{"id":8252,"date":"2014-05-21T09:00:16","date_gmt":"2014-05-21T01:00:16","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=8252"},"modified":"2015-01-08T10:13:29","modified_gmt":"2015-01-08T02:13:29","slug":"apt-%e6%94%bb%e6%93%8a-%e7%9b%ae%e6%a8%99%e6%94%bb%e6%93%8a%e5%88%a9%e7%94%a8%e6%9c%80%e6%96%b0%e7%9a%84%e5%be%ae%e8%bb%9fword%e9%9b%b6%e6%99%82%e5%b7%ae%e6%bc%8f%e6%b4%9e%e9%87%9d%e5%b0%8d","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=8252","title":{"rendered":"< APT \u653b\u64ca > \u5229\u7528\u5fae\u8edfWord\u96f6\u6642\u5dee\u6f0f\u6d1e,\u9396\u5b9a\u53f0\u7063\u653f\u5e9c\u6a5f\u69cb\u767c\u52d5\u653b\u64ca(\u542b\u793e\u4ea4\u5de5\u7a0b\u4fe1\u4ef6\u6a23\u672c)"},"content":{"rendered":"

\u6f0f\u6d1e\uff0c\u7279\u5225\u662f\u96f6\u6642\u5dee\u6f0f\u6d1e\uff0c\u7d93\u5e38\u6703\u88ab\u60e1\u610f\u4efd\u5b50\u7528\u4f5c\u76ee\u6a19\u653b\u64ca<\/a>\u7684\u8d77\u59cb\u9ede\u3002\u5f71\u97ff\u5fae\u8edfWord\u7684\u96f6\u6642\u5dee\uff08\u5728\u7576\u6642\uff09\u6f0f\u6d1e<\/a>\uff08CVE-2014-1761<\/a>\uff09\u5c31\u662f\u4e00\u500b\u4f8b\u5b50\u3002\u5728\u4e09\u6708\u6240\u767c\u4f48\u7684\u8cc7\u5b89\u901a\u5831<\/a>\u88e1\uff0c\u5fae\u8edf\u81ea\u5df1\u627f\u8a8d\u8a72\u6f0f\u6d1e\u88ab\u7528\u5728\u300c\u6709\u9650\u7684\u76ee\u6a19\u653b\u64ca\u300d\u88e1\u3002\u5fae\u8edf\u56e0\u6b64\u5728\u5176\u56db\u6708\u7684\u9031\u4e8c\u4fee\u88dc\u7a0b\u5f0f<\/a>\u88e1\u4fee\u88dc\u4e86\u6b64\u4e00\u6f0f\u6d1e\u3002<\/p>\n

\"\u6f0f\u6d1e<\/a><\/p>\n

\u7136\u800c\uff0c\u51fa\u73fe\u4fee\u88dc\u7a0b\u5f0f\u4e26\u4e0d\u6703\u5687\u963b\u60e1\u610f\u4efd\u5b50\u53bb\u5229\u7528\u6b64\u6f0f\u6d1e\u3002\u8da8\u52e2\u79d1\u6280<\/a>\u9084\u662f\u770b\u5230\u6709APT\u653b\u64ca-\u9032\u968e\u6301\u7e8c\u6027\u6ef2\u900f\u653b\u64ca (Advanced Persistent Threat, APT) \/\u76ee\u6a19\u653b\u64ca<\/a>\u5728\u4ed6\u5011\u7684\u653b\u64ca\u6d3b\u52d5\u88e1\u5229\u7528\u6b64\u4e00\u6f0f\u6d1e\u3002<\/p>\n

Taidoor<\/i><\/b>\u9023\u7dda:\u507d\u88dd<\/i><\/b>\u53f0\u7063\u653f\u5e9c\u90e8\u9580\u548c\u6559\u80b2\u55ae\u4f4d\u767c\u51fa\u5168\u570b\u6c11\u8abf, \u670d\u8cbf\u8b70\u984c\u88ab\u64cd\u4f5c<\/b><\/p>\n

\u6211\u5011\u770b\u5230\u4e86\u5169\u8d77\u91dd\u5c0d\u53f0\u7063\u653f\u5e9c\u90e8\u9580\u548c\u4e00\u500b\u6559\u80b2\u55ae\u4f4d\u7684\u653b\u64ca\u3002\u7b2c\u4e00\u8d77\u653b\u64ca\u4f7f\u7528\u593e\u5e36\u60e1\u610f\u9644\u4ef6\u6a94\u7684\u96fb\u5b50\u90f5\u4ef6\uff0c\u6b64\u90f5\u4ef6\u507d\u88dd\u6210\u4f86\u81ea\u653f\u5e9c\u54e1\u5de5\u3002\u9644\u4ef6\u6a94\u6a19\u984c\u507d\u88dd\u6210\u4e00\u4efd\u5168\u570b\u6027\u6c11\u8abf\u4f86\u589e\u52a0\u8aaa\u670d\u529b\u3002\u6b64\u9644\u4ef6\u5176\u5be6\u662f\u88ab\u5075\u6e2c\u70baTROJ_ARTIEF.ZTBD-R\u7684\u6f0f\u6d1e\u653b\u64ca\u7a0b\u5f0f\u3002\u5b83\u6703\u7522\u751f\u88ab\u5075\u6e2c\u70baBKDR_SIMBOTDRP.ZTBD-R\u7684\u6a94\u6848\uff0c\u63a5\u8457\u518d\u7522\u751f\u5169\u500b\u6a94\u6848 \u2013 TROJ_SIMBOTLDR.ZTBD-R\u548cTROJ_SIMBOTENC.ZTBD-R\u3002\u9019\u5169\u500b\u6a94\u6848\u6700\u5f8c\u6703\u5c0e\u81f4\u88ab\u5075\u6e2c\u70baBKDR_SIMBOT.SMC\u7684\u6700\u7d42\u7d50\u679c\u3002<\/p>\n

\"\"<\/p>\n

 <\/p>\n

\u7b2c\u4e8c\u8d77APT\u653b\u64ca<\/a>\u7684\u6559\u80b2\u55ae\u4f4d\u4e5f\u662f\u5728\u53f0\u7063\u3002\u6b64\u6ce2\u653b\u64ca\u5229\u7528\u96fb\u5b50\u90f5\u4ef6\u9644\u52a0\u6a94\u6848\u4f86\u53d6\u5f97\u5c0d\u6536\u4ef6\u8005\u96fb\u8166\u548c\u7db2\u8def\u7684\u5b58\u53d6\u80fd\u529b\u3002\u9019\u5c01\u96fb\u5b50\u90f5\u4ef6\u8a0e\u8ad6\u4e86\u670d\u8cbf\u8b70\u984c\uff0c\u800c\u9644\u4ef6\u6a94\u548c\u4e00\u500b\u5de5\u4f5c\u5c08\u6848\u6709\u4e9b\u95dc\u4fc2\u3002\u8ddf\u7b2c\u4e00\u500b\u6848\u4f8b\u985e\u4f3c\uff0c\u6b64\u9644\u4ef6\u6a94\u4e5f\u662f\u88ab\u5075\u6e2c\u70baTROJ_ARTIEF.ZTBD-PB\u7684\u6f0f\u6d1e\u653b\u64ca\u7a0b\u5f0f\u3002\u5b83\u6703\u7522\u751f\u4e00\u500b\u88ab\u5075\u6e2c\u70baBKDR_SIMBOT.ZTBD-PB\u7684\u5f8c\u9580\u7a0b\u5f0f\u3002\u4e00\u65e6\u57f7\u884c\uff0c\u6b64\u4e00\u60e1\u610f\u8edf\u9ad4\u53ef\u4ee5\u57f7\u884c\u6307\u4ee4\u4f86\u641c\u5c0b\u6b32\u7aca\u53d6\u7684\u6a94\u6848\u3001\u53d6\u51fa\u6a94\u6848\u4ee5\u7372\u5229\u4ee5\u53ca\u9032\u884c\u6a6b\u5411\u79fb\u52d5\u3002<\/p>\n

\"\"<\/p>\n

\u6211\u5011\u5df2\u7d93\u78ba\u5b9a\u9019\u5169\u500b\u653b\u64ca\u8ddfTaidoor<\/a>\u6709\u95dc\uff08\u4e00\u500b\u81ea2009\u5e74\u5c31\u958b\u59cb\u6d3b\u8e8d\u7684\u653b\u64ca\u6d3b\u52d5\uff09\uff0c\u56e0\u70ba\u7db2\u8def\u6d41\u91cf\u7d50\u69cb\u985e\u4f3c\u3002\u4e0a\u8ff0\u653b\u64ca\u548c\u4e4b\u524d\u7684\u653b\u64ca\u6d3b\u52d5\u6709\u8457\u76f8\u540c\u7684\u7279\u6027\uff0c\u4e0d\u7ba1\u662f\u76ee\u6a19\u3001\u793e\u4ea4\u5de5\u7a0b\uff08<\/span>social<\/a> engineering <\/span>\uff09<\/span>\u8a98\u990c\u4ee5\u53ca\u4f7f\u7528\uff08\u96f6\u6642\u5dee\u6f0f\u6d1e\uff09\u7684\u6280\u8853\u3002<\/p>\n

\u5f8c\u7e8c\u7684PlugX:<\/i><\/b>\u507d\u88dd\u6210\u4f86\u81ea\u53f0\u7063\u67d0\u51fa\u7248\u793e\u7684\u65b0\u66f8\u5217\u8868<\/b><\/p>\n

\u53e6\u4e00\u8d77\u6211\u5011\u770b\u5230\u5229\u7528CVE-2014-1761\u7684\u653b\u64ca\u91dd\u5c0d\u5728\u53f0\u7063\u7684\u90f5\u4ef6\u670d\u52d9\u3002\u5c31\u8ddf\u5176\u4ed6\u653b\u64ca\u4e00\u6a23\uff0c\u6b64\u4e00\u653b\u64ca\u5229\u7528\u96fb\u5b50\u90f5\u4ef6\u9644\u52a0\u6a94\u6848\u4f86\u9032\u5165\u7db2\u8def\u3002\u96fb\u5b50\u90f5\u4ef6\u9644\u52a0\u6a94\u6848\u507d\u88dd\u6210\u4f86\u81ea\u4e00\u51fa\u7248\u793e\u7684\u65b0\u66f8\u5217\u8868\u3002\u9019\u6a23\u505a\u662f\u70ba\u4e86\u5f15\u8d77\u6536\u4ef6\u8005\u7684\u8208\u8da3\u3002<\/p>\n

\"\"<\/p>\n

\u6b64\u9644\u4ef6\u6a94\u5176\u5be6\u662f\u5075\u6e2c\u70baTROJ_ARTIEF.ZTBD-A\u7684\u6f0f\u6d1e\u653b\u64ca\u7a0b\u5f0f\uff0c\u6703\u7522\u751f\u88ab\u5075\u6e2c\u70baTROJ_PLUGXDRP.ZTBD\u7684PlugX\u60e1\u610f\u8edf\u9ad4<\/a>\u3002\u5b83\u6703\u7522\u751f\u88ab\u5075\u6e2c\u70baBKDR_PLUGX.ZTBD\u7684\u60e1\u610f\u7a0b\u5f0f\uff0c\u6b64\u7a0b\u5f0f\u53ef\u4ee5\u9032\u884c\u5ee3\u6cdb\u7684\u8cc7\u6599\u7aca\u53d6\u884c\u70ba\uff0c\u5305\u62ec\uff1a<\/p>\n