{"id":61613,"date":"2019-09-30T09:00:23","date_gmt":"2019-09-30T01:00:23","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=61613"},"modified":"2019-10-03T13:52:23","modified_gmt":"2019-10-03T05:52:23","slug":"%e5%a6%82%e4%bd%95%e5%9c%a8twitter%e4%b8%8a%e6%94%b6%e9%9b%86%e5%a8%81%e8%84%85%e6%83%85%e5%a0%b1","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=61613","title":{"rendered":"\u5982\u4f55\u5728Twitter\u4e0a\u6536\u96c6\u8cc7\u5b89\u5a01\u8105\u60c5\u5831,\u4fdd\u8b77\u7d44\u7e54\u5c0d\u6297\u5a01\u8105?"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u8cc7\u5b89\u5c08\u5bb6\u548c\u5b89\u5168\u5718\u968a\u5982\u4f55\u5229\u7528\u793e\u7fa4\u5a92\u9ad4\u6536\u96c6\u53ef\u7528\u4f86\u4fdd\u8b77\u5176\u7d44\u7e54\u7684\u5a01\u8105\u60c5\u5831\uff1f<\/em><\/p><\/blockquote>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"607\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2018\/07\/SocialMediaSecurity3.jpg\" alt=\"\" class=\"wp-image-55981\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2018\/07\/SocialMediaSecurity3.jpg 800w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2018\/07\/SocialMediaSecurity3-300x228.jpg 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2018\/07\/SocialMediaSecurity3-768x583.jpg 768w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2018\/07\/SocialMediaSecurity3-600x455.jpg 600w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2018\/07\/SocialMediaSecurity3-30x23.jpg 30w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>\u672c\u6587\u91cd\u9ede:<\/p>\n\n\n\n<a href=\"#1\"><ul><li> \u4f7f\u7528\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09<\/a>\n <a href=\"#2\"><\/li><li>\u900f\u904eTwitter\u6536\u96c6\u5a01\u8105\u60c5\u5831<\/a>\n<a href=\"#3\"><\/li><li> \u597d\u7684\u4e00\u9762\uff1a\u793e\u7fa4\u5a92\u9ad4\u4f5c\u70ba\u5a01\u8105\u60c5\u5831\u7684\u53ef\u884c\u4f86\u6e90<\/a>\n<a href=\"#4\"> <\/li><li> \u58de\u7684\u4e00\u9762\uff1a\u6feb\u7528\u793e\u7fa4\u5a92\u9ad4\u4f86\u6563\u64ad\u5047\u65b0\u805e<\/a>\n <a href=\"#5\"><\/li><li> \u919c\u964b\u7684\u4e00\u9762\uff1a\u60e1\u610f\u5229\u7528Twitter\u4f86\u9032\u884c\u7db2\u8def\u72af\u7f6a\u548c\u8a50\u9a19<\/a>\n<a href=\"#6\"><\/li><li> \u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09\u6709\u50f9\u503c\u55ce<\/a>\n\n\n\n<a name=\"1\"><\/a><h2><strong>\u4f7f\u7528\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08<\/strong><strong>SOCMINT<\/strong><strong>\uff09<\/strong><strong><\/strong><\/h2>\n\n\n\n<p>\u793e\u7fa4\u5a92\u9ad4\u5e73\u53f0\u53ef\u4ee5\u8b93\u4f7f\u7528\u8005\u548c\u7d44\u7e54\u9032\u884c\u901a\u8a0a\u548c\u5206\u4eab\u8cc7\u8a0a\u3002\u800c\u5c0d\u8cc7\u5b89\u5c08\u5bb6\u4f86\u8aaa\uff0c\u5b83\u53ef\u80fd\u4e0d\u50c5\u50c5\u662f\u500b\u7db2\u8def\u5de5\u5177\u3002\u9084\u662f\u500b\u80fd\u5920\u63d0\u4f9b\u5f9e\u6f0f\u6d1e\u3001\u6f0f\u6d1e\u653b\u64ca\u78bc\u548c\u60e1\u610f\u8edf\u9ad4\u5230\u60e1\u610f\u4efd\u5b50\u53ca\u7570\u5e38\u7db2\u8def\u6d3b\u52d5\u7b49\u6709\u50f9\u503c\u8cc7\u8a0a\u7684\u4f86\u6e90\u3002\u4e8b\u5be6\u4e0a\uff0c\u6709<a href=\"https:\/\/www.forrester.com\/report\/The+Forrester+New+Wave+Digital+Risk+Protection+Q3+2018\/-\/E-RES141152\">44%<\/a>\u7684\u53d7\u8a2a\u7d44\u7e54\u63d0\u5230\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09\u5c0d\u5176\u6578\u4f4d\u98a8\u96aa\u4fdd\u8b77\u89e3\u6c7a\u65b9\u6848\u7684\u91cd\u8981\u6027\u3002<\/p>\n\n\n\n<p>\u6211\u5011\u958b\u767c\u4e86\u7528\u4f86\u6aa2\u67e5 Twitter\u4e0a\u8cc7\u6599\u548c\u6848\u4f8b\u7814\u7a76\u7684\u5de5\u5177\uff0c\u4ee5\u4e86\u89e3\u5982\u4f55\u5229\u7528\u793e\u7fa4\u5a92\u9ad4\u4f86\u6536\u96c6\u53ef\u4f9b\u884c\u52d5\u7684\u5a01\u8105\u60c5\u5831\u3002\u597d\u7684\u4e00\u9762\uff1a\u793e\u7fa4\u5a92\u9ad4\u53ef\u4ee5\u6210\u70ba\u53e6\u4e00\u500b\u8cc7\u8a0a\u4f86\u6e90\uff0c\u53ea\u8981\u7d93\u904e\u9a57\u8b49\u5c31\u53ef\u4ee5\u7528\u4f86\u4fdd\u8b77\u7d44\u7e54\u5c0d\u6297\u5a01\u8105\u3002\u58de\u7684\u4e00\u9762\uff1a\u793e\u7fa4\u5a92\u9ad4\u53ef\u80fd\u88ab\u5229\u7528\u4f86\u7834\u58de\u516c\u773e\u4eba\u7269\u6216\u7d44\u7e54\u7684<a name=\"2\"><\/a>\u8072\u8b7d\u3002<\/p>\n\n\n\n<h2\u900f\u904eTwitter\u6536\u96c6\u5a01\u8105\u60c5\u5831<\/h2>\n\n\n\n<p>\u6211\u5011\u7684\u7814\u7a76\u9084\u63ed\u793a\u4e86\u4e00\u4e9b\u8b66\u544a\u3002\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09\u53ef\u4ee5\u9032\u4e00\u6b65\u70ba\u7814\u7a76\u4eba\u54e1\u63d0\u4f9b\u8108\u7d61\u8cc7\u8a0a\uff0c\u6216\u8b93\u4f01\u696d\u7684\u8cc7\u5b89\u5718\u968a\u6709\u66f4\u591a\u8cc7\u6599\u53ef\u4ee5\u7528\u4f86\u4fdd\u8b77\u7dda\u4e0a\u8cc7\u7522\u3002\u4f46\u9019\u9700\u8981\u8108\u7d61\u8cc7\u8a0a\u3001\u6e96\u78ba\u6027\u548c\u53ef\u9760\u6027\u624d\u80fd\u771f\u6b63\u6709\u7528\u3002\u4f7f\u7528\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09\u7684\u8cc7\u5b89\u5c08\u5bb6\u5fc5\u9808\u5728\u5c07\u8cc7\u6599\u6574\u5408\u9032\u4f01\u696d\u7684\u7db2\u8def\u5b89\u5168\u89e3\u6c7a\u65b9\u6848\u548c\u7b56\u7565\u524d\u5148<a name=\"2\"><\/a>\u52a0\u4ee5\u5be9\u67e5\u3002<\/p>\n\n\n\n<h2><strong>\u900f\u904e<\/strong><strong>Twitter<\/strong><strong>\u6536\u96c6\u5a01\u8105\u60c5\u5831<\/strong><strong><\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u8655\u7406\u793e\u7fa4\u5a92\u9ad4\u8cc7\u6599<\/strong><\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>\u5f9e\u793e\u7fa4\u5a92\u9ad4\u7ba1\u9053\u6536\u96c6\u5a01\u8105\u60c5\u5831\u9700\u8981\u53ef\u88ab\u8655\u7406\u3001\u5206\u6790\u3001\u9a57\u8b49\u548c\u80fd\u5920\u63d0\u4f9b\u8108\u7d61\u7684\u8cc7\u6599\u3002<\/em><\/p><\/blockquote>\n\n\n\n<p>\u6709\u591a\u7a2e\u65b9\u6cd5\u53ef\u4ee5\u53d6\u5f97\u539f\u59cb\u8cc7\u6599\u3002\u6709\u958b\u653e\u539f\u59cb\u78bc\u7684\u60c5\u5831\u5de5\u5177\uff08\u5982<a href=\"https:\/\/github.com\/twintproject\/twint\">TWINT<\/a>\uff09\u80fd\u5920\u6293\u53d6\u8cc7\u6599\uff0c\u6216\u7528\u516c\u958b\u7684Twitter\u4e32\u6d41API\u4f86\u6536\u96c6\u6a23\u672c\u8cc7\u6599\u9032\u884c\u5206\u6790\u3002\u53e6\u4e00\u7a2e\u4f5c\u6cd5\u662f\u5c0d\u73fe\u6709\u8cc7\u6599\u96c6\u9032\u884c\u66f4\u6df1\u5165\u7684\u7814\u7a76\uff0c\u4f8b\u5982\u88ab\u7f8e\u570b\u653f\u6cbb\u6578\u64da\u5206\u6790\u7db2\u7ad9FiveThirtyEight<a href=\"https:\/\/github.com\/fivethirtyeight\/russian-troll-tweets\/\">\u7528\u4f86<\/a>\u5206\u6790\u9178\u6c11\u63a8\u6587\u7684\u8cc7\u6599\u96c6\u3002\u800c\u6211\u5011\u7684\u7814\u7a76\u4f7f\u7528\u4e86Twitter\u516c\u958bAPI\uff0c\u56e0\u70ba\u5b83\u7b26\u5408Twitter\u7684\u670d\u52d9\u689d\u6b3e\u548c\u4f7f\u7528\u653f\u7b56\u3002\u6211\u5011\u9084\u5c07\u672c\u7814\u7a76\u6240\u6709\u5f97\u5230\u7684\u5165\u4fb5\u6307\u6a19\uff08IoC\uff09\u56de\u5831\u7d66Twitter\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>\u6211\u5011\u7684\u7814\u7a76\u78ba\u8a8d\u4e86\u793e\u7fa4\u5a92\u9ad4\u5be6\u9ad4\u9593\u7684\u95dc\u4fc2\uff0c\u4e26\u6aa2\u67e5\u9019\u4e9b\u95dc\u4fc2\u7684\u53ef\u80fd\u7570\u5e38\u3002\u6211\u5011\u6703\u5148\u8655\u7406\u539f\u59cb\u8f38\u5165\u8cc7\u6599\uff0c\u63a5\u8457\u8b58\u5225\u300c\u5c0d\u8c61\u300d\u5c0d\u300c\u4e3b\u9ad4\u300d\u6240\u63a1\u53d6\u7684\u300c\u52d5\u4f5c\u300d\u3002\u793e\u7fa4\u5a92\u9ad4\u5be6\u9ad4\u53ca\u5176\u95dc\u4fc2\u5851\u9020\u51fa\u6211\u5011\u7684\u793e\u7fa4\u7db2\u8def\u5716\u3002\u52d5\u4f5c\u3001\u5c0d\u8c61\u548c\u4e3b\u9ad4\u5f62\u6210\u4e86\u5716\u5f62\u7bc0\u9ede\u548c\u908a\u754c\u3002\u6211\u5011\u4e5f\u5c07\u4e3b\u8981\u793e\u7fa4\u7db2\u8def\u4e92\u52d5\u8f49\u5316\u70ba\u52d5\u4f5c\uff1a\u300c\u95dc\u6ce8\u8005\u300d\u3001\u300c\u95dc\u6ce8\u300d\u3001\u300c\u5f15\u7528\u300d\u548c\u300c\u8f49\u767c\u300d\u3002<\/p>\n\n\n\n<p>\u6211\u5011\u5728\u7814\u7a76<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/fake-news-cyber-propaganda-the-abuse-of-social-media\">\u5047\u65b0\u805e\u548c\u7db2\u8def\u5ba3\u50b3\u6230<\/a>\u6642\u6240\u63a2\u7d22\u7684\u5927\u5e2b\u8ffd\u96a8\u8005\uff08guru-follower\uff09\u6a21\u5f0f\u5c31\u662f\u9019\u7a2e\u95dc\u4fc2\u7db2\u8def\u7684\u4e00\u500b\u4f8b\u5b50\u3002\u7576\u4f7f\u7528\u793e\u7fa4\u5a92\u9ad4\u6a5f\u5668\u4eba\u4f86\u5ba3\u50b3\u5167\u5bb9\u6642\uff0c\u5c31\u53ef\u4ee5\u770b\u5230\u5927\u5e2b\u8ffd\u96a8\u8005\uff08guru-follower\uff09\u7684\u884c\u70ba\u3002\u9019\u7a2e\u53ef\u91cd\u8907\u3001\u53ef\u9810\u6e2c\u548c\u53ef\u7a0b\u5f0f\u5316\u7684\u884c\u70ba\u88ab\u7528\u4f86\u653e\u5927\u5927\u5e2b\u5e33\u865f\u6240\u767c\u5e03\u7684\u8a0a\u606f\uff0c\u589e\u52a0\u4e00\u822c\u793e\u7fa4\u5a92\u9ad4\u4f7f\u7528\u8005\u63a5\u89f8\u5230\u9019\u4e9b\u8a0a\u606f\u7684\u6a5f\u6703\u3002<\/p>\n\n\n\n<p>\u7531\u65bc\u8cc7\u6599\u91cf\u592a\u5927\uff0c\u56e0\u6b64\u6211\u5011\u53ea\u5206\u6790\u7247\u6bb5\u7684\u8cc7\u6599\u96c6\uff0c\u61c9\u7528\u4e3b\u984c\u7279\u5fb5\u8ddf\u9078\u64c7\u6027\u63d0\u53d6\u7b26\u5408\u7279\u5b9a\u4e3b\u984c\u7684\u5167\u5bb9\u3002\u7136\u5f8c\u5c07\u9019\u4e9b\u8cc7\u6599\u96c6\uff08\u6211\u5011\u7a31\u70ba\u4e3b\u984c\u7247\u6bb5\uff09\u8f49\u63db\u70ba\u4ee3\u8868\u7247\u6bb5\u5167Twitter\u5e33\u865f\u9593\u4e92\u52d5\u7684\u5716\u5f62\u3002<\/p>\n\n\n\n<p>\u57161\u986f\u793a\u4e86\u9019\u4e9b\u95dc\u4fc2\u3002\u589e\u52a0\u6642\u9593\u7bc4\u570d\u4e26\u5206\u6790\u66f4\u5927\u91cf\u8cc7\u6599\u5f8c\u53ef\u4ee5\u986f\u793a\u66f4\u5ee3\u5927\u7684\u8996\u5716\uff0c\u63ed\u793a\u76f8\u95dc\u5e33\u865f\u7684\u7fa4\u96c6\u4ee5\u53ca\u8cc7\u8a0a\u5982\u4f55\u5728\u9019\u4e9b\u7fa4\u96c6\u9593\u50b3\u64ad\u7684\u75d5\u8de1\u3002\u9084\u53ef\u4ee5\u8b58\u5225\u51fa\u55ae\u7368\u884c\u52d5\u7684\u5e33\u865f\uff0c\u8207\u5176\u4ed6\u7fa4\u7d44\u4e92\u52d5\u7dca\u5bc6\u7684\u5e33\u865f\uff0c\u751a\u81f3\u662f\u793e\u7fa4\u5a92\u9ad4\u6a5f\u5668\u4eba\u3002\u6211\u5011\u5728\u4e0d\u540c\u793e\u7fa4\u88e1\u89c0\u5bdf\u5230Twitter\u7684\u4e0d\u540c\u7528\u4f8b\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-01.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-01.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-01.jpg\"><\/a><\/p>\n\n\n\n<p>\u57161. \u4e3b\u984c\u7247\u6bb5\u7684\u7bc4\u4f8b\uff1a\u5716\u8868\u6240\u7528\u7684\u8cc7\u6599\u662f\u7279\u5b9a\u6642\u9593\u5340\u6bb5\u5167\u5728Twitter\u4e0a\u8207\u300cAnonymous\u300d\u76f8\u95dc\u7684\u6d3b\u52d5\u3002<\/p>\n\n\n\n<p>\u57161\u986f\u793a\u7684Twitter\u5e33\u865f\u95dc\u4fc2\u4f3c\u4e4e\u53ef\u4ee5\u548c\u591a\u500b<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/web-defacements-exploring-the-methods-of-hacktivists\">\u99ed\u5ba2\u4e3b\u7fa9\u7fa4\u7d44<\/a>\u95dc\u806f\u8d77\u4f86\uff08\u6839\u64da\u50cf\u4e3b\u984c\u6a19\u7c64\u7b49\u6307\u6a19\uff09\u3002Hacktivism\uff08\u99ed\u5ba2\u4e3b\u7fa9\uff09\u4e3b\u984c\u6a19\u7c64\u88ab\u4f5c\u70ba\u521d\u59cb\u904e\u6ffe\u5668\u7528\u4f86\u6536\u96c6\u8f38\u5165\u8cc7\u6599\u3002\u9019\u6703\u8b93\u793e\u7fa4\u6d3b\u52d5\u7fa4\u96c6\u570d\u7e5e\u5e7e\u500b\u5e33\u865f\u5f62\u6210\uff08\u5982GhostSecGroup\u3001TheLizzardSquad\u3001DarkUnity1174\u548cFinestSquad\u7b49\uff09\u3002\u4ed6\u5011\u662f\u5404\u81ea\u7fa4\u96c6\u7684\u9818\u5c0e\u8005\uff0c\u56e0\u70ba\u5927\u591a\u6578\u6d3b\u52d5\u90fd\u96c6\u4e2d\u5728\u9019\u4e9b\u5e33\u865f\u4e0a\u3002\u5176\u4ed6\u4e3b\u8981\u7528\u65bc\u9032\u4e00\u6b65\u5730\u6563\u4f48<a name=\"3\"><\/a>\u8cc7\u8a0a\/\u5167\u5bb9\u3002<\/p>\n\n\n\n<h2><strong>\u597d\u7684\u4e00\u9762\uff1a\u793e\u7fa4\u5a92\u9ad4\u4f5c\u70ba\u5a01\u8105\u60c5\u5831\u7684\u53ef\u884c\u4f86\u6e90<\/strong><strong><\/strong><\/h2>\n\n\n\n<p>Twitter\u4e0d\u50c5\u662f\u5167\u5bb9\u5206\u4eab\u548c\u63a8\u5ee3\u7684\u500b\u4eba\u5e73\u53f0\u3002\u6211\u5011\u4e5f\u770b\u5230\u6a5f\u5668\u4eba\u5206\u4eab\u6700\u65b0\u7684\u5165\u4fb5\u6307\u6a19\uff08IoC\uff09\uff0c\u751a\u81f3\u662f\u5a01\u8105\u5075\u6e2c\u898f\u5247\u3002\u4e8b\u5be6\u4e0a\uff0c\u6709Twitter\u6a5f\u5668\u4eba\u5982\u4f55<a href=\"https:\/\/www.pubnub.com\/blog\/create-an-iot-twitter-bot-in-5-easy-steps\/\">\u7528\u4f86<\/a>\u76e3\u8996<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/internet-of-things\/\">\u7269\u806f\u7db2<\/a>\uff08IoT\uff09\u88dd\u7f6e\u7684\u516c\u958b\u53ef\u7528\u8cc7\u8a0a\u3002\u9084\u6709\u53ef\u4ee5\u5c07\u8cc7\u6599\u8a18\u9304\u5230Twitter\u4e0a\u7684<a href=\"https:\/\/github.com\/cowrie\/cowrie\">\u958b\u653e\u539f\u59cb\u78bc<\/a><a href=\"https:\/\/github.com\/foospidy\/HoneyPy\">\u871c\u7f50\u7cfb\u7d71<\/a>\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-02.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-02.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-02.jpg\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-02-2.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-02-2.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-02-2.jpg\"><\/a><\/p>\n\n\n\n<p>\u57162. Twitter\u871c\u7f50\u7cfb\u7d71\u8a18\u9304\u5668\u7684\u7bc4\u4f8b\uff08\u5de6\u4e0a\uff09\uff1b\u7b26\u5408\u6f0f\u6d1e\u641c\u5c0b\u7684\u95dc\u9375\u5b57\/\u4e3b\u984c\u6a19\u7c64\uff08\u4e0a\u4e2d\uff09;\u201cCVE-\u201d\u548c\u201cGithub\u201d\u76f8\u95dc\u641c\u5c0b\u7684\u7d50\u679c\uff08\u53f3\u4e0a\uff09\u5c07\u8cc7\u6599\u8996\u89ba\u5316\u6210\u55ae\u5b57\u96f2\uff0c\u986f\u793aCVE\u76f8\u95dc\u95dc\u9375\u5b57\u7684\u5206\u4f48\uff08\u4e0b\uff09<\/p>\n\n\n\n<p><em>\u50cfTwitter<\/em><em>\u9019\u6a23\u7684\u793e\u7fa4\u5a92\u9ad4\u7ba1\u9053\u53ef\u4f5c\u70ba\u7372\u53d6\u5a01\u8105\u60c5\u5831\u7684\u66ff\u4ee3\u5e73\u53f0\u3002\u4f46\u8cc7\u8a0a\u9700\u8981\u8108\u7d61\u624d\u53ef\u7528\u65bc\u884c\u52d5\u3002<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u6f0f\u6d1e\u76e3\u63a7<\/strong><\/h3>\n\n\n\n<p>\u8cc7\u8a0a\u5728Twitter\u7b49\u793e\u7fa4\u5a92\u9ad4\u7ba1\u9053\u4e0a\u6563\u64ad\u7684\u901f\u5ea6\u8b93\u5176\u6210\u70ba\u76e3\u63a7\u5df2\u77e5\uff08N-Day\uff09\u6f0f\u6d1e\u662f\u5426\u6b63\u5728\u767c\u751f\u7684\u53ef\u884c\u66ff\u4ee3\u5e73\u53f0\u3002\u9019\u4e9b\u8cc7\u8a0a\u53ef\u4ee5\u8c50\u5bcc\u7d44\u7e54\u7684<a href=\"https:\/\/blog.trendmicro.com\/continuous-monitoring-for-situational-awareness\/\">\u614b\u52e2\u611f\u77e5<\/a> \u2013 \u4e86\u89e3\u5132\u5b58\u548c\u8655\u7406\u95dc\u9375\u8cc7\u7522\u548c\u654f\u611f\u8cc7\u6599\u7684\u8b8a\u52d5\u74b0\u5883\u3002\u8cc7\u5b89\u5718\u968a\u63a5\u8457\u53ef\u4ee5\u7528\u6b64\u80fd\u898b\u5ea6\u4f86\u8a55\u4f30\u548c\u78ba\u8a8d\u5176\u7dda\u4e0a\u8cc7\u7522\u662f\u5426\u5b58\u5728\u6f0f\u6d1e\u6216\u66b4\u9732\u5728\u7db2\u8def\u4e0a\u3002<\/p>\n\n\n\n<p>\u70ba\u4e86\u5c55\u793a\u5982\u4f55\u5c07\u793e\u7fa4\u5a92\u9ad4\u7528\u65bc\u5a01\u8105\u76e3\u63a7\uff0c\u6211\u5011\u641c\u5c0b\u4e86\u7279\u5b9a\u95dc\u9375\u5b57\u5982\uff1a\u201c0-day\u201d\u3001\u201cCVE-\u201d\u3001\u201cCVE-2018-*\u201d\u3001\u201cCVE-2019-*\u201d\u548c\u201cbugbounty \u201d\u3002\u7d50\u679c\u76f8\u7576\u6709\u610f\u601d\uff0c\u5982\u57162\u6240\u793a\uff0c\u56e0\u70ba\u6211\u5011\u53ef\u4ee5\u5728Twitter\u4e0a\u770b\u5230\u6bcf\u6b21\u63d0\u53ca\u201cCVE\u201d\u76f8\u95dc\u95dc\u9375\u5b57\u7684\u8108\u7d61\u5206\u4f48\u3002\u6211\u5011\u53ef\u4ee5\u7528\u5176\u4ed6CVE\u76f8\u95dc\u7684\u6a19\u7c64\/\u4e3b\u984c\u6a19\u7c64\u4f86\u6df1\u5165\u4e86\u89e3\u9019\u4e9b\u641c\u5c0b\u7d50\u679c\uff0c\u4ee5\u63d0\u4f9b\u66f4\u591a\u95dc\u65bc\u6700\u65b0\u62ab\u9732\u6f0f\u6d1e\u7684\u80cc\u666f\u3001\u7d30\u7bc0\u6216\u8a0e\u8ad6\u3002\u9019\u5c0d\u65bc\u5b89\u5168\u904b\u7dad\uff08SecOps\uff09\u4f86\u8aaa\u7279\u5225\u6709\u7528\uff0c\u56e0\u70ba\u53ef\u4ee5\u7528\u4f86\u78ba\u8a8d\u662f\u5426\u6709\u9019\u4e9b\u6f0f\u6d1e\u7684\u6982\u5ff5\u8b49\u660e\uff08PoC\uff09\u51fa\u73fe\u3002\u4f7f\u7528\u50cf\u201c Github\u201d\u548c\u201cCVE\u201d\u9019\u4e9b\u95dc\u9375\u5b57\u7d44\u5408\u641c\u5c0b\u4e5f\u53ef\u4ee5\u627e\u5230\u5e36\u6709N-Day\u6f0f\u6d1e\u6982\u5ff5\u8b49\u660e\u7a0b\u5f0f\u78bc\u7684GitHub\u5132\u5b58\u5eab\u3002<\/p>\n\n\n\n<p>\u57163\u986f\u793a\u51fa\u6211\u5011\u6240\u5206\u6790\u4e3b\u984c\u7247\u6bb5\u88e1\u8a0e\u8ad6\u4e0d\u540cCVE\u7684\u4f7f\u7528\u8005\u5206\u4f48\u3002\u5716\u4e2d\u4f54\u64da\u66f4\u5927\u584a\u7684CVE\u4ee3\u8868\u88ab\u8a0e\u8ad6\u7684\u66f4\u591a\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-03.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-03.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-03.jpg\"><\/a><\/p>\n\n\n\n<p>\u57163. \u986f\u793a\u53c3\u8207\u8a0e\u8ad6\u7279\u5b9a\u6f0f\u6d1e\u7684Twitter\u5e33\u865f\u95dc\u4fc2\u5716<\/p>\n\n\n\n<p>\u5982\u57164\u6240\u793a\uff0c\u5c07\u641c\u5c0b\u7bc4\u570d\u7e2e\u5c0f\u5230\u56fa\u5b9a\u6578\u91cf\u7684Twitter\u5e33\u865f\u6240\u5f97\u5230\u7684\u793e\u7fa4\u4e92\u52d5\u5716\u8868\u6703\u986f\u793a\u51fa\u6709\u610f\u601d\u7684\u5e33\u865f\u53ca\u95dc\u65bc\u7279\u5b9aCVE\u6700\u6709\u7528\u7684\u5c0d\u8a71\u3002\u4ed4\u7d30\u7814\u7a76\u6b64\u5716\u53ef\u4ee5\u770b\u51faTwitter\u5e33\u865f\u662f\u7db2\u8def\u5b89\u5168\u76f8\u95dc\u65b0\u805e\u7684\u805a\u5408\u5668\u3002<\/p>\n\n\n\n<p>\u57fa\u65bcTwitter\u7684\u5a01\u8105\u7a0b\u5f0f\u76e3\u63a7\u53ef\u4ee5\u95dc\u6ce8\u9019\u4e9b\u5e33\u865f\uff0c\u56e0\u70ba\u5b83\u5011\u63d0\u4f9b\u76f8\u95dc\u7684\u71b1\u9ede\u65b0\u805e\u548c\u8cc7\u8a0a\u3002\u9019\u4e9b\u5e33\u865f\u53ef\u4ee5\u901a\u904e\u5176\u8f49\u63a8\u6216\u95dc\u6ce8\u8005\u7684\u6578\u91cf\u9032\u884c\u9a57\u8b49\uff0c\u4f46\u8acb\u6ce8\u610f\uff0c\u9019\u4e9b\u4e5f\u53ef\u80fd\u662f\u7531\u793e\u7fa4\u5a92\u9ad4\u6a5f\u5668\u4eba\u6240\u88fd\u9020\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-04.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-04.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-04.jpg\"><\/a><\/p>\n\n\n\n<p>\u57164. \u986f\u793aTwitter\u5e33\u865f\u548c\u7279\u5b9a\u6f0f\u6d1e\u6216\u5a01\u8105\u8a0e\u8ad6\u7684\u4e92\u52d5\u5716\uff08\u5de6\uff09\uff0c\u653e\u5927\u986f\u793a\u5145\u7576\u8cc7\u5b89\u65b0\u805e\u805a\u5408\u5668\u7684\u5e33\u865f\uff08\u53f3\uff09\n<\/p>\n\n\n\n<p><strong>\u53ef\u4f9b\u884c\u52d5\u7684\u5a01\u8105\u60c5\u5831<\/strong><\/p>\n\n\n\n<p>\u8981\u8b93\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09\u53ef\u4ee5\u7528\u65bc\u884c\u52d5\uff0c\u5c31\u5fc5\u9808\u5177\u5099\u6e96\u78ba\u6027\u3001\u8108\u7d61\u3001\u6642\u9593\u8ef8\u548c\u751f\u5b58\u6642\u9593\uff08TTL\uff0c\u8cc7\u6599\u5728\u7cfb\u7d71\u6216\u7db2\u8def\u5167\u7684\u751f\u547d\u9031\u671f\uff09\u3002\u4f8b\u5982\uff0c\u95dc\u65bc\u53d7\u76e3\u63a7\u5a01\u8105\u7684\u5165\u4fb5\u6307\u6a19\uff08IoC\uff09\u6216\u5075\u6e2c\u7279\u5fb5\u78bc\uff08\u5e36\u6709\u8108\u7d61\u548c\u6642\u5e8f\uff09\u662f\u53ef\u4f9b\u884c\u52d5\u7684\u5a01\u8105\u60c5\u5831\u3002<\/p>\n\n\n\n<p>\u8108\u7d61\u8cc7\u8a0a\u70ba\u5a01\u8105\u60c5\u5831\u63d0\u4f9b\u6d1e\u5bdf\u529b\u548c\u53ef\u64cd\u4f5c\u6027\u3002\u4e00\u500b\u4f8b\u5b50\u662f\u5165\u4fb5\u6307\u6a19\uff08IoC\uff09\u7684\u751f\u5b58\u6642\u9593\uff08TTL\uff09\uff0c\u5c24\u5176\u662f\u7db2\u8def\u5c64\u6307\u6a19\u3002\u6bd4\u65b9\u8aaa\u653b\u64ca\u8005\u53ef\u80fd\u79df\u7528\u7db2\u8def\u8a17\u7ba1\u670d\u52d9\uff0c\u6240\u4f7f\u7528\u7684IP\u5730\u5740\u4e4b\u5f8c\u53ef\u80fd\u88ab\u5408\u6cd5\u7db2\u8def\u5546\u5e97\/\u5496\u5561\u5e97\u6240\u4f7f\u7528\u3002\u653b\u64ca\u8005\u53ef\u80fd\u640d\u5bb3\u4e86\u5f8c\u8005\u7684\u8cc7\u7522\u3002\u653b\u64ca\u8005\u6240\u7528\u7684\u7db2\u57df\u5728\u4e0d\u4f7f\u7528\u6642\u53ef\u80fd\u6307\u5411\u773e\u6240\u5468\u77e5\u7684IP\u7a7a\u9593\u3002\u53ef\u4ee5\u53ea\u5728\u9700\u8981\u6642\u8a2d\u5b9aDNS\u6307\u5411\u771f\u5be6IP\u5730\u5740\u4ee5\u8eb2\u907f\u5075\u6e2c\u6216\u6df7\u6dc6\u8e2a\u8de1\u3002<\/p>\n\n\n\n<p>\u5728\u61c9\u7528\u5a01\u8105\u60c5\u5831\u6642\u61c9\u8a72\u8981\u8003\u616e\u9019\u4e9b\u56e0\u7d20\uff0c\u96a8\u610f\u4f7f\u7528\u53ef\u80fd\u6703\u7522\u751f\u53cd\u6548\u679c\u3002\u4e8b\u5be6\u4e0a\uff0c\u5728\u67d0\u4e9b<a href=\"https:\/\/blog.threatstop.com\/who-can-you-trust-the-danger-of-false-positives-in-threat-intelligence\/\">\u6848\u4f8b<\/a>\u88e1\uff0c\u5a01\u8105\u60c5\u5831\u81ea\u52d5\u5316\u52a0\u4e0a\u8aa4\u7528\u7db2\u8def\u5b89\u5168\u908a\u754c\u6307\u6a19\u5c0e\u81f4\u5b83\u8207\u7db2\u969b\u7db2\u8def\u5b8c\u5168\u9694\u96e2\u3002<\/p>\n\n\n\n<p><strong>\u5165\u4fb5\u6307\u6a19<\/strong><\/p>\n\n\n\n<p>\u793e\u7fa4\u5a92\u9ad4\u7ba1\u9053\uff08\u5728\u6211\u5011\u7684\u7814\u7a76\u4e2d\u662f\u7528Twitter\uff09\u4e5f\u53ef\u4f5c\u70ba\u53d6\u5f97\u5165\u4fb5\u6307\u6a19\uff08IoC\uff09\u7684\u4f86\u6e90\u3002\u50cf#ThreatHunting\u9019\u6a23\u7684\u4e3b\u984c\u6a19\u7c64\u53ef\u63d0\u4f9b\u95dc\u65bc\u6b63\u5728\u9032\u884c\uff08\u6216\u6700\u8fd1\uff09\u7684\u7db2\u8def\u72af\u7f6a\u6d3b\u52d5\u3001<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/data-breach-101\">\u8cc7\u6599\u5916\u6d29<\/a>\u548c\u7db2\u8def\u653b\u64ca\u7684\u8cc7\u8a0a\u3002\u57165\u986f\u793a\u5982\u4f55\u5ef6\u4f38\u5230\u76e3\u63a7\u5be6\u9ad4\u5a01\u8105\uff08\u5982\u6a5f\u5834\u7b49\u95dc\u9375\u8a2d\u65bd\u7684\u4e8b\u4ef6\uff09\u3002 <\/p>\n\n\n\n<p>\u6bd4\u65b9\u8aaa\uff0c\u7576\u6211\u5011\u60f3\u8981\u8a0e\u8ad6\u6a5f\u5834\u7684\u4e3b\u984c\u7247\u6bb5\u6642\uff0c\u8a31\u591a\u8a0a\u606f\u7d66\u51fa\u4e86\u822a\u73ed\u72c0\u614b\u8cc7\u8a0a\uff08\u5ef6\u9072\u3001\u767b\u8a18\u7d50\u675f\u3001\u6700\u5f8c\u767b\u6a5f\u5ee3\u64ad\u7b49\uff09\u3002\u6709\u610f\u601d\u7684\u662f\uff0c\u5c07\u9078\u64c7\u7684\u95dc\u9375\u5b57\uff08\u5982\u201c\u6a5f\u5834\u201d\u548c\u201c\u822a\u73ed\u201d\uff09\u8207\u201c\u4e8b\u4ef6\u201d\u7d50\u5408\u6703\u7522\u751f\u4e0d\u540c\u7684\u95dc\u9375\u5b57\u548c\u641c\u5c0b\u7d50\u679c\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-05.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-05.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-05.jpg\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-05-2.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-05-2.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-05-2.jpg\"><\/a><\/p>\n\n\n\n<p>\u57165. \u6a5f\u5834\u8a0e\u8ad6\u7684\u6a19\u7c64\/\u55ae\u5b57\u96f2\uff0c\u5c07\u95dc\u9375\u5b57\u201c\u822a\u73ed\u201d\u6216\u201c\u6a5f\u5834\u201d\u7a81\u986f\u4f7f\u7528\uff08\u4e0a\uff09\uff1b\u641c\u5c0b\u4e8b\u4ef6\u76f8\u95dc\u95dc\u9375\u5b57\u6642\u6703\u63d0\u4f9b\u8108\u7d61\u7684\u76f8\u95dc\u5167\u5bb9<\/p>\n\n\n\n<p><strong>\u5a01\u8105\u60c5\u5831\u5171\u4eab<\/strong><\/p>\n\n\n\n<p>\u77e5\u8b58\u5171\u4eab\u9019\u6982\u5ff5\u5728\u8cc7\u8a0a\u5b89\u5168\uff08InfoSec\uff09\u793e\u7fa4\u5167\u6839\u6df1\u8482\u56fa\u3002\u8655\u7406\u4e8b\u4ef6\u56de\u61c9\u7684\u65b0\u6280\u8853\u5728\u5171\u4eab\u6642\u70ba\u9762\u81e8\u985e\u4f3c\u60c5\u6cc1\u7684\u5176\u4ed6\u8cc7\u5b89\u5718\u968a\u7bc0\u7701\u4e86\u6642\u9593\u3002\u9019\u5305\u62ec\u4e86\u5f9eNetFlow\u5206\u6790\u5de5\u5177\u548c\u5b89\u5168\u6027\u555f\u7528JavaScript\uff08JS\uff09\u7a0b\u5f0f\u5eab\u7684\u958b\u653e\u539f\u59cb\u78bc\u5132\u5b58\u5eab\u5230\u7279\u5b9a\u4e8b\u4ef6\u56de\u61c9\u8a08\u5283\u7684\u77e5\u8b58\u5eab\u3002 <\/p>\n\n\n\n<p>\u8a31\u591a\u5b89\u5168\u7814\u7a76\u4eba\u54e1\u9084\u6703\u900f\u904e\u793e\u7fa4\u5a92\u9ad4\u5206\u4eab\u5a01\u8105\u5075\u6e2c\u898f\u5247\uff08\u624b\u52d5\u6216\u81ea\u52d5\uff09\u8b93\u5176\u4ed6\u5206\u6790\u5e2b\u4f7f\u7528\u3002\u50cf\u662fYARA\u898f\u5247\u7b49\u53ef\u88ab\u7528\u65bc\u6a94\u6848\u5206\u6790\u548c\u7aef\u9ede\u4fdd\u8b77\u3002\u9084\u53ef\u4ee5\u70ba\u62b5\u79a6\u5a01\u8105\u591a\u52a0\u4e00\u5c64\u5c0d\u7b56\u3002\u7db2\u8def\u5165\u4fb5\u5075\u6e2c\u7cfb\u7d71\uff08IDS\uff09\u898f\u5247\u4e5f\u53ef\u7528\u65bc\u63d0\u9ad8\u653b\u64ca\u5075\u6e2c\u7387\uff0c\u4f46\u8cc7\u5b89\u5718\u968a\u5fc5\u9808\u5148\u52a0\u4ee5\u9a57\u8b49\u4e26\u5c0f\u5fc3\u6bd2\u5316\u653b\u64ca\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-06.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-06.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-06.jpg\"><\/a><\/p>\n\n\n\n<p>\u57166. \u4f7f\u7528Twitter\u8207InfoSec\u793e\u7fa4\u5206\u4eab\u5de5\u5177\u6216\u6280\u8853\u7684\u7bc4\u4f8b<\/p>\n\n\n\n<p><strong>IoC \u7684\u8108\u7d61\u77e5\u8b58<\/strong><\/p>\n\n\n\n<p>\u60e1\u610f\u6216\u53ef\u7591\u7684\u6a94\u6848\u6703\u5f15\u767c\u5371\u96aa\u4fe1\u865f\uff0c\u5c24\u5176\u662f\u5728\u7279\u5b9a\u74b0\u5883\u4e2d\u5075\u6e2c\u5230\u6642\u3002\u5373\u4f7fIPS\u6216\u7aef\u9ede\u5b89\u5168\u7cfb\u7d71\u963b\u6b62\u4e86\u5a01\u8105\uff0c\u4ecd\u9700\u9032\u4e00\u6b65\u5730\u8a55\u4f30\u6216\u6aa2\u67e5\u3002\u6e96\u78ba\u7684\u8108\u7d61\u8cc7\u8a0a\u5728\u4e8b\u4ef6\u56de\u61c9\u88e1\u5f88\u91cd\u8981\u3002\u9019\u4e9b\u8a55\u4f30\u5728\u5c07\u4f86\u9047\u5230\u985e\u4f3c\u4e8b\u4ef6\u6642\u5f88\u6709\u7528\uff1a<\/p>\n\n\n\n<ul><li>\u653b\u64ca\u8005\u5728\u53d7\u5f71\u97ff\u7db2\u8def\u5167\u5b58\u5728\u591a\u9577\u6642\u9593\uff0c\u662f\u5426\u9032\u884c\u4e86\u6a6b\u5411\u79fb\u52d5<\/li><li>\u6700\u521d\u7684\u5165\u4fb5\u9ede\u548c\u5075\u6e2c\u5230\u653b\u64ca\u6642\u7684\u653b\u64ca\u93c8\u968e\u6bb5<\/li><li>\u653b\u64ca\u5a92\u4ecb\u548c\u6240\u91dd\u5c0d\u7684\u6f0f\u6d1e<\/li><li>\u5c6c\u65bc\u91dd\u5c0d\u6027\u6216\u96a8\u6a5f\u653b\u64ca<\/li><\/ul>\n\n\n\n<p>\u8cc7\u5b89\u5718\u968a\u9084\u5fc5\u9808\u8a55\u4f30\u4efb\u52d9\u7684\u512a\u5148\u9806\u5e8f\uff0c\u9700\u8981\u591a\u5c11\u5de5\u4f5c\u91cf\u548c\u8cc7\u6e90\uff0c\u540c\u6642\u9084\u8981\u6301\u7e8c\u76e3\u63a7\u548c\u5075\u6e2c\u5176\u4ed6\u5a01\u8105\u3002\u57167\u986f\u793a\u793e\u7fa4\u5a92\u9ad4\u9084\u80fd\u5920\u63d0\u4f9b\u7279\u5b9a\u5a01\u8105\u7684\u8108\u7d61\u8cc7\u8a0a\uff0c\u5982\u6f0f\u6d1e\u5982\u4f55\u88ab\u653b\u64ca\u7684\u771f\u5be6\u6848\u4f8b\u3002\u8209\u500b\u4f8b\u5b50\uff1a\u6211\u5011\u770b\u5230\u95dc\u65bc\u5a01\u8105\u5229\u7528Abobe Flash\uff08<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/patch-now-adobe-flash-zero-days-spread-via-spam\">CVE-2018-15982<\/a>\uff09\u6f0f\u6d1e\u7684\u63a8\u6587\uff0c\u53ef\u80fd\u662f\u91dd\u5c0d\u4fc4\u7f85\u65af\u7684\u91ab\u7642\u6a5f\u69cb\u3002<\/p>\n\n\n\n<p>\u9084\u53ef\u4ee5\u81ea\u52d5\u5316\u5c0d\u6f0f\u6d1e\u8108\u7d61\u8cc7\u8a0a\u7684\u8a9e\u7fa9\u5206\u6790\u3002\u6211\u5011\u7684\u5de5\u5177\u9032\u4e00\u6b65\u5206\u6790\u4e86\u5305\u542b\u6f0f\u6d1e\u8a0e\u8ad6\u7684\u4e3b\u984c\u7247\u6bb5\uff08\u6839\u64da\u6bcf\u9031\u7d30\u5206\uff09\u3002\u6700\u7d42\u8996\u89ba\u5316\uff08\u57167\u4e0b\uff09\u5c07\u6b63\u5728\u8a0e\u8ad6\u7684\u6f0f\u6d1e\u8ddf\u4ee3\u8868\u53d7\u5f71\u97ff\u8edf\u9ad4\u548c\u6f0f\u6d1e\u7684\u95dc\u9375\u5b57\u9032\u884c\u6bd4\u5c0d\u3002\u5982\u5c07CVE-2019-3396\u8207\u95dc\u9375\u5b57\u201cconfluence\u201d\u76f8\u7b26\u5408\uff0c\u4e26\u4e14\u8207\u6f0f\u6d1e\u653b\u64ca\u78bc\u88ab\u7de8\u5beb\u9032\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9\u653b\u64ca\uff08DDoS\uff09\u6a5f\u5668\u4eba\u7684\u767c\u73fe\u4e00\u81f4\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07.jpg\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07-2.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07-2.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07-2.jpg\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07-3.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07-3.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-07-3.jpg\"><\/a><\/p>\n\n\n\n<p>\u57167. \u70baCVE-2018-15982\u63d0\u4f9b\u8108\u7d61\u8cc7\u8a0a\u7684\u63a8\u6587\uff08\u4e0a\uff09\uff1b\u8996\u89ba\u5316\u6f0f\u6d1e\u76f8\u95dc\u7684\u95dc\u9375\u5b57\u53ca\u5b83\u5011\u8207\u5176\u4ed6\u95dc\u9375\u5b57\u7684\u6bd4\u5c0d\u65b9\u5f0f\uff08\u4e2d\uff09\uff1b\u53ca\u5982\u4f55\u5229\u7528CVE-2019-3396\u6f0f\u6d1e\u653b\u64ca\u4fc4\u7f85\u65af\u7d9c\u5408\u91ab\u9662\uff08\u4e0b\uff09<\/p>\n\n\n\n<p>\u9032\u4e00\u6b65\u8996\u89ba\u5316CVE-\u3001CVSS-\u548cCVE-2019-3396\u76f8\u95dc\u63a8\u6587\u7684\u5206\u4f48\uff0c\u6211\u5011\u770b\u5230\u50cf\u201c\u611f\u67d3\u201d\u9019\u6a23\u7684\u95dc\u9375\u8a5e\u5728\u4e00\u6bb5\u6642\u9593\u5f8c\u51fa\u73fe\u3002\u9019\u53ef\u4ee5\u70ba\u6f0f\u6d1e\u63d0\u4f9b\u66f4\u591a\u8108\u7d61\u8cc7\u8a0a\uff0c\u56e0\u70ba\u9019\u80fd\u5920\u53ef\u4ee5\u770b\u51fa\u662f\u5426\u88ab\u52a0\u4ee5\u5229\u7528\u3002\u4f46\u5c31\u8ddf\u793e\u7fa4\u5a92\u9ad4\u7684\u4efb\u4f55\u5176\u4ed6\u8cc7\u8a0a\u4e00\u6a23\uff0c\u9019\u9700\u8981\u901a\u904e\u5b8c\u5584\u5730\u6aa2\u67e5\uff0c\u4e26\u5728\u8cc7\u8a0a\u6574\u5408\u9032\u8cc7\u5b89\u5718\u968a\u7684\u5a01\u8105\u8655\u7406\u904e\u7a0b\u524d\u8003\u616e\u8cc7\u8a0a\u4f86\u6e90\u7684\u53ef\u4fe1\u5ea6\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-08.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-08.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-08.jpg\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-08-2.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-08-2.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-08-2.jpg\"><\/a><\/p>\n\n\n\n<p>\u57168. \u8996\u89ba\u5316CVE-2019-3396\u76f8\u95dc\u7684\u5e38\u7528\u95dc\u9375\u5b57\uff0c\u6839\u64da\u8cc7\u8a0a\u4f86\u6e90\u7d30\u5206\uff08\u4e0a\uff09\u53ca\u6f0f\u6d1e\u76f8\u95dc\u7684\u8108\u7d61<a name=\"4\"><\/a>\u8cc7\u8a0a\uff08\u4e0b\uff09<\/p>\n\n\n\n<h2><strong>\u58de\u7684\u4e00\u9762\uff1a\u6feb\u7528\u793e\u7fa4\u5a92\u9ad4\u4f86\u6563\u64ad\u5047\u65b0\u805e<\/strong><\/h2>\n\n\n\n<p>\u6feb\u7528\u793e\u7fa4\u5a92\u9ad4\u6563\u64ad\u5047\u65b0\u805e\u6216\u640d\u5bb3\u516c\u773e\u4eba\u7269\/\u7d44\u7e54\u8072\u8b7d\u4e26\u4e0d\u662f\u500b\u65b0\u805e\u3002\u4e8b\u5be6\u4e0a\uff0c\u5927\u91cf\u6563\u64ad\u932f\u8aa4\u8cc7\u8a0a\u5df2\u7d93\u6210\u70ba\u5730\u4e0b\u6216\u7070\u8272\u5e02\u5834\u6240\u63d0\u4f9b\u7684\u670d\u52d9\u3002\u4f46\u7070\u8272\u5730\u5e36\u7684\u6d3b\u52d5\u66f4\u4ee4\u4eba\u64d4\u6182\uff0c\u56e0\u70ba\u96d6\u7136\u5b83\u5011\u53ef\u7591\u4f46\u4e0d\u80fd\u88ab\u6b78\u985e\u70ba\u60e1\u610f\u3002\u5728\u8a31\u591a\u5730\u65b9\u5b83\u5011\u53ef\u80fd\u4e0d\u53d7\u7ba1\u5236\u6216\u4e0d\u88ab\u5217\u70ba\u975e\u6cd5\u3002\u5b83\u5011\u4e5f\u4e0d\u6703\u516c\u7136\u9055\u53cd\u793e\u7fa4\u7db2\u8def\u7684\u670d\u52d9\u689d\u6b3e\u6216\u653f\u7b56\uff0c\u6240\u4ee5\u9664\u975e\u7d93\u7531\u6cd5\u5f8b\u8981\u6c42\uff0c\u4e0d\u7136\u7121\u6cd5\u88ab\u7981\u6b62\u3002\u8cc7\u8a0a\u5728\u793e\u7fa4\u5a92\u9ad4\u4e0a\u6563\u64ad\u7684\u65b9\u5f0f\u4e5f\u8b93\u9019\u4e9b\u6d3b\u52d5\u96e3\u4ee5\u6e96\u78ba\u5730\u88ab\u6b78\u56e0\u3002<\/p>\n\n\n\n<p>\u70ba\u4e86\u9032\u4e00\u6b65\u9a57\u8b49\u9019\u4e00\u9ede\uff0c\u6211\u5011\u7814\u7a76\u4e86\u6700\u8fd1\u4e00\u6b21\u793e\u7fa4\u5a92\u9ad4\u88ab\u6feb\u7528\u4f86\u64cd\u7e31\u516c\u773e\u8a8d\u77e5\u7684\u4f8b\u5b50\uff0c\u9019\u662f\u95dc\u65bc\u4fc4\u7f85\u65af\u51fa\u53e3\u554f\u984c\u7684\u8a0e\u8ad6\u3002\u8a72\u570b\u6700\u5927\u8089\u985e\u751f\u7522\u5546\u4e4b\u4e00\u5728\u57f7\u884c\u9577\u63a5\u53d7\u4e00\u6b21<a href=\"https:\/\/www.forbes.ru\/biznes\/375489-iz-nichego-isteriku-zakatili-balaboly-viktor-linnik-i-vadim-dymov-o-zaprete-na-vvoz\/\">\u63a1\u8a2a<\/a>\u5f8c\u5f15\u767c\u4e86\u547c\u7c72\u62b5\u5236\u8a72\u516c\u53f8\u7522\u54c1\u7684\u6d3b\u52d5\uff0c\u8b93\u516c\u53f8\u906d\u53d7\u4e86\u56b4\u91cd\u7684\u5f71\u97ff\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-09.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-09.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-09.jpg\"><\/a><\/p>\n\n\n\n<p>\u57169. \u8996\u89ba\u5316Twitter\u4e0a\u62b5\u5236\u516c\u53f8\u7522\u54c1\u7684\u8a0e\u8ad6\u4e92\u52d5\uff1b\u7d05\u9ede\u4ee3\u8868\u7591\u4f3c\u793e\u7fa4\u5a92\u9ad4\u6a5f\u5668\u4eba<\/p>\n\n\n\n<p>\u6211\u5011\u8996\u89ba\u5316\u4e86\u4e09\u5929\u7684\u4e92\u52d5\u8cc7\u6599\uff08\u57169\uff09\uff0c\u770b\u5230\u63a8\u6587\u4e5f\u662f\u7531\u6a5f\u5668\u4eba\u767c\u5e03\uff0c\u6211\u5011\u662f\u7d93\u7531\u5e33\u865f\u540d\u7a31\/\u66b1\u7a31\u7684\u767c\u97f3\u6e2c\u8a66\u3001\u8a3b\u518a\u65e5\u671f\u548c\u767c\u5e16\u983b\u7387\u7b49\u6a19\u6e96\u4f86\u78ba\u8a8d\u3002\u4ed4\u7d30\u7814\u7a76\u9019\u4e9b\u5e33\u865f\u5f8c\u767c\u73fe\uff0c\u9019\u4e9b\u6a5f\u5668\u4eba\u7684\u67d0\u4e9b\u8cbc\u6587\u6bd4\u5176\u4ed6\u66f4\u53d7\u95dc\u6ce8\u3002\u9019\u4e9b\u6a5f\u5668\u4eba\u7684\u95dc\u6ce8\u8005\u63cf\u7e6a\u4e86\u985e\u4f3c\u7684\u756b\u9762\u3002\u96d6\u7136\u6c92\u6709\u51fa\u73fe\u660e\u986f\u9055\u53cdTwitter\u6feb\u7528\u653f\u7b56\u7684\u6d3b\u52d5\uff0c\u4f46\u9019\u4e9b\u5e33\u865f\u5927\u591a\u5c6c\u65bc\u653e\u5927\u8cc7\u8a0a\/\u610f\u898b\u7684\u5de5\u5177\u6216\u670d\u52d9\u7684\u4e00\u90e8\u5206\u3002<\/p>\n\n\n\n<p>\u53e6\u4e00\u500b\u4f8b\u5b50\u662f\u6700\u8fd1\u547c\u7c72\u62b5\u5236\u6d41\u884c\u6b4c\u66f2\u7af6\u8cfd<a href=\"https:\/\/www.washingtonpost.com\/world\/israel-brushes-off-eurovision-boycott-calls-with-a-big-assist-from-madonna\/2019\/05\/16\/cea3cb82-6c24-11e9-bbe7-1c798fb80536_story.html\">Eurovision<\/a>\u7684\u6d3b\u52d5\u3002\u6a5f\u5668\u4eba\u767c\u5e03\u4e86\u8a31\u591a\u63a8\u6587\uff0c\u6709\u6642\u4f34\u96a8\u8457\u653f\u6cbb\u5716\u50cf\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-10-2.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-10-2.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-10-2.jpg\"><\/a><\/p>\n\n\n\n<p>\u571610. Twitter\u5e33\u865f\u8207\u5176\u95dc\u6ce8\u8005\u7684\u4e92\u52d5\uff0c\u81ea\u52d5\u5316\u6307\u6a19\uff08\u5982\u770b\u4f3c\u6a5f\u5668\u7522\u751f\u7684\u540d\u7a31\uff09\u5f37\u70c8\u986f\u793a\u4f7f\u7528\u4e86\u81ea\u52d5\u5316\u793e\u7fa4\u5a92\u9ad4\u7db2\u8def<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-11.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-11.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-11.jpg\"><\/a><\/p>\n\n\n\n<p>\u571611. \u8996\u89ba\u5316Twitter\u4e0a\u95dc\u65bc\u62b5\u5236Eurovision\u7684\u8a0e\u8ad6\u4e92\u52d5\uff0c\u5176\u4e2d\u9084\u6709\u4f3c\u4e4e\u4f7f\u7528\u81ea\u52d5\u5316\u5de5\u5177\u7684<a name=\"5\"><\/a>\u5e33\u865f<\/p>\n\n\n\n<h2><strong>\u919c\u964b\u7684\u4e00\u9762\uff1a\u60e1\u610f\u5229\u7528<\/strong><strong>Twitter<\/strong><strong>\u4f86\u9032\u884c\u7db2\u8def\u72af\u7f6a\u548c\u8a50\u9a19<\/strong><strong><\/strong><\/h2>\n\n\n\n<p><em>\u793e\u7fa4\u5a92\u9ad4\u662f\u4e00\u628a\u96d9\u5203\u528d\uff1a\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u548c\u653b\u64ca\u8005\u53ef\u4ee5\u5c07\u5176\u6feb\u7528\u65bc\u60e1\u610f\u76ee\u7684\u3002<\/em><\/p>\n\n\n\n<p><strong>\u6280\u8853\u652f\u63f4\u8a50\u9a19<\/strong><\/p>\n\n\n\n<p>\u571612\u8996\u89ba\u5316\u4e86\u6280\u8853\u652f\u63f4\u8a50\u9a19\uff0c\u57282019\u5e742\u6708\uff0c\u9019\u4e9b\u8a50\u9a19\u7684Twitter\u6d3b\u52d5\u5728\u4e09\u5929\u5167\u66b4\u589e\u3002\u8a72\u5716\u5305\u62ec\u8a50\u9a19\u6d3b\u52d5\u7528\u5230\u7684Twitter\u5e33\u865f\u4ee5\u53ca\u6240\u5192\u5145\u7684\u7522\u54c1\u6216\u670d\u52d9\u3002\u571613\u9032\u4e00\u6b65\u7e2e\u5c0f\u7bc4\u570d\uff0c\u986f\u793a\u51fa\u9019\u4e9b\u63a8\u6587\u90fd\u6709\u5047\u7684\u806f\u7d61\u865f\u78bc\u548c\u7db2\u7ad9\u3002\u9019\u4e9b\u5047\u8cc7\u8a0a\u4e0d\u662f\u53ea\u51fa\u73fe\u5728Twitter\u4e0a\uff0c\u56e0\u70ba\u6211\u5011\u4e5f\u5728\u5176\u4ed6\u793e\u7fa4\u7db2\u8def\u4e0a\u770b\u904e\uff0c\u5982Facebook\u3001YouTube\u3001Pinterest\u548cTelegram\u3002\u8a50\u9a19\u4efd\u5b50\u4e5f\u8d8a\u4f86\u8d8a\u5e38<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/shifting-strategies-using-social-media-seo-in-tech-support-scams\/\">\u4f7f\u7528<\/a>\u641c\u5c0b\u5f15\u64ce\u6700\u4f73\u5316\uff08SEO\uff09\u6280\u8853\u4f86\u9032\u884c\u8a50\u9a19\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-12.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-12.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-12.jpg\"><\/a><\/p>\n\n\n\n<p>\u571612. \u8996\u89ba\u5316\u57282019\u5e742\u6708\u4e09\u5929\u7bc4\u570d\u5167\u7684\u6280\u8853\u652f\u63f4\u8a50\u9a19\uff0c\u5305\u62ec\u6240\u7528\u7684Twitter\u5e33\u865f\u548c\u5192\u5145\u7684\u7522\u54c1\n<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-13.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-13.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-13.jpg\"><\/a><\/p>\n\n\n\n<p>\u571613. \u653e\u5927\u6703\u8cbc\u51fa\u5047\u806f\u7d61\u96fb\u8a71\u548c\u7db2\u7ad9\u7684\u6280\u8853\u652f\u63f4\u8a50\u9a19\u6d3b\u52d5<\/p>\n\n\n\n<p>\u571614\uff08\u4e0b\uff09\u986f\u793a\u8a50\u9a19\u8005\u5728Twitter\u4e0a\u6240\u767c\u5e03\u96fb\u8a71\u865f\u78bc\u7684\u8a9e\u7fa9\u8108\u7d61\u3002\u5169\u5f35\u5716\u90fd\u986f\u793a\u4e86\u6240\u7528\u95dc\u9375\u5b57\u7684\u5206\u4f48\u7a0b\u5ea6\uff0c\u4ee5\u53ca\u5047\u96fb\u8a71\u865f\u78bc\u548c\u6240\u5192\u5145\u7522\u54c1\u7684\u76f8\u95dcTwitter\u5e33\u865f\u3002<\/p>\n\n\n\n<p>\u8981\u76f4\u63a5\u5c01\u9396\u6280\u8853\u652f\u63f4\u8a50\u9a19\u5f88\u56f0\u96e3\uff0c\u56e0\u70ba\u4ed6\u5011\u4e26\u4e0d\u4f9d\u8cf4\u60e1\u610f\u7a0b\u5f0f\u6216\u99ed\u5ba2\u5de5\u5177\u3002\u53cd\u800c\u662f\u5229\u7528<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/social-engineering\/\">\u793e\u4ea4\u5de5\u7a0b<\/a>\u4f86\u8a98\u9a19\u6beb\u7121\u6212\u5fc3\u7684\u53d7\u5bb3\u8005\u3002\u5e78\u904b\u7684\u662f\uff0cTwitter\u4e3b\u52d5\u5730\u57f7\u884c\u5176\u6253\u64ca\u6feb\u7528\u7684<a href=\"https:\/\/help.twitter.com\/en\/rules-and-policies\/twitter-rules\">\u653f\u7b56<\/a>\u3002\u6211\u5011\u770b\u5230\u7684\u8a31\u591a\u8a50\u9a19\u5e33\u865f\u90fd\u5f88\u5feb\u5c31\u88ab\u522a\u9664\u4e86\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-14.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-14.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-14.jpg\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-14-2.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-14-2.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-14-2.jpg\"><\/a><\/p>\n\n\n\n<p>\u571614. \u5728Twitter\u4e0a\u6280\u8853\u652f\u63f4\u8a50\u9a19\u6240\u7528\u7684\u95dc\u9375\u5b57\uff08\u4e0a\uff09\u548c\u8a9e\u7fa9\u8108\u7d61\uff08\u4e0b\uff09<\/p>\n\n\n\n<p><strong>\u4e2d\u4ecbC&amp;C<\/strong><strong>\u4f3a\u670d\u5668<\/strong><\/p>\n\n\n\n<p>\u6211\u5011\u770b\u5230\u6709\u4e9b\u60e1\u610f\u8edf\u9ad4\u5bb6\u65cf\u6703\u7de8\u78bc\u4f86\u9023\u63a5\u793e\u7fa4\u5a92\u9ad4\uff0c\u5c07\u5176\u4f5c\u70baC&amp;C\u4f3a\u670d\u5668\u7684\u4e2d\u4ecb\u3002\u6bd4\u65b9\u8aaa<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics\/\">Anubis\nAndroid\u9280\u884c\u75c5\u6bd2<\/a>\u6703\u7528Twitter\u548cTelegram\u4f86\u6aa2\u67e5C&amp;C\u4f3a\u670d\u5668\u3002\u9019\u9700\u8981Anubis\u7684\u6bad\u5c4d\u7db2\u8def\u64cd\u4f5c\u8005\u5c07C&amp;C\u8cc7\u8a0a\u50b3\u9001\u7d66\u4e2d\u6bd2\u7684Android\u88dd\u7f6e\u3002 <\/p>\n\n\n\n<p>\u6211\u5011\u5206\u6790\u4e86\u4e00\u500b\u5305\u542b\u7528\u4f86\u6d3e\u9001C&amp;C\u8cc7\u8a0a\u4e4bTwitter\u5e33\u865f\u7684\u4e3b\u984c\u7247\u6bb5\uff0c\u4e26\u4e86\u89e3\u4e86\u88e1\u9762\u5e33\u865f\u7684\u6d3b\u8e8d\u7a0b\u5ea6\u3002\u6211\u5011\u9084\u78ba\u8a8d\u4e86\u8ddf\u7279\u5b9aTwitter\u5e33\u865f\u95dc\u806f\u7684\u5e7e\u500b\u60e1\u610f\u8edf\u9ad4\u6a23\u672c\u3002\u9019\u4e9b\u6a23\u672c\u53ef\u80fd\u662f\u7531\u4fc4\u8a9e\u4f7f\u7528\u8005\u7de8\u5beb\uff0c\u56e0\u70ba\u7a0b\u5f0f\u78bc\u5305\u542b\u4e00\u4e9b\u4fc4\u8a9e\u767c\u97f3\u55ae\u8a5e\uff0c\u5982\u300cperehvat\uff08\u6514\u622a\uff09\u300d\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-15.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-15.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-15.jpg\"><\/a><\/p>\n\n\n\n<p>\u571615. \u4e0d\u540c\u9644\u5c6c\u5e33\u865f\u5728Twitter\u4e0aAnubis\u76f8\u95dc\u6d3b\u52d5\uff08\u57fa\u65bc\u767c\u6587\u6578\u91cf\uff09\u7684\u4e3b\u984c\u7247\u6bb5<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-16.jpg\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-16.jpg\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-16.jpg\"><\/a><\/p>\n\n\n\n<p>\u571616. Anubis\u7528\u4f86\u4f5c\u70ba\u901a\u8a0a\u7ba1\u9053\u7684\u5047Twitter\u5e33\u865f<\/p>\n\n\n\n<p>Anubis\u53ea\u662f\u6feb\u7528\u793e\u7fa4\u5a92\u9ad4\u7684\u773e\u591a\u5a01\u8105\u4e4b\u4e00\u3002Android\u60e1\u610f\u8edf\u9ad4<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users\/\">FakeSpy<\/a>\u4e5f\u6703\u6feb\u7528\u793e\u7fa4\u5a92\u9ad4\u5e73\u53f0\uff08\u5982Qzone\u3001Suhu\u3001\u767e\u5ea6\u3001Kinja\u548cTwitter\uff09\u5728C&amp;C\u901a\u8a0a\u4e0a\u3002\u50cf<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/ELIRKS\">Elirks<\/a>\u9019\u985e<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication\/\">\u7528\u4f86<\/a>\u9032\u884c\u7db2\u8def\u9593\u8adc\u6d3b\u52d5\u7684\u60e1\u610f\u5a01\u8105\u4e5f\u6703\u6feb\u7528\u793e\u7fa4\u5a92\u9ad4\u548c\u5fae\u7db2\u8a8c\u670d\u52d9\u4f86\u53d6\u5f97C&amp;C\u8cc7\u8a0a\u3002Elirk\u7684\u64cd\u4f5c\u8005\u6703\u5229\u7528\u76ee\u6a19\u570b\u5bb6\u7684\u71b1\u9580\u793e\u7fa4\u5a92\u9ad4\u7ba1\u9053\uff0c\u56e0\u70ba\u9019\u6709\u52a9\u65bc\u5438\u5f15\u6ce8\u610f\u529b\u3002\u9084\u6703\u5c07\u5be6\u969b\u7684C&amp;C\u4f3a\u670d\u5668\u96b1\u85cf\u5728\u516c\u5171DNS\u670d\u52d9\uff08\u5982Google\uff09\u80cc\u5f8c\u4f86\u505a\u9032\u4e00\u6b65\u7684\u6df7\u6dc6\u3002<\/p>\n\n\n\n<p><strong>\u7528\u65bc\u60e1\u610f\u8edf\u9ad4\u7684\u5716\u50cf\u96b1\u78bc\/<\/strong><strong>\u8cc7\u6599\u5916\u6d29\u5de5\u5177 <\/strong><\/p>\n\n\n\n<p>\u6211\u5011\u9084\u770b\u5230\u6703\u5229\u7528\u793e\u7fa4\u5a92\u9ad4\u5e73\u53f0\uff08\u5982Twitter\uff09\u4f86\u96b1\u85cf\u53d6\u5f97\u60e1\u610f\u8edf\u9ad4\u7684\u884c\u70ba\u3001\u8a2d\u5b9a\u6216\u653b\u64ca\u8005\u6240\u64c1\u6709\u7db2\u57df\u3002\u4e00\u500b\u4f8b\u5b50\u662f<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/exploit-kit\">\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6<\/a>\u6216<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/targeted-attacks\/\">\u91dd\u5c0d\u6027\u653b\u64ca<\/a>\u6d3b\u52d5\u6240\u6d3e\u9001\u7684\u5a01\u8105\u6703\u4f7f\u7528<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=12510\">\u5716\u50cf\u96b1\u78bc\u8853(Steganography)<\/a>\u8853\uff08\u5c07\u7a0b\u5f0f\u78bc\u6216\u8cc7\u6599\u96b1\u85cf\u5728\u5716\u50cf\u88e1\uff09\u4f86\u53d6\u5f97\u6700\u7d42\u6709\u6548\u8f09\u8377\u3002\u9019\u53ef\u4ee5\u5f9e\u6700\u8fd1\u7684<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=60072\">\u8cc7\u6599\u7aca\u53d6\u75c5\u6bd2<\/a>\u6848\u4f8b\u4e2d\u770b\u5230\uff0c\u8a72\u60e1\u610f\u8edf\u9ad4\u6703\u9023\u5230Twitter\u5e33\u865f\u4e26\u641c\u5c0b\u5167\u5d4c\u5728\u5716\u50cf\u7684HTML\u6a19\u7c64\u3002\u4e0b\u8f09\u4e26\u89e3\u6790\u5716\u50cf\u4ee5\u5f97\u5230\u53ef\u4ee5\u53d6\u5f97C&amp;C\u8a2d\u5b9a\u3001\u87a2\u5e55\u622a\u5716\u548c\u7aca\u53d6\u8cc7\u6599\u7684\u96b1\u85cf\u547d\u4ee4\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-17.png\" alt=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-17.png\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/Threat-Hunting-Twitter-Fig-17.png\"><\/a><\/p>\n\n\n\n<p>\u571617. \u8cc7\u6599\u7aca\u53d6\u75c5\u6bd2\u7528\u4f86\u53d6\u5f97\u6d3b\u52d5\u8cc7\u8a0a\u7684Twitter<a name=\"6\"><\/a>\u5e33\u865f<\/p>\n\n\n\n<h2><strong>\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08<\/strong><strong>SOCMINT<\/strong><strong>\uff09\u6709\u50f9\u503c\u55ce\uff1f<\/strong><strong><\/strong><\/h2><\/a>\n\n\n\n<p><em>SOCMINT<\/em><em>\u53ef\u4ee5\u5c0d\u73fe\u6709\u89e3\u6c7a\u65b9\u6848\u505a\u51fa\u6709\u50f9\u503c\u7684\u88dc\u5f37\uff0c\u4f46\u60f3\u5c07\u5176\u7d0d\u5165\u7db2\u8def\u5b89\u5168\u7b56\u7565\u7684\u7d44\u7e54\u61c9\u5148\u78ba\u8a8d\u5176\u7528\u4f8b\u3002<\/em><\/p>\n\n\n\n<p>\u793e\u7fa4\u5a92\u9ad4\u6539\u8b8a\u4e86\u6211\u5011\u751f\u6d3b\u7684\u8a31\u591a\u65b9\u9762\u3002\u6211\u5011\u7684\u7814\u7a76\u986f\u793a\u5b83\u4e5f\u80fd\u5920\u5728\u72e9\u7375\u5a01\u8105\u4e0a\u767c\u63ee\u91cd\u8981\u4f5c\u7528\u3002\u5927\u91cf\u8cc7\u8a0a\u900f\u904e\u793e\u7fa4\u5a92\u9ad4\u63d0\u4f9b\u548c\u6563\u64ad\u4f7f\u5176\u6210\u70ba\u53d6\u5f97\u6230\u7565\u6027\u3001\u53ef\u4f9b\u884c\u52d5\u6027\u548c\u64cd\u4f5c\u6027\u5a01\u8105\u60c5\u5831\u7684\u53ef\u884c\u5e73\u53f0\u3002\u9019\u6709\u52a9\u65bc\u589e\u5f37\u8cc7\u5b89\u5718\u968a\u9810\u6e2c\u3001\u5148\u767c\u5236\u4eba\u3001\u76e3\u63a7\u548c\u4fee\u5fa9\u5a01\u8105\u7684\u80fd\u529b\uff0c\u540c\u6642\u4e5f\u53ef\u4ee5\u964d\u4f4e\u98a8\u96aa\u3002\u7d44\u7e54\u7684\u516c\u95dc\u548c\u5371\u6a5f\u7ba1\u7406\u5718\u968a\u9084\u53ef\u4ee5\u5229\u7528\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\u4f86\u9032\u4e00\u6b65\u4e86\u89e3\u5b83\u5011\u5982\u4f55\u6563\u4f48\u8cc7\u8a0a\u3002<\/p>\n\n\n\n<p>\u800c\u5728\u53e6\u4e00\u65b9\u9762\uff0c\u793e\u7fa4\u5a92\u9ad4\u53ef\u80fd\u88ab\u7528\u5728\u6563\u64ad\u932f\u8aa4\u8cc7\u8a0a\u7684\u60e1\u610f\u6d3b\u52d5\uff0c\u6216\u662f\u6210\u70ba\u96b1\u85cf\u548c\u57f7\u884c\u7db2\u8def\u72af\u7f6a\/\u60e1\u610f\u6d3b\u52d5\u7684\u4e2d\u4ecb\u5e73\u53f0\u3002<\/p>\n\n\n\n<p>\u5e0c\u671b\u5c07\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09\u7d0d\u5165\u7db2\u8def\u5b89\u5168\u7b56\u7565\u7684\u7d44\u7e54\u61c9\u8a72\u8981\u5148\u78ba\u8a8d\u5176\u7528\u4f8b\u3002\u96d6\u7136\u9019\u7a2e\u60c5\u5831\u5c0d\u8cc7\u5b89\u5c08\u5bb6\u4f86\u8aaa\u662f\u4e00\u500b\u798f\u97f3\uff0c\u4f46\u5176\u50f9\u503c\u53d6\u6c7a\u65bc\u5982\u4f55\u61c9\u7528\u5b83\u4f86\u89e3\u6c7a\u7d44\u7e54\u7684\u98a8\u96aa\u72c0\u6cc1\u3002\u6709\u6548\u7684\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMINT\uff09\u9700\u8981\u597d\u7684\u8cc7\u6599\u4f86\u6e90\u4f86\u76e3\u63a7\u6f5b\u5728\u5a01\u8105\u6216\u7db2\u8def\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u5728\u8b8a\u52d5\u7684\u5a01\u8105\u74b0\u5883\u88e1\uff0c\u8cc7\u5b89\u5718\u968a\u53ef\u80fd\u6703\u767c\u73fe\u81ea\u5df1\u88ab\u5927\u91cf\u8cc7\u6599\u6240\u6df9\u6c92\uff0c\u5f9e\u800c\u5ffd\u7565\u4e86\u9700\u8981\u512a\u5148\u8003\u616e\u7684\u5a01\u8105\u6216\u6f0f\u6d1e\u3002\u4f86\u81ea\u793e\u7fa4\u5a92\u9ad4\u7684\u8cc7\u6599\u4e5f\u61c9\u8a72\u5177\u6709\u751f\u547d\u9031\u671f\uff0c\u5f9e\u8655\u7406\u548c\u5206\u6790\u5230\u8108\u7d61\u61c9\u7528\u548c\u9a57\u8b49\u3002\u9019\u6703\u5c07\u539f\u59cb\u8cc7\u6599\u8f49\u63db\u70ba\u53ef\u4f9b\u884c\u52d5\u7684\u60c5\u5831\uff0c\u6709\u52a9\u65bc\u505a\u51fa\u660e\u667a\u7684\u6c7a\u7b56\n\u2013 \u6aa2\u67e5\u5a01\u8105\u3001\u963b\u6b62\u5165\u4fb5\u3001\u589e\u52a0\u5b89\u5168\u63a7\u5236\u4ee5\u53ca\u6295\u8cc7\u984d\u5916\u7684\u7db2\u8def\u5b89\u5168\u8cc7\u6e90\u3002<\/p>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/hunting-threats-on-twitter\">HUNTING\nTHREATS ON TWITTER<\/a>&nbsp;\n\u4f5c\u8005\uff1aVLADIMIR KROPOTOV\u548cFYODOR YAROCHKIN\uff08\u4ee5\u53caRYAN FLORES\u548cJON OLIVER\u5354\u52a9\u63d0\u4f9b\u984d\u5916\u898b\u89e3\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8cc7\u5b89\u5c08\u5bb6\u548c\u5b89\u5168\u5718\u968a\u5982\u4f55\u5229\u7528\u793e\u7fa4\u5a92\u9ad4\u6536\u96c6\u53ef\u7528\u4f86\u4fdd\u8b77\u5176\u7d44\u7e54\u7684\u5a01\u8105\u60c5\u5831\uff1f \u672c\u6587\u91cd\u9ede: \u4f7f\u7528\u793e\u7fa4\u5a92\u9ad4\u60c5\u5831\uff08SOCMIN [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[6,2744],"tags":[175,1584,83],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/61613"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=61613"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/61613\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=61613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=61613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=61613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}