{"id":62964,"date":"2019-12-24T09:00:29","date_gmt":"2019-12-24T01:00:29","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=62964"},"modified":"2019-12-23T16:07:41","modified_gmt":"2019-12-23T08:07:41","slug":"%e5%85%a9%e9%9a%bb%e6%96%b0%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92%ef%bc%9asnatch%e9%87%8d%e5%95%9f%e9%9b%bb%e8%85%a6%e9%80%b2%e5%85%a5%e5%ae%89%e5%85%a8%e6%a8%a1%e5%bc%8f-zepplin%e9%8e%96%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=62964","title":{"rendered":"\u5169\u96bb\u65b0\u52d2\u7d22\u75c5\u6bd2\uff1aSnatch\u91cd\u555f\u96fb\u8166\u9032\u5165\u5b89\u5168\u6a21\u5f0f\/ Zepplin\u9396\u5b9a\u6b50\u7f8e"},"content":{"rendered":"\n

\u8fd1\u65e5\u51fa\u73fe\u5169\u96bb\u503c\u5f97\u6ce8\u610f\u7684\u52d2\u7d22\u75c5\u6bd2 Ransomware<\/a> (\u52d2\u7d22\u8edf\u9ad4\/\u7d81\u67b6\u75c5\u6bd2) \u2013 Snatch\u548cZeppelin\u3002Snatch\u52d2\u7d22\u75c5\u6bd2\u53ef\u4ee5\u5f37\u8febWindows\u96fb\u8166\u91cd\u65b0\u555f\u52d5\u9032\u5165\u5b89\u5168\u6a21\u5f0f\u3002\u800cZeppelin\u52d2\u7d22\u75c5\u6bd2\u5247\u611f\u67d3\u4e86\u6b50\u6d32\u548c\u7f8e\u570b\u7684\u91ab\u7642\u548cIT\u516c\u53f8\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

Snatch<\/strong>\u52d2\u7d22\u75c5\u6bd2\u91cd\u555f\u96fb\u8166\u9032\u5165\u5b89\u5168\u6a21\u5f0f\u4f86\u8eb2\u907f\u5b89\u5168\u9632\u8b77<\/strong><\/p>\n\n\n\n

Snatch\u6703\u91cd\u65b0\u555f\u52d5\u53d7\u611f\u67d3\u96fb\u8166\u9032\u5165\u5b89\u5168\u6a21\u5f0f\u4f86\u7e5e\u904e\u5b89\u5168\u8edf\u9ad4\u4ee5\u52a0\u5bc6\u6a94\u6848\u800c\u4e0d\u88ab\u5075\u6e2c\u3002\u9019\u6a23\u505a\u7684\u539f\u56e0\u662f\u5b89\u5168\u8edf\u9ad4\u901a\u5e38\u4e0d\u6703\u5728Windows\u5b89\u5168\u6a21\u5f0f\u4e0b\u57f7\u884c\uff0c\u56e0\u70ba\u6b64\u6a21\u5f0f\u662f\u7528\u4f86\u9664\u932f\u548c\u56de\u5fa9\u6709\u554f\u984c\u7684\u4f5c\u696d\u7cfb\u7d71\uff08OS\uff09\u3002<\/p>\n\n\n\n

\u7814\u7a76\u4eba\u54e1\u767c\u73fe\u52d2\u7d22\u75c5\u6bd2\u4f5c\u8005\u5229\u7528Windows\u767b\u9304\u6a94\u4f86\u6392\u7a0b\u4e00\u500b\u540d\u70baSuperBackupMan<\/em>\u7684Windows\u670d\u52d9\uff0c\u6b64\u670d\u52d9\u53ef\u4ee5\u5728\u5b89\u5168\u6a21\u5f0f\u4e0b\u57f7\u884c\uff0c\u7121\u6cd5\u88ab\u505c\u6b62\u6216\u66ab\u505c\u3002\u6b64\u60e1\u610f\u8edf\u9ad4\u751a\u81f3\u6703\u9032\u4e00\u6b65\u522a\u9664\u7cfb\u7d71\u4e0a\u6240\u6709\u7684\u78c1\u789f\u5340\u9670\u5f71\u8907\u88fd\u4f86\u9632\u6b62\u9451\u8b58\u56de\u5fa9\u52a0\u5bc6\u6a94\u6848\u3002<\/p>\n\n\n\n

Snatch\u52d2\u7d22\u75c5\u6bd2\u6700\u65e9\u65bc2018\u5e74\u88ab\u767c\u73fe\uff0c\u5b83\u7684\u76ee\u6a19\u4e26\u4e0d\u662f\u5bb6\u5ead\u4f7f\u7528\u8005\uff0c\u4e5f\u6c92\u6709\u5229\u7528\u5783\u573e\u90f5\u4ef6\u6216\u700f\u89bd\u5668\u6f0f\u6d1e\u7b49\u5927\u898f\u6a21\u6563\u64ad\u65b9\u5f0f\u3002\u6b64\u60e1\u610f\u8edf\u9ad4\u64cd\u4f5c\u8005\u53ea\u5c08\u6ce8\u5728\u5c0f\u90e8\u5206\u7684\u76ee\u6a19\uff0c\u5305\u62ec\u516c\u53f8\u548c\u653f\u5e9c\u7d44\u7e54\u3002\u64cd\u4f5c\u8005\u9084\u6703\u5728\u99ed\u5ba2\u8ad6\u58c7\u4e0a\u62db\u52df\u99ed\u5ba2\u4f86\u5f9e\u76ee\u6a19\u7d44\u7e54\u7aca\u53d6\u8cc7\u8a0a\u3002<\/p>\n\n\n\n

Zeppelin<\/strong>\u52d2\u7d22\u75c5\u6bd2\u91dd\u5c0d\u6b50\u6d32\u548c\u7f8e\u570b\u7684\u91ab\u7642\u548cIT<\/strong>\u516c\u53f8<\/strong><\/p>\n\n\n\n

Zeppelin\u662fVegaLocker\/Buran\u52d2\u7d22\u75c5\u6bd2\u7684\u65b0\u8b8a\u7a2e\uff0c\u88ab\u767c\u73fe\u6703\u900f\u904e\u91dd\u5c0d\u6027\u5b89\u88dd\u611f\u67d3\u4f4d\u65bc\u6b50\u6d32\u548c\u7f8e\u570b\u7684\u516c\u53f8\u3002\u6839\u64daBlackBerry Cylance\u7684\u5831\u5c0e\uff0cZeppelin\u52d2\u7d22\u75c5\u6bd2\u5c6c\u65bc\u52d2\u7d22\u75c5\u6bd2\u5373\u670d\u52d9\uff08RaaS\uff09\u6a21\u5f0f\uff0c\u88ab\u767c\u73fe<\/a>\u611f\u67d3\u4e86\u67d0\u4e9b\u91ab\u7642\u548cIT\u516c\u53f8\u3002<\/p>\n\n\n\n\n\n\n\n

Zeppelin\u52d2\u7d22\u75c5\u6bd2\u4f3c\u4e4e\u6709\u5f88\u9ad8\u7684\u53ef\u8a2d\u5b9a\u6027\uff0c\u53ef\u4ee5\u90e8\u7f72\u70ba.dll\u6216.exe\u6a94\u6848\uff0c\u4e5f\u53ef\u4ee5\u5c01\u88dd\u9032PowerShell\u8f09\u5165\u5668\u3002\u9664\u4e86\u6703\u52a0\u5bc6\u6a94\u6848\u5916\uff0c\u5b83\u9084\u6703\u7d42\u6b62\u8a31\u591a\u7a2e\u7a0b\u5e8f\uff0c\u5305\u62ec\u4e86\u5099\u4efd\u3001\u8cc7\u6599\u5eab\u548c\u90f5\u4ef6\u4f3a\u670d\u5668\u76f8\u95dc\u7684\u7a0b\u5e8f\u3002Zeppelin\u57f7\u884c\u6a94\u7d93\u904e\u4e09\u5c64\u6df7\u6dc6\u6280\u8853\u5c01\u88dd\u3002\u5b83\u7684\u52d2\u8d16\u901a\u77e5\u5f9e\u4e00\u822c\u901a\u7528\u8a0a\u606f\u5230\u70ba\u7279\u5b9a\u7d44\u7e54\u91cf\u8eab\u5b9a\u5236\u7684\u8a73\u7d30\u8aaa\u660e\u90fd\u6709\u3002\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0cZeppelin\u52d2\u7d22\u75c5\u6bd2\u4f3c\u4e4e\u6c92\u6709\u88ab\u5927\u91cf\u6563\u64ad \u2013 \u6216\u81f3\u5c11\u5c1a\u672a\u767c\u751f\u3002<\/p>\n\n\n\n

\u7814\u7a76\u4eba\u54e1\u8a8d\u70baZeppelin\u985e\u4f3c\u65bcSodinokibi\u52d2\u7d22\u75c5\u6bd2<\/a>\uff0c\u900f\u904e\u8a17\u7ba1\u670d\u52d9\u5546\uff08MSP\uff09\u6563\u64ad\u4ee5\u9032\u4e00\u6b65\u5f71\u97ff\u5ba2\u6236\u3002\u6b64\u5916\uff0c\u52d2\u7d22\u75c5\u6bd2\u9084\u53ef\u4ee5\u900f\u904e\u60e1\u610f\u5ee3\u544a\u548c\u6c34\u5751\u653b\u64ca\u6563\u64ad\u3002<\/p>\n\n\n\n

\u5982\u4f55\u62b5\u79a6\u52d2\u7d22\u75c5\u6bd2<\/strong>?<\/p>\n\n\n\n

\u9664\u4e86\u4fdd\u6301\u4f5c\u696d\u7cfb\u7d71\u5728\u6700\u65b0\u72c0\u614b\u4f86\u6d88\u9664\u6703\u88ab\u653b\u64ca\u7684\u6f0f\u6d1e\u5916\uff0c\u4f7f\u7528\u8005\u9084\u61c9\u63a1\u75283-2-1 \u5099\u4efd\u539f\u5247<\/a>\u7684\u8cc7\u6599\u5099\u4efd\u6700\u4f73\u5be6\u4f5c\u3002\u540c\u6642\u4f7f\u7528\u8005\u53ef\u4ee5\u90e8\u7f72\u5168\u9762\u6027\u7684\u591a\u5c64\u6b21\u5b89\u5168\u89e3\u6c7a\u65b9\u6848\u4f86\u9632\u6b62\u4f86\u81ea\u4e0d\u540c\u9032\u5165\u9ede\u7684\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u3002\u4f7f\u7528\u8005\u548c\u7d44\u7e54\u53ef\u4ee5\u63a1\u53d6\u4e0b\u5217\u63aa\u65bd\u4f86\u9632\u7bc4\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\uff1a<\/p>\n\n\n\n