{"id":60633,"date":"2019-04-23T17:04:49","date_gmt":"2019-04-23T09:04:49","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=60633"},"modified":"2019-05-17T17:08:45","modified_gmt":"2019-05-17T09:08:45","slug":"%e6%93%81%e6%9c%89%e7%ae%a1%e7%90%86%e5%93%a1%e6%ac%8a%e9%99%90%e7%9a%84%e5%b8%b3%e8%99%9f%e8%a2%ab%e7%94%a8%e4%be%86%e9%80%8f%e9%81%8epsexec%e5%ae%89%e8%a3%9dbitpaymer%e5%8b%92%e7%b4%a2%e7%97%85","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=60633","title":{"rendered":"\u64c1\u6709\u7ba1\u7406\u54e1\u6b0a\u9650\u7684\u5e33\u865f\u88ab\u7528\u4f86\u900f\u904ePsExec\u5b89\u88ddBitPaymer\u52d2\u7d22\u75c5\u6bd2"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>\u52d2\u7d22\u75c5\u6bd2\u53ef\u80fd\u57282018\u5e74\u5448\u73fe<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/research-and-analysis\/threat-reports\/roundup\/unraveling-the-tangle-of-old-and-new-threats\">\u4e0b\u964d<\/a>\u7684\u8da8\u52e2\uff0c\u4f46\u5b83\u4f3c\u4e4e\u53c8\u56de\u4f86\u4e86 \u2013 \u53ea\u662f\u9019\u6b21\u7684\u653b\u64ca\u770b\u8d77<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/Ransomeware-200x200.jpg\" alt=\"\u00e9\u0080\u0099\u00e5\u00bc\u00b5\u00e5\u009c\u0096\u00e7\u0089\u0087\u00e7\u009a\u0084 alt \u00e5\u00b1\u00ac\u00e6\u0080\u00a7\u00e5\u0080\u00bc\u00e7\u0082\u00ba\u00e7\u00a9\u00ba\u00ef\u00bc\u008c\u00e5\u00ae\u0083\u00e7\u009a\u0084\u00e6\u00aa\u0094\u00e6\u00a1\u0088\u00e5\u0090\u008d\u00e7\u00a8\u00b1\u00e7\u0082\u00ba Ransomeware-200x200.jpg\"\/><\/figure><\/div>\n\n\n\n<p>\u4f86\u66f4\u5177\u6709\u91dd\u5c0d\u6027\u3002\u4e4b\u524d\u5c31\u51fa\u73fe\u4e86\u91dd\u5c0d\u4e00\u5bb6\u7f8e\u570b\u98f2\u6599\u516c\u53f8\u7684<a href=\"https:\/\/techcrunch.com\/2019\/04\/02\/arizona-beverages-ransomware\/\">\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca<\/a>\u65b0\u805e\uff0c\u6703\u5c07\u516c\u53f8\u540d\u7a31\u653e\u5728\u52d2\u8d16\u901a\u77e5\u88e1\uff0c\u800c\u672c\u7bc7\u6587\u7ae0\u6703\u63a2\u8a0e\u653b\u64ca\u4e00\u5bb6\u7f8e\u570b\u88fd\u9020\u5546\u7684BitPaymer\u52d2\u7d22\u75c5\u6bd2\uff08\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70baRansom.Win32.BITPAYMER.TGACAJ\uff09\u3002\u9019\u5bb6\u516c\u53f8\u8207\u98f2\u6599\u516c\u53f8\u4e00\u6a23\uff0c\u4e5f\u4f3c\u4e4e\u6210\u70ba\u4e86\u88ab\u91dd\u5c0d\u7684\u76ee\u6a19\uff0c\u56e0\u70ba\u53d7\u611f\u67d3\u7cfb\u7d71\u5167\u7684\u52d2\u8d16\u901a\u77e5\u4e5f\u51fa\u73fe\u4e86\u516c\u53f8\u540d\u7a31\u3002<\/p>\n\n\n\n<p>\u6839\u64da\u8abf\u67e5\u7d50\u679c\u8b93\u6211\u5011\u76f8\u4fe1\u653b\u64ca\u8005\u662f\u7528\u5177\u5099\u7ba1\u7406\u54e1\u6b0a\u9650\u7684\u5e33\u865f\u4f86\u900f\u904ePsExec\u5b89\u88ddBitPaymer\uff0cPsExec\u662f\u53ef\u4ee5\u5728\u9060\u7aef\u96fb\u8166\u4e0a\u57f7\u884c\u7a0b\u5e8f\u7684\u547d\u4ee4\u5217\u5de5\u5177\u3002<\/p>\n\n\n\n<p><strong><em>BitPaymer<\/em><\/strong><strong><em>\u5982\u4f55\u51fa\u73fe\u5728\u7cfb\u7d71\u5167<\/em><\/strong><\/p>\n\n\n\n<p>BitPaymer\uff08\u8ddfiEncrypt\u52d2\u7d22\u75c5\u6bd2\u6709\u95dc\uff09\u662f\u900f\u904ePsExec\u5728\u88fd\u9020\u5546\u7684\u96fb\u8166\u4e0a\u57f7\u884c\u3002\u6839\u64da\u6211\u5011\u7684\u5206\u6790\u986f\u793a\uff0c\u653b\u64ca\u8005\u57282019\u5e742\u670818\u65e5\u665a\u4e0a9\u9ede40\u5206\u5230\u665a\u4e0a11\u9ede03\u5206\u4e4b\u9593\u900f\u904ePsExec\u767c\u9001\u547d\u4ee4\u4f86\u8907\u88fd\u548c\u57f7\u884cBitPaymer\u8b8a\u7a2e\u3002<\/p>\n\n\n\n<p>\u653b\u64ca\u8005\u81f3\u5c11\u9700\u8981\u4e00\u500b\u5177\u6709\u7ba1\u7406\u54e1\u6b0a\u9650\u7684\u5e33\u865f\u624d\u80fd\u900f\u904ePsExec\u57f7\u884c\u547d\u4ee4\u3002\u9019\u4ee3\u8868\u5728\u5b89\u88dd\u52d2\u7d22\u75c5\u6bd2\u524d\u5c31\u5df2\u7d93\u767c\u751f\u904e\u672a\u88ab\u5075\u6e2c\u5230\u7684\u5165\u4fb5\u4e8b\u4ef6\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/BitPaymer-Ransomware-Diagram-01.jpg\" alt=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/BitPaymer-Ransomware-Diagram-01.jpg\"\/><\/figure>\n\n\n\n<p>\u57161. BitPaymer\u52d2\u7d22\u75c5\u6bd2\u7684\u653b\u64ca\u6642\u9593\u8ef8<\/p>\n\n\n\n<p>\u8da8\u52e2\u79d1\u6280Smart Protection Network\u6240\u63d0\u4f9b\u7684\u8cc7\u6599\u652f\u6301\u6b64\u5047\u8a2d\u3002\u5f9e1\u670829\u65e5\u52302\u670818\u65e5\u9593\uff0c\u5075\u6e2c\u5230\u591a\u8d77\u5728\u6578\u53f0\u96fb\u8166\u4e0a\u57f7\u884cEmpire PowerShell\u5f8c\u9580\u7a0b\u5f0f\u3002\u5206\u6790\u986f\u793a\u9019\u662f\u900f\u904e\u9060\u7aef\u57f7\u884c\u800c\u4e0d\u662f\u5728\u76ee\u6a19\u96fb\u8166\u4e0a\u690d\u5165\u6a94\u6848\u3002\u5728\u540c\u4e00\u6642\u9593\u6bb5\u5167\u4e5f\u5075\u6e2c\u5230Dridex\u76f8\u95dc\u6a94\u6848\uff08\u6211\u5011\u627e\u5230\u8ddfBitPaymer<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader\/\">\u5171\u7528\u7684\u8f09\u5165\u5668<\/a>\uff09\u3002\u8acb\u6ce8\u610f\uff0c\u5728\u7f8e\u570b\u98f2\u6599\u516c\u53f8\u6848\u4f8b\u4e2d\uff0c<a href=\"https:\/\/www.infosecurity-magazine.com\/news\/a-spot-of-ransomware-hits-arizonas\/\">\u4e00\u4e9b\u7814\u7a76\u4eba\u54e1<\/a>\u8a8d\u70ba\u8d77\u51fa\u7684Dridex\u611f\u67d3\u4e8b\u4ef6\u53ef\u80fd\u8ddf\u6700\u7d42\u7684\u52d2\u7d22\u75c5\u6bd2\u611f\u67d3\u6709\u95dc\u3002<\/p>\n\n\n\n<p>\u6aa2\u8996\u6240\u6709\u7684\u53ef\u7528\u8cc7\u8a0a\uff0c\u6211\u5011\u80fd\u5920\u63a8\u65b7\u51fa\u516c\u53f8\u57281\u670829\u65e5\u524d\u5f8c\u5c31\u5df2\u7d93\u51fa\u73fe\u8cc7\u5b89\u5165\u4fb5\u4e8b\u4ef6\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<p><strong><em>\u9019\u4e26\u4e0d\u662f\u65b0\u7684BitPaymer<\/em><\/strong><strong><em>\u8b8a\u7a2e<\/em><\/strong><\/p>\n\n\n\n<p>\u5982\u4e0a\u6240\u8ff0\uff0cRansom.Win32.BITPAYMER.TGACAJ\u6703\u5728\u52d2\u8d16\u901a\u77e5\u5167\u51fa\u73fe\u53d7\u5bb3\u516c\u53f8\u7684\u540d\u7a31\uff0c\u4e26\u7528\u4f5c\u70ba\u52a0\u5bc6\u6a94\u6848\u7684\u526f\u6a94\u540d\u3002\u9019\u986f\u793a\u51fa\u8a72\u516c\u53f8\u5f88\u53ef\u80fd\u662f\u88ab\u91dd\u5c0d\u7684\u3002\u57282018\u5e74\u5e95\u4e5f<a href=\"https:\/\/twitter.com\/siri_urz\/status\/1065171335251484672\">\u51fa\u73fe<\/a>\u904e\u985e\u4f3cRansom.Win32.BITPAYMER.TGACAJ\u7684\u8b8a\u7a2e\uff0c\u7576\u6642\u5b83\u91dd\u5c0d\u4e86\u6578\u5bb6\u516c\u53f8\uff0c\u5305\u62ec\u4e00\u5bb6\u7e3d\u90e8\u4f4d\u65bc\u5fb7\u570b\u7684\u88fd\u9020\u5546\u3002\u8a72\u8b8a\u7a2e\u4e5f\u6703\u5728\u52d2\u8d16\u901a\u77e5\u5167\u4f7f\u7528\u53d7\u5bb3\u516c\u53f8\u7684\u540d\u7a31\uff0c\u4e26\u5c07\u5176\u4f5c\u70ba\u52a0\u5bc6\u6a94\u6848\u7684\u526f\u6a94\u540d\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/Figure-2_BitPaymer.jpg\" alt=\"Figure 2. In the ransom note, the victim is instructed to contact the threat actor\/s to know how much needs to be paid in exchange for decryption. Notably, the key used in the encryption is stored in the message itself, and not within the file. This means losing the ransom note could kill the chance of file decryption.\"\/><\/figure>\n\n\n\n<p>\u57162. \u52d2\u8d16\u901a\u77e5\u53ea\u8981\u6c42\u53d7\u5bb3\u8005\u806f\u7d61\u653b\u64ca\u8005\u4f86\u4e86\u89e3\u9700\u8981\u4ed8\u591a\u5c11\u9322\u4f86\u63db\u53d6\u89e3\u5bc6\u3002\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u52a0\u5bc6\u4f7f\u7528\u7684\u91d1\u9470\u5132\u5b58\u5728\u8a0a\u606f\u5167\u800c\u975e\u6a94\u6848\u5167\u3002\u9019\u4ee3\u8868\u907a\u5931\u52d2\u8d16\u901a\u77e5\u53ef\u80fd\u6703\u5c0e\u81f4\u7121\u6cd5\u89e3\u5bc6\u6a94\u6848\u3002<\/p>\n\n\n\n<p>\u9664\u4e86\u5c0d\u52d2\u8d16\u901a\u77e5\u548c\u53cd\u6620\u53d7\u5bb3\u516c\u53f8\u540d\u7a31\u7684\u6a94\u6848\u526f\u6a94\u540d\u6240\u505a\u7684\u66f4\u6539\u5916\uff0cRansom.Win32.BITPAYMER.TGACAJ\u82072018\u5e74\u4e0b\u534a\u5e74\u56de\u5831\u7684\u8b8a\u7a2e\u9593\u6c92\u6709\u5176\u4ed6\u5dee\u7570\u3002<\/p>\n\n\n\n<p><strong><em>\u8207\u4e4b\u524dBitPaymer<\/em><\/strong><strong><em>\u8b8a\u7a2e\u7684\u7a0b\u5f0f\u78bc\u6bd4\u8f03<\/em><\/strong><\/p>\n\n\n\n<p>\u6211\u5011\u7684\u5206\u6790\u986f\u793a\u9019\u500bBitPaymer\u52d2\u7d22\u75c5\u6bd2\u4e26\u4e0d\u662f\u65b0\u7684\u8b8a\u7a2e\uff0c\u53ea\u662f\u5728\u52d2\u8d16\u901a\u77e5\u53ca\u4f7f\u7528\u526f\u6a94\u540d\u65b9\u9762\u9032\u884c\u4fee\u6539\u3002\u6839\u64da\u6211\u5011\u7684\u5206\u6790\uff0c\u6b64\u8b8a\u7a2e\u7684\u7a0b\u5f0f\u78bc\u7d50\u69cb\u8207\u4e4b\u524d\u767c\u73fe\u7684Bitpaymer\u8b8a\u7a2e\u6709\u8a31\u591a\u76f8\u4f3c\u4e4b\u8655\u3002\u5b83\u4f7f\u7528\u76f8\u540c\u7684\u7a0b\u5f0f\u78bc\u4f86\u53d6\u5f97Windows API\uff0c\u4e26\u4e14\u5728\u89e3\u5c01\u7a0b\u5f0f\u78bc\u4f7f\u7528\u76f8\u540c\u7684\u9032\u5165\u9ede\u3002\u4e0b\u5716\u986f\u793a\u4e86\u6bcf\u500b\u8b8a\u7a2e\u5982\u4f55\u89e3\u6790API\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/Figure_3_bitpaymer.jpg\" alt=\"Figure 3. This variant was spotted in January 2018. It appended encrypted files with .locked.\"\/><\/figure>\n\n\n\n<p>\u57163. \u57282018\u5e741\u6708\u767c\u73fe\u7684\u75c5\u6bd2\u3002\u4f7f\u7528.locked\u52a0\u5bc6\u6a94\u6848\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/Figure_4_Bitpaymer.jpg\" alt=\"Figure 4. This variant was spotted in September 2018.It appended encrypted files with .locked. \"\/><\/figure>\n\n\n\n<p>\u57164. \u57282018\u5e749\u6708\u767c\u73fe\u7684\u75c5\u6bd2\u3002\u4f7f\u7528.locked\u52a0\u5bc6\u6a94\u6848\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/Figure_5_BitPaymer.png\" alt=\"This variant was spotted in February 2019. It used the name of the victim company as an extension name for the encrypted files. \"\/><\/figure>\n\n\n\n<p>\u57165. \u57282019\u5e742\u6708\u767c\u73fe\u7684\u75c5\u6bd2\u3002\u4f7f\u7528\u53d7\u5bb3\u516c\u53f8\u540d\u7a31\u4f5c\u70ba\u52a0\u5bc6\u6a94\u6848\u7684\u526f\u6a94\u540d\u3002<\/p>\n\n\n\n<p>\u540c\u6642\uff0c\u4e0b\u9762\u5169\u5f35\u622a\u5716\u986f\u793a\u4e86\u89e3\u5c01\u7a0b\u5f0f\u78bc\u7684\u9032\u5165\u9ede\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/04\/Figure_6_BitPaymer_unpacked_code.jpg\" alt=\"Figure 6. The one on the left is the September 2018 variant while the one on the right is the February 2019 variant. \"\/><\/figure>\n\n\n\n<p>\u57166. \u5de6\u5716\u662f2018\u5e749\u6708\u7684\u75c5\u6bd2\uff0c\u53f3\u5716\u662f2019\u5e742\u6708\u7684\u75c5\u6bd2\u3002<\/p>\n\n\n\n<p><strong><em>BitPaymer<\/em><\/strong><strong><em>\u7684\u57f7\u884c\u5f8c\u679c<\/em><\/strong><\/p>\n\n\n\n<p>\u5728\u7aef\u9ede\u4e0a\u555f\u7528\u884c\u70ba\u76e3\u63a7\u53ca\u5176\u4ed6\u9632\u52d2\u7d22\u75c5\u6bd2\u6280\u8853\u53ef\u4ee5\u5c07\u52d2\u7d22\u75c5\u6bd2\u611f\u67d3\u7684\u5f71\u97ff\u964d\u5230\u6700\u4f4e\u3002\u884c\u70ba\u76e3\u63a7\u53ef\u4ee5\u6aa2\u67e5\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u4f86\u5075\u6e2c\u65b0\u8b8a\u7a2e\u3002\u5c0d\u65bc\u6b64\u6848\u4f8b\uff0c\u53ef\u4ee5\u900f\u904e\u5075\u6e2c\u7d44\u4ef6\u529f\u80fd\u4f86\u5c01\u9396\u60e1\u610f\u7684\u6a94\u6848\u52a0\u5bc6\u6216\u4fee\u6539\u3002\u884c\u70ba\u76e3\u63a7\u6280\u8853\u4e5f\u6703\u5c01\u9396Empire\u5f8c\u9580\u7a0b\u5f0f\u57f7\u884c\u3002<\/p>\n\n\n\n<p>\u4f46\u662f\u6703\u8b93\u52d2\u7d22\u75c5\u6bd2\u57f7\u884c\u7684\u5b89\u5168\u6f0f\u6d1e\u4ecd\u7136\u53ef\u80fd\u5b58\u5728\u3002\u672a\u5075\u6e2c\u5230\u7684\u5c0d\u8c61\u6216\u7d44\u4ef6\u4e5f\u53ef\u80fd\u4ecd\u5728IT\u74b0\u5883\u5167\u904b\u884c\u3002\u5728\u9019\u6a23\u7684\u60c5\u6cc1\u4e0b\uff0c\u61c9\u8a72\u8981\u63a1\u53d6\u5c0d\u7b56\uff08\u5305\u62ec\u66f4\u65b0\u6240\u6709\u5e33\u865f\u4e26\u9075\u5faa<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/best-practices-securing-sysadmin-tools\">\u9632\u6b62\u6feb\u7528\u7cfb\u7d71\u7ba1\u7406\u54e1\u5de5\u5177\uff08\u5982PsExec\uff09\u7684\u6700\u4f73\u5be6\u4f5c<\/a>\u7b49\uff09\u4f86\u907f\u514d\u5c07\u4f86\u518d\u56e0\u540c\u6a23\u539f\u56e0\u800c\u88ab\u5165\u4fb5\u3002<\/p>\n\n\n\n<p><strong><em>\u8a17\u7ba1\u5f0f\u5075\u6e2c\u53ca\u56de\u61c9\u670d\u52d9\u5728\u9019\u4e9b\u6848\u4f8b\u4e2d\u7684\u4f5c\u7528<\/em><\/strong><\/p>\n\n\n\n<p>\u6211\u5011\u5728\u672c\u6587\u4e2d\u6240\u63a2\u8a0e\u7684\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u4ee5\u53ca\u653b\u64ca\u7f8e\u570b\u98f2\u6599\u516c\u53f8\u548c\u5fb7\u570b\u88fd\u9020\u5546\u7684\u52d2\u7d22\u75c5\u6bd2\u90fd\u53ef\u4ee5\u770b\u51fa\u653b\u64ca\u8005\u8d8a\u4f86\u8d8a\u50be\u5411\u65bc\u63a1\u7528\u66f4\u5177\u91dd\u5c0d\u6027\u7684\u4f5c\u6cd5\uff0c\u9019\u9700\u8981\u5fa9\u96dc\u7684\u7b56\u7565\u624d\u80fd\u653b\u64ca\u6210\u529f\u3002\u6709\u6548\u76e3\u7763IT\u74b0\u5883\u662f\u963b\u6b62\u653b\u64ca\u8005\u9032\u5165\u7684\u95dc\u9375\u3002<\/p>\n\n\n\n<p>\u7531\u65bc\u57281\u670829\u65e5\u5075\u6e2c\u5230\u5165\u4fb5\u7684\u7b2c\u4e00\u500b\u75c7\u72c0\uff0c\u56e0\u6b64\u57282\u670818\u65e5\u53ef\u4ee5\u63a1\u53d6\u63aa\u65bd\u4f86\u9632\u6b62\u52d2\u7d22\u75c5\u6bd2\u64f4\u6563\u3002\u5165\u4fb5\u5075\u6e2c\u7cfb\u7d71\u53ef\u4ee5\u63d0\u4f9b\u7db2\u8def\u5167\u90e8\u60e1\u610f\u6d3b\u52d5\u7684\u80fd\u898b\u5ea6\uff0c\u5f9e\u800c\u8b93\u4f01\u696d\u6709\u6a5f\u6703\u66f4\u5feb\u5730\u63a1\u53d6\u63aa\u65bd\u3002\u4ee5\u7f8e\u570b\u88fd\u9020\u5546\u7684\u6848\u4f8b\u800c\u8a00\uff0c\u80fd\u5920\u66f4\u65b0\u88ab\u5165\u4fb5\u7684\u5e33\u865f\uff0c\u4e26\u4e14\u6e05\u7406\u53d7\u611f\u67d3\u96fb\u8166\u4f86\u963b\u6b62\u52d2\u7d22\u75c5\u6bd2\u6563\u64ad\u3002<\/p>\n\n\n\n<p>\u63a1\u7528<a href=\"https:\/\/www.trendmicro.com\/zh_tw\/business\/products\/user-protection\/sps\/endpoint\/managed-detection-response.html\">\u8a17\u7ba1\u5f0f\u5075\u6e2c\u53ca\u56de\u61c9(<em>Managed Detection and Response<\/em>\uff0c\u7c21\u7a31MDR)&nbsp;<\/a>\u5b89\u5168\u670d\u52d9\u4e5f\u80fd\u5920\u9632\u6b62\u52d2\u7d22\u75c5\u6bd2\u611f\u67d3\u3002MDR\u670d\u52d9\u6703\u5728\u9700\u8981\u6642\u63d0\u4f9b\u5c08\u8077\u7684\u5a01\u8105\u5206\u6790\u5e2b\u3001\u4e8b\u4ef6\u8abf\u67e5\u54e1\u548c\u56de\u61c9\u5c08\u5bb6\uff0c\u80fd\u5920\u5728\u5a01\u8105\u4fb5\u5bb3\u7d44\u7e54\u7684IT\u7cfb\u7d71\u524d\u5148\u52a0\u4ee5\u767c\u73fe\u3002<\/p>\n\n\n\n<p>\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/www.trendmicro.com\/zh_tw\/business\/products\/user-protection\/sps\/endpoint\/managed-detection-response.html\">MDR\u670d\u52d9<\/a>\u63d0\u4f9b\u80fd\u5920\u5206\u6790\u65e5\u8a8c\u4ee5\u8b58\u5225\u53d7\u611f\u67d3\u96fb\u8166\uff08\u5982\u88ab\u5b89\u88ddBitPaymer\u52d2\u7d22\u75c5\u6bd2\u7684\u96fb\u8166\uff09\u7684\u8cc7\u5b89\u5c08\u5bb6\u3002\u6211\u5011\u7684MDR\u5c08\u5bb6\u9084\u80fd\u5920\u8b58\u5225\u51fa\u9019\u6a23\u52d2\u7d22\u75c5\u6bd2\u4e8b\u4ef6\u88ab\u5165\u4fb5\u7684\u5e33\u865f\uff0c\u540c\u6642\u63d0\u4f9b\u75c5\u6bd2\u78bc\u66f4\u65b0\u8b93\u4f01\u696d\u80fd\u5920\u9632\u6b62\u9032\u4e00\u6b65\u7684\u653b\u64ca\u3002<\/p>\n\n\n\n<p>\u6b64\u5916\uff0c\u6211\u5011\u7684MDR\u5c08\u5bb6\u9084\u7cbe\u901a\u80fd\u63d0\u4f9b\u6709\u610f\u7fa9\u5b89\u5168\u901a\u77e5\u7684\u5148\u9032\u5b89\u5168\u7522\u54c1\u3002\u5982\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">\u8da8\u52e2\u79d1\u6280Deep Security<\/a>\uff0c\u53ef\u4ee5\u8b58\u5225\u88ab\u5165\u4fb5\u7684\u7cfb\u7d71\u4e26\u5c07\u5176\u95dc\u9589\u4f86\u5c01\u9396\u653b\u64ca\u8005\u7684\u5167\u90e8\u5b58\u53d6\u3002\u4f01\u696d\u9084\u53ef\u4ee5\u5229\u7528<a href=\"https:\/\/www.trendmicro.com\/zh_tw\/business\/products\/network\/advanced-threat-protection.html\">\u8da8\u52e2\u79d1\u6280\u7684Deep Discovery Inspector<\/a>\u4f86\u6355\u6349\u5b8c\u6574\u7684\u7db2\u8def\u6d3b\u52d5\uff0c\u8b93\u4e8b\u4ef6\u8abf\u67e5\u54e1\u66f4\u5bb9\u6613\u5728\u653b\u64ca\u671f\u9593\u53ca\u4e4b\u5f8c\u627e\u51fa\u7dda\u7d22\u3002\u5982\u679c\u53ef\u4ee5\u65e9\u671f\u5075\u6e2c\u5165\u4fb5\u8de1\u8c61\uff0c\u4f01\u696d\u5c31\u6709\u6a5f\u6703\u63a1\u53d6\u63aa\u65bd\u4f86\u9632\u6b62\u5a01\u8105\u8513\u5ef6\u3002\u540c\u6642\uff0c\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/t.rend.tw\/?i=NzU4OQ\">Apex One<\/a>\u63d0\u4f9b\u9032\u968e\u7684\u81ea\u52d5\u5316\u5a01\u8105\u5075\u6e2c\u53ca\u91dd\u5c0d\u5404\u985e\u5a01\u8105\uff08\u5305\u62ec\u7121\u6a94\u6848\u653b\u64ca\u548c\u52d2\u7d22\u75c5\u6bd2\uff09\u7684\u56de\u61c9\u80fd\u529b\u3002Apex One\u8de8\u4e16\u4ee3\u6df7\u5408\u7684\u5148\u9032\u6280\u8853\u63d0\u4f9b\u9ad8\u5ea6\u5f37\u5316\u7684\u7aef\u9ede\u9632\u8b77\uff0c\u80fd\u5920\u8b93\u6548\u80fd\u90fd\u63d0\u5347\u5230\u6700\u9ad8\u3002<\/p>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/account-with-admin-privileges-abused-to-install-bitpaymer-ransomware-via-psexec\/\">Account\nWith Admin Privileges Abused to Install BitPaymer Ransomware via PsExec<\/a> \u4f5c\u8005\uff1aGilbert Sison\u548cRyan Maglaque<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u52d2\u7d22\u75c5\u6bd2\u53ef\u80fd\u57282018\u5e74\u5448\u73fe\u4e0b\u964d\u7684\u8da8\u52e2\uff0c\u4f46\u5b83\u4f3c\u4e4e\u53c8\u56de\u4f86\u4e86 \u2013 \u53ea\u662f\u9019\u6b21\u7684\u653b\u64ca\u770b\u8d77 \u4f86\u66f4\u5177\u6709\u91dd\u5c0d\u6027\u3002\u4e4b\u524d\u5c31\u51fa\u73fe\u4e86 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[12,1268,2266],"tags":[2344,2559],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/60633"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=60633"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/60633\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=60633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=60633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=60633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}