{"id":32183,"date":"2022-07-07T15:30:38","date_gmt":"2022-07-07T07:30:38","guid":{"rendered":"https:\/\/www.sungean.com.tw\/?p=32183"},"modified":"2023-03-15T15:12:58","modified_gmt":"2023-03-15T07:12:58","slug":"microsoft%e3%80%81%e7%b6%b2%e8%b7%af%e3%80%81%e8%b3%87%e8%a8%8a%e5%ae%89%e5%85%a8raspberry-robin-%e9%ab%98%e9%a2%a8%e9%9a%aa%e8%a0%95%e8%9f%b2%e5%86%8d%e8%b5%b7%ef%bc%81%e6%95%b8%e7%99%be%e5%ae%b6","status":"publish","type":"post","link":"https:\/\/winome.com.tw\/?p=32183","title":{"rendered":"Raspberry Robin \u9ad8\u98a8\u96aa\u8815\u87f2\u518d\u8d77\uff01\u6578\u767e\u5bb6\u5fae\u8edf\u79d1\u6280\u696d\u53ca\u88fd\u9020\u696d\u5ba2\u6236\u7db2\u8def\u906d\u5165\u4fb5"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"32183\" class=\"elementor elementor-32183\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0869056 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"0869056\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6d1956c\" data-id=\"6d1956c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a206ec5 elementor-align-start elementor-widget__width-auto elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"a206ec5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\"><\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb66b75 elementor-widget elementor-widget-text-editor\" data-id=\"eb66b75\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"line-height: 18.75pt; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; text-align: left;\" align=\"center\">\u4f5c\u8005 Evan | \u767c\u5e03\u65e5\u671f 2022 \u5e74 07 \u6708 07 \u65e5 7:45 [Microsoft\u3001\u7db2\u8def\u3001\u8cc7\u8a0a\u5b89\u5168]<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5aed611 elementor-widget elementor-widget-text-editor\" data-id=\"5aed611\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u3000\u3000\u5fae\u8edf\u6307\u51fa\uff0c\u8a31\u591a\u79d1\u6280\u696d\u53ca\u88fd\u9020\u696d\u7b49\u9867\u5ba2\u7db2\u8def\u767c\u73fe Raspberry Robin\uff08\u6a39\u8393\u77e5\u66f4\u9ce5\uff09\u7684 Windows \u8815\u87f2\uff0c\u57fa\u672c\u900f\u904e\u53d7\u611f\u67d3 USB \u88dd\u7f6e\u6563\u64ad\uff0c\u96d6\u7136\u5fae\u8edf\u4e5f\u89c0\u5bdf\u5230\u60e1\u610f\u8edf\u9ad4\u9023\u7d50\u5230\u6d0b\u8525\u7db2\u8def\uff08Tor Network\uff09\u670d\u52d9\u4e00\u4e9b\u7db2\u8def\u4f4d\u5740\uff0c\u4f46\u5a01\u8105\u767c\u52d5\u8005\u5c1a\u672a\u5229\u7528\u53d6\u5f97\u6b0a\u9650\u5b58\u53d6\u53d7\u5bb3\u8005\u7db2\u8def\u3002\u6709\u9451\u65bc\u60e1\u610f\u8edf\u9ad4\u80fd\u900f\u904e\u5408\u6cd5 Windows \u5de5\u5177\u898f\u907f\u53d7\u611f\u67d3\u7cfb\u7d71\u4f7f\u7528\u8005\u5e33\u865f\u63a7\u5236\uff08User Account Control\uff0cUAC\uff09\u529f\u80fd\uff0c\u6240\u4ee5\u53ef\u8f15\u6613\u64f4\u5927\u653b\u64ca\u898f\u6a21\u3002<\/p>\n<p>\u3000\u3000Raspberry Robin \u8815\u87f2\u662f\u7531\u5075\u6e2c\u53ca\u61c9\u8b8a\u4ee3\u7ba1\u670d\u52d9\u4f9b\u61c9\u5546 Red Canary \u65d7\u4e0b\u7db2\u5b89\u60c5\u5831\u5206\u6790\u5e2b\u5148\u5728 2021 \u5e74 9 \u6708\u767c\u73fe\u3002\u63a5\u8457\u53bb\u5e74 11 \u6708\u521d\uff0c\u7db2\u8def\u5b89\u5168\u516c\u53f8 Sekoia \u89c0\u5bdf\u5230\u60e1\u610f\u8edf\u9ad4\u5c07 QNAP NAS \u8a2d\u5099\u52ab\u6301\u7576\u6210\u4e3b\u63a7\u4f3a\u670d\u5668\uff08C&amp;C Server \u6216 C2 Server\uff09\uff0c\u5fae\u8edf\u5247\u767c\u73fe\u8207\u8815\u87f2\u6709\u95dc\u4e14\u65bc 2019 \u5e74\u5efa\u7acb\u7684\u60e1\u610f\u539f\u59cb\u78bc\u3002<\/p>\n<p>\u3000\u3000\u5c31\u50b3\u64ad\u9014\u5f91\u800c\u8a00\uff0cRaspberry Robin \u8815\u87f2\u6703\u900f\u904e\u542b\u60e1\u610f .LNK \u6a94\u7684\u611f\u67d3 USB \u96a8\u8eab\u789f\u6563\u64ad\u81f3\u65b0 Windows \u7cfb\u7d71\u3002\u4e00\u65e6\u4f7f\u7528\u8005\u5c07\u53d7\u611f\u67d3 USB \u96a8\u8eab\u789f\u63d2\u5165\u96fb\u8166\u4e26\u9ede\u64ca\u9023\u7d50\uff0c\u8815\u87f2\u6703\u89f8\u767c msiexec \u7a0b\u5e8f\uff0c\u4f7f\u7528 cmd.exe \u555f\u52d5\u96a8\u8eab\u789f\u7684\u60e1\u610f\u6a94\u6848\u3002<\/p>\n<p>\u3000\u3000\u63a5\u8457\u5b83\u6703\u611f\u67d3\u65b0 Windows \u88dd\u7f6e\uff0c\u8207\u81ea\u5df1 C2 \u4e3b\u63a7\u4f3a\u670d\u5668\u901a\u8a0a\uff0c\u4e26\u900f\u904e fodhelper \u53ca msiexec \u7b49\u8a31\u591a\u5408\u6cd5 Windows \u5de5\u5177\u8edf\u9ad4\u57f7\u884c\u60e1\u610f\u5c01\u5305\u8ca0\u8f09\uff08payload\uff09\u3002\u96d6\u7136 msiexec.exe \u6a94\u6703\u4e0b\u8f09\u4e26\u57f7\u884c\u5408\u6cd5\u5b89\u88dd\u5957\u4ef6\uff0c\u4f46\u99ed\u5ba2\u4e5f\u6703\u900f\u904e\u5b83\u6563\u64ad\u60e1\u610f\u8edf\u9ad4\u3002\u5982 Raspberry Robin \u8815\u87f2\u5c31\u6703\u900f\u904e msiexec.exe \u5617\u8a66\u5efa\u7acb\u9023\u7dda\u81f3\u60e1\u610f\u7db2\u57df\u7684\u5916\u90e8\u7db2\u8def\u901a\u8a0a\uff0c\u9032\u800c\u9054\u5230 C2 \u4f3a\u670d\u5668\u9060\u7aef\u63a7\u5236\u76ee\u7684\u3002<\/p>\n<p>\u3000\u3000\u622a\u81f3\u76ee\u524d\uff0c\u767c\u73fe Raspberry Robin \u5728\u7db2\u8def\u56db\u8655\u6563\u64ad\u7684\u5b89\u5168\u7814\u7a76\u4eba\u54e1\u9084\u672a\u627e\u5230\u5e55\u5f8c\u9ed1\u624b\uff0c\u4f46\u4ecd\u6301\u7e8c\u52aa\u529b\u627e\u51fa\u64cd\u63a7\u8005\u7684\u6700\u7d42\u76ee\u6a19\u70ba\u4f55\u3002\u6709\u9451\u65bc\u653b\u64ca\u8005\u80fd\u5728\u53d7\u5bb3\u8005\u7db2\u8def\u4e0b\u8f09\u53ca\u90e8\u7f72\u984d\u5916\u60e1\u610f\u8edf\u9ad4\uff0c\u4e26\u96a8\u6642\u63d0\u5347\u81ea\u5df1\u7684\u6b0a\u9650\uff0c\u5fae\u8edf\u5df2\u5c07 Raspberry Robin \u76f8\u95dc\u60e1\u610f\u6d3b\u52d5\u8a55\u70ba\u300c\u9ad8\u98a8\u96aa\u300d\u3002<\/p>\n<ul>\n<li><span style=\"color: #0000ff;\">Microsoft finds Raspberry Robin worm in hundreds of Windows networks\u3000<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks\/\">\u2663<\/a><\/span><\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e15cdd0 elementor-widget elementor-widget-text-editor\" data-id=\"e15cdd0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: left; line-height: 18.75pt; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;\" align=\"center\"><span style=\"font-size: 9px; color: #0000ff;\">\uff08\u9996\u5716\u4f86\u6e90\uff1aYouTube\uff09\u3000<a href=\"https:\/\/www.youtube.com\/watch?v=EQVZ14O8we8\">\u2663<\/a><br \/><\/span><span style=\"color: #0000ff; font-size: 9px;\">\u6587\u7ae0\u4f86\u6e90https:\/\/technews.tw\/2022\/07\/07\/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks\/\u3000<a href=\"https:\/\/technews.tw\/2022\/07\/07\/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks\/\">\u2663<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8c34334 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8c34334\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5299375\" data-id=\"5299375\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-73f0c8c elementor-widget elementor-widget-spacer\" data-id=\"73f0c8c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u5fae\u8edf\u6307\u51fa\uff0c\u8a31\u591a\u79d1\u6280\u696d\u53ca\u88fd\u9020\u696d\u7b49\u9867\u5ba2\u7db2\u8def\u767c\u73fe Raspberry Robin\uff08\u6a39\u8393\u77e5\u66f4\u9ce5\uff09\u7684 Windows \u8815\u87f2\uff0c\u57fa\u672c\u900f\u904e\u53d7\u611f\u67d3 USB \u88dd\u7f6e\u6563\u64ad\uff0c\u96d6\u7136\u5fae\u8edf\u4e5f\u89c0\u5bdf\u5230\u60e1\u610f\u8edf\u9ad4\u9023\u7d50\u5230\u6d0b\u8525\u7db2\u8def\uff08Tor Network\uff09\u670d\u52d9\u4e00\u4e9b\u7db2\u8def\u4f4d\u5740\uff0c\u4f46\u5a01\u8105\u767c\u52d5\u8005\u5c1a\u672a\u5229\u7528\u53d6\u5f97\u6b0a\u9650\u5b58\u53d6\u53d7\u5bb3\u8005\u7db2\u8def\u3002\u6709\u9451\u65bc\u60e1\u610f\u8edf\u9ad4\u80fd\u900f\u904e\u5408\u6cd5 Windows \u5de5\u5177\u898f\u907f\u53d7\u611f\u67d3\u7cfb\u7d71\u4f7f\u7528\u8005\u5e33\u865f\u63a7\u5236\uff08User Account Control\uff0cUAC\uff09\u529f\u80fd\uff0c\u6240\u4ee5\u53ef\u8f15\u6613\u64f4\u5927\u653b\u64ca\u898f\u6a21\u3002<\/p>\n","protected":false},"author":4,"featured_media":32189,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"image","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","_eb_attr":"","footnotes":""},"categories":[1362,1333,1368,1332],"tags":[],"class_list":["post-32183","post","type-post","status-publish","format-image","has-post-thumbnail","hentry","category-1362","category-1333","category-1368","category-1332","post_format-post-format-image"],"_links":{"self":[{"href":"https:\/\/winome.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/32183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/winome.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/winome.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/winome.com.tw\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/winome.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=32183"}],"version-history":[{"count":17,"href":"https:\/\/winome.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/32183\/revisions"}],"predecessor-version":[{"id":38208,"href":"https:\/\/winome.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/32183\/revisions\/38208"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/winome.com.tw\/index.php?rest_route=\/wp\/v2\/media\/32189"}],"wp:attachment":[{"href":"https:\/\/winome.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=32183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/winome.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=32183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/winome.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=32183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}