u62ec\u91d1\u878d\u6a5f\u69cb\u3001\u80fd\u6e90\u548c\u88fd\u85e5\u7b49\u7522\u696d<\/strong><\/p>\n

NetSarang\u7522\u54c1\u5305\u62ec\u7ba1\u7406\u7db2\u8def\u3001\u4f3a\u670d\u5668\u548c\u7cfb\u7d71\u7ba1\u7406\u5de5\u4f5c\u7ad9\u7684\u8edf\u9ad4\u3002\u53d7\u5f71\u97ff\u7684\u7d44\u7e54\u5305\u62ec\u4e86\u91d1\u878d\u6a5f\u69cb\uff08\u5982\u9280\u884c\uff09\u3001\u80fd\u6e90\u548c\u88fd\u85e5\u7b49\u7522\u696d\u3002<\/p>\n

\u6839\u64da\u7814\u7a76\u4eba\u54e1\u7684\u5206\u6790\uff0cShadowPad\u6bcf\u96948\u5c0f\u6642\u9023\u5230\u653b\u64ca\u8005\u6240\u63a7\u5236\u7684\u7279\u5b9a\u7db2\u57df\u4f86\u50b3\u9001\u4e2d\u6bd2\u7cfb\u7d71\u4e0a\u7684\u8cc7\u6599\u3002\u5b83\u4e5f\u88ab\u8a2d\u8a08\u6210\u6703\u6bcf\u6708\u9023\u5230\u4e0d\u540c\u7684\u7db2\u57df\u3002\u5982\u679c\u50b3\u9001\u7d66\u653b\u64ca\u8005\u7684\u8cc7\u6599\u5f15\u8d77\u8208\u8da3\uff0c\u5247\u547d\u4ee4\u8207\u63a7\u5236\uff08C&C\uff09\u4f3a\u670d\u5668\u6703\u53bb\u89f8\u767c\u5f8c\u9580\u7a0b\u5f0f\u4f86\u9001\u5165\u66f4\u591a\u7684\u60e1\u610f\u7a0b\u5f0f\u3002<\/p>\n

ShadowPad\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u88ab\u6ce8\u5165\u5230\u4e00\u500b\u52d5\u614b\u9023\u7d50\u51fd\u5f0f\u5eab\uff08DLL\uff09\u6a94\u6848nssock2.dll\uff0c\u57287\u670817\u65e5\u51fa\u73fe\u5728NetSarang\u7db2\u7ad9\u4e0a\uff0c\u81f3\u4eca\u4ecd\u672a\u88ab\u767c\u73fe\u3002\u53e6\u5916\u503c\u5f97\u6ce8\u610f\u7684\u662fShadowPad\u7684\u96b1\u853d\u7a0b\u5ea6\uff0c\u5305\u62ec\u4e86\u52a0\u5bc6\u5c64\u6578\uff0c\u4e26\u4e14\u5177\u5099\u5206\u7d1a\u6a5f\u5236\u4f86\u963b\u6b62\u5f8c\u9580\u7a0b\u5f0f\u555f\u52d5\uff0c\u9664\u975eC&C\u4f3a\u670d\u5668\u767c\u9001\u7279\u5b9a\u5c01\u5305\u5230\u4e2d\u6bd2\u7cfb\u7d71\u3002<\/p>\n

NetSarang\u5df2\u7d93\u627f\u8a8d<\/a>\u4e86\u6b64\u4e00\u4e8b\u4ef6\uff0c\u4e26\u4e14\u958b\u59cb\u5be6\u65bd\u5c0d\u7b56\uff0c\u4ed6\u5011\u544a\u8a34Ars Technica<\/a>\uff1a\u201c\u6211\u5011\u5efa\u7acb\u4e86\u4e00\u500b\u5168\u65b0\u4e14\u7368\u7acb\u7684\u57fa\u790e\u8a2d\u65bd\u7db2\u8def\uff0c\u6240\u6709\u8981\u88ab\u653e\u5165\u6b64\u65b0\u57fa\u790e\u8a2d\u65bd\u7db2\u8def\u7684\u8a2d\u5099\u90fd\u6703\u5148\u91cd\u65b0\u683c\u5f0f\u5316\u3002\u63a5\u8457\u63a5\u53d7\u6aa2\u67e5\uff0c\u52a0\u5165\u767d\u540d\u55ae\uff0c\u518d\u9010\u6b21\u52a0\u5165\u65b0\u7684\u57fa\u790e\u8a2d\u65bd\u7db2\u8def\u3002\u9019\u904e\u7a0b\u5c07\u9700\u8981\u7d93\u6b77\u5e7e\u500b\u661f\u671f\u7684\u6642\u9593\uff0c\u4f46\u6211\u5011\u9700\u8981\u78ba\u4fdd\u9019\u6a23\u7684\u5165\u4fb5\u4e8b\u4ef6\u4e0d\u6703\u518d\u5728NetSarang\u767c\u751f\u3002\u201c<\/p>\n

 <\/p>\n

\u5408\u6cd5\u8edf\u9ad4\u88ab\u60e1\u610f\u6feb\u7528\u4e0d\u6b62\u4e00\u6a01:<\/strong><\/p>\n

\u6703\u8a08\u8edf\u9ad4\u88ab\u5229\u7528\u6563\u4f48Petya<\/strong>\u52d2\u7d22\u75c5\u6bd2,Mac<\/strong>\u52d2\u7d22\u75c5\u6bd2\u5167\u5d4c\u5230BitTorrent<\/strong>\u5ba2\u6236\u7aef<\/strong><\/p>\n

NetSarang\u8edf\u9ad4\u53ea\u662f\u88ab\u60e1\u610f\u8edf\u9ad4\u6240\u6feb\u7528\u7684\u8af8\u591a\u8edf\u9ad4\u4e4b\u4e00\u3002\u6bd4\u65b9\u8aaa\uff0c\u6709\u5408\u6cd5\u7684\u6703\u8a08\u8edf\u9ad4\u88ab\u5229\u7528<\/a>\u4f86\u6563\u4f48Petya\u52d2\u7d22\u75c5\u6bd2\uff0c\u9084\u6709Mac\u52d2\u7d22\u75c5\u6bd2KeRanger\u88ab\u5167\u5d4c<\/a>\u5230BitTorrent\u5ba2\u6236\u7aef\u3002\u5373\u4f7f\u662f\u5b98\u65b9\u7248\u672c\u7684\u7db2\u8def\u904a\u6232\u4e5f\u88ab\u611f\u67d3\u4e86\u60e1\u540d\u662d\u5f70\u7684PlugX\u5f8c\u9580\u7a0b\u5f0f<\/a>\u3002Mac\u958b\u653e\u539f\u59cb\u78bc\u5f71\u50cf\u8f49\u6a94\u8edf\u9ad4\u7684\u93e1\u50cf\u4e0b\u8f09\u4f3a\u670d\u5668\u4e5f\u88ab\u5165\u4fb5<\/a>\uff0c\u7528\u4f86\u6563\u64adProton\u5f8c\u9580\u7a0b\u5f0f\u3002<\/p>\n

\u6839\u64daNetSarang\u7684\u516c\u544a\uff0c\u4ed6\u5011\u9ad8\u5ea6\u5efa\u8b70\u53d7\u5f71\u97ff\u8edf\u9ad4\u7684\u6240\u6709\u8005\u548c\u7ba1\u7406\u4eba\u54e1\u5b89\u88dd\u66f4\u65b0\u3002\u53d7\u5f71\u97ff\u7684\u7248\u672c\u70ba\uff1a<\/p>\n