NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 09 April 2025

    Cyber Security News
    1
    1
    629
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Phishing, Fraud, And The Financial Sector’s Crisis Of Trust
        "The financial sector is under growing pressure from advanced phishing attacks and fraud, causing major financial losses and eroding customer trust. While traditional phishing relied on generic emails to steal sensitive data, cybercriminals now use targeted spear-phishing, leveraging personal information for credibility. AI-driven attacks, including deepfake scams, allow fraudsters to impersonate bank executives or customer service representatives, making detection more difficult. Voice phishing (vishing) and SMS phishing (smishing) have also risen, with scammers mimicking bank phone numbers and sending deceptive texts to trick victims into revealing financial details."
        https://www.helpnetsecurity.com/2025/04/08/financial-sector-customer-trust/
      • March 2025 Security Issues In Korean & Global Financial Sector
        "This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. This includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains that target the industry, and statistics on the industries of the Korean accounts leaked on Telegram. A case of phishing email distribution targeting the financial industry is also covered in detail."
        https://asec.ahnlab.com/en/87360/

      Industrial Sector

      • Cyberattacks On Water And Power Utilities Threaten Public Safety
        "62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems. Recent high-profile cyberattacks by nation-state groups on water and electricity utilities underscore the vulnerability of critical infrastructure. A public utility in Littleton, MA, was recently compromised by a group linked to Volt Typhoon, the Chinese state-sponsored threat group. American Water Works — the largest U.S. water and wastewater utility — also detected unauthorized activity in its computer network that disrupted customer service and billing."
        https://www.helpnetsecurity.com/2025/04/08/state-of-critical-infrastructure-resilience/
      • A Brief Overview Of The Main Incidents In Industrial Cybersecurity. Q4 2024
        "In Q4 2024, 107 incidents were publicly confirmed by victims. All of these incidents are included in the table at the end of the overview, with select incidents described in detail."
        https://ics-cert.kaspersky.com/publications/reports/2025/04/08/q4-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/

      Vulnerabilities

      • Fortinet Urges FortiSwitch Upgrades To Patch Critical Admin Password Change Flaw
        "Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request," Fortinet said in an advisory released today."
        https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html
        https://fortiguard.fortinet.com/psirt/FG-IR-24-435
      • Microsoft April 2025 Patch Tuesday Fixes Exploited Zero-Day, 134 Flaws
        "Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday also fixes eleven "Critical" vulnerabilities, all remote code execution vulnerabilities."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-patch-tuesday-fixes-exploited-zero-day-134-flaws/
        https://www.darkreading.com/application-security/microsoft-drops-another-massive-patch-update
        https://www.tripwire.com/state-of-security/april-2025-patch-tuesday-analysis
        https://blog.talosintelligence.com/microsoft-patch-tuesday-april-2025/
        https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/
        https://cyberscoop.com/microsoft-patch-tuesday-april-2025/
        https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/
        https://www.helpnetsecurity.com/2025/04/08/patch-tuesday-microsoft-zero-day-cve-2025-29824/
      • Adobe Calls Urgent Attention To Critical ColdFusion Flaws
        "Software maker Adobe on Tuesday released a massive batch of security updates alongside warnings that critical-severity vulnerabilities can be exploited to remotely take control of computer systems. The Adobe Patch Tuesday rollout covers a total of 54 documented bugs and addresses major code execution defects in enterprise-facing products like Adobe ColdFusion, Adobe FrameMaker, Adobe Photoshop and Adobe Commerce."
        https://www.securityweek.com/adobe-calls-urgent-attention-to-critical-coldfusion-flaws/
      • SAP Patches Critical Code Injection Vulnerabilities
        "SAP on Tuesday announced the release of 18 new and two updated security notes as part of its April 2025 Security Patch Day, including three notes addressing critical-severity vulnerabilities. The first two critical flaws, tracked as CVE-2025-27429 and CVE-2025-31330 (CVSS score of 9.9) are code injection bugs in S/4HANA (Private Cloud) and Landscape Transformation (Analysis Platform)."
        https://www.securityweek.com/sap-patches-critical-code-injection-vulnerabilities/
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-30406 Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability
        CVE-2025-29824 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • WhatsApp Flaw Can Let Attackers Run Malicious Code On Windows PCs
        "Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Described as a spoofing issue and tracked as CVE-2025-30401, this security flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential targets. Meta says the vulnerability impacted all WhatsApp versions and has been fixed with the release of WhatsApp 2.2450.6."
        https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/
        https://hackread.com/whatsapp-windows-flaw-hackers-sneak-malicious-files/
        https://securityaffairs.com/176357/security/whatsapp-fixed-a-spoofing-flaw-that-could-enable-remote-code-execution.html
        https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/
        https://www.theregister.com/2025/04/08/whatsapp_windows_bug/
      • Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances At Risk
        "There are more than 5,000 internet-accessible Ivanti Connect Secure appliances that are susceptible to attacks exploiting a recently disclosed vulnerability, the non-profit cybersecurity organization The Shadowserver Foundation warns. The issue, tracked as CVE-2025-22457 (CVSS score of 9), is described as a stack-based buffer overflow that could be exploited by remote, unauthenticated attackers to execute arbitrary code on a vulnerable appliance."
        https://www.securityweek.com/exploited-vulnerability-puts-5000-ivanti-vpn-appliances-at-risk/
      • Path Traversal Vulnerability In AWS SSM Agent's Plugin ID Validation
        "The AWS Systems Manager (SSM) Agent is a core component of Amazon Web Services management and automation capabilities, enabling administrators to remotely manage and configure EC2 instances and on-premises servers. The SSM Agent processes commands and tasks defined in SSM Documents, which are JSON or YAML-based templates that specify actions to be executed on target systems. These documents can include one or more plugins, each responsible for performing specific tasks, such as running shell scripts, installing software, or configuring system settings."
        https://cymulate.com/blog/aws-ssm-agent-plugin-id-path-traversal/
        https://thehackernews.com/2025/04/amazon-ec2-ssm-agent-flaw-patched-after.html

      Malware

      • CrushFTP CVE-2025-31161 Auth Bypass And Post-Exploitation
        "CVE-2025-31161 is a critical severity vulnerability allowing attackers to control how user authentication is handled by CrushFTP managed file transfer (MFT) software. We strongly recommend patching immediately to avoid affected versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. Successful exploitation of CVE-2025-31161 would give attackers admin level access across the CrushFTP application for further compromise. This blog outlines our re-created proof-of-concept for CVE-2025-31161 and attackers’ use of both legitimate and malicious RMM tooling for post-exploitation activities."
        https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation
        https://www.securityweek.com/threat-actors-set-up-persistent-access-to-hosts-hacked-in-crushftp-attacks/
      • Attackers Distributing a Miner And The ClipBanker Trojan Via SourceForge
        "Recently, we noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a legitimate GitHub project. The description and contents of officepackage provided below were also taken from GitHub."
        https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/
        https://thehackernews.com/2025/04/cryptocurrency-miner-and-clipper.html
        https://www.bleepingcomputer.com/news/security/fake-microsoft-office-add-in-tools-push-malware-via-sourceforge/
      • Exploitation Of CLFS Zero-Day Leads To Ransomware Activity
        "Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia. Microsoft released security updates to address the vulnerability, tracked as CVE-2025-29824, on April 8, 2025."
        https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/
        https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate
        https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/
      • GreyNoise Observes 3X Surge In Exploitation Attempts Against TVT DVRs — Likely Mirai
        "GreyNoise has observed a significant spike — 3 times that of typical activity — in exploitation attempts against TVT NVMS9000 DVRs, peaking on April 3 at over 2,500 unique IPs. This information disclosure vulnerability can be used to gain administrative control over affected systems. GreyNoise has identified sufficient overlap with Mirai, indicating this activity is associated with the botnet. Countless reports in the past have named the TVT NVMS9000 DVR as a target for botnet enlistment, including a GreyNoise update reporting Mirai targeting in early March."
        https://www.greynoise.io/blog/surge-exploitation-attempts-tvt-dvrs
        https://www.bleepingcomputer.com/news/security/new-mirai-botnet-behind-surge-in-tvt-dvr-exploitation/
      • Windows Remote Desktop Protocol: Remote To Rogue
        "In October 2024, Google Threat Intelligence Group (GTIG) observed a novel phishing campaign targeting European government and military organizations that was attributed to a suspected Russia-nexus espionage actor we track as UNC5837. The campaign employed signed .rdp file attachments to establish Remote Desktop Protocol (RDP) connections from victims' machines. Unlike typical RDP attacks focused on interactive sessions, this campaign creatively leveraged resource redirection (mapping victim file systems to the attacker servers) and RemoteApps (presenting attacker-controlled applications to victims)."
        https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol
        https://www.bankinfosecurity.com/russian-apt-hacker-observed-deploying-unusual-rdp-tactics-a-27953
      • Pick Your Poison - A Double-Edged Email Attack
        "Have you ever felt like you're dodging digital daggers in the online world? Well, you're not far off. Imagine a sneaky email landing in your inbox, disguised as a file deletion reminder or a too-good-to-be-true offer from a trusted file-sharing service. You click, thinking you’re preventing a potential threat to your organization—but BAM! It’s a trap. The Cofense Phishing Defense Center (PDC) has identified a clever cyber-attack distinguished by its hybrid approach of integrating both phishing techniques targeting Office365 (O365) credentials and malware delivery."
        https://cofense.com/blog/pick-your-poison-a-double-edged-email-attack
      • Tax Deadline Threat: QuickBooks Phishing Scam Exploits Google Ads
        "The pressure of the looming tax filing deadline (April 15th in the US) can make anyone rush online tasks. Cybercriminals are acutely aware of this increased activity and are exploiting trusted platforms like Google to target Intuit QuickBooks users. By purchasing prominent Google Ads, they are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even one-time passcodes (OTPs) – the keys to someone’s financial data needed for tax compliance. Understanding this deceptive tactic is the first step in protecting yourself from falling victim."
        https://www.malwarebytes.com/blog/scams/2025/04/tax-deadline-threat-quickbooks-phishing-scam-exploits-google-ads
      • NCSC Shares Technical Details Of Spyware Targeting Uyghur, Tibetan And Taiwanese Groups
        "The U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghur, Tibetan and Taiwanese individuals and civil society organizations. The surveillance software — labeled MOONSHINE and BADBAZAAR — breaks into device microphones and cameras and harvests messages, photos and location data, allowing users to be monitored in real time without their knowledge."
        https://therecord.media/ncsc-shares-details-on-spyware-targeting-uyghur-tiben-taiwanese-groups
      • Scattered Spider: Still Hunting For Victims In 2025
        "Scattered Spider is a hacker collective that has been active since at least 2022. It is well-known for launching sophisticated social engineering attacks to obtain usernames, login credentials, and multi-factor authentication (MFA) tokens. Silent Push analysts have successfully identified Scattered Spider infrastructure, tactics, techniques, and procedures (TTPs), and developed several methods for routinely and proactively identifying Indicators of Future AttackTM (IOFA) that our customers can use against this threat. Changes to deployments and phishing kits in early 2025, however, suggest Scattered Spider is turning the page on some past decisions."
        https://www.silentpush.com/blog/scattered-spider-2025/
        https://www.theregister.com/2025/04/08/scattered_spider_updates/

      Breaches/Hacks/Leaks

      • Hackers Lurked In Treasury OCC’s Systems Since June 2023 Breach
        "Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails, according to anonymous sources familiar with the matter. The OCC is an independent bureau of the U.S. Department of the Treasury that oversees banks and federal savings associations and ensures they comply with applicable laws and regulations, treat customers fairly, and provide fair access to financial services. As Bloomberg first reported, the threat actors gained the ability to monitor employees' emails after breaking into an email system administrator's account, as OCC disclosed in February 2025."
        https://www.bleepingcomputer.com/news/security/hackers-lurked-in-treasury-occs-systems-since-june-2023-breach/
        https://www.occ.gov/news-issuances/news-releases/2025/nr-occ-2025-13.html/
      • Medusa Ransomware Claims NASCAR Breach In Latest Attack
        "The Medusa ransomware gang has added another high-profile name to its growing list of victims. Earlier today, the group listed NASCAR (National Association for Stock Car Auto Racing) on its dark web leak site, demanding a $4 million ransom and threatening to release internal data if payment isn’t made. Alongside NASCAR, the group is also claiming McFarland Commercial Insurance Services, Bridgebank Ltd, and Pulse Urgent Care as new victims."
        https://hackread.com/medusa-ransomware-claims-nascar-breach-latest-attack/
      • HELLCAT Ransomware Group Strikes Again: Four New Victims Breached Via Jira Credentials From Infostealer Logs
        "The HellCat ransomware group has once again demonstrated their relentless focus on exploiting Jira credentials stolen through infostealer malware, targeting four new organizations: HighWire Press, Asseco, Racami, and LeoVegas Group. Hudson Rock has been tracking HellCat’s activities since their emergence. Research conducted by Hudson Rock confirms that all four breaches stem from compromised Jira credentials harvested by infostealers, a pattern observed in HellCat’s earlier attacks on Jaguar Land Rover, Telefonica, Schneider Electric, Orange, and others."
        https://www.infostealers.com/article/hellcat-ransomware-group-strikes-again-four-new-victims-breached-via-jira-credentials-from-infostealer-logs/
        https://hackread.com/hellcat-ransomware-firms-infostealer-stolen-jira-credentials/
      • Czech Prime Minister Says His X Account Was Hacked ‘from Abroad’
        "The Czech prime minister’s account on the social media platform X was hacked on Tuesday, with a series of false messages posted, including those claiming a Russian attack on Czech soldiers and a response to U.S. tariffs. Petr Fiala confirmed the incident, saying the hack originated “from abroad.” “Despite thorough security measures, including two-factor authentication … the attackers managed to penetrate the profiles and publish fake posts,” he said. “We are actively cooperating with the police to investigate this incident and identify the perpetrators.”"
        https://therecord.media/czech-prime-minister-x-acccount-hacked

      General News

      • Excessive Agency In LLMs: The Growing Risk Of Unchecked Autonomy
        "For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these systems gain deep access to information systems, a growing concern is mounting about their excessive agency – the security risk of entrusting these tools with so much power, access, and information."
        https://www.helpnetsecurity.com/2025/04/08/llm-excessive-agency-risk/
      • Observability Is Security’s Way Back Into The Cloud Conversation
        "In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing security readiness. He shares strategies for overcoming common misconfigurations and optimizing access controls in the cloud."
        https://www.helpnetsecurity.com/2025/04/08/esteban-gutierrez-new-relic-cloud-infrastructure-risks/
      • Statistical Report On Malware Targeting MS-SQL Servers In 1Q 2025
        "The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in 1Q 2025, and also discuss statistics on the attacks launched against said servers. Furthermore, malware used in each attack will be categorized with a summary of the statistical details."
        https://asec.ahnlab.com/en/87356/
      • Statistical Report On Malware Targeting Linux SSH Servers In Q1 2025
        "AhnLab SEcurity intelligence Center (ASEC) conducts response and classification of brute force or dictionary attacks targeting poorly managed Linux SSH servers using honeypots. This report will cover the status of attack sources identified in the first quarter of 2025 based on logs, as well as statistics on attacks performed by these attack sources. Furthermore, malware used in each attack will be categorized with a summary of the statistical details."
        https://asec.ahnlab.com/en/87357/
      • Statistical Report On Malware Targeting Windows Web Servers In Q1 2025
        "AhnLab SEcurity intelligence Center (ASEC) responds to and classifies attacks that target inappropriately managed Windows web servers by utilizing the AhnLab Smart Defense (ASD) infrastructure. This post covers the damage status of Windows web servers that have been targeted in attacks and provides statistics on the attacks based on the logs identified in the first quarter of 2025. Additionally, it classifies the malware used in each attack and compiles detailed statistics."
        https://asec.ahnlab.com/en/87358/
      • Cybersecurity Pulse Report 2025: Security Implications Of AI
        "AI is reshaping cybersecurity, emerging as both a powerful defense mechanism and a sophisticated tool for cyber adversaries. The Cybersecurity Implications of AI Pulse Report 2025 provides an in-depth analysis of how AI is transforming the digital threat landscape, offering critical insights for security leaders, policymakers and AI strategists."
        https://www.bankinfosecurity.com/cybersecurity-pulse-report-2025-security-implications-ai-a-27951
        https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/pulse-report-march-2025-v5.pdf
      • UK Orgs Pull Back Digital Projects With Looming Threat Of Cyberwarfare
        "Many firms are delaying their critical digital projects largely due to an expected rise of the risk of state-sponsored cyberattacks. Researchers at Armis conducted a study of more than 1,800 global IT decision-makers (ITDMs) — 501 of which are from the UK — and released the findings in the vendor's 2025 "Cyberwarfare Report." The researchers found that almost half of the UK organizations that participated in the study experienced some kind of disruption to their digital projects due to the threat of "cyber warfare" attacks."
        https://www.darkreading.com/threat-intelligence/uk-orgs-pull-back-digital-projects-cyberwarfare
        https://media.armis.com/image/upload/v1744054933/cyberwarfare-2025.pdf
        https://www.infosecurity-magazine.com/news/half-firms-stall-digital-projects/
      • How Democratized Development Creates a Security Nightmare
        "No-code and low-code development platforms have promised a new era of democratized software creation. By enabling users with little to no programming expertise to develop applications through graphical interfaces and prebuilt components, these tools have accelerated digital transformation. However, beneath this efficiency lies an uncomfortable reality: Security is often overlooked, leaving organizations exposed to vulnerabilities that traditional software development methodologies would have mitigated."
        https://www.darkreading.com/cyber-risk/democratized-development-security-nightmare
      • Experts Optimistic About Secure By Design Progress
        "The Secure by Design pledge may be catching on, but reaching that goal is only going to become more difficult as attackers advance, and applications are built at a faster pace. The Cybersecurity and Infrastructure Security Agency (CISA) launched Secure by Design two years ago to help improve software security, from development through implementation. The government agency asked software manufacturers to take the Secure by Design pledge to reduce the number of exploitable vulnerabilities increasing across the threat landscape. While organizations continue to struggle with an influx of vulnerabilities and supply chain risks, experts are optimistic about the progress."
        https://www.darkreading.com/application-security/optimism-about-secure-by-design-progress
      • DNS: The Secret Weapon CISOs May Be Overlooking In The Fight Against Cyberattacks
        "As the threat landscape grows more sophisticated, Chief Information Security Officers (CISOs) are continuously searching for innovative ways to safeguard their organizations. Yet one of the most potent tools in their arsenal remains underutilized – DNS (domain name systems). But first, let’s first talk about the important role DNS plays in every network. Domains are the first thing users, devices, and workloads query to communicate with resources across the internet. DNS is the phone book of the Internet, resolving domains such as www.anydomainname.com to IP addresses that computers and servers can understand."
        https://www.securityweek.com/dns-the-secret-weapon-cisos-may-be-overlooking-in-the-fight-against-cyberattacks/
      • May You Live In Interesting Times: The Rise And Fall Of Threat Actors
        "We live in interesting times, where technology is both a blessing and a curse. 2025 is following a year of significant upheaval in the cybercrime landscape, marked by high-profile arrests, platform policy changes, and the rise and fall of prominent threat actors. The aforementioned risks—compromised credentials, infostealers, and vulnerabilities—served as an undercurrent for the many cyberattacks and extortion events that took place throughout the year."
        https://flashpoint.io/blog/rise-fall-of-threat-actors/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 10a6062a-117b-4f10-a331-050349f2c7fd-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post