{"id":1404,"date":"2014-04-23T07:55:59","date_gmt":"2014-04-22T23:55:59","guid":{"rendered":"http:\/\/localhost\/portal\/2014\/04\/23\/apt-social-engineering-rtf\/"},"modified":"2014-04-23T07:55:59","modified_gmt":"2014-04-22T23:55:59","slug":"apt-social-engineering-rtf","status":"publish","type":"post","link":"https:\/\/www.cyberhunter.com.tw\/?p=1404","title":{"rendered":"\u5c0f\u5fc3\u507d\u88dd\u7684RTF\u670d\u8cbf\u6587\u4ef6\uff0c\u99ed\u5ba2\u653b\u64ca\u8ddf\u7dca\u6642\u4e8b"},"content":{"rendered":"<p>&nbsp;<a href=\"http:\/\/www.bnext.com.tw\/article\/view\/id\/31885\" target=\"_blank\" rel=\"noopener\">\u6578\u4f4d\u6642\u4ee3\u7db2\u7ad9<\/a>\uff5c\u64b0\u6587\u8005\uff1a\u90ed\u829d\u6995\u767c\u8868\u65e5\u671f\uff1a2014-04-21<\/p>\n<p>\u4f60\u66fe\u7d93\u5728\u4fe1\u7bb1\u4e2d\u6536\u5230\u985e\u4f3c\u300c\u5169\u5cb8\u5354\u8b70\u76e3\u7763\u689d\u4f8b\u6cd5\u5236\u5316\u8b70\u984c\u5f59\u6574.doc\u300d\u3001\u300cECFA\u540d\u55ae\u66f4\u65b0\u300d\u7684RTF\u6587\u4ef6\u55ce\uff1f\u99ed\u5ba2\u653b\u64ca\u6108\u4f86\u6108\u300c\u8070\u660e\u300d\uff0c\u9023\u6a94\u540d\u90fd\u6311\u9078\u6700\u71b1\u9580\u7684\u670d\u8cbf\u8b70\u984c\uff0c\u91dd\u5c0d\u53f0\u7063\u653f\u5e9c\u53ca\u4f01\u696d\uff0c\u9032\u884c\u5927\u898f\u6a21\u653b\u64ca\u3002\u900f\u904e\u5fae\u8edfRTF\u7a0b\u5f0f\u6f0f\u6d1e\uff0c\u53ea\u8981\u4f60\u7684\u6ed1\u9f20\u6ed1\u904e\u4fe1\u4ef6\u9644\u6a94\uff0c\u4e0d\u9700\u8981\u628a\u6a94\u6848\u6253\u958b\uff0c\u99ac\u4e0a\u5c31\u6703\u89f8\u767cAPT\uff08Advanced Persistent Threat\uff09\u653b\u64ca\uff0c\u99ed\u5ba2\u5c31\u80fd\u64cd\u63a7\u4f60\u7684\u96fb\u8166\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/farm8.staticflickr.com\/7132\/13899890752_45ae989995.jpg\" alt=\"\" \/><\/p>\n<div>\u70ba\u88dd\u6210RTF\u6587\u4ef6\u7684\u6a94\u6848\uff0c\u5176\u5be6\u593e\u5e36\u60e1\u610f\u7a0b\u5f0f\uff0c\u662f\u5e38\u898b\u7684APT\u653b\u64ca\u65b9\u5f0f\uff0c\u7db2\u8def\u622a\u5716\u3002<\/div>\n<div>&nbsp;<\/div>\n<div>\u5fae\u8edf3\u670824\u65e5\u767c\u51fa\u8cc7\u5b89\u901a\u5831\uff0c\u4f46\u76f4\u52304\u67088\u65e5\u624d\u6b63\u5f0f\u4fee\u88dc\uff0c\u516c\u5e03\u8cc7\u8a0a\u5b89\u5168\u516c\u544a\u3002\u671f\u9593\u5df2\u6709word2010\u7684\u7528\u6236\u53d7\u5230\u653b\u64ca\uff0c\u53ea\u8981\u4f7f\u7528\u8005\u6253\u958b\u507d\u88dd\u6210RTF\u6587\u4ef6\u7684\u6a94\u6848\uff0c\u96fb\u8166\u4e2d\u53c8\u9810\u8a2dWord\u70ba\u96fb\u5b50\u90f5\u4ef6\u67e5\u770b\u5668\uff0c\u99ed\u5ba2\u5c31\u53ef\u4ee5\u9060\u7aef\u57f7\u884c\u7a0b\u5f0f\u78bc\u3002\u9019\u500b\u6f0f\u6d1e\u7531Google\u5b89\u5168\u5718\u968a\u7684Drew Hintz\u3001Shane Huntley\u548cMatty Pellegrino\u56de\u5831 Word RTF \u8a18\u61b6\u9ad4\u640d\u6bc0\u8cc7\u8a0a\u5b89\u5168\u98a8\u96aa\uff08CVE-2014-1761\uff09\u3002<\/div>\n<div>&nbsp;<\/div>\n<div>Xecure Lab\u8cc7\u5b89\u7814\u7a76\u54e1\u90b1\u9298\u5f70\uff08Birdman\uff09\u6307\u51fa\uff0c\u300cRTF\u662f\u7d93\u5178\u6f0f\u6d1e\uff0c\u99ed\u5ba2\u505aAPT\u653b\u64ca\u559c\u6b61\u7528RTF\uff0c\u662f\u56e0\u70ba\u89f8\u767c\u975e\u5e38\u7a69\u5b9a\u3002\u300d\u4e00\u76f4\u4ee5\u4f86\uff0c\u99ed\u5ba2\u5e38\u91dd\u5c0d\u5fae\u8edf\u7684\u6587\u4ef6\u6f0f\u6d1e\uff08Document Exploit\uff09\u9032\u884cAPT\u653b\u64ca\uff0c\u5f80\u5f80\u662f\u56e0\u70ba\u7528\u6236\u6c92\u6709\u6642\u5e38\u66f4\u65b0\uff0c\u518d\u52a0\u4e0a\u8207\u8cc7\u5b89\u76f8\u95dc\u7684\u5831\u544a\u6bcf\u5929\u6709\u4e0a\u767e\u500b\uff0c\u4e00\u822c\u7db2\u7ba1\u4eba\u54e1\u4e0d\u4e00\u5b9a\u6703\u6ce8\u610f\u5230\u507d\u88ddRTF\u6587\u4ef6\u7684\u653b\u64ca\u3002<\/div>\n<div>&nbsp;<\/div>\n<div>\u90b1\u9298\u5f70\u63d0\u9192\uff0c\u300c\u4e00\u65e6\u6709\u8cc7\u5b89\u6f0f\u6d1e\uff0c\u53cd\u61c9\u6642\u9593\u5f80\u5f80\u53ea\u6709\u4e00\u500b\u661f\u671f\u3002\u300d\u4ed6\u89c0\u5bdf\uff0c\u5176\u5be6\u65e9\u57281\u670814\u65e5\u60e1\u610f\u7a0b\u5f0f\u5c31\u6e96\u5099\u597d\u4e86\uff0c\u63a8\u6e2c\u60e1\u610f\u6587\u4ef6\u7814\u767c\u51fa\u4f86\u7684\u65e5\u671f\u5927\u7d04\u662f3\u67088\u65e5\uff0c3\u670824\u65e5\u5fae\u8edf\u767c\u51fa\u8cc7\u5b89\u901a\u5831\uff0c24\u65e5\u524d\u7684\u9019\u6bb5\u6642\u9593\u7a31\u70ba\u300cunknown 0day\u300d\uff08\u6c92\u6709\u4fee\u88dc\u7a0b\u5f0f\u7684\u6f0f\u6d1e\uff080day\uff09\u3002\u76f4\u52304\u67082\u65e5\u5168\u7403\u51fa\u73fe\u7b2c\u4e00\u500b\u653b\u64ca\u6a23\u672c\uff0c\u958b\u59cb\u5ee3\u70ba\u6d41\u50b3\u30024\u67086\u65e5\u4e2d\u570b\u99ed\u5ba2\u5e38\u4f7f\u7528\u7684\u5f8c\u9580\u7a0b\u5f0fTaidoor\u51fa\u73fe\u5728\u53f0\u7063\u7684APT\u653b\u64ca\uff0c\u4e5f\u5c31\u662f\u8aaa\uff0c\u4e2d\u570b\u99ed\u5ba2\u53ea\u82b13\u5929\u6642\u9593\u5c31\u6539\u88dd\u6b66\u5668\uff0c\u628a\u60e1\u610f\u7a0b\u5f0f\u7f6e\u63db\u6210\u5f8c\u9580\u7a0b\u5f0f\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/farm8.staticflickr.com\/7427\/13925339381_75294e12ba.jpg\" alt=\"\" \/><\/p>\n<p>APT\u653b\u64ca\u6642\u7a0b\uff08\u651d\u5f71\uff0f\u90ed\u829d\u6995\u3002\u8cc7\u6599\u4f86\u6e90\uff1a\u90b1\u9298\u5f70\u6295\u5f71\u7247\uff09<\/p>\n<p>&nbsp;<\/p><\/div>\n<p><script type=\"text\/javascript\"><!--\ngoogle_ad_client = \"ca-pub-1319158505166829\";\n\/* 468x60, \u5df2\u5efa\u7acb 2010\/10\/17 *\/\ngoogle_ad_slot = \"7257811969\";\ngoogle_ad_width = 468;\ngoogle_ad_height = 60;\n\/\/-->\n<\/script> <script type=\"text\/javascript\"\nsrc=\"http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js\">\n<\/script> <br \/>\n<br type=\"_moz\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp;\u6578\u4f4d\u6642\u4ee3\u7db2\u7ad9\uff5c\u64b0\u6587\u8005\uff1a\u90ed\u829d\u6995\u767c\u8868\u65e5\u671f\uff1a2014-04-21 \u4f60\u66fe\u7d93\u5728\u4fe1\u7bb1\u4e2d\u6536\u5230\u985e\u4f3c\u300c\u5169\u5cb8\u5354\u8b70\u76e3\u7763\u689d [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1404","post","type-post","status-publish","format-standard","hentry","category-informationsecurity"],"_links":{"self":[{"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1404"}],"version-history":[{"count":0,"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1404\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyberhunter.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}