{"id":106153,"date":"2016-06-28T15:00:19","date_gmt":"2016-06-28T22:00:19","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=106153"},"modified":"2020-04-08T18:50:59","modified_gmt":"2020-04-09T01:50:59","slug":"unit42-prince-of-persia-game-over","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/","title":{"rendered":"\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc"},"content":{"rendered":"

\u6982\u8981<\/b><\/h2>\n

Unit 42\u306f\u30015\u6708\u521d\u65ec\u306b\u300c\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0<\/a>\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002
\n\u305d\u3053\u3067\u3001\u4ee5\u524d\u306f\u672a\u516c\u958b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u3001Infy \u3092\u4f7f\u7528\u3057\u3066\u3001\u4e16\u754c\u4e2d\u306e\u653f\u5e9c\u6a5f\u95a2\u3084\u6ce8\u76ee\u3092\u96c6\u3081\u3066\u3044\u308b\u696d\u754c\u3092\u6a19\u7684\u3068\u3057\u305f10\u5e74\u9593\u306b\u53ca\u3076\u6d3b\u52d5\u3092\u767a\u898b\u3057\u305f\u3053\u3068\u3092\u8aac\u660e\u3057\u307e\u3057\u305f\u3002<\/p>\n

\u3053\u306e\u8a18\u4e8b\u306e\u516c\u958b\u306e\u5f8c\u3001C2\u30c9\u30e1\u30a4\u30f3\u306e\u8cac\u4efb\u3092\u62c5\u3046\u30d1\u30fc\u30c6\u30a3\u3068\u306e\u5354\u529b\u3092\u901a\u3058\u3066\u3001Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001\u8907\u6570\u306eC2\u30c9\u30e1\u30a4\u30f3\u306e\u5236\u5fa1\u6a29\u3092\u5f97\u308b\u3053\u3068\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u3053\u306e\u6d3b\u52d5\u3067\u306e\u653b\u6483\u8005\u306b\u3088\u308b\u88ab\u5bb3\u8005\u3078\u306e\u30a2\u30af\u30bb\u30b9\u306f\u7121\u52b9\u5316\u3055\u308c\u3001\u3053\u306e\u6d3b\u52d5\u3067\u73fe\u5728\u88ab\u5bb3\u3092\u53d7\u3051\u3066\u3044\u308b\u6a19\u7684\u3078\u306e\u6d1e\u5bdf\u3092\u6df1\u3081\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30d1\u30fc\u30c6\u30a3\u306b\u901a\u77e5\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n

\u516c\u958b\u5f8c<\/b><\/h3>\n

\u5143\u306e\u30d6\u30ed\u30b0\u306e\u516c\u958b\u5f8c1\u9031\u9593\u306f\u3001C2\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306b\u7570\u5e38\u306a\u5909\u5316\u306f\u898b\u3089\u308c\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u4ee5\u524d\u306b\u5b9a\u671f\u7684\u306b\u898b\u3089\u308c\u305f\u3068\u304a\u308a\u3001\u65e2\u5b58\u306e\u30c9\u30e1\u30a4\u30f3\u306f\u65b0\u3057\u3044IP\u30a2\u30c9\u30ec\u30b9\u306b\u79fb\u884c\u3055\u308c\u307e\u3057\u305f\u3002\u3044\u304f\u3064\u304b\u306e\u65b0\u305f\u306a\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb \u30c9\u30e1\u30a4\u30f3\u304c\u3001\u73fe\u5728\u306e\u30c9\u30e1\u30a4\u30f3\u306e\u547d\u540d\u898f\u5247\uff08\u65b0\u3057\u3044IOC\u306e\u4ed8\u9332\u3092\u53c2\u7167\u306e\u3053\u3068\uff09\u306b\u5f93\u3063\u3066\u8ffd\u52a0\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n

\u653b\u6483\u8005\u304c\u65b0\u3057\u3044\u30d0\u30fc\u30b8\u30e7\u30f3(31)\u3092\u958b\u767a\u3057\u3001\u3053\u308c\u304c\u5358\u4e00\u306e\u30ab\u30ca\u30c0\u306e\u6a19\u7684\u306b\u5bfe\u3057\u3066\u4ed5\u639b\u3051\u3089\u308c\u305f\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002<\/p>\n

\u30d5\u30a1\u30a4\u30eb\u306e\u8aac\u660e\u306f\u3001\u57fa\u672c\u7684\u306b\u306f\u540c\u3058\u307e\u307e\u3067\u3059(\u201cCLMediaLibrary Dynamic Link Library V3\u201d)\u3002\u3082\u3063\u3068\u3082\u91cd\u8981\u306a\u70b9\u306f\u300110\u5e74\u9593\u306e\u6d3b\u52d5\u5168\u4f53\u3092\u901a\u3058\u3066\u4f7f\u7528\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u3092\u767a\u898b\u3057\u3001\u4ee5\u524d\u306e\u30d6\u30ed\u30b0\u3067\u89e3\u8aac\u3057\u305f\u30a8\u30f3\u30b3\u30fc\u30c9 \u30ad\u30fc\u306b\u4f55\u306e\u5909\u66f4\u3082\u306a\u304b\u3063\u305f<\/b>\u3053\u3068\u3067\u3059(\u73fe\u5728\u306f\u30aa\u30d5\u30bb\u30c3\u30c820\u3068\u3001URL\u30a8\u30f3\u30b3\u30fc\u30c9\u30672\u756a\u76ee\u306b\u6e21\u3059\u5834\u5408\u306f\u30aa\u30d5\u30bb\u30c3\u30c811\u3092\u4f7f\u7528)\u3002\u3053\u306e\u3053\u3068\u304b\u3089\u3001\u653b\u6483\u8005\u306f\u79c1\u305f\u3061\u306e\u6700\u521d\u306e\u30ec\u30dd\u30fc\u30c8\u306b\u6c17\u4ed8\u3044\u3066\u3044\u306a\u3044\u3068\u5224\u65ad\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

\u30b7\u30f3\u30af\u30db\u30fc\u30eb<\/b><\/h3>\n

C2\u30c9\u30e1\u30a4\u30f3\u306e\u8cac\u4efb\u3092\u62c5\u3046\u30d1\u30fc\u30c6\u30a3\u3068\u306e\u5354\u529b\u3092\u901a\u3058\u3066\u3001\u79c1\u305f\u3061\u306f\u305d\u308c\u3089\u306e1\u3064\u3067\u306f\u306a\u304f\u3059\u3079\u3066\u306e\u5236\u5fa1\u6a29\u3092\u5f97\u3066\u3001\u5236\u5fa1\u4e0b\u306e\u30b5\u30fc\u30d0\u306bA\u30ec\u30b3\u30fc\u30c9\u3092\u8ee2\u9001\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u3088\u3063\u3066\u3001\u653b\u6483\u8005\u304c\u305d\u306e\u5f8c\u3001\u3055\u3089\u306b\u30c9\u30e1\u30a4\u30f3\u69cb\u6210\u3092\u5909\u66f4\u3057\u305f\u308a\u3001\u88ab\u5bb3\u8005\u3078\u30b3\u30de\u30f3\u30c9\u3092\u767a\u884c\u3057\u305f\u308a\u3001\u307e\u305f\u306f\u5927\u534a\u306e\u88ab\u5bb3\u8005\u304b\u3089\u3055\u3089\u306b\u30c7\u30fc\u30bf\u3092\u53d6\u5f97\u3057\u305f\u308a\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u3001\u9632\u5fa1\u3057\u307e\u3057\u305f\u3002\u8ee2\u9001\u5f8c\u306e\u63a5\u7d9a\u306e\u5206\u6790\u3067\u306f\u3001\u653b\u6483\u8005\u304c\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3 \u30b5\u30fc\u30d3\u30b9\u3092\u4f7f\u7528\u3057\u3066\u3001\u5f7c\u3089\u304c\u7a81\u7136\u307b\u307c\u3059\u3079\u3066\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u5931\u3063\u305f\u7406\u7531\u3092\u7a81\u304d\u6b62\u3081\u3088\u3046\u3068\u3057\u305f\u3053\u3068\u304c\u793a\u3055\u308c\u307e\u3057\u305f\u3002\u56f31\u306f\u3001\u88ab\u5bb3\u3092\u53d7\u3051\u305fC2\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306e\u5730\u7406\u7684\u306a\u5834\u6240\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u5f53\u793e\u306e\u30b7\u30f3\u30af\u30db\u30fc\u30eb \u30b5\u30fc\u30d0\u3068\u73fe\u5728\u901a\u4fe1\u3057\u3066\u3044\u308b\u6642\u70b9\u3067\u306e\u3059\u3079\u3066\u3092\u8868\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

\n
\"\u56f31
\u56f31 \u88ab\u5bb3\u3092\u53d7\u3051\u305fC2\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u306e\u30b0\u30e9\u30d5\u30a3\u30ab\u30eb\u8868\u793a<\/figcaption><\/figure>\n<\/div>\n

\u79c1\u305f\u3061\u306f\u3001\u305d\u306e\u5f8c\u3001\u30b7\u30f3\u30af\u30db\u30fc\u30eb\u306e\u5236\u5fa1\u3092Shadowserver<\/a>\u306b\u79fb\u7ba1\u3057\u307e\u3057\u305f\u3002\u5f15\u304d\u7d9a\u304d\u88ab\u5bb3\u8005\u3078\u306e\u901a\u77e5\u3068\u4fee\u5fa9\u3092\u62c5\u5f53\u3057\u3066\u3044\u305f\u3060\u3044\u3066\u3044\u308b\u3053\u3068\u306b\u611f\u8b1d\u3057\u307e\u3059(https:\/\/www.shadowserver.org\/wiki\/pmwiki.php\/Involve\/GetReportsOnYourNetwork<\/a>)\u3002<\/p>\n

\u88ab\u5bb3\u8005<\/b><\/h3>\n

\u88ab\u5bb3\u3092\u53d7\u3051\u305fC2\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u5206\u6790\u3057\u3001Infy\u6d3b\u52d5\u306e\u88ab\u5bb3\u8005\u304c\u8ab0\u3067\u3042\u3063\u305f\u304b\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u300235\u30ab\u56fd\u306e326\u306e\u88ab\u5bb3\u8005\u30b7\u30b9\u30c6\u30e0\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f456\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u7279\u5b9a\u3057\u307e\u3057\u305f\u3002\u56f32\u306f\u3001\u88ab\u5bb3\u8005\u306e\u5834\u6240\u306e\u5730\u7406\u7684\u306a\u8a73\u7d30\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u5143\u306e\u30d6\u30ed\u30b0\u3067\u3001\u3053\u306e\u6d3b\u52d5\u3067\u306f\u5927\u52e2\u306e\u30a4\u30e9\u30f3\u5e02\u6c11\u304c\u6a19\u7684\u3068\u3055\u308c\u3001\u3059\u3079\u3066\u306e\u72a0\u7272\u8005\u306e\u307b\u307c1\/3\u304c\u30a4\u30e9\u30f3\u4eba\u3060\u3063\u305f\u3068\u5224\u660e\u3057\u305f\u3053\u3068\u3092\u8ff0\u3079\u307e\u3057\u305f\u3002\u307e\u305f\u3001\u305f\u3068\u3048\u3070\u3001\u30af\u30e9\u30a4\u30e0\u30a6\u30a7\u30a2\u653b\u6483\u306b\u6bd4\u3079\u308b\u3068\u3001\u88ab\u5bb3\u8005\u306e\u7dcf\u6570\u306f\u305d\u308c\u307b\u3069\u591a\u304f\u306a\u3044\u3053\u3068\u3082\u8ff0\u3079\u307e\u3057\u305f\u3002<\/p>\n

\n
\"\u56f32
\u56f32 \u88ab\u5bb3\u8005\u306e\u5730\u7406\u7684\u306a\u5834\u6240\u3002\u88ab\u5bb3\u8005\u304c\u767a\u898b\u3055\u308c\u306a\u304b\u3063\u305f\u305f\u3081\u3001\u3053\u306e\u5730\u56f3\u3067\u306f\u30cb\u30e5\u30fc\u30b8\u30fc\u30e9\u30f3\u30c9\u304c\u7701\u7565\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/figcaption><\/figure>\n<\/div>\n

\u30d0\u30fc\u30b8\u30e7\u30f3<\/b><\/h3>\n

\u5143\u306e\u30d6\u30ed\u30b0\u3067\u306f\u3001Infy\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u306f\u3001\u306f\u3063\u304d\u308a\u7570\u306a\u308b2\u3064\u306e\u57fa\u672c\u7684\u306a\u4e9c\u7a2e\u304c\u3042\u308b\u3068\u8ff0\u3079\u307e\u3057\u305f\u3002\u672c\u6765\u306e\u201cInfy\u201d\u4e9c\u7a2e\u306b\u52a0\u3048\u3001\u3088\u308a\u65b0\u3057\u3044\u3001\u7cbe\u5de7\u3067\u30a4\u30f3\u30bf\u30e9\u30af\u30c6\u30a3\u30d6\u306a\u30d5\u30eb\u6a5f\u80fd\u88c5\u5099\u306e\u201cInfy M\u201d\u4e9c\u7a2e\u304c\u3001\u3088\u308a\u9ad8\u4fa1\u5024\u3068\u601d\u308f\u308c\u308b\u6a19\u7684\u306b\u5bfe\u3057\u3066\u5c0e\u5165\u3055\u308c\u307e\u3057\u305f\u3002\u7dcf\u8a08\u3059\u308b\u3068\u3001\u3059\u3079\u3066\u306e\u88ab\u5bb3\u8005\u306e93%\u304cInfy\u306b\u611f\u67d3\u3057\u300160%\u304cInfy \u201cM\u201d\u306b\u611f\u67d3\u3057\u307e\u3057\u305f(\u56f33)\u3002\u72a0\u7272\u8005\u306e\u7dcf\u6570\u304c\u5c11\u306a\u3044\u3053\u3068\u3068\u5408\u308f\u305b\u308b\u3068\u3001\u3053\u308c\u306f\u3001\u6d3b\u52d5\u306e\u500b\u3005\u306e\u6a19\u7684\u306b\u304d\u3081\u7d30\u304b\u304f\u6ce8\u610f\u3092\u6255\u3063\u305f\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u307e\u3059\u3002\u72a0\u7272\u8005\u306e\u5927\u534a\u306f\u3001\u7121\u6599\u306e\u6a5f\u80fd\u30bb\u30c3\u30c8\u306b\u95a2\u9023\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u307e\u305f\u3001\u672c\u6765\u306e\u4e9c\u7a2e\u306b\u611f\u67d3\u3057\u305f\u88ab\u5bb3\u8005\u306e\u30b7\u30b9\u30c6\u30e0\u306b\u306f\u3001\u6a19\u7684\u304c\u653b\u6483\u8005\u306b\u3068\u3063\u3066\u3088\u308a\u4fa1\u5024\u304c\u9ad8\u3044\u3068\u601d\u3048\u308b\u5834\u5408\u306b\u3001\u5f8c\u304b\u3089\u201cM\u201d\u4e9c\u7a2e\u3092\u8ffd\u52a0\u3059\u308b\u305f\u3081\u306e\u201c\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u201d\u30d1\u30b9\u304c\u63d0\u4f9b\u3055\u308c\u305f\u53ef\u80fd\u6027\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n

\n
\"\u56f33
\u56f33 Infy\u304a\u3088\u3073Infy \u201cM\u201d\u611f\u67d3\u306e\u5185\u8a33<\/figcaption><\/figure>\n<\/div>\n

Infy \u201cM\u201d\u306e\u5834\u5408\u306f\u3001\u5927\u534a\u306e\u6a19\u7684\u3067\u6700\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3(7.8)\u304c\u4f7f\u7528\u3055\u308c\u3001\u53e4\u30446.x\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u307e\u3063\u305f\u304f\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u305b\u3093(\u56f34)\u3002\u3053\u308c\u306f\u3001\u3053\u308c\u3089\u306e\u3088\u308a\u4fa1\u5024\u306e\u9ad8\u3044\u6a19\u7684\u306b\u306f\u3001\u6700\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u4f7f\u3063\u3066\u6700\u65b0\u306e\u72b6\u614b\u3092\u4fdd\u6301\u3059\u308b\u305f\u3081\u306b\u3001\u304b\u306a\u308a\u306e\u6ce8\u610f\u304c\u6255\u308f\u308c\u305f\u3053\u3068\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

\u3053\u308c\u306b\u5bfe\u3057\u3001\u3088\u308a\u57fa\u672c\u7684\u306a\u5143\u306eInfy\u4e9c\u7a2e\u306b\u95a2\u3057\u3066\u3001\u591a\u7a2e\u591a\u69d8\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u5206\u304b\u308a\u307e\u3059(\u56f35)\u3002\u3053\u308c\u306b\u3088\u308b\u3068\u65e7\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u3088\u308b\u88ab\u5bb3\u8005\u304c\u591a\u304f\u304a\u308a\u3001\u65e7\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u4e2d\u306b\u306f\u300110\u5e74\u7d4c\u3063\u305f\u6700\u521d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3082\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u306f\u3053\u3046\u3057\u305f\u500b\u3005\u306e\u6a19\u7684\u306b\u5bfe\u3059\u308b\u95a2\u5fc3\u304c\u306f\u308b\u304b\u306b\u4f4e\u3044\u3053\u3068\u3092\u793a\u3057\u3066\u3044\u307e\u3059(\u306a\u304a\u3001\u79c1\u305f\u3061\u306f\u5c11\u6570\u306e\u53e4\u30446.x\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u306f\u78ba\u8a8d\u3057\u307e\u3057\u305f\u304c\u3001\u3053\u308c\u3089\u306f\u63a5\u7d9a\u6642\u306b\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u901a\u77e5\u3057\u3066\u304d\u307e\u305b\u3093)\u3002<\/p>\n

\n
\"\u56f34
\u56f34 Infy\u300cM\u300d\u88ab\u5bb3\u306b\u95a2\u3059\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/figcaption><\/figure>\n<\/div>\n
\n
\"\u56f35
\u56f35 \u300c\u5143\u306e\u300dInfy\u88ab\u5bb3\u306b\u95a2\u3059\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/figcaption><\/figure>\n<\/div>\n

\u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc<\/b><\/h3>\n

\u6355\u6349\u306e\u76f4\u5f8c\u3001Infy\u306e\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3(31)\u306b\u304a\u3044\u3066\u3082\u3001\u904e\u53bb\u306b\u78ba\u8a8d\u6e08\u307f\u306e\u30d1\u30bf\u30fc\u30f3\u306e\u5229\u7528\u306b\u3088\u308a\u3001\u8907\u6570\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u65e2\u77e5\u306e\u653b\u6483\u6d3b\u52d5\u7528IP\u30a2\u30c9\u30ec\u30b9\u306b\u5bfe\u3057\u3066\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u79c1\u305f\u3061\u306f\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002\u30d1\u30bf\u30fc\u30f3\u7bc4\u56f2box4035[.]net \u2013 box4090[.]net (138.201.0.134)\u306b\u304a\u3051\u308b\u307b\u3068\u3093\u3069\u3069\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u8a72\u5f53\u3057\u307e\u3059\u3002\u3057\u304b\u3057\u3001\u3053\u308c\u3089\u306f\u3069\u306e\u30b5\u30f3\u30d7\u30ebC2\u30ea\u30b9\u30c8\u306e\u4e2d\u306b\u3082\u78ba\u8a8d\u3055\u308c\u307e\u305b\u3093\u3067\u3057\u305f\u3002Bestwebstat[.]com\u306f\u5225\u306e\u904b\u7528\u8005\u306b\u3088\u308b\u30b7\u30f3\u30af\u30db\u30fc\u30eb\u3067\u3057\u305f\u3002<\/p>\n

\u30d0\u30fc\u30b8\u30e7\u30f315-24\u306eInfy\u306b\u611f\u67d3\u3057\u305f\u4e00\u90e8\u306e\u88ab\u5bb3\u8005\u306f\u3001\u307e\u3060\u653b\u6483\u8005\u306e\u7ba1\u7406\u4e0b\u306b\u3042\u308bC2\u30b5\u30fc\u30d0us1s2[.]strangled[.]net\u3092\u5f15\u304d\u7d9a\u304d\u5229\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u30026\u6708\u4e0a\u65ec\u3001\u653b\u6483\u8005\u306f\u3053\u306eC2\u3092\u5229\u7528\u3057\u3066\u65b0\u578b\u306eInfy\u300cM\u300d\u30d0\u30fc\u30b8\u30e7\u30f38.0\u3092us1s2[.]strangled[.]net\/bdc.tmp\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u3088\u3046\u6307\u793a\u3057\u307e\u3057\u305f\u3002\u79c1\u305f\u3061\u306f\u3053\u306e\u3088\u3046\u306bInfy\u4e9c\u7a2e\u304cInfy\u300cM\u300d\u306b\u76f4\u63a5\u66f4\u65b0\u3055\u308c\u3066\u3044\u308b\u3068\u3053\u308d\u3092\u521d\u3081\u3066\u76ee\u6483\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u969b\u3001\u507d\u88c5\u540d\u79f0\u300cMacromedia v4\u300d\u304c\u4f7f\u308f\u308c\u307e\u3057\u305f\u304c\u3001\u3053\u308c\u306fInfy v31\u3067\u898b\u3089\u308c\u305f\u300cv3\u300d\u3092\u5909\u66f4\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u307e\u305f\u3001\u653b\u6483\u8005\u306f\u3053\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u97f3\u58f0\u9332\u97f3\u6a5f\u80fd\u3092\u524a\u9664\u3057\u307e\u3057\u305f\u3002<\/p>\n

uvps1[.]cotbm[.]com\u304c\u30c7\u30fc\u30bf\u3092\u79d8\u5bc6\u88cf\u306b\u76d7\u307f\u51fa\u3059\u306e\u306b\u7528\u3044\u3089\u308c\u307e\u3057\u305f\u304c\u3001\u4ee5\u524d\u306f\u30a2\u30c9\u30ec\u30b9\u304c138.201.47.150\u3067\u3042\u3063\u305f\u306e\u304c\u79c1\u305f\u3061\u306e\u6700\u521d\u306e\u30d6\u30ed\u30b0\u306e\u516c\u958b\u5f8c\u306b\u306f144.76.250.205\u3078\u3068\u5909\u308f\u308a\u307e\u3057\u305f\u3002\u307e\u305f\u3001\/themes\/u.php\u306b\u304a\u3044\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u66f4\u65b0\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n

\u4e0d\u601d\u8b70\u306aC2\u30a8\u30f3\u30c8\u30ea\u300chxxp:\/\/box\u300d\u3082\u8ffd\u52a0\u3055\u308c\u3066\u3044\u307e\u3057\u305f(\u6ce8: \u8a18\u4e8b\u516c\u958b\u306b\u3042\u305f\u308a\u7121\u5bb3\u5316\u3057\u305f\u8868\u8a18\u306b\u3057\u3066\u3042\u308a\u307e\u3059)\u3002\u3053\u308c\u304c\u3069\u306e\u3088\u3046\u306b\u6a5f\u80fd\u3059\u308b\u306e\u304b\u306f\u4e0d\u660e\u3067\u3059\u3002\u3053\u3068\u306b\u3088\u308b\u3068\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u88ab\u5bb3\u8005\u306e\u30a4\u30f3\u30c8\u30e9\u30cd\u30c3\u30c8\u306e\u30c7\u30d0\u30a4\u30b9\u3001\u307e\u305f\u306f\u653b\u6483\u8005\u306b\u3088\u3063\u3066\u3001\u88ab\u5bb3\u8005\u306e\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u4e0a\u306b\u3042\u308bHOSTS\u30d5\u30a1\u30a4\u30eb\u304c\u5909\u66f4\u3055\u308c\u305f\u7d50\u679c\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002<\/p>\n

\u79c1\u305f\u3061\u306b\u3088\u308b\u6355\u6349\u306e\u5f8c\u3001\u653b\u6483\u8005\u306f\u30b5\u30fc\u30d0\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3060\u3051\u3067\u306a\u304fIP\u30a2\u30c9\u30ec\u30b9\u3092\u81ea\u5206\u305f\u3061\u306e\u30de\u30eb\u30a6\u30a7\u30a2C2\u30ea\u30b9\u30c8\u306b\u8ffd\u52a0\u3057\u59cb\u3081\u307e\u3057\u305f\u3002\u3055\u3089\u306b\u3001ZIP\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u308f\u305a\u304b\u306b\u300cZ8(2000_2001ul\u300d\u304b\u3089\u300cZ8(2000_2001uIEr3\u300d\u3078\u3068\u5909\u66f4\u3057\u307e\u3057\u305f\u3002\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u306fKaspersky Labs\u3001Avast\u304a\u3088\u3073Trend Micro\u304c\u306a\u3044\u304b\u8abf\u3079\u308b\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9\u691c\u67fb\u6a5f\u80fd\u304c\u8ffd\u52a0\u3055\u308c\u307e\u3057\u305f\u3002\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u30c7\u30fc\u30bf \u30ad\u30e3\u30d7\u30c1\u30e3\u306f\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u62e1\u5f35\u5b50\u3092\u691c\u7d22\u3057\u307e\u3059\u3002<\/p>\n

.doc, .docx, .xls, .xlsx, .xlr, .pps, .ppt, .pptx, .mdb, .accdb, .db, .dbf, .sql, .jpg, .jpeg, .psd, .tif, .mp4, .3gp, .txt, .rtf, .odt, .htm, .html, .pdf, .wps, .contact, .csv, .nbu, .vcf, .pst, .zip, .rar, .7z, .zipx, .pgp, .tc, .vhd, .p12, .crt.pem,.key.pfx, .asc, .cer, .p7b, .sst, .doc, .docx, .xls, .xlsx, .xlr, .pps, .ppt, .pptx.<\/i><\/p>\n

\u307e\u305f\u3001\u4ee5\u4e0b\u306e\u30d5\u30a9\u30eb\u30c0\u30fc\u4f4d\u7f6e\u3092\u691c\u7d22\u3057\u307e\u3059\u3002<\/p>\n

:\\$recycle.bin, :\\documents and settings, :\\msocache, :\\program files, :\\program files (x86), :\\programdata, :\\recovery, :\\system volume information:\\users, :\\windows, :\\boot, :\\inetpub, :\\i386.<\/i><\/p>\n

\u30de\u30eb\u30a6\u30a7\u30a2\u306f\u3001\u3053\u306e\u653b\u6483\u6d3b\u52d5\u3067\u5f53\u521d\u304b\u3089\u73fe\u5728\u306b\u81f3\u308b\u307e\u3067\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b\u540c\u4e00\u306e\u5fa9\u53f7\u5316\u30ad\u30fc<\/b>\u3092\u4f7f\u3044\u7d9a\u3051\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n

6\u6708\u4e2d\u65ec\u3001C2\u30c9\u30e1\u30a4\u30f3\u306e\u7ba1\u7406\u8cac\u4efb\u8005\u3068\u6cd5\u57f7\u884c\u5f53\u5c40\u306e\u5354\u529b\u306b\u3088\u308a\u3001\u79c1\u305f\u3061\u306f\u6b8b\u308a\u306eC2\u30c9\u30e1\u30a4\u30f3\u3092null\u30eb\u30fc\u30c8\u5316\u3057\u3066\u3001IP\u30a2\u30c9\u30ec\u30b9\u3067\u76f4\u63a5\u6307\u5b9a\u3055\u308c\u3066\u3044\u305f\u30b5\u30fc\u30d0\u3092\u7121\u52b9\u5316\u3059\u308b\u3053\u3068\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u3088\u308a10\u5e74\u306b\u308f\u305f\u308b\u653b\u6483\u6d3b\u52d5\u306f\u7d42\u7109\u3092\u8fce\u3048\u307e\u3057\u305f\u304c\u3001\u5f53\u7136\u3001\u3084\u304c\u3066\u3053\u306e\u653b\u6483\u8005\u304c\u4f55\u304b\u5225\u306e\u3082\u306e\u3092\u88c5\u3063\u3066\u623b\u3063\u3066\u304f\u308b\u3082\u306e\u3068\u601d\u308f\u308c\u307e\u3059\u3002<\/p>\n

\u6355\u6349\u4f5c\u696d\u3092\u304a\u624b\u4f1d\u3044\u3057\u3066\u3044\u305f\u3060\u3044\u305f\u30de\u30eb\u30a6\u30a7\u30a2 \u30ea\u30b5\u30fc\u30c1 \u30c1\u30fc\u30e0(Yaron Samuel\u3001Artiom Radune\u3001Mashav Sapir\u3001Netanel Rimer)\u306b\u611f\u8b1d\u3044\u305f\u3057\u307e\u3059\u3002<\/p>\n

\u4ed8\u93321 \u2013 \u79d8\u5bc6\u88cf\u306b\u6301\u3061\u51fa\u3059\u305f\u3081\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/h3>\n

\u3053\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u306f\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u6587\u5b57\u5217\u3092\u6697\u53f7\u5316\u3059\u308b\u306e\u306b\u4f7f\u308f\u308c\u308b\u3082\u306e\u3068\u306f\u5225\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u4f7f\u3063\u3066\u3001\u79d8\u5bc6\u88cf\u306b\u6301\u3061\u51fa\u3059\u30c7\u30fc\u30bf\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002\u305d\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306b\u306f\u6b21\u306e\u3082\u306e\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n

    \n
  1. \u30ad\u30fc\u30ed\u30ac\u30fc \u30c7\u30fc\u30bf\uff0b\u8a00\u8a9e<\/li>\n
  2. \u30de\u30eb\u30a6\u30a7\u30a2 \u30ed\u30b0\u2015\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u523b\u3001DLL\u306e\u30d1\u30b9\u3068\u540d\u79f0\u3001\u30ed\u30b0\u306e\u30d1\u30b9\u3001\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u56de\u6570\u3001\u6210\u529f\/\u5931\u6557\u3057\u305f\u63a5\u7d9a\u306e\u6570<\/li>\n
  3. \u88ab\u5bb3\u8005\u306e\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u306b\u95a2\u3059\u308b\u60c5\u5831: \u30bf\u30a4\u30e0 \u30be\u30fc\u30f3\u3001\u30c9\u30e9\u30a4\u30d6\u3068\u305d\u306e\u7a2e\u985e\u306e\u4e00\u89a7\u3001\u5b9f\u884c\u4e2d\u306e\u30d7\u30ed\u30bb\u30b9\u3001\u30c7\u30a3\u30b9\u30af\u60c5\u5831<\/li>\n<\/ol>\n

    \u307e\u305a\u3001\u3053\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u306f\u3059\u3079\u3066\u306e\u30d0\u30a4\u30c8\u306b1\u3092\u52a0\u3048\u3001\u6b21\u3044\u3067\u88ab\u5bb3\u8005\u306e\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u540d\u306b\u57fa\u3065\u3044\u3066\u6697\u53f7\u5316\u30ad\u30fc\u3092\u521d\u671f\u5316\u3057\u307e\u3059(\u30ad\u30fc\u306b\u304a\u3051\u308b\u30aa\u30d5\u30bb\u30c3\u30c8\u306f\u300c\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u540d\u306e\u5404\u6587\u5b57\u30b3\u30fc\u30c9\u306e\u5408\u8a08\u300d%\u300c\u30ad\u30fc\u306e\u9577\u3055\u300d\u3067\u8a08\u7b97\u3055\u308c\u307e\u3059)\u3002\u305d\u306e\u5f8c\u3001\u30ad\u30fc\u304c\u30c7\u30fc\u30bf\u306e\u6697\u53f7\u5316\u306b\u4f7f\u308f\u308c\u307e\u3059(\u5fa9\u53f7\u5316\u95a2\u6570\u3092\u53c2\u7167\u306e\u3053\u3068)\u3002\u6697\u53f7\u5316\u3055\u308c\u305f\u30c7\u30fc\u30bf\u306f\u5f15\u304d\u7d9a\u304dbase64\u3067\u30b3\u30fc\u30c9\u5316\u3055\u308c\u307e\u3059\u3002<\/p>\n

    \u79d8\u5bc6\u88cf\u306b\u6301\u3061\u51fa\u3059\u30c7\u30fc\u30bf\u3092\u6697\u53f7\u5316\u3059\u308bpython\u30b3\u30fc\u30c9:<\/h4>\n
    \n
    import os,sys\r\nimport string\r\nimport base64\r\nimport fileinput\r\nFIRST_PHASE = \"OQTJEqtsK0AUB9YXMwr8idozF7VWRPpnhNCHI6Dlkaubyxf5423jvcZ1LSGmge\" \r\nSECOND_PHASE = \"PqOwI1eUrYtT2yR3p4E5o6WiQu7ASlDkFj8GhHaJ9sKdLfMgNzBx0ZcXvCmVnb\"\r\nglobal FULL_KEY\r\nFULL_KEY= \"\"\r\ndef sub_1_for_hex(str_input):\r\n    str_output = \"\"\r\n    for letter in str_input:\r\n        try:\r\n            str_output += chr(ord(letter)-1)\r\n        except:\r\n            print \"sub_1_for_hex func problem\"\r\n            continue\r\n    return str_output\r\n\r\ndef sum_comp_name(comp_name):\r\n    sum = 0\r\n    for letter in comp_name:\r\n        sum+= ord(letter)\r\n    return sum\r\n    \r\ndef init_key(comp):    \r\n    comp_name_sum = sum_comp_name(comp)\r\n    carry = divmod(comp_name_sum, 62)\r\n    index = carry[1] -1\r\n    end_key = FIRST_PHASE[:index]\r\n    key = FIRST_PHASE[index:]\r\n    key = key + end_key\r\n    key = key + key\r\n    return key\r\n\r\ndef decrypt(num_list,offset):\r\n    global FULL_KEY\r\n    input = \"\"\r\n    for num_str in num_list:\r\n        try:\r\n            input += num_str.decode('hex')\r\n        except:\r\n            input += ')'    \r\n    result = \"\"\r\n    for i, c in enumerate(input):\r\n        i = i % 62 +1 \r\n        try:\r\n            index = FULL_KEY.index(c)-1\r\n        except ValueError:\r\n            result += c\r\n            continue\r\n        translated = SECOND_PHASE[(index - i +offset) % len(SECOND_PHASE)]\r\n        result += translated\r\n    return result  \r\n\r\ndef found_infy_enc_data(line):    \r\n    found_infy_str = \"show=\\\"---------- Administration Reporting Service \"\r\n    found_infy_index = line.find(found_infy_str)\r\n    if not found_infy_index==-1:\r\n        return True,found_infy_index\r\n    else:\r\n        return False,found_infy_index\r\n \r\ndef extract_comp_name(line):\r\n    comp = r\"\\xd\\xa-----\"\r\n    comp_index = line.find(comp)\r\n    comp_name = line[comp_index+len(comp):]\r\n    comp_name = comp_name[:comp_name.find(\"-----\")]\r\n    print \"(((=)))\" + comp_name\r\n    return comp_name\r\n    \r\ndef extract_enc_data(line):\r\n    header = r\"\\xd\\xa_____\"\r\n    start_index = line.find(header)+len(header)\r\n    line = line[start_index:]\r\n    endindex = line.index(\"_____\\\" value=\")\r\n    line = line[:endindex]\r\n    return line\r\n\r\ndef write_enc_infy_data_to_file(dec_line,comp_name,filename):                 \r\n    file1 = open(filename + \"\\\\\" + comp_name + \".txt\",'ab')\r\n    file1.writelines(dec_line)\r\n    file1.close()\r\n\r\ndef enc_wrapper(enc,comp_name):\r\n    global FULL_KEY\r\n    print FULL_KEY\r\n    FULL_KEY = init_key(comp_name)\r\n    \r\n    enc_final = \"\"\r\n    for letter in enc: \r\n            if len(hex(ord(letter))[2:])==1:\r\n            enc_final += \"0\" + hex(ord(letter))[2:]  \r\n        elif len(hex(ord(letter))[2:])==2:\r\n            enc_final += hex(ord(letter))[2:]  \r\n        else:\r\n            print \"not good hex length\"\r\n            exit()\r\n            \r\n    enc = enc_final.upper() \r\n   \r\n    enc = enc.replace(\"2E\",\"21\") \r\n    enc = enc.replace(\"C5DC5A\",\"\") \r\n    enc = enc.replace(\"D03D00\",\"\")\r\n    enc = enc.replace(\"0B0E\",\"2121\")  \r\n\r\n    enc = enc.replace(\"01\",\"21\") \r\n     \r\n    enc_len = len(enc)\r\n\r\n    enc_rev = \"\"\r\n    num_list = []\r\n    enc_print =\"\"\r\n    for i in range(0,enc_len\/2):\r\n        enc_rev = enc[-2:]\r\n        if not enc_rev==\"0B\" and not enc_rev==\"0E\" and not enc_rev==\"00\" and not enc_rev==\"D0\":\r\n            enc_print +=enc_rev\r\n            num_list.append(enc_rev)\r\n        enc= enc[:-2]\r\n    \r\n    #the first part is always ok\r\n    dec_str = decrypt(num_list,0)\r\n    final = sub_1_for_hex(dec_str)\r\n    index = final.find(\"OK: Sent\")\r\n    if index==-1:\r\n        print comp_name + \" - did not found OK: Sent !!!!\\n\\n\\n\\n\"\r\n        #exit()\r\n    decrypt_data = comp_name + \" ++==++ \" +  str(i) + \": \" + final + \"\\n\"\r\n    \r\n    final_start = final[0:500]\r\n    if final_start in UNIQUE_DATA:\r\n          print comp_name + \" already have this data\"\r\n          return\r\n    UNIQUE_DATA.append(final_start)\r\n    index = final.find(\"Installed Date:\") \r\n    \r\n    if index==-1:\r\n        for i in range(1,61):\r\n            dec_str = decrypt3(num_list,i)\r\n            final = sub_1_for_hex(dec_str)\r\n                 \r\n            ##print all 62 options\r\n            index2 = final.find(\"PROGRAM START:\")\r\n            index3 = final.find(\"Installed Date:\")\r\n            if not index2 ==-1 or not index3 ==-1:\r\n                decrypt_data += str(i) + \": \" + final + \"\\n\"\r\n    write_enc_infy_data_to_file(decrypt_data,comp_name,FILE_OUTPUT_NAME)\r\n\r\ndef read_enc_data_files():\r\n\r\n    for root,dir,files in os.walk(PDML_PATH):\r\n        for file in files:\r\n            filename = root+ \"\\\\\" + file\r\n            if os.path.isfile(filename):\r\n                print filename\r\n                for line in fileinput.input([filename]):\r\n                    line = line.strip()\r\n                    is_found,found_infy_index= found_infy_enc_data(line)\r\n                    if not is_found:\r\n                        continue\r\n                    line = line[found_infy_index:]\r\n                    \r\n                    #get computer name (for use in init_key() later)\r\n                    comp_name = extract_comp_name(line)\r\n                    UNIQUE_COMP.append(comp_name)\r\n                    #get the infy encrypted data\r\n                    line = extract_enc_data(line)\r\n                    #base64 decode enc_data\r\n                    dec_line = line.decode('base64')\r\n                    #append enc_data to file\r\n                    write_enc_infy_data_to_file(dec_line,comp_name,FILE_ENC_OUTPUT_NAME)\r\n                    enc_wrapper(dec_line,comp_name)\r\ntry:  \r\n    read_enc_data_files()\r\nexcept:\r\n    print \"exception!!!!\"\r\n<\/pre>\n<\/div>\n
    \u4ed8\u93322 \u2013 IoC<\/h3>\n
    Infy\u30d0\u30fc\u30b8\u30e7\u30f331: f07e85143e057ee565c25db2a9f36491102d4e526ffb02c83e580712ec00eb27<\/p>\n
    Infy\u300cM\u300d\u30d0\u30fc\u30b8\u30e7\u30f38.0: 583349B7A2385A1E8DE682A43351798CA113CBBB80686193ECF9A61E6942786A<\/p>\n
    5.9.94.34
    \n138.201.0.134
    \n138.201.47.150
    \n144.76.250.205
    \n138.201.47.158
    \n138.201.47.153
    \nus1s2[.]strangled[.]net
    \nuvps1[.]cotbm[.]com
    \ngstat[.]strangled[.]net
    \nsecup[.]soon[.]it
    \np208[.]ige[.]es
    \nlu[.]ige[.]es
    \nupdateserver1[.]com
    \nupdateserver3[.]com
    \nupdatebox4[.]com
    \nbestupdateserver[.]com
    \nbestupdateserver2[.]com
    \nbestbox3[.]com
    \nsafehostline[.]com
    \nyouripinfo[.]com
    \nbestupser[.]awardspace[.]info
    \nbox4035[.]net
    \nbox4036[.]net
    \nbox4037[.]net
    \nbox4038[.]net
    \nbox4039[.]net
    \nbox4040[.]net
    \nbox4041[.]net
    \nbox4042[.]net
    \nbox4043[.]net
    \nbox4044[.]net
    \nbox4045[.]net
    \nbox4046[.]net
    \nbox4047[.]net
    \nbox4048[.]net
    \nbox4049[.]net
    \nbox4050[.]net
    \nbox4051[.]net
    \nbox4052[.]net
    \nbox4053[.]net
    \nbox4054[.]net
    \nbox4055[.]net
    \nbox4056[.]net
    \nbox4057[.]net
    \nbox4058[.]net
    \nbox4059[.]net
    \nbox4060[.]net
    \nbox4061[.]net
    \nbox4062[.]net
    \nbox4063[.]net
    \nbox4064[.]net
    \nbox4065[.]net
    \nbox4066[.]net
    \nbox4067[.]net
    \nbox4068[.]net
    \nbox4069[.]net
    \nbox4070[.]net
    \nbox4071[.]net
    \nbox4072[.]net
    \nbox4075[.]net
    \nbox4078[.]net
    \nbox4079[.]net
    \nbox4080[.]net
    \nbox4081[.]net
    \nbox4082[.]net
    \nbox4083[.]net
    \nbox4084[.]net
    \nbox4085[.]net
    \nbox4086[.]net
    \nbox4087[.]net
    \nbox4088[.]net
    \nbox4089[.]net
    \nbox4090[.]net<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u6982\u8981 Unit 42\u306f\u30015\u6708\u521d\u65ec\u306b\u300c\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002 \u305d\u3053\u3067\u3001\u4ee5\u524d\u306f\u672a\u516c\u958b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u3001Infy \u3092\u4f7f\u7528\u3057\u3066\u3001\u4e16\u754c\u4e2d\u306e\u653f\u5e9c\u6a5f\u95a2\u3084\u6ce8\u76ee\u3092\u96c6\u3081\u3066\u3044\u308b\u696d\u754c\u3092\u6a19\u7684\u3068\u3057\u305f1<\/p>\n","protected":false},"author":171,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4321,1974,4428],"tags":[4843,7296],"product_categories":[],"coauthors":[15,541],"class_list":["post-106153","post","type-post","status-publish","format-standard","hentry","category-threat-research","category-malware-ja","category-threat-research-ja","tag-c2-ja","tag-infy"],"yoast_head":"\n\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc<\/title>\n<meta name=\"description\" content=\"\u6982\u8981 Unit 42\u306f\u30015\u6708\u521d\u65ec\u306b\u300c\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002 \u305d\u3053\u3067\u3001\u4ee5\u524d\u306f\u672a\u516c\u958b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u3001Infy\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc\" \/>\n<meta property=\"og:description\" content=\"\u6982\u8981 Unit 42\u306f\u30015\u6708\u521d\u65ec\u306b\u300c\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002 \u305d\u3053\u3067\u3001\u4ee5\u524d\u306f\u672a\u516c\u958b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u3001Infy\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-28T22:00:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-09T01:50:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/PoP-Game-Over-1.png\" \/>\n<meta name=\"author\" content=\"Simon Conant, Lior Efraim\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc","description":"\u6982\u8981 Unit 42\u306f\u30015\u6708\u521d\u65ec\u306b\u300c\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002 \u305d\u3053\u3067\u3001\u4ee5\u524d\u306f\u672a\u516c\u958b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u3001Infy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/","og_locale":"ja_JP","og_type":"article","og_title":"\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc","og_description":"\u6982\u8981 Unit 42\u306f\u30015\u6708\u521d\u65ec\u306b\u300c\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002 \u305d\u3053\u3067\u3001\u4ee5\u524d\u306f\u672a\u516c\u958b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u3001Infy","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/","og_site_name":"Unit 42","article_published_time":"2016-06-28T22:00:19+00:00","article_modified_time":"2020-04-09T01:50:59+00:00","og_image":[{"url":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/PoP-Game-Over-1.png","type":"","width":"","height":""}],"author":"Simon Conant, Lior Efraim","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/"},"author":{"name":"Lior Efraim","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/1803ec121f7b50c84d2a226280ab761a"},"headline":"\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc","datePublished":"2016-06-28T22:00:19+00:00","dateModified":"2020-04-09T01:50:59+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/"},"wordCount":399,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#primaryimage"},"thumbnailUrl":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/PoP-Game-Over-1.png","keywords":["C2","Infy"],"articleSection":["Threat Research","\u30de\u30eb\u30a6\u30a7\u30a2","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/","name":"\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#primaryimage"},"thumbnailUrl":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/PoP-Game-Over-1.png","datePublished":"2016-06-28T22:00:19+00:00","dateModified":"2020-04-09T01:50:59+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/1803ec121f7b50c84d2a226280ab761a"},"description":"\u6982\u8981 Unit 42\u306f\u30015\u6708\u521d\u65ec\u306b\u300c\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002 \u305d\u3053\u3067\u3001\u4ee5\u524d\u306f\u672a\u516c\u958b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u3001Infy","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#primaryimage","url":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/PoP-Game-Over-1.png","contentUrl":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/PoP-Game-Over-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-prince-of-persia-game-over\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"\u30d7\u30ea\u30f3\u30b9 \u30aa\u30d6 \u30da\u30eb\u30b7\u30e3 \u2013 \u30b2\u30fc\u30e0 \u30aa\u30fc\u30d0\u30fc"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/1803ec121f7b50c84d2a226280ab761a","name":"Lior Efraim","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/4ffb3c2d260a0150fb91b3715442f8b3","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Lior Efraim"},"url":"https:\/\/unit42.paloaltonetworks.com\/ja\/author\/lior-efraim\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/171"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=106153"}],"version-history":[{"count":2,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106153\/revisions"}],"predecessor-version":[{"id":106155,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106153\/revisions\/106155"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=106153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=106153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=106153"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=106153"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=106153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}