[{"category":"\u6f0f\u6d1e\u901a\u544a","publish_time":"2024-09-05 14:52:11","tags":["VULNERABILITY","CVE-2024-30051"],"abstract":"The CVE-2024-30051 vulnerability was first discovered by Kaspersky. According to the simple analysis report of the vulnerability initially uploaded to VT, we found the actual sample exploited by QakBot and analyzed it in detail through the characteristics of the vulnerability in the report.","title":"A public secret : Research on the CVE-2024-30051 privilege escalation vulnerability in the wild","link":"https:\/\/ti.qianxin.com\/blog\/articles\/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-en"},{"category":"\u6f0f\u6d1e\u901a\u544a","publish_time":"2024-09-05 11:28:27","tags":["\u6f0f\u6d1e","CVE-2024-30051"],"abstract":"CVE-2024-30051\u6f0f\u6d1e\u6700\u65e9\u7531\u5361\u5df4\u65af\u57fa\u53d1\u73b0\uff0c\u6839\u636e\u6700\u521d\u4e0a\u4f20\u5230VT\u7684\u8be5\u6f0f\u6d1e\u7684\u7b80\u5355\u5206\u6790\u62a5\u544a\uff0c\u6211\u4eec\u901a\u8fc7\u8be5\u62a5\u544a\u4e2d\u6f0f\u6d1e\u7684\u7279\u5f81\uff0c\u627e\u5230\u4e86QakBot\u5229\u7528\u7684\u5b9e\u9645\u6837\u672c\u5e76\u5bf9\u5176\u8fdb\u884c\u4e86\u8be6\u7ec6\u5206\u6790\u3002","title":"\u516c\u5f00\u7684\u9690\u79d8\uff1aCVE-2024-30051\u5728\u91ce\u63d0\u6743\u6f0f\u6d1e\u7814\u7a76","link":"https:\/\/ti.qianxin.com\/blog\/articles\/public-secret-research-on-the-cve-2024-30051-privilege-escalation-vulnerability-in-the-wild-cn"},{"category":"\u4e8b\u4ef6\u8ffd\u8e2a","publish_time":"2024-08-26 11:06:16","tags":["APT","\u4e1c\u5317\u4e9a\u5730\u533a","APT-Q-12"],"abstract":"Attackers often conduct very complex information collection before using vulnerability attacks. APT-Q-12 uses multiple sets of complex email probes and periodically delivers probe emails to the target to collect the victim's usage habits and behavior. Logic, including commonly used email platforms and brands, will be treated differently for different office products.","title":"Operation DevilTiger: 0day vulnerability techniques and tactics used by APT-Q-12 disclosed","link":"https:\/\/ti.qianxin.com\/blog\/articles\/operation-deviltiger-0day-vulnerability-techniques-and-tactics-used-by-apt-q-12-disclosed-en"},{"category":"\u4e8b\u4ef6\u8ffd\u8e2a","publish_time":"2024-08-26 10:13:47","tags":["APT","\u4e1c\u5317\u4e9a\u5730\u533a","APT-Q-12"],"abstract":"\u653b\u51fb\u8005\u5728\u4f7f\u7528\u6f0f\u6d1e\u653b\u51fb\u524d\u5f80\u5f80\u4f1a\u8fdb\u884c\u975e\u5e38\u590d\u6742\u7684\u4fe1\u606f\u6536\u96c6\uff0cAPT-Q-12\u4f7f\u7528\u591a\u5957\u590d\u6742\u7684\u90ae\u4ef6\u63a2\u9488\uff0c\u5468\u671f\u6027\u7684\u5411\u76ee\u6807\u6295\u9012\u63a2\u9488\u90ae\u4ef6\u4ee5\u6b64\u6765\u6536\u96c6\u53d7\u5bb3\u8005\u7684\u4f7f\u7528\u4e60\u60ef\u548c\u884c\u4e3a\u903b\u8f91\uff0c\u5305\u62ec\u5e38\u7528\u7684\u90ae\u4ef6\u5e73\u53f0\u3001\u54c1\u724c\uff0c\u5728\u9488\u5bf9\u4e0d\u540coffice\u4ea7\u54c1\u53c8\u4f1a\u8fdb\u884c\u533a\u522b\u5904\u7406\u3002","title":"Operation DevilTiger\uff1aAPT-Q-12 \u4f7f\u7528 0day \u6f0f\u6d1e\u6280\u6218\u672f\u62ab\u9732","link":"https:\/\/ti.qianxin.com\/blog\/articles\/operation-deviltiger-0day-vulnerability-techniques-and-tactics-used-by-apt-q-12-disclosed-cn"},{"category":"\u4e8b\u4ef6\u8ffd\u8e2a","publish_time":"2024-08-23 17:58:22","tags":["APT","\u5357\u4e9a\u5730\u533a","PATCHWORK"],"abstract":"Recently, we discovered a new variant of the Spyder downloader of the Patchwork group, and observed attackers using Spyder to distribute two secret-stealing components, which are used to capture screenshots and collect file information respectively. Although the core function of the Spyder downloader has not changed, it still releases subsequent components from the remotely downloaded encrypted ZIP package and executes it, but some changes have been made in terms of code structure and C2 communication format. The following is the attack process of the Spyder downloader and secret-stealing components discovered this time.","title":"Analysis of New Variants and Subsequent  Components of Patchwork(APT-Q-36) Spyder Downloader","link":"https:\/\/ti.qianxin.com\/blog\/articles\/analysis-of-new-variants-and-components-of-patchwork-spyder-downloader-en"},{"category":"\u4e8b\u4ef6\u8ffd\u8e2a","publish_time":"2024-08-23 17:21:01","tags":["APT","\u5357\u4e9a\u5730\u533a","PATCHWORK"],"abstract":"\u8fd1\u671f\u6211\u4eec\u53d1\u73b0\u6469\u8bc3\u8349\u7ec4\u7ec7 Spyder \u4e0b\u8f7d\u5668\u51fa\u73b0\u65b0\u53d8\u79cd\uff0c\u5e76\u89c2\u5bdf\u5230\u653b\u51fb\u8005\u501f\u52a9 Spyder \u4e0b\u53d1\u4e24\u6b3e\u7a83\u5bc6\u7ec4\u4ef6\uff0c\u5206\u522b\u7528\u4e8e\u622a\u5c4f\u548c\u6536\u96c6\u6587\u4ef6\u4fe1\u606f\u3002\u867d\u7136 Spyder \u4e0b\u8f7d\u5668\u7684\u6838\u5fc3\u529f\u80fd\u6ca1\u53d8\uff0c\u4ecd\u662f\u4ece\u8fdc\u7a0b\u4e0b\u8f7d\u7684\u52a0\u5bc6 ZIP \u5305\u4e2d\u91ca\u653e\u51fa\u540e\u7eed\u7ec4\u4ef6\u5e76\u6267\u884c\uff0c\u4f46\u5728\u4ee3\u7801\u7ed3\u6784\u548c C2 \u901a\u4fe1\u683c\u5f0f\u7b49\u65b9\u9762\u505a\u4e86\u4e00\u4e9b\u6539\u52a8\u3002\u4ee5\u4e0b\u662f\u672c\u6b21\u53d1\u73b0\u7684 Spyder \u4e0b\u8f7d\u5668\u548c\u7a83\u5bc6\u7ec4\u4ef6\u7684\u653b\u51fb\u8fc7\u7a0b\u3002","title":"\u6469\u8bc3\u8349\uff08APT-Q-36\uff09Spyder\u4e0b\u8f7d\u5668\u65b0\u53d8\u79cd\u53ca\u540e\u7eed\u7ec4\u4ef6\u5206\u6790","link":"https:\/\/ti.qianxin.com\/blog\/articles\/analysis-of-new-variants-and-components-of-patchwork-spyder-downloader-cn"},{"category":"\u4e13\u9898\u62a5\u544a","publish_time":"2024-08-19 12:36:49","tags":["APT","\u52d2\u7d22","\u9ed1\u4ea7","\u5e74\u5ea6\u62a5\u544a"],"abstract":"\u8fd1\u65e5\uff0c\u5947\u5b89\u4fe1\u5a01\u80c1\u60c5\u62a5\u4e2d\u5fc3\u53d1\u5e03\u300a\u7f51\u7edc\u5b89\u5168\u5a01\u80c12024\u5e74\u4e2d\u62a5\u544a\u300b\uff0c\u5185\u5bb9\u6db5\u76d6\u9ad8\u7ea7\u6301\u7eed\u6027\u5a01\u80c1\uff08APT\uff09\u3001\u52d2\u7d22\u8f6f\u4ef6\u3001\u4e92\u8054\u7f51\u9ed1\u4ea7\u3001\u6f0f\u6d1e\u5229\u7528\u7b49\u51e0\u65b9\u9762\u3002\u8be5\u62a5\u544a\u6307\u51fa\u4e0a\u534a\u5e74\u5185\u6d89\u53ca\u6211\u56fd\u7684\u9ad8\u7ea7\u6301\u7eed\u6027\u5a01\u80c1\u4e8b\u4ef6\u4e3b\u8981\u5728\u4fe1\u606f\u6280\u672f\u3001\u653f\u5e9c\u3001\u79d1\u7814\u6559\u80b2\u9886\u57df\uff0c\u53d7\u5bb3\u76ee\u6807\u96c6\u4e2d\u5728\u5e7f\u4e1c\u7b49\u5730\u533a\u3002\u6b64\u5916\uff0c\u8fd8\u89c2\u5bdf\u5230\u7684\u591a\u4e2a\u6301\u7eed\u9488\u5bf9\u56fd\u5185\u91cd\u70b9\u76ee\u6807\u7684\u672a\u77e5\u5a01\u80c1\u7ec4\u7ec7\uff08UTG\uff09\u7784\u51c6\u65b0\u80fd\u6e90\u3001\u4f4e\u8f68\u536b\u661f\u3001\u4eba\u5de5\u667a\u80fd\u3001\u822a\u5929\u822a\u7a7a\u7b49\u591a\u4e2a\u9886\u57df\u30022024\u5e74\u4e0a\u534a\u5e74\u5168\u7403\u8303\u56f4\u5185\u7684\u52d2\u7d22\u8f6f\u4ef6\u653b\u51fb\u6ce2\u53ca\u5305\u62ec\u4e2d\u56fd\u5728\u5185\u7684\u591a\u4e2a\u56fd\u5bb6\uff0c\u53d7\u5bb3\u8005\u5305\u62ec\u4e2a\u4eba\u7528\u6237\uff0c\u4ee5\u53ca\u5404\u79cd\u89c4\u6a21\u7684\u7ec4\u7ec7\u673a\u6784\uff0c\u653f\u5e9c\u3001\u533b\u7597\u3001\u5236\u9020\u3001\u80fd\u6e90\u7b49\u884c\u4e1a\u5c61\u6b21\u906d\u5230\u52d2\u7d22\u653b\u51fb\u3002\u94f6\u72d0\u6728\u9a6c\u9ed1\u4ea7\u56e2\u4f19\u3001Bigpanzi\u3001\u6697\u868a\u3001\u91d1\u76f8\u72d0\u7b49\u591a\u4e2a\u9ed1\u4ea7\u7ec4\u7ec7\u6d3b\u52a8\u88ab\u62ab\u9732\u3002\u6f0f\u6d1e\u65b9\u9762\uff0c2024\u5e74\u4e0a\u534a\u5e74\u62ab\u9732\u7684\u9ad8\u5371\u6f0f\u6d1e\u6570\u91cf\u8fbe25\u4e2a\u3002\u5f80\u5e74\u5fae\u8f6f\u3001\u8c37\u6b4c\u3001\u82f9\u679c\u4e09\u8db3\u9f0e\u7acb\u7684\u683c\u5c40\u88ab\u6253\u7834\uff0cGoogle\u4f9d\u65e7\u662f\u76f8\u5173\u6f0f\u6d1e\u6700\u591a\u7684\u5382\u5546\uff0c\u65d7\u4e0b\u7684Chrome\u4ecd\u662f\u76ee\u524d\u653b\u51fb\u8005\u70ed\u8877\u7684\u6d4f\u89c8\u5668\u653b\u51fb\u5411\u91cf\uff0c\u5fae\u8f6f\u3001\u82f9\u679c\u7684\u76f8\u5173\u6f0f\u6d1e\u6570\u91cf\u6709\u6240\u56de\u843d\uff0c\u7559\u4e0b\u7684\u4efd\u989d\u88ab\u7f51\u7edc\u8fb9\u754c\u8bbe\u5907\u6f0f\u6d1e\u586b\u8865\u3002","title":"\u7f51\u7edc\u5b89\u5168\u5a01\u80c12024\u5e74\u4e2d\u62a5\u544a","link":"https:\/\/ti.qianxin.com\/uploads\/2024\/08\/19\/2274f632f6a1d8acd2f1801c24887edb.pdf"},{"category":"\u4e8b\u4ef6\u8ffd\u8e2a","publish_time":"2024-08-02 10:06:26","tags":["APT","BERBEROKA","FINANCIAL"],"abstract":"With the advent of the COVID-19 pandemic in 2020, the sharp fluctuations in the domestic securities and fund markets have caused attackers to be eager to know the future market trends in order to protect their principal. BerBeroka's launch of Operation Giant at this time is in line with historical objective laws. In addition to attacks on core server areas, we also observed that the personal terminals of some top fund managers were controlled. The attackers wanted to obtain the fund portfolios and investment strategies of these financial elites.","title":"Operation Giant Financial Storm Under Circuit Breaker Orders","link":"https:\/\/ti.qianxin.com\/blog\/articles\/operation-giant-financial-storm-under-circuit-breaker-orders-en"},{"category":"\u4e8b\u4ef6\u8ffd\u8e2a","publish_time":"2024-08-02 09:28:38","tags":["APT","BERBEROKA","\u91d1\u878d"],"abstract":"\u968f\u7740 2020 \u5e74\u65b0\u51a0\u5927\u6d41\u884c\u7684\u5230\u6765\uff0c\u56fd\u5185\u8bc1\u5238\u548c\u57fa\u91d1\u5e02\u573a\u7684\u5267\u70c8\u6ce2\u52a8\u5bfc\u81f4\u653b\u51fb\u8005\u8feb\u5207\u60f3\u8981\u77e5\u9053\u672a\u6765\u5e02\u573a\u7684\u8d70\u52bf\u4ee5\u4fdd\u62a4\u81ea\u5df1\u7684\u672c\u91d1\uff0cBerBeroka \u6b64\u65f6\u53d1\u8d77 Operation Giant \u884c\u52a8\u7b26\u5408\u5386\u53f2\u5ba2\u89c2\u89c4\u5f8b\uff0c\u9664\u4e86\u9488\u5bf9\u6838\u5fc3\u670d\u52a1\u5668\u533a\u7684\u653b\u51fb\u5916\uff0c\u6211\u4eec\u8fd8\u89c2\u5bdf\u5230\u90e8\u5206\u5934\u90e8\u57fa\u91d1\u7ecf\u7406\u7684\u4e2a\u4eba\u7ec8\u7aef\u88ab\u63a7\uff0c\u653b\u51fb\u8005\u60f3\u8981\u83b7\u53d6\u8fd9\u4e9b\u91d1\u878d\u7cbe\u82f1\u4eec\u7684\u57fa\u91d1\u7ec4\u5408\u548c\u6295\u8d44\u7b56\u7565\u3002","title":"Operation Giant\uff1a\u7194\u65ad\u6307\u4ee4\u4e0b\u7684\u91d1\u878d\u98ce\u66b4","link":"https:\/\/ti.qianxin.com\/blog\/articles\/operation-giant-financial-storm-under-circuit-breaker-orders-cn"}]