{"id":288197,"date":"2022-06-15T16:41:24","date_gmt":"2022-06-15T15:41:24","guid":{"rendered":"https:\/\/www.stormshield.com\/?p=288197"},"modified":"2024-04-08T13:56:34","modified_gmt":"2024-04-08T12:56:34","slug":"alerte-securite-windealer-la-reponse-des-solutions-stormshield","status":"publish","type":"post","link":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/","title":{"rendered":"Alerte s\u00e9curit\u00e9 WinDealer : la r\u00e9ponse des solutions Stormshield"},"content":{"rendered":"

Le groupe chinois LuoYu \u00e0 l\u2019origine du malware WinDealer refait parler de lui dans l\u2019actualit\u00e9 r\u00e9cente. Actif depuis 2008, ce groupe cible les entit\u00e9s diplomatiques \u00e9trang\u00e8res op\u00e9rant sur le sol chinois. Le point sur la menace, avec l\u2019\u00e9quipe Stormshield Customer Security Lab.<\/strong><\/p>\n

 <\/p>\n

Le contexte du malware WinDealer<\/h2>\n

L\u2019\u00e9quipe de recherche en cybers\u00e9curit\u00e9 GReAT de la soci\u00e9t\u00e9 Kaspersky a r\u00e9cemment publi\u00e9 un article d\u00e9taillant le mode de fonctionnement du malware WinDealer\u00a0: securelist.com\/windealer-dealing-on-the-side\/105946\/<\/a><\/p>\n

En quelques mots, ce malware a \u00e9t\u00e9 mis au point par un APT chinois du nom de \u00ab\u00a0LuoYu\u00a0\u00bb depuis 2014 et a pour objectif d\u2019espionner certaines conversations de leurs victimes. Il collecte des informations sur les habitants de Chine et les expatri\u00e9s chinois pour identifier les \u00ab\u00a0dissidents\u00a0\u00bb.<\/p>\n

Dans sa derni\u00e8re \u00e9volution, le malware cible encore plus large et s\u2019ouvre \u00e0 d\u2019autres pays comme la Russie, les \u00c9tats-Unis, l\u2019Australie, l\u2019Allemagne ou le Japon.<\/p>\n

Ce logiciel malveillant a la capacit\u00e9 d\u2019interagir avec son exploitant via un m\u00e9canisme de communication atypique, impliquant l\u2019interception de requ\u00eates HTTP et DNS. Cela impliquerait la corruption de routeurs et serveurs DNS externes \u00e0 l\u2019entreprise mais sur le chemin des flux r\u00e9seau de navigation Internet.<\/p>\n

Un principe qui permet \u00e0 la fois de distribuer le malware en r\u00e9ponse \u00e0 des logiciels l\u00e9gitimes qui demandent une mise \u00e0 jour via des canaux HTTP non chiffr\u00e9s, mais aussi de faire remonter les informations au serveur C2 sans expliciter l\u2019adresse de ce dernier.<\/p>\n

 <\/p>\n

Les d\u00e9tails techniques du malware WinDealer<\/h2>\n

Technique de livraison de la charge malveillante<\/h3>\n

Dans l\u2019hypoth\u00e8se de requ\u00eates HTTP intercept\u00e9es \u00ab\u00a0sur le chemin du flux\u00a0\u00bb, le malware peut \u00eatre distribu\u00e9 via usurpation de r\u00e9ponses \u00e0 une requ\u00eate HTTP effectu\u00e9e par le client qui navigue sur un site totalement l\u00e9gitime et non compromis. Ce m\u00e9canisme trompe l\u2019utilisateur pour l\u2019inciter \u00e0 ex\u00e9cuter la pi\u00e8ce t\u00e9l\u00e9charg\u00e9e<\/p>\n

Au niveau de l\u2019interception du trafic, la d\u00e9cision d\u2019envoyer ou non le malware en r\u00e9ponse \u00e0 une requ\u00eate l\u00e9gitime se fait en fonction de l\u2019adresse IP de l\u2019\u00e9metteur (ce qui permet de cibler les victimes) et d\u2019autres param\u00e8tres inconnus.<\/p>\n

Le fichier se trouve pr\u00e9sent\u00e9 \u00e0 l\u2019utilisateur avec une ic\u00f4ne emprunt\u00e9e au navigateur Google Chrome. Certaines fois, le malware emprunte un nom qui rappelle les programmes officiels constituant Microsoft Windows\u00a0: RuntimeBroker.exe<\/em><\/p>\n

\"\"<\/p>\n

Le point innovant du malware est sans contestation sa communication avec son serveur de contr\u00f4le.<\/p>\n

Communication avec le serveur de contr\u00f4le<\/h3>\n

La communication entre le malware et le serveur de contr\u00f4le repose principalement sur l\u2019implantation, sur le chemin des flux r\u00e9seau, d\u2019un agent capable d\u2019intercepter les requ\u00eates DNS.<\/p>\n

En effet, le malware dispose d\u2019un m\u00e9canisme ing\u00e9nieux permettant de communiquer avec son C2 sans jamais exposer la moindre adresse IP.<\/p>\n

Il n\u2019y a pas de magie. Pour envoyer des informations \u00e0 son C2, le malware initie des communications r\u00e9seau \u00e0 destination d\u2019adresses IP al\u00e9atoires ou \u00e0 destination de noms de domaines inexistants\u00a0:<\/p>\n

    \n
  • 62.0.0\/15 (AS4134, CHINANET XIZANG PROVINCE NETWORK)<\/li>\n
  • 120.0.0\/14 (AS4134, CHINANET GUIZHOU PROVINCE NETWORK)<\/li>\n
  • www.microsoftcom (notez l\u2019absence de TLD)<\/li>\n<\/ul>\n

    \u00c9videmment, le serveur C2 ne se trouve pas directement derri\u00e8re toutes ces adresses IP. De m\u00eame, le nom de domaine est invalide pour un serveur DNS non corrompu. La difficult\u00e9 est alors d\u2019arriver \u00e0 joindre le serveur C2 \u00e0 partir de ces mauvaises adresses.<\/p>\n

    Cependant, en fonction des propri\u00e9t\u00e9s et contenus des paquets r\u00e9seau \u00e9mis vers ces destinations, l\u2019agent sur le chemin du flux peut les identifier et les rediriger le v\u00e9ritable serveur de contr\u00f4le.<\/p>\n

    De cette mani\u00e8re, il est possible de communiquer avec le C2 sans jamais exposer aux victimes l\u2019adresse du serveur. Les actuels services l\u00e9gitimes h\u00e9berg\u00e9s derri\u00e8re ces destinations restent toujours fonctionnels et disponibles pour le reste du monde. De plus, aucune corruption desdits services n\u2019est requise du point de vue de l\u2019attaquant.<\/p>\n

    Analyse comportementale face \u00e0 SES Evolution<\/h3>\n

    Plusieurs samples de ce malware ont \u00e9t\u00e9 r\u00e9cup\u00e9r\u00e9s et soumis \u00e0 SES Evolution 2.2.2 en utilisant leur nom tels qu\u2019ils ont \u00e9t\u00e9 rencontr\u00e9s dans la nature. Sur les 10 souches test\u00e9es, une a rencontr\u00e9 un plantage (interception par WerFault.exe) et 9 ont \u00e9t\u00e9 bloqu\u00e9es par la d\u00e9tection de menace \u00ab\u00a0Execution Flow Hijack\u00a0\u00bb\u00a0:<\/p>\n

    \"\"

    Figure 1 : log de blocage produit par SES Evolution<\/em><\/small><\/p><\/div>\n

    Ce cas se manifeste lorsque des programmes essayent d\u2019ex\u00e9cuter des traitements complexes n\u00e9cessitant des appels syst\u00e8me mais depuis des portions de shellcode.<\/p>\n

    Dans le d\u00e9tail, les \u00e9chantillons de WinDealer en notre possession ont \u00e9t\u00e9 bloqu\u00e9s alors qu\u2019ils appelaient discr\u00e8tement la fonction \u00ab\u00a0GetProcAddress\u00a0\u00bb (qui a pour r\u00f4le de retourner l\u2019adresse m\u00e9moire d\u2019une fonction \u00e0 partir d\u2019un nom fourni en entr\u00e9e, \u00ab\u00a0LoadLibraryA\u00a0\u00bb et \u00ab\u00a0HeapAlloc\u00a0\u00bb dans le cas des samples \u00e9tudi\u00e9s). Cette action compl\u00e9mentaire est une n\u00e9cessit\u00e9 au bon d\u00e9roulement des shellcodes puisqu\u2019ils ne b\u00e9n\u00e9ficient pas de ce travail pr\u00e9paratoire r\u00e9alis\u00e9 automatiquement par le PE-Loader de Windows sur les fichiers EXE et DLL normaux.<\/p>\n

    Le blocage est produit imm\u00e9diatement apr\u00e8s le d\u00e9marrage du malware puisque ce dernier commence par cette tentative d\u2019\u00e9vasion de d\u00e9fense.<\/p>\n

     <\/p>\n

    Les moyens de protection fournis par Stormshield<\/h2>\n

    Stormshield Network Security<\/h3>\n

    Une signature IPS sp\u00e9cifique permettant de d\u00e9tecter la communication du malware avec son C2 a \u00e9t\u00e9 publi\u00e9e. Elle porte l\u2019intitul\u00e9 suivant\u00a0:<\/p>\n

      \n
    • udp:client:port.15<\/strong> \u2013 Activit\u00e9 du malware WinDealer<\/li>\n<\/ul>\n\n\n\n
      \"\"<\/p>\n

      Indice de confiance de la protection propos\u00e9e par Stormshield<\/em><\/td>\n

      		\n

      \"\"<\/p>\n

      Indice de confiance de l\u2019absence de faux positif<\/em><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      Stormshield Endpoint Security Evolution<\/h3>\n

      Comme pr\u00e9cis\u00e9 pr\u00e9c\u00e9demment, SES Evolution est capable de d\u00e9tecter et bloquer le malware WinDealer lors de son ex\u00e9cution gr\u00e2ce \u00e0 la protection contre la menace \u00ab\u00a0Execution Flow Hijack\u00a0\u00bb.<\/p>\n

      Cette protection existant depuis SES Evolution 2.0 (\u00e9t\u00e9 2020), toutes les versions du produit \u00e9quip\u00e9es des politiques de s\u00e9curit\u00e9 (toutes versions) fournies avec le produit r\u00e9pondent d\u00e9j\u00e0 \u00e0 la menace. Le processus du malware est tu\u00e9 avant d\u2019avoir pu entamer la moindre action malveillante.<\/p>\n

      Aucune action n\u2019est n\u00e9cessaire si les politiques Stormshield sont en application.<\/p>\n\n\n\n
      \"\"<\/p>\n

      Indice de confiance de la protection propos\u00e9e par Stormshield<\/em><\/td>\n

      		\n

      \"\"<\/p>\n

      Indice de confiance de l\u2019absence de faux positif<\/em><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      Stormshield Endpoint Security 7.2<\/h3>\n

      Le produit SES 7.2 est capable de d\u00e9tecter et bloquer le malware WinDealer lors de son ex\u00e9cution gr\u00e2ce \u00e0 la protection HoneyPot (HPP). Avec cette protection, le processus du malware est tu\u00e9 avant d\u2019avoir pu entamer la moindre action malveillante.<\/p>\n

      Il est donc n\u00e9cessaire d\u2019activer cette protection si ce n\u2019est pas d\u00e9j\u00e0 le cas.<\/p>\n\n\n\n
      \"\"<\/p>\n

      Indice de confiance de la protection propos\u00e9e par Stormshield<\/em><\/td>\n

      		\n

      \"\"<\/p>\n

      Indice de confiance de l\u2019absence de faux positif<\/em><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

       <\/p>\n

      IOC \/ Infos utiles<\/h2>\n

      R\u00e9f\u00e9rences des \u00e9chantillons \u00e9tudi\u00e9s pour cette analyse.<\/p>\n

      SHA-256 :<\/p>\n

        \n
      • db034aeb3c72b75d955c02458ba2991c99033ada444ebed4e2a1ed4c9326c400<\/li>\n
      • 25cbfb26265889754ccc5598bf5f21885e50792ca0686e3ff3029b7dc4452f4d<\/li>\n
      • 1e9fc7f32bd5522dd0222932eb9f1d8bd0a2e132c7b46cfcc622ad97831e6128<\/li>\n
      • ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4<\/li>\n
      • ecd001aeb6bcbafb3e2fda74d76eea3c0ddad4e6e7ff1f43cd7709d4b4580261<\/li>\n
      • 318c431c56252f9421c755c281db7bd99dc1efa28c44a8d6db4708289725c318<\/li>\n
      • 28df5c75a2f78120ff96d4a72a3c23cee97c9b46c96410cf591af38cb4aed0fa<\/li>\n
      • 4a9b37ca2f90bfa90b0b8db8cc80fe01d154ba88e3bc25b00a7f8ff6c509a76f<\/li>\n
      • 08530e8280a93b8a1d51c20647e6be73795ef161e3b16e22e5e23d88ead4e226<\/li>\n
      • b9f526eea625eec1ddab25a0fc9bd847f37c9189750499c446471b7a52204d5a<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

        Le groupe chinois LuoYu \u00e0 l\u2019origine du malware WinDealer refait parler de lui dans l\u2019actualit\u00e9 r\u00e9cente. Actif depuis 2008, ce groupe cible les entit\u00e9s diplomatiques \u00e9trang\u00e8res op\u00e9rant sur le sol chinois. Le point sur la menace, avec l\u2019\u00e9quipe Stormshield Customer Security Lab.   Le contexte…<\/p>\n","protected":false},"author":83,"featured_media":190179,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1503],"tags":[4368],"business_size":[],"industry":[],"help_mefind":[],"features":[],"type_security":[],"maintenance":[],"offer":[],"administration_tools":[],"cloud_offers":[],"listing_product":[1565,1530],"class_list":["post-288197","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-alertes","tag-la-cybersecurite-par-stormshield","listing_product-ses-fr","listing_product-sns-fr"],"acf":[],"yoast_head":"\nMalware WinDealer : protections avec les produits Stormshield<\/title>\n<meta name=\"description\" content=\"Malware WinDealer & APT LuoYu : comment se prot\u00e9ger avec les produits Stormshield SNS et SES face \u00e0 ce malware ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malware WinDealer : protections avec les produits Stormshield\" \/>\n<meta property=\"og:description\" content=\"Malware WinDealer & APT LuoYu : comment se prot\u00e9ger avec les produits Stormshield SNS et SES face \u00e0 ce malware ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/\" \/>\n<meta property=\"og:site_name\" content=\"Stormshield\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-15T15:41:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-08T12:56:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1422\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stormshield Customer Security Lab\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:site\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stormshield Customer Security Lab\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/\"},\"author\":{\"name\":\"Stormshield Customer Security Lab\",\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/#\\\/schema\\\/person\\\/a05f467cec789f90c8a355b178743249\"},\"headline\":\"Alerte s\u00e9curit\u00e9 WinDealer : la r\u00e9ponse des solutions Stormshield\",\"datePublished\":\"2022-06-15T15:41:24+00:00\",\"dateModified\":\"2024-04-08T12:56:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/\"},\"wordCount\":1358,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.stormshield.com\\\/wp-content\\\/uploads\\\/shutterstock_1534485395-scaled.jpg\",\"keywords\":[\"La cybers\u00e9curit\u00e9 - par Stormshield\"],\"articleSection\":[\"Alertes\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/\",\"url\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/\",\"name\":\"Malware WinDealer : protections avec les produits Stormshield\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.stormshield.com\\\/wp-content\\\/uploads\\\/shutterstock_1534485395-scaled.jpg\",\"datePublished\":\"2022-06-15T15:41:24+00:00\",\"dateModified\":\"2024-04-08T12:56:34+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/#\\\/schema\\\/person\\\/a05f467cec789f90c8a355b178743249\"},\"description\":\"Malware WinDealer & APT LuoYu : comment se prot\u00e9ger avec les produits Stormshield SNS et SES face \u00e0 ce malware ?\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.stormshield.com\\\/wp-content\\\/uploads\\\/shutterstock_1534485395-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/www.stormshield.com\\\/wp-content\\\/uploads\\\/shutterstock_1534485395-scaled.jpg\",\"width\":2560,\"height\":1422},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/actus\\\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Alerte s\u00e9curit\u00e9 WinDealer : la r\u00e9ponse des solutions Stormshield\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/#website\",\"url\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/\",\"name\":\"Stormshield\",\"description\":\"Stormshield\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.stormshield.com\\\/fr\\\/#\\\/schema\\\/person\\\/a05f467cec789f90c8a355b178743249\",\"name\":\"Stormshield Customer Security Lab\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"caption\":\"Stormshield Customer Security Lab\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware WinDealer : protections avec les produits Stormshield","description":"Malware WinDealer & APT LuoYu : comment se prot\u00e9ger avec les produits Stormshield SNS et SES face \u00e0 ce malware ?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/","og_locale":"fr_FR","og_type":"article","og_title":"Malware WinDealer : protections avec les produits Stormshield","og_description":"Malware WinDealer & APT LuoYu : comment se prot\u00e9ger avec les produits Stormshield SNS et SES face \u00e0 ce malware ?","og_url":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/","og_site_name":"Stormshield","article_published_time":"2022-06-15T15:41:24+00:00","article_modified_time":"2024-04-08T12:56:34+00:00","og_image":[{"width":2560,"height":1422,"url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","type":"image\/jpeg"}],"author":"Stormshield Customer Security Lab","twitter_card":"summary_large_image","twitter_creator":"@Stormshield","twitter_site":"@Stormshield","twitter_misc":{"\u00c9crit par":"Stormshield Customer Security Lab","Dur\u00e9e de lecture estim\u00e9e":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/#article","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/"},"author":{"name":"Stormshield Customer Security Lab","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"headline":"Alerte s\u00e9curit\u00e9 WinDealer : la r\u00e9ponse des solutions Stormshield","datePublished":"2022-06-15T15:41:24+00:00","dateModified":"2024-04-08T12:56:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/"},"wordCount":1358,"commentCount":0,"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","keywords":["La cybers\u00e9curit\u00e9 - par Stormshield"],"articleSection":["Alertes"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/","url":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/","name":"Malware WinDealer : protections avec les produits Stormshield","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/#primaryimage"},"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","datePublished":"2022-06-15T15:41:24+00:00","dateModified":"2024-04-08T12:56:34+00:00","author":{"@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"description":"Malware WinDealer & APT LuoYu : comment se prot\u00e9ger avec les produits Stormshield SNS et SES face \u00e0 ce malware ?","breadcrumb":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/#primaryimage","url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","contentUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","width":2560,"height":1422},{"@type":"BreadcrumbList","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-windealer-la-reponse-des-solutions-stormshield\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stormshield.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Alerte s\u00e9curit\u00e9 WinDealer : la r\u00e9ponse des solutions Stormshield"}]},{"@type":"WebSite","@id":"https:\/\/www.stormshield.com\/fr\/#website","url":"https:\/\/www.stormshield.com\/fr\/","name":"Stormshield","description":"Stormshield","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stormshield.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249","name":"Stormshield Customer Security Lab","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","caption":"Stormshield Customer Security Lab"}}]}},"_links":{"self":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/288197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/comments?post=288197"}],"version-history":[{"count":6,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/288197\/revisions"}],"predecessor-version":[{"id":510842,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/288197\/revisions\/510842"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media\/190179"}],"wp:attachment":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media?parent=288197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/categories?post=288197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/tags?post=288197"},{"taxonomy":"business_size","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/business_size?post=288197"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/industry?post=288197"},{"taxonomy":"help_mefind","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/help_mefind?post=288197"},{"taxonomy":"features","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/features?post=288197"},{"taxonomy":"type_security","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/type_security?post=288197"},{"taxonomy":"maintenance","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/maintenance?post=288197"},{"taxonomy":"offer","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/offer?post=288197"},{"taxonomy":"administration_tools","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/administration_tools?post=288197"},{"taxonomy":"cloud_offers","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/cloud_offers?post=288197"},{"taxonomy":"listing_product","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/listing_product?post=288197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}