{"id":62007,"date":"2019-09-13T09:00:34","date_gmt":"2019-09-13T01:00:34","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=62007"},"modified":"2021-03-12T18:08:19","modified_gmt":"2021-03-12T10:08:19","slug":"heatstrok%e7%b6%b2%e8%b7%af%e9%87%a3%e9%ad%9a%e6%94%bb%e6%93%8a%e7%82%ba%e4%bd%95%e9%8e%96%e5%ae%9a%e7%a7%91%e6%8a%80%e7%94%a2%e6%a5%ad%e5%93%a1%e5%b7%a5%e5%85%8d%e8%b2%bb%e4%bf%a1%e7%ae%b1","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=62007","title":{"rendered":"Heatstrok\u7db2\u8def\u91e3\u9b5a\u653b\u64ca,\u70ba\u4f55\u9396\u5b9a\u79d1\u6280\u7522\u696d\u54e1\u5de5\u514d\u8cbb\u4fe1\u7bb1?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Heatstrok\u60e1\u610f\u6d3b\u52d5\u5229\u7528\u591a\u968e\u6bb5\u7db2\u8def\u91e3\u9b5a\u653b\u64ca,\u5c08\u7aca\u53d6PayPal\u548c\u4fe1\u7528\u5361\u8cc7\u8a0a<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2016\/08\/feature_cybercrime-200x200.jpg\" alt=\"\"\/><\/figure><\/div>\n\n\n\n<p>\u96d6\u7136\u7db2\u8def\u91e3\u9b5a\u6d3b\u52d5\u57282019\u5e74\u4e0a\u534a\u5e74\u986f\u5f97\u8f03\u70ba\u5e73\u975c\uff0c\u4f46\u5b83\u4ecd\u662f\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u7684\u4e3b\u8981\u653b\u64ca\u6b66\u5668\u3002\u6700\u65b0\u7684\u4f8b\u5b50\u662fHeatstroke<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=136\">\u7db2\u8def\u91e3\u9b5a(Phishing)<\/a>\u6d3b\u52d5\u3002<\/p>\n\n\n\n<p>Heatstroke\u4f7f\u7528\u4e86<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=12510\">\u5716\u50cf\u96b1\u78bc\u8853(Steganography)<\/a>\u7b49\u8907\u96dc\u7684\u6280\u8853\uff0c\u4e0d\u53ea\u662f\u5192\u7528\u5408\u6cd5\u7db2\u7ad9\u7b49<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/security-technology\/new-phishing-campaign-uses-onenote-audio-to-lure-users-to-fake-microsoft-login-page\">\u591a\u6a23\u5316<\/a>\u7684\u793e\u4ea4\u5de5\u7a0b\u624b\u6cd5\u3002Heatstroke\u64cd\u4f5c\u8005\u9396\u5b9a\u53d7\u5bb3\u8005\u7684\u79c1\u4eba\u90f5\u4ef6\u5730\u5740\uff0c\u5c24\u5176\u662f\u514d\u8cbb\u4fe1\u7bb1,\u5176\u4e2d\u5305\u62ec\u4e86\u79d1\u6280\u7522\u696d\u7684\u4e3b\u7ba1\u548c\u54e1\u5de5\u3002\u7531\u65bc\u514d\u8cbb\u4fe1\u7bb1\u5b89\u5168\u9632\u8b77\u548c\u5783\u573e\u90f5\u4ef6\u904e\u6ffe\u6a5f\u5236\u6bd4\u8f03\u8584\u5f31,\u800c\u4e14\u79c1\u4eba\u90f5\u4ef6\u4e5f\u5e38\u88ab\u7528\u4f86\u9a57\u8b49\u793e\u7fa4\u5a92\u9ad4\u548c\u96fb\u5b50\u5546\u52d9\u7db2\u7ad9\uff0c\u4ee5\u53ca\u4f5c\u70baGmail\u548c\u4f01\u696d\u5e33\u865f\u7684\u5099\u7528\u5e33\u865f\u3002\u7279\u5225\u662fGmail\u5e33\u865f\uff1b\u53d6\u5f97\u6b0a\u9650\u7684\u653b\u64ca\u8005\u4e5f\u53ef\u4ee5\u5b58\u53d6\u53d7\u5bb3\u8005\u7684Google\u96f2\u7aef\u786c\u789f\uff0c\u751a\u81f3\u53ef\u80fd\u6703\u5371\u53ca\u9023\u7d50\u5e33\u865f\u7684Android\u88dd\u7f6e\u3002\u56e0\u6b64\uff0c\u8ddf\u9632\u8b77\u8f03\u9ad8\u7684\u4f01\u696d\u90f5\u4ef6\u5e33\u865f\u6bd4\u8d77\u4f86\uff0c\u9019\u4e9b\u514d\u8cbb\u90f5\u4ef6\u5e33\u865f\u662f\u653b\u64ca\u8005\u5075\u5bdf\u53ca\u6536\u96c6\u76ee\u6a19\u60c5\u5831\u66f4\u597d\u7684\u8d77\u9ede\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Heatstroke\u653b\u64ca\u93c8<\/h2>\n\n\n\n<p>Heatstroke\u64cd\u4f5c\u8005\u4f7f\u7528\u4e0b\u5217\u7b56\u7565\u4f86\u96b1\u85cf\u81ea\u5df1\u7684\u8e2a\u8de1\uff1a<\/p>\n\n\n\n<ul><li><strong><em>\u591a\u968e\u6bb5\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\u3002<\/em><\/strong>\u70ba\u4e86\u907f\u514d\u8d77\u7591\uff0c\u653b\u64ca\u8005\u4e26\u4e0d\u6703\u8457\u6025\u3002\u8ddf\u901a\u5e38\u53ea\u7528\u55ae\u4e00\u7db2\u9801\u9032\u884c\u7684\u91e3\u9b5a\u653b\u64ca\u6bd4\u8d77\u4f86\uff0cHeatstroke\u8a66\u5716\u7528\u591a\u968e\u6bb5\u4f5c\u6cd5\u53bb\u6a21\u4eff\u5408\u6cd5\u7db2\u7ad9\uff0c\u8b93\u76ee\u6a19\u53d7\u5bb3\u8005\u4e0d\u6703\u611f\u53d7\u5230\u4e0d\u59a5\u4e4b\u8655\u3002<\/li><li><strong><em>\u6df7\u6dc6\u8e64\u8de1\u3002<\/em><\/strong>\u91e3\u9b5a\u5957\u4ef6\u5167\u5bb9\u662f\u5f9e\u53e6\u4e00\u500b\u4f4d\u7f6e\u8f49\u767c\uff0c\u4f46\u6703\u88ab\u507d\u88dd\u6210\u4f86\u81ea\u767b\u9304\u9801\u9762\u3002\u767b\u9304\u9801\u9762\u4e5f\u6703\u4e0d\u65b7\u8b8a\u52d5\u4f86\u7e5e\u904e\u5167\u5bb9\u904e\u6ffe\u5668\u3002\u91e3\u9b5a\u5957\u4ef6\u9084\u80fd\u5920\u5c01\u9396IP\u7bc4\u570d\u3001\u722c\u87f2\u670d\u52d9\u751a\u81f3\u662f\u6f0f\u6d1e\u6383\u63cf\u7a0b\u5f0f\u9019\u985e\u5b89\u5168\u5de5\u5177\u3002\u5982\u679c\u5f9e\u653b\u64ca\u8005\u5217\u5165\u9ed1\u540d\u55ae\u7684\u4f4d\u7f6e\u3001\u700f\u89bd\u5668\u3001IP\u5730\u5740\u6216\u570b\u5bb6\/\u5730\u5340\u9032\u884c\u9023\u7dda\uff0c\u5247\u8a72\u7db2\u9801\u4e0d\u6703\u986f\u793a\u5167\u5bb9\uff08\u51fa\u73feHTTP 404\u932f\u8aa4\uff09\uff0c\u6216\u662f\u5167\u5bb9\u6703\u5f9e\u5176\u4ed6\u4f4d\u7f6e\u8f49\u767c\u3002\u91e3\u9b5a\u5957\u4ef6\u7684\u7b2c\u4e00\u500b\u7db2\u9801\u662f\u7531Base64\u7de8\u78bc\u7684PHP\u8173\u672c\u7522\u751f\uff0c\u4f86\u8eb2\u907f\u6216\u7e5e\u904e\u9632\u706b\u7246\u3002<\/li><li><strong><em>\u7db2\u8def\u91e3\u9b5a\u5373\u670d\u52d9\u3002<\/em><\/strong>\u6211\u5011\u770b\u5230\u4e86\u53e6\u4e00\u5718\u968a\u8cfc\u8cb7\u6b64\u5957\u4ef6\u4f86\u9032\u884c\u81ea\u5df1\u7684\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\u3002\u8a72\u5957\u4ef6\u958b\u767c\u8005\u751a\u81f3\u70ba\u6b64\u5718\u968a\u5206\u914d\u5c08\u5c6c\u7684API\u91d1\u9470\u3002\u986f\u793a\u51fa\u9019\u4e9b\u653b\u64ca\u6d3b\u52d5\u5305\u542b\u4e86\u5ba2\u6236\u3001\u64cd\u4f5c\u8005\u548c\u958b\u767c\u8005\u7b49\u89d2\u8272\u3002<\/li><li><strong><em>\u81ea\u6211\u611f\u77e5\u7684\u91e3\u9b5a\u5957\u4ef6\u3002<\/em><\/strong>\u91e3\u9b5a\u9801\u9762\u5167\u5bb9\u6703\u6839\u64da\u4f7f\u7528\u8005\/\u8a2a\u5ba2\u5c6c\u6027\u52d5\u614b\u7522\u751f\u3002\u7db2\u9801\u539f\u59cb\u78bc\u5167\u85cf\u4e86\u4e00\u7bc7\u50cf\u662f\u7ae5\u8a71\u7684\u6545\u4e8b\u3002\u53ef\u80fd\u662f\u958b\u767c\u8005\u60f3\u8868\u660e\u81ea\u5df1\u77e5\u9053\u7814\u7a76\u4eba\u54e1\u6703\u67e5\u770b\u4ed6\u7684\u539f\u59cb\u78bc\u3002<\/li><li><strong><em>\u8a66\u5716\u986f\u5f97\u5408\u6cd5\u3002<\/em><\/strong>\u6703\u6839\u64da\u53d7\u5bb3\u8005\u4f86\u5f9e\u8a72\u570b\u7db2\u57df\u5bc4\u9001\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\u3002\u5728<a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u5206\u6790\u7684\u6848\u4f8b\u88e1\uff0c\u7528\u65bc\u653b\u64ca\u7684\u7db2\u57df\u66fe\u5c6c\u65bc\u5408\u6cd5\u5546\u5bb6\u4f46\u5f8c\u4f86\u88ab\u51fa\u552e\u3002<\/li><\/ul>\n\n\n\n<p>\u88ab\u5077\u7684\u5e33\u5bc6\u6703\u7528<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=12510\">\u5716\u50cf\u96b1\u78bc\u8853(Steganography)<\/a>\uff08\u5c07\u8cc7\u6599\u96b1\u85cf\u6216\u5d4c\u5165\u5230\u5716\u6a94\u88e1\uff09\u9001\u5230\u7279\u5b9a\u7684\u90f5\u4ef6\u5730\u5740\u3002\u6211\u5011\u5728\u7814\u7a76\u904e\u7a0b\u4e2d\u76e3\u6e2c\u5230\u5169\u500b\u76f8\u4f3c\u7684\u91e3\u9b5a\u5957\u4ef6\n\u2013 \u4e00\u500b\u91dd\u5c0dAmazon\u4f7f\u7528\u8005\uff0c\u53e6\u4e00\u500b\u5247\u6703\u7aca\u53d6PayPal\u5e33\u5bc6\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>\u9019\u5169\u500b\u5957\u4ef6\u7684\u7b56\u7565\u548c\u6280\u8853\u90fd\u5f88\u985e\u4f3c\uff0c\u4e0d\u7ba1\u662f\u8a17\u7ba1\u91e3\u9b5a\u5957\u4ef6\u7684\u7db2\u7ad9\uff0c\u6240\u7aca\u53d6\u8cc7\u8a0a\u985e\u578b\u6216\u662f\u6240\u7528\u7684\u63a9\u853d\u6280\u8853\u3002\u9019\u5169\u500b\u5957\u4ef6\u4f3c\u4e4e\u4e5f\u7d50\u675f\u5728\u540c\u4e00\u500b\u4f7f\u7528\u8005\u9a57\u8b49\u968e\u6bb5\u3002\u9019\u4e9b\u76f8\u4f3c\u8655\u53ef\u80fd\u4ee3\u8868\u5b83\u5011\u4f86\u81ea\u76f8\u540c\u7684\u5730\u65b9\u3002\u9019\u4e9b\u5957\u4ef6\u7528\u4f86\u653b\u64ca\u7684\u6642\u9593\u548c\u7bc4\u570d\u9032\u4e00\u6b65\u986f\u793a\u51fa\u5b83\u5011\u7684\u76f8\u4f3c\u6027\uff0c\u56e0\u70ba\u90fd\u88ab\u9001\u7d66\u76f8\u540c\u7684\u53d7\u5bb3\u8005\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/09\/heatstroke-phishing-campaign-1.jpg\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57161. Heatstroke\u7db2\u8def\u91e3\u9b5a\u611f\u67d3\u93c8\uff1b\u8acb\u6ce8\u610f\uff0c\u611f\u67d3\u93c8\u53ef\u80fd\u6703\u4f9d\u4f7f\u7528\u8005\/\u884c\u70ba\u5c6c\u6027\u800c\u8b8a\u52d5<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Heatstroke<\/strong><strong>\u611f\u67d3\u93c8<\/strong><\/h2>\n\n\n\n<p>\u5728\u6b64\u6848\u4f8b\u4e2d\uff0c\u611f\u67d3\u934a\u662f\u52d5\u614b\u7684\uff0c\u6709\u4e9b\u884c\u70ba\u6703\u6839\u64da\u4f7f\u7528\u8005\/\u884c\u70ba\u5c6c\u6027\u800c\u8b8a\u52d5\u3002\u5e95\u4e0b\u662f\u6211\u5011\u5728\u7814\u7a76\u904e\u7a0b\u4e2d\u6240\u89c0\u5bdf\u5230\u7684\u6574\u9ad4\u653b\u64ca\u93c8\uff1a<\/p>\n\n\n\n<ol><li>\u653b\u64ca\u8005\u5bc4\u51fa\u7db2\u8def\u91e3\u9b5a\u90f5\u4ef6\u4f86\u8981\u6c42\u4f7f\u7528\u8005\u9a57\u8b49\u5176\u5e33\u865f\u3002\u96fb\u5b50\u90f5\u4ef6\u662f\u5f9e\u5408\u6cd5\u7db2\u57df\u9001\u51fa\uff0c\u907f\u514d\u88ab\u5783\u573e\u90f5\u4ef6\u904e\u6ffe\u5668\u5c01\u9396\u3002<\/li><li>\u4f7f\u7528\u8005\u88ab\u8981\u6c42\u9ede\u5165\u90f5\u4ef6\u5167\u7684\u6309\u9215\/\u7db2\u5740\u4f86\u9a57\u8b49\u4ed6\u5728PayPal\uff08\u548cAmazon\uff09\u4e0a\u7684\u5e33\u865f\u3002\u6839\u64da\u91e3\u9b5a\u5957\u4ef6\u5167\u7684<em>htaccess<\/em>\u6a94\u6848\u986f\u793a\uff0c\u653b\u64ca\u8005\u4f3c\u4e4e\u8a08\u5283\u5c0deBay\u3001Google\u3001Apple\u3001Firefox\u3001Datasift\u3001Internet.bs\u53ca\u5176\u4ed6\u670d\u52d9\u958b\u767c\u985e\u4f3c\u7684\u91e3\u9b5a\u5957\u4ef6\u3002<\/li><li>\u4f7f\u7528\u8005\u88ab\u5c0e\u5230\u7b2c\u4e00\u968e\u6bb5\u7db2\u7ad9\uff08\u4f9d\u4f7f\u7528\u8005\u800c\u4e0d\u540c\uff09\u3002\u9019\u7db2\u7ad9\u662f\u7528\u4f86\u5c07\u53d7\u5bb3\u8005\u5c0e\u5230\u91e3\u9b5a\u5957\u4ef6\u7db2\u7ad9\uff0c\u597d\u8b93\u653b\u64ca\u8005\u7684\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\u7e5e\u904e\u5167\u5bb9\u904e\u6ffe\u5668\u3002<\/li><li>\u7b2c\u4e00\u968e\u6bb5\u7db2\u7ad9\u6703\u5c07\u4f7f\u7528\u8005\u5c0e\u5230\u7b2c\u4e8c\u968e\u6bb5\u7db2\u7ad9\uff0c\u9019\u662f\u771f\u6b63\u7684\u91e3\u9b5a\u5957\u4ef6\u7db2\u7ad9\u3002\u6b64\u968e\u6bb5\u662f\u70ba\u4e86\u9032\u884c\u9a57\u8b49\u3002\u5b83\u6703\u6aa2\u67e5\u4f7f\u7528\u8005\u662f\u5426\u662f\u6a5f\u5668\u4eba\u3001\u7db2\u8def\u722c\u87f2\u6216Nessus\u4e4b\u985e\u7684\u5b89\u5168\u5de5\u5177\u3002\u9084\u6703\u6aa2\u67e5\u4f7f\u7528\u8005\u662f\u5426\u4f86\u81ea\u67d0\u4e9b\u7db2\u8def\uff08\u5982FBI\u7684\u7db2\u57df\uff09\uff0c\u4ee5\u53ca\u4f7f\u7528\u8005IP\u662f\u5426\u4f86\u81ea\u9ed1\u540d\u55ae\u5167\u7684IP\u7bc4\u570d\u3002<\/li><li>\u5b8c\u6210\u6240\u6709\u7684\u6aa2\u67e5\u5f8c\uff0c\u4f7f\u7528\u8005\u6703\u88ab\u5e36\u5230\u7b2c\u4e09\u968e\u6bb5\u7db2\u7ad9\uff0c\u771f\u6b63\u7684\u7db2\u8def\u91e3\u9b5a\u7db2\u7ad9\u3002\u7db2\u9801\u5167\u5bb9\u662f\u7528Base64\u7de8\u78bc\u7684PHP\u8173\u672c\u7522\u751f\u4ee5\u7e5e\u904e\u9632\u706b\u7246\u3002\u5167\u5bb9\u4e5f\u6703\u6839\u64da\u53d7\u5bb3\u8005IP\u5730\u5740\u4f86\u9032\u884c\u672c\u5730\u5316\u3002<\/li><li>\u8981\u6c42\u4f7f\u7528\u8005\u586b\u5beb\u500b\u4eba\u8cc7\u8a0a\uff0c\u5305\u62ec\u4e86\u96fb\u5b50\u90f5\u4ef6\u5e33\u5bc6\u3001\u4fe1\u7528\u5361\u8a73\u7d30\u8cc7\u8a0a\u53ca\u5176\u4ed6\u500b\u4eba\u8eab\u4efd\u8cc7\u8a0a\uff08PII\uff09\u3002\u9019\u4e9b\u8cc7\u8a0a\u6703\u88ab\u7de8\u78bc\u5d4c\u5165\u5f71\u50cf\u6a94\uff0c\u7136\u5f8c\u5bc4\u9001\u5230\u653b\u64ca\u8005\u7684\u90f5\u4ef6\u5730\u5740\u3002\u653b\u64ca\u8005\u9084\u6703\u6536\u96c6\u4f7f\u7528\u8005\u6240\u7528\u4f5c\u696d\u7cfb\u7d71\u7684\u76f8\u95dc\u8cc7\u8a0a\u3002<\/li><li>\u4f7f\u7528\u8005\u586b\u5b8c\u8cc7\u8a0a\u4e26\u6309\u4e0b\u6700\u5f8c\u4e00\u500b\u6309\u9215\u5f8c\u4e0d\u6703\u767c\u751f\u4efb\u4f55\u4e8b\u60c5\u3002\u5982\u679c\u4f7f\u7528\u8005\u8a66\u8457\u518d\u900f\u904e\u76f8\u540cIP\u548c\u8a2d\u5b9a\u4f86\u9023\u4e0a\u91e3\u9b5a\u5957\u4ef6\u7db2\u7ad9\uff0c\u8a72\u7db2\u7ad9\u4e0d\u6703\u8f09\u5165\u91e3\u9b5a\u5957\u4ef6\u3002<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Heatstroke<\/strong><strong>\u91e3\u9b5a\u5957\u4ef6\u6280\u8853\u5206\u6790<\/strong><\/h2>\n\n\n\n<p>\u9996\u5148\u662f\u5f9e\u4e3b\u76ee\u9304\u5167\u7684index.php\u8173\u672c\u958b\u59cb\uff0c\u8a72\u8173\u672c\u662f\u7528base64\u7de8\u78bc\uff08\u5982\u57162\u6240\u793a\uff09\u3002\u8af7\u523a\u7684\u662f\uff0c\u8a72\u8173\u672c\u5229\u7528\u7db2\u8def\u53cd\u8a50\u9a19\u670d\u52d9\u4f86\u6aa2\u67e5\u8a2a\u5ba2\u7684IP\u5730\u5740\u3002\u5982\u679c\u8a72\u670d\u52d9\u5df2\u7d93\u5c01\u9396\u6216\u5c07\u8a2a\u5ba2IP\u5730\u5740\u5217\u5165\u9ed1\u540d\u55ae\uff0c\u5247\u91e3\u9b5a\u5957\u4ef6\u6703\u963b\u6b62\u8a2a\u5ba2\u67e5\u770b\u5167\u5bb9\u3002\u5b83\u9084\u6703\u7528\u5404\u7a2e\u8b8a\u91cf\u7d44\u6210\u6703\u8a71\u91d1\u9470\u3002\u6b64\u6703\u8a71\u91d1\u9470\u88ab\u7528\u4f86\u6a19\u8b58\u53d7\u5bb3\u8005\uff0c\u6703\u5728\u653b\u64ca\u5f8c\u671f\u968e\u6bb5\u7528\u5230\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-2.png\" alt=\"A picture containing text\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57162. Base64\u7de8\u78bc\uff08\u5de6\uff09\u548c\u89e3\u78bc\u904e\uff08\u53f3\uff09\u7684\u7a0b\u5f0f\u78bc\uff0c\u7528\u4f86\u78ba\u8a8d\u662f\u5426\u8981\u63d0\u4f9b\u8a2a\u5ba2\u7db2\u8def\u91e3\u9b5a\u5167\u5bb9<\/p>\n\n\n\n<p>\u4e00\u65e6\u8a2a\u5ba2\u901a\u904e\u6aa2\u67e5\uff0c\u5c31\u6703\u51fa\u73fe\u91e3\u9b5a\u5957\u4ef6\u7684\u5167\u5bb9\u3002\u4f8b\u5982\uff0c\u9023\u7d50hxxps:\/\/www[.]posicionamientowebeconomico[.]es\/wp-includes\/css\/signin[.]html\uff08\u7b2c\u4e8c\u968e\u6bb5\u7db2\u7ad9\uff09\u6703\u986f\u793a\u5c07\u4f7f\u7528\u8005\u5c0e\u5411\u5e33\u865f\u9a57\u8b49\u7db2\u9801\uff0c\u5be6\u969b\u4e0a\u662f\u5c07\u4f7f\u7528\u8005\u5c0e\u5411\u9a19\u53d6\u5e33\u5bc6\u7684\u60e1\u610f\u7db2\u7ad9\u3002<\/p>\n\n\n\n<p>\u4f7f\u7528\u8005\u770b\u5230\u7684\u5167\u5bb9\u662f\u5f9e\u5176\u4ed6\u4f86\u6e90\u8f09\u5165\uff08\u6839\u64da<em>.\/htaccess<\/em>\u6a94\u6848\u5167\u8a2a\u5ba2\u898f\u5247\u8a2d\u5b9a\uff09\uff0c\u4f7f\u7528\u8005\u6703\u88ab\u91cd\u65b0\u5c0e\u5230\u7db2\u8def\u91e3\u9b5a\u7db2\u7ad9\uff0c<em>hxxps:\/\/raisingtwo[.]com\/INC\/signin\/-\/PPL-ID\/app\/signin<\/em>\u3002\u8a72\u7db2\u9801\u6703\u8981\u6c42\u4f7f\u7528\u8005\u8f38\u5165\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u548c\u5bc6\u78bc\u3002\u8f38\u5165\u6642\u6703\u9a57\u8b49\u5167\u5bb9\uff0c\u53ea\u5141\u8a31\u8f38\u5165\u5408\u6cd5\u7684\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u683c\u5f0f\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-3.png\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57163. \u8981\u6c42\u4f7f\u7528\u8005\u7528\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u548c\u5bc6\u78bc\u9a57\u8b49\u5176\u5e33\u865f\u7684\u5047\u7db2\u9801<\/p>\n\n\n\n<p>\u8a72\u7db2\u9801\u7528PHP\u8173\u672c\u52d5\u614b\u7522\u751f\u7db2\u8def\u91e3\u9b5a\u5167\u5bb9\u3002\u7576\u7528\u700f\u89bd\u5668\u6aa2\u8996\u5b83\u7684\u539f\u59cb\u78bc\u6642\uff08\u5982\u57164\u6240\u793a\uff09\uff0c\u6703\u51fa\u73fe\u4e00\u5247\u6545\u4e8b\uff0c\u53ef\u80fd\u662f\u60f3\u8ddf\u8a66\u5716\u5206\u6790\u7684\u7814\u7a76\u4eba\u54e1\u958b\u73a9\u7b11\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-4-1.png\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-4-2.png\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57164. \u7522\u751f\u91e3\u9b5a\u9801\u9762\u7684PHP\u8173\u672c\uff08\u4e0a\uff09\u4ee5\u53ca\u5728\u700f\u89bd\u5668\u4e0a\u67e5\u770b\u7684\u7db2\u9801\u539f\u59cb\u78bc\uff08\u4e0b\uff09<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u6a94\u6848\/\u7d44\u4ef6\u4e5f\u662f\u63d0\u4f9b\u7d66\u8a2a\u5ba2\u7684\u91e3\u9b5a\u5167\u5bb9\u4e00\u90e8\u5206\uff1a<\/p>\n\n\n\n<ul><li><em>antiX.php<\/em> \u2013 X\u662f1\u52308\u9593\u7684\u6578\u5b57\u3002\u5b83\u6703\u907f\u514d\/\u5c01\u9396\u7db2\u9801\u6383\u63cf\u7a0b\u5f0f\u3001\u6f0f\u6d1e\u548c\u5b89\u5168\u7814\u7a76\u5de5\u5177\u3001\u722c\u87f2\u5de5\u5177\u53ca\u67d0\u4e9bIP\u5730\u5740\uff0c\u963b\u6b62\u5b83\u5011\u9023\u4e0a\u91e3\u9b5a\u7db2\u7ad9\u3002<\/li><li><em>index.php<\/em> \u2013 \u5305\u5728<em>antiX.php<\/em>\u88e1\uff0c\u53ef\u4ee5\u6536\u96c6\u4f7f\u7528\u8005\u8cc7\u8a0a\uff08\u5982\u900f\u904egetOs\uff0cgetBrowser\uff09\u3002<\/li><li><em>langauges.php<\/em> \u2013 \u70ba\u91e3\u9b5a\u7db2\u9801\u63d0\u4f9b\u672c\u5730\u5316\u5167\u5bb9\u7684\u52d5\u614b\u6a94\u6848\u3002<\/li><li><em>Algo.php<\/em> \u2013 \u5c07\u700f\u89bd\u5668\u548c\u4f5c\u696d\u7cfb\u7d71\u540d\u7a31\u89e3\u6790\u70ba\u6a19\u6e96\u683c\u5f0f\u3002<\/li><li><em>Mine.php<\/em> \u2013 \u5217\u51fa\u91e3\u9b5a\u5957\u4ef6\u4f5c\u8005\u7684\u5ba2\u6236\u7aef\u9810\u8a2d\u8a2d\u5b9a\uff0c\u5305\u62ecAPI\u91d1\u9470\u548c\u5b89\u5168API\u91d1\u9470\u3002<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-5.png\" alt=\"A screenshot of a social media post\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57165. antiX.php\u7a0b\u5f0f\u78bc\u7247\u6bb5\uff08\u5de6\u548c\u4e2d\uff09\u4ee5\u53ca\u91e3\u9b5a\u7db2\u7ad9\u7684\u8cc7\u6599\u6b04\u4f4d\uff08\u53f3\uff09<\/p>\n\n\n\n<p>Heatstroke\u5982\u4f55\u7aca\u53d6\u4ed8\u6b3e\u8cc7\u8a0a<\/p>\n\n\n\n<p>\u4e00\u65e6\u4f7f\u7528\u8005\u63d0\u4f9b\u4e86\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u548c\u5bc6\u78bc\uff0c\u91e3\u9b5a\u5957\u4ef6\u5c31\u6703\u63d0\u4f9b\u9801\u9762\u4f86\u901a\u77e5\u4f7f\u7528\u8005\u201c\u7570\u5e38\u6d3b\u52d5\u201d\u3002\u9019\u6703\u8b93\u4f7f\u7528\u8005\u7522\u751f\u5df2\u767b\u5165\u7684\u60f3\u6cd5\uff0c\u5373\u5c07\u901a\u904e\u771f\u6b63\u7684PayPal\u7db2\u7ad9\u4f86\u89e3\u6c7a\u5e33\u865f\u9a57\u8b49\u554f\u984c\u3002\u63d0\u4f9b\u7d66\u4f7f\u7528\u8005\u7684\u91e3\u9b5a\u5167\u5bb9\u539f\u59cb\u78bc\uff08\u57166\uff0c\u4e5f\u662f\u7531\u5957\u4ef6\u7522\u751f\uff09\uff0c\u4e5f\u51fa\u73fe\u4e86\u6545\u4e8b\uff08\u57167\uff09\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-6.png\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57166. \u986f\u793a\u7570\u5e38\u6d3b\u52d5\u901a\u77e5\u7684\u91e3\u9b5a\u7db2\u9801\uff08\u5de6\uff09\u3002\u5b83\u6703\u5c07\u4f7f\u7528\u8005\u5c0e\u5230\u53e6\u4e00\u500b\u7db2\u9801\uff08\u53f3\uff09\uff0c\u8a72\u7db2\u9801\u6703\u7aca\u53d6\u4f7f\u7528\u8005\u7684\u4fe1\u7528\u5361\u8cc7\u8a0a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-7.png\" alt=\"A screenshot of a social media post\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57167. PHP\u8173\u672c\u539f\u59cb\u78bc\uff08\u4e0a\uff09\u3002\u6703\u7522\u751f\u7db2\u8def\u91e3\u9b5a\u5167\u5bb9\u4f86\u8981\u6c42\u4fe1\u7528\u5361\u8cc7\u8a0a<\/p>\n\n\n\n<p><em>process.php<\/em>\u6703\u5c01\u9396\u76ee\u6a19\u5916\u7684\u4f7f\u7528\u8005\u9023\u4e0a\u91e3\u9b5a\u7db2\u9801\u3002\u7576\u4f7f\u7528\u8005\u88ab\u5c0e\u5230\u7b2c\u4e00\u968e\u6bb5\u91e3\u9b5a\u7db2\u7ad9\u6642\uff0c\u6bcf\u500b\u7522\u751f\u7684\u7db2\u9801\u88e1\u90fd\u6709\u5b83\uff0c\u540c\u6642\u6703\u6aa2\u67e5\u8868\u55ae\u5167\u6bcf\u500b\u6b04\u4f4d\u3002<\/p>\n\n\n\n<p>\u7576\u4f7f\u7528\u8005\u586b\u5beb\u8868\u55ae\u4e26\u6309\u4e0b\u201c\u5132\u5b58\u201d\uff0c\u7db2\u7ad9\u4e0a\u4f3c\u4e4e\u6c92\u6709\u767c\u751f\u4efb\u4f55\u4e8b\u60c5\u3002\u4f46\u5176\u5be6\u91e3\u9b5a\u5957\u4ef6\u5df2\u7d93\u5c07\u8cc7\u6599\u5bc4\u9001\u7d66\u653b\u64ca\u8005\u3002\u91e3\u9b5a\u5957\u4ef6\u6703\u5229\u7528\u516c\u958b\u7684\u4fe1\u7528\u5361\u548c\u7c3d\u5e33\u91d1\u878d\u5361\u67e5\u8a62\u7db2\u7ad9\u4f86\u9a57\u8b49\u5361\u865f\u3002\u4e00\u65e6\u5361\u865f\u9a57\u8b49\u6210\u529f\uff0c\u6700\u5f8c\u63d0\u4f9b\u7d66\u4f7f\u7528\u8005\u7684\u756b\u9762\u662f\u91cd\u65b0\u5c0e\u5411\u4e00\u500b\u77ed\u7db2\u5740\uff0c\u6703\u9023\u4e0a\u5408\u6cd5\/\u771f\u6b63\u7684Paypal\u767b\u5165\u9801\u9762\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u6df1\u5165\u4e86\u89e3\u91e3\u9b5a\u5957\u4ef6\u5de5\u5177\u5305\u7684\u52d5\u614b\u80fd\u529b<\/strong><\/h2>\n\n\n\n<p>\u6211\u5011\u53ef\u4ee5\u5f9e\u5b57\u4e32\u8b58\u5225\u51fa\u91e3\u9b5a\u5957\u4ef6\u7684\u958b\u767c\u8005\u548c\u5ba2\u6236\u3002\u9032\u4e00\u6b65\u7814\u7a76\u986f\u793aHeatstroke\u7ba1\u7406\u8005\u81f3\u5c11\u53ef\u4ee5\u8aaa\u6377\u514b\u8a9e\u3001\u82f1\u8a9e\u3001\u897f\u73ed\u7259\u8a9e\u548c\u5370\u5c3c\u8a9e\u3002\u57168\u986f\u793a\u4e86\u5957\u7684\u8a2d\u5b9a\u53ca\u958b\u767c\u8005\u70ba\u6bcf\u500b\u8a2d\u5b9a\u52a0\u5165\u7684\u8cc7\u8a0a\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-8.png\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<p>\u57168. \u986f\u793a\u91e3\u9b5a\u5957\u4ef6\u8a2d\u5b9a\uff08\u5de6\uff09\u548c.\/htaccess\u5167\u5bb9\u7247\u6bb5\uff0c\u986f\u793a\u5982\u4f55\u5c07\u76ee\u6a19\u5916\u8a2a\u5ba2\uff08\u5982\u4f86\u81eaFBI\u7db2\u57df\u7684\u8a2a\u5ba2\uff09\u91cd\u65b0\u5c0e\u5230\u53e6\u4e00\u500b\u7db2\u7ad9\uff08\u53f3\uff09<\/p>\n\n\n\n<p>\u5982\u524d\u6240\u8ff0\uff0c\u91e3\u9b5a\u5957\u4ef6\u5177\u5099\u7528\u9ed1\u540d\u55ae\u5c01\u9396\u76ee\u6a19\u5916\u8a2a\u5ba2\u7684\u529f\u80fd\u3002\u50cf<em>anti.php<\/em>\u8173\u672c\u53ef\u4ee5\u5c07\u9ed1\u540d\u55ae\u5167\u7684\u4f7f\u7528\u8005\uff08\u6c92\u6709\u901a\u904e\u9a57\u8b49\uff09\u5c0e\u5230\u53e6\u4e00\u500b\u7db2\u7ad9hxxp:\/\/2m[.]ma\/ar\/\u3002\u9ed1\u540d\u55ae\u5305\u62ec\u6574\u6bb5IP\u5730\u5740\u3001\u53c3\u7167\u3001\u201cGoogle\u201d\u7b49\u5b57\u4e32\u53ca\u700f\u89bd\u5668\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u4f7f\u7528\u5716\u50cf\u96b1\u78bc\u8853\u53ca\u88ab\u7aca\u8cc7\u6599\u6703\u5982\u4f55?<\/strong><\/h2>\n\n\n\n<p>\u91e3\u9b5a\u5957\u4ef6\u5c07\u7aca\u53d6\u7684\u8cc7\u6599\u9001\u5230\u53ef\u80fd\u662f\u653b\u64ca\u8005\u6240\u64c1\u6709\u7db2\u57df\u7684\u90f5\u4ef6\u5730\u5740\u3002\u5b83\u6703\u7528\u5169\u7a2e\u65b9\u6cd5\u5411\u4e0d\u540c\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u767c\u9001\u4e0d\u540c\u7684\u8cc7\u6599\u3002\u7b2c\u4e00\u7a2e\u65b9\u6cd5\u662f\u7528\u4e00\u822c\u7684\u96fb\u5b50\u90f5\u4ef6\u5bc4\u9001\u88ab\u7aca\u8cc7\u6599\uff08\u901a\u904e<em>step6.php<\/em>\uff09\uff0c\u5982\u57169\u6240\u793a\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-9.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>\u57169. \u986f\u793a\u5982\u4f55\u5c07\u88ab\u7aca\u8cc7\u6599\u9001\u7d66\u653b\u64ca\u8005\u7684\u7a0b\u5f0f\u78bc\u7247\u6bb5\uff1a\u900f\u904e\u96fb\u5b50\u90f5\u4ef6\uff08\u4e0a\uff09\u548c\u5716\u50cf\u96b1\u78bc\u8853\uff08\u4e0b\uff09<\/p>\n\n\n\n<p>\u7b2c\u4e8c\u7a2e\u65b9\u6cd5\u4f7f\u7528\u5716\u50cf\u96b1\u78bc\u8853\uff08\u5728\u5716\u6a94\u88e1\u5d4c\u5165\u8cc7\u6599\uff09\uff0c\u5c07\u88ab\u7aca\u8cc7\u6599\u7de8\u78bc\u6210\u5716\u50cf\u3001\u52a0\u5bc6\u3001\u7136\u5f8c\u7528\u96fb\u5b50\u90f5\u4ef6\u5bc4\u7d66\u653b\u64ca\u8005\u3002\u4f46\u6211\u5011\u767c\u73fe\u7f3a\u5c11\u6b64\u51fd\u6578\u7684\u5b8c\u6574\u7a0b\u5f0f\u78bc\uff0c\u6240\u4ee5\u7a0b\u5f0f\u78bc\u6355\u6349\u4e26\u4e0d\u5b8c\u6574\u3002\u53ef\u80fd\u9019\u51fd\u6578\u9084\u5728\u958b\u767c\u4e2d\uff0c\u6216\u958b\u767c\u8005\u6c92\u6709\u63d0\u4f9b\u3002\u53e6\u5916\u503c\u5f97\u6ce8\u610f\u7684\u662f\u91e3\u9b5a\u5957\u4ef6\u5167\u540d\u70ba\u201cproof\u201d\u7684\u8cc7\u6599\u593e\u5167\u5305\u542b\u5169\u500b.img\u6a94\u6848\uff0c\u6a94\u6848\u540d\u7a31\u5c31\u662fMD5\u96dc\u6e4a\u503c\u3002\u571610\u662f\u5716\u7247\u7bc4\u4f8b\uff0c\u6709\u76f8\u4f3c\u7684\u8996\u89ba\u5716\u6848\u3002\u5c0d\u91e3\u9b5a\u5957\u4ef6\u7684\u4e8c\u9032\u4f4d\u5206\u6790\u986f\u793a\u51faASCI\u5b57\u4e32\u5be6\u969b\u4e0a\u662f\u66ab\u653e\u7684\uff0c\u53ef\u80fd\u662f\u5c0d\u6f5b\u5728\u5ba2\u6236\u5c55\u793a\u8a72\u5957\u4ef6\u7684\u529f\u80fd\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2019\/08\/heatstroke-phishing-campaign-10.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>\u571610. \u7528\u5716\u50cf\u96b1\u78bc\u8853\u5d4c\u5165\u88ab\u7aca\u8cc7\u6599\u7684\u6a23\u672c\u5716\u7247\uff08\u4e0a\uff09\u4ee5\u53caASCI\u5b57\u4e32\u622a\u5716\uff08\u4e0b\uff09<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u6700\u4f73\u5be6\u4f5c\u4ee5\u53ca\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848<\/strong><\/h2>\n\n\n\n<p>Heatstroke\u958b\u767c\u8005\u986f\u7136\u662f\u8981\u63a1\u7528\u7db2\u8def\u91e3\u9b5a\u5373\u670d\u52d9\u7684\u5546\u696d\u6a21\u5f0f\uff0c\u9019\u4ee3\u8868\u5176\u4ed6\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u53ef\u4ee5\u5229\u7528\u6b64\u91e3\u9b5a\u5957\u4ef6\u9032\u884c\u81ea\u5df1\u7684\u653b\u64ca\u4f86\u7aca\u53d6PII\u548c\u4ed8\u6b3e\u8cc7\u8a0a\u3002\u6211\u5011\u4e5f\u9810\u671f\u9019\u985e\u91e3\u9b5a\u6d3b\u52d5\u6703\u52a0\u5165\u66f4\u591a\u8eb2\u907f\u5075\u6e2c\u53ca\u963b\u6b62\u5206\u6790\u7684\u6280\u8853\uff0c\u5c31\u50cf\u662f\u5716\u50cf\u96b1\u78bc\u8853\uff08\u96d6\u7136\u73fe\u5728\u5c1a\u4e0d\u5b8c\u6574\uff09\u548c\u9ed1\u540d\u55ae\u3002\u4f7f\u7528\u8005\u548c\u4f01\u696d\u61c9\u8a72\u8981<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/best-practices-identifying-and-mitigating-phishing-attacks\">\u63d0\u9ad8\u7db2\u8def\u5b89\u5168\u610f\u8b58<\/a>\uff0c\u7279\u5225\u662f\u5728\u62b5\u79a6\u793e\u4ea4\u5de5\u7a0b<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/infosec-guide-email-threats\">\u90f5\u4ef6\u5a01\u8105<\/a>\u65b9\u9762\u3002<\/p>\n\n\n\n<p>\u8da8\u52e2\u79d1\u6280\u7684<a href=\"https:\/\/t.rend.tw\/?i=NzkxNA\">PC-cillin\u96f2\u7aef\u7248<\/a>\u3001<a href=\"https:\/\/www.trendmicro.com\/zh_tw\/business\/products\/user-protection\/sps.html\">Smart Protection Suites<\/a>\u548c <a href=\"https:\/\/www.trendmicro.com\/zh_tw\/small-business\/all-products-for-smb.html\">Worry-Free Business Security&nbsp;<\/a>\u53ef\u4ee5\u5075\u6e2c\u60e1\u610f\u6a94\u6848\u548c\u5783\u573e\u90f5\u4ef6\u4e26\u5c01\u9396\u76f8\u95dc\u60e1\u610f\u7db2\u5740\u4f86\u4fdd\u8b77\u4f7f\u7528\u8005\u548c\u4f01\u696d\u62b5\u79a6Heatstroke\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/t.rend.tw\/?i=ODA0MQ\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/08\/Windows10Banner-540x90v5.gif\" alt=\"\"\/><\/a><\/figure>\n\n\n\n<p><strong><em>\u5165\u4fb5\u6307\u6a19\uff08IoC<\/em><\/strong><strong><em>\uff09\uff1a<\/em><\/strong><\/p>\n\n\n\nThe Rising Tide of Credential Phishing\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td>\n  \u6a94\u6848\u540d\u7a31\n  <\/td><td>\n  SHA-256\n  <\/td><td>\n  \u8da8\u52e2\u79d1\u6280\u5075\u6e2c\u540d\u7a31\n  <\/td><\/tr><tr><td>\n  bin\n  <\/td><td>\n  587368b3f679083010690cbc15df647a045f62f02ca86495d704d24fdb2eb5d6\n  <\/td><td>\n  Trojan.PHP.PHISHKIT.B\n  <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u76f8\u95dc\u7db2\u5740\uff1a<\/p>\n\n\n\n<ul><li>hxxp:\/\/2m[.]ma\/ar\/<\/li><li>hxxps:\/\/alphawolfden[.]com\/.well-known\/<\/li><li>hxxps:\/\/posicionamientowebeconomico[.]es\/wp-includes\/<\/li><li>hxxp:\/\/raisingtwo[.]com\/INC\/<\/li><\/ul>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/heatstroke-campaign-uses-multistage-phishing-attack-to-steal-paypal-and-credit-card-information\/\">\u2018Heatstroke\u2019\nCampaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card\nInformation<\/a> \u4f5c\u8005\uff1aJindrich\nKarasek\uff08\u5a01\u8105\u7814\u7a76\u54e1\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Heatstrok\u60e1\u610f\u6d3b\u52d5\u5229\u7528\u591a\u968e\u6bb5\u7db2\u8def\u91e3\u9b5a\u653b\u64ca,\u5c08\u7aca\u53d6PayPal\u548c\u4fe1\u7528\u5361\u8cc7\u8a0a \u96d6\u7136\u7db2\u8def\u91e3\u9b5a\u6d3b\u52d5\u57282019\u5e74 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[1268,4091,1,3765,65],"tags":[2344,4089,2284],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/62007"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=62007"}],"version-history":[{"count":3,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/62007\/revisions"}],"predecessor-version":[{"id":67445,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/62007\/revisions\/67445"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=62007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=62007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=62007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}