{"id":120022,"date":"2025-08-21T12:15:52","date_gmt":"2025-08-21T04:15:52","guid":{"rendered":"https:\/\/version-2.com\/?p=120022"},"modified":"2025-08-21T12:19:44","modified_gmt":"2025-08-21T04:19:44","slug":"%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/","title":{"rendered":"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/h1>\n

\u6211\u5011\u90fd\u66fe\u5f97\u904e\u300c\u90a3\u7a2e\u611f\u5192\u300d\u2014\u2014 \u5927\u591a\u6578\u75c7\u72c0\u90fd\u5df2\u6d88\u5931\uff0c\u537b\u7559\u4e0b\u4e86\u60f1\u4eba\u3001\u6301\u7e8c\u6578\u9031\u7684\u54b3\u55fd\u3002\u5728\u7db2\u7d61\u5b89\u5168\u7684\u4e16\u754c\u88e1\uff0c\u300c\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\u300d\uff08Advanced Persistent Threat, APT\uff09\u5c31\u76f8\u7576\u65bc\u60a8\u6578\u78bc\u74b0\u5883\u4e2d\u90a3\u9811\u56fa\u7684\u54b3\u55fd\uff0c\u53ea\u662f\u5176\u5371\u5bb3\u9060\u4e0d\u6b62\u65bc\u6b64\u3002\u9019\u662f\u4e00\u7a2e\u6084\u6084\u5730\u4fb5\u5165\u60a8\u7db2\u7d61\uff0c\u7136\u5f8c\u6f5b\u4f0f\u5728\u9670\u5f71\u4e2d\uff0c\u8010\u5fc3\u7b49\u5f85\u4ee5\u9054\u6210\u5176\u76ee\u6a19\u7684\u653b\u64ca\u3002<\/p>\n\u7406\u89e3\u9019\u4e9b\u7121\u8072\u7684\u3001\u9577\u671f\u7684\u5a01\u8105\uff0c\u662f\u70ba\u60a8\u7684\u4f01\u696d\u5efa\u7acb\u771f\u6b63\u5177\u97cc\u6027\u9632\u79a6\u7684\u7b2c\u4e00\u6b65\u3002\n\n\u4ec0\u9ebc\u662f\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff1f<\/strong>\n\n\u300c\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\u300d\uff08APT\uff09\u662f\u4e00\u7a2e\u9ad8\u5ea6\u8907\u96dc\u3001\u76ee\u6a19\u660e\u78ba\u7684\u7db2\u7d61\u653b\u64ca\uff0c\u60e1\u610f\u884c\u70ba\u8005\u5728\u672a\u7d93\u6388\u6b0a\u7684\u60c5\u6cc1\u4e0b\u5b58\u53d6\u7db2\u7d61\uff0c\u4e26\u5728\u5176\u4e2d\u6f5b\u4f0f\u4e00\u6bb5\u5f88\u9577\u7684\u6642\u9593\u800c\u4e0d\u88ab\u767c\u73fe\u3002\u8207\u5c08\u6ce8\u65bc\u5feb\u901f\u7372\u5229\u7684\u5e38\u898b\u7db2\u7d61\u72af\u7f6a\u5206\u5b50\u4e0d\u540c\uff0cAPT \u653b\u64ca\u8005\u63a1\u7684\u662f\u300c\u653e\u9577\u7dda\u91e3\u5927\u9b5a\u300d\u7684\u7b56\u7565\u3002\u9019\u500b\u540d\u5b57\u672c\u8eab\u5c31\u8aaa\u660e\u4e86\u4e00\u5207\uff1a\n

    \n \t
  • \u9032\u968e (Advanced)\uff1a<\/strong>\u653b\u64ca\u8005\u4f7f\u7528\u8907\u96dc\u4e14\u901a\u5e38\u662f\u5ba2\u88fd\u5316\u7684\u5de5\u5177\u548c\u6280\u8853\u4f86\u7a81\u7834\u9632\u7dda\u3002\u4ed6\u5011\u6709\u689d\u4e0d\u7d0a\u3001\u8cc7\u91d1\u5145\u88d5\u4e14\u8010\u5fc3\u5341\u8db3\u3002<\/li>\n \t
  • \u6301\u7e8c\u6027 (Persistent)\uff1a<\/strong>\u9019\u4e0d\u662f\u4e00\u6b21\u6027\u7684\u4e8b\u4ef6\u3002\u5176\u4e3b\u8981\u76ee\u6a19\u662f\u5728\u76ee\u6a19\u7db2\u7d61\u5167\u5efa\u7acb\u4e00\u500b\u9577\u671f\u7684\u7acb\u8db3\u9ede\uff0c\u7dad\u6301\u6578\u6708\u751a\u81f3\u6578\u5e74\u7684\u5b58\u53d6\u6b0a\u9650\uff0c\u4ee5\u6301\u7e8c\u6536\u96c6\u60c5\u5831\u3002<\/li>\n \t
  • \u5a01\u8105 (Threat)\uff1a<\/strong>\u653b\u64ca\u80cc\u5f8c\u662f\u4e00\u500b\u6709\u7d44\u7e54\u7684\u4eba\u70ba\u5c0d\u624b\u2014\u2014\u800c\u4e0d\u50c5\u50c5\u662f\u4e00\u500b\u81ea\u52d5\u5316\u8173\u672c\u3002\u9019\u4e9b\u5a01\u8105\u884c\u70ba\u8005\u901a\u5e38\u662f\u7d44\u7e54\u56b4\u5bc6\u7684\u5718\u9ad4\uff0c\u91dd\u5c0d\u653f\u5e9c\u6a5f\u69cb\u3001\u570b\u9632\u627f\u5305\u5546\u548c\u5927\u578b\u4f01\u696d\u7b49\u9ad8\u50f9\u503c\u5be6\u9ad4\uff0c\u4ee5\u9032\u884c\u5546\u696d\u6216\u570b\u969b\u9593\u8adc\u6d3b\u52d5\u3002<\/li>\n<\/ul>\n\u4ed6\u5011\u7684\u4e3b\u8981\u76ee\u6a19\u662f\u7aca\u53d6\u8cc7\u6599\u548c\u6536\u96c6\u60c5\u5831\uff0c\u800c\u975e\u7834\u58de\u7cfb\u7d71\u4ee5\u9020\u6210\u5e72\u64fe\u3002\n\n\u7121\u8072\u5165\u4fb5\u7684\u5256\u6790\uff1aAPT \u7684\u751f\u547d\u9031\u671f<\/strong>\n\nAPT \u653b\u64ca\u6309\u90e8\u5c31\u73ed\u5730\u5206\u968e\u6bb5\u5c55\u958b\u3002\u5118\u7ba1\u5177\u9ad4\u5de5\u5177\u53ef\u80fd\u6709\u6240\u4e0d\u540c\uff0c\u4f46\u5176\u7b56\u7565\u6d41\u7a0b\u662f\u4e00\u81f4\u7684\u3002\n\n\u968e\u6bb5\u4e00\uff1a\u6ef2\u900f \u2013 \u6084\u7136\u6f5b\u5165<\/strong>\n\n\u7b2c\u4e00\u6b65\u662f\u7372\u53d6\u521d\u59cb\u5b58\u53d6\u6b0a\u9650\u3002\u653b\u64ca\u8005\u5c31\u50cf\u7aca\u8cca\u5728\u8e29\u9ede\u4e00\u6a23\uff0c\u4ed4\u7d30\u5c0b\u627e\u9032\u5165\u7684\u9014\u5f91\u3002\n
      \n \t
    • \u5075\u5bdf (Reconnaissance)\uff1a<\/strong>\u4ed6\u5011\u6383\u63cf\u7db2\u7d61\u5c0b\u627e\u6f0f\u6d1e\u3001\u8b58\u5225\u8a2d\u5b9a\u4e0d\u7576\u7684\u7cfb\u7d71\uff0c\u4e26\u6536\u96c6\u6709\u95dc\u54e1\u5de5\u548c\u57fa\u790e\u8a2d\u65bd\u7684\u60c5\u5831\u3002<\/li>\n \t
    • \u521d\u59cb\u5b58\u53d6 (Initial Access)\uff1a<\/strong>\u4ed6\u5011\u5229\u7528\u5075\u5bdf\u7d50\u679c\u7a81\u7834\u908a\u754c\u9632\u79a6\u3002\u5e38\u898b\u65b9\u6cd5\u5305\u62ec\u91dd\u5c0d\u6027\u7684\u7db2\u7d61\u91e3\u9b5a\u653b\u64ca\u4ee5\u7aca\u53d6\u6191\u8b49\u3001\u5229\u7528\u672a\u4fee\u88dc\u7684\u8edf\u9ad4\u6f0f\u6d1e\uff0c\u751a\u81f3\u5f9e\u6697\u7db2\u4e0a\u7684\u300c\u521d\u59cb\u5b58\u53d6\u6b0a\u9650\u4ee3\u7406\u4eba\u300d\uff08Initial Access Brokers\uff09\u8cfc\u8cb7\u5b58\u53d6\u6b0a\u9650\u3002<\/li>\n \t
    • \u5efa\u7acb\u7acb\u8db3\u9ede (Establish a Foothold)\uff1a<\/strong>\u4e00\u65e6\u9032\u5165\u5167\u90e8\uff0c\u4ed6\u5011\u6703\u7acb\u5373\u90e8\u7f72\u50cf\u5f8c\u9580\uff08backdoors\uff09\u6216 Rootkit \u7b49\u5de5\u5177\u3002\u9019\u78ba\u4fdd\u5373\u4f7f\u6700\u521d\u7684\u5165\u53e3\u88ab\u767c\u73fe\u4e26\u95dc\u9589\uff0c\u4ed6\u5011\u4ecd\u80fd\u7dad\u6301\u5c0d\u53d7\u99ed\u7cfb\u7d71\u7684\u5b58\u53d6\u6b0a\u9650\u3002<\/li>\n<\/ul>\n\u968e\u6bb5\u4e8c\uff1a\u64f4\u5f35 \u2013 \u7e6a\u88fd\u9818\u571f\u5730\u5716<\/strong>\n\n\u5728\u78ba\u4fdd\u7acb\u8db3\u9ede\u5f8c\uff0c\u653b\u64ca\u8005\u958b\u59cb\u9032\u884c\u63a2\u7d22\u3002\u6b64\u968e\u6bb5\u7684\u91cd\u9ede\u662f\u66f4\u6df1\u5165\u5730\u6ef2\u900f\u7db2\u7d61\u4e26\u7372\u53d6\u66f4\u591a\u63a7\u5236\u6b0a\u3002\n
        \n \t
      • \u6a6b\u5411\u79fb\u52d5 (Lateral Movement)\uff1a<\/strong>\u653b\u64ca\u8005\u5728\u7cfb\u7d71\u4e4b\u9593\u6084\u6084\u79fb\u52d5\uff0c\u7e6a\u88fd\u7db2\u7d61\u67b6\u69cb\u5716\uff0c\u4e26\u627e\u51fa\u5132\u5b58\u6709\u50f9\u503c\u8cc7\u6599\u7684\u4f4d\u7f6e\u3002<\/li>\n \t
      • \u6b0a\u9650\u63d0\u5347 (Privilege Escalation)\uff1a<\/strong>\u521d\u59cb\u5165\u4fb5\u901a\u5e38\u662f\u900f\u904e\u6b0a\u9650\u6709\u9650\u7684\u6a19\u6e96\u7528\u6236\u5e33\u6236\u3002\u63a5\u8457\uff0c\u653b\u64ca\u8005\u6703\u52aa\u529b\u63d0\u5347\u5176\u6b0a\u9650\uff0c\u901a\u5e38\u662f\u91dd\u5c0d\u4e26\u596a\u53d6\u7ba1\u7406\u54e1\u5e33\u6236\u3002\u7372\u5f97\u6b64\u7b49\u7d1a\u7684\u5b58\u53d6\u6b0a\u9650\u8b93\u4ed6\u5011\u80fd\u5920\u505c\u7528\u5b89\u5168\u63a7\u5236\u3001\u64cd\u63a7\u7cfb\u7d71\u4e26\u81ea\u7531\u884c\u52d5\u3002<\/li>\n<\/ul>\n\u968e\u6bb5\u4e09\uff1a\u7aca\u53d6 \u2013 \u57f7\u884c\u52ab\u6848<\/strong>\n\n\u9019\u662f\u4ed6\u5011\u6240\u6709\u52aa\u529b\u7684\u6700\u7d42\u968e\u6bb5\u3002\u5728\u7e6a\u88fd\u4e86\u7db2\u7d61\u5730\u5716\u4e26\u7372\u5f97\u4e86\u7279\u6b0a\u5b58\u53d6\u6b0a\u9650\u5f8c\uff0c\u653b\u64ca\u8005\u958b\u59cb\u7aca\u53d6\u76ee\u6a19\u8cc7\u6599\u3002\n
          \n \t
        • \u8cc7\u6599\u6536\u96c6\u8207\u5916\u6d29 (Data Collection & Exfiltration)\uff1a<\/strong>\u4ed6\u5011\u6536\u96c6\u3001\u52a0\u5bc6\u4e26\u58d3\u7e2e\u654f\u611f\u8cc7\u6599\uff0c\u7136\u5f8c\u5c07\u5176\u50b3\u8f38\u5230\u81ea\u5df1\u7684\u4f3a\u670d\u5668\u3002\u70ba\u907f\u514d\u88ab\u5075\u6e2c\uff0c\u4ed6\u5011\u901a\u5e38\u6703\u4ee5\u7de9\u6162\u3001\u5c11\u91cf\u7684\u65b9\u5f0f\u7aca\u53d6\u8cc7\u6599\uff0c\u4ee5\u6a21\u4eff\u6b63\u5e38\u7684\u7db2\u7d61\u6d41\u91cf\u3002<\/li>\n \t
        • \u63a9\u84cb\u8e64\u8de1 (Covering Their Tracks)\uff1a<\/strong>\u70ba\u5728\u7aca\u53d6\u8cc7\u6599\u671f\u9593\u5206\u6563\u5b89\u5168\u5718\u968a\u7684\u6ce8\u610f\u529b\uff0cAPT \u96c6\u5718\u53ef\u80fd\u6703\u767c\u52d5\u8072\u6771\u64ca\u897f\u7684\u653b\u64ca\uff0c\u4f8b\u5982\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9\uff08DDoS\uff09\u653b\u64ca\u6216\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u3002<\/li>\n \t
        • \u6301\u7e8c\u6f5b\u4f0f (Remaining Embedded)\uff1a<\/strong>\u5373\u4f7f\u5728\u521d\u6b21\u7aca\u53d6\u8cc7\u6599\u5f8c\uff0c\u653b\u64ca\u8005\u53ef\u80fd\u4ecd\u9078\u64c7\u96b1\u85cf\u5728\u7db2\u7d61\u4e2d\uff0c\u4ee5\u4fbf\u5728\u672a\u4f86\u767c\u52d5\u66f4\u591a\u653b\u64ca\u6216\u9577\u671f\u6301\u7e8c\u7aca\u53d6\u8cc7\u8a0a\u3002<\/li>\n<\/ul>\n\u7375\u6355\u6578\u78bc\u9b45\u5f71\uff1a\u5982\u4f55\u5075\u6e2c APT<\/strong>\n\n\u7531\u65bc APT \u7684\u8a2d\u8a08\u65e8\u5728\u96b1\u533f\uff0c\u56e0\u6b64\u5075\u6e2c\u6975\u5177\u6311\u6230\u6027\u3002\u5b89\u5168\u5718\u968a\u5fc5\u9808\u5f9e\u5c0b\u627e\u97ff\u4eae\u7684\u8b66\u5831\uff0c\u8f49\u8b8a\u70ba\u8ffd\u7375\u90a3\u4e9b\u5fae\u5c0f\u7684\u7570\u5e38\u2014\u2014\u7576\u9019\u4e9b\u7dda\u7d22\u4e32\u9023\u8d77\u4f86\u6642\uff0c\u4fbf\u63ed\u793a\u4e86\u4e00\u500b\u96b1\u85cf\u5165\u4fb5\u8005\u7684\u6545\u4e8b\u3002\u95dc\u9375\u8de1\u8c61\u5305\u62ec\uff1a\n
            \n \t
          • \u7570\u5e38\u7684\u767b\u5165\u6d3b\u52d5\uff1a<\/strong>\u5c0b\u627e\u4e0d\u5c0b\u5e38\u7684\u6a21\u5f0f\uff0c\u7279\u5225\u662f\u7279\u6b0a\u5e33\u6236\uff0c\u4f8b\u5982\u5728\u975e\u6b63\u5e38\u8fa6\u516c\u6642\u9593\u6216\u5f9e\u610f\u5916\u7684\u5730\u7406\u4f4d\u7f6e\u767b\u5165\u3002<\/li>\n \t
          • \u610f\u5916\u7684\u8cc7\u6599\u6d41\uff1a<\/strong>\u76e3\u63a7\u7570\u5e38\u7684\u7db2\u7d61\u6d41\u91cf\uff0c\u4f8b\u5982\u5927\u91cf\u8cc7\u6599\u50b3\u8f38\u5230\u5916\u90e8\u4f3a\u670d\u5668\u6216\u4e0d\u5c0b\u5e38\u7684\u5167\u90e8\u8cc7\u6599\u6253\u5305\uff0c\u9019\u53ef\u80fd\u8868\u793a\u8cc7\u6599\u6b63\u6e96\u5099\u88ab\u7aca\u53d6\u3002<\/li>\n \t
          • \u5ee3\u6cdb\u5b58\u5728\u7684\u5f8c\u9580\u6728\u99ac\u7a0b\u5f0f\uff1a<\/strong>\u767c\u73fe\u65e8\u5728\u7dad\u6301\u6301\u7e8c\u5b58\u53d6\u6b0a\u9650\u7684\u8907\u96dc\u60e1\u610f\u8edf\u9ad4\uff0c\u4e14\u5b58\u5728\u65bc\u591a\u53f0\u6a5f\u5668\u4e0a\uff0c\u662f APT \u7684\u4e00\u500b\u5f37\u70c8\u6307\u6a19\u3002<\/li>\n \t
          • \u5fae\u5c0f\u4e14\u6301\u7e8c\u7684\u554f\u984c\uff1a<\/strong>\u770b\u4f3c\u5fae\u4e0d\u8db3\u9053\u7684\u3001\u53cd\u8986\u51fa\u73fe\u7684\u5c0f\u7570\u5e38\u6216\u7121\u6cd5\u89e3\u91cb\u7684\u5e33\u6236\u9396\u5b9a\uff0c\u53ef\u80fd\u662f\u4e00\u500b\u66f4\u5927\u898f\u6a21\u3001\u6709\u7d44\u7e54\u653b\u64ca\u7684\u4e00\u90e8\u5206\u3002<\/li>\n<\/ul>\n\u5efa\u7acb\u5177\u97cc\u6027\u7684\u9632\u79a6\u4ee5\u5c0d\u6297 APT<\/strong>\n\n\u8981\u9632\u79a6\u4e00\u500b\u6709\u8010\u5fc3\u4e14\u8cc7\u6e90\u5145\u8db3\u7684\u5c0d\u624b\uff0c\u9700\u8981\u4e00\u500b\u591a\u5c64\u6b21\u3001\u4e3b\u52d5\u7a4d\u6975\u7684\u5b89\u5168\u7b56\u7565\u3002\u95dc\u9375\u7684\u6700\u4f73\u5be6\u8e10\u5305\u62ec\uff1a\n
              \n \t
            • \u7e2e\u5c0f\u653b\u64ca\u9762\uff1a<\/strong>\u5b9a\u671f\u61c9\u7528\u5b89\u5168\u66f4\u65b0\u3001\u5be6\u65bd\u56b4\u683c\u7684\u9632\u706b\u7246\u898f\u5247\uff0c\u4e26\u6301\u7e8c\u6383\u63cf\u548c\u4fee\u5fa9\u6f0f\u6d1e\uff0c\u4ee5\u6e1b\u5c11\u653b\u64ca\u8005\u7684\u5165\u4fb5\u9ede\u3002<\/li>\n \t
            • \u5be6\u65bd\u56b4\u683c\u7684\u5b58\u53d6\u63a7\u5236\uff1a<\/strong>\u9075\u5faa\u300c\u6700\u5c0f\u6b0a\u9650\u539f\u5247\u300d\uff0c\u78ba\u4fdd\u7528\u6236\u53ea\u80fd\u5b58\u53d6\u5176\u5de5\u4f5c\u6240\u5fc5\u9700\u7684\u8cc7\u6599\u548c\u7cfb\u7d71\u3002\u90e8\u7f72\u7279\u6b0a\u5b58\u53d6\u7ba1\u7406\uff08PAM\uff09\u89e3\u6c7a\u65b9\u6848\uff0c\u4ee5\u5bc6\u5207\u76e3\u63a7\u548c\u63a7\u5236\u9ad8\u50f9\u503c\u5e33\u6236\u3002<\/li>\n \t
            • \u63a1\u7d0d\u4e3b\u52d5\u7a4d\u6975\u7684\u5fc3\u614b\uff1a<\/strong>\u4e0d\u8981\u7b49\u5f85\u8b66\u5831\u97ff\u8d77\u3002\u5be6\u65bd\u4e26\u81ea\u52d5\u5316\u5a01\u8105\u72e9\u7375\uff08threat hunting\uff09\uff0c\u4e3b\u52d5\u641c\u5c0b\u5165\u4fb5\u6307\u6a19\u3002\u5c07\u60a8\u7684\u9632\u79a6\u63aa\u65bd\u5c0d\u61c9\u5230 MITRE ATT&CK \u7b49\u6846\u67b6\uff0c\u6709\u52a9\u65bc\u60a8\u5c08\u6ce8\u65bc\u5df2\u77e5 APT \u96c6\u5718\u4f7f\u7528\u7684\u6230\u8853\u548c\u6280\u8853\u3002<\/li>\n \t
            • \u4fdd\u8b77\u9060\u7aef\u9023\u7dda\uff1a<\/strong>\u4f7f\u7528\u865b\u64ec\u79c1\u4eba\u7db2\u7d61\uff08VPN\uff09\u52a0\u5bc6\u6240\u6709\u9060\u7aef\u9023\u7dda\uff0c\u4f7f\u653b\u64ca\u8005\u66f4\u96e3\u5728\u50b3\u8f38\u904e\u7a0b\u4e2d\u6514\u622a\u8cc7\u6599\u3002<\/li>\n<\/ul>\n
              \n\n\u7d50\u8ad6\uff1a\u4fdd\u6301\u8b66\u60d5\u7684\u91cd\u8981\u6027<\/strong>\n\n\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\u4e26\u975e\u5435\u96dc\u7684\u300c\u7838\u4e86\u5c31\u8dd1\u300d\u5f0f\u6436\u52ab\uff1b\u5b83\u5011\u662f\u8010\u5fc3\u3001\u6709\u689d\u4e0d\u7d0a\u7684\u9593\u8adc\u6d3b\u52d5\u3002\u8981\u5075\u6e2c\u548c\u7de9\u89e3\u5b83\u5011\uff0c\u9700\u8981\u5f9e\u88ab\u52d5\u7684\u61c9\u5c0d\u59ff\u614b\uff0c\u6839\u672c\u6027\u5730\u8f49\u8b8a\u70ba\u4e3b\u52d5\u7684\u3001\u6301\u7e8c\u7684\u8b66\u6212\u72c0\u614b\u3002\u900f\u904e\u4e86\u89e3\u5b83\u5011\u7684\u65b9\u6cd5\u3001\u8ffd\u7375\u5176\u5b58\u5728\u7684\u5fae\u5c0f\u8de1\u8c61\uff0c\u4e26\u5efa\u7acb\u6df1\u5165\u3001\u4e3b\u52d5\u7684\u9632\u79a6\uff0c\u4f01\u696d\u53ef\u4ee5\u5c07\u5176\u7db2\u7d61\u5f9e\u4e00\u500b\u7375\u5834\uff0c\u8f49\u8b8a\u70ba\u4e00\u5ea7\u5805\u4e0d\u53ef\u6467\u7684\u5821\u58d8\u3002\n\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t\t\t
              \t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t\t
              \n\t\t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t\t\t\t\t

              \u95dc\u65bc Graylog<\/strong>
              Graylog \u901a\u904e\u5b8c\u6574\u7684 SIEM\u3001\u4f01\u696d\u65e5\u8a8c\u7ba1\u7406\u548c API \u5b89\u5168\u89e3\u6c7a\u65b9\u6848\uff0c\u63d0\u5347\u516c\u53f8\u4f01\u696d\u7db2\u7d61\u5b89\u5168\u80fd\u529b\u3002Graylog \u96c6\u4e2d\u76e3\u63a7\u653b\u64ca\u9762\u4e26\u9032\u884c\u6df1\u5165\u8abf\u67e5\uff0c\u63d0\u4f9b\u5353\u8d8a\u7684\u5a01\u8105\u6aa2\u6e2c\u548c\u4e8b\u4ef6\u56de\u61c9\u3002\u516c\u53f8\u7368\u7279\u7d50\u5408 AI \/ ML \u6280\u8853\u3001\u5148\u9032\u7684\u5206\u6790\u548c\u76f4\u89c0\u7684\u8a2d\u8a08\uff0c\u7c21\u5316\u4e86\u7db2\u7d61\u5b89\u5168\u64cd\u4f5c\u3002\u8207\u7af6\u722d\u5c0d\u624b\u8907\u96dc\u4e14\u6602\u8cb4\u7684\u8a2d\u7f6e\u4e0d\u540c\uff0cGraylog \u63d0\u4f9b\u5f37\u5927\u4e14\u7d93\u6fdf\u5be6\u60e0\u7684\u89e3\u6c7a\u65b9\u6848\uff0c\u5e6b\u52a9\u516c\u53f8\u4f01\u696d\u8f15\u9b06\u61c9\u5c0d\u5b89\u5168\u6311\u6230\u3002Graylog \u6210\u7acb\u65bc\u5fb7\u570b\u6f22\u5821\uff0c\u76ee\u524d\u7e3d\u90e8\u4f4d\u65bc\u7f8e\u570b\u4f11\u65af\u9813\uff0c\u670d\u52d9\u8986\u84cb\u8d85\u904e 180 \u500b\u570b\u5bb6\u3002<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

              \n\t\t\t\t\t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t\t
              \n\t\t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t\t\t\t\t

              \u95dc\u65bc Version 2 Digital<\/strong>
              Version 2 Digital \u662f\u7acb\u8db3\u4e9e\u6d32\u7684\u589e\u503c\u4ee3\u7406\u5546\u53caIT\u958b\u767c\u8005\u3002\u516c\u53f8\u5728\u7db2\u7d61\u5b89\u5168\u3001\u96f2\u7aef\u3001\u6578\u64da\u4fdd\u8b77\u3001\u7d42\u7aef\u8a2d\u5099\u3001\u57fa\u790e\u8a2d\u65bd\u3001\u7cfb\u7d71\u76e3\u63a7\u3001\u5b58\u5132\u3001\u7db2\u7d61\u7ba1\u7406\u3001\u5546\u696d\u751f\u7522\u529b\u548c\u901a\u4fe1\u7522\u54c1\u7b49\u5404\u500b\u9818\u57df\u4ee3\u7406\u767c\u5c55\u5404\u7a2e IT \u7522\u54c1\u3002\u900f\u904e\u516c\u53f8\u9f90\u5927\u7684\u7db2\u7d61\u3001\u901a\u8def\u3001\u92b7\u552e\u9ede\u3001\u5206\u92b7\u5546\u53ca\u5408\u4f5c\u5925\u4f34\uff0cVersion 2 \u63d0\u4f9b\u5ee3\u88ab\u5e02\u5834\u8b9a\u8cde\u7684\u7522\u54c1\u53ca\u670d\u52d9\u3002Version 2 \u7684\u92b7\u552e\u7db2\u7d61\u5305\u62ec\u53f0\u7063\u3001\u9999\u6e2f\u3001\u6fb3\u9580\u3001\u4e2d\u570b\u5927\u9678\u3001\u65b0\u52a0\u5761\u3001\u99ac\u4f86\u897f\u4e9e\u7b49\u5404\u4e9e\u592a\u5730\u5340\uff0c\u5ba2\u6236\u4f86\u81ea\u5404\u884c\u5404\u696d\uff0c\u5305\u62ec\u5168\u7403 1000 \u5927\u8de8\u570b\u4f01\u696d\u3001\u4e0a\u5e02\u516c\u53f8\u3001\u516c\u7528\u4e8b\u696d\u3001\u91ab\u7642\u3001\u91d1\u878d\u3001\u6559\u80b2\u6a5f\u69cb\u3001\u653f\u5e9c\u90e8\u9580\u3001\u7121\u6578\u6210\u529f\u7684\u4e2d\u5c0f\u4f01\u53ca\u4f86\u81ea\u4e9e\u6d32\u5404\u57ce\u5e02\u7684\u6d88\u8cbb\u5e02\u5834\u5ba2\u6236\u3002<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

              2025-04-03  Mustang Panda uses MAVInject to inject malicious code via spear-phishing, repurposing Windows tools. This article details their attack chain and provides detection methods using Graylog and SigmaHQ to counter these stealthy threats.<\/p>\n","protected":false},"author":149011790,"featured_media":112472,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1303,1305,61],"tags":[1077,1304,1319],"class_list":["post-120022","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-graylog","category-1305","category-press-release","tag-1077","tag-graylog","tag-home-page"],"acf":[],"yoast_head":"\n\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105 - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/version-2.com.tw\/2025\/08\/\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08apt\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105 - Version 2\" \/>\n<meta property=\"og:description\" content=\"2025-04-03  Mustang Panda uses MAVInject to inject malicious code via spear-phishing, repurposing Windows tools. This article details their attack chain and provides detection methods using Graylog and SigmaHQ to counter these stealthy threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/version-2.com.tw\/2025\/08\/\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08apt\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-21T04:15:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-21T04:19:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2025\/06\/post-img-graylog.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1768\" \/>\n\t<meta property=\"og:image:height\" content=\"956\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105\",\"datePublished\":\"2025-08-21T04:15:52+00:00\",\"dateModified\":\"2025-08-21T04:19:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/\"},\"wordCount\":55,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/post-img-graylog.jpg\",\"keywords\":[\"2025\",\"Graylog\",\"home-page\"],\"articleSection\":[\"Graylog\",\"2025\",\"Press Release\"],\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/\",\"url\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/\",\"name\":\"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105 - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/post-img-graylog.jpg\",\"datePublished\":\"2025-08-21T04:15:52+00:00\",\"dateModified\":\"2025-08-21T04:19:44+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#primaryimage\",\"url\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/post-img-graylog.jpg\",\"contentUrl\":\"https:\\\/\\\/version-2.com\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/post-img-graylog.jpg\",\"width\":1768,\"height\":956},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/version-2.com.tw\\\/2025\\\/08\\\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105 - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/version-2.com.tw\/2025\/08\/\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08apt\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\/","og_locale":"zh_HK","og_type":"article","og_title":"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105 - Version 2","og_description":"2025-04-03  Mustang Panda uses MAVInject to inject malicious code via spear-phishing, repurposing Windows tools. This article details their attack chain and provides detection methods using Graylog and SigmaHQ to counter these stealthy threats.","og_url":"https:\/\/version-2.com.tw\/2025\/08\/\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08apt\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\/","og_site_name":"Version 2","article_published_time":"2025-08-21T04:15:52+00:00","article_modified_time":"2025-08-21T04:19:44+00:00","og_image":[{"width":1768,"height":956,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2025\/06\/post-img-graylog.jpg","type":"image\/jpeg"}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"tracylamv2","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"1 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105","datePublished":"2025-08-21T04:15:52+00:00","dateModified":"2025-08-21T04:19:44+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/zh\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/"},"wordCount":55,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#primaryimage"},"thumbnailUrl":"https:\/\/version-2.com\/wp-content\/uploads\/2025\/06\/post-img-graylog.jpg","keywords":["2025","Graylog","home-page"],"articleSection":["Graylog","2025","Press Release"],"inLanguage":"zh-HK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/zh\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/","url":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/","name":"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105 - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#primaryimage"},"image":{"@id":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#primaryimage"},"thumbnailUrl":"https:\/\/version-2.com\/wp-content\/uploads\/2025\/06\/post-img-graylog.jpg","datePublished":"2025-08-21T04:15:52+00:00","dateModified":"2025-08-21T04:19:44+00:00","breadcrumb":{"@id":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#primaryimage","url":"https:\/\/version-2.com\/wp-content\/uploads\/2025\/06\/post-img-graylog.jpg","contentUrl":"https:\/\/version-2.com\/wp-content\/uploads\/2025\/06\/post-img-graylog.jpg","width":1768,"height":956},{"@type":"BreadcrumbList","@id":"https:\/\/version-2.com.tw\/2025\/08\/%e9%80%b2%e9%9a%8e%e6%8c%81%e7%ba%8c%e6%80%a7%e5%a8%81%e8%84%85%ef%bc%88apt%ef%bc%89%ef%bc%9a%e6%bd%9b%e4%bc%8f%e5%9c%a8%e6%82%a8%e7%b6%b2%e7%b5%a1%e4%b8%ad%e7%9a%84%e7%84%a1%e8%81%b2%e5%a8%81\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"\u9032\u968e\u6301\u7e8c\u6027\u5a01\u8105\uff08APT\uff09\uff1a\u6f5b\u4f0f\u5728\u60a8\u7db2\u7d61\u4e2d\u7684\u7121\u8072\u5a01\u8105"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/zh\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"https:\/\/version-2.com\/wp-content\/uploads\/2025\/06\/post-img-graylog.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-vdQ","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/120022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=120022"}],"version-history":[{"count":10,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/120022\/revisions"}],"predecessor-version":[{"id":120032,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/120022\/revisions\/120032"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=120022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=120022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=120022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}