更新時間:2026/06/02 15:36:51
發佈時間:2026/06/02 15:36:50
TLP:
(White)
得對外公開散布,但不得違反著作權法等相關規定
更新說明:
一、漏洞說明[1][2]
DAEMON Tools Lite存在一項嵌入惡意程式碼漏洞(CVE-2026-8398,CWE-506)。2026年4月8日至5月5日期間,發布於daemon-tools.cc的DAEMON Tools Lite安裝套件曾遭植入惡意內容。攻擊者未經授權存取AVB Disc Soft建置或發布基礎設施,並於DTHelper.exe、DiscSoftBusServiceLite.exe及DTShellHlp.exe執行檔植入惡意程式碼。該些檔案被簽署合法AVB Disc Soft程式碼簽章,可使惡意安裝套件偽裝為可信任檔案並繞過以簽章為基礎的偵測機制。
二、已揭露攻擊活動說明
1. CISA已納入漏洞利用清單。[3]
三、F-ISAC彙整Kaspersky所提供入侵威脅指標如附檔。[4]
▶ 漏洞資訊
⌵
名稱:
CVE-2026-8398
描述:
使用版本:CVSS 3.1
分析分數:9.8
參考來源:Kaspersky Labs
▶ 影響平台
⌵
影響平台-系統:
1. DAEMON Tools Lite Windows版本12.5.0.2421至12.5.0.2434受影響,建議升級至12.6.0.2445或以上版本。
▶ 建議措施
⌵
1. 官方已發布修補程式,建議會員依據單位內漏洞管理機制進行相關作業。
2. 若曾安裝受影響版本DAEMON Tools Lite之設備,建議檢查是否存在異常資安行為,並依單位機制進行處理。
3. 建議會員可透過單位內設備觀察是否曾有對這些(可疑)IP、網域之連線紀錄,進行分析及風險評估(建議確認連線請求者是否為正常或合法的連線),並依照既有防護設備採取對應防護措施。建議會員可定期檢視入侵威脅指標之觸發情形,如長時間未觸發,則可評估移除或調整處理方式(例如由封鎖轉為監控)。另可依自身需求及不同類型入侵威脅指標之時效性差異評估檢視頻率,例如IP位址、網域名稱、URL及E-mail等通常變動較快,可每1至3個月重新檢視一次;而檔案雜湊值(Hash)等檔案特徵型指標相對穩定,通常不易因時間經過而改變其惡意特性,故可適度延長保留期限。
▶ IoC資料欄位
⌵
| 類別 | 內容 |
|---|---|
| DOMAIN | env-check.daemontools.cc |
| HASH(MD5) | 0f62479234aca99ef023dadde1d14bac |
| HASH(MD5) | 13dd6de4a0b298b44637da2f948bd229 |
| HASH(MD5) | 2c00a9ae4d98736d883d0cad6ca289bb |
| HASH(MD5) | 36c697881561026c941ff7594077f564 |
| HASH(MD5) | 3a1553153b4d192dd935c571457f44dd |
| HASH(MD5) | 589f0705c7ed10716d5d4c6a881740cc |
| HASH(MD5) | 5a18c1bcf88bf495c4eaa72aa3f10c4a |
| HASH(MD5) | 6167e8d07c72ded360cb644d803e6c94 |
| HASH(MD5) | 647e91eb563af6e5962d50395e4e2b3c |
| HASH(MD5) | 788cefa34466afd1470573ebbac50d98 |
| HASH(MD5) | 7a9335ed73fab541f5a414ec15e334d5 |
| HASH(MD5) | 8c67ae3b4b8d30d13a8118701134d94e |
| HASH(MD5) | 8fa12ca8e0b75257c16b35e104174188 |
| HASH(MD5) | 9635b50b5a3325ec0ef5f23f0e9cea7c |
| HASH(MD5) | 9bb1cc315675e1a41492ef2d52ac160d |
| HASH(MD5) | 9cbb03932dc71ca41c418d020b10b5ff |
| HASH(MD5) | a7f6308f3c7624a603e2242b19a0a8e7 |
| HASH(MD5) | a920a32eff288e5b48c62d273defeada |
| HASH(MD5) | d2c4c61684c26bee09782227f81b1c16 |
| HASH(MD5) | f209fbca69e9a25c2cdbfbd9c973ba9f |
| HASH(MD5) | f2bd550773af344661689e259ffb97ed |
| HASH(MD5) | fd3602ef891dc6d53e42c310fa268826 |
| HASH(SHA1) | 00e2df8f42d14072e4385e500d4669ec783aa517 |
| HASH(SHA1) | 0456e2f5f56ec8ed16078941248e7cbba9f1c8eb |
| HASH(SHA1) | 0c1d3da9c7a651ba40b40e12d48ebd32b3f31820 |
| HASH(SHA1) | 15ed5c3384e12fe4314ad6edbd1dcccf5ac1ee29 |
| HASH(SHA1) | 28b72576d67ae21d9587d782942628ea46dcc870 |
| HASH(SHA1) | 295ce86226b933e7262c2ce4b36bdd6c389aaaef |
| HASH(SHA1) | 2d4eb55b01f59c62c6de9aacba9b47267d398fe4 |
| HASH(SHA1) | 2ecb292d27c36c1d4e47fb5cafa42af7ffbdda99 |
| HASH(SHA1) | 3ee71d75020b2634b2c23866211a0c91b942c8d4 |
| HASH(SHA1) | 427f1728682ebc7ffe3300fef67d0e3cb6b62948 |
| HASH(SHA1) | 46b90bf370e60d61075d3472828fdc0b85ab0492 |
| HASH(SHA1) | 50d47adb6dd45215c7cb4c68bae28b129ca09645 |
| HASH(SHA1) | 524d2d92909eef80c406e87a0fc37d7bb4dadc14 |
| HASH(SHA1) | 6325179f442e5b1a716580cd70dea644ac9ecd18 |
| HASH(SHA1) | 64462f751788f529c1eb09023b26a47792ecdc54 |
| HASH(SHA1) | 8d435918d304fc38d54b104a13f2e33e8e598c82 |
| HASH(SHA1) | 8e7eb0f5ac60dd3b4a9474d2544348c3bda48045 |
| HASH(SHA1) | 98de8147394b74b27158e02ce9e7b0e25eb6e98a |
| HASH(SHA1) | 9a09ad7b7e9ff7a465aa1150541e231189911afb |
| HASH(SHA1) | 9ccd769624de98eeeb12714ff1707ec4f5bf196d |
| HASH(SHA1) | 9dbfc23ebf36b3c0b56d2f93116abb32656c42e4 |
| HASH(SHA1) | a3e90653bd0a81ebe2ae387a67a59bb8d07ce7b5 |
| HASH(SHA1) | aea55e42c4436236278e5692d3dcbcbe5fe6ce0b |
| HASH(SHA1) | bd8fbb5e6842df8683163adbd6a36136164eac58 |
| HASH(SHA256) | 0066ed9b9de2b8e251f7bcf73edcb549218179398cf90124a221958fedce6212 |
| HASH(SHA256) | 0f3c3058661fcc1df9619e0a177d827f2da84864e0084f4ade159972f5048f7b |
| HASH(SHA256) | 11d4e581521d81ab7daa1a490edf34d36cd92c4e44c427272af3122529e2a40c |
| HASH(SHA256) | 12edcaafab7703d0819b1395f45c35e3083dd83fb8b128292cb11033453fb6e8 |
| HASH(SHA256) | 3212ea730397c6f5b11faffc1d05c243cb962ca487de17179ad4aedc4a10ae92 |
| HASH(SHA256) | 395ec7acd475a8acd358adc75c4615cf41737aed8a96c4f2dd792c8a6af4140c |
| HASH(SHA256) | 3a3e1af41c6706bcb5d9fbf9039cba96277286bd462641e3de262538ee4bd666 |
| HASH(SHA256) | 3ecf78b53704422cc4c00db624b0535f36835c985d1e0b8c3d0f3d846eae1a3a |
| HASH(SHA256) | 44a79c7f38b31cacfa6e46d2ece79245d2434d00f2f33eb7de161c899342d9f5 |
| HASH(SHA256) | 60e623bb18867240a7db2b292e7ec6b4c3efbd4671080b7108bdb6cb1da7843c |
| HASH(SHA256) | 626ba9c1913f775f45f5be6c8bc0e579d551ded4ec97fde1ef78662f2659929e |
| HASH(SHA256) | 66c40c2b3b67027d55d678b77d858861b03a0d541499a7f1dff059ca6c874458 |
| HASH(SHA256) | 70fb6c312529dcea7e7b2cd8fba198b5cae9fa8e3e4fe4da9f4d19997e24a00b |
| HASH(SHA256) | 756d1dd5c2afb86906ed09ed8b883278f73b37538995ceb6987c65097042e6b4 |
| HASH(SHA256) | 97dd013d448631be7e8059c3367a30bbc0d4712907e684bb2e2c0ab2de84cb0c |
| HASH(SHA256) | 9afc75e8477dbef6a38d81b0854e0789a4e5cd4439587d062250fc5aef69ca15 |
| HASH(SHA256) | a916e56121212613d17932e124b68752c9312e73bde8f2351054bd64394257df |
| HASH(SHA256) | d2a5c9cbb73849cc0667987c33a9bf3822718e1528faef005f1628de3348ffb0 |
| HASH(SHA256) | da1a51b7022d8e726de981fcdb364096e90a8134dd380f9d76c4c20fea701836 |
| HASH(SHA256) | e22024a58de56b3655d6be7e3b21703325a57e0dd920bd9611588f5e33bb5132 |
| HASH(SHA256) | e91cc605691d215fa6c7f854e5ed99d8e5edc1da2f2da37e568a381f235e9a15 |
| HASH(SHA256) | f8599bec9a6e86aab534f6282e8b812d4997ecdf2f6064a4c0326c5e7771eb42 |
| IPv4 | 38.180.107.76 |
▶ 參考資訊
⌵
| 編號 | 網址 | 說明 |
|---|---|---|
| 1 | https://nvd.nist.gov/vuln/detail/CVE-2026-8398 | NVD |
| 2 | https://blog.daemon-tools.cc/chn/post/security-incident | DAEMON Tools |
| 3 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | CISA |
| 4 | https://securelist.com/tr/daemon-tools-backdoor/119654/ | Kaspersky(入侵威脅指標) |
情資編號:
FISAC-200-202606-0005
系統目錄:
資安漏洞
資安類別:
漏洞公告 /
影響等級:
3
關鍵字:
弱點漏洞