{"id":1228,"date":"2014-01-07T06:18:13","date_gmt":"2014-01-07T06:18:13","guid":{"rendered":"http:\/\/me.kaspersky.com\/blog\/?p=1228"},"modified":"2017-09-27T13:11:15","modified_gmt":"2017-09-27T09:11:15","slug":"%d8%a7%d9%84%d9%87%d8%ac%d9%88%d9%85-%d8%b9%d9%84%d9%89-%d8%a7%d9%84%d8%ab%d8%ba%d8%b1%d8%a9-cve-2013-3906","status":"publish","type":"post","link":"https:\/\/me.kaspersky.com\/blog\/%d8%a7%d9%84%d9%87%d8%ac%d9%88%d9%85-%d8%b9%d9%84%d9%89-%d8%a7%d9%84%d8%ab%d8%ba%d8%b1%d8%a9-cve-2013-3906\/1228\/","title":{"rendered":"\u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0644\u0649 \u0627\u0644\u062b\u063a\u0631\u0629 CVE \u2013 2013 \u2013 3906"},"content":{"rendered":"<p dir=\"RTL\">\u0645\u0646\u0630 \u064a\u0648\u0645\u064a\u0646\u060c \u0630\u0643\u0631\u062a FireEye \u0641\u064a \u062a\u0642\u0631\u064a\u0631\u0647\u0627\u060c \u0623\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062d\u062f\u064a\u062b\u0629 CVE-2013-3906 \u0628\u062f\u0623\u062a \u0628\u0627\u0644\u0641\u0639\u0644\u061b \u062d\u064a\u062b \u062a\u0645 \u062a\u0648\u062c\u064a\u0647\u0647\u0627 \u0645\u0646 \u0642\u0650\u0628\u064e\u0644 \u0639\u0646\u0627\u0635\u0631 \u062c\u062f\u064a\u062f\u0629 \u0645\u064f\u0647\u064e\u062f\u0651\u0650\u062f\u064e\u0629 \u063a\u064a\u0631 \u0627\u0644\u0639\u0646\u0627\u0635\u0631 \u0627\u0644\u0623\u0635\u0644\u064a\u0629. \u0648\u062a\u062a\u0634\u0627\u0628\u0647 \u0627\u0644\u0648\u062b\u0627\u0626\u0642 \u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0627\u0644\u062c\u062f\u064a\u062f\u0629 \u0645\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646\u0647\u0627 \u0641\u064a \u0648\u0642\u062a\u064d \u0633\u0627\u0628\u0642\u060c \u0625\u0644\u0627 \u0623\u0646 \u0647\u0630\u0647 \u0627\u0644\u0648\u062b\u0627\u0626\u0642 \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0645\u0631\u0629 \u062a\u062d\u0645\u0644 \u062d\u0645\u0648\u0644\u0629\u064b \u0645\u062e\u062a\u0644\u0641\u0629. \u0647\u0630\u0647 \u0627\u0644\u0645\u0631\u0629\u060c \u064a\u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0648\u062a\u0648\u062c\u064a\u0647 \u062a\u0644\u0643 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u064a\u0629\u061b \u0645\u0646 \u0623\u062c\u0644 \u0627\u0644\u062a\u0648\u0635\u064a\u0644 \u0627\u0644\u062e\u0641\u064a \u0648\u0627\u0644\u0633\u0631\u064a \u0644\u0628\u0631\u0627\u0645\u062c Taidoor \u0648PlugX\u060c \u0648\u0630\u0644\u0643 \u0637\u0628\u0642\u064b\u0627 \u0644\u0645\u0627 \u0630\u0643\u0631\u062a\u0647 FireEye.<\/p>\n<p dir=\"RTL\">\u0648\u0641\u064a \u0643\u0627\u0633\u0628\u0631\u0633\u0643\u064a \u0644\u0627\u0628\u060c \u0627\u0643\u062a\u0634\u0641\u0646\u0627 \u0623\u064a\u0636\u064b\u0627 \u0648\u062c\u0648\u062f \u0645\u062c\u0645\u0648\u0639\u0629 \u0639\u0646\u0627\u0635\u0631APT (\u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0627\u0644\u0645\u062a\u0637\u0648\u0631) \u0623\u062e\u0631\u0649\u060c \u0643\u0627\u0646\u062a \u0642\u062f \u0628\u062f\u0623\u062a \u0644\u0644\u062a\u0648\u0651 \u0641\u064a \u0646\u0634\u0631 \u0648\u062b\u0627\u0626\u0642 \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0648\u0648\u0631\u062f \u062e\u0628\u064a\u062b\u0629\u060c \u062a\u0633\u062a\u0647\u062f\u0641 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2013-3906. \u0647\u0630\u0647 \u0627\u0644\u0639\u0646\u0627\u0635\u0631 APT (\u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0627\u0644\u0645\u062a\u0637\u0648\u0631)\u060c \u0647\u064a \u0645\u062c\u0645\u0648\u0639\u0629 Winnti \u0627\u0644\u062a\u064a \u0648\u0635\u0641\u0646\u0627\u0647\u0627 \u0628\u0627\u0644\u062a\u0641\u0635\u064a\u0644 \u0647\u0646\u0627. \u0648\u0642\u062f \u0642\u0627\u0645\u062a \u0647\u0630\u0647 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629 \u0628\u0625\u0631\u0633\u0627\u0644 \u0631\u0633\u0627\u0626\u0644 \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u0629 \u062a\u0635\u064a\u0651\u064f\u062f\u064a\u0629 \u0645\u0648\u062c\u0651\u064e\u0647\u0629\u060c \u0645\u0631\u0641\u0642 \u0645\u0639\u0647\u0627 \u0648\u062b\u064a\u0642\u0629 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0647\u062c\u0645\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u064a\u0629\u060c \u0648\u0643\u0627\u0644\u0639\u0627\u062f\u0629\u060c \u0643\u0627\u0646 \u0645\u0631\u062a\u0643\u0628\u0648 \u0627\u0644\u062c\u0631\u064a\u0645\u0629 Winnti \u064a\u062d\u0627\u0648\u0644\u0648\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0647\u0630\u0627 \u0627\u0644\u0623\u0633\u0644\u0648\u0628 \u0644\u062a\u0648\u0635\u064a\u0644 \u0627\u0644\u0645\u0631\u062d\u0644\u0629 \u0627\u0644\u0623\u0648\u0644\u0649 \u0645\u0646 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u062e\u0628\u064a\u062b \u2013PlugX.<\/p>\n<p dir=\"RTL\">\u0644\u0642\u062f \u0623\u0635\u0628\u062d\u0646\u0627 \u0639\u0644\u0649 \u0639\u0644\u0645\u064d \u0628\u0647\u062c\u0648\u0645\u064d \u0645\u0648\u062c\u0651\u064e\u0647\u064d \u0636\u062f \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0623\u0644\u0639\u0627\u0628 \u0627\u0644\u0642\u0645\u0627\u0631\u060c \u0627\u0644\u062a\u064a \u062a\u062a\u0639\u0631\u0651\u064e\u0636 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631 \u0644\u0647\u062c\u0645\u0627\u062a \u0645\u0646 \u0642\u0650\u0628\u064e\u0644 \u0645\u062c\u0645\u0648\u0639\u0629 Winnti. \u0648\u062a\u064f\u0638\u0647\u0650\u0631 \u0648\u062b\u064a\u0642\u0629 \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0648\u0648\u0631\u062f \u0627\u0644\u0645\u062d\u062a\u0648\u064a\u0629 \u0639\u0644\u0649 \u0627\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u064a \u0646\u0641\u0633 TIFF (\u0635\u064a\u063a\u0629 \u0645\u0644\u0641 \u0627\u0644\u0635\u0648\u0631 \u0627\u0644\u0645\u0648\u0633\u0648\u0645\u0629) &#8220;\u0627\u0644\u0635\u0648\u0631\u0629&#8221; \u20137dd89c99ed7cec0ebc4afa8cd010f1f1- \u0627\u0644\u062a\u064a \u062a\u064f\u0641\u064e\u0639\u0651\u0650\u0644 \u0648\u062a\u064f\u0634\u064e\u063a\u0651\u0650\u0644 \u0639\u0645\u0644\u064a\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u060c \u0643\u0645\u0627 \u0647\u0648 \u0627\u0644\u062d\u0627\u0644 \u0641\u064a \u0647\u062c\u0645\u0627\u062a \u0635\u062f\u0627\u0639 \u0627\u0644\u0643\u062d\u0648\u0644 (Hangover)\u060c \u0648\u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0646\u0627\u062c\u062d\u0629\u060c \u0641\u0633\u0648\u0641 \u064a\u062a\u0645 \u062a\u062d\u0645\u064a\u0644 Plugx \u0639\u0644\u0649 \u0646\u062d\u0648\u064d \u062e\u0641\u064a \u0648\u0633\u0631\u064a \u0645\u0646 \u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a URL:<\/p>\n<p dir=\"RTL\">hxxp:\/\/<b>211.78.90.113\/music\/cover\/as\/update.exe<\/b>.<\/p>\n<p dir=\"RTL\">\u0648\u0637\u0628\u0642\u064b\u0627 \u0644\u0645\u0627 \u0630\u0643\u0631\u0647 \u0639\u0646\u0648\u0627\u0646 PE (\u0627\u0644\u0645\u062a\u0646\u0642\u0644 \u0627\u0644\u0642\u0627\u0628\u0644 \u0644\u0644\u062a\u0646\u0641\u064a\u0630)\u060c \u0641\u0625\u0646 \u0639\u064a\u0646\u0629 PlugX \u0647\u0630\u0647 \u0643\u0627\u0646\u062a \u0642\u062f \u062a\u0645 \u062a\u062c\u0645\u064a\u0639\u0647\u0627 \u0641\u064a 4 \u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u062b\u0627\u0646\u064a\/ \u0646\u0648\u0641\u0645\u0628\u0631 2013\u060c \u0648\u062a\u064f\u0639\u064e\u062f \u0645\u0643\u062a\u0628\u0629 \u0627\u0644\u0631\u0628\u0637 \u0627\u0644\u062f\u064a\u0646\u0627\u0645\u064a\u0643\u064a \u0627\u0644\u0648\u0638\u064a\u0641\u064a\u0629 \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0644\u0640 PlugX\u060c \u0627\u0644\u062a\u064a \u062a\u0645 \u0641\u0643 \u062a\u0634\u0641\u064a\u0631\u0647\u0627 \u0648\u062a\u062e\u0635\u064a\u0635\u0647\u0627 \u0641\u064a \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0623\u062b\u0646\u0627\u0621 \u062a\u0646\u0641\u064a\u0630 \u0648\u0625\u062c\u0631\u0627\u0621 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0623\u0642\u062f\u0645 \u0642\u0644\u064a\u0644\u0627\u064b\u061b \u062d\u064a\u062b \u062a\u0639\u0648\u062f \u0625\u0644\u0649 \u062a\u0627\u0631\u064a\u062e 30 \u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644\/ \u0623\u0643\u062a\u0648\u0628\u0631 2013.<\/p>\n<p dir=\"RTL\">\u0648\u0641\u064a\u0645\u0627 \u064a\u062e\u0635 \u062a\u0637\u0648\u064a\u0631 \u0627\u0644\u0641\u0631\u0648\u0639\u060c \u062a\u0639\u062a\u0628\u0631 \u0646\u0633\u062e\u0629 PlugX \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u062d\u0645\u064a\u0644\u0647\u0627 \u0645\u062e\u062a\u0644\u0641\u0629 \u0642\u0644\u064a\u0644\u064b\u0627 \u0639\u0646 \u0646\u0633\u062e\u0629 PlugX \u0627\u0644\u062a\u0642\u0644\u064a\u062f\u064a\u0629\u060c \u0625\u0644\u0627 \u0623\u0646\u0647\u0627 \u0645\u0646 \u0646\u0641\u0633 \u0646\u0648\u0639 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0627\u0644\u062a\u064a \u0627\u0643\u062a\u0634\u0641\u062a\u0647\u0627 FireEye\u060c \u0648\u0630\u0644\u0643 \u0639\u0646\u062f\u0645\u0627 \u062a\u0631\u0633\u0644 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u062d\u0650\u0632\u064e\u0645 CnC HTTP POST \u0645\u0639 \u0631\u0624\u0648\u0633\u064d \u0625\u0636\u0627\u0641\u064a\u0629 \u0644\u0627\u0641\u062a\u0629 \u0644\u0644\u0646\u0638\u0631:<\/p>\n<div align=\"center\">\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>\n<p dir=\"RTL\" align=\"center\"><b>\u0639\u064a\u0646\u0629 <\/b><b>FireEye<\/b><\/p>\n<p>POST \/&lt;random [0-9A-F]{24}&gt; HTTP\/1.1<br \/>\nAccept: *\/*<br \/>\nFZLK1: 0<br \/>\nFZLK2: 0<br \/>\nFZLK3: 61456<br \/>\nFZLK4: 1<\/td>\n<td>\n<p dir=\"RTL\" align=\"center\"><b>\u0627\u0644\u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u062e\u062a\u0644\u0641\u0629 \u0644\u0640 <\/b><b>Winnti<\/b><\/p>\n<p>POST \/&lt;random [0-9A-F]{24}&gt; HTTP\/1.1<br \/>\nAccept: *\/*<br \/>\nHHV1: 0<br \/>\nHHV2: 0<br \/>\nHHV3: 61456<br \/>\nHHV4: 1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p dir=\"RTL\">\u064a\u062a\u0635\u0644 Winnti&#8217;sPlugX \u0628\u0646\u0637\u0627\u0642 C2, av4.microsoftsp3.com\u060c \u0648\u064a\u0634\u064a\u0631 \u0647\u0630\u0627 \u0627\u0644\u0646\u0637\u0627\u0642 \u0625\u0644\u0649 \u0639\u0646\u0648\u0627\u0646 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0625\u0646\u062a\u0631\u0646\u062a (IP-address) 163.43.32.4. \u0648\u0643\u0627\u0646\u062a \u0627\u0644\u0646\u0637\u0627\u0642\u0627\u062a \u0627\u0644\u0623\u062e\u0631\u0649 \u0630\u0627\u062a \u0627\u0644\u0635\u0644\u0629 \u0628\u0640 Winnti \u062a\u0634\u064a\u0631 \u0647\u0646\u0627 \u0628\u062f\u0621\u064b\u0627 \u0645\u0646 3 \u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644\/ \u0623\u0643\u062a\u0648\u0628\u0631 2013 \u0625\u0644\u0649:<\/p>\n<div align=\"center\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td><b>ad.msnupdate.bz<\/b><\/td>\n<td><b>ap.msnupdate.bz<\/b><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><b>book.playncs.com<\/b><\/td>\n<td><b>data.msftncsl.com<\/b><\/td>\n<td><b>ns3.oprea.biz<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p dir=\"RTL\">\u0645\u0631\u0629\u064b \u0623\u062e\u0631\u0649\u060c \u0646\u062d\u0646 \u0646\u0634\u0647\u062f \u0627\u0646\u062a\u0634\u0627\u0631\u064b\u0627 \u0633\u0631\u064a\u0639\u064b\u0627 \u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u064f\u0643\u062a\u0634\u064e\u0641\u0629 \u062d\u062f\u064a\u062b\u064b\u0627\u060c \u0648\u0627\u0644\u0645\u064f\u0633\u062a\u064e\u063a\u064e\u0644\u0651\u064e\u0629 \u0645\u0646 \u0642\u0650\u0628\u064e\u0644 \u0639\u0646\u0627\u0635\u0631 APT (\u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0627\u0644\u0645\u062a\u0637\u0648\u0631) \u0627\u0644\u0645\u062e\u062a\u0644\u0641\u0629\u060c \u0648\u0646\u0638\u0631\u064b\u0627 \u0644\u0644\u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0639\u0627\u0644\u064a \u0644\u0644\u0645\u0646\u0627\u0641\u0633\u0629\u060c \u0631\u0623\u064a\u0646\u0627 \u0628\u0627\u0644\u0641\u0639\u0644 \u0643\u064a\u0641 \u062a\u0645\u062a \u0625\u0636\u0627\u0641\u0629 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u064a\u0629 \u0627\u0644\u062c\u062f\u064a\u062f\u0629 \u0628\u0633\u0631\u0639\u0629 \u0625\u0644\u0649 \u0627\u0644\u062d\u0650\u0632\u0645 \u0627\u0644\u0645\u062e\u062a\u0644\u0641\u0629 \u0644\u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u060c \u0639\u0646\u062f\u0645\u0627 \u0634\u0627\u0631\u0643 \u0645\u062c\u0631\u0645\u0648 \u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0623\u0645\u0631.<\/p>\n<p dir=\"RTL\">\u0644\u0645 \u064a\u062a\u0636\u062d \u0628\u0639\u062f \u0643\u064a\u0641 \u0648\u0635\u0644\u062a \u0639\u0646\u0627\u0635\u0631 APT (\u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0627\u0644\u0645\u062a\u0637\u0648\u0631) \u0627\u0644\u062c\u062f\u064a\u062f\u0629 \u0625\u0644\u0649 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2013-3906\u060c \u0631\u0628\u0645\u0627 \u062d\u0635\u0644\u062a \u0639\u0644\u0649 \u0646\u0641\u0633 &#8220;\u0627\u0644\u0645\u064f\u0646\u0634\u0626&#8221; \u0645\u062b\u0644 \u0645\u0647\u0627\u062c\u0645\u064a Hangover\u060c \u0623\u0648 \u062d\u0635\u0644\u062a \u0639\u0644\u0649 \u0639\u064a\u0646\u0627\u062a\u064d \u0642\u0644\u064a\u0644\u0629\u064d \u0645\u0646 \u0648\u062b\u0627\u0626\u0642 \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0648\u0648\u0631\u062f \u0627\u0644\u0645\u064f\u0633\u064e\u0645\u0651\u064e\u0645\u064e\u0629\u060c \u0648\u0627\u0633\u062a\u0637\u0627\u0639\u062a \u0623\u0646 \u062a\u064f\u0643\u064e\u064a\u0651\u0650\u0641\u064f\u0647\u0627 \u0648\u062a\u064f\u0648\u0638\u0641\u0647\u0627 \u0648\u0641\u0642\u064b\u0627 \u0644\u0627\u062d\u062a\u064a\u0627\u062c\u0627\u062a\u0647\u0627 \u0627\u0644\u062e\u0627\u0635\u0629. \u0639\u0644\u0649 \u0623\u064a \u062d\u0627\u0644\u060c \u0646\u0633\u062a\u0637\u064a\u0639 \u0623\u0646 \u0646\u0633\u062a\u0646\u062a\u062c\u060c \u0623\u0646\u0647 \u0645\u062b\u0644\u0645\u0627 \u0643\u0627\u0646 \u0645\u062c\u0631\u0645\u0648 \u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a \u0627\u0644\u0639\u0627\u062f\u064a\u0648\u0646 \u062a\u062d\u062a \u0636\u063a\u0637 \u0627\u0644\u0645\u0646\u0627\u0641\u0633\u0629\u060c \u0641\u0625\u0646 \u0639\u0646\u0627\u0635\u0631 APT (\u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0627\u0644\u0645\u062a\u0637\u0648\u0631) \u0623\u064a\u0636\u064b\u0627 \u0644\u0646 \u062a\u0643\u0648\u0646 \u0631\u0627\u0636\u064a\u0629\u064b \u0639\u0646 \u0646\u0641\u0633\u0647\u0627 \u0648\u0639\u0645\u0627 \u0648\u0635\u0644\u062a \u0625\u0644\u064a\u0647\u060c \u0648\u0644\u0643\u0646\u0647\u0627 \u0633\u0648\u0641 \u062a\u0633\u0639\u0649 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631\u064d \u0625\u0644\u0649 \u062a\u0637\u0648\u064a\u0631 \u0646\u0641\u0633\u0647\u0627\u060c \u0648\u0625\u062a\u0642\u0627\u0646 \u0639\u0645\u0644\u064a\u0627\u062a\u0647\u0627 \u0627\u0644\u064a\u0648\u0645\u064a\u0629\u060c \u0648\u0627\u0644\u0639\u0645\u0644 \u0645\u0639\u064b\u0627 \u0639\u0644\u0649 \u0646\u062d\u0648\u064d \u0623\u0648\u062b\u0642 \u0645\u0646 \u0623\u064a \u0648\u0642\u062a\u064d \u0645\u0636\u0649\u061b \u0645\u0646 \u0623\u062c\u0644 \u0623\u0646 \u062a\u0645\u062b\u0644 \u062a\u0647\u062f\u064a\u062f\u064b\u0627 \u0623\u0643\u062b\u0631 \u062e\u0637\u0648\u0631\u0629.<\/p>\n<p dir=\"RTL\"><b>\u0627\u0644\u0639\u064a\u0646\u0627\u062a \u0627\u0644\u0645\u064f\u0643\u062a\u064e\u0634\u064e\u0641\u064e\u0629<\/b><b><\/b><\/p>\n<p><b>Exploit.MSOffice.CVE-2013-3906.a<\/b><br \/>\nMS Word document: Questionnaire.docx, 63ffbe83dccc954f6a9ee4a2a6a93058<\/p>\n<p><b>Backdoor.Win32.Gulpix.tu<\/b><br \/>\nPlugX backdoor: update.exe, 4dd49174d6bc559105383bdf8bf0e234<\/p>\n<p><b>Backdoor.Win32.Gulpix.tt<\/b><br \/>\nPlugX internal library: 6982f0125b4f28a0add2038edc5f038a<\/p>\n<p>&nbsp;<\/p>\n<p dir=\"RTL\"><b>\u0627\u0644\u062a\u0639\u0644\u064a\u0642\u0627\u062a<\/b><\/p>\n<p dir=\"RTL\">\u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u0631\u063a\u0628 \u0641\u064a \u0627\u0644\u062a\u0639\u0644\u064a\u0642 \u0639\u0644\u0649 \u0647\u0630\u0627 \u0627\u0644\u0645\u0642\u0627\u0644\u060c \u064a\u062c\u0628 \u0639\u0644\u064a\u0643 \u0623\u0648\u0644\u064b\u0627<\/p>\n<p dir=\"RTL\">\u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0645\u0646\u0630 \u064a\u0648\u0645\u064a\u0646\u060c \u0630\u0643\u0631\u062a FireEye \u0641\u064a \u062a\u0642\u0631\u064a\u0631\u0647\u0627\u060c \u0623\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062d\u062f\u064a\u062b\u0629 CVE-2013-3906 \u0628\u062f\u0623\u062a \u0628\u0627\u0644\u0641\u0639\u0644\u061b \u062d\u064a\u062b \u062a\u0645 \u062a\u0648\u062c\u064a\u0647\u0647\u0627 \u0645\u0646 \u0642\u0650\u0628\u064e\u0644 \u0639\u0646\u0627\u0635\u0631 \u062c\u062f\u064a\u062f\u0629 \u0645\u064f\u0647\u064e\u062f\u0651\u0650\u062f\u064e\u0629 \u063a\u064a\u0631 \u0627\u0644\u0639\u0646\u0627\u0635\u0631 \u0627\u0644\u0623\u0635\u0644\u064a\u0629. \u0648\u062a\u062a\u0634\u0627\u0628\u0647 \u0627\u0644\u0648\u062b\u0627\u0626\u0642<\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[748],"tags":[],"class_list":{"0":"post-1228","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-threats"},"hreflang":[{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/%d8%a7%d9%84%d9%87%d8%ac%d9%88%d9%85-%d8%b9%d9%84%d9%89-%d8%a7%d9%84%d8%ab%d8%ba%d8%b1%d8%a9-cve-2013-3906\/1228\/"}],"acf":[],"banners":"","maintag":[],"_links":{"self":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=1228"}],"version-history":[{"count":1,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1228\/revisions"}],"predecessor-version":[{"id":5284,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/1228\/revisions\/5284"}],"wp:attachment":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=1228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=1228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=1228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}