{"id":22962,"date":"2022-08-02T07:41:20","date_gmt":"2022-08-01T23:41:20","guid":{"rendered":"http:\/\/www.gocpmall.com\/?p=22962"},"modified":"2022-08-02T07:41:20","modified_gmt":"2022-08-01T23:41:20","slug":"lockbit%e6%94%bb%e5%87%bb%e8%80%85%e6%bb%a5%e7%94%a8defender%e6%9d%a5%e6%84%9f%e6%9f%93%e8%ae%be%e5%a4%87","status":"publish","type":"post","link":"https:\/\/www.gocpmall.com\/?p=22962","title":{"rendered":"LockBit\u653b\u51fb\u8005\u6ee5\u7528Defender\u6765\u611f\u67d3\u8bbe\u5907"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/static.cnbetacdn.com\/thumb\/article\/2022\/0730\/c4f4c7fd088be6d.jpg\" alt=\"news image\"><br \/>&#22312;&#21338;&#25991;&#20013;&#65292;SentinelOne &#34920;&#31034;&#65306;&#8221;&#22312;&#36817;&#26399;&#30340;&#35843;&#26597;&#20013;&#65292;&#25105;&#20204;&#21457;&#29616;&#23041;&#32961;&#32773;&#28389;&#29992; Windows Defender &#21629;&#20196;&#34892;&#24037;&#20855; MpCmdRun.exe &#26469;&#30772;&#35793;&#21644;&#21152;&#36733; Cobalt Strike&#8221;&#12290; &#36825;&#31181;&#25915;&#20987;&#26041;&#24335;&#21644;&#27492;&#21069;&#26333;&#20809;&#30340; VMWare CLI &#26696;&#20214;&#38750;&#24120;&#30456;&#20284;&#12290;&#25915;&#20987;&#32773;&#21033;&#29992; Log4j &#28431;&#27934;&#19979;&#36733; MpCmdRun&#65292;&#25191;&#34892;&#20174; Command-and-Control (C2) &#26381;&#21153;&#22120;&#19979;&#36733;&#24694;&#24847; DLL &#25991;&#20214;&#21644;&#32463;&#36807;&#21152;&#23494;&#30340; Cobalt Strike payload &#25991;&#20214;&#65292;&#20174;&#32780;&#24863;&#26579;&#21463;&#23475;&#32773;&#30340;&#31995;&#32479;&#12290; &#28389;&#29992;&#30340; MpCmd.exe &#21487;&#20197;&#20391;&#36733;&#32463;&#36807;&#25913;&#35013;&#30340; mpclient.dll&#65292;&#35813; dll &#25991;&#20214;&#20174; c 15.log &#25991;&#20214;&#20013;&#21152;&#36733;&#21644;&#35299;&#23494; Cobalt Strike Beacond&#12290;<br \/><a href=\"https:\/\/www.cnbeta.com\/articles\/tech\/1298713.htm\" class=\"button purchase\" rel=\"nofollow noopener\">&#38405;&#35835;&#26356;&#22810;&#65288;Read More&#65289;<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#22312;&#21338;&#25991;&#20013;&#65292;SentinelOne &#038;#3 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":22963,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-22962","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-localnews"],"_links":{"self":[{"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=\/wp\/v2\/posts\/22962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=22962"}],"version-history":[{"count":0,"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=\/wp\/v2\/posts\/22962\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=\/wp\/v2\/media\/22963"}],"wp:attachment":[{"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=22962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=22962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gocpmall.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=22962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}