{"id":60802,"date":"2019-06-05T09:00:33","date_gmt":"2019-06-05T01:00:33","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=60802"},"modified":"2019-06-04T17:07:47","modified_gmt":"2019-06-04T09:07:47","slug":"gandcrab-%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92%e9%8e%96%e5%ae%9a%e6%94%bb%e6%93%8a-mysql-%e8%b3%87%e6%96%99%e5%ba%ab","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=60802","title":{"rendered":"GandCrab \u52d2\u7d22\u75c5\u6bd2\u9396\u5b9a\u653b\u64ca MySQL \u8cc7\u6599\u5eab"},"content":{"rendered":"\n

\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1\u767c\u73fe<\/a>\u6709\u5927\u91cf\u7a81\u767c\u7684\u653b\u64ca\u4e8b\u4ef6\uff0c\u9396\u5b9a\u57f7\u884c MySQL \u8cc7\u6599\u5eab\u7684 Windows \u4f3a\u670d\u5668\uff0c\u900f\u904e GandCrab \u52d2\u7d22\u75c5\u6bd2 Ransomware<\/a> (\u52d2\u7d22\u8edf\u9ad4\/\u7d81\u67b6\u75c5\u6bd2)\u9032\u884c\u611f\u67d3 (\u7531\u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u70ba Ransom.Win32.GANDCRAB.SMILC)\u3002\u9019\u985e\u653b\u64ca\u6700\u521d\u662f\u5728\u53bb\u5e74 5 \u6708 19 \u65e5\u900f\u904e\u8a98\u6355\u7cfb\u7d71 (honeypot) \u767c\u73fe\uff0c\u6703\u6383\u63cf\u7db2\u969b\u7db2\u8def\u5c0d\u5411 (internet-facing) \u7684 MySQL \u8cc7\u6599\u5eab\uff0c\u4e26\u78ba\u8a8d\u8cc7\u6599\u5eab\u662f\u5426\u904b\u884c\u65bc Windows \u4f5c\u696d\u7cfb\u7d71\uff0c\u7136\u5f8c\u57f7\u884c\u60e1\u610f\u7684 SQL \u6307\u4ee4\u4e0a\u50b3\u6a94\u6848\uff0c\u64f7\u53d6\u4e26\u5354\u52a9\u57f7\u884c\u52d2\u7d22\u75c5\u6bd2\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u767c\u73fe\u9019\u7a2e\u5165\u4fb5\u624b\u6cd5\u7684\u8cc7\u5b89\u7814\u7a76\u54e1\u767c\u73fe\uff0c\u9019\u7a2e\u6383\u63cf\u6d3b\u52d5\u6703\u641c\u5c0b\u4e0d\u5b89\u5168\u6216\u8a2d\u5b9a\u4e0d\u7576\u7684 MySQL \u8cc7\u6599\u5eab\u6216\u9632\u706b\u7246\uff0c\u4e26\u53ef\u80fd\u653b\u64ca\u4efb\u4f55\u66b4\u9732\u4e86\u9023\u63a5\u57e0 3306 \u7684 MySQL \u4f3a\u670d\u5668\uff0c\u9019\u662f MySQL \u9810\u8a2d\u4f7f\u7528\u7684\u9023\u63a5\u57e0\u3002<\/p>\n\n\n\n

\u8a72\u653b\u64ca\u884c\u52d5\u6d89\u53ca\u7684 GandCrab \u7248\u672c\/\u6a23\u672c\u4e0b\u8f09\u5df2\u7d93\u8d85\u904e 2,300 \u6b21\u3002\u96d6\u7136\u9019\u6a23\u7684\u6b21\u6578\u4e26\u4e0d\u591a\uff0c\u4f46\u653b\u64ca\u4ecd\u9020\u6210\u91cd\u5927\u7684\u8cc7\u5b89\u98a8\u96aa\u3002MySQL \u662f\u76f8\u7576\u666e\u904d\u7684\u8cc7\u6599\u5eab\u6280\u8853\uff0c\u64da\u5831\u5e02\u4f54\u7387\u8d85\u904e 50%<\/a>\u3002<\/p>\n\n\n\n

[\u5ef6\u4f38\u95b1\u8b80\uff1a<\/strong>\u6df1\u5c64\u7db2\u8def\u63d0\u4f9b\u52d2\u7d22\u8edf\u9ad4\u5373\u670d\u52d9?<\/strong><\/a>\u9019\u5c0d\u4f01\u696d\u6709\u4f55\u5f71\u97ff<\/strong><\/a>?]<\/strong><\/p>\n\n\n\n

GandCrab \u672c\u8eab\u4f7f\u7528\u4e0d\u540c\u7684\u653b\u64ca\u5a92\u4ecb\uff0c\u56e0\u70ba\u9019\u9805\u8edf\u9ad4\u6700\u521d\u662f\u4f7f\u7528\nRig<\/a>\n\u53ca GrandSoft<\/a> \u7b49\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u3002GandCrab \u64cd\u4f5c\u8005\u5728\u6a94\u6848\u5206\u4eab\u7db2\u7ad9\u4f7f\u7528\u60e1\u610f\u5ee3\u544a<\/a>\uff0c\u900f\u904e\u65b0\u958b\u767c\u7684\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u50b3\u905e\u52d2\u7d22\u8edf\u9ad4\uff0c\u4f8b\u5982\nFallout<\/a>\u3001JavaScript malware<\/a> \u53ca spam attachments<\/a>\u3002\u900f\u904e\u7a2e\u985e\u5ee3\u6cdb\u7684\u653b\u64ca\u5a92\u4ecb\uff0c\u9019\u7a2e\u52d2\u7d22\u8edf\u9ad4\u5a01\u8105\u9010\u6f38\u7316\u7357 \u2014 GandCrab \u5728 2018\n\u5e74\u662f\u5317\u7f8e\u5730\u5340\u6700\u5e38\u906d\u5230\u5075\u6e2c\u7684\u52d2\u7d22\u75c5\u6bd2\u7cfb\u5217<\/a>\u3002<\/p>\n\n\n\n\n\n\n\n

\u9019\u9805\u6578\u64da\u4e26\u4e0d\u8b93\u4eba\u9a5a\u8a1d\uff0c\u56e0\u70ba GandCrab \u7684\u88fd\u4f5c\u8005\u64da\u50b3<\/a>\u5728\u7db2\u8def\u72af\u7f6a\u5730\u4e0b\u5e02\u5834<\/a>\u515c\u552e\u9019\u6b3e\u52d2\u7d22\u8edf\u9ad4\uff1b\u9019\u8868\u793a\u9664\u4e86\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u53ca\u5783\u573e\u96fb\u5b50\u90f5\u4ef6\u4ee5\u5916\uff0c\u4f7f\u7528 GandCrab \u7684\u7f6a\u72af\u9084\u53ef\u5728\u5176\u4ed6\u5a92\u4ecb\u6563\u4f48\u81ea\u5df1\u7684\u52d2\u7d22\u8edf\u9ad4\u7248\u672c\u3002\u7db2\u8def\u7f6a\u72af\u6700\u8fd1\u9396\u5b9a\u653b\u64ca<\/a>\u7684\u4e3b\u6a5f\uff0c\u90fd\u5b89\u88dd\u4e86\nConfluence \u9019\u6b3e\u6613\u53d7\u653b\u64ca\u7684\u5354\u4f5c\u8edf\u9ad4\u3002<\/p>\n\n\n\n

\u5728 GandCrab \u4e4b\u524d\uff0c\u66fe\u6709\u5176\u4ed6\u52d2\u7d22\u8edf\u9ad4\u9396\u5b9a\u653b\u64ca MySQL \u8cc7\u6599\u5eab\u3002\u50cf\u662f\u60e1\u540d\u662d\u5f70\u7684 Ceber<\/a>\uff0c\u4e5f\u6703\u9396\u5b9a\u8cc7\u6599\u5eab\u7a0b\u5f0f\u4e26\u52a0\u5bc6\u76f8\u95dc\u6a94\u6848\u3002\u6b64\u5916\u9084\u6709\u6240\u8b02\u7684\u7db2\u8def\u52d2\u7d22<\/a>\u6d3b\u52d5<\/a>\uff0c\u9396\u5b9a<\/a>\u5b89\u5168\u4e0d\u5f70\u7684\nMongoDB \u8cc7\u6599\u5eab\uff0c\u9019\u7a2e\u653b\u64ca\u6703\u8b58\u5225\u516c\u958b\u548c\u53ef\u9060\u7aef\u5b58\u53d6\u7684 MongoDB \u8cc7\u6599\u5eab\uff0c\u522a\u9664\u5176\u4e2d\u5167\u5bb9\uff0c\u7136\u5f8c\u5411\u4e3b\u4eba\u52d2\u7d22\u3002<\/p>\n\n\n\n

[\u76f8\u95dc\u65b0\u805e\uff1a<\/strong>MegaCortex \u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u4f01\u696d\u7db2\u8def<\/strong><\/a>]<\/strong><\/p>\n\n\n\n

\u96d6\u7136\u52d2\u7d22\u8edf\u9ad4\u4e26\u4e0d\u5982\u904e\u53bb\u90a3\u9ebc\u6c3e\u6feb\uff0c\u4f46 GandCrab \u7684\u6700\u65b0\u6d3b\u52d5\u986f\u793a\u98a8\u96aa\u6b63\u6301\u7e8c\u5347\u9ad8\u3002LockerGoga<\/a> \u53ca\u7f8e\u570b\u5883\u5167\u7684\u500b\u5225\u8cc7\u5b89\u4e8b\u4ef6<\/a>\u986f\u793a\uff0c\u8d8a\u4f86\u8d8a\u591a\u7684\u52d2\u7d22\u8edf\u9ad4\u9396\u5b9a\u653b\u64ca\u7279\u5b9a\u76ee\u6a19\uff0c\u9020\u6210\u4e86\u56b4\u91cd\u5f97\u591a\u7684\u885d\u64ca\u3002\u7531\u65bc\u52d2\u7d22\u8edf\u9ad4\u53ea\u9700\u900f\u904e\u4e00\u500b\u5177\u6709\u5f31\u9ede\u7684\u9023\u7d50\uff0c\u5c31\u80fd\u611f\u67d3\u4f01\u696d\u7684\u7dda\u4e0a\u57fa\u790e\u67b6\u69cb\uff0c\u56e0\u6b64\u7d44\u7e54\u61c9\u63a1\u7528\u6df1\u5ea6\u9632\u79a6\u5be6\u52d9\u4f5c\u6cd5\uff0c\u4f8b\u5982\u5b9a\u671f\u5099\u4efd\u8cc7\u6599<\/a>\uff1b\u4fdd\u6301\u7cfb\u7d71\u8655\u65bc\u6700\u65b0\u72c0\u614b\u4e26\u5b89\u88dd\u4fee\u88dc\u7a0b\u5f0f<\/a>\uff1b\u7dad\u8b77\u7cfb\u7d71\u7ba1\u7406\u5de5\u5177<\/a>\u7684\u4f7f\u7528\u5b89\u5168\uff1b\u78ba\u4fdd\u8cc7\u6599\u5eab\u59a5\u5584\u8a2d\u5b9a\u3002\u4f8b\u5982 MySQL \u5177\u6709\u591a\u9805\u6e96\u5247<\/a>\u53ca\u5efa\u8b70\u4e8b\u9805<\/a>\uff0c\u8aaa\u660e\u5982\u4f55\u7dad\u8b77\u5176\u5b89\u5168\u3002<\/p>\n\n\n\n

\u8da8\u52e2\u79d1\u6280\u52d2\u7d22\u75c5\u6bd2\u89e3\u6c7a\u65b9\u6848<\/h3>\n\n\n\n

\u4f01\u696d\u80fd\u5f9e\u89e3\u6c7a\u65b9\u6848\u7684\u591a\u5c64\u65b9\u6cd5\u4e2d\u53d7\u60e0\uff0c\u6e1b\u7de9\u52d2\u7d22\u8edf\u9ad4\u6240\u5e36\u4f86\u7684\u98a8\u96aa\u3002\u5728\u7aef\u9ede\u5c64\u7d1a\uff0c \u8da8\u52e2\u79d1\u6280 Smart Protection Suites<\/a> \u63d0\u4f9b\u591a\u9805\u529f\u80fd\uff0c\u4f8b\u5982\u9ad8\u5ea6\u64ec\u771f (high-fidelity) \u6a5f\u5668\u5b78\u7fd2\u3001\u884c\u70ba\u76e3\u63a7\u3001\u61c9\u7528\u7a0b\u5f0f\u63a7\u5236\uff0c\u4ee5\u53ca\u6f0f\u6d1e\u9632\u8b77\u7b49\uff0c\u7686\u53ef\u964d\u4f4e\u52d2\u7d22\u8edf\u9ad4\u7684\u5f71\u97ff\u3002\u8da8\u52e2\u79d1\u6280\u7684Deep Discovery Inspector<\/a>\u53ef\u5075\u6e2c\u53ca\u5c01\u9396\u7db2\u8def\u4e0a\u7684\u52d2\u7d22\u8edf\u9ad4\uff0c\u8da8\u52e2\u79d1\u6280Deep Security<\/a> \u89e3\u6c7a\u65b9\u6848\u53ef\u963b\u6b62\u52d2\u7d22\u8edf\u9ad4\u9032\u5165\u4f01\u696d\u7684\u5be6\u9ad4\u3001\u865b\u64ec\u6216\u96f2\u7aef\u4f3a\u670d\u5668\u3002\u8da8\u52e2\u79d1\u6280Deep Security<\/a>\u3001Vulnerability Protection<\/a> \u6f0f\u6d1e\u9632\u8b77 \u548c TippingPoint \u63d0\u4f9b\u865b\u64ec\u4fee\u88dc\u65b9\u6cd5<\/a>\uff0c\u53ef\u4fdd\u8b77\u7aef\u9ede\u62b5\u6297\u5a01\u8105\uff0c\u907f\u514d\u5c1a\u672a\u4fee\u88dc\u7684\u5f31\u9ede\u906d\u5165\u4fb5\u800c\u50b3\u9001\u52d2\u7d22\u8edf\u9ad4\u3002\u96fb\u5b50\u90f5\u4ef6\u53ca\u7db2\u7ad9\u9598\u9053\u89e3\u6c7a\u65b9\u6848\uff0c\u4f8b\u5982 Deep Discovery Email Inspector <\/a>\u53ca InterScan™ Web Security<\/a>\u00a0 \u53ef\u907f\u514d\u52d2\u7d22\u8edf\u9ad4\u89f8\u53ca\u4e00\u822c\u4f7f\u7528\u8005\u3002<\/p>\n\n\n\n

\u9019\u4e9b\u89e3\u6c7a\u65b9\u6848\u662f\u4ee5\u8da8\u52e2\u79d1\u6280\u7684XGen\u5b89\u5168\u9632\u8b77\u6280\u8853<\/a> \u70ba\u6838\u5fc3\uff0c\u63d0\u4f9b\u8de8\u4e16\u4ee3\u7684\u5a01\u8105\u9632\u79a6\u6280\u8853\u7d44\u5408\uff0c\u5354\u52a9\u7aef\u9ede<\/a>\uff0c\u7db2\u8def<\/a>\uff0c\u4f3a\u670d\u5668<\/a>\u4ee5\u53ca\u9598\u9053<\/a>\u5c0d\u6297\u5404\u7a2e\u5a01\u8105\u3002\u5177\u667a\u6167\u3001\u7d93\u904e\u6700\u4f73\u5316\u4e14\u53ef\u9023\u7db2\u7684 XGen \u4ea6\u5f37\u5316\u8da8\u52e2\u79d1\u6280\u7684\u5b89\u5168\u89e3\u6c7a\u65b9\u6848\u7522\u54c1\uff1a\u6df7\u5408\u96f2\u7aef\u9632\u8b77\u3001\u4f7f\u7528\u8005\u9632\u8b77\u53ca\u7db2\u8def\u9632\u79a6\u3002<\/p>\n\n\n\n

\u25ce\u539f\u6587\u4f86\u6e90: GandCrab\nRansomware Found Targeting MySQL Databases<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u6709\u5927\u91cf\u7a81\u767c\u7684\u653b\u64ca\u4e8b\u4ef6\uff0c\u9396\u5b9a\u57f7\u884c MySQL \u8cc7\u6599\u5eab\u7684 Windows \u4f3a\u670d\u5668\uff0c\u900f\u904e GandC […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[2266,2744,4243],"tags":[4312,870,2559,2973],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/60802"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=60802"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/60802\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=60802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=60802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=60802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}