{"id":145233,"date":"2025-04-14T10:31:14","date_gmt":"2025-04-14T17:31:14","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=145233"},"modified":"2025-07-04T11:41:29","modified_gmt":"2025-07-04T18:41:29","slug":"slow-pisces-new-custom-malware","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/","title":{"rendered":"Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4"},"content":{"rendered":"<h2><a id=\"post-145233-_heading=h.t03mhfi99ws8\"><\/a>\u57f7\u884c\u6458\u8981<\/h2>\n<p>Slow Pisces\uff08\u53c8\u540d Jade Sleet\u3001TraderTraitor\u3001PUKCHONG\uff09\u662f\u5317\u97d3\u570b\u5bb6\u652f\u6301\u7684\u5a01\u8105\u7d44\u7e54\uff0c\u4e3b\u8981\u8457\u91cd\u65bc\u70ba\u5317\u97d3\u653f\u6b0a\u5275\u9020\u8ca1\u653f\u6536\u5165\uff0c\u901a\u5e38\u4ee5\u52a0\u5bc6\u8ca8\u5e63\u9818\u57df\u76f8\u95dc\u7684\u5927\u578b\u7d44\u7e54\u70ba\u653b\u64ca\u76ee\u6a19\u3002\u672c\u6587\u5206\u6790\u4ed6\u5011\u7684\u6d3b\u52d5\uff0c\u6211\u5011\u8a8d\u70ba\u9019\u8207\u6700\u8fd1\u7684\u52a0\u5bc6\u8ca8\u5e63\u6436\u52ab\u6848\u6709\u95dc\u3002<\/p>\n<p>\u5728\u6b64\u6d3b\u52d5\u4e2d\uff0c <a href=\"https:\/\/unit42.paloaltonetworks.com\/threat-actor-groups-tracked-by-palo-alto-networks-unit-42\/#:~:text=Slow%20Pisces%20is%20North%20Korea%27s%20nation%20state%20threat%20group%20under%20Reconnaissance%20General%20Bureau%20(RGB)%20of%20DPRK.%20It%27s%20believed%20to%20be%20a%20spin%2Doff%20from%20the%20Lazarus%20group%20with%20focus%20on%20financial%20gathering%20and%20crypto%20industry%20targeting%20goals\" target=\"_blank\" rel=\"noopener\">Slow Pisces<\/a> \u5728 LinkedIn \u4e0a\u8207\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u63a5\u6d3d\uff0c\u5192\u5145\u6f5b\u5728\u96c7\u4e3b\uff0c\u4e26\u50b3\u9001\u507d\u88dd\u6210\u300c\u7de8\u78bc\u6311\u6230\u300d\u7684\u60e1\u610f\u8edf\u9ad4\u3002\u9019\u4e9b\u6311\u6230\u9700\u8981\u958b\u767c\u4eba\u54e1\u57f7\u884c\u5df2\u7d93\u906d\u5230\u60e1\u610f\u690d\u5165\u7684\u5c08\u6848\u6848\uff0c\u9032\u800c\u5728\u7cfb\u7d71\u4e0a\u5b89\u88dd\u6211\u5011\u547d\u540d\u70ba RN Loader \u548c RN Stealer \u7684\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n<p>\u64da\u5831\u5c0e\uff0c\u8a72\u7d44\u7e54<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/security-insider\/microsoft-digital-defense-report-2023\" target=\"_blank\" rel=\"noopener\">\u5728 2023 \u5e74\u5f9e\u52a0\u5bc6\u8ca8\u5e63\u7522\u696d\u7aca\u53d6\u8d85\u904e 10 \u5104\u7f8e\u5143<\/a>\u3002\u4ed6\u5011\u4f7f\u7528\u5404\u7a2e\u65b9\u6cd5\u9054\u6210\u6b64\u76ee\u6a19\uff0c\u5305\u62ec<a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa22-108a\" target=\"_blank\" rel=\"noopener\">\u865b\u5047\u7684\u4ea4\u6613\u61c9\u7528\u7a0b\u5f0f<\/a>\u3001\u900f\u904e<a href=\"https:\/\/github.blog\/security\/vulnerability-research\/security-alert-social-engineering-campaign-targets-technology-industry-employees\/\" target=\"_blank\" rel=\"noopener\">\u7bc0\u9ede\u5957\u4ef6\u7ba1\u7406\u54e1 (Node Package Manager ,NPM)<\/a> \u6563\u4f48\u7684\u60e1\u610f\u8edf\u9ad4\uff0c\u4ee5\u53ca<a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/north-korea-supply-chain\" target=\"_blank\" rel=\"noopener\">\u4f9b\u61c9\u93c8\u653b\u64ca<\/a>\u3002<\/p>\n<p>2024 \u5e74 12 \u6708\uff0c\u4e00\u5bb6\u65e5\u672c\u52a0\u5bc6\u8ca8\u5e63\u516c\u53f8\u7684 3.08 \u5104\u7f8e\u5143\u5931\u7aca\u6848\u88ab<a href=\"https:\/\/www.fbi.gov\/news\/press-releases\/fbi-dc3-and-npa-identification-of-north-korean-cyber-actors-tracked-as-tradertraitor-responsible-for-theft-of-308-million-from-bitcoindmmcom\" target=\"_blank\" rel=\"noopener\">FBI \u5c07\u6b78\u548e<\/a> \u65bc Slow Pisces\u3002\u6700\u8fd1\uff0c\u8a72\u7d44\u7e54\u56e0\u6d89\u5acc\u53c3\u8207\u4e00\u8d77\u675c\u62dc\u52a0\u5bc6\u8ca8\u5e63\u4ea4\u6613\u6240\u9ad8\u9054 <a href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250226\" target=\"_blank\" rel=\"noopener\">15 \u5104\u7f8e\u5143\u7684\u76dc\u7aca\u6848<\/a> \u800c\u6210\u70ba\u982d\u689d\u65b0\u805e\u3002<\/p>\n<p>\u91dd\u5c0d\u9019\u6ce2\u884c\u52d5\uff0c\u6211\u5011\u5df2\u5c07\u5a01\u8105\u60c5\u5831\u5206\u4eab\u7d66 GitHub \u548c LinkedIn \u7684\u5206\u6790\u5718\u968a\uff0c\u4ee5\u5354\u52a9\u4e0b\u67b6\u653b\u64ca\u8005\u7684\u76f8\u95dc\u5e33\u865f\u548c\u60e1\u610f\u7a0b\u5f0f\u78bc\u5132\u5b58\u5eab\u3002<\/p>\n<p>\u4ed6\u5011\u63d0\u4f9b\u4ee5\u4e0b\u8072\u660e\u4f5c\u70ba\u56de\u61c9\uff1a<\/p>\n<p style=\"padding-left: 40px;\"><i><span style=\"font-weight: 400;\">GitHub \u548c LinkedIn \u56e0\u9019\u4e9b\u60e1\u610f\u5e33\u6236\u9055\u53cd\u5404\u81ea\u7684\u670d\u52d9\u689d\u6b3e\u800c\u5c07\u5176\u79fb\u9664\u3002\u5728\u6211\u5011\u6240\u6709\u7684\u7522\u54c1\u4e2d\uff0c\u6211\u5011\u4f7f\u7528\u81ea\u52d5\u5316\u6280\u8853\uff0c\u7d50\u5408\u8abf\u67e5\u5c08\u5bb6\u5718\u968a\u548c\u4f7f\u7528\u8005\u8209\u5831\u6a5f\u5236\u4f86\u6253\u64ca\u4e0d\u826f\u884c\u70ba\u8005\u548c\u5f37\u5236\u57f7\u884c\u670d\u52d9\u689d\u6b3e\u3002\u6211\u5011\u5c07\u4e0d\u65b7\u5730\u512a\u5316\u548c\u6539\u5584\u6211\u5011\u7684\u6d41\u7a0b\uff0c\u4e26\u9f13\u52f5\u6211\u5011\u7684\u5ba2\u6236\u548c\u6703\u54e1\u7528\u6236\u4e3b\u52d5\u8209\u5831\u4efb\u4f55\u53ef\u7591\u7684\u6d3b\u52d5\u3002<\/span><\/i><\/p>\n<p style=\"padding-left: 40px;\"><b><i>\u5176\u4ed6\u8cc7\u8a0a<\/i><\/b><\/p>\n<ul>\n<li><i><span style=\"font-weight: 400;\">GitHub \u4f7f\u7528\u8005\u53ef\u4ee5\u53c3\u8003\u5728\u6211\u5011\u7684 <\/span><\/i><a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__docs.github.com_en_site-2Dpolicy_acceptable-2Duse-2Dpolicies_github-2Dacceptable-2Duse-2Dpolicies&amp;amp;d=DwMGaQ&amp;amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;amp;r=_lIJbiuLEsecGC88yMz56rH6l-Y5OB28uwt-Y9Xz4rE&amp;amp;m=UGRFdaU0cIscSEQoBgGwJQdMeZgVigbcDnGPmHQpONBJ7WMaQJJPO7CyDeS05g6u&amp;amp;s=Q3c625ggV3WuLxlSWstf7yxNVIxr6RXfLqXEs4YQhfI&amp;amp;e=\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400;\">\u53ef\u63a5\u53d7\u4f7f\u7528\u653f\u7b56<\/span><\/i><\/a><i><span style=\"font-weight: 400;\">\u548c \u8209\u5831<\/span><\/i><a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__docs.github.com_en_communities_maintaining-2Dyour-2Dsafety-2Don-2Dgithub_reporting-2Dabuse-2Dor-2Dspam&amp;amp;d=DwMGaQ&amp;amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;amp;r=_lIJbiuLEsecGC88yMz56rH6l-Y5OB28uwt-Y9Xz4rE&amp;amp;m=UGRFdaU0cIscSEQoBgGwJQdMeZgVigbcDnGPmHQpONBJ7WMaQJJPO7CyDeS05g6u&amp;amp;s=w_rzmUGqBolbje6bXMIl06IDbCkfN_csSaR7Aw6f9hA&amp;amp;e=\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400;\">\u6feb\u7528\u548c\u5783\u573e\u90f5\u4ef6<\/span><\/i><\/a><i><span style=\"font-weight: 400;\">\u9801\u9762\u4ee5\u7372\u5f97\u66f4\u591a\u8cc7\u8a0a\u3002<\/span><\/i><\/li>\n<li><i>LinkedIn \u4f7f\u7528\u8005\u53ef\u5728\u6b64\u77ad\u89e3\u66f4\u591a\u95dc\u65bc\u8b58\u5225\u548c\u5831\u544a\u6feb\u7528\u7684\u8cc7\u8a0a\uff1a<\/i><a href=\"https:\/\/urldefense.proofpoint.com\/v2\/url?u=https-3A__www.linkedin.com_help_linkedin_answer_a1344213&amp;amp;d=DwMGaQ&amp;amp;c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&amp;amp;r=_lIJbiuLEsecGC88yMz56rH6l-Y5OB28uwt-Y9Xz4rE&amp;amp;m=UGRFdaU0cIscSEQoBgGwJQdMeZgVigbcDnGPmHQpONBJ7WMaQJJPO7CyDeS05g6u&amp;amp;s=MWowAjuRradajHCOP9WGk5AkD3krn1yWpFfUQ4gm1EA&amp;amp;e=\" target=\"_blank\" rel=\"noopener\"><i>\u8b58\u5225\u548c\u5831\u544a\u5783\u573e\u90f5\u4ef6\u3001\u4e0d\u7576\u548c\u6feb\u7528\u5167\u5bb9 | LinkedIn \u8aaa\u660e<\/i><\/a><i>\u3002<\/i><\/li>\n<\/ul>\n<p>\u672c\u5831\u544a\u8a73\u7d30\u4ecb\u7d39 Slow Pisces \u5982\u4f55\u5c07\u60e1\u610f\u8edf\u9ad4\u96b1\u85cf\u5728\u5176\u767c\u9001\u7684\u7de8\u78bc\u6311\u6230\u4e2d\uff0c\u4e26\u63cf\u8ff0\u8a72\u5718\u9ad4\u7684\u5f8c\u7e8c\u5de5\u5177\uff0c\u76ee\u7684\u662f\u8b93\u66f4\u591a\u696d\u754c\u4eba\u58eb\u66f4\u4e86\u89e3\u6b64\u5a01\u8105\u3002<\/p>\n<p>\u900f\u904e\u6211\u5011\u7684\u5177\u6709<a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-url-filtering\/administration\" target=\"_blank\" rel=\"noopener\">\u9032\u968e URL \u7be9\u9078<\/a>\u548c<a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">\u9032\u968e DNS \u5b89\u5168\u6027<\/a>\u8a02\u95b1\u7684<a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">\u65b0\u4e00\u4ee3\u9632\u706b\u7246<\/a>\uff0cPalo Alto Networks \u5ba2\u6236\u53ef\u4ee5\u66f4\u597d\u5730\u514d\u53d7\u672c\u6587\u8a0e\u8ad6\u7684\u5a01\u8105\u3002<\/p>\n<p>\u5982\u679c\u60a8\u8a8d\u70ba\u81ea\u5df1\u53ef\u80fd\u5df2\u53d7\u5230\u5371\u5bb3\u6216\u6709\u7dca\u6025\u60c5\u6cc1\uff0c\u8acb\u806f\u7d61 <a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">Unit 42 \u4e8b\u4ef6\u56de\u61c9\u5718\u968a<\/a>.<\/p>\n<table style=\"width: 92.0157%;\">\n<thead>\n<tr>\n<td style=\"width: 35%;\"><b>\u76f8\u95dc Unit 42 \u8ab2\u984c<\/b><\/td>\n<td style=\"width: 224.094%;\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/tag\/cryptocurrency-zh-hant\/\" target=\"_blank\" rel=\"noopener\"><b>Cryptocurrency<\/b><\/a>, <strong><a href=\"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/tag\/dprk-zh-hant\/\" target=\"_blank\" rel=\"noopener\">DPRK<\/a><\/strong><\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<h2><a id=\"post-145233-_heading=h.wjteeltdxi04\"><\/a>\u6280\u8853\u5206\u6790<\/h2>\n<p>\u6211\u5011\u5c0d\u9019\u9805\u6d3b\u52d5\u7684\u53ef\u8996\u6027\u5927\u81f4\u9075\u5faa\u4e09\u500b\u6b65\u9a5f\uff0c\u5982\u4e0b\u5716 1 \u6240\u793a\u3002<\/p>\n<figure id=\"attachment_145334\" aria-describedby=\"caption-attachment-145334\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145334 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/04\/2476_Diagrams-5-755x440.png\" alt=\"\u8aaa\u660e\u6d89\u53ca PDF \u8a98\u990c\u3001GitHub \u5132\u5b58\u5eab\u548c C2 \u4f3a\u670d\u5668\u7684\u7db2\u8def\u5b89\u5168\u5a01\u8105\u7684\u5716\u8868\u3002\u5716\u4e2d\u986f\u793a 1) PDF \u6a94\u6848 (\u4f8b\u5982\u5de5\u4f5c\u8aaa\u660e\u548c\u8a66\u984c\u8868) \u5145\u7576\u8a98\u990c\uff1b2) GitHub JavaScript \u548c Python \u5132\u5b58\u5eab\u5177\u6709\u591a\u7a2e\u5916\u90e8 API\uff0c\u53ef\u80fd\u6703\u64f7\u53d6\u60e1\u610f\u8cc7\u6599\uff1b\u4ee5\u53ca 3) C2 \u4f3a\u670d\u5668\u914d\u7f6e\u70ba\u5728\u7279\u5b9a\u60c5\u6cc1\u4e0b\u50b3\u9001\u826f\u6027\u8cc7\u6599\u6216\u60e1\u610f\u6709\u6548\u8f09\u8377\u3002\u5305\u542b Palo Alto Networks \u548c UNIT 42 \u6a19\u8a8c\u3002\" width=\"800\" height=\"466\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/04\/2476_Diagrams-5-755x440.png 755w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/04\/2476_Diagrams-5-1202x700.png 1202w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/04\/2476_Diagrams-5-768x447.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/04\/2476_Diagrams-5.png 1291w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-145334\" class=\"wp-caption-text\">\u5716 1.Slow Pisces\u300c\u7de8\u78bc\u6311\u6230\u300d\u6d3b\u52d5\u6982\u8ff0\u3002<\/figcaption><\/figure>\n<h3><a id=\"post-145233-_heading=h.gxbs1rq75xsw\"><\/a>\u7b2c 1 \u968e\u6bb5 - PDF \u8a98\u990c<\/h3>\n<p>Slow Pisces \u4e00\u958b\u59cb\u5728 LinkedIn \u4e0a\u5192\u5145\u62db\u8058\u4eba\u54e1\u8207\u6f5b\u5728\u76ee\u6a19\u63a5\u89f8\uff0c\u4e26\u50b3\u9001\u4e00\u4efd\u770b\u4f3c\u7121\u5bb3\u7684 PDF \u6a94\u6848\u7d66\u4ed6\u5011\uff0c\u5167\u5bb9\u662f\u4e00\u4efd\u5de5\u4f5c\u8077\u7f3a\u7684\u63cf\u8ff0\uff0c\u5982\u4e0b\u5716 2 \u6240\u793a\u3002\u5982\u679c\u6f5b\u5728\u76ee\u6a19\u63d0\u51fa\u7533\u8acb\uff0c\u653b\u64ca\u8005\u5c31\u6703\u5411\u4ed6\u5011\u63d0\u51fa\u7de8\u78bc\u7a0b\u5f0f\u6311\u6230\u4f5c\u70ba\u61c9\u5fb5\u7684\u4e00\u90e8\u5206\uff0c\u5176\u4e2d\u5305\u62ec\u591a\u500b\u4efb\u52d9\u6216\u984c\u76ee\uff0c\u8981\u6c42\u61c9\u5fb5\u8005\u5728\u672c\u5730\u7aef\u4e0b\u8f09\u4e26\u57f7\u884c\u5c08\u6848\u7a0b\u5f0f\u78bc\u3002<\/p>\n<figure id=\"attachment_145245\" aria-describedby=\"caption-attachment-145245\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145245 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-332053-145233-2.png\" alt=\"\u5716\u7247\u4e2d\u4e26\u6392\u986f\u793a\u5169\u500b\u6587\u4ef6\u3002\u5de6\u908a\u662f UX \u8a2d\u8a08\u5718\u968a\u5354\u8abf\u54e1\u7684\u300c\u5de5\u4f5c\u63cf\u8ff0\u300d\u3002\u53f3\u908a\u662f\u4e00\u4efd\u300c\u554f\u984c\u8868\u300d\uff0c\u5305\u542b\u8207\u4f7f\u7528\u8005\u7d93\u9a57 (UX) \u8a2d\u8a08\u76f8\u95dc\u7684\u6280\u8853\u8207\u4e00\u822c\u554f\u984c\u3002\" width=\"1000\" height=\"715\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-332053-145233-2.png 1580w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-332053-145233-2-615x440.png 615w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-332053-145233-2-979x700.png 979w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-332053-145233-2-768x549.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-332053-145233-2-1536x1099.png 1536w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-145245\" class=\"wp-caption-text\">\u5716 2.\u826f\u6027 PDF \u8a98\u990c\u3002<\/figcaption><\/figure>\n<p>\u6211\u5011\u89c0\u5bdf\u5230 Slow Pisces \u5192\u5145\u591a\u500b\u4f01\u696d\u7d44\u7e54\u9032\u884c\u9019\u4e9b\u8a98\u9a19\uff0c\u9019\u4e9b\u7d44\u7e54\u4e3b\u8981\u662f\u5728\u52a0\u5bc6\u8ca8\u5e63\u9818\u57df\u3002\u653b\u64ca\u8005\u63d0\u4f9b\u7684\u57ce\u5e02\u6311\u6230\u8aaa\u660e\u6587\u4ef6\u5305\u62ec\u4e00\u822c\u7684\u8edf\u9ad4\u958b\u767c\u4efb\u52d9\u548c\u4e00\u500b\u300c\u771f\u5be6\u5c08\u6848\u300d\u7684\u7de8\u78bc\u6311\u6230\uff0c\u4e26\u9023\u7d50\u5230\u4e0b\u5716 3 \u6240\u793a\u7684 GitHub \u7a0b\u5f0f\u78bc\u5132\u5b58\u5eab\u3002<\/p>\n<figure id=\"attachment_145256\" aria-describedby=\"caption-attachment-145256\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145256 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-335683-145233-3.png\" alt=\"\u6a19\u984c\u70ba \u300cCoding and Problem-Solving Skills With Real Project\u300d \u7684\u6587\u4ef6\u622a\u5716\u3002\u5176\u4e2d\u5305\u542b\u4e00\u500b GitHub \u5132\u5b58\u5eab\u7684\u9023\u7d50\uff0c\u4e26\u6982\u8ff0\u4e86\u4e00\u9805\u6d89\u53ca\u4f86\u81ea API \u4f86\u6e90\u7684\u6bd4\u7279\u5e63\u548c\u4ee5\u592a\u574a\u532f\u7387\u7684\u7de8\u78bc\u4efb\u52d9\u3002\u6587\u4e2d\u8981\u6c42\u900f\u904e\u589e\u52a0\u66f4\u591a\u7684\u5e02\u5834 API \u4ee5\u53ca\u6539\u5584\u7a0b\u5f0f\u78bc\u4e2d\u7684\u7db2\u8def\u901a\u8a0a\u4f86\u5f37\u5316\u8a72\u5c08\u6848\u3002\" width=\"800\" height=\"408\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-335683-145233-3.png 1942w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-335683-145233-3-786x401.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-335683-145233-3-1373x700.png 1373w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-335683-145233-3-768x392.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-335683-145233-3-1536x783.png 1536w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-145256\" class=\"wp-caption-text\">\u5716 3.PDF \u8a98\u60d1\u4e2d\u5305\u542b\u7684\u300c\u771f\u5be6\u5c08\u6848\u300d\u7de8\u78bc\u6311\u6230\u3002<\/figcaption><\/figure>\n<h3><a id=\"post-145233-_heading=h.y9pakfo2vfee\"><\/a>\u7b2c 2 \u968e\u6bb5 - GitHub \u5132\u5b58\u5eab<\/h3>\n<p>Slow Pisces \u4ee5 GitHub \u7a0b\u5f0f\u78bc\u5132\u5b58\u5eab\u4e2d\u7684\u5c08\u6848\u70ba\u76ee\u6a19\uff0c\u63d0\u51fa\u6240\u8b02\u7684\u7de8\u78bc\u6311\u6230\u3002\u7a0b\u5f0f\u78bc\u5132\u5b58\u5eab\u5305\u542b\u6539\u7de8\u81ea\u958b\u653e\u6e90\u78bc\u5c08\u6848\u7684\u7a0b\u5f0f\u78bc\uff0c\u5176\u8868\u9762\u529f\u80fd\u662f\u7528\u4f86\u6aa2\u8996\u548c\u5206\u6790\u4e0b\u5217\u985e\u578b\u7684\u8cc7\u6599\uff1a<\/p>\n<ul>\n<li>\u80a1\u7968\u5e02\u5834\u8cc7\u8a0a<\/li>\n<li>\u6b50\u6d32\u8db3\u7403\u806f\u8cfd\u7684\u7d71\u8a08\u8cc7\u6599<\/li>\n<li>\u5929\u6c23\u6578\u64da<\/li>\n<li>\u52a0\u5bc6\u8ca8\u5e63\u50f9\u683c<\/li>\n<\/ul>\n<p>\u653b\u64ca\u8005\u4e3b\u8981\u4f7f\u7528 Python \u6216 JavaScript \u7684\u5c08\u6848\uff0c\u63a8\u6e2c\u662f\u6839\u64da\u53d7\u5bb3\u8005\u7533\u8acb\u7684\u8077\u52d9\u985e\u578b\u4f86\u8abf\u6574\uff0c\u5206\u5225\u5c0d\u61c9\u524d\u7aef\u6216\u5f8c\u7aef\u958b\u767c\u8005\u7684\u6280\u80fd\u504f\u597d\u3002\u6211\u5011\u5728\u66fe\u7d93\u5728\u9019\u6b21\u6d3b\u52d5\u4e2d\u4e5f\u770b\u5230\u5c11\u6578\u4ee5 Java \u70ba\u57fa\u790e\u7684\u5132\u5b58\u5eab\u6848\u4f8b\uff0c\uff0c\u5176\u4e2d\u5169\u500b\u5e33\u865f\u5192\u5145\u4e86\u4e00\u500b\u540d\u70ba jCoin \u7684\u52a0\u5bc6\u8ca8\u5e63\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n<p>\u9019\u7a2e\u986f\u793a\u653b\u64ca\u8005\u53ef\u80fd\u6703\u4f9d\u64da\u76ee\u6a19\u504f\u597d\u7684\u7a0b\u5f0f\u8a9e\u8a00\uff0c\u6309\u9700\u8981\u4f86\u5efa\u7acb\u5132\u5b58\u5eab\u3002\u56e0\u6b64\uff0c\u8a72\u5718\u9ad4\u66f4\u5e38\u4f7f\u7528\u5728\u52a0\u5bc6\u8ca8\u5e63\u9818\u57df\u66f4\u53d7\u6b61\u8fce\u7684\u8a9e\u8a00\uff0c\u4f8b\u5982 JavaScript \u548c Python\u3002\u56e0\u6b64\u6211\u5011\u5408\u7406\u63a8\u6e2c\u9084\u53ef\u80fd\u5b58\u5728\u5c1a\u672a\u88ab\u767c\u73fe\u7684\u3001\u4f7f\u7528\u5176\u4ed6\u7a0b\u5f0f\u8a9e\u8a00\u7684\u60e1\u610f\u5132\u5b58\u5eab<\/p>\n<h3><a id=\"post-145233-_heading=h.bzo50yv20gee\"><\/a>\u968e\u6bb5 3a - Python \u5132\u5b58\u5eab<\/h3>\n<p>2024 \u5e74\u5e95\uff0c\u8a72\u5c0f\u7d44\u4f7f\u7528\u4e0b\u5716 4 \u6240\u793a\u7684\u5c08\u6848\uff0c\u6a19\u984c\u70ba\u300cStocks Pattern Analyzer\u300d\uff0c\u5176\u7a0b\u5f0f\u78bc\u5927\u591a\u6539\u7de8\u81ea<a href=\"https:\/\/github.com\/gaborvecsei\/Stocks-Pattern-Analyzer\" target=\"_blank\" rel=\"noopener\">\u5408\u6cd5\u7684\u958b\u6e90\u5132\u5b58\u5eab<\/a>\u3002<\/p>\n<figure id=\"attachment_145267\" aria-describedby=\"caption-attachment-145267\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145267 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-339462-145233-4.png\" alt=\"\u540d\u70ba\u300cStocks Pattern Analyzer\u300d\u7684 GitHub \u5132\u5b58\u5eab\u622a\u5716\uff0c\u5de6\u5074\u986f\u793a\u6a94\u6848\u7d50\u69cb\uff0c\u53f3\u5074\u986f\u793a README \u6a94\u6848\u5167\u5bb9\uff0c\u8aaa\u660e\u5982\u4f55\u76f4\u63a5\u57f7\u884c\u61c9\u7528\u7a0b\u5f0f\u548c\u4f7f\u7528 Docker\u3002\" width=\"700\" height=\"363\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-339462-145233-4.png 1992w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-339462-145233-4-786x408.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-339462-145233-4-1349x700.png 1349w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-339462-145233-4-768x399.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-339462-145233-4-1536x797.png 1536w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-145267\" class=\"wp-caption-text\">\u5716 4.\"Stocks Pattern Analyzer\" Python \u5132\u5b58\u5eab\u3002<\/figcaption><\/figure>\n<p>\u7a0b\u5f0f\u78bc\u5132\u5b58\u5eab\u4e2d\u7684\u5927\u90e8\u5206\u7a0b\u5f0f\u78bc\u90fd\u662f\u770b\u4f3c\u6b63\u5e38\u7121\u5bb3\u7684\u3002\u7576\u76ee\u6a19\u5617\u8a66\u6839\u64da\u554f\u984c\u8868\u57f7\u884c\u5c08\u6848\u6642\uff0c\u7a0b\u5f0f\u6703\u5f9e\u4e09\u500b\u9060\u7aef\u4f4d\u7f6e\u64f7\u53d6\u8cc7\u6599\uff1a<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/en.wikipedia[.]org\/wiki\/List_of_S%26P_500_companies<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/en.wikipedia[.]org\/wiki\/Currency_pair<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/en.stockslab[.]org\/symbols\/sp500<\/span><\/li>\n<\/ul>\n<p>\u5176\u4e2d\u5169\u500b URL \u5f9e Wikipedia \u7684\u5408\u6cd5\u7db2\u5740\u53d6\u5f97\u8cc7\u6599\u3002\u7b2c\u4e09\u500b URL \u4f7f\u7528\u7531 Slow Pisces \u63a7\u5236\u7684\u60e1\u610f\u7db2\u57df\u3002\u9019\u7a2e\u300c\u6df7\u5408\u5408\u6cd5\u8207\u60e1\u610f\u4f86\u6e90\u300d\u7684\u624b\u6cd5\uff0c\u662f\u8a72\u7d44\u7e54\u5728 Python \u653b\u64ca\u5132\u5b58\u5eab\u4e2d\u5f88\u5e38\u898b\u7684\u6a21\u5f0f\u3002<\/p>\n<p>\u70ba\u4e86\u63d0\u9ad8\u96b1\u533f\u6027\uff0c\u9019\u500b\u60e1\u610f\u7684\u547d\u4ee4\u8207\u63a7\u5236 (C2) \u4f3a\u670d\u5668\u88ab\u8a2d\u5b9a\u70ba\u6a21\u4eff\u5408\u6cd5\u4f86\u6e90\u7684\u683c\u5f0f\u3002\u5728\u9019\u7a2e\u60c5\u6cc1\u4e0b\uff0c\u5176\u4f7f\u7528 <span style=\"font-family: 'courier new', courier, monospace;\">.en<\/span> \u5b50\u57df\u548c <span style=\"font-family: 'courier new', courier, monospace;\">.org<\/span> \u9802\u5c64\u7db2\u57df (TLD)\uff0c\u5c31\u50cf\u6211\u5011\u5728\u4e0a\u9762\u770b\u5230\u7684\u5408\u6cd5\u7dad\u57fa\u767e\u79d1\u7db2\u57df\u4e00\u6a23\u3002<\/p>\n<h4><a id=\"post-145233-_heading=h.qzpooyogvqcu\"><\/a>YAML \u53cd\u5e8f\u5217\u5316\u653b\u64ca \uff08Deserialization\uff09<\/h4>\n<p>Slow Pisces \u53ef\u4ee5\u7c21\u55ae\u5730\u76f4\u63a5\u5c07\u60e1\u610f\u8edf\u9ad4\u7f6e\u5165\u7a0b\u5f0f\u78bc\u5132\u5b58\u5eab\uff0c\u6216\u4f7f\u7528 Python \u5167\u5efa\u7684 <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/docs.python.org\/3\/library\/functions.html#%E8%A9%95%E4%BC%B0\" target=\"_blank\" rel=\"noopener\">eval<\/a><\/span> \u6216 <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/docs.python.org\/3\/library\/functions.html#%E5%9F%B7%E8%A1%8C\" target=\"_blank\" rel=\"noopener\">exec<\/a> <\/span>\u51fd\u6578\u57f7\u884c C2 \u4f3a\u670d\u5668\u4e0a\u7684\u7a0b\u5f0f\u78bc\u3002\u7136\u800c\uff0c\u9019\u4e9b\u6280\u8853\u5f88\u5bb9\u6613\u88ab\u5075\u6e2c\u51fa\u4f86\u5bb9\u6613\u88ab\u4eba\u5de5\u5be9\u67e5\u6216\u9632\u6bd2\u5f15\u64ce\u8b58\u5225\u3002<\/p>\n<p>\u53d6\u800c\u4ee3\u4e4b\u7684\u65b9\u6cd5\u662f\uff0cSlow Pisces \u6703\u5148\u78ba\u4fdd C2 \u4f3a\u670d\u5668\u56de\u61c9\u770b\u4f3c\u6b63\u5e38\u7684\u61c9\u7528\u7a0b\u5f0f\u8cc7\u6599\u3002\u4f8b\u5982 S&amp;P 500 \u516c\u53f8\u7684\u4ee3\u865f\u6e05\u55ae\uff0c\u683c\u5f0f\u70ba\u6a19\u6e96\u7684 JSON\u3002<\/p>\n<p>\u53ea\u6709\u7576\u78ba\u8a8d\u9023\u7dda\u8005\u662f\u9810\u671f\u7684\u653b\u64ca\u5c0d\u8c61\uff0c\uff08\u5f88\u53ef\u80fd\u662f\u6839\u64da IP \u4f4d\u5740\u3001\u5730\u7406\u4f4d\u7f6e\u3001\u6642\u9593\u548c HTTP \u8acb\u6c42\u6a19\u982d\uff09\uff0cC2\u624d\u6703\u767c\u9001\u771f\u6b63\u7684\u60e1\u610f\u8f09\u8377\u3002\u76f8\u8f03\u65bc\u5ee3\u6cdb\u7684\u7db2\u8def\u91e3\u9b5a\u6d3b\u52d5\uff0c\u653b\u64ca\u8005\u5c08\u6ce8\u65bc\u900f\u904e LinkedIn \u806f\u7e6b\u7684\u500b\u4eba\uff0c\u8b93\u8a72\u7d44\u7e54\u53ef\u4ee5\u56b4\u683c\u63a7\u5236\u653b\u64ca\u6d41\u7a0b\uff0c\u4e26\u53ea\u5411\u9810\u671f\u7684\u53d7\u5bb3\u8005\u50b3\u9001\u8f09\u8377\u3002<\/p>\n<p>\u70ba\u4e86\u907f\u514d\u53ef\u7591\u7684 <span style=\"font-family: 'courier new', courier, monospace;\">eval<\/span> \u548c <span style=\"font-family: 'courier new', courier, monospace;\">exec<\/span> \u51fd\u6578\uff0cSlow Pisces \u4f7f\u7528 <a href=\"https:\/\/net-square.com\/yaml-deserialization-attack-in-python.html\" target=\"_blank\" rel=\"noopener\">YAML \u53cd\u5e8f\u5217\u5316<\/a>\u4f86\u57f7\u884c\u5176\u8f09\u8377\uff0c\u5982\u5716 5 \u6240\u793a\u3002<\/p>\n<figure id=\"attachment_145278\" aria-describedby=\"caption-attachment-145278\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145278 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343183-145233-5.png\" alt=\"\u5b9a\u7fa9\u51fd\u5f0f \u300efetch_symbols\u300f \u7684 Python \u7a0b\u5f0f\u78bc\u756b\u9762\uff0c\u8a72\u51fd\u5f0f\u4f7f\u7528 API \u547c\u53eb\u5f9e S&amp;P 500 \u64f7\u53d6\u80a1\u7968\u7b26\u865f\uff0c\u8655\u7406\u4e0d\u540c\u7684\u5167\u5bb9\u985e\u578b\uff0c\u4e26\u6839\u64da\u5176\u5167\u5bb9\u985e\u578b\u8655\u7406\u56de\u61c9\u3002\u6700\u5f8c\u4e00\u884c\u7684\u90e8\u5206\u4ee5\u7d05\u8272\u65b9\u584a\u7a81\u51fa\u986f\u793a\u3002\" width=\"800\" height=\"403\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343183-145233-5.png 1508w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343183-145233-5-786x396.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343183-145233-5-1389x700.png 1389w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343183-145233-5-768x387.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-145278\" class=\"wp-caption-text\">\u5716 5.Python \u7a0b\u5f0f\u78bc\u986f\u793a Slow Pisces \u60e1\u610f\u8edf\u9ad4\u4f7f\u7528 YAML \u53cd\u5e8f\u5217\u5316\u7684\u5165\u53e3\u9ede\u3002<\/figcaption><\/figure>\n<p>\u6b64\u7a0b\u5f0f\u78bc\u900f\u904e HTTPS \u5f9e C2 \u4f3a\u670d\u5668\u53d6\u5f97\u8cc7\u6599\uff0c\u4e26\u6aa2\u67e5 <span style=\"font-family: 'courier new', courier, monospace;\">Content-Type<\/span> \u56de\u61c9\u6a19\u982d\u3002\u5982\u679c\u6a19\u982d\u6307\u793a JSON \u8cc7\u6599(<span style=\"font-family: 'courier new', courier, monospace;\">application\/json<\/span>)\uff0c\u7a0b\u5f0f\u78bc\u6703\u89e3\u6790\u4e26\u5c07 JSON \u50b3\u56de\u7d66\u61c9\u7528\u7a0b\u5f0f\u3002<\/p>\n<p>\u5982\u679c\u56de\u61c9\u986f\u793a YAML \u8cc7\u6599(<span style=\"font-family: 'courier new', courier, monospace;\">application\/yaml<\/span>)\uff0c\u7a0b\u5f0f\u78bc\u6703\u4f7f\u7528 <a href=\"https:\/\/github.com\/yaml\/pyyaml\" target=\"_blank\" rel=\"noopener\">PyYAML<\/a> \u5957\u4ef6\u4e2d\u7684 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span> \u51fd\u6578\u4f86\u89e3\u6790\u8cc7\u6599\u3002\u9019\u500b\u51fd\u6578\u672c\u8cea\u4e0a\u662f\u4e0d\u5b89\u5168\u7684\uff0cPyYAML \u5b98\u65b9\u6587\u4ef6<a href=\"https:\/\/github.com\/yaml\/pyyaml\" target=\"_blank\" rel=\"noopener\">\u660e\u78ba\u5efa\u8b70<\/a> \u91dd\u5c0d\u4e0d\u53ef\u4fe1\u7684\u8f38\u5165\u61c9\u8a72\u4f7f\u7528<span style=\"font-family: 'courier new', courier, monospace;\">yaml.safe_load()<\/span>\uff0c\u4ee5\u907f\u514d\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002<\/p>\n<p>YAML \u901a\u5e38\u7528\u65bc\u64b0\u5beb\u8a2d\u5b9a\u6a94\uff0c\u4f8b\u5982\u4e0b\u5716\u6240\u793a\u7684\u7bc4\u4f8b\uff1a<\/p>\n<pre class=\"lang:default decode:true\">\u4f7f\u7528\u8005\u540d\u7a31: slow\r\n\r\n\u5bc6\u78bc: pisces\r\n\r\napi:\r\n\r\n\u95dc\u9375\u5b57: \u8d85\u7d1a\u6a5f\u5bc6\r\n\r\nurl: example.com<\/pre>\n<p>\u7136\u800c\uff0c <span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span> \u53ef\u4ee5\u9084\u539f\uff08deserialize\uff09\u4efb\u610f\u7684 Python \u7269\u4ef6\uff0c\u800c\u4e0d\u50c5\u9650\u65bc\u7d14\u7cb9\u7684\u7684 YAML \u683c\u5f0f\u8cc7\u6599\u3002\u8209\u4f8b\u4f86\u8aaa\uff0c\u4ee5\u4e0b Python \u7a0b\u5f0f\u78bc\u6703\u5217\u5370\u6578\u5b57 0-4\uff1a<\/p>\n<pre class=\"lang:default decode:true\">range(0, 5)<\/pre>\n<p>\u5982\u679c\u4f7f\u7528 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.dump()<\/span> \u5c07\u6b64\u7a0b\u5f0f\u78bc\u5e8f\u5217\u5316\uff0c\u5247\u6703\u8b8a\u6210\u4ee5\u4e0b\u5167\u5bb9\uff1a<\/p>\n<pre class=\"lang:default decode:true\">!!python\/object\/apply:builtins.range\r\n\r\n- 0\r\n\r\n- 5\r\n\r\n- 1<\/pre>\n<p>\u7576\u9019\u4e9b\u8cc7\u6599\u50b3\u7d66 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span> \u6642\uff0c\u5b83\u6703\u57f7\u884c\u539f\u59cb\u7a0b\u5f0f\u78bc\uff1a<span style=\"font-family: 'courier new', courier, monospace;\">range(0, 5)<\/span>\u3002<\/p>\n<p>\u9019\u985e\u653b\u64ca\u624b\u6cd5\u7a81\u986f\u4e00\u500b\u884c\u70ba\u7279\u5fb5\u9ede\uff1a\u82e5\u60e1\u610f\u7684YAML\u8f09\u8377\u4f7f\u7528Python\u5167\u5efa\u51fd\u5f0f\uff0c\u5247 \u53cd\u5e8f\u5217\u5316\u7684\u60e1\u610f\u8edf\u9ad4\u5c31\u6703\u5305\u542b <span style=\"font-family: 'courier new', courier, monospace;\">!!python\/object\/apply:builtins<\/span>\u3002<\/p>\n<p>\u8868 1 \u4e2d\u7684\u4e0b\u5217\u968e\u6bb5\u4e3b\u8981\u5b58\u5728\u65bc\u8a18\u61b6\u9ad4\u4e2d\uff08in-memory\uff09\uff0c\u901a\u5e38\u4e0d\u6703\u5728\u786c\u789f\u4e0a\u7559\u4e0b\u4efb\u4f55\u8db3\u8de1\u3002\u70ba\u4e86\u5354\u52a9\u8cc7\u5b89\u793e\u7fa4\u5075\u6e2c\u548c\u63d0\u9ad8\u8b66\u89ba\uff0c\u6211\u5011\u5df2\u5c07\u9019\u4e9b\u8f09\u8377\u4e0a\u50b3\u81f3 VirusTotal\u3002YAML \u53cd\u5e8f\u5217\u5316\u8f09\u8377\u6703\u57f7\u884c\u6211\u5011\u6839\u64da\u5728 RN Stealer \u4e2d\u89c0\u6e2c\u5230\u7684 C2 \u6b0a\u4ed7\u683c\u5f0f\u800c\u547d\u540d\u70ba RN Loader \u548c RN Stealer \u7684\u60e1\u610f\u8edf\u9ad4\uff0c\u6211\u5011\u6703\u5728\u4e0b\u6587\u8a0e\u8ad6\u3002<\/p>\n<table style=\"width: 94.5684%;\">\n<tbody>\n<tr>\n<td style=\"text-align: center; width: 23.8443%;\"><b>\u968e\u6bb5<\/b><\/td>\n<td style=\"text-align: center; width: 112.226%;\"><b>SHA256 \u96dc\u6e4a<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 23.8443%;\"><span style=\"font-weight: 400;\">YAML \u53cd\u5e8f\u5217\u5316\u627f\u8f09<\/span><\/td>\n<td style=\"width: 112.226%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">47e997b85ed3f51d2b1d37a6a61ae72185d9ceaf519e2fdb53bf7e761b7bc08f<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 23.8443%;\"><span style=\"font-weight: 400;\">RN Loader<\/span><\/td>\n<td style=\"width: 112.226%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">937c533bddb8bbcd908b62f2bf48e5bc11160505df20fea91d9600d999eafa79<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 23.8443%;\"><span style=\"font-weight: 400;\">RN Stealer<\/span><\/td>\n<td style=\"width: 112.226%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">e89bf606fbed8f68127934758726bbb5e68e751427f3bcad3ddf883cb2b50fc7<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u8868 1.Python \u5132\u5b58\u5eab\u627f\u8f09\u3002<\/p>\n<p>Slow Pisces \u7684\u653b\u64ca\u93c8\u4e2d\uff0c YAML \u53cd\u5e8f\u5217\u5316\u8f09\u8377\u9996\u5148\u6703\u5728\u53d7\u5bb3\u8005\u7684\u4e3b\u76ee\u9304\u4e2d\u5efa\u7acb\u4e00\u500b\u540d\u70ba <span style=\"font-family: 'courier new', courier, monospace;\">Public<\/span>\u7684\u8cc7\u6599\u593e\uff0c\u4e26\u5728\u8a72\u76ee\u9304\u4e2d\u5efa\u7acb\u4e00\u500b\u540d\u70ba <span style=\"font-family: 'courier new', courier, monospace;\">__init__ .py<\/span> \u7684\u65b0\u6a94\u6848\u3002\u9019\u500b\u6a94\u6848\u5305\u542b\u4e86\u7d93\u904e Base64 \u89e3\u78bc\u7684\u8cc7\u6599\uff0c\u9019\u4e9b\u8cc7\u6599\u69cb\u6210\u4e86\u4e0b\u500b\u968e\u6bb5\u7684\u60e1\u610f\u7a0b\u5f0f (RN Loader)\uff0c\u4e26\u6703\u7acb\u523b\u88ab\u57f7\u884c\u3002<\/p>\n<h4><a id=\"post-145233-_heading=h.mp40tedynjwx\"><\/a>RN Loader<\/h4>\n<p>\u9019\u500b\u65b0\u5efa\u7acb\u7684 RN Loader \u6a94\u6848\u4f4d\u65bc <span style=\"font-family: 'courier new', courier, monospace;\">~\/Public\/__init__.py<\/span>\uff0c\u6703\u5728\u57f7\u884c\u5f8c\u81ea\u884c\u522a\u9664\u4ee5\u78ba\u4fdd\u5b83\u53ea\u5b58\u5728\u65bc\u8a18\u61b6\u9ad4\u4e2d\u3002\u5b83\u6703\u900f\u904e HTTPS \u5c07\u53d7\u5bb3\u6a5f\u5668\u548c\u4f5c\u696d\u7cfb\u7d71\u7684\u57fa\u672c\u8cc7\u8a0a\u50b3\u9001\u81f3 <span style=\"font-family: 'courier new', courier, monospace;\">en.stockslab[.]org<\/span> \u7684\u540c\u4e00\u500b C2\uff0c\u63a5\u8457\u662f\u4e00\u500b\u547d\u4ee4\u8ff4\u5708\uff0c\u5176\u4e2d\u5305\u542b\u8868 2 \u4e2d\u7684\u4e0b\u5217\u9078\u9805\u3002<\/p>\n<table style=\"width: 95.0705%; height: 334px;\">\n<tbody>\n<tr style=\"height: 24px;\">\n<td style=\"text-align: center; width: 11.6091%; height: 24px;\"><b>\u4ee3\u78bc<\/b><\/td>\n<td style=\"text-align: center; width: 118.605%; height: 24px;\"><b>\u8aaa\u660e<\/b><\/td>\n<\/tr>\n<tr style=\"height: 24px;\">\n<td style=\"text-align: center; width: 11.6091%; height: 24px;\"><span style=\"font-weight: 400;\">0<\/span><\/td>\n<td style=\"text-align: left; width: 118.605%; height: 24px;\"><span style=\"font-weight: 400;\">\u7761\u7720 20 \u79d2<\/span><\/td>\n<\/tr>\n<tr style=\"height: 139px;\">\n<td style=\"text-align: center; width: 11.6091%; height: 139px;\"><span style=\"font-weight: 400;\">1<\/span><\/td>\n<td style=\"text-align: left; width: 118.605%; height: 139px;\"><span style=\"font-weight: 400;\">\u5c0d\u50b3\u9001\u7684\u5167\u5bb9\u9032\u884c Base64 \u89e3\u78bc\uff0c\u4e26\u5c07\u5176\u5132\u5b58\u81f3 Windows \u7684 <\/span><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">init.dll<\/span><span style=\"font-weight: 400;\"> \u6a94\u6848\u6216\u6240\u6709\u5176\u4ed6\u4f5c\u696d\u7cfb\u7d71\u7684 <\/span><span style=\"font-weight: 400;\">init<\/span><span style=\"font-weight: 400;\"> \u6a94\u6848\u3002<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u8a2d\u5b9a\u74b0\u5883\u8b8a\u6578 <\/span><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">X_DATABASE_NAME<\/span><span style=\"font-weight: 400;\"> \u70ba\u7a7a\u767d\u5b57\u4e32\u3002<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u4f7f\u7528 <\/span><a href=\"https:\/\/docs.python.org\/3\/library\/ctypes.html#ctypes.CDLL\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"><span style=\"font-family: 'courier new', courier, monospace;\">ctypes.cdll.LoadLibrary<\/span><\/span><\/a><span style=\"font-weight: 400;\"> \u8f09\u5165\u4e26\u57f7\u884c\u4e0b\u8f09\u7684 DLL\u3002<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: center; width: 11.6091%; height: 25px;\"><span style=\"font-weight: 400;\">2<\/span><\/td>\n<td style=\"text-align: left; width: 118.605%; height: 25px;\"><span style=\"font-weight: 400;\">Base64 \u89e3\u78bc\u50b3\u9001\u7684\u5167\u5bb9\uff0c\u4e26\u4f7f\u7528 Python \u5167\u5efa\u7684 <span style=\"font-family: 'courier new', courier, monospace;\">exec<\/span> \u57f7\u884c\u3002<\/span><\/td>\n<\/tr>\n<tr style=\"height: 98px;\">\n<td style=\"text-align: center; width: 11.6091%; height: 98px;\"><span style=\"font-weight: 400;\">3<\/span><\/td>\n<td style=\"text-align: left; width: 118.605%; height: 98px;\"><span style=\"font-weight: 400;\">\u5c0d\u50b3\u9001\u5167\u5bb9\u548c\u53c3\u6578\u9032\u884c Base64 \u89e3\u78bc\u3002\u5167\u5bb9\u6703\u5132\u5b58\u5230 <\/span><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">dockerd<\/span><span style=\"font-weight: 400;\"> \u6a94\u6848\uff0c\u800c\u53c3\u6578\u5247\u5132\u5b58\u70ba <\/span><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">docker-init<\/span><span style=\"font-weight: 400;\">\u3002<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u7136\u5f8c\uff0c<\/span><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">dockerd<\/span><span style=\"font-weight: 400;\"> \u6703\u5728\u4e00\u500b\u65b0\u7684\u9032\u7a0b\u4e2d\u57f7\u884c\uff0c\u4e26\u63d0\u4f9b <\/span><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">docker-init<\/span><span style=\"font-weight: 400;\"> \u4f5c\u70ba\u547d\u4ee4\u5217\u7684\u53c3\u6578\u3002<\/span><\/td>\n<\/tr>\n<tr style=\"height: 24px;\">\n<td style=\"text-align: center; width: 11.6091%; height: 24px;\"><span style=\"font-weight: 400;\">9<\/span><\/td>\n<td style=\"text-align: left; width: 118.605%; height: 24px;\"><span style=\"font-weight: 400;\">\u7d42\u6b62\u57f7\u884c\u3002<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u8868 2.RN Loader \u6307\u4ee4\u8868\u3002<\/p>\n<p>\u8868 2 \u4e2d\u4f7f\u7528\u9078\u9805 <strong>1<\/strong> \u548c\u9078\u9805 <strong>3<\/strong> \u7684\u6307\u4ee4\u8ff4\u5708\u7684\u627f\u8f09\u76ee\u524d\u5c1a\u4e0d\u6e05\u695a\uff0c\u5f88\u53ef\u80fd\u662f\u7531\u7279\u5b9a\u689d\u4ef6\u89f8\u767c\u3002\u7136\u800c\uff0c\u6211\u5011\u5fa9\u539f\u4e00\u500b\u7531\u9078\u9805 <strong>2 <\/strong>\u50b3\u9001\u7684 Python-based \u8cc7\u8a0a\u7aca\u53d6\u7a0b\u5f0f\uff0c\u6211\u5011\u5c07\u6b64\u60e1\u610f\u8edf\u9ad4\u8ffd\u8e64\u70ba RN Stealer\u3002<\/p>\n<h4><a id=\"post-145233-_heading=h.6xb7nfasy1lb\"><\/a>RN Stealer<\/h4>\n<p>RN\u7aca\u53d6\u7a0b\u5f0f\u9996\u5148\u6703\u7522\u751f\u4e00\u500b\u96a8\u6a5f\u53d7\u5bb3\u8005 ID\uff0c\u96a8\u5f8c\u5728\u8207 C2 \u4f3a\u670d\u5668\u7684\u6240\u6709\u901a\u8a0a\u4e2d\u4f5c\u70ba Cookie \u4f7f\u7528\u3002\u7136\u5f8c\uff0c\u5b83\u6703\u5411\u4f3a\u670d\u5668\u8acb\u6c42 XOR \u91d1\u9470\uff0c\u4ee5\u52a0\u5bc6\u5916\u6d29\u7684\u8cc7\u6599\u3002<\/p>\n<p>\u8207 C2 \u4f3a\u670d\u5668\u7684\u901a\u8a0a\u900f\u904e HTTPS \u9032\u884c\uff0c\u4f7f\u7528 Base64 \u7de8\u78bc\u6b0a\u4ed7\u4f86\u8b58\u5225\u8981\u6c42\u548c\u56de\u61c9\u985e\u578b\u3002\u5206\u6790\u7684\u627f\u8f09\u5305\u62ec\u56db\u7a2e\u6b0a\u6756\u985e\u578b\uff1a<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R0<\/span> - \u8acb\u6c42 XOR \u91d1\u9470<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R64<\/span> - \u8cc7\u6599\u5916\u6d29<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R128<\/span> - \u7aca\u53d6\u58d3\u7e2e\u8cc7\u6599<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R256<\/span> - \u8cc7\u8a0a\u7aca\u53d6\u5b8c\u6210<\/li>\n<\/ul>\n<p>\u9019\u4e9b\u6b0a\u6756\u985e\u578b\u7684\u683c\u5f0f\u2014\u5b57\u6bcd R \u8ddf\u6574\u6578 <span style=\"font-family: 'courier new', courier, monospace;\">N\u2014<\/span>\u5c0e\u81f4\u6211\u5011\u70ba\u6b64\u8f09\u8377\u547d\u540d\u3002\u6211\u5011\u7a31\u627f\u8f09\u70ba RN Stealer\uff0c\u524d\u4e00\u968e\u6bb5\u70ba RN Loader\u3002<\/p>\n<p>\u6211\u5011\u5f9e macOS \u7cfb\u7d71\u4e2d\u5fa9\u539f\u9019\u500b RN Loader \u7bc4\u4f8b\u7684\u6307\u4ee4\u78bc\u3002\u56e0\u6b64\uff0c\u5a01\u8105\u4f5c\u8005\u91cf\u8eab\u6253\u9020\u6b64\u7bc4\u4f8b\uff0c\u4ee5\u7aca\u53d6 MacOS \u88dd\u7f6e\u7684\u7279\u5b9a\u8cc7\u8a0a\uff0c\u5305\u62ec<\/p>\n<ul>\n<li>\u53d7\u5bb3\u8005\u57fa\u672c\u8cc7\u8a0a\uff1a\u4f7f\u7528\u8005\u540d\u7a31\u3001\u6a5f\u5668\u540d\u7a31\u548c\u67b6\u69cb<\/li>\n<li>\u5df2\u5b89\u88dd\u7684\u61c9\u7528\u7a0b\u5f0f<\/li>\n<li>\u76ee\u9304\u6e05\u55ae\u548c\u53d7\u5bb3\u8005\u4e3b\u76ee\u9304\u7684\u9802\u5c64\u5167\u5bb9<\/li>\n<li>\u5728 macOS \u7cfb\u7d71\u4e2d\u5132\u5b58\u5df2\u5132\u5b58\u6191\u8b49\u7684 <span style=\"font-family: 'courier new', courier, monospace;\">login.keychain-db<\/span> \u6a94\u6848<\/li>\n<li>\u5132\u5b58\u7684 SSH \u91d1\u9470<\/li>\n<li>\u9069\u7528\u65bc AWS\u3001Kubernetes \u548c Google Cloud \u7684\u7d44\u614b\u6a94\u6848<\/li>\n<\/ul>\n<p>RN Stealer \u6536\u96c6\u7684\u8cc7\u6599\u53ef\u80fd\u6703\u6c7a\u5b9a\u662f\u5426\u9700\u8981\u6301\u7e8c\u5b58\u53d6\u3002\u5982\u679c\u662f\u7684\u8a71\uff0c\u6211\u5011\u53ef\u4ee5\u63a8\u65b7\u9019\u500b Python \u611f\u67d3\u93c8\u7684\u6b65\u9a5f\u5982\u4e0b\uff1a<\/p>\n<ol>\n<li>C2 \u4f3a\u670d\u5668\u6703\u6839\u64da\u672a\u77e5\u6a19\u6e96\u6aa2\u67e5\u6307\u6a19\u53d7\u5bb3\u8005\u3002\u6709\u6548\u7684\u53d7\u5bb3\u8005\u6703\u6536\u5230 YAML \u53cd\u5e8f\u5217\u5316\u8f09\u8377\u3002\u7121\u6548\u7684\u53d7\u5bb3\u8005\u6703\u6536\u5230\u7121\u5bb3\u7684 JSON \u8cc7\u6599\u3002<\/li>\n<li>\u89e3\u5e8f\u5217\u5316\u8f09\u8377\u6703\u8207 C2 \u4f3a\u670d\u5668\u5efa\u7acb\u6307\u4ee4\u8ff4\u5708\uff0c\u6ef2\u900f\u53d7\u5bb3\u8005\u7684\u57fa\u672c\u8cc7\u8a0a\uff0c\u4e26\u900f\u904e\u8868 2 \u4e2d\u7684\u9078\u9805\u4ee3\u78bc <strong>2<\/strong> \u50b3\u9001\u81ea\u8a02 Python \u8cc7\u8a0a\u7aca\u53d6\u7a0b\u5f0f\u3002<\/li>\n<li>\u8cc7\u8a0a\u7aca\u53d6\u7a0b\u5f0f\u6703\u6536\u96c6\u66f4\u8a73\u7d30\u7684\u53d7\u5bb3\u8005\u8cc7\u8a0a\uff0c\u653b\u64ca\u8005\u5f88\u53ef\u80fd\u5229\u7528\u9019\u4e9b\u8cc7\u8a0a\u4f86\u6c7a\u5b9a\u662f\u5426\u9700\u8981\u4e0d\u65b7\u5730\u5b58\u53d6\u3002\n<ol>\n<li>\u5982\u679c\u9700\u6c42\u4e0d\u65b7\u5730\u5b58\u53d6\uff0cC2 \u4f3a\u670d\u5668\u6703\u900f\u904e\u9078\u9805\u4ee3\u78bc <strong>1 \u6216 <\/strong> <strong>3 <\/strong>\u50b3\u9001\u627f\u8f09\u3002<\/li>\n<li>\u5982\u679c\u4e0d\u518d\u9700\u8981\u5b58\u53d6\u6b0a\u9650\uff0c\u9078\u9805\u4ee3\u78bc <strong>9<\/strong> \u6703\u7d42\u6b62\u60e1\u610f\u8edf\u9ad4\u7684\u57f7\u884c\uff0c\u79fb\u9664\u6240\u6709\u5b58\u53d6\u6b0a\u9650\uff0c\u56e0\u70ba\u627f\u8f09\u53ea\u5b58\u5728\u65bc\u8a18\u61b6\u9ad4\u4e2d\u3002<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<h3><a id=\"post-145233-_heading=h.obhxk2rgodj0\"><\/a>\u7b2c 3b \u968e\u6bb5 - JavaScript \u5132\u5b58\u5eab<\/h3>\n<p>\u5982\u679c\u76ee\u6a19\u53d7\u5bb3\u8005\u7533\u8acb\u7684\u662f JavaScript \u8077\u7f3a\uff0c\u4ed6\u5011\u53ef\u80fd\u6703\u9047\u5230\u300c\u52a0\u5bc6\u8ca8\u5e63\u5100\u8868\u677f\uff08Cryptocurrency Dashboard\uff09\u300d\u5c08\u6848\uff0c\u985e\u4f3c\u65bc\u4e0b\u5716 6 \u7684\u7bc4\u4f8b\u3002<\/p>\n<figure id=\"attachment_145289\" aria-describedby=\"caption-attachment-145289\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145289 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-346517-145233-6.png\" alt=\"GitHub \u5132\u5b58\u5eab\u540d\u70ba\u300c\u52a0\u5bc6\u8ca8\u5e63\u5100\u8868\u677f\u300d\u7684\u622a\u5716\uff0c\u5176\u4e2d\u986f\u793a\u4e86 README.md \u6a94\u6848\u3002\u6b64 README \u5305\u62ec\u4ee5\u4e0b\u90e8\u5206\uff1a \u529f\u80fd\u3001\u5b89\u88dd\u3001\u4f7f\u7528\u3001\u5c08\u6848\u7d50\u69cb\u3001\u7d44\u614b\u3001\u76f8\u4f9d\u6027\u548c\u6388\u6b0a\u3002\u5b83\u5c07\u5c08\u6848\u63cf\u8ff0\u70ba\u4f7f\u7528 Node.js\u3001Express \u548c EJS \u5efa\u7acb\u7684\u61c9\u7528\u7a0b\u5f0f\uff0c\u53ef\u986f\u793a\u5404\u7a2e\u52a0\u5bc6\u8ca8\u5e63\u7684\u5373\u6642\u548c\u6b77\u53f2\u8cc7\u6599\u3002\" width=\"800\" height=\"462\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-346517-145233-6.png 1764w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-346517-145233-6-762x440.png 762w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-346517-145233-6-1213x700.png 1213w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-346517-145233-6-768x443.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-346517-145233-6-1536x886.png 1536w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-145289\" class=\"wp-caption-text\">\u5716 6.JavaScript \u5132\u5b58\u5eab\u3002<\/figcaption><\/figure>\n<p>\u6b64\u61c9\u7528\u7a0b\u5f0f\u5305\u542b\u4e00\u500b <span style=\"font-family: 'courier new', courier, monospace;\">.env<\/span> \u8a2d\u5b9a\u6a94\u6848\uff0c\u88e1\u9762\u5b9a\u7fa9\u4e86 C2 \u548c\u5408\u6cd5\u7684\u8cc7\u6599\u4f86\u6e90\uff1a<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">PORT=3000<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">COINGECKO_API_URL=hxxps:\/\/api.coingecko[.]com\/api\/v3<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">JQUERY_API_URL=hxxps:\/\/update.jquerycloud[.]io\/api\/v1<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">COINGECKO_API_URL<\/span> \u503c\u7528\u65bc\u64f7\u53d6\u52a0\u5bc6\u8ca8\u5e63\u5100\u8868\u677f\u7684\u8cc7\u6599\uff0c\u800c <span style=\"font-family: 'courier new', courier, monospace;\">JQUERY_API_URL<\/span> \u503c\u5247\u4ee3\u8868\u7531 Slow Pisces \u6240\u63a7\u5236\u7684 C2 \u4f3a\u670d\u5668\u3002\u8207 Python \u5132\u5b58\u5eab\u76f8\u4f3c\uff0cJavaScript C2 \u4f3a\u670d\u5668\u53ea\u6703\u5c07\u8f09\u8377\u50b3\u9001\u7d66\u5df2\u9a57\u8b49\u7684\u76ee\u6a19\uff0c\u5426\u5247\u53ea\u6703\u56de\u50b3\u4e00\u500b\u7248\u672c\u865f\u78bc\u3002<\/p>\n<p>\u6b64\u5132\u5b58\u5eab\u4f7f\u7528<a href=\"https:\/\/ejs.co\/\" target=\"_blank\" rel=\"noopener\">\u5d4c\u5165\u5f0f JavaScript (EJS) \u6a21\u677f\u5de5\u5177<\/a>\uff0c\u4e26\u5c07 \u4f86\u81eaC2 \u4f3a\u670d\u5668\u7684\u56de\u61c9\u50b3\u9001\u81f3 <span style=\"font-family: 'courier new', courier, monospace;\">ejs.render()<\/span> \u51fd\u5f0f\uff0c\u5982\u4e0b\u5716 7 \u6240\u793a\u3002<\/p>\n<figure id=\"attachment_145300\" aria-describedby=\"caption-attachment-145300\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145300 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350852-145233-7.png\" alt=\"\u986f\u793a JavaScript \u7a0b\u5f0f\u78bc\u7247\u6bb5\u7684\u622a\u5716\u3002\u5b83\u5305\u542b\u4e00\u500b\u8a3b\u89e3\u548c\u4e00\u500b\u51fd\u5f0f\u547c\u53eb\uff0c\u7528\u4f86\u5448\u73fe\u5177\u6709\u6bcf\u9801\u8a2d\u5b9a\u548c\u9805\u76ee\u7684\u9996\u9801\u3002res.render \u4ee5\u7d05\u8272\u65b9\u584a\u7a81\u51fa\u986f\u793a\u3002\" width=\"700\" height=\"294\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350852-145233-7.png 1116w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350852-145233-7-786x330.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350852-145233-7-768x322.png 768w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-145300\" class=\"wp-caption-text\">\u5716 7.JavaScript \u7a0b\u5f0f\u78bc\u4f7f\u7528 EJS render \u51fd\u6578\u986f\u793a Slow Pisces \u60e1\u610f\u8edf\u9ad4\u7684\u5165\u53e3\u9ede\u3002<\/figcaption><\/figure>\n<p>\u9019\u7a2e\u7528\u6cd5\u8207 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span>\u4e00\u6a23\uff0c\u662f Slow Pisces \u7528\u4f86\u96b1\u85cf\u4f86\u81ea C2 \u4f3a\u670d\u5668\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u7684\u53e6\u4e00\u7a2e\u6280\u8853\uff0c\u800c\u4e14\u9019\u7a2e\u65b9\u6cd5\u53ef\u80fd\u53ea\u6709\u5728\u6aa2\u8996\u6709\u6548\u7684\u8f09\u8377\u6642\u624d\u6703\u986f\u73fe\u51fa\u4f86\u3002<\/p>\n<p>EJS render \u51fd\u6578\u63a5\u53d7\u5404\u7a2e\u53c3\u6578\uff0c\u5176\u4e2d\u4e4b\u4e00\u7a31\u70ba\u6aa2\u8996\u9078\u9805\uff08<span style=\"font-family: 'courier new', courier, monospace;\">view options<\/span>\uff09\u3002\u5728\u6b64\u7269\u4ef6\u5167\uff0c\u53ef\u4ee5\u900f\u904e<span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span> \u9375\u4f86\u63d0\u4f9b\u4e26\u57f7\u884c\u4efb\u610f JavaScript \u7a0b\u5f0f\u78bc\u3002<\/p>\n<p>\u53f0\u7063\u7814\u7a76\u4eba\u54e1 Huli <a href=\"https:\/\/blog.huli.tw\/2023\/06\/22\/en\/ejs-render-vulnerability-ctf\/\" target=\"_blank\" rel=\"noopener\">\u5728 CTF \u767c\u8868\u7684\u6587\u7ae0\u4e2d\u8a0e\u8ad6<\/a>\u904e\u9019\u500b\u6f0f\u6d1e\u5982\u4f55\u5c0e\u81f4\u4efb\u610f\u7a0b\u5f0f\u78bc\u57f7\u884c\u7684\u6280\u8853\u7d30\u7bc0\u3002\u4e0d\u904e\uff0c\u6211\u5011\u53ef\u4ee5\u5145\u5206\u4e86\u89e3\u7684\u662f\uff0c\u5982\u5716 8 \u6240\u793a\u7d50\u69cb\u7684 payload \u5728\u50b3\u7d66 <span style=\"font-family: 'courier new', courier, monospace;\">ejs.render()<\/span> \u6642\uff0c\u4f4d\u65bc<span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span> \u4e2d\u7684\u7a0b\u5f0f\u78bc\u88ab\u57f7\u884c\u3002<\/p>\n<figure id=\"attachment_145311\" aria-describedby=\"caption-attachment-145311\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145311 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353551-145233-8.png\" alt=\"\u6d89\u53ca\u51fd\u6578\u7684 JavaScript \u7a0b\u5f0f\u78bc\u7247\u6bb5\u622a\u5716\uff0c\u5176\u4e2d\u300cescapeFunction\u300d\u4ee5\u7d05\u8272\u65b9\u584a\u7a81\u51fa\u986f\u793a\u3002\" width=\"700\" height=\"593\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353551-145233-8.png 1234w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353551-145233-8-519x440.png 519w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353551-145233-8-826x700.png 826w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353551-145233-8-768x651.png 768w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-145311\" class=\"wp-caption-text\">\u5716 8.\u90e8\u5206 EJS \u6e32\u67d3\u627f\u8f09\u3002<\/figcaption><\/figure>\n<p>\u4e0d\u5e78\u7684\u662f\uff0c\u6211\u5011\u7121\u6cd5\u5b8c\u5168\u9084\u539f\u9019\u500b\u60e1\u610f\u8f09\u8377\u7684\u5168\u90e8\u5167\u5bb9\u3002\u56e0\u6b64\uff0c\u6211\u5011\u53ea\u80fd\u63a8\u6e2c\u5176\u884c\u70ba\uff0c\u5305\u62ec\u4f7f\u7528\u8005\u7684\u4e3b\u76ee\u9304\u4e0b\u6703\u5efa\u7acb\u4e00\u500b\u65b0\u7684 <span style=\"font-family: 'courier new', courier, monospace;\">.jql<\/span>\u76ee\u9304 \uff0c\u4e26\u5728\u5176\u4e2d\u653e\u7f6e\u4e00\u500b\u540d\u70ba <span style=\"font-family: 'courier new', courier, monospace;\">helper.js<\/span> \u7684\u6a94\u6848\uff0c\u5167\u5bb9\u70ba Base64 \u7de8\u78bc\u7684\u8cc7\u6599\u3002<\/p>\n<h3><a id=\"post-145233-_heading=h.h37nr39qbwle\"><\/a>\u57fa\u790e\u5efa\u8a2d<\/h3>\n<p>\u4e0b\u5716 9 \u4e2d\u7684\u6642\u9593\u8ef8\u8a73\u8ff0 2024 \u5e74 2 \u6708\u81f3 2025 \u5e74 2 \u6708\u9019\u5834\u884c\u52d5\u4e2d\u6240\u4f7f\u7528\u7684 C2 \u57fa\u790e\u67b6\u69cb\uff0c\u4e26\u6309\u6240\u652f\u63f4\u7684\u5132\u5b58\u5eab\u985e\u578b (JavaScript \u6216 Python) \u5206\u985e\u3002<\/p>\n<figure id=\"attachment_145322\" aria-describedby=\"caption-attachment-145322\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-145322 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356808-145233-9.png\" alt=\"\u8ffd\u8e64 JavaScript \u6307\u4ee4\u8207\u63a7\u5236\u9805 (\u4e0a\u65b9\uff0c\u9ec3\u8272\u6a19\u7c64) \u548c Python \u6307\u4ee4\u8207\u63a7\u5236\u9805 (\u4e0b\u65b9\uff0c\u6a58\u8272\u6a19\u7c64) \u7684\u57fa\u790e\u67b6\u69cb\u6642\u9593\u8ef8\u3002\u6642\u9593\u7dda\u5f9e 2024 \u5e74\u7b2c\u4e00\u5b63\u672b\u958b\u59cb\uff0c\u4e00\u76f4\u5230 2025 \u5e74\u7b2c\u4e8c\u5b63\u3002\" width=\"1000\" height=\"906\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356808-145233-9.png 1338w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356808-145233-9-486x440.png 486w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356808-145233-9-773x700.png 773w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356808-145233-9-768x696.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-145322\" class=\"wp-caption-text\">\u5716 9.C2 \u57fa\u790e\u8a2d\u65bd\u6642\u9593\u8868\u3002<\/figcaption><\/figure>\n<p>\u5982\u524d\u6240\u8ff0\uff0c\u6b64\u6d3b\u52d5\u57fa\u790e\u67b6\u69cb\u4e2d\u7684\u7db2\u57df\u540d\u7a31\uff0c\u5e38\u4eff\u6548\u5176\u642d\u914d\u4f7f\u7528\u7684\u5408\u6cd5\u8cc7\u6599\u4f86\u6e90\u683c\u5f0f\uff0c\u4f8b\u5982 api \u6216 cdn\u7b49\u5b50\u7db2\u57df\u3002\u622a\u81f3\u672c\u6587\u767c\u8868\u524d\uff0c\u6211\u5011\u81f3\u4eca\u4ecd\u6301\u7e8c\u767c\u73fe\u8207\u6b64\u653b\u64ca\u6d3b\u52d5\u76f8\u95dc\u7684\u57fa\u790e\u5efa\u8a2d\u3002<\/p>\n<h2><a id=\"post-145233-_heading=h.4bupo3igjgan\"><\/a>\u7e3d\u7d50<\/h2>\n<p>\u672c\u5831\u544a\u4ecb\u7d39\u4e86 Slow Pisces \u8fd1\u671f\u7684\u653b\u64ca\u6d3b\u52d5\uff0c\u900f\u904e LinkedIn \u5192\u5145\u62db\u8058\u4eba\u54e1\uff0c\u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u9818\u57df\u7684\u958b\u767c\u4eba\u54e1\u9032\u884c\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002\u96d6\u7136\u6211\u5011\u7121\u6cd5\u5fa9\u539f JavaScript \u5132\u5b58\u5eab\u7684\u5b8c\u6574\u653b\u64ca\u93c8\uff0c\u4f46 Python \u7248\u672c\u7684\u6d3b\u52d5\u63d0\u4f9b\u5169\u500b\u65b0\u7684\u60e1\u610f\u8f09\u8377\uff0c\u6211\u5011\u5c07\u5176\u547d\u540d\u70ba RN Loader \u548c RN Stealer\u3002<\/p>\n<p>\u4ee5\u9019\u7a2e\u65b9\u5f0f\u4f7f\u7528 LinkedIn \u548c GitHub \u4e26\u975e\u7368\u4e00\u7121\u4e8c\u3002\u591a\u500b\u96b8\u5c6c\u65bc\u671d\u9bae\u7684\u5718\u9ad4\uff0c\u4f8b\u5982 <a href=\"https:\/\/www.reversinglabs.com\/blog\/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages\" target=\"_blank\" rel=\"noopener\">Alluring Pisces<\/a> \u548c <a href=\"https:\/\/unit42.paloaltonetworks.com\/two-campaigns-by-north-korea-bad-actors-target-job-hunters\/\" target=\"_blank\" rel=\"noopener\">Contagious Interview<\/a>\u4e5f\u4f7f\u7528\u4e86\u985e\u4f3c\u7684\u624b\u6bb5\u3002<\/p>\n<p>\u9019\u4e9b\u7d44\u7e54\u5728\u904b\u4f5c\u4e0a\u6c92\u6709\u5be6\u969b\u7684\u884c\u52d5\u91cd\u758a\u3002\u7136\u800c\uff0c\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u9019\u4e9b\u6d3b\u52d5\u4f7f\u7528\u985e\u4f3c\u7684\u521d\u59cb\u611f\u67d3\u65b9\u5f0f\u3002<\/p>\n<p>Slow Pisces \u5728\u4f5c\u696d\u5b89\u5168\u65b9\u9762\u8207\u5176\u4ed6\u7d44\u7e54\u76f8\u6bd4\u66f4\u70ba\u51fa\u8272\u3002\u6bcf\u500b\u968e\u6bb5\u7684\u8f09\u8377\u50b3\u9001\u90fd\u53d7\u5230\u56b4\u5bc6\u7684\u63a7\u7ba1\uff0c\u591a\u6578\u53ea\u5b58\u5728\u65bc\u8a18\u61b6\u9ad4\u4e2d\u3002\u800c\u8a72\u96c6\u5718\u7684\u5f8c\u671f\u5de5\u5177\u4e5f\u53ea\u6703\u5728\u5fc5\u8981\u6642\u624d\u6703\u90e8\u7f72\u3002<\/p>\n<p>\u8a72\u5c0f\u7d44\u7279\u5225\u4f7f\u7528\u5169\u7a2e\u96b1\u85cf\u529f\u80fd\u7684\u6280\u8853\uff1a<\/p>\n<ul>\n<li>YAML \u53cd\u5e8f\u5217\u5316<\/li>\n<li>EJS\u7684 <span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span><\/li>\n<\/ul>\n<p>\u9019\u5169\u7a2e\u6280\u8853\u90fd\u6703\u5927\u5927\u59a8\u7919\u5206\u6790\u3001\u5075\u6e2c\u548c\u8ffd\u6355\u5de5\u4f5c\u7684\u96e3\u5ea6\u3002\u540c\u6a23\u5730\uff0c\u52a0\u5bc6\u8ca8\u5e63\u9818\u57df\u4e2d\u76f8\u5c0d\u8f03\u65b0\u6216\u7d93\u9a57\u8f03\u6dfa\u7684\u958b\u767c\u4eba\u54e1\u4e5f\u5f88\u96e3\u5c07\u9019\u4e9b\u5132\u5b58\u5eab\u8b58\u5225\u70ba\u60e1\u610f\u5132\u5b58\u5eab\u3002<\/p>\n<p>\u6839\u64da\u6709\u95dc\u52a0\u5bc6\u8ca8\u5e63\u7aca\u6848\u7684\u516c\u958b\u5831\u544a\uff0c\u9019\u9805\u6d3b\u52d5\u4f3c\u4e4e\u975e\u5e38\u6210\u529f\uff0c\u800c\u4e14\u5f88\u53ef\u80fd\u5728 2025 \u5e74\u6301\u7e8c\u4e0b\u53bb\u3002\u96d6\u7136\u9019\u7bc7\u6587\u7ae0\u5f37\u8abf YAML deserialization \u548c EJS <span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span> \u8377\u8f09\u7684\u5169\u500b\u6f5b\u5728\u5075\u6e2c\u6a5f\u6703\uff0c\u4f46\u6700\u6709\u6548\u7684\u7de9\u89e3\u65b9\u6cd5\u4ecd\u7136\u662f\u56b4\u683c\u5206\u9694\u516c\u53f8\u548c\u500b\u4eba\u88dd\u7f6e\u7684\u4f7f\u7528\u3002\u9019\u5c07\u6709\u52a9\u65bc\u9632\u6b62\u4f01\u696d\u7cfb\u7d71\u53d7\u5230\u6709\u91dd\u5c0d\u6027\u7684\u793e\u4ea4\u5de5\u7a0b\u653b\u64ca\u3002<\/p>\n<h3><a id=\"post-145233-_heading=h.1bk0eo5vj3ip\"><\/a>Palo Alto Networks \u4fdd\u8b77\u548c\u7de9\u89e3\u529f\u80fd<\/h3>\n<p>Palo Alto Networks \u5ba2\u6236\u53ef\u900f\u904e\u4e0b\u5217\u7522\u54c1\uff0c\u66f4\u597d\u5730\u4fdd\u8b77\u514d\u53d7\u4e0a\u8ff0\u5a01\u8105\uff1a<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-url-filtering\/administration\" target=\"_blank\" rel=\"noopener\">\u9032\u968e URL \u7be9\u9078<\/a>\u548c<a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">\u9032\u968e DNS \u5b89\u5168\u6027<\/a><\/li>\n<\/ul>\n<p>\u5982\u679c\u60a8\u8a8d\u70ba\u81ea\u5df1\u53ef\u80fd\u5df2\u53d7\u5230\u653b\u64ca\u6216\u6709\u7dca\u6025\u60c5\u6cc1\uff0c\u8acb\u806f\u7d61<a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\"> Unit 42 \u4e8b\u4ef6\u56de\u61c9\u5718\u968a<\/a>\u6216\u81f4\u96fb<\/p>\n<ul>\n<li>\u5317\u7f8e\u6d32\uff1a\u514d\u8cbb\u96fb\u8a71\uff1a+1 (866) 486-4842 (866.4.unit42)<\/li>\n<li>\u82f1\u570b\uff1a+44.20.3743.3660<\/li>\n<li>\u6b50\u6d32\u548c\u4e2d\u6771\uff1a+31.20.299.3130<\/li>\n<li>\u4e9e\u6d32\uff1a+65.6983.8730<\/li>\n<li>\u65e5\u672c\uff1a+81.50.1790.0200<\/li>\n<li>\u6fb3\u6d32\uff1a+61.2.4062.7950<\/li>\n<li>\u5370\u5ea6\uff1a00080005045107<\/li>\n<\/ul>\n<p>Palo Alto Networks \u8ddf\u6211\u5011\u7684 Cyber Threat Alliance (CTA) \u540c\u696d\u5206\u4eab\u9019\u4e9b\u767c\u73fe\u3002CTA \u6703\u54e1\u5229\u7528\u9019\u4e9b\u60c5\u5831\uff0c\u8fc5\u901f\u70ba\u5ba2\u6236\u90e8\u7f72\u4fdd\u8b77\u63aa\u65bd\uff0c\u4e26\u6709\u7cfb\u7d71\u5730\u74e6\u89e3\u60e1\u610f\u7684\u7db2\u8def\u884c\u70ba\u8005\u3002\u9032\u4e00\u6b65\u77ad\u89e3 <a href=\"https:\/\/www.cyberthreatalliance.org\" target=\"_blank\" rel=\"noopener\">Cyber Threat Alliance<\/a>.<\/p>\n<h2><a id=\"post-145233-_heading=h.l6bwkgb840p9\"><\/a>\u5165\u4fb5\u6307\u6a19<\/h2>\n<table style=\"width: 90.9096%;\">\n<tbody>\n<tr>\n<td style=\"text-align: center; width: 35.6241%;\"><b>\u7db2\u57df<\/b><\/td>\n<td style=\"text-align: center; width: 23.5624%;\"><b>IP \u4f4d\u5740<\/b><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><b>\u521d\u898b<\/b><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><b>\u6700\u5f8c\u770b\u5230<\/b><\/td>\n<td style=\"text-align: center; width: 84.2917%;\"><b>\u5132\u5b58\u5eab<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">getstockprice[.]com<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">70.34.245[.]118<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2025-02-03<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2025-02-20<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]clubinfo[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">5.206.227[.]51<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2025-01-21<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2025-02-19<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">getstockprice[.]info<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">131.226.2[.]120<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2025-01-21<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2025-01-23<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]stockinfo[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">136.244.93[.]248<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-10-30<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-11-11<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]logoeye[.]net<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">54.39.83[.]151<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-10-29<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-11-03<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">en[.]wfinance[.]org<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">195.133.26[.]32<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-10-12<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-11-01<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">en[.]stocksindex[.]org<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.236.231[.]224<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-09-11<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-10-04<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]jqueryversion[.]net<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">194.11.226[.]16<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-08-23<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-09-23<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">en[.]stockslab[.]org<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">91.103.140[.]191<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-08-19<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-09-12<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">update[.]jquerycloud[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">192.236.199[.]57<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-07-03<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-08-22<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]soccerlab[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.70.124[.]70<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-08-07<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-08-21<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]coinpricehub[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">45.141.58[.]40<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-05-06<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-08-06<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Java<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]leaguehub[.]net<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">5.133.9[.]252<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-07-15<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-07-21<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]clublogos[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.19.173[.]29<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-06-24<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-07-12<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]jquery-release[.]com<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.70.125[.]120<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-06-10<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-06-28<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]logosports[.]net<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.62.58[.]74<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-05-08<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-06-23<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">skypredict[.]org<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">80.82.77[.]80<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-05-06<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-06-16<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]bitzone[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">192.248.145[.]210<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-25<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-05-13<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">weatherdatahub[.]org<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">194.15.112[.]200<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-05<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-05-03<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]ethzone[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">91.234.199[.]90<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-16<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-24<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]fivebit[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.216.144[.]41<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-08<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-14<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">blockprices[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">91.193.18[.]201<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-15<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-09<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]coinhar[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.62.58[.]122<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-26<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-04-09<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">mavenradar[.]com<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">23.254.230[.]253<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-02-21<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-26<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">indobit[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.70.88[.]126<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-19<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-20<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]thaibit[.]io<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">79.137.248[.]193<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-07<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-09<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 35.6241%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">chainanalyser[.]com<\/span><\/td>\n<td style=\"width: 23.5624%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">38.180.62[.]135<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-02-23<\/span><\/td>\n<td style=\"text-align: center; width: 12.763%;\"><span style=\"font-weight: 400;\">2024-03-06<\/span><\/td>\n<td style=\"width: 84.2917%;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><a id=\"post-145233-_heading=h.cmen6og542b1\"><\/a>\u5176\u4ed6\u8cc7\u6e90<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250226\" target=\"_blank\" rel=\"noopener\">\u5317\u97d3\u5c0d\u50f9\u503c 15 \u5104\u7f8e\u5143\u7684 Bybit \u99ed\u5ba2\u884c\u70ba\u8ca0\u8cac<\/a> - \u7db2\u969b\u7db2\u8def\u72af\u7f6a\u7533\u8a34\u4e2d\u5fc3 (IC3)<\/li>\n<li><a href=\"https:\/\/www.fbi.gov\/news\/press-releases\/fbi-dc3-and-npa-identification-of-north-korean-cyber-actors-tracked-as-tradertraitor-responsible-for-theft-of-308-million-from-bitcoindmmcom\" target=\"_blank\" rel=\"noopener\">FBI\u3001DC3 \u548c NPA \u8b58\u5225\u5317\u97d3\u7db2\u8def\u9a19\u5f92\uff0c\u8ffd\u8e64\u5176\u70ba TraderTraitor\uff0c\u5c0d Bitcoin.DMM.com 3.08 \u5104\u7f8e\u5143\u5931\u7aca\u6848\u8ca0\u8cac<\/a> \u2013 \u806f\u90a6\u8abf\u67e5\u5c40<\/li>\n<li><a href=\"https:\/\/github.blog\/security\/vulnerability-research\/security-alert-social-engineering-campaign-targets-technology-industry-employees\/\" target=\"_blank\" rel=\"noopener\">\u5b89\u5168\u8b66\u793a\uff1a\u793e\u6703\u5de5\u7a0b\u6d3b\u52d5\u91dd\u5c0d\u79d1\u6280\u7522\u696d\u54e1\u5de5<\/a> - GitHub \u90e8\u843d\u683c<\/li>\n<li><a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/north-korea-supply-chain\" target=\"_blank\" rel=\"noopener\">\u5317\u97d3\u5229\u7528 SaaS \u4f9b\u61c9\u5546\u9032\u884c\u91dd\u5c0d\u6027\u7684\u4f9b\u61c9\u93c8\u653b\u64ca<\/a> - Mandiant\u3001Google \u96f2\u7aef<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002<\/p>\n","protected":false},"author":366,"featured_media":138781,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[8822,8786,8732],"tags":[9286,9189,9287,9288,9289,9290,9190],"product_categories":[8958,8974,8953,9085,9153],"coauthors":[8711],"class_list":["post-145233","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threat-actor-groups-zh-hant","category-malware-zh-hant","category-cybercrime-zh-hant","tag-cryptocurrency-zh-hant","tag-dprk-zh-hant","tag-github-zh-hant","tag-infostealer-zh-hant","tag-javascript-malware-zh-hant","tag-slow-pisces-zh-hant","tag-social-engineering-zh-hant","product_categories-advanced-dns-security-zh-hant","product_categories-advanced-url-filtering-zh-hant","product_categories-cloud-delivered-security-services-zh-hant","product_categories-next-generation-firewall-zh-hant","product_categories-unit-42-incident-response-zh-hant"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4<\/title>\n<meta name=\"description\" content=\"\u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002 \u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/\" \/>\n<meta property=\"og:locale\" content=\"zh_TW\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4\" \/>\n<meta property=\"og:description\" content=\"\u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002 \u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-14T17:31:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-04T18:41:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Prashil Pattni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4","description":"\u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002 \u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/","og_locale":"zh_TW","og_type":"article","og_title":"Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4","og_description":"\u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002 \u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/","og_site_name":"Unit 42","article_published_time":"2025-04-14T17:31:14+00:00","article_modified_time":"2025-07-04T18:41:29+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","type":"image\/png"}],"author":"Prashil Pattni","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/"},"author":{"name":"Sheida Azimi","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/7ee97ec6f224446d57c0383eb5fd3639"},"headline":"Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4","datePublished":"2025-04-14T17:31:14+00:00","dateModified":"2025-07-04T18:41:29+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/"},"wordCount":739,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","keywords":["Cryptocurrency","DPRK","GitHub","Infostealer","JavaScript Malware","Slow Pisces","social engineering"],"articleSection":["\u5a01\u8105\u884c\u52d5\u8005\u5718\u9ad4","\u60e1\u610f\u8edf\u9ad4","\u7db2\u8def\u72af\u7f6a"],"inLanguage":"zh-TW","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/","url":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/","name":"Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","datePublished":"2025-04-14T17:31:14+00:00","dateModified":"2025-07-04T18:41:29+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/7ee97ec6f224446d57c0383eb5fd3639"},"description":"\u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002 \u5317\u671d\u9bae\u570b\u5bb6\u8d0a\u52a9\u7684\u7d44\u7e54 Slow Pisces (Jade Sleet) \u91dd\u5c0d\u52a0\u5bc6\u8ca8\u5e63\u958b\u767c\u4eba\u54e1\u9032\u884c\u793e\u4ea4\u5de5\u7a0b\u6d3b\u52d5\uff0c\u5176\u4e2d\u5305\u62ec\u60e1\u610f\u7684\u7de8\u78bc\u6311\u6230\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#breadcrumb"},"inLanguage":"zh-TW","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/"]}]},{"@type":"ImageObject","inLanguage":"zh-TW","@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","width":1920,"height":900,"caption":"Pictorial representation of APT Slow Pisces. The silhouette of two fish and the Pisces constellation inside an orange abstract planet. Background of stars and swirling purple and blue colors."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/zh-hant\/slow-pisces-new-custom-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/"},{"@type":"ListItem","position":2,"name":"Slow Pisces \u4ee5\u958b\u767c\u4eba\u54e1\u70ba\u7de8\u78bc\u6311\u6230\u76ee\u6a19\uff0c\u4e26\u63a8\u51fa\u65b0\u7684\u5ba2\u88fd\u5316 Python \u60e1\u610f\u8edf\u9ad4"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-TW"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/7ee97ec6f224446d57c0383eb5fd3639","name":"Sheida Azimi","image":{"@type":"ImageObject","inLanguage":"zh-TW","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/9213e49ea48b7676660bac40d05c9e3e","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Sheida Azimi"},"url":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/author\/sheida-azimi\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/posts\/145233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/users\/366"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/comments?post=145233"}],"version-history":[{"count":4,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/posts\/145233\/revisions"}],"predecessor-version":[{"id":145347,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/posts\/145233\/revisions\/145347"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/media\/138781"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/media?parent=145233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/categories?post=145233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/tags?post=145233"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/product_categories?post=145233"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/zh-hant\/wp-json\/wp\/v2\/coauthors?post=145233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}