{"id":831,"date":"2022-10-22T12:22:36","date_gmt":"2022-10-22T04:22:36","guid":{"rendered":"http:\/\/www.aqwu.net\/wp\/?p=831"},"modified":"2022-10-22T15:17:08","modified_gmt":"2022-10-22T07:17:08","slug":"%e5%af%b9%e7%be%8e%e5%9b%bd-cert%e8%ad%a6%e6%8a%a5%ef%bc%88aa22-257a%ef%bc%89%e7%9a%84%e6%94%bb%e5%87%bb%e5%9b%be%e5%93%8d%e5%ba%94%ef%bc%9a%e4%bc%8a%e6%9c%97%e4%bc%8a%e6%96%af%e5%85%b0%e9%9d%a9","status":"publish","type":"post","link":"https:\/\/www.aqwu.net\/wp\/?p=831","title":{"rendered":"\u5bf9\u7f8e\u56fd-CERT\u8b66\u62a5\uff08AA22-257A\uff09\u7684\u653b\u51fb\u56fe\u54cd\u5e94\uff1a\u4f0a\u6717\u4f0a\u65af\u5170\u9769\u547d\u536b\u961f\u9644\u5c5e\u7f51\u7edc\u884c\u4e3a\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u8d4e\u91d1\u884c\u52a8"},"content":{"rendered":"\n

AttackIQ\u53d1\u5e03\u4e86\u4e00\u4e2a\u65b0\u7684\u653b\u51fb\u56fe\uff0c\u6a21\u62df\u4f0a\u6717\u884c\u4e3a\u8005\u7528\u6765\u7834\u574f\u548c\u52a0\u5bc6\u7cfb\u7edf\u7684\u6280\u672f – \u65e0\u9700\u6076\u610f\u8f6f\u4ef6 – \u4ee5\u5e2e\u52a9\u5ba2\u6237\u62b5\u5fa1\u8bd5\u56fe\u5728\u4ec5\u5c45\u4f4f\u5728\u9646\u5730\u4e4b\u5916\u65f6\u8fd0\u884c\u7684\u5a01\u80c1\u3002<\/p>\n\n\n\n

\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/www.attackiq.com\/2022\/09\/16\/attack-graph-response-to-us-cert-alert-aa22-257a-iranian-islamic-revolutionary-guard-corps-affiliated-cyber-actors-exploiting-vulnerabilities-for-ransom-operations\/<\/p>\n\n\n\n

\u76ee\u6807\u884c\u4e1a\uff1a\u5168\u7403\u5173\u952e\u57fa\u7840\u8bbe\u65bd<\/em><\/p>\n\n\n\n

2022\u5e749\u670814\u65e5\uff0c\u7f8e\u56fd\u7f51\u7edc\u5b89\u5168\u548c\u57fa\u7840\u8bbe\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u53d1\u5e03\u4e86\u4e00\u4efd<\/a>\u8054\u5408\u7f51\u7edc\u5b89\u5168\u54a8\u8be2\uff08CSA\uff09\uff0c\u5176\u4e2d\u5305\u542b\u6765\u81ea\u8054\u90a6\u8c03\u67e5\u5c40\uff08FBI\uff09\uff0c\u56fd\u5bb6\u5b89\u5168\u5c40\uff08NSA\uff09\uff0c\u7f8e\u56fd\u7f51\u7edc\u53f8\u4ee4\u90e8\uff08USCC\uff09 – \u7f51\u7edc\u56fd\u5bb6\u4efb\u52a1\u90e8\u961f\uff08CNMF\uff09\uff0c\u7f8e\u56fd\u8d22\u653f\u90e8\uff08\u8d22\u653f\u90e8\uff09\uff0c\u6fb3\u5927\u5229\u4e9a\u7f51\u7edc\u5b89\u5168\u4e2d\u5fc3\uff08ACSC\uff09\uff0c\u52a0\u62ff\u5927\u7f51\u7edc\u5b89\u5168\u4e2d\u5fc3\uff08CCCS\uff09\u7684\u5206\u6790\u610f\u89c1\u3002 \u548c\u82f1\u56fd\u56fd\u5bb6\u7f51\u7edc\u5b89\u5168\u4e2d\u5fc3\uff08NCSC\uff09\uff0c\u4ee5\u5f3a\u8c03\u4e0e\u4f0a\u6717\u653f\u5e9c\u4f0a\u65af\u5170\u9769\u547d\u536b\u961f\uff08IRGC\uff09\u6709\u5173\u8054\u7684\u4e2a\u4eba\u7684\u6301\u7eed\u6076\u610f\u6d3b\u52a8\u3002 \u6b64\u8b66\u62a5\u662f\u5bf92021\u5e7411\u6708\u53d1\u5e03\u7684\u5148\u524dCSA AA21-321A<\/a>\u7684\u66f4\u65b0\uff0c\u8be5\u8b66\u62a5\u786e\u5b9a\u4e86\u53ef\u8ffd\u6eaf\u52302021\u5e743\u6708\u7684\u6d3b\u52a8\uff0c\u6d89\u53ca\u5229\u7528\u5e38\u89c1\u6f0f\u6d1e\uff0c\u5141\u8bb8IRGC\u9644\u5c5e\u884c\u4e3a\u8005\u5229\u7528\u5176\u8bbf\u95ee\u6743\u9650\u8fdb\u884c\u540e\u7eed\u6d3b\u52a8\uff0c\u5305\u62ec\u78c1\u76d8\u52a0\u5bc6\u548c\u6570\u636e\u52d2\u7d22\uff0c\u4ee5\u652f\u6301\u8d4e\u91d1\u64cd\u4f5c\u3002<\/p>\n\n\n\n

\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u5728\u8fd9\u4e2a\u65b0\u7684\u8b66\u62a5\u4e2d\uff0c\u534f\u8c03\u7684\u7f8e\u56fd\u653f\u5e9c\u673a\u6784\u548c\u76df\u56fd\u653f\u5e9c\u73b0\u5728\u6b63\u5728\u6566\u4fc3\u7ec4\u7ec7\u901a\u8fc7\u8fdb\u884c\u4e0eMITRE ATT&CK\u6846\u67b6\u201c\u5927\u89c4\u6a21\uff0c\u751f\u4ea7\u201d\u4e00\u81f4\u7684\u8fde\u7eed\u81ea\u52a8\u5316\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u5176\u5b89\u5168\u63a7\u5236\u3002<\/p>\n\n\n\n

\u6839\u636e\u8be5\u516c\u544a\uff0c\u4e0e\u4f0a\u65af\u5170\u9769\u547d\u536b\u961f\u6709\u8054\u7cfb\u7684\u5bf9\u624b\u7ee7\u7eed\u79ef\u6781\u7784\u51c6\u5e7f\u6cdb\u7684\u5b9e\u4f53\uff0c\u5305\u62ec\u591a\u4e2a\u7f8e\u56fd\u5173\u952e\u57fa\u7840\u8bbe\u65bd\u90e8\u95e8\u4ee5\u53ca\u6fb3\u5927\u5229\u4e9a\uff0c\u52a0\u62ff\u5927\u548c\u82f1\u56fd\u7ec4\u7ec7\u3002\u4ed6\u4eec\u6b63\u5728\u5229\u7528\u4ee3\u7406\u5916\u58f3\u548cLog4Shell<\/a>\u6f0f\u6d1e\u5229\u7528\u9762\u5411\u5916\u90e8\u7684\u670d\u52a1\u3002\u4e00\u65e6\u5b9e\u73b0\u4e86\u521d\u59cb\u7acb\u8db3\u70b9\uff0c\u53c2\u4e0e\u8005\u5c31\u4f1a\u5f00\u59cb\u8f6c\u50a8\u51ed\u636e\u3001\u6a2a\u5411\u79fb\u52a8\u5e76\u4f7f\u7528 BitLocker \u52a0\u5bc6\u4e3b\u673a\u3002<\/a> DFIR\u62a5\u544a\u4e8e2021\u5e7411\u6708\u53d1\u5e03\u4e86\u4e00\u4efd\u8be6\u7ec6\u62a5\u544a\uff0c\u6db5\u76d6\u4e86\u5a01\u80c1\u884c\u4e3a\u8005\u6267\u884c\u7684\u6280\u672f\u548c\u547d\u4ee4\u7684\u6280\u672f\u7ec6\u8282\u3002 <\/p>\n\n\n\n

AttackIQ\u53d1\u5e03\u4e86\u4e00\u4e2a\u65b0\u7684\u653b\u51fb\u56fe\uff0c\u6a21\u62df\u8fd9\u4e9b\u653b\u51fb\u4e2d\u4f7f\u7528\u7684\u6280\u672f\uff0c\u4ee5\u5e2e\u52a9\u5ba2\u6237\u9a8c\u8bc1\u4ed6\u4eec\u7684\u5b89\u5168\u63a7\u5236\u4ee5\u53ca\u4ed6\u4eec\u9632\u5fa1\u6b64\u5a01\u80c1\u53c2\u4e0e\u8005\u548c\u5176\u4ed6\u9075\u5faa\u7c7b\u4f3c\u884c\u4e3a\u7684\u4eba\u7684\u80fd\u529b\u3002<\/p>\n\n\n\n

\u9488\u5bf9 AttackIQ \u7684\u65b0\u653b\u51fb\u56fe\u9a8c\u8bc1\u5b89\u5168\u7a0b\u5e8f\u6027\u80fd\u5bf9\u4e8e\u964d\u4f4e\u98ce\u9669\u81f3\u5173\u91cd\u8981\u3002\u901a\u8fc7\u4f7f\u7528 AttackIQ \u5b89\u5168\u4f18\u5316\u5e73\u53f0\uff0c\u5b89\u5168\u56e2\u961f\u5c06\u80fd\u591f\uff1a <\/p>\n\n\n\n