{"id":53784,"date":"2017-12-28T09:00:09","date_gmt":"2017-12-28T01:00:09","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=53784"},"modified":"2017-12-28T18:25:01","modified_gmt":"2017-12-28T10:25:01","slug":"%e5%89%96%e6%9e%90atm%e6%83%a1%e6%84%8f%e8%bb%9f%e9%ab%94%e5%ae%b6%e6%97%8f-prilex%e5%92%8ccutlet-maker","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=53784","title":{"rendered":"\u5256\u6790ATM\u60e1\u610f\u8edf\u9ad4\u5bb6\u65cf: PRILEX\u548cCUTLET MAKER"},"content":{"rendered":"<p>\u9577\u6642\u9593\u4ee5\u4f86\u8da8\u52e2\u79d1\u6280\u90fd\u5728\u81f4\u529b\u65bc<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/shift-in-atm-malware-landscape-to-network-based-attacks\">\u7814\u7a76ATM\u60e1\u610f\u8edf\u9ad4<\/a>\uff0c\u7279\u5225\u662f\u90a3\u4e9b\u80fd\u5920\u79d8\u5bc6\u91dd\u5c0d\u9280\u884c\u5ba2\u6236\u7684\u65b0\u75c5\u6bd2\u5bb6\u65cf\u3002\u5728\u672c\u6587\u88e1\uff0c\u6211\u5011\u5c07\u6703\u4ecb\u7d39\u6700\u8fd1\u5169\u500b\u503c\u5f97\u6ce8\u610f\u7684\u60e1\u610f\u8edf\u9ad4\uff1aPrilex\u548cCutlet Maker\u3002\u5b83\u5011\u90fd\u6709\u7279\u5225\u5438\u5f15\u4eba\u7684\u5730\u65b9\uff0c\u4e0d\u904e\u662f\u4e0d\u540c\u7684\u539f\u56e0\u3002<\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2016\/12\/banner-alice-atm-malware.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-40128\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2016\/12\/banner-alice-atm-malware.jpg\" alt=\"\" width=\"620\" height=\"290\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2016\/12\/banner-alice-atm-malware.jpg 620w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2016\/12\/banner-alice-atm-malware-300x140.jpg 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2016\/12\/banner-alice-atm-malware-600x281.jpg 600w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2016\/12\/banner-alice-atm-malware-30x14.jpg 30w\" sizes=\"(max-width: 620px) 100vw, 620px\" \/><\/a><\/p>\n<p><strong><em>PRILEX \u2013 <\/em><\/strong><strong><em>\u4e00\u7a2e\u6703\u52ab\u6301\u9280\u884c\u61c9\u7528\u7a0b\u5f0f\u7684\u9ad8\u5ea6\u91dd\u5c0d\u6027\u60e1\u610f\u8edf\u9ad4<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u5982\u679c\u653b\u64ca\u8005\u77e5\u9053\u95dc\u65bc\u7279\u5b9a\u81ea\u52d5\u63d0\u6b3e\u6a5f\u7684\u4e00\u5207\uff0c\u90a3\u9ebc\u9019\u8d77<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=14753\">\u91dd\u5c0d\u6027\u653b\u64ca\/\u9396\u5b9a\u76ee\u6a19\u653b\u64ca(Targeted attack )<\/a>\u6703\u767c\u751f\u4ec0\u9ebc\u4e8b\uff1f<\/p>\n<p>Prilex\u60e1\u610f\u8edf\u9ad4\u6703\u7aca\u53d6\u53d7\u611f\u67d3ATM\u4f7f\u7528\u8005\u7684\u8cc7\u8a0a\u3002\u672c\u8d77\u6848\u4f8b\u4f86\u81ea\u4e00\u5bb6\u5df4\u897f\u9280\u884c\uff0c\u4f46\u60f3\u60f3\u770b\u5230\u9019\u985e\u653b\u64ca\u5982\u679c\u51fa\u73fe\u5728\u4f60\u7684\u5730\u5340\uff0c\u7121\u8ad6\u4f60\u662f\u5ba2\u6236\u9084\u662f\u9280\u884c\u90fd\u6703\u906d\u53d7\u5f71\u97ff\u3002<\/p>\n<p>\u9019\u500b\u88ab\u7a31\u70baPrilex\u7684\u60e1\u610f\u8edf\u9ad4\u5bb6\u65cf\u57282017\u5e7410\u6708<a href=\"https:\/\/threatpost.com\/latin-american-atm-thieves-turning-to-hacking\/128289\/\">\u9996\u6b21<\/a>\u7531\u88ab\u901a\u5831\u3002\u6211\u5011\u89e3\u6790\u4e86\u9019\u500b\u60e1\u610f\u8edf\u9ad4\u4e26\u767c\u73fe\u4e00\u4e9b\u4e0d\u5c0b\u5e38\u7684\u6771\u897f\uff1a\u5b83\u6703\u639b\u9264\u67d0\u4e9b\u52d5\u614b\u9023\u7d50\u7a0b\u5f0f\u5eab\uff08DLL\uff09\uff0c\u7528\u81ea\u5df1\u7684\u61c9\u7528\u7a0b\u5f0f\u756b\u9762\u4f86\u53d6\u4ee3\u5225\u4eba\u7684\u3002\u5b83\u6240\u5f71\u97ff\u7684\u5916\u90e8DLL\u5305\u62ec\uff1a<\/p>\n<ul>\n<li><em>dll<\/em><\/li>\n<li><em>dll<\/em><\/li>\n<li><em>dll<\/em><\/li>\n<\/ul>\n<p>\u6211\u5011\u5728\u7db2\u8def\u4e0a\u641c\u5c0b\u9019\u4e9bDLL\uff0c\u4f46\u7121\u6cd5\u627e\u5230\u4efb\u4f55\u76f8\u95dc\u8cc7\u8a0a\u3002\u9451\u65bc\u9019\u60e1\u610f\u8edf\u9ad4\u5167\u7684\u5b57\u4e32\u5168\u662f\u8461\u8404\u7259\u6587\uff0c\u6211\u5011\u8a62\u554f\u4e86\u6211\u5011\u5728\u8a72\u5730\u5340\u7684\u9280\u884c\u806f\u7d61\u4eba\u3002\u6211\u5011\u767c\u73fe\u90a3\u4e9bDLL\u5c6c\u65bc\u90a3\u88e1\u9280\u884c\u7684ATM\u61c9\u7528\u7a0b\u5f0f\u3002\u9019\u6210\u70ba\u4e86\u9ad8\u5ea6\u91dd\u5c0d\u6027\u7684\u653b\u64ca\u3002\u6700\u91cd\u8981\u7684\u662f\uff0c\u60e1\u610f\u8edf\u9ad4\u53ea\u5f71\u97ff\u7279\u5b9a\u5ee0\u724c\u7684ATM\uff0c\u9019\u4ee3\u8868\u653b\u64ca\u8005\u53ef\u80fd\u5c0d\u5176\u9032\u884c\u5206\u6790\u4e26\u88fd\u4f5c\u5ba2\u88fd\u5316\u7684\u653b\u64ca\u3002<\/p>\n<p>\u653b\u64ca\u65b9\u5f0f\u5f88\u7c21\u55ae\u3002\u4e00\u65e6\u6a5f\u5668\u53d7\u5230\u611f\u67d3\uff0c\u60e1\u610f\u8edf\u9ad4\u6703\u8207\u9280\u884c\u61c9\u7528\u7a0b\u5f0f\u4e00\u8d77\u57f7\u884c\uff0c\u5728\u87a2\u5e55\u51fa\u73fe\u8a62\u554f\u4f7f\u7528\u8005\u5e33\u865f\u5b89\u5168\u78bc\u6642\u7528\u81ea\u5df1\u7684\u756b\u9762\u52a0\u4ee5\u66ff\u63db\u3002\u6b64\u5b89\u5168\u78bc\u662f\u5728\u5df4\u897f\u5e38\u898b\u65bc\u4fdd\u8b77ATM\u548c\u7dda\u4e0a\u4ea4\u6613\u7684\u96d9\u56e0\u5b50\u8a8d\u8b49\u65b9\u5f0f\u3002\u4e00\u65e6\u4f7f\u7528\u8005\u8f38\u5165\u6b64\u5b89\u5168\u78bc\uff0c\u60e1\u610f\u8edf\u9ad4\u6703\u64f7\u53d6\u4e26\u52a0\u4ee5\u5132\u5b58\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/12\/ATMmalware_Prilex-.jpg\" alt=\"Figure1:Display screen asking for account security code\" \/><\/p>\n<p><em>\u57161<\/em><em>\u3001\u87a2\u5e55\u986f\u793a\u8a62\u554f\u5e33\u865f\u5b89\u5168\u78bc<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u8da8\u52e2\u79d1\u6280\u91dd\u5c0d\u7a0b\u5f0f\u78bc\u9032\u884c\u5206\u6790\u5f8c\u767c\u73fe\u5728\u7aca\u53d6\u8cc7\u6599\u5f8c\u51fa\u73fe\u4e86\u6709\u610f\u601d\u7684\u4e8b\u60c5\uff1a\u60e1\u610f\u8edf\u9ad4\u5617\u8a66\u8207\u9060\u7aef\u547d\u4ee4\u548c\u63a7\u5236\uff08C&amp;C\uff09\u4f3a\u670d\u5668\u9032\u884c\u901a\u8a0a\uff0c\u4e26\u4e0a\u50b3\u4fe1\u7528\u5361\u8cc7\u6599\u548c\u5e33\u865f\u5b89\u5168\u78bc\u3002\u64da\u6211\u5011\u6240\u77e5\uff0c\u9019\u662f\u7b2c\u4e00\u500b\u5047\u5b9a\u81ea\u5df1\u9023\u5230\u7db2\u969b\u7db2\u8def\u7684ATM\u60e1\u610f\u8edf\u9ad4\u3002\u7531\u65bc\u653b\u64ca\u8005\u4f3c\u4e4e\u5c0d\u9019\u5bb6\u9280\u884c\u7684\u4f5c\u6cd5\u548c\u6d41\u7a0b\u975e\u5e38\u719f\u6089\uff0c\u6240\u4ee5\u9019\u9280\u884c\u7684ATM\u5f88\u53ef\u80fd\u6709\u9023\u7dda\u3002<!--more--><\/p>\n<p>\u9019\u662f\u5c11\u6578\u8a2d\u8a08\u6210\u7aca\u53d6\u4f7f\u7528\u8005\u8cc7\u6599\u7684ATM\u653b\u64ca\u4e4b\u4e00\uff0c\u800c\u4e0d\u53ea\u662f\u8981\u8b93\u63d0\u6b3e\u6a5f\u5410\u9214\u3002\u9019\u7a2e\u653b\u64ca\u7684\u80cc\u5f8c\u5f88\u53ef\u80fd\u662f\u8655\u7406\u5927\u91cf\u4fe1\u7528\u5361\u6191\u8b49\u4e26\u901a\u904e\u5176\u4ed6\u65b9\u5f0f\u9032\u884c\u8ca8\u5e63\u5316\u7684\u72af\u7f6a\u96c6\u5718\u3002Prilex\u662f\u91dd\u5c0d\u5df4\u897f\u9280\u884c\u7684\u8d85\u7d1a\u91dd\u5c0d\u6027\u653b\u64ca\u3002\u6240\u4ee5\u6211\u5011\u4e26\u4e0d\u5e0c\u671b\u5b83\u51fa\u73fe\u5728\u5176\u4ed6\u5730\u65b9\u3002<\/p>\n<p>\u4f46\u5f9ePrilex\u53ef\u4ee5\u5b78\u5230\u4e00\u4e9b\u66f4\u52a0\u91cd\u8981\u7684\u6771\u897f\u3002\u4efb\u4f55\u4e00\u5bb6\u9280\u884c\u90fd\u53ef\u80fd\u88ab\u72af\u7f6a\u4efd\u5b50\u7814\u7a76\u81ea\u5df1\u7684\u4f5c\u6cd5\u548c\u6d41\u7a0b\uff0c\u7136\u5f8c\u7528\u65bc\u9ad8\u5ea6\u91dd\u5c0d\u6027\u7684\u653b\u64ca\u3002\u9019\u5f88\u503c\u5f97\u95dc\u5fc3\uff0c\u5982\u679c\u4f60\u60f3\u4fdd\u885b\u4f60\u7684ATM\u57fa\u790e\u8a2d\u65bd\uff0c\u90a3\u6709\u4e9b\u6771\u897f\u5fc5\u9808\u770b\u4e00\u770b\u3002\u76f4\u63a5\u8b93\u63d0\u6b3e\u6a5f\u5410\u9214\u5f88\u5feb\u5c31\u6703\u60e1\u540d\u9060\u64ad\uff0c\u4f46\u50cf\u9019\u6a23\u7684\u6c89\u9ed8\u5f0f\u653b\u64ca\u53ef\u80fd\u6703\u88ab\u5ffd\u7565\u5e7e\u500b\u6708\u751a\u81f3\u5e7e\u5e74\u3002\u6211\u5011\u8a8d\u70ba\u5728\u4eca\u65e5\u5fc5\u9808\u8981\u5f37\u5236\u8a2d\u5b9a\u76e3\u63a7\u5de5\u5177\u548c\u4fdd\u8b77\u63aa\u65bd\u3002<\/p>\n<p>\u91dd\u5c0d\u6027\u60e1\u610f\u8edf\u9ad4\u53ef\u80fd\u9700\u8981\u82b1\u8cbb\u5927\u91cf\u6642\u9593\u548c\u8cc7\u6e90\u958b\u767c\u3002\u9019\u8868\u793a\u5728\u4eca\u65e5\u7684\u4e16\u754c\uff0c\u72af\u7f6a\u5206\u5b50\u8a8d\u70ba\u9019\u662f\u503c\u5f97\u7684\u6295\u8cc7\u3002\u9280\u884c\u88ab\u8996\u70ba\u56fa\u82e5\u91d1\u6e6f\u7684\u65e5\u5b50\u5df2\u7d93\u4e0d\u5728 \u2013 \u73fe\u5728\u5b83\u5011\u53ea\u662f\u6d77\u4e2d\u6700\u5927\u7684\u90a3\u689d\u9b5a\u3002\u8981\u6bba\u6b7b\u9be8\u9b5a\u4e26\u4e0d\u5bb9\u6613\uff0c\u4f46\u662f\u6709\u53ef\u80fd\u7684 \u2013 \u9019\u6a23\u505a\u53ef\u4ee5\u8b93\u653b\u64ca\u8005\u5403\u5f88\u4e45\u3002<\/p>\n<p>\u95dc\u65bcPrilex\u7684\u91cd\u9ede\uff1a<\/p>\n<ul>\n<li>Prilex\u52ab\u6301\u9280\u884c\u61c9\u7528\u7a0b\u5f0f\u3002<\/li>\n<li>Prilex\u64f7\u53d6\u4f7f\u7528\u8005\u8f38\u5165\u548c\u5361\u7247\u8cc7\u8a0a\u4e26\u5c07\u5176\u50b3\u9001\u5230C&amp;C\u4f3a\u670d\u5668\u3002<\/li>\n<li>Prilex\u5c08\u9580\u91dd\u5c0d\u4e00\u5bb6\u5df4\u897f\u9280\u884c\u3002<\/li>\n<li>\u72af\u7f6a\u5206\u5b50\u5df2\u7d93\u6df1\u5165\u5206\u6790\u4e86\u76ee\u6a19ATM\u3002<\/li>\n<li>Prilex\u7528Visual Basic 6.0\uff08VB6\uff09\u7de8\u5beb\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><em>CUTLET MAKER &#8211; <\/em><\/strong><strong><em>\u5730\u4e0b\u5e02\u5834\u6240\u63d0\u4f9b\u7684ATM<\/em><\/strong><strong><em>\u60e1\u610f\u8edf\u9ad4<\/em><\/strong><\/p>\n<p>Cutlet Maker\u662f\u8a2d\u8a08\u4f86\u6e05\u7a7a\u63d0\u6b3e\u6a5f\u5167\u6240\u6709\u9214\u7968\u7684ATM\u60e1\u610f\u8edf\u9ad4\u3002\u6709\u8da3\u7684\u662f\uff0c\u96d6\u7136\u5b83\u7684\u4f5c\u8005\u5728\u9032\u884c\u5ba3\u50b3\u92b7\u552e\uff0c\u4f46\u4ed6\u5011\u7684\u7af6\u722d\u5c0d\u624b\u5df2\u7d93\u7834\u89e3\u4e86\u9019\u500b\u7a0b\u5f0f\uff0c\u8b93\u4efb\u4f55\u4eba\u90fd\u80fd\u5920\u514d\u8cbb\u4f7f\u7528\u3002<\/p>\n<p>\u6211\u5011\u4ee5\u524d\u5c31\u770b\u904e<a href=\"https :\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/alice-lightweight-compact-no-nonsense-atm-malware\/\">\u9019\u7a2eATM\u60e1\u610f\u8edf\u9ad4<\/a>\uff0c\u5b83\u6709\u4ec0\u9ebc\u7279\u5225\uff1f\u5f9e\u6280\u8853\u4e0a\u4f86\u8aaa\uff0c\u9019\u662f\u4e00\u500b\u5e36\u8457\u6709\u8da3\u4ecb\u9762\u7684\u666e\u901a\u7a0b\u5f0f\u3002\u5be6\u969b\u4e0a\uff0cCutlet Maker\u88ab\u8a2d\u8a08\u6210\u5f9eUSB\u96a8\u8eab\u789f\u57f7\u884c\u3002\u958b\u767c\u7684\u72af\u7f6a\u4efd\u5b50\u5728<a href=\"https:\/\/www.youtube.com\/watch?v=T3a8VgPpM90\">\u5f71\u7247<\/a>\u4e2d\u5ba3\u50b3\u6b64\u4e00\u7279\u6b8a\u529f\u80fd\uff0c\u53ea\u9700\u8981\u6253\u958b\u4e00\u500bATM\u6a5f\u5668\uff0c\u627e\u5230USB\u7aef\u53e3\uff0c\u9023\u63a5\u96a8\u8eab\u789f\u548c\u5916\u63a5\u9375\u76e4\u3002\u4e4b\u5f8c\u5c31\u53ef\u4ee5\u57f7\u884c\u7a0b\u5f0f\u3002\u4f46\u9084\u6709\u66f4\u591a\u5176\u4ed6\u7684\u3002<\/p>\n<p>\u7576<a href=\"https:\/\/securelist.com\/atm-malware-is-being-sold-on-darknet-market\/81871\/\">\u6b64\u6545\u4e8b\u9996\u6b21\u5728\u5a92\u9ad4\u4e0a\u7206\u51fa<\/a>\u6642\uff0c\u6b64\u670d\u52d9\u7684\u50f9\u683c\u5f88\u9ad8\u3002\u5c0d\u72af\u7f6a\u4efd\u5b50\u4f86\u8aaa\u91cd\u9ede\u662f\u4fdd\u8b77\u5410\u9214\u529f\u80fd\u7684\u4f7f\u7528\uff0c\u597d\u8b93\u4ed6\u5011\u7684\u5546\u696d\u8a08\u5283\u53ef\u4ee5\u6301\u7e8c\u4e0b\u53bb\u3002\u7562\u7adf\uff0c\u5982\u679c\u53ef\u4ee5\u7121\u9650\u5236\u4f7f\u7528\u5410\u9214\u529f\u80fd\u6703\u5f71\u97ff\u5230\u72af\u7f6a\u5206\u5b50\u7684\u6536\u5165\u3002<\/p>\n<p>\u6bcf\u6b21\u57f7\u884c\u7a0b\u5f0f\u90fd\u6703\u5efa\u7acb\u4e26\u986f\u793a\u4e00\u500b\u4ee3\u78bc\u3002\u4f7f\u7528\u8005\u5fc5\u9808\u806f\u7d61\u958b\u767c\u8005\u4e26\u63d0\u4f9b\u6b64\u4ee3\u78bc\u3002\u958b\u767c\u8005\u5728\u6536\u5230\u9322\u5f8c\u6703\u63d0\u4f9b\u89e3\u9396\u5410\u9214\u529f\u80fd\u7684\u8a31\u53ef\u78bc\u3002\u6c92\u4ed8\u9322\u5c31\u4e0d\u5410\u9214\u3002\u6bcf\u6b21\u8981\u5c0d\u4e0d\u540c\u7684ATM\u6a5f\u4f7f\u7528Cutlet Maker\u6642\u90fd\u6703\u51fa\u73fe\u6b64\u60c5\u6cc1\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2017\/12\/ATMmalware_Cutlet_Maker.jpg\" alt=\"Figure2:Cutlet Maker being offered on the deep web\" \/><\/p>\n<p><em>\u57162<\/em><em>\u3001\u5728\u6df1\u7db2\u63d0\u4f9b\u7684Cutlet Maker<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u4ed4\u7d30\u6aa2\u67e5\u6703\u767c\u73fe\u8a31\u53ef\u78bc\u4e26\u975e\u57fa\u65bc\u6642\u9593\uff0c\u53ea\u662f\u7a2e\u6f14\u7b97\u6cd5\u3002\u4e5f\u5c31\u662f\u8aaa\u76f8\u540c\u7684\u8f38\u5165\u6703\u7522\u751f\u76f8\u540c\u7684\u8f38\u51fa\u3002\u6709\u4e9b\u5176\u4ed6\u72af\u7f6a\u4efd\u5b50\u767c\u73fe\u4e86\u9019\u4e00\u9ede\uff0c\u88fd\u4f5c\u4e86\u6703\u81ea\u52d5\u8a08\u7b97\u50b3\u56de\u78bc\u7684\u8a31\u53ef\u78bc\u7522\u751f\u5668\u3002\u9019\u53ef\u4ee5\u5728\u7db2\u8def\u4e0a\u53d6\u5f97\u4e5f\u76f8\u5c0d\u5bb9\u6613\u627e\u5230\u3002\u9019\u4ee3\u8868\u4efb\u4f55\u4eba\u73fe\u5728\u90fd\u53ef\u4ee5\u653b\u64ca\u81ea\u52d5\u63d0\u6b3e\u6a5f\u800c\u4e0d\u5fc5\u518d\u70ba\u7a0b\u5f0f\u4ed8\u9322 \u2013 \u53ea\u8981\u627e\u5230\u5177\u5099\u53ef\u4f9b\u5b58\u53d6USB\u7aef\u53e3\u7684ATM\u3002<\/p>\n<p>\u5f9e\u6280\u8853\u4e0a\u4f86\u8aaa\uff0c\u9019\u60e1\u610f\u8edf\u9ad4\u4e26\u4e0d\u5fa9\u96dc\u3002\u53ea\u7528Diebold Nixdorf DLL\uff08<em>CSCWCNG.dll<\/em>\uff09\u4f86\u9001\u547d\u4ee4\u7d66ATM\u7684\u767c\u9214\u5143\u4ef6\u3002<\/p>\n<p>\u5176\u4ed6\u72af\u7f6a\u5206\u5b50\u5df2\u7d93\u958b\u59cb\u51fa\u552e\u6b64\u7248\u672c\u7684\u5de5\u5177\u4ee5\u53ca\u8ddf\u539f\u59cb\u958b\u767c\u8005\u6bd4\u8d77\u4f86\u4fbf\u5b9c\u8a31\u591a\u7684\u8a31\u53ef\u78bc\u7522\u751f\u5668\u3002\u770b\u4f86\u76dc\u8cca\u4e4b\u9593\u662f\u6c92\u6709\u4fe1\u8b7d\u53ef\u8a00\u3002<\/p>\n<p>\u5230\u76ee\u524d\u70ba\u6b62\uff0c\u539f\u672c\u7684\u958b\u767c\u8005\u770b\u4f86\u6c92\u6709\u4efb\u4f55\u53cd\u61c9\u3002\u4e26\u6c92\u6709\u88fd\u4f5c\u4f7f\u7528\u4e0d\u540c\u8a31\u53ef\u78bc\u6f14\u7b97\u6cd5\u7684\u65b0\u201c\u6539\u9032\u201d\u7248\u672c\uff0c\u800c\u53ea\u662f\u9ed8\u9ed8\u5730\u5e0c\u671b\u5176\u4ed6\u4eba\u4e0d\u8981\u767c\u73fe\u4ed6\u5011\u7684\u7af6\u722d\u5c0d\u624b\u3002<\/p>\n<p>\u201cCutlet Maker\u201d\u7684\u7372\u5229\u65b9\u5f0f\u4f3c\u4e4e\u662f\u9019\u6a23\uff1a\u201c\u6436\u52ab\u81ea\u52d5\u63d0\u6b3e\u6a5f\u6709\u5229\u53ef\u5716\u3002\u76dc\u7248\u8edf\u9ad4\u6709\u5229\u53ef\u5716\u3002\u5169\u4ef6\u90fd\u505a\u53ef\u4ee5\u8cfa\u96d9\u500d\u201c\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><em>Cutlet Maker<\/em><em>\u7684\u91cd\u9ede\uff1a<\/em><\/p>\n<ul>\n<li>Cutlet Maker\u662f\u500b\u80fd\u5920\u6e05\u7a7aATM\u7684\u55ae\u4e00\u4e14\u6709\u5f48\u6027\u7684\u61c9\u7528\u7a0b\u5f0f\u3002<\/li>\n<li>Cutlet Maker\u88ab\u8a2d\u8a08\u5f9eUSB\u96a8\u8eab\u789f\u57f7\u884c\u3002\u6280\u8853\u4e0a\u4f86\u8aaa\u4e0d\u6703\u611f\u67d3ATM\u3002<\/li>\n<li>Cutlet Maker\u5728\u4fc4\u7f85\u65af\u5730\u4e0b\u5e02\u5834\u4ee5\u8a08\u6b21\u4f7f\u7528\u65b9\u5f0f\u8ca9\u8ce3\u3002<\/li>\n<li>\u8a31\u53ef\u78bc\u662f\u900f\u904e\u6f14\u7b97\u6cd5\u3002\u7cfb\u7d71\u6bcf\u6b21\u57f7\u884c\u90fd\u6703\u7522\u751f\u4e00\u500b\u6578\u5b57\u3002\u7136\u5f8c\u4f7f\u7528\u8005\u5728\u7db2\u7ad9\u4e0a\u70ba\u8a72\u6b21\u57f7\u884c\u8a02\u8cfc\u8a31\u53ef\u78bc\u3002<\/li>\n<li>\u6709\u4eba\u9006\u5411\u6f14\u7b97\u6cd5\u4e26\u5beb\u4e86\u514d\u8cbb\u7684\u8a31\u53ef\u78bc\u7522\u751f\u5668\u3002<\/li>\n<li>\u5169\u500b\u7248\u672c\u540c\u6642\u90fd\u5728\u8ca9\u8ce3\u3002\u201c\u7834\u89e3\u201d\u7248\u66f4\u52a0\u4fbf\u5b9c\u3002<\/li>\n<li>\u76ee\u6a19ATM\u662fWincor Nixdorf\uff08\u73fe\u5728\u662fDiebold Nixdorf\uff09\u3002<\/li>\n<li>Cutlet Maker\u5229\u7528VMProtect\u9032\u884c\u9ad8\u5ea6\u6df7\u6dc6\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong><em>\u60e1\u610f\u8edf\u9ad4\u76f8\u95dc\u96dc\u6e4a\u503c\uff08SHA256<\/em><\/strong><strong><em>\uff09\uff1a<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>PRILEX\uff08\u5075\u6e2c\u70baBKDR_PRILEX.A\uff09\uff1a<\/p>\n<ul>\n<li>77f99b6e6aa603a4e416ce09864ff0b8815987e56f9c31c609586017e1260027<\/li>\n<li>d10a0e0621a164fad0d7f3690b5d63ecb9561e5ad30a66f353a98395b774384e<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>CUTLET MAKER\uff08\u5075\u6e2c\u70baBKDR_ATMLETCUT.ASU\uff09\uff1a<\/p>\n<ul>\n<li>4a340a0a95f2af5ab7f3bfe6f304154e617d0c47ce31ee8426c70b86e195320c<\/li>\n<li>afae0190f085ce4a8d3414dc48b7aa45732970c5bab3c562014921451e165729<\/li>\n<li>3635b0f89bf932a3722c1ea538fb3ba911f570788b6a996ffd8b807fdfe8ac26<\/li>\n<li>a8a71e483645005b64b7be2b258539d1c38da1d575e663886cd6f0ef11fbd2af<\/li>\n<li>f888a85406c9349e93d682ff2a3ff48deb4b87e3ce8cf80346d0028086d6240c<\/li>\n<li>05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/dissecting-prilex-cutlet-maker-atm-malware-families\/\">Dissecting PRILEX and CUTLET MAKER ATM Malware Families<\/a> \u4f5c\u8005\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/trend-micro-advanced-threats-researchers\/\">\u8da8\u52e2\u79d1\u6280\u524d\u77bb\u6027\u5a01\u8105\u7814\u7a76\u5718\u968a<\/a>\uff08David Sancho\u548cFernando Merces\uff09<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9577\u6642\u9593\u4ee5\u4f86\u8da8\u52e2\u79d1\u6280\u90fd\u5728\u81f4\u529b\u65bc\u7814\u7a76ATM\u60e1\u610f\u8edf\u9ad4\uff0c\u7279\u5225\u662f\u90a3\u4e9b\u80fd\u5920\u79d8\u5bc6\u91dd\u5c0d\u9280\u884c\u5ba2\u6236\u7684\u65b0\u75c5\u6bd2\u5bb6\u65cf\u3002\u5728\u672c\u6587\u88e1\uff0c\u6211\u5011\u5c07\u6703 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[2767],"tags":[2768,2797,2800],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/53784"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=53784"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/53784\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=53784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=53784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=53784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}