{"id":14625,"date":"2023-08-11T07:00:00","date_gmt":"2023-08-11T04:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=14625"},"modified":"2023-08-11T10:20:35","modified_gmt":"2023-08-11T07:20:35","slug":"emotet-geri-dondu-lokibot-%c9%99vv%c9%99lki-kimi-aktivdir","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=14625","title":{"rendered":"Emotet geri d\u00f6nd\u00fc, Lokibot \u0259vv\u0259lki kimi aktivdir"},"content":{"rendered":"\n

Emotet geri d\u00f6nd\u00fc, Lokibot \u0259vv\u0259lki kimi aktivdir – “Kaspersky” aktual kibert\u0259hl\u00fck\u0259l\u0259rd\u0259n dan\u0131\u015f\u0131r<\/strong><\/p>\n\n\n\n

Kibert\u0259hl\u00fck\u0259 m\u0259nz\u0259r\u0259si daim geni\u015fl\u0259nir v\u0259 m\u00fcr\u0259kk\u0259bl\u0259\u015fir v\u0259 Kaspersky buna dair daim yeni s\u00fcbutlar\u0131 tap\u0131r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Yeni y\u00fckl\u0259yici.<\/strong> 2023-c\u00fc ilin iyun ay\u0131nda “Kaspersky” t\u0259dqiqat\u00e7\u0131lar\u0131 yeni y\u00fckl\u0259yici a\u015fkarlay\u0131blar. Ona “DarkGate” ad\u0131 verilib. Bu y\u00fckl\u0259yici adi z\u0259r\u0259rverici proqramlarla m\u00fcqayis\u0259d\u0259 qabaqc\u0131l funksiyalara malikdir. <\/p>\n\n\n\n

“DarkGate”-in x\u00fcsusiyy\u0259tl\u0259ri aras\u0131na “Microsoft Defender” m\u00fcdafi\u0259 vasit\u0259l\u0259rind\u0259n yan ke\u00e7\u0259n gizli VNC ba\u011flant\u0131s\u0131, brauzer tarixini o\u011furlamaq funksiyas\u0131, \u0259ks proksi, fayl meneceri v\u0259 Discord tokenl\u0259rini o\u011furlamaq imkan\u0131 daxildir. Yoluxma z\u0259nciri d\u00f6rd m\u0259rh\u0259l\u0259d\u0259n ibar\u0259tdir. H\u0259r bir m\u0259rh\u0259l\u0259 unikal a\u00e7ar v\u0259 “Base64” kodla\u015fd\u0131rmas\u0131n\u0131n d\u0259yi\u015fdirilmi\u015f versiyas\u0131 (\u00f6z simvol d\u0259sti il\u0259) il\u0259 \u015fifr\u0259l\u0259nir.<\/p>\n\n\n\n

Emotetin qay\u0131d\u0131\u015f\u0131.<\/strong> Z\u0259r\u0259rverici botnetin f\u0259aliyy\u0259ti 2021-ci ild\u0259 l\u0259\u011fv edildikd\u0259n sonra ilk d\u0259f\u0259 olaraq bu il yenid\u0259n diqq\u0259t m\u0259rk\u0259zin\u0259 qay\u0131d\u0131b. H\u00fccumlar\u0131n yeni dal\u011fas\u0131nda t\u0259cav\u00fczkarlar z\u0259r\u0259rli “OneNote” fayllar\u0131 qo\u015fulmu\u015f e-po\u00e7t g\u00f6nd\u0259rm\u0259kl\u0259 m\u0259\u015fhur yoluxma vektorundan istifad\u0259 edibl\u0259r. \u018fg\u0259r qurban qo\u015fman\u0131 a\u00e7maq ist\u0259y\u0259rs\u0259, z\u0259r\u0259rverici “VBScript” i\u015f\u0259 d\u00fc\u015f\u00fcr.<\/p>\n\n\n\n

M\u0259\u015fhur stilerin (stealer) istifad\u0259 edildiyi yeni kampaniya.<\/strong> “Kaspersky” t\u0259dqiqat\u00e7\u0131lar\u0131 d\u0259niz yolu il\u0259 y\u00fckda\u015f\u0131ma xidm\u0259ti g\u00f6st\u0259r\u0259n t\u0259\u015fkilatlara y\u00f6n\u0259lmi\u015f yeni fi\u015finq kampaniyas\u0131 da a\u015fkar edib. Kampaniya zaman\u0131 t\u0259cav\u00fczkarlar “Lokibot”-u t\u0259tbiq edibl\u0259r. Bu m\u0259lumat o\u011furlu\u011fu proqram\u0131 y\u0259ni stiler ilk d\u0259f\u0259 2016-c\u0131 ild\u0259 a\u015fkar edilib. O, m\u00fcxt\u0259lif proqramlardan, o c\u00fcml\u0259d\u0259n brauzerl\u0259rd\u0259n v\u0259 FTP m\u00fc\u015ft\u0259ril\u0259rind\u0259n hesab m\u0259lumatlar\u0131n\u0131 o\u011furlamaq \u00fc\u00e7\u00fcn n\u0259z\u0259rd\u0259 tutulub. Bu h\u00fccumun bir hiss\u0259si kimi g\u00f6nd\u0259ril\u0259n e-po\u00e7tlarda istifad\u0259\u00e7il\u0259ri makroslar\u0131 aktivl\u0259\u015fdirm\u0259y\u0259 s\u00f6vq ed\u0259n “Excel” fayl\u0131 yer al\u0131b. T\u0259cav\u00fczkarlar “Microsoft Office”-d\u0259 (CVE-2017-0199<\/a>) RTF s\u0259n\u0259dinin y\u00fckl\u0259nm\u0259sin\u0259 s\u0259b\u0259b olan m\u0259lum z\u0259iflikd\u0259n istifad\u0259 edibl\u0259r. Bu RTF s\u0259n\u0259di daha sonra “LokiBot”-u sistem\u0259 y\u00fckl\u0259m\u0259k v\u0259 i\u015f\u0259 salmaq \u00fc\u00e7\u00fcn ba\u015fqa bir z\u0259iflikd\u0259n (CVE-2017-11882<\/a>) istifad\u0259 edir.<\/p>\n\n\n\n

\u201cEmotet”-in dir\u00e7\u0259li\u015fi v\u0259 “Lokibot”-un davaml\u0131 istifad\u0259si, “DarkGate”-in peyda olmas\u0131 qar\u015f\u0131la\u015fd\u0131\u011f\u0131m\u0131z kibert\u0259hl\u00fck\u0259l\u0259rin daim inki\u015fafda olmas\u0131n\u0131 xat\u0131rlad\u0131r. T\u0259cav\u00fczkarlar h\u0259r zaman yoluxma \u00fcsullar\u0131n\u0131n m\u00fcr\u0259kk\u0259bliyini art\u0131r\u0131rlar v\u0259 t\u0259\u015fkilatlar \u00fc\u00e7\u00fcn ilk n\u00f6vb\u0259d\u0259 hans\u0131 kibert\u0259hl\u00fck\u0259l\u0259rd\u0259n qorunma\u011f\u0131 m\u00fc\u0259yy\u0259n etm\u0259k \u00e7\u0259tinl\u0259\u015fir. Bu i\u015fd\u0259 t\u0259cav\u00fczkarlar\u0131n \u0259n son taktikalar\u0131, metodlar\u0131 v\u0259 prosedurlar\u0131 haqq\u0131nda hesabatlar k\u00f6m\u0259y\u0259 \u00e7at\u0131r”, – dey\u0259 “Kaspersky”-nin Rusiya T\u0259dqiqat M\u0259rk\u0259zinin R\u0259hb\u0259ri Dmitri Qalov qeyd edir.<\/p>\n\n\n\n

Yeni yoluxma \u00fcsullar\u0131 haqq\u0131nda \u0259trafl\u0131 m\u0259lumat\u0131 ayr\u0131ca hesabatda<\/a> g\u00f6r\u0259 bil\u0259rsiniz.<\/p>\n\n\n\n

\u015eirk\u0259ti kiberh\u00fccumlardan qorumaq \u00fc\u00e7\u00fcn “Kaspersky” m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edirl\u0259r:<\/p>\n\n\n\n

1. z\u0259iflikl\u0259rd\u0259n istifad\u0259nin qar\u015f\u0131s\u0131n\u0131 almaq \u00fc\u00e7\u00fcn istifad\u0259d\u0259 olan b\u00fct\u00fcn cihazlarda proqram t\u0259minat\u0131n\u0131 m\u00fct\u0259madi olaraq yenil\u0259yin;
2. korporativ xidm\u0259tl\u0259r \u00fc\u00e7\u00fcn g\u00fccl\u00fc \u015fifr\u0259l\u0259rin yarad\u0131lmas\u0131 v\u0259 onlar\u0131n m\u00fcnt\u0259z\u0259m d\u0259yi\u015fdirilm\u0259si siyas\u0259tini t\u0259tbiq edin v\u0259 ona \u0259m\u0259l olunmas\u0131na n\u0259zar\u0259t edin;
3. uzaqdan xidm\u0259tl\u0259r\u0259 daxil olmaq \u00fc\u00e7\u00fcn \u00e7oxfaktorlu autentifikasiya qura\u015fd\u0131r\u0131n;
4. m\u0259lum v\u0259 nam\u0259lum t\u0259hl\u00fck\u0259l\u0259rd\u0259n effektiv \u015f\u0259kild\u0259 qorunmaq \u00fc\u00e7\u00fcn davran\u0131\u015f a\u015fkarlama v\u0259 anomaliyalara n\u0259zar\u0259t moduluna malik\u00a0biznes \u00fc\u00e7\u00fcn Kaspersky Security<\/a>\u00a0kimi etibarl\u0131 h\u0259ll t\u0259tbiq edin;
5. t\u0259cav\u00fczkarlar \u0259h\u0259miyy\u0259tli z\u0259r\u0259r vurmazdan \u0259vv\u0259l h\u00fccumlar\u0131 ilkin m\u0259rh\u0259l\u0259d\u0259 tan\u0131ya v\u0259 dayand\u0131ra bil\u0259n “Kaspersky ManagedDetection and Response<\/a>” kimi EDR h\u0259lli v\u0259 xidm\u0259ti t\u0259tbiq edin.<\/p>\n","protected":false},"excerpt":{"rendered":"

Emotet geri d\u00f6nd\u00fc, Lokibot \u0259vv\u0259lki kimi aktivdir – “Kaspersky” aktual kibert\u0259hl\u00fck\u0259l\u0259rd\u0259n dan\u0131\u015f\u0131r Kibert\u0259hl\u00fck\u0259 m\u0259nz\u0259r\u0259si daim geni\u015fl\u0259nir v\u0259 m\u00fcr\u0259kk\u0259bl\u0259\u015fir v\u0259 Kaspersky buna dair daim yeni s\u00fcbutlar\u0131 tap\u0131r. Yeni y\u00fckl\u0259yici. 2023-c\u00fc ilin iyun ay\u0131nda “Kaspersky” t\u0259dqiqat\u00e7\u0131lar\u0131 yeni…<\/p>\n","protected":false},"author":2,"featured_media":9274,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/14625"}],"collection":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14625"}],"version-history":[{"count":1,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/14625\/revisions"}],"predecessor-version":[{"id":14626,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/14625\/revisions\/14626"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/media\/9274"}],"wp:attachment":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}