{"id":56534,"date":"2018-08-14T09:00:19","date_gmt":"2018-08-14T01:00:19","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=56534"},"modified":"2018-08-17T16:15:42","modified_gmt":"2018-08-17T08:15:42","slug":"%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92princess-evolution-%e6%89%be%e5%90%88%e5%a4%a5%e4%ba%ba-%e4%bb%a5%e5%85%ad%e6%88%90%e8%b4%96%e9%87%91%e6%8a%bd%e4%bd%a3%e5%9b%9e%e8%99%9f%e5%8f%ac","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=56534","title":{"rendered":"\u52d2\u7d22\u75c5\u6bd2Princess Evolution\u00a0 \u627e\u5408\u5925\u4eba,\u4ee5\u62bd\u516d\u6210\u8d16\u91d1\u70ba\u865f\u53ec"},"content":{"rendered":"<p><u><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a><\/u>\u5f9e7\u670825\u65e5\u8d77\u5c31\u6301\u7e8c\u5730\u89c0\u5bdf\u5230\u60e1\u610f\u5ee3\u544a\u5229\u7528<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/rig-exploit-kit-now-using-cve-2018-8174-to-deliver-monero-miner\/\">Rig\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6<\/a>\u4f86\u6563\u64ad<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=56134\">\u6316\u7926( coinmining )<\/a>\u75c5\u6bd2\u53caGandCrab<u><a href=\"https:\/\/blog.trendmicro.com.tw\/?p=12412\">\u52d2\u7d22\u75c5\u6bd2Ransomware<\/a><\/u> (\u52d2\u7d22\u8edf\u9ad4\/\u7d81\u67b6\u75c5\u6bd2)<\/p>\n<p>\u3002\u800c\u57288\u67081\u65e5\uff0c\u6211\u5011\u6ce8\u610f\u5230Rig\u7db2\u8def\u6d41\u91cf\u51fa\u73fe\u4e86\u7576\u6642\u672a\u77e5\u7684\u52d2\u7d22\u75c5\u6bd2\u3002\u6df1\u5165\u7814\u7a76\u9019\u770b\u4f3c\u65b0\u7684\u52d2\u7d22\u75c5\u6bd2\u4e26\u6aa2\u67e5\u5b83\u5728Tor\u7db2\u8def\u5167\u7684\u52d2\u8d16\u901a\u77e5\u7db2\u9801\uff0c\u770b\u5230\u5b83\u88ab\u7a31\u70baPrincess Evolution\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70ba<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Ransom_PRINCESSLOCKER.B\">RANSOM_PRINCESSLOCKER.B<\/a>\uff09\uff0c\u9019\u662f2016\u5e74\u51fa\u73fe\u7684<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-recap-oct-7-2016\">Princess Locker<\/a>\u52d2\u7d22\u75c5\u6bd2\u7684\u65b0\u8b8a\u7a2e\u3002\u6839\u64da\u6700\u8fd1\u5728\u5730\u4e0b\u8ad6\u58c7\u7684\u5ee3\u544a\uff0c\u5b83\u7684\u4f5c\u8005\u4f3c\u4e4e\u8981\u5c07Princess Evolution\u4ee5<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=25625\">\u300c\u52d2\u7d22\u75c5\u6bd2\u670d\u52d9\u300d(Ransomware as a Service\uff0c\u7c21\u7a31 RaaS)<\/a>\u7684\u65b9\u5f0f\u7d93\u71df\uff0c\u4e26\u4e14\u5728\u627e\u5408\u4f5c\u5925\u4f34\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2016\/09\/ransom-recap.jpg\" \/><\/p>\n<p><strong>\u300c\u52d2\u7d22\u75c5\u6bd2\u670d\u52d9\u300d(Ransomware as a Service\uff0c\u7c21\u7a31 RaaS)<\/strong><br \/>\n\u591a\u5e74\u4ee5\u4f86\uff0c\u300c\u7db2\u8def\u72af\u7f6a\u670d\u52d9\u300d(Cybercrime as a Service\uff0c\u7c21\u7a31 CaaS) \u5df2\u5728<a style=\"font-style: inherit; font-weight: inherit;\" href=\"https:\/\/blog.trendmicro.com.tw\/?p=17092\">\u6df1\u5c64\u7db2\u8def(Deep Web)<\/a>\u5730\u4e0b\u8ad6\u58c7\u7576\u4e2d\u851a\u70ba\u4e00\u80a1\u98a8\u6f6e\u3002\u4e00\u4e9b\u7f3a\u4e4f\u7d93\u9a57\u7684\u7db2\u8def\u72af\u7f6a\u5206\u5b50 (\u5766\u767d\u8aaa\u4e5f\u662f\u51fa\u65bc\u61f6\u60f0)\uff0c\u53ea\u8981\u5411\u4e00\u4e9b\u8001\u624b\u8cfc\u8cb7 CaaS \u5de5\u5177\u548c\u670d\u52d9\uff0c\u5c31\u80fd\u8f15\u8f15\u9b06\u9b06\u767c\u52d5\u4e00\u4e9b\u60e1\u610f\u7a0b\u5f0f\u3001<a style=\"font-style: inherit; font-weight: inherit;\" href=\"https:\/\/blog.trendmicro.com.tw\/?p=149\">\u5783\u573e\u90f5\u4ef6(SPAM)<\/a>\u3001<a style=\"font-style: inherit; font-weight: inherit;\" href=\"https:\/\/blog.trendmicro.com.tw\/?p=136\">\u7db2\u8def\u91e3\u9b5a\uff08Phishing\uff09<\/a>\u6216\u5176\u4ed6\u60e1\u610f\u653b\u64ca\u884c\u52d5\uff0c\u4e00\u5207\u53ea\u9700\u9ede\u9ede\u6ed1\u9f20\u5373\u53ef\u3002\u9019\u4e9b\u73fe\u6210\u7684\u5de5\u5177\u5957\u4ef6\u4f7f\u7528\u8d77\u4f86\u5e7e\u4e4e\u4e0d\u8cbb\u529b\u6c23\u3001\u4e5f\u4e0d\u9700\u82b1\u5927\u9322\u3001\u66f4\u4e0d\u9700\u7d93\u9a57\uff0c\u5c31\u9023\u53ea\u6703\u5beb\u5beb\u8173\u672c\u7684\u521d\u968e\u99ed\u5ba2\u4e5f\u80fd\u4e0a\u624b\uff0c\u4f46\u537b\u53ef\u4ee5\u5e36\u4f86\u9ad8\u5831\u916c\u3002<\/p>\n<p>\u800c<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=25625\">\u300c\u52d2\u7d22\u75c5\u6bd2\u670d\u52d9\u300d(Ransomware as a Service\uff0c\u7c21\u7a31 RaaS)<\/a>\u00a0\u9020\u6210\u65b0\u7684\u52d2\u7d22\u75c5\u6bd2 Ra\u5bb6\u65cf\u7684\u6578\u91cf\u5927\u589e\uff0c\u4e5f\u8b93\u539f\u672c\u5927\u591a\u91dd\u5c0d\u500b\u4eba\u4f7f\u7528\u8005\u7684\u653b\u64ca\uff0c\u958b\u59cb\u5c0d\u4f01\u696d\u9020\u6210\u56b4\u91cd\u5a01\u8105\u3002<!--more--><\/p>\n<p>\u6211\u5011\u81ea7\u670825\u65e5\u4ee5\u4f86\u89c0\u5bdf\u5230\u7684\u65b0\u60e1\u610f\u5ee3\u544a\u6d3b\u52d5\u4e2d\uff0c\u6709\u9805\u503c\u5f97\u6ce8\u610f\u662f\u5b83\u5305\u542b\u4e86Coinhive\uff08COINMINER_MALXMR.TIDBF\uff09\u3002\u5373\u4fbf\u4f7f\u7528\u8005\u6c92\u6709\u88ab\u5c0e\u5230\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u4f86\u611f\u67d3\u52d2\u7d22\u75c5\u6bd2\uff0c\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u4ecd\u53ef\u4ee5\u900f\u904e\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u7684\u65b9\u5f0f\u4f86\u8cfa\u53d6\u975e\u6cd5\u5229\u6f64\u3002\u9019\u6ce2\u65b0\u653b\u64ca\u7684\u53e6\u4e00\u7279\u9ede\u662f\u4ed6\u5011\u5c07\u60e1\u610f\u5ee3\u544a\u7db2\u9801\u653e\u5728\u514d\u8cbb\u7db2\u8def\u4ee3\u7ba1\u670d\u52d9\u4e0a\uff0c\u4e26\u4f7f\u7528DNS\u7684CNAME\u8a2d\u5b9a\u5c07\u4ed6\u5011\u7684\u5ee3\u544a\u7db2\u57df\u5c0d\u61c9\u5230\u670d\u52d9\u4e0a\u7684\u60e1\u610f\u7db2\u9801\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/08\/princess-evolution-ransomware-2-2.png\" \/><\/p>\n<p><em>\u57161<\/em><em>\u3001\u4ed8\u9322\u7db2\u7ad9\u4e0a\u7684Princess Evolution<\/em><em>\u6a19\u8a8c<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/08\/princess-evolution-ransomware-2-1.png\" \/><\/p>\n<p><em>\u57162<\/em><em>\u3001\u900f\u904eRig<\/em><em>\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u6563\u64adPrincess Evolution<\/em><em>\u7684\u60e1\u610f\u6d41\u91cf\uff08\u4e0a\uff09\u60e1\u610f\u5ee3\u544a\u7db2\u57dfDNS<\/em><em>\u56de\u61c9\uff08\u4e0b\uff09<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u6df1\u5165Princess Evolution<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Princess Evolution\u8207Princess Locker\u6709\u8457\u76f8\u540c\u7684\u52d2\u8d16\u901a\u77e5\u3002Princess Evolution\u6703\u52a0\u5bc6\u7cfb\u7d71\u4e0a\u7684\u6a94\u6848\uff0c\u4e26\u5c07\u5176\u539f\u59cb\u6a94\u6848\u526f\u6a94\u540d\u8b8a\u66f4\u6210\u96a8\u6a5f\u7522\u751f\u7684\u5b57\u4e32\u3002\u7522\u751f\u7684\u52d2\u8d16\u901a\u77e5\u5305\u542b\u5982\u4f55\u652f\u4ed80.12\u6bd4\u7279\u5e63\u8d16\u91d1\u7684\u8aaa\u660e\uff08\u57282018\u5e748\u67088\u65e5\u7d04\u7b49\u65bc773\u7f8e\u5143\uff09\u3002<\/p>\n<p>\u6211\u5011\u767c\u73fePrincess Locker\u4f5c\u8005\u57287\u670831\u65e5\u5728\u5730\u4e0b\u8ad6\u58c7\u8cbc\u51fa\u4e86\u4e00\u7bc7\u6587\u7ae0\uff0c\u5ba3\u50b3\u4ed6\u5011\u65b0\u5efaPrincess Evolution\u7684\u5408\u4f5c\u8a08\u756b\u3002\u6839\u64da\u5176\u5546\u696d\u6a21\u5f0f\uff0c<strong>\u5408\u4f5c\u5925\u4f34\u7372\u5f97<\/strong><strong>60%<\/strong><strong>\u7684\u8d16\u91d1\uff0c\u5176\u9918\u7684\u662f\u75c5\u6bd2\u4f5c\u8005\u7684\u4f63\u91d1\u3002<\/strong>\u6839\u64da\u4ed6\u5011\u7684\u5ee3\u544a\uff0c\u4f3c\u4e4e\u4f5c\u8005\u82b1\u4e86\u4e9b\u6642\u9593\u4f86\u958b\u767cPrincess Evolution\u3002<\/p>\n<p>\u4ee5\u4e0b\u662f\u5728\u5730\u4e0b\u8ad6\u58c7\u6240\u767c\u73fePrincess Evolution\u5ee3\u544a\u7684\u539f\u6587\uff0c\u4f7f\u7528\u4fc4\u6587\u64b0\u5beb\uff1a<\/p>\n<p><em>\u0421 \u043d\u043e\u0432\u044b\u043c \u043b\u0435\u0442\u043d\u0438\u043c \u0434\u043d\u0435\u043c, \u0434\u0440\u0443\u0437\u044c\u044f! \u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043d\u0430\u0437\u0430\u0434 \u043c\u044b \u0432\u044b\u043d\u0443\u0436\u0434\u0435\u043d\u044b \u0431\u044b\u043b\u0438 \u043f\u0440\u0438\u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043d\u0430\u0448\u0438 \u043f\u043e\u0437\u0438\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u044f\u0445 \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u043f\u043e\u0438\u0441\u043a\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u0434\u0435\u0430\u043b\u0430. \u042d\u0442\u043e \u0431\u044b\u043b \u043f\u0435\u0440\u0438\u043e\u0434 \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u0439, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043e\u043a, \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u043e\u0432, \u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043e\u0436\u0438\u0434\u0430\u043d\u0438\u0439 \u0438 \u0441\u043f\u043e\u0440\u043e\u0432. \u041e\u0447\u0435\u0440\u0442\u0430\u043d\u0438\u044f \u0438\u0434\u0435\u0430\u043b\u0430 \u0432\u0441\u0435\u0433\u0434\u0430 \u043e\u0431\u043c\u0430\u043d\u0447\u0438\u0432\u043e \u0443\u0441\u043a\u043e\u043b\u044c\u0437\u0430\u044e\u0442 \u0432 \u044d\u043a\u0441\u0442\u0430\u0437\u0435 \u043f\u043e\u0433\u043e\u043d\u0438 \u0437\u0430 \u043d\u0438\u043c, \u043d\u0435\u0438\u0437\u043c\u0435\u043d\u043d\u043e \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043f\u043e\u0437\u0430\u0434\u0438 \u043f\u0440\u0435\u043e\u0434\u043e\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u0438\u0441\u0442\u0430\u043d\u0446\u0438\u044e. \u042d\u0442\u043e \u0438 \u044f\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0443\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0435\u0441\u0441\u0430, \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u043c\u044b \u0440\u0430\u0434\u044b \u0432\u0435\u0440\u043d\u0443\u0442\u044c\u0441\u044f \u0438 \u043f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0432\u0430\u0441 \u0441 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u043d\u0430\u0448\u0435\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430. **Princess Evolution**<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u7ffb\u8b6f\u6210\u4e2d\u6587\uff1a<\/p>\n<p><em>\u590f\u65e5\u6109\u5feb\uff0c\u670b\u53cb\u5011\uff01\u5728\u5e7e\u500b\u6708\u524d\uff0c\u6211\u5011\u4e0d\u5f97\u4e0d\u66ab\u505c\u6211\u5011\u7684\u6d3b\u52d5\u4f86\u5f9e\u5404\u65b9\u9762\u6aa2\u8996\u6211\u5011\u7684\u5b9a\u4f4d\u4e26\u5c0b\u6c42\u6211\u5011\u81ea\u5df1\u7684\u7406\u60f3\u3002\u9019\u662f\u6bb5\u89c0\u5bdf\u3001\u958b\u767c\u3001\u5be6\u9a57\u3001\u9577\u671f\u7b49\u5f85\u548c\u722d\u8ad6\u7684\u6642\u9593\u3002\u5728\u3002\u8ffd\u6c42\u7684\u904e\u7a0b\u4e2d\u770b\u4f3c\u96e3\u4ee5\u5b8c\u6210\uff0c\u4f46\u7d42\u7a76\u662f\u514b\u670d\u4e86\u3002\u9019\u662f\u6700\u7d42\u7684\u9032\u5ea6\uff0c\u6211\u5011\u5f88\u9ad8\u8208\u56de\u4f86\u4e86\uff0c\u4e26\u6b61\u8fce\u60a8\u4f7f\u7528\u6211\u5011\u7522\u54c1\u7684\u65b0\u7248\u672c\u3002 **Princess Evolution**<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u6280\u8853\u5206\u6790<\/em><\/strong><\/p>\n<p>\u5b83\u7684\u52a0\u5bc6\u65b9\u5f0f\u6703\u7528XOR\u548cAES\u6f14\u7b97\u6cd5\u4f86\u8655\u7406\u6a94\u6848\u7684\u7b2c\u4e00\u584a\u8cc7\u6599\uff0c\u540c\u6642\u7528AES\u52a0\u5bc6\u6a94\u6848\u5176\u9918\u90e8\u5206\u7684\u8cc7\u6599\u3002\u6211\u5011\u6240\u770b\u5230Princess Locker\u5230Princess Evolution\u7684\u4e00\u500b\u91cd\u5927\u6539\u8b8a\u662f\u5f9e\u4f7f\u7528HTTP POST\u63db\u6210UDP\u4f86\u9032\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff08C&amp;C\uff09\u901a\u8a0a\u3002\u9019\u53ef\u80fd\u662f\u56e0\u70baUDP\u767c\u9001\u8cc7\u6599\u901f\u5ea6\u66f4\u5feb\uff0c\u56e0\u70ba\u8a72\u505a\u7684\u4e8b\u60c5\u8f03\u5c11\uff08\u5982\u5728\u767c\u9001\u8cc7\u6599\u524d\u4e0d\u9700\u8981\u5148\u5efa\u7acb\u9023\u7dda\uff09\u3002<\/p>\n<p>Princess Evolution\u6703\u7522\u751f\u4e00\u500b\u96a8\u6a5f\u7684XOR\u91d1\u9470\uff080x80\u5b57\u5143\uff09\uff0c\u53e6\u4e00\u500b\u5247\u7528AES-128\u6f14\u7b97\u6cd5\u7522\u751f\uff0c\u4e26\u5c07\u9019\u4e9b\u91d1\u9470\u53ca\u4ee5\u4e0b\u8cc7\u8a0a\u7528UDP\u9001\u5230\u7db2\u8def167[.]114[.]195[.]0\/23[:]6901\uff1a<\/p>\n<ul>\n<li>\u4e2d\u6bd2\u96fb\u8166\u7684\u4f7f\u7528\u8005\u540d\u7a31<\/li>\n<li>\u4f7f\u7528\u4e2d\u7db2\u8def\u754c\u9762\u7684\u540d\u7a31<\/li>\n<li>\u7cfb\u7d71\u7684\u5340\u57dfID\uff08LCID\uff09<\/li>\n<li>\u4f5c\u696d\u7cfb\u7d71\u7248\u672c\uff08OS\uff09<\/li>\n<li>\u53d7\u5bb3\u8005ID<\/li>\n<li>Windows\u8a3b\u518a\u7684\u5b89\u5168\u8edf\u9ad4<\/li>\n<li>\u7a0b\u5f0f\u555f\u52d5\u7684\u6642\u9593\u6233\u8a18<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Princess Evolution\u8207C&amp;C\u5efa\u7acb\u9023\u7dda\u7684\u65b9\u6cd5\u8ddf<a href=\"https:\/\/blog.trendmicro.com.tw\/?tag=cerber\">Cerber<\/a>\u985e\u4f3c\u3002\u53e6\u4e00\u500b\u503c\u5f97\u6ce8\u610f\u7684\u662fPrincess Locker\u7684\u4ed8\u9322\u7db2\u7ad9\u8ddfCerber\u7684<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/introducing-her-royal-highness-the-princess-locker-ransomware\/\">\u76f8\u4f3c<\/a>\u3002Princess Evolution\u7684\u4ed8\u9322\u9801\u9762\u73fe\u5728\u63a1\u7528\u4e86\u65b0\u8a2d\u8a08\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/08\/princess-evolution-ransomware-3-2.png\" \/><\/p>\n<p><em>\u57163<\/em><em>\u3001Princess Evolution<\/em><em>\u4f7f\u7528UDP<\/em><em>\u7684C&amp;C<\/em><em>\u9023\u7dda\uff08\u4e0a\uff09\u53ca\u5176\u4ed8\u9322\u7db2\u7ad9\uff08\u4e0b\uff09<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u63d0\u9192\u4e86\u4f7f\u7528\u8005\u548c\u4f01\u696d\u66f4\u65b0\u4fee\u88dc\u7a0b\u5f0f\u7684\u91cd\u8981\u6027\u3002\u52d2\u7d22\u75c5\u6bd2\u7684\u6d3b\u52d5\u53ef\u80fd\u5df2\u7d93\u9054\u5230<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/research-and-analysis\/threat-reports\/roundup\/2017-annual-roundup-the-paradox-of-cyberthreats\">\u6301\u5e73<\/a>\u7684\u968e\u6bb5\uff08\u751a\u81f3\u5728\u67d0\u4e9b\u5730\u5340\u6709\u6240<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/the-need-for-managed-detection-and-response-persistent-and-prevalent-threats-in-north-americas-security-landscape\/\">\u4e0b\u964d<\/a>\uff09\uff0c\u4f46\u9451\u65bc\u5176\u7834\u58de\u6027\uff0c\u5b83\u4ecd\u7136\u662f\u500b\u91cd\u5927\u5a01\u8105\u3002\u9075\u5faa\u6700\u4f73\u5be6\u4f5c\uff1a\u9ede\u64ca\u524d\u5148\u60f3\u4e00\u60f3\uff0c\u4fdd\u6301\u7cfb\u7d71\u53ca\u61c9\u7528\u7a0b\u5f0f\u66f4\u65b0\uff08\u6216\u662f\u5728\u4f01\u696d\u74b0\u5883\u548c\u8001\u820a\u7cfb\u7d71\u8207\u7db2\u8def\u7684\u60c5\u6cc1\u4e0b\u8003\u616e\u4f7f\u7528<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/capabilities\/intrusion-prevention.html?cm_re=10_19_17-_-2d_Capabilities-_-IntrusionPrevention\">\u865b\u64ec\u4fee\u88dc<\/a>\u6280\u8853\uff09\uff0c\u4e26\u4e14\u5be6\u65bd\u7e31\u6df1\u9632\u79a6\u7684\u7b56\u7565\u3002<\/p>\n<p>\u4e3b\u52d5\u3001\u591a\u5c64\u6b21\u7684\u5b89\u5168\u9632\u8b77\u662f\u62b5\u79a6\u6f0f\u6d1e\u653b\u64ca\uff08\u4f86\u81ea\u9598\u9053\u3001\u7aef\u9ede\u3001\u7db2\u8def\u548c\u4f3a\u670d\u5668\uff09\u7684\u95dc\u9375\u3002\u5177\u5099<a href=\"https:\/\/www.trendmicro.tw\/business\/xgen-security.html\">XGen&#x2122; \u9632\u8b77<\/a>\u7aef\u9ede\u5b89\u5168\u9632\u8b77\u6280\u8853\u7684\u8da8\u52e2\u79d1\u6280<a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/product-security\/officescan\/index.html\">\u8da8\u52e2\u79d1\u6280OfficeScan<\/a>\u5177\u6709<u>Vulnerability Protection<\/u><u>\u6f0f\u6d1e\u9632\u8b77<\/u>\uff0c\u53ef\u4ee5\u5728\u4fee\u88dc\u7a0b\u5f0f\u90e8\u7f72\u524d\u9632\u8b77\u7aef\u9ede\u514d\u65bc\u5df2\u77e5\u548c\u672a\u77e5\u7684\u6f0f\u6d1e\u653b\u64ca\u3002\u8da8\u52e2\u79d1\u6280\u7684\u7aef\u9ede\u89e3\u6c7a\u65b9\u6848\uff08\u5982<u><a href=\"https:\/\/www.trendmicro.tw\/tw\/business\/complete-software-protection\/index.html\">\u8da8\u52e2\u79d1\u6280 Smart Protection Suites<\/a><\/u>\u548c<a href=\"https:\/\/www.trendmicro.tw\/tw\/small-business\/worry-free-pro\/\">Worry-Free Pro<\/a>\uff09\u6703\u5075\u6e2c\u548c\u5c01\u9396\u60e1\u610f\u6a94\u6848\u53ca\u6240\u6709\u76f8\u95dc\u60e1\u610f\u7db2\u5740\u4f86\u4fdd\u8b77\u6700\u7d42\u4f7f\u7528\u8005\u548c\u4f01\u696d\u514d\u65bc\u9019\u4e9b\u5a01\u8105\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u5165\u4fb5\u6307\u6a19\uff08IoC<\/em><\/strong><strong><em>\uff09\uff1a<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><em>\u76f8\u95dc\u96dc\u6e4a\u503c\uff08SHA-256<\/em><em>\uff09\uff1a<\/em><\/p>\n<ul>\n<li>1408a24b74949922cc65164eea0780449c2d02bb6123fd992b2397f1873afd21 \u2013 <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Ransom_PRINCESSLOCKER.B\">B<\/a><\/li>\n<li>981cf7d1b1b2c23d7717ba93a50fc1889ae78ee378dbb1cbfff3fd0fe11d0cbc \u2013 <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Ransom_PRINCESSLOCKER.B\">B<\/a><\/li>\n<li>8fc9353cc0c15704f016bc1c1b05961ab267b6108cfa26725df19a686ec2ad28 \u2013 RANSOM_GANDCRAB.TIAOBH<\/li>\n<li>6502e8d9c49cc653563ea75f03958900543430be7b9c72e93fd6cf0ebd5271bc \u2013 COINMINER_MALXMR.TIDBF<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em>Princess Evolution<\/em><em>\u76f8\u95dc\u7684\u60e1\u610f\u5ee3\u544a\u7db2\u57df\u540d\u7a31\uff1a<\/em><\/p>\n<ul>\n<li>greatchina[.]ga<\/li>\n<li>princessno1[.]tk<\/li>\n<li>smokeweedeveryday[.]tk<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em>Princess Evolution<\/em><em>\u76f8\u95dc\u7684IP<\/em><em>\u5730\u5740\uff1a<\/em><\/p>\n<ul>\n<li>hxxp:\/\/188[.]225[.]34[.]86\/\uff08Rig\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u7684IP\u5730\u5740\uff09<\/li>\n<li>hxxp:\/\/178[.]32[.]201[.]161\/\uff08\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u75c5\u6bd2\u76f8\u95dc\u7684C&amp;C IP\u5730\u5740\uff09<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ransomware-as-a-service-princess-evolution-looking-for-affiliates\/\">Ransomware as a Service Princess Evolution Looking for Affiliates<\/a> \u4f5c\u8005\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/josephcchen\/\">Joseph C Chen\uff08\u7db2\u8def\u8a50\u9a19\u7814\u7a76\u54e1\uff09<\/a><\/p>\n<p>PC-cillin \u96f2\u7aef\u7248&#x1f534;\u9632\u7bc4\u52d2\u7d22 &#x1f534;\u4fdd\u8b77\u500b\u8cc7 \u2713\u624b\u6a5f\u2713\u96fb\u8166\u2713\u5e73\u677f\uff0c\u8de8\u5e73\u53f0\u9632\u8b77\uff13\u5230\u4f4d<br \/>\n<a href=\"https:\/\/t.rend.tw\/?i=Mzc4NQ\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/08\/Windows10Banner-540x90v5.gif\" \/><br \/>\n<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8da8\u52e2\u79d1\u6280\u5f9e7\u670825\u65e5\u8d77\u5c31\u6301\u7e8c\u5730\u89c0\u5bdf\u5230\u60e1\u610f\u5ee3\u544a\u5229\u7528Rig\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u4f86\u6563\u64ad\u6316\u7926( coinmining )\u75c5\u6bd2\u53ca [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[1943],"tags":[239,2559,2706],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/56534"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=56534"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/56534\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=56534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=56534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=56534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}