{"id":64059,"date":"2020-04-22T09:00:00","date_gmt":"2020-04-22T01:00:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=64059"},"modified":"2021-12-23T16:14:09","modified_gmt":"2021-12-23T08:14:09","slug":"apt-%e9%a7%ad%e5%ae%a2%e9%9b%86%e5%9c%98%e5%88%a9%e7%94%a8%e6%ad%a6%e6%bc%a2%e8%82%ba%e7%82%8e%e4%bd%9c%e7%82%ba%e8%aa%98%e9%a4%8c","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=64059","title":{"rendered":"APT \u99ed\u5ba2\u96c6\u5718\u5229\u7528 Covid19 \u65b0\u51a0\u80ba\u708e\u4f5c\u70ba\u8a98\u990c"},"content":{"rendered":"\n<p>Gamaredon\u662f\u5f9e2013\u5e74\u8d77\u5c31\u4e00\u76f4\u6d3b\u8e8d\u7684<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=123\">APT\u9032\u968e\u6301\u7e8c\u653b\u64ca<\/a> \u99ed\u5ba2\u96c6\u5718\u3002\u5b83\u6700\u77e5\u540d\u7684\u5c31\u662f\u6703\u91dd\u5c0d\u70cf\u514b\u862d\u7684\u653f\u5e9c\u6a5f\u69cb\u3002\u7814\u7a76\u4eba\u54e1\u5011\u5f9e2019\u5e74\u4e0b\u534a\u5e74\u5230\u4eca\u5e742\u6708\u91dd\u5c0dGamaredon\u767c\u8868\u4e86\u6578\u4efd\u5831\u544a\uff0c\u8ffd\u8e2a\u6b64\u96c6\u5718\u7684\u6d3b\u52d5\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u57283\u6708\u767c\u73fe\u4e00\u5c01\u96fb\u5b50\u90f5\u4ef6\u593e\u5e36\u4e86\u4f7f\u7528Gamaredon\u99ed\u5ba2\u96c6\u5718\u624b\u6cd5\u7684\u60e1\u610f\u9644\u4ef6\u3002\u6709\u4e9b\u96fb\u5b50\u90f5\u4ef6\u7528<a href=\"https:\/\/blog.trendmicro.com.tw\/?cat=4547\">\u65b0\u51a0\u72c0\u75c5\u6bd2(COVID-19,\u4fd7\u7a31\u6b66\u6f22\u80ba\u708e)<\/a>\u75ab\u60c5\u7206\u767c\u7576\u4e3b\u65e8\u4f86\u8a98\u9a19\u53d7\u5bb3\u8005\u958b\u555f\u96fb\u5b50\u90f5\u4ef6\u548c\u9644\u4ef6\u6a94\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"535\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513-1024x535.jpg\" alt=\"\" class=\"wp-image-49645\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513-1024x535.jpg 1024w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513-300x157.jpg 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513-768x401.jpg 768w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513-600x314.jpg 600w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513-30x16.jpg 30w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513-800x418.jpg 800w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2017\/05\/0513.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<!--more-->\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Gamaredon\u7c21\u53f2<\/strong><\/h3>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>LookingGlass\u7684\u7814\u7a76\u4eba\u54e1\u57282015\u5e74\u767c\u8868\u4e86\u7b2c\u4e00\u4efd\u95dc\u65bcGamaredon\u7684<a href=\"https:\/\/www.lookingglasscyber.com\/wp-content\/uploads\/2015\/08\/Operation_Armageddon_Final.pdf\">\u5831\u544a<\/a>\u3002\u6839\u64da\u8a72\u5831\u544a\uff0c\u65e9\u671f\u6d3b\u52d5\u4f7f\u7528\u7684\u662fMicrosoft\nWord\u6587\u4ef6\uff0c\u5206\u6790\u5f8c\u986f\u793a\u6700\u5f8c\u7684\u4f7f\u7528\u8005\u540d\u7a31\u662fArmagedon\uff08\u62fc\u5beb\u932f\u8aa4\u7684\u201dArmageddon(\u4e16\u754c\u672b\u65e5)\u201d\uff09\uff0c\u9019\u540d\u5b57\u4e5f\u6210\u70ba\u8a72\u96c6\u5718\u547d\u540d\u7684\u57fa\u790e\u3002<\/p>\n\n\n\n<p>\u8a72\u5831\u544a\u9084\u63cf\u8ff0\u4e86Gamaredon\u7684\u653f\u6cbb\u8d77\u6e90\uff0c\u5c24\u5176\u662f\u5b83\u82072014\u5e74\u70cf\u514b\u862d\u9769\u547d\u7684\u95dc\u806f\u3002\u5728\u9769\u547d\u4e4b\u524d\uff0c\u4ed6\u5011\u91dd\u5c0d\u4e86\u70cf\u514b\u862d\u653f\u5e9c\u5b98\u54e1\u3001\u53cd\u5c0d\u9ee8\u6210\u54e1\u548c\u65b0\u805e\u5de5\u4f5c\u8005\u3002\u5728\u9769\u547d\u4e4b\u5f8c\uff0c\u4ed6\u5011\u9032\u4e00\u6b65\u91dd\u5c0d\u4e86\u70cf\u514b\u862d\u653f\u5e9c\u6a5f\u69cb\u3002\u57282018\u5e74\uff0cCERT-UA<a href=\"https:\/\/cert.gov.ua\/news\/46\">\u767c\u8868<\/a>\u4e86\u91dd\u5c0d\u60e1\u610f\u8edf\u9ad4Pterodo\uff08\u64da\u7a31\u70ba\u8a72\u96c6\u5718\u6240\u7528\uff09\u7684\u516c\u544a\u3002<\/p>\n\n\n\n<p>\u8a72\u96c6\u5718\u4e00\u76f4\u4fdd\u6301\u6d3b\u8e8d\uff0c\u4e26\u4e14\u57282020\u5e742\u6708\u6709\u6578\u500bGamaredon\u76f8\u95dc\u6d3b\u52d5\u7684\u56de\u5831\u3002\u57283\u6708\uff0c\u5b83\u5011\u88ab\u78ba\u8a8d\u662f\u5229\u7528\u65b0\u51a0\u75c5\u6bd2\u75ab\u60c5\u7206\u767c\u4f86\u8a98\u9a19\u76ee\u6a19\u7684<a href=\"https:\/\/www.csoonline.com\/article\/3532825\/6-ways-attackers-are-exploiting-the-covid-19-crisis.html\">\u99ed\u5ba2\u96c6\u5718\u4e4b\u4e00<\/a>\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Gamaredon\u548cCovid-19\u76f8\u95dc\u5e4c\u5b50\u7684\u96fb\u5b50\u90f5\u4ef6<\/strong><\/h3>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/04\/figure-1-1024x584.jpg\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><figcaption> \u57161. Gamaredon\u60e1\u610f\u6d3b\u52d5\u611f\u67d3\u93c8 <\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><br><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u6240\u767c\u73fe\u7684\u6848\u4f8b\u662f\u4f7f\u7528docx\u9644\u4ef6\u6a94\u7684\u91dd\u5c0d\u6027\u96fb\u5b50\u90f5\u4ef6\u3002\u958b\u555f\u6587\u4ef6\u6703\u5229\u7528\u7bc4\u672c\u6ce8\u5165\u6280\u8853\u4f86\u5f9e\u7db2\u8def\u8f09\u5165\u6587\u4ef6\u7bc4\u672c\u3002\u4e0b\u8f09\u7684\u6587\u4ef6\u7bc4\u672c\u5167\u5305\u542b\u4e86\u60e1\u610f\u5de8\u96c6\u4f86\u57f7\u884cVBScript\uff08VBS\uff09\u7a0b\u5f0f\u78bc\u3002\u6211\u5011\u627e\u5230\u4e86\u5f9eC&amp;C\u4f3a\u670d\u5668\u89e3\u5bc6\u3001\u57f7\u884c\u548c\u4e0b\u8f09\u5176\u4ed6\u60e1\u610f\u6a94\u6848\u7684\u65b9\u6cd5\u3002\u4f46\u5728\u5206\u6790\u671f\u9593\uff0cC&amp;C\u4f3a\u670d\u5668\u90fd\u7121\u6cd5\u9023\u4e0a\uff0c\u7121\u6cd5\u53d6\u5f97\u5176\u4ed6\u7684\u60e1\u610f\u6a94\u6848\u3002<\/p>\n\n\n\n<p><br>\u76ee\u524d\u6240\u767c\u73fe\u7684\u653b\u64ca\u90fd\u662f\u900f\u904e\u91dd\u5c0d\u6027\u96fb\u5b50\u90f5\u4ef6\uff08MITRE ATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1193\/\">T1193<\/a>\uff09,\u5176\u4e2d\u4e00\u500b\u751a\u81f3\u7528\u201d 2019-nCoV\u201d\u4f5c\u70ba\u4e3b\u65e8\u3002\u653b\u64ca\u8005\u5229\u7528\u793e\u6703\u8b70\u984c\u4f86\u8b93\u96fb\u5b50\u90f5\u4ef6\u548c\u6587\u4ef6\u66f4\u5177\u8a98\u60d1\u529b\u662f\u7a2e\u5e38\u898b\u7684\u505a\u6cd5\u3002\u4f7f\u7528\u65b0\u51a0\u75c5\u6bd2\u76f8\u95dc\u4e3b\u65e8\u7684\u90f5\u4ef6\u5e36\u6709\u9644\u4ef6\u6a94\u3002\u958b\u555f\u6a94\u6848\uff08MITRE ATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1204\/\">T1204<\/a>\uff09\u6703\u57f7\u884c\u7bc4\u672c\u6ce8\u5165\u65b9\u6cd5\uff08MITRE ATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1221\/\">T1221<\/a>\uff09\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/04\/figure-2.jpg\" alt=\"A picture containing food\n\nDescription automatically generated\"\/><figcaption> \u57162. \u4e0b\u8f09\u5e36\u6709\u60e1\u610f\u5de8\u96c6\u6587\u4ef6\u7bc4\u672c\u7684\u7a0b\u5f0f\u78bc <\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><br>\u6bcf\u6b21\u4e0b\u8f09\u7684\u6587\u4ef6\u7bc4\u672c\uff08\u4f7f\u7528dot\u683c\u5f0f\uff09\u90fd\u53ef\u80fd\u7565\u6709\u4e0d\u540c\u3002\u4f46\u5176Exif\u8cc7\u8a0a\u6216\u5f8c\u8a2d\u8cc7\u6599\u90fd\u4fdd\u6301\u4e00\u81f4\uff0c\u5171\u7528\u4e0b\u5217\u8cc7\u8a0a\uff1a<\/p>\n\n\n\n<ul><li>\u8b58\u5225\uff1aWord 8.0<\/li><li>\u8a9e\u8a00\uff1a\u4fc4\u6587<\/li><li>\u7cfb\u7d71\uff1aWindows<\/li><li>\u4f5c\u8005\uff1a\u0410\u0414\u041c\u0418\u041d\uff08\u4fc4\u8a9e\u4e2d\u7684\u201d\u7ba1\u7406\u54e1\u201d\uff09<\/li><li>\u5b57\u78bc\u9801\uff1aWindows\u897f\u91cc\u723e\u6587<\/li><\/ul>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/04\/figure-3.jpg\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><figcaption> \u57163. \u88ab\u4e0b\u8f09\u7bc4\u672c\u6587\u4ef6\u5167\u7684\u60e1\u610f\u5de8\u96c6\u6a23\u672c <\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><br>\u5982\u524d\u6240\u8ff0\uff0c\u7bc4\u672c\u5167\u5305\u542b\u4e86\u60e1\u610f\u5de8\u96c6\uff08MITRE ATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1064\/\">T1064<\/a>\uff09\uff0c\u5b83\u6703\u532f\u51faVBS\u7a0b\u5f0f\u78bc\uff08MITRE ATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1064\/\">T1064<\/a>\uff09\u4f86\u57f7\u884c\u81ea\u5df1\u3002\u5177\u9ad4\u5730\u8aaa\uff0c\u5b83\u6703\u5beb\u5728\u5de8\u96c6\u5167\u90e8\u7684VBS\u7a0b\u5f0f\u78bc\u690d\u5165%USERPROFILE%\\Documents\\MediaPlayer\\PlayList.vbs\uff0c\u7136\u5f8c\u7528\u201dwscript.exe \/\/b %USERPROFILE%\\Documents\\MediaPlayer\\PlayList.vbs\u201d\u57f7\u884c\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/04\/figure-4-1024x331.jpg\" alt=\"A screenshot of a cell phone\n\nDescription automatically generated\"\/><figcaption> \u57164. \u60e1\u610f\u5de8\u96c6\u6240\u690d\u5165VBS\u7684\u5167\u5bb9\u6a23\u672c <\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>PlayList.vbs\u5305\u542b\u6df7\u6dc6\u904e\u7684\u7a0b\u5f0f\u78bc\uff08MITRE ATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1140\/\">T1140<\/a>\uff09\uff0c\u6703\u5728\u89e3\u6df7\u6dc6\u5f8c\u57f7\u884c\u3002\u6b64\u884c\u70ba\u8207\u4e4b\u524d\u5831\u5c0e\u904e\u7684Gamaredon\u653b\u64ca\u7565\u6709\u4e0d\u540c\uff0c\u4e4b\u524d\u7684\u5831\u544a\u88e1\u6c92\u6709\u4f7f\u7528\u6b64\u6280\u8853\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/04\/figure-5.jpg\" alt=\"A screenshot of text\n\nDescription automatically generated\"\/><figcaption> \u57165. \u88ab\u57f7\u884c\u7684VBS\u6a23\u672c <\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\u57165\u986f\u793a\u7528Execute\u51fd\u5f0f\u57f7\u884c\u7684VBS\u7a0b\u5f0f\u78bc\u7247\u6bb5\u3002\u4e0b\u9762\u5217\u51fa\u4e86\u5b83\u7684\u884c\u70ba\u3002<\/p>\n\n\n\n<ol><li>\u52a0\u5165\u4e0b\u5217\u767b\u9304\u9375\u503c\u597d\u8b93\u6bcf\u6b21\u96fb\u8166\u555f\u52d5\u6642\u90fd\u6703\u57f7\u884cVBS\uff08MITRE ATT&amp;CK\u6846\u67b6ID T1060\uff09<ol><li>\u767b\u9304\u6a94\uff1aHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\MediaPlayer\nwscript.exe \/\/b \uff05USERPROFILE%\\Documents\\MediaPlayer\\PlayList.vbs<\/li><\/ol><\/li><li>\u9023\u5230hxxp:\/\/ kristom[.]hopto[.]org \/{computer\nname}_{hexadecimal volume serious number}\/help_05_03[.]php\uff08MITRE ATT&amp;CK\u6846\u67b6ID\n<a href=\"https:\/\/attack.mitre.org\/techniques\/T1043\/\">T1043<\/a>\u3001<a href=\"https:\/\/attack.mitre.org\/techniques\/T1071\/\">T1071<\/a>\u3001<a href=\"https:\/\/attack.mitre.org\/techniques\/T1082\/\">T1082<\/a>\uff09<\/li><li>\u5982\u679c\u7b2c\u4e00\u6b65\u88e1\u4e0b\u8f09\u7684\u6a94\u6848\u5927\u5c0f\u8d85\u904e10,485\u4f4d\u5143\uff0c\u8a72\u6a94\u6848\u6703\u88ab\u5b58\u6210%APPDATA%\\\\Microsoft\\Windows\\Cookies.txt\uff08MITRE\nATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1105\/\">T1105<\/a>\uff09<\/li><li>\u5c0d\u7b2c\u4e8c\u6b65\u6240\u5132\u5b58\u7684\u6a94\u6848\u4f7f\u7528XOR\u8655\u7406\uff0c\u9019\u88cf\u6703\u7528\u81ea\u5df1\u5341\u516d\u9032\u4f4d\u5377\u5e8f\u5217\u865f\u8f49\u63db\u7684ASCII\u78bc\u4f5c\u70ba\u91d1\u9470\u3002\u89e3\u5bc6\u7d50\u679c\u6703\u88ab\u5132\u5b58\u70ba%APPDATA%\\\\Microsoft\\Windows\\Cookies.exe\uff08<a href=\"https:\/\/attack.mitre.org\/techniques\/T1001\/\">T1001<\/a>\uff09<\/li><li>\u5982\u679c%APPDATA%\\\\Microsoft\\Windows\\Cookies.exe\u7684\u5927\u5c0f\u8d85\u904e4,485\u5b57\u5143\uff0c\u5247\u6703\u57f7\u884c\u8a72\u6a94\u6848\u3002<\/li><li>\u63a5\u8457\u201c%APPDATA%\\\\Microsoft\\Windows\\Cookies.txt\u201d\u548c\u201c%APPDATA%\\\\Microsoft\\Windows\\Cookies.exe\u201d\u90fd\u6703\u88ab\u522a\u9664\uff08MITRE\nATT&amp;CK\u6846\u67b6ID <a href=\"https:\/\/attack.mitre.org\/techniques\/T1107\/\">T1107<\/a>\uff09<\/li><\/ol>\n\n\n\n<p><br>\u5728\u6b64VBS\u89c0\u5bdf\u5230\u7684\u884c\u70ba\u8207\u5176\u4ed6\u7684Gamaredon\u5831\u544a\u76f8\u63a5\u8fd1\uff08\u5982\u9019\u4efd<a href=\"https:\/\/labs.sentinelone.com\/pro-russian-cyberspy-gamaredon-intensifies-ukrainian-security-targeting\/\">SentinelOne<\/a>\u7684\u5831\u544a\uff09\u3002\u4f46\u662f\u6b64\u6848\u4f8b\u88e1\u7684\u5de8\u96c6\u6240\u7522\u751fVBS\u6703\u7d93\u904e\u6df7\u6dc6\u8655\u7406\uff0c\u9019\u53ef\u80fd\u662f\u984d\u5916\u7684\u8eb2\u907f\u7b56\u7565\u3002<\/p>\n\n\n\n<p><br>\u6709\u610f\u601d\u7684\u662f\uff0c\u6211\u5011\u5728\u89e3\u78bcVBS\u5f8c\u767c\u73fe\u653b\u64ca\u8005\u4f3c\u4e4e\u51fa\u73fe\u7a0b\u5f0f\u64b0\u5beb\u4e0a\u7684\u932f\u8aa4\u3002\u57165\u5167\u7684\u7b2c53\u548c54\u884c\u662f\u7528\u4f86\u95dc\u9589\u5df2\u4e0b\u8f09\u548c\u89e3\u78bc\u7684TXT\u548cEXE\u6a94\u6848\uff0c\u9019\u4e9b\u6a94\u6848\u662f\u5728IF\u9673\u8ff0\u4e4b\u524d\u5b9a\u7fa9\u7684\u8b8a\u91cf\u3002\u4f46\u5982\u679c\u9019\u4e9b\u884c\u672a\u7d93\u904e\u6b64IF\u9673\u8ff0\u5247\u6703\u767c\u751f\u932f\u8aa4\u3002\u9019\u986f\u793a\u51fa\u6b64\u60e1\u610f\u8edf\u9ad4\u6c92\u6709\u7d93\u904e\u5145\u5206\u6e2c\u8a66\uff0c\u53ef\u80fd\u4ecd\u5728\u958b\u767c\u4e2d\u3002<\/p>\n\n\n\n<p><br>\u6211\u5011\u7684\u5206\u6790\u767c\u73fe\u4e86\u6578\u500b\u7528\u65bc\u7bc4\u672c\u6ce8\u5165\u548cVBS\u7684\u7db2\u5740\u3002\u5c07\u5176\u89e3\u6790\u6210IP\u5730\u5740\u597d\u4e86\u89e3\u5176\u653b\u64ca\u4f86\u6e90\u6642\uff0c\u6211\u5011\u767c\u73fe\u5b83\u5011\u90fd\u9023\u7d50\u5230\u4ee5\u4e0bIP\u5730\u5740\u3002<\/p>\n\n\n\n<ul><li>\u95dc\u65bc\u7bc4\u672c\u6ce8\u5165\uff1a176[.]119[.]147[.]225<\/li><li>\u95dc\u65bcVBS\uff1a176[.]57[.]215[.]115<\/li><\/ul>\n\n\n\n<p>\u9019\u4e9bIP\u5730\u5740\u4f86\u81ea\u4fc4\u7f85\u65af\u7db2\u8def\u8a17\u7ba1\u516c\u53f8\u3002\u653b\u64ca\u8005\u5f88\u53ef\u80fd\u79df\u7528\u4e86\u865b\u64ec\u5c08\u7528\u4f3a\u670d\u5668\uff08VPS\uff09\u4f5c\u70ba\u653b\u64ca\u57fa\u5730\u3002\u4ed6\u5011\u7d66VBS\u7684\u7db2\u5740\uff08\u5982\u4e0b\u6240\u793a\uff09\u53ef\u80fd\u5305\u542b\u4e86\u9032\u884c\u653b\u64ca\u6642\u7684\u8cc7\u6599\u3002<\/p>\n\n\n\n<ul><li>hxxp:\/\/{FQDN}\/{computer name}_{hexadecimal\nvolume serial number}\/help_{day}_{month}[.]php<\/li><\/ul>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u7d50\u8ad6<\/strong><\/h3>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Gameradon\u4e26\u975e\u7b2c\u4e00\u500b\u5229\u7528Covid-19\u4f5c\u5e4c\u5b50\u7684\u99ed\u5ba2\u96c6\u5718\u3002\u6709\u4e9b\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u958b\u59cb\u63a1\u53d6\u9593\u63a5\u7684\u7372\u5229\u624b\u6bb5\uff0c\u5982\u91dd\u5c0d\u90a3\u4e9b\u5728\u4f01\u696d\u8f49\u5411\u5728\u5bb6\u5de5\u4f5c\u5f8c\u8d8a\u4f86\u8d8a\u6d41\u884c\u7684<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer\/\">\u901a\u8a0a\u5e73\u53f0<\/a>\u3002\u800c\u5728\u6b64\u6848\u4f8b\u88e1\uff0c\u4ed6\u5011\u5229\u7528Covid-19\u4f86\u63a9\u8b77\u5176\u8f03\u5178\u578b\u7684APT\u884c\u70ba\u3002\u6211\u5011\u5efa\u8b70\u63a1\u53d6\u4e0b\u5217\u5c0d\u7b56\u4f86\u9632\u7bc4\u5c07\u4f86\u53ef\u80fd\u7684APT\u653b\u64ca\uff1a<\/p>\n\n\n\n<ul><li>\u5728\u4e0b\u8f09\u548c\u958b\u555f\u96fb\u5b50\u90f5\u4ef6\u9644\u4ef6\u6a94\u524d\u5148\u6aa2\u67e5\u96fb\u5b50\u90f5\u4ef6\u5bc4\u4ef6\u8005\u3001\u4e3b\u65e8\u548c\u672c\u6587\u662f\u5426\u5b58\u5728\u53ef\u7591\u5167\u5bb9\u3002\u5c24\u5176\u8981\u5c0f\u5fc3\u672a\u77e5\u767c\u4ef6\u4eba\u4e0d\u8acb\u81ea\u4f86\u7684\u96fb\u5b50\u90f5\u4ef6\u3002<\/li><li>\u6aa2\u67e5\u9644\u4ef6\u6a94\u7684\u526f\u6a94\u540d\uff0c\u4e26\u78ba\u8a8d\u5b83\u662f\u9810\u671f\u7684\u6a94\u6848\u683c\u5f0f\u3002<\/li><li>\u907f\u514d\u70ba\u4efb\u4f55\u9644\u52a0\u7684Microsoft Office\u6a94\u6848\u555f\u7528\u5de8\u96c6\uff0c\u7279\u5225\u662f\u90a3\u4e9b\u53ea\u6709\u5716\u7247\u6216\u6c92\u6709\u4efb\u4f55\u5167\u5bb9\u537b\u8981\u6c42\u555f\u7528\u5de8\u96c6\u7684\u96fb\u5b50\u90f5\u4ef6\u3002<\/li><li>\u958b\u555f\u96fb\u5b50\u90f5\u4ef6\u524d\u8acb\u6ce8\u610f\u90f5\u4ef6\u5167\u53ef\u80fd\u7684\u507d\u9020\u7db2\u57df\u3002\u5c0d\u5e38\u7528\u7db2\u5740\u7684\u7d30\u5fae\u66f4\u52d5\u53ef\u80fd\u662f\u60e1\u610f\u5167\u5bb9\u7684\u4e00\u7a2e\u6307\u6a19\u3002<\/li><\/ul>\n\n\n\n<p>\u9664\u4e86\u9019\u4e9b\u52d5\u4f5c\uff0c\u4f7f\u7528\u8005\u9084\u53ef\u4ee5\u5be6\u65bd\u591a\u5c64\u6b21\u9632\u8b77\u4e26\u5229\u7528\u5e95\u4e0b\u9019\u4e9b\u89e3\u6c7a\u65b9\u6848\u3002<\/p>\n\n\n\n<ul><li><a href=\"https:\/\/www.trendmicro.tw\/tw\/business\/complete-software-protection\/index.html\">Smart Protection Network&#x2122;<\/a>\u548c<a href=\"https:\/\/www.trendmicro.tw\/tw\/small-business\/worry-free-pro\/\">Worry-Free Pro<\/a>\u53ef\u4ee5\u5075\u6e2c\u60e1\u610f\u6a94\u6848\u548c\u5783\u573e\u90f5\u4ef6\u4e26\u5c01\u9396\u6240\u6709\u76f8\u95dc\u60e1\u610f\u7db2\u5740\u4f86\u4fdd\u8b77\u4f7f\u7528\u8005\u548c\u4f01\u696d\u62b5\u79a6\u985e\u4f3c\u5a01\u8105\u3002<a href=\"https:\/\/t.rend.tw\/?i=NDIwMw==\">\u8da8\u52e2\u79d1\u6280Deep Discovery\u9032\u968e\u7db2\u8def\u5b89\u5168\u9632\u8b77<\/a> \u5177\u5099\u96fb\u5b50\u90f5\u4ef6\u6aa2\u67e5\u5c64\uff0c\u53ef\u4ee5\u7d93\u7531\u5075\u6e2c\u60e1\u610f\u9644\u4ef6\u6a94\u548c\u7db2\u5740\u4f86\u4fdd\u8b77\u4f01\u696d\u3002<\/li><li>\u8da8\u52e2\u79d1\u6280\u7684Hosted Email Security\u662f\u4e00\u7a2e\u7121\u9700\u7dad\u8b77\u7684\u96f2\u7aef\u89e3\u6c7a\u65b9\u6848\uff0c\u53ef\u6301\u7e8c\u5730\u66f4\u65b0\u9632\u8b77\uff0c\u5728\u5783\u573e\u90f5\u4ef6\u3001\u60e1\u610f\u8edf\u9ad4\u3001\u9b5a\u53c9\u5f0f\u91e3\u9b5a\u90f5\u4ef6\u3001\u52d2\u7d22\u75c5\u6bd2\u548c\u9032\u968e\u91dd\u5c0d\u6027\u653b\u64ca\u9032\u5165\u4f01\u696d\u7db2\u8def\u524d\u5148\u52a0\u4ee5\u5c01\u9396\u3002\u5b83\u53ef\u4ee5\u4fdd\u8b77Microsoft Exchange\uff0c<a href=\"https:\/\/www.trendmicro.com\/us\/business\/saas\/cloud-app-security\/office-365\/index.html?_ga=2.201808019.349025527.1587269419-1177115081.1583386913\">Microsoft Office 365<\/a>\uff0cGoogle Apps\u548c\u5176\u4ed6\u96f2\u7aef\u6216\u672c\u5730\u7aef\u96fb\u5b50\u90f5\u4ef6\u89e3\u6c7a\u65b9\u6848\u3002<\/li><li>\u5177\u5099<a href=\"https:\/\/www.trendmicro.tw\/business\/xgen-security.html\">\u8da8\u52e2\u79d1\u6280\u7684XGen\u5b89\u5168\u9632\u8b77\u6280\u8853<\/a>\u7aef\u9ede\u5b89\u5168\u9632\u8b77\u6280\u8853\u7684<a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/product-security\/officescan\/index.html\">\u8da8\u52e2\u79d1\u6280OfficeScan<\/a>\u878d\u5408\u4e86\u9ad8\u4fdd\u771f\u6a5f\u5668\u5b78\u7fd2\u8207\u5176\u4ed6\u5075\u6e2c\u6280\u8853\u548c\u5168\u7403\u5a01\u8105\u60c5\u5831\u4f86\u505a\u5230\u5168\u9762\u6027\u5730\u9632\u79a6\u9032\u968e\u60e1\u610f\u8edf\u9ad4\u3002<\/li><li><ins><a href=\"https:\/\/t.rend.tw\/?i=Nzk0NA\">\u8da8\u52e2\u79d1\u6280\u5168\u9762\u5075\u6e2c\u53ca\u56de\u61c9(XDR)<\/a><\/ins>\u89e3\u6c7a\u65b9\u6848\u80fd\u5920\u6709\u6548\u5730\u4fdd\u8b77\u6240\u9023\u7d50\u7684\u96fb\u5b50\u90f5\u4ef6\u3001\u7aef\u9ede\u3001\u4f3a\u670d\u5668\u3001\u96f2\u7aef\u5de5\u4f5c\u8ca0\u8f09\u548c\u7db2\u8def\u3002\u8da8\u52e2\u79d1\u6280XDR\u4f7f\u7528\u529f\u80fd\u5f37\u5927\u7684\u4eba\u5de5\u667a\u6167\uff08AI\uff09\u548c\u5c08\u5bb6\u5b89\u5168\u5206\u6790\u4f86\u95dc\u806f\u8cc7\u6599\uff0c\u80fd\u5920\u63d0\u4f9b\u6578\u91cf\u66f4\u5c11\u537b\u6709\u66f4\u9ad8\u4fdd\u771f\u5ea6\u7684\u8b66\u5831\u4f86\u9032\u884c\u65e9\u671f\u5a01\u8105\u5075\u6e2c\u3002\u900f\u904e\u55ae\u4e00\u4e3b\u63a7\u53f0\u63d0\u4f9b\u5c0d\u6574\u9ad4\u4f01\u696d\u7cfb\u7d71\u66f4\u5168\u9762\u7684\u80fd\u898b\u5ea6\uff0c\u540c\u6642\u63d0\u4f9b\u66f4\u52a0\u5c08\u6ce8\u53ca\u6700\u4f73\u5316\u7684\u5404\u7a2e\u8b66\u5831\u3002<\/li><\/ul>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u5165\u4fb5\u6307\u6a19\uff08IoC\uff09<\/h3>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td>\n  <strong>DOCX<\/strong><strong>\u6a94\u6848<\/strong>\n  <\/td><\/tr><tr><td>\n  SHA256\n  <\/td><td>\n  \u5075\u6e2c\u540d\u7a31\n  <\/td><\/tr><tr><td>\n  0d90fe36866ee30eb5e4fd98583bc2fdb5b7da37e42692f390ac5f807a13f057\n  <\/td><td>\n  W97M_CVE20170199.ZYHC-A\n  <\/td><\/tr><tr><td>\n  036c2088cb48215f21d4f7d751d750b859d57018c04f6cadd45c0c4fee23a9f8\n  <\/td><td>\n  Trojan.W97M.CVE20170199.PG\n  <\/td><\/tr><tr><td>\n  19d03a25af5b71e859561ff8ccc0a073acb9c61b987bdb28395339f72baf46b4\n  <\/td><td>\n  <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Trojan.XML.PHISH.AE\" target=\"_blank\" rel=\"noreferrer noopener\">Trojan.XML.PHISH.AE<\/a>\n  <\/td><\/tr><tr><td>\n  62cf22f840fffd8d8781e52b492b03b4efc835571b48823b07535d52b182e861\n  <\/td><td>\n  <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/W97M_VBSDOWNLDR.ZYHC-A\" target=\"_blank\" rel=\"noreferrer noopener\">W97M_CVE20170199.ZKHC-A<\/a>\n  <\/td><\/tr><tr><td>\n  8310d39aa1cdd13ca82c769d61049310f8ddaea7cd2c3b940a8a3c248e5e7b06\n  <\/td><td>\n  Trojan.W97M.CVE20170199.PF\n  <\/td><\/tr><tr><td>\n  84e0b1d94a43c87de55c000e3acae17f4493a57badda3b27146ad8ed0f90c93e\n  <\/td><td>\n  Trojan.W97M.CVE20170199.PG\n  <\/td><\/tr><tr><td>\n  85267e52016b6124e4e42f8b52e68475174c8a2bdf0bc0b501e058e2d388a819\n  <\/td><td>\n  Trojan.W97M.CVE20170199.PF\n  <\/td><\/tr><tr><td>\n  b6a94f565d482906be7da4d801153eb4dab46d92f43be3e1d59ddd2c7f328109\n  <\/td><td>\n  Trojan.W97M.CVE20170199.PF\n  <\/td><\/tr><tr><td>\n  cc775e3cf1a64effa55570715b73413c3ea3a6b47764a998b1272b5be059c25b\n  <\/td><td>\n  Trojan.W97M.CVE20170199.PF\n  <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td>\n  <strong>DOT<\/strong><strong>\u6a94\u6848<\/strong>\n  <\/td><\/tr><tr><td>\n  <strong>SHA256<\/strong>\n  <\/td><td>\n  <strong>\u5075\u6e2c\u540d\u7a31<\/strong>\n  <\/td><td>\n  <strong>TrendX<\/strong>\n  <\/td><\/tr><tr><td>\n  00b761bce25594da4c760574d224589daf01086c5637042982767a13a2f61bea\n  <\/td><td>\n  Mal_OLEMAL-4\n  <\/td><td>\n  Downloader.VBA.TRX.XXVBAF01FF007\n  <\/td><\/tr><tr><td>\n  250b09f87fe506fbc6cedf9dbfcb594f7795ed0e02f982b5837334f09e8a184b\n  <\/td><td>\n  Mal_OLEMAL-4\n  <\/td><\/tr><tr><td>\n  4b3ae36b04d6aba70089cb2099e6bc1ba16d16ea24bbf09992f23260151b9faf\n  <\/td><td>\n  Mal_OLEMAL-4\n  <\/td><\/tr><tr><td>\n  946405e2f26e1cc0bd22bc7e12d403da939f02e9c4d8ddd012f049cf4bf1fda9\n  <\/td><td>\n  Mal_OLEMAL-4\n  <\/td><\/tr><tr><td>\n  9cd5fa89d579a664c28da16064057096a5703773cef0a079f228f21a4b7fd5d2\n  <\/td><td>\n  Mal_OLEMAL-4\n  <\/td><\/tr><tr><td>\n  c089ccd376c9a4d5e5bdd553181ab4821d2c26fefc299cce7a4f023a660484d5\n  <\/td><td>\n  Mal_OLEMAL-4\n  <\/td><\/tr><tr><td>\n  e888b5e657b41d45ef0b2ed939e27ff9ea3a11c46946e31372cf26d92361c012\n  <\/td><td>\n  W97M_VBSDOWNLDR.ZKHC-A\n  <\/td><\/tr><tr><td>\n  f577d2b97963b717981c01b535f257e03688ff4a918aa66352aa9cd31845b67d\n  <\/td><td>\n  W97M_VBSDOWNLDR.ZYHC-A\n  <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<style>\n   table {border-collapse:collapse; table-layout:fixed; width:310px;}\n   table td {border:solid 1px ; width:100px; word-wrap:break-word;}\n   <\/style>\n\n<figure class=\"wp-block-table\"><table  class=\" table table-hover\" ><tbody><tr><td>\n  <strong>SHA256<\/strong>\n  <\/td><td>\n  <strong>\u5075\u6e2c\u540d\u7a31<\/strong>\n  <\/td><td>\n  <strong>TrendX<\/strong>\n  <\/td><\/tr><tr><td>\n  17161e0ab3907f637c2202a384de67fca49171c79b1b24db7c78a4680637e3d5\n  <\/td><td>\n  Trojan.X97M.CVE201711882.THCOCBO\n  <\/td><td>\n  Downloader.VBA.TRX.XXVBAF01FF006\n  <\/td><\/tr><tr><td>\n  29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923\n  <\/td><td>\n  <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/TrojanSpy.Win32.FAREIT.UHBAZCLIZ\" target=\"_blank\" rel=\"noreferrer noopener\">TrojanSpy.Win32.FAREIT.UHBAZCLIZ<\/a>\n  <\/td><td>\n  N\/A\n  <\/td><\/tr><tr><td>\n  315e297ac510f3f2a60176f9c12fcf92681bbad758135767ba805cdea830b9ee\n  <\/td><td>\n  Trojan.X97M.CVE201711882.THCOCBO\n  <\/td><td>\n  Downloader.VBA.TRX.XXVBAF01FF006\n  <\/td><\/tr><tr><td>\n  3e6166a6961bc7c23d316ea9bca87d8287a4044865c3e73064054e805ef5ca1a\n  <\/td><td>\n  <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Backdoor.Win32.REMCOS.USMANEAGFG\" target=\"_blank\" rel=\"noreferrer noopener\">Backdoor.Win32.REMCOS.USMANEAGFG<\/a>\n  <\/td><td>\n  Troj.Win32.TRX.XXPE50FFF034\n  <\/td><\/tr><tr><td>\n  3f40d4a0d0fe1eea58fa1c71308431b5c2ce6e381cacc7291e501f4eed57bfd2\n  <\/td><td>\n  <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Trojan.MSIL.AGENTTESLA.THCOCBO\" target=\"_blank\" rel=\"noreferrer noopener\">Trojan.MSIL.AGENTTESLA.THCOCBO<\/a>\n  <\/td><td>\n  N\/A\n  <\/td><\/tr><tr><td>\n  ab533d6ca0c2be8860a0f7fbfc7820ffd595edc63e540ff4c5991808da6a257d\n  <\/td><td>\n  Trojan.X97M.CVE201711882.THCOCBO\n  <\/td><td>\n  N\/A\n  <\/td><\/tr><tr><td>\n  b78a3d21325d3db7470fbf1a6d254e23d349531fca4d7f458b33ca93c91e61cd\n  <\/td><td>\n  Backdoor.Win32.REMCOS.USMANEAGFE\n  <\/td><td>\n  Troj.Win32.TRX.XXPE50FFF034\n  <\/td><\/tr><tr><td>\n  c9c0180eba2a712f1aba1303b90cbf12c1117451ce13b68715931abc437b10cd\n  <\/td><td>\n  <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/TrojanSpy.Win32.FAREIT.UHBAZCLIZ\" target=\"_blank\" rel=\"noreferrer noopener\">TrojanSpy.Win32.FAREIT.UHBAZCLIZ<\/a>\n  <\/td><td>\n  Troj.Win32.TRX.XXPE50FFF034\n  <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>C&amp;C\u5730\u5740<\/p>\n\n\n\n<ul><li>Bambinos[.]bounceme[.]net<\/li><li>bbtt[.]site<\/li><li>bbtt[.]space<\/li><li>harpa[.]site<\/li><li>harpa[.]space<\/li><li>harpa[.]website<\/li><li>himym[.]site<\/li><li>kristoffer[.]hopto[.]org<\/li><li>kristom[.]hopto[.]org<\/li><li>miragena[.]site<\/li><li>miragena[.]xyz<\/li><li>papir[.]hopto[.]org<\/li><li>sabdja[.]3utilities[.]com<\/li><li>sakira[.]3utilities[.]com<\/li><li>seliconos[.]3utilities[.]com<\/li><li>solod[.]bounceme[.]net<\/li><li>sonik[.]hopto[.]org<\/li><li>tele[.]3utilities[.]com<\/li><li>violina[.]website<\/li><li>voyager[.]myftp[.]biz<\/li><li>voyaget[.]myftp[.]biz<\/li><\/ul>\n\n\n\n<p>MITRE\nATT&amp;CK\u6846\u67b6<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2020\/04\/mitre-1024x478.jpg\" alt=\"A screenshot of a social media post\n\nDescription automatically generated\"\/><\/figure>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/gamaredon-apt-group-use-covid-19-lure-in-campaigns\/\">Gamaredon APT Group Use Covid-19 Lure in\nCampaigns<\/a> \u4f5c\u8005\uff1aHiroyuki Kakara\u548cErina\nMaruyama\uff08<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/trend-micro\/\">\u8da8\u52e2\u79d1\u6280<\/a>\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gamaredon\u662f\u5f9e2013\u5e74\u8d77\u5c31\u4e00\u76f4\u6d3b\u8e8d\u7684APT\u9032\u968e\u6301\u7e8c\u653b\u64ca \u99ed\u5ba2\u96c6\u5718\u3002\u5b83\u6700\u77e5\u540d\u7684\u5c31\u662f\u6703\u91dd\u5c0d\u70cf\u514b\u862d\u7684\u653f\u5e9c\u6a5f [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[10,1301,4547],"tags":[45,4570,2344,4537,4529,4569],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/64059"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=64059"}],"version-history":[{"count":3,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/64059\/revisions"}],"predecessor-version":[{"id":70878,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/64059\/revisions\/70878"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=64059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=64059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=64059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}