{"id":55691,"date":"2018-05-31T09:00:53","date_gmt":"2018-05-31T01:00:53","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=55691"},"modified":"2018-05-30T16:03:20","modified_gmt":"2018-05-30T08:03:20","slug":"%e9%87%8d%e6%96%b0%e5%95%9f%e5%8b%95%e4%bd%a0%e7%9a%84%e8%b7%af%e7%94%b1%e5%99%a8%ef%bc%9avpnfilter%e6%84%9f%e6%9f%93%e5%85%a8%e7%90%83%e8%b6%85%e9%81%8e50%e8%90%ac%e5%8f%b0%e7%9a%84%e8%b7%af%e7%94%b1","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=55691","title":{"rendered":"\u91cd\u65b0\u555f\u52d5\u4f60\u7684\u8def\u7531\u5668\uff1aVPNFilter\u611f\u67d3\u5168\u7403\u8d85\u904e50\u842c\u53f0\u7684\u8def\u7531\u5668"},"content":{"rendered":"

\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1\u767c\u8868<\/a>\u4e86\u4e00\u4efd\u5831\u544a,\u6307\u51fa\u99ed\u5ba2\u5229\u7528\u60e1\u610f\u8edf\u9ad4 VPNFilter \u611f\u67d3\u81f3\u5c1154\u500b\u570b\u5bb6\uff0c\u8d85\u904e50\u842c\u53f0\u5bb6\u7528\u548c\u5c0f\u578b\u4f01\u696d\u8def\u7531\u5668\u3002\u9019\u60e1\u610f\u8edf\u9ad4\u53ef\u4ee5\u64cd\u7e31\u53d7\u611f\u67d3\u8def\u7531\u5668\u9032\u884c\u653b\u64ca\u3001\u6536\u96c6\u8cc7\u6599\u548c\u9032\u884c\u901a\u8a0a\u3001\u7aca\u53d6\u91cd\u8981\u6191\u8b49\u3001\u76e3\u8996\u8cc7\u6599\u63a1\u96c6\u8207\u76e3\u63a7\u7cfb\u7d71\uff08SCADA\uff09\u5354\u5b9a\uff0c\u4e26\u4e14\u6703\u5b89\u88dd\u81ea\u6bba\u6307\u4ee4\u4f86\u8b93\u53d7\u611f\u67d3\u8a2d\u5099\u7121\u6cd5\u4f7f\u7528\u3002\u9019\u4e9b\u52d5\u4f5c\u53ef\u4ee5\u88ab\u55ae\u7368\u89f8\u767c\u6216\u96c6\u4e2d\u89f8\u767c\u3002\u9019\u6ce2\u653b\u64ca\u5f9e2016\u5e74\u5c31\u5df2\u7d93\u958b\u59cb\uff0c\u4f46\u5728\u6700\u8fd1\u5e7e\u9031\u7a81\u7136\u5927\u91cf\u589e\u52a0\uff0c\u5c24\u5176\u662f\u5728\u70cf\u514b\u862d\u3002<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

\u6839\u64da\u7814\u7a76\u4eba\u54e1\u5c0dVPNFilter\u7684\u89c0\u5bdf\uff0c\u9019\u662f\u7a2e\u5f88\u8907\u96dc\u7684\u6a21\u7d44\u5316\u3001\u591a\u968e\u6bb5\u60e1\u610f\u8edf\u9ad4\uff0c\u6703\u5f71\u97ff\u5230\u5546\u7528\u8def\u7531\u5668\u548cNAS\u8a2d\u5099\uff0c\u4e26\u4e14\u5206\u6210\u4e09\u500b\u968e\u6bb5\u9032\u884c\u6563\u64ad\u548c\u611f\u67d3\u3002<\/p>\n

\u7b2c\u4e00\u968e\u6bb5\u9032\u884c\u6563\u64ad<\/strong>\uff0c\u76ee\u6a19\u8a2d\u5099\u662f\u4f7f\u7528Busybox\u548cLinux\u97cc\u9ad4\u7684\u591a\u7a2eCPU\u67b6\u69cb\u3002\u63a5\u8457\u5230Photobucket.com\u4e0b\u8f09\u5716\u6a94\u4f86\u53d6\u5f97IP\u5730\u5740\u4ee5\u627e\u5230\u7b2c\u4e8c\u968e\u6bb5\u7684\u4f3a\u670d\u5668\u3002\u5b83\u7684\u547d\u4ee4\u548c\u63a7\u5236<\/a>\uff08C&C\uff09\u9084\u6709\u5099\u7528\u6a5f\u5236\uff0c\u50cf\u662f\u5982\u679cPhotobucket\u7121\u6cd5\u9023\u4e0a\u5c31\u6703\u5f9eToKnowAll.com\u4e0b\u8f09\u3002\u5b83\u9084\u6703\u63a5\u6536\u4f86\u81ea\u653b\u64ca\u8005\u7684\u6307\u4ee4\uff0c\u5f9eapi.ipify.org\u6aa2\u67e5IP\u4e26\u5132\u5b58\u4e0b\u4f86\u5099\u7528\u3002\u5728\u6b64\u968e\u6bb5\u5c31\u7b97\u662f\u91cd\u65b0\u555f\u52d5\u8a2d\u5099\uff0c\u6838\u5fc3\u60e1\u610f\u7a0b\u5f0f\u78bc\u4e5f\u4ecd\u7136\u5b58\u5728\u65bc\u53d7\u611f\u67d3\u7cfb\u7d71\u4e2d\u3002<\/p>\n

\u7b2c\u4e8c\u968e\u6bb5\u9032\u884c\u60c5\u5831\u6536\u96c6<\/strong>\uff0c\u5982\u6536\u96c6\u6a94\u6848\u3001\u57f7\u884c\u547d\u4ee4\u3001\u7ba1\u7406\u8a2d\u5099\u548c\u8cc7\u6599\u53d6\u51fa\u3002\u5b83\u9084\u90e8\u7f72\u4e86\u81ea\u6bc0\u80fd\u529b\u3002\u5b83\u80fd\u5920\u8a55\u4f30\u53d7\u611f\u67d3\u8a2d\u5099\u7684\u7db2\u8def\u50f9\u503c\uff0c\u7279\u5225\u662f\u95dc\u65bc\u99ed\u5ba2\u611f\u8208\u8da3\u7684\u7cfb\u7d71\u3002\u99ed\u5ba2\u63a5\u8457\u53ef\u4ee5\u6c7a\u5b9a\u662f\u5426\u8981\u5229\u7528\u6b64\u7db2\u8def\u7e7c\u7e8c\u6536\u96c6\u8cc7\u6599\uff0c\u6216\u5229\u7528\u7cfb\u7d71\u7684\u7db2\u8def\u9023\u7dda\u4f86\u9032\u884c\u6563\u64ad\u3002\u6b64\u968e\u6bb5\u7684\u81ea\u6bc0\u529f\u80fd\u6703\u8986\u5beb\u8a2d\u5099\u7684\u91cd\u8981\u90e8\u5206\u518d\u9032\u884c\u91cd\u555f\uff0c\u4e00\u65e6\u653b\u64ca\u8005\u89f8\u767c\u5167\u5efa\u7684\u81ea\u6bba\u6307\u4ee4\u5c31\u6703\u7834\u58de\u97cc\u9ad4\uff0c\u8b93\u8a2d\u5099\u7121\u6cd5\u56de\u5fa9\u3002<\/p>\n

\u7b2c\u4e09\u968e\u6bb5\u5305\u542b\u505a\u70ba\u7b2c\u4e8c\u968e\u6bb5\u5916\u639b\u7a0b\u5f0f\u7684\u6a21\u7d44<\/strong>\u3002\u6709\u4e00\u500b\u5c01\u5305\u5074\u9304\u7a0b\u5f0f\u53ef\u4ee5\u7528\u4f86\u6536\u96c6\u8cc7\u6599\u548c\u6514\u622a\u6d41\u91cf\uff0c\u5982\u7aca\u53d6\u7db2\u7ad9\u6191\u8b49\u548c\u76e3\u8996Modbus SCADA\u5354\u5b9a\uff0c\u53e6\u4e00\u500b\u5916\u639b\u7a0b\u5f0f\u53ef\u4ee5\u7528\u4f86\u81ea\u52d5\u5316\u5c0dToR\u7684\u901a\u8a0a\u3002\u5176\u4ed6\u5728\u6b64\u968e\u6bb5\u6240\u89c0\u5bdf\u5230\u7684\u5916\u639b\u7a0b\u5f0f\u9084\u6c92\u80fd\u78ba\u8a8d\u3002<\/p>\n

\u7814\u7a76\u4eba\u54e1\u5224\u65b7\u6b64\u60e1\u610f\u8edf\u9ad4\u7684\u9f90\u5927\u57fa\u790e\u67b6\u69cb\u80fd\u5920\u6eff\u8db3\u653b\u64ca\u8005\u7684\u591a\u7a2e\u64cd\u4f5c\u9700\u6c42\uff0c\u7279\u5225\u662f\u5229\u7528\u5927\u91cf\u7684\u6df7\u6dc6\u6280\u8853\u4f86\u63a9\u84cb\u5176\u771f\u5be6\u4f86\u6e90\u3002\u9019\u610f\u5473\u8457\u5408\u6cd5\u4f01\u696d\u548c\u500b\u4eba\u4e5f\u53ef\u80fd\u88ab\u8aa4\u8a8d\u70ba\u662f\u99ed\u5ba2\u96c6\u5718\u6210\u54e1\u6216\u60e1\u610f\u8edf\u9ad4\u4f86\u6e90\u3002\u5148\u9032\u7684\u99ed\u5ba2\u96c6\u5718\uff08\u5982\u570b\u5bb6\u7b49\u7d1a\uff09\u4e5f\u80fd\u5920\u9054\u5230\u9019\u6a23\u7684\u8907\u96dc\u6027\u548c\u591a\u529f\u80fd\u6027\u3002<\/p>\n

\u7a0b\u5f0f\u78bc\u8ddfBlackEnergy<\/a>\u548cFancy Bear<\/a>\u6709\u91cd\u8907\u4e4b\u8655\u3002\u4f46\u7814\u7a76\u4eba\u54e1\u4e5f\u5f37\u8abf\u4ed6\u5011\u7121\u6cd5\u78ba\u8a8d\u5176\u4f86\u6e90\uff0c\u56e0\u70baBlackEnergy\u548cFancy Bear\u7684\u7a0b\u5f0f\u78bc\u90fd\u5df2\u7d93\u5728\u5730\u4e0b\u4e16\u754c\u516c\u958b\uff0c\u5176\u4ed6\u99ed\u5ba2\u4e5f\u53ef\u80fd\u4f7f\u7528\u3002<\/p>\n

[<\/strong>\u5ef6\u4f38\u95b1\u8b80\uff1aPawn Storm\u66f4\u65b0\uff1a\u65b0\u76ee\u6a19\u548c\u5177\u6709\u653f\u6cbb\u52d5\u6a5f\u7684\u653b\u64ca\u6d3b\u52d5<\/a>]<\/strong><\/p>\n

FBI\u81ea2017\u5e748\u6708\u4ee5\u4f86\u5c31\u4e00\u76f4\u5728\u8abf\u67e5\u9019\u8d77\u611f\u67d3\u6d3b\u52d5\u3002\u5728\u7576\u6642\uff0c\u60e1\u610f\u8edf\u9ad4\u611f\u67d3\u4e86\u5339\u8332\u5821\u6c11\u773e\u7684\u5bb6\u7528\u8def\u7531\u5668<\/a>\u3002\u7576\u5c40\u4f7f\u7528\u200b\u200b\u7db2\u8def\u5206\u6d41\u5668\u4f86\u89c0\u5bdf\u5f9e\u53d7\u5bb3\u8005\u8def\u7531\u5668\u96e2\u958b\u7684\u7db2\u8def\u6d41\u91cf\uff0c\u5f9e\u800c\u80fd\u5920\u77e5\u9053\u60e1\u610f\u8edf\u9ad4\u9032\u884c\u5230\u7b2c\u4e8c\u3001\u4e09\u968e\u6bb5\u7684\u904b\u4f5c\u6a21\u5f0f\u3002\u540c\u6642\uff0c\u7814\u7a76\u4eba\u54e1\u4e5f\u5f9e2016\u5e74\u4ee5\u4f86\u5c31\u4e00\u76f4\u5728\u8ffd\u8e64\u60e1\u610f\u8edf\u9ad4\u5c0d100\u591a\u500b\u570b\u5bb6\/\u5730\u5340\u4e0d\u540c\u8a2d\u5099\u7aef\u53e3\u7684\u6383\u63cf\u6d3b\u52d5\u3002\u57282018\u5e745\u6708\u521d\u770b\u5230\u91dd\u5c0d\u70cf\u514b\u862d\u8def\u7531\u5668\u7684\u611f\u67d3\u6d3b\u52d5\u6025\u5287\u4e0a\u5347\u4fc3\u4f7f\u7814\u7a76\u4eba\u54e1\u548c\u7576\u5c40\u63a1\u53d6\u884c\u52d5\uff0c\u56e0\u70ba\u611f\u67d3\u6d3b\u52d5\u589e\u52a0\u53ef\u80fd\u4ee3\u8868\u99ed\u5ba2\u5373\u5c07\u767c\u52d5\u7e3d\u653b\u3002\u806f\u90a6\u8abf\u67e5\u5c40\u63a1\u53d6\u884c\u52d5\u53bb\u7372\u5f97\u6388\u6b0a\u4f86\u5f9eVerisign\u624b\u4e2d\u5f97\u5230ToKnowAll.org\u7db2\u57df\u540d\u7a31\uff0c\u963b\u6b62\u4e86\u53ef\u80fd\u7684\u5927\u898f\u6a21\u7db2\u8def\u653b\u64ca\u3002<\/p>\n

\u5169\u6b65\u9a5f\u514d\u65bcVPNFilter<\/strong>\u60e1\u610f\u8edf\u9ad4\u653b\u64ca:<\/strong><\/p>\n

\u7814\u7a76\u4eba\u54e1\u5efa\u8b70\u63a1\u53d6\u4ee5\u4e0b\u6b65\u9a5f\u4f86\u4fdd\u8b77\u4f60\u7684\u7cfb\u7d71\u514d\u65bcVPNFilter\u60e1\u610f\u8edf\u9ad4\u653b\u64ca\uff1a<\/p>\n