{"id":1110,"date":"2021-11-11T15:52:04","date_gmt":"2021-11-11T07:52:04","guid":{"rendered":"https:\/\/choson.lifenet.com.tw\/?p=1110"},"modified":"2021-11-11T15:52:36","modified_gmt":"2021-11-11T07:52:36","slug":"nanocore-%e6%83%a1%e6%84%8f%e8%bb%9f%e4%bb%b6%e4%bf%a1%e6%81%af","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=1110","title":{"rendered":"NanoCore \u60e1\u610f\u8edf\u4ef6\u4fe1\u606f"},"content":{"rendered":"\n<p>\u6982\u8981<\/p>\n\n\n\n<p>NanoCore \u9060\u7a0b\u8a2a\u554f\u6728\u99ac (RAT) \u65bc 2013 \u5e74\u9996\u6b21\u5728\u5730\u4e0b\u8ad6\u58c7\u4e0a\u51fa\u552e\u6642\u88ab\u767c\u73fe\u3002\u8a72\u60e1\u610f\u8edf\u4ef6\u5177\u6709\u591a\u7a2e\u529f\u80fd\uff0c\u4f8b\u5982\u9375\u76e4\u8a18\u9304\u5668\u3001\u5bc6\u78bc\u7aca\u53d6\u5668\uff0c\u53ef\u4ee5\u9060\u7a0b\u5c07\u6578\u64da\u50b3\u905e\u7d66\u60e1\u610f\u8edf\u4ef6\u64cd\u4f5c\u54e1\u3002\u5b83\u9084\u80fd\u5920\u7be1\u6539\u548c\u67e5\u770b\u4f86\u81ea\u7db2\u7d61\u651d\u50cf\u982d\u7684\u93e1\u982d\u3001\u5c4f\u5e55\u9396\u5b9a\u3001\u4e0b\u8f09\u548c\u76dc\u7aca\u6587\u4ef6\u7b49\u3002<\/p>\n\n\n\n<p>\u7576\u524d\u7684 NanoCore RAT \u6b63\u5728\u901a\u904e\u5229\u7528\u793e\u6703\u5de5\u7a0b\u7684\u60e1\u610f\u5783\u573e\u90f5\u4ef6\u6d3b\u52d5\u50b3\u64ad\uff0c\u5176\u4e2d\u96fb\u5b50\u90f5\u4ef6\u5305\u542b\u865b\u5047\u7684\u9280\u884c\u4ed8\u6b3e\u6536\u64da\u548c\u5831\u50f9\u8acb\u6c42\u3002\u9019\u4e9b\u96fb\u5b50\u90f5\u4ef6\u9084\u5305\u542b\u5e36\u6709 .img \u6216 .iso \u64f4\u5c55\u540d\u7684\u60e1\u610f\u9644\u4ef6\u3002\u78c1\u76e4\u6620\u50cf\u6587\u4ef6\u4f7f\u7528 .img \u548c .iso \u6587\u4ef6\u4f86\u5b58\u5132\u78c1\u76e4\u6216\u5149\u76e4\u7684\u539f\u59cb\u8f49\u5132\u3002\u53e6\u4e00\u500b\u7248\u672c\u7684 NanoCore \u4e5f\u5728\u5229\u7528\u7279\u88fd ZIP \u6587\u4ef6\u7684\u7db2\u7d61\u91e3\u9b5a\u6d3b\u52d5\u4e2d\u5206\u767c\uff0c\u8a72 ZIP \u6587\u4ef6\u65e8\u5728\u7e5e\u904e\u5b89\u5168\u96fb\u5b50\u90f5\u4ef6\u7db2\u95dc\u3002\u67d0\u4e9b\u7248\u672c\u7684 PowerArchiver\u3001WinRar \u548c\u8f03\u820a\u7684 7-Zip \u53ef\u4ee5\u63d0\u53d6\u60e1\u610f ZIP \u6587\u4ef6\u3002\u88ab\u76dc\u4fe1\u606f\u88ab\u767c\u9001\u5230\u60e1\u610f\u8edf\u4ef6\u653b\u64ca\u8005\u7684\u547d\u4ee4\u548c\u63a7\u5236 (C&amp;C) \u670d\u52d9\u5668\u3002<\/p>\n\n\n\n<p>\u6b64 RAT \u6536\u96c6\u4ee5\u4e0b\u6578\u64da\u4e26\u5c07\u5176\u767c\u9001\u5230\u5176\u670d\u52d9\u5668\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\u700f\u89bd\u5668\u7684\u7528\u6236\u540d\u548c\u5bc6\u78bc<\/li><li>\u6587\u4ef6\u50b3\u8f38\u5354\u8b70 (FTP) \u5ba2\u6236\u7aef\u6216\u6587\u4ef6\u7ba1\u7406\u5668\u8edf\u4ef6\u5b58\u5132\u7684\u5e33\u6236\u4fe1\u606f<\/li><li>\u6d41\u884c\u90f5\u4ef6\u5ba2\u6236\u7aef\u7684\u96fb\u5b50\u90f5\u4ef6\u6191\u64da<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u80fd\u529b\uff1a<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>\u4fe1\u606f\u7aca\u53d6<\/li><li>\u5f8c\u9580\u547d\u4ee4<\/li><li>\u6f0f\u6d1e\u5229\u7528<\/li><li>\u7981\u7528\u4f7f\u7528\u80fd\u529b<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u5f71\u97ff\uff1a<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>\u5371\u5bb3\u7cfb\u7d71\u5b89\u5168 &#8211; \u5177\u6709\u53ef\u4ee5\u57f7\u884c\u60e1\u610f\u547d\u4ee4\u7684\u5f8c\u9580\u529f\u80fd<\/li><li>\u4fb5\u72af\u7528\u6236\u96b1\u79c1 &#8211; \u6536\u96c6\u7528\u6236\u6191\u64da\u3001\u8a18\u9304\u64ca\u9375\u4e26\u7aca\u53d6\u7528\u6236\u4fe1\u606f<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u611f\u67d3\u8a73\u60c5\uff1a<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/success.trendmicro.com\/servlet\/rtaImage?eid=kaL4T000000TUo9&amp;feoid=00N4P00000GFzuN&amp;refid=0EM4P000001h8WD\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/success.trendmicro.com\/servlet\/rtaImage?eid=kaL4T000000TUo9&amp;feoid=00N4P00000GFzuN&amp;refid=0EM4P000001h8VP\" alt=\"\"\/><\/figure>\n\n\n\n<p>\u6a23\u672c\u5783\u573e\u90f5\u4ef6 &#8211; \u9280\u884c\u4ed8\u6b3e\u6536\u64da\u9644\u4ef6\u5783\u573e\u90f5\u4ef6<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/success.trendmicro.com\/servlet\/rtaImage?eid=kaL4T000000TUo9&amp;feoid=00N4P00000GFzuN&amp;refid=0EM4P000001h8VU\" alt=\"\"\/><\/figure>\n\n\n\n<p>MITRE ATT &amp; CK \u77e9\u9663<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"749\" height=\"223\" src=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/11\/\u622a\u5716-2021-11-11-\u4e0b\u53483.43.58.png\" alt=\"\" class=\"wp-image-1111\" srcset=\"https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/11\/\u622a\u5716-2021-11-11-\u4e0b\u53483.43.58.png 749w, https:\/\/choson.lifenet.com.tw\/wp-content\/uploads\/2021\/11\/\u622a\u5716-2021-11-11-\u4e0b\u53483.43.58-300x89.png 300w\" sizes=\"auto, (max-width: 749px) 100vw, 749px\" \/><\/figure>\n\n\n\n<p>\u8cc7\u6599\u4f86\u6e90\uff1ahttps:\/\/success.trendmicro.com\/tw\/solution\/1122912-nanocore-malware-information<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 NanoCore \u9060\u7a0b\u8a2a\u554f\u6728\u99ac (RAT) \u65bc 2013 \u5e74\u9996\u6b21\u5728\u5730\u4e0b\u8ad6\u58c7\u4e0a\u51fa\u552e\u6642\u88ab\u767c\u73fe\u3002\u8a72\u60e1\u610f\u8edf\u4ef6\u5177\u6709 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1110","post","type-post","status-publish","format-standard","hentry","category-is"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1110"}],"version-history":[{"count":2,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1110\/revisions"}],"predecessor-version":[{"id":1113,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1110\/revisions\/1113"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}