{"id":106887,"date":"2016-12-15T05:00:20","date_gmt":"2016-12-15T13:00:20","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=106887"},"modified":"2020-04-27T18:17:08","modified_gmt":"2020-04-28T01:17:08","slug":"unit42-let-ride-sofacy-groups-dealerschoice-attacks-continue","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-let-ride-sofacy-groups-dealerschoice-attacks-continue\/","title":{"rendered":"\u30ec\u30c3\u30c8\u30a4\u30c3\u30c8\u30e9\u30a4\u30c9: Sofacy\u30b0\u30eb\u30fc\u30d7\u306eDealersChoice\u653b\u6483\u7d9a\u304f"},"content":{"rendered":"

\u6982\u8981<\/h2>\n

\u6700\u8fd1\u3001Palo Alto Networks\u306eUnit 42\u306f\u3001\u79c1\u305f\u3061\u304c\"DealersChoice\"\u3068\u547c\u3093\u3067\u3044\u308b\u65b0\u578b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0<\/a>\u306b\u3064\u3044\u3066\u5831\u544a\u3057\u307e\u3057\u305f\u3002\"DealersChoice\"\u306fSofacy\u30b0\u30eb\u30fc\u30d7<\/a>(\u5225\u540dAPT28\u3001Fancy Bear\u3001STRONTIUM\u3001Pawn Storm\u3001Sednit)\u304c\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u79c1\u305f\u3061\u306e\u6700\u521d\u306e\u8a18\u4e8b\u3067\u6982\u8aac\u3057\u305f\u3088\u3046\u306b\u3001DealersChoice\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306f\u60aa\u610f\u306e\u3042\u308bRTF\u6587\u66f8\u3092\u751f\u6210\u3057\u307e\u3059\u304c\u3001\u3053\u306eRTF\u6587\u66f8\u306f\u3055\u3089\u306b\u57cb\u3081\u8fbc\u307fOLE Word\u6587\u66f8\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002\u305d\u3057\u3066\u3055\u3089\u306b\u3001\u3053\u308c\u3089\u306e\u57cb\u3081\u8fbc\u307fOLE Word\u6587\u66f8\u306b\u306fAbode Flash\u306e\u8106\u5f31\u6027\u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3059\u308b\u3088\u3046\u8a2d\u8a08\u3055\u308c\u305f\u57cb\u3081\u8fbc\u307fAdobe Flash (.SWF)\u30d5\u30a1\u30a4\u30eb\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

\u6700\u521d\u306b\u5831\u544a\u3057\u305f\u6642\u70b9\u3067\u3001\u79c1\u305f\u3061\u306f\u4e9c\u7a2e\u30922\u3064\u767a\u898b\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n

    \n
  1. \u4e9c\u7a2eA: Flash\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30b3\u30fc\u30c9\u3092\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u3068\u3082\u306b\u30d1\u30c3\u30b1\u30fc\u30b8\u5316\u3057\u305f\u72b6\u614b\u3067\u542b\u3093\u3067\u3044\u308b\u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30fc\u30f3\u65b9\u5f0f\u306e\u4e9c\u7a2e\u3002<\/li>\n
  2. \u4e9c\u7a2eB: \u30aa\u30f3\u30c7\u30de\u30f3\u30c9\u3067\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30b3\u30fc\u30c9\u3092\u30ed\u30fc\u30c9\u3059\u308b\u3082\u306e\u3060\u304c\u3001\u5f53\u6642\u306f\u52d5\u4f5c\u3057\u3066\u3044\u306a\u3044\u3088\u3046\u306b\u898b\u53d7\u3051\u3089\u308c\u305f\u30e2\u30b8\u30e5\u30fc\u30eb\u65b9\u5f0f\u306e\u4e9c\u7a2e\u3002<\/li>\n<\/ol>\n

    \u305d\u306e\u3068\u304d\u4ee5\u6765\u3001\u79c1\u305f\u3061\u306fDealersChoice\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u304c\u751f\u6210\u3059\u308b\u6b66\u5668\u5316\u3055\u308c\u305f\u6587\u66f8\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u8ffd\u52a0\u53ce\u96c6\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u305d\u308c\u3089\u6700\u65b0\u306e\u8ffd\u52a0\u30b5\u30f3\u30d7\u30eb\u306f\u3001\u3059\u3079\u3066\u4e9c\u7a2eB\u306e\u30b5\u30f3\u30d7\u30eb\u3067\u3059\u3002\u3053\u308c\u3089\u30b5\u30f3\u30d7\u30eb\u306e\u3046\u30612\u3064\u304c\u7a3c\u50cd\u4e2d\u306e\u30b3\u30de\u30f3\u30c9\uff06\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30b5\u30fc\u30d0\u3092\u4f7f\u7528\u3057\u3066\u3044\u305f\u305f\u3081\u3001\u79c1\u305f\u3061\u306f\u653b\u6483\u306b\u95a2\u9023\u3059\u308b\u75d5\u8de1\u3092\u3055\u3089\u306b\u53ce\u96c6\u3001\u5206\u6790\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n

    2016\u5e7410\u6708\u4e0b\u65ec\u3001Adobe\u304cAdobe Security Bulletin\u00a0APSB16-36<\/a>\u3092\u914d\u5e03\u3057\u3066CVE-2016-7855<\/a>\u306b\u5bfe\u5fdc\u3057\u307e\u3057\u305f\u30022016\u5e7411\u6708\u521d\u65ec\u3001Microsoft\u304cMicrosoft Security Bulletin\u00a0MS16-135<\/a>\u3092\u914d\u5e03\u3057\u3066CVE-2016-7255<\/a>\u306b\u5bfe\u5fdc\u3057\u307e\u3057\u305f\u3002<\/p>\n

    \u3053\u306e\u4e21\u8005\u306f\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u6d3b\u767a\u3067\u3042\u308b\u3053\u3068\u306b\u5bfe\u5fdc\u3057\u305f\u3082\u306e\u3067\u3057\u305f\u304c\u3001\u3053\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304cSofacy\u30b0\u30eb\u30fc\u30d7\u3068\u95a2\u9023\u304c\u3042\u308b\u3068\u4ed6\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u8003\u3048\u3066\u3044\u307e\u3057\u305f<\/a>\u3002\u79c1\u305f\u3061\u72ec\u81ea\u306e\u5206\u6790\u3060\u3051\u3067\u306a\u304f\u3001\u5225\u306e\u5831\u544a\u304b\u3089\u3082\u3001Adobe Flash\u306e\u8106\u5f31\u6027CVE-2016-7855\u306b\u5bfe\u3059\u308b\u3053\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30b3\u30fc\u30c9\u304cDealersChoice\u3092\u4f7f\u3063\u3066\u914d\u4fe1\u3055\u308c\u305f\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u307e\u305f\u3001\u793e\u5185\u306e\u30c6\u30b9\u30c8\u304b\u3089\u3082\u3001Palo Alto Networks Traps\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8 \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u304a\u5ba2\u69d8\u304c\u3001\u3053\u306e\u65b0\u578b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30b3\u30fc\u30c9\u304b\u3089\u4fdd\u8b77\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3082\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n

    \u4ef2\u9593\u306b\u5165\u308c\u308d: \u6d3b\u52d5\u4e2d\u306e C2 \u30b5\u30fc\u30d0\u3092\u898b\u3064\u3051\u308b<\/h3>\n

    \u79c1\u305f\u3061\u304c\u524d\u56de\u306e\u30d6\u30ed\u30b0\u3067DealersChoice\u306b\u3064\u3044\u3066\u8003\u5bdf\u3057\u305f\u969b\u3001<\/a>\u4e9c\u7a2eB\u304c\u8e0f\u3080\u3068\u601d\u308f\u308c\u3066\u3044\u305f\u624b\u9806\u304c\u88ab\u5bb3\u8005\u306e\u30db\u30b9\u30c8\u4e0a\u3067\u4e00\u5ea6\u5b9f\u884c\u3055\u308c\u308b\u3068\u3053\u308d\u306f\u7a81\u304d\u6b62\u3081\u307e\u3057\u305f\u304c\u3001\u305d\u306e\u3068\u304d\u306f\u7279\u5b9a\u3057\u305f\u30b3\u30de\u30f3\u30c9\uff06\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb(C2)\u30b5\u30fc\u30d0\u3068\u3046\u307e\u304f\u5bfe\u8a71\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002<\/p>\n

    \u305d\u306e\u5f8c\u3001\u79c1\u305f\u3061\u306f\u30d5\u30eb\u7a3c\u50cd\u3057\u3066\u3044\u308b\u6d3b\u52d5\u4e2d\u306eC2\u30b5\u30fc\u30d0(versiontask[.]com and postlkwarn[.]com)\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u306eC2\u30b5\u30fc\u30d0\u306f\u3001\u79c1\u305f\u3061\u304c\u30d6\u30ed\u30b0\u3067\u6982\u8aac\u3057\u305f\u901a\u308a\u3001\u305d\u306e\u624b\u9806\u3092\u305f\u3069\u308a\u307e\u3057\u305f\u3002\u3064\u307e\u308a\u3001\u8ffd\u52a0\u306eFlash\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30b3\u30fc\u30c9\u3092\u30e1\u30e2\u30ea\u306b\u30ed\u30fc\u30c9\u3057\u3001\u5f15\u304d\u7d9a\u304d\u95a2\u9023\u3059\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u3082\u30e1\u30e2\u30ea\u306b\u30ed\u30fc\u30c9\u3057\u307e\u3057\u305f\u3002\u56f31\u306f\u88ab\u5bb3\u8005\u306eC2\u901a\u4fe1\u306b\u95a2\u3059\u308b\u4f5c\u696d\u306e\u6d41\u308c\u3067\u3059\u3002<\/p>\n

    \"\u56f31<\/a>
    \u56f31 DealersChoice\u306e\u4f5c\u696d\u306e\u6d41\u308c<\/figcaption><\/figure>\n

    \u4e9c\u7a2eB\u306b\u542b\u307e\u308c\u308bActionScript\u304cC2\u30b5\u30fc\u30d0\u3068\u5bfe\u8a71\u3092\u3057\u307e\u3059\u3002\u5177\u4f53\u7684\u306b\u306f\u3001\u60aa\u610f\u306e\u3042\u308bSWF\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u53d6\u5f97\u3059\u308b\u306e\u304c\u76ee\u7684\u3067\u3059\u3002\u3053\u306e\u30d7\u30ed\u30bb\u30b9\u306fC2\u30b5\u30fc\u30d0\u3078\u306e\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3\u304b\u3089\u59cb\u307e\u308a\u307e\u3059\u304c\u3001\u3053\u306e\u30d3\u30fc\u30b3\u30f3\u306b\u306f\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u304a\u3088\u3073\u88ab\u5bb3\u8005\u306eAdobe Flash Player\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u56f32\u306fActionScript\u304cC2\u30b5\u30fc\u30d0\u306b\u5411\u3051\u3066\u9001\u308b\u30d3\u30fc\u30b3\u30f3\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

    \"\u56f32<\/a>
    \u56f32 DealersChoice\u304b\u3089C2\u30b5\u30fc\u30d0\u3078\u306e\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3<\/figcaption><\/figure>\n

    C2\u306f\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3\u306b\u5bfe\u3057\u3066\u5fdc\u7b54\u3057\u6587\u5b57\u5217\u3092\u8fd4\u3057\u307e\u3059\u304c\u3001\u3053\u306e\u6587\u5b57\u5217\u3092DealersChoice\u306eActionScript\u304c\u305d\u306e\u5f8c\u306e\u6d3b\u52d5\u3067\u5909\u6570\u3068\u3057\u3066\u4f7f\u7528\u3057\u307e\u3059\u3002\u6d3b\u52d5\u306b\u306f\u3001\u4f8b\u3048\u3070\u8ffd\u52a0\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3084\u305d\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5bfe\u3059\u308b\u5fdc\u7b54\u306e\u5fa9\u53f7\u5316\u306a\u3069\u304c\u3042\u308a\u307e\u3059\u3002\u56f33\u306f\u30d3\u30fc\u30b3\u30f3\u306b\u5bfe\u3059\u308bC2\u30b5\u30fc\u30d0\u306e\u5fdc\u7b54\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u5177\u4f53\u7684\u306b\u306fk1\u3001k2\u3001k3\u304a\u3088\u3073k4\u306e\u5024\u3092\u542b\u3093\u3067\u3044\u307e\u3059\u3002<\/p>\n

    \"\u56f33<\/a>
    \u56f33 \u30d3\u30fc\u30b3\u30f3\u306b\u5bfe\u3059\u308bC2\u5fdc\u7b54\u304c\u3001\u30c7\u30fc\u30bf\u306e\u5fa9\u53f7\u5316\u306b\u5fc5\u8981\u306a\u30c8\u30fc\u30af\u30f3\u304a\u3088\u3073\u30ad\u30fc\u3092DealersChoice\u306b\u4e0e\u3048\u308b<\/figcaption><\/figure>\n

    \u3059\u308b\u3068ActionScript\u306fC2\u5fdc\u7b54\u30c7\u30fc\u30bf\u306e\u4e2d\u304b\u3089\u5f97\u305fk1\u5909\u6570\u3092\u30c8\u30fc\u30af\u30f3\u3068\u3057\u3066\u4f7f\u7528\u3057\u307e\u3059\u3002\u3053\u306e\u30c8\u30fc\u30af\u30f3\u306f\u3001\u60aa\u610f\u306e\u3042\u308bSWF\u30d5\u30a1\u30a4\u30eb\u3092\u53d6\u5f97\u3059\u308b\u76ee\u7684\u3067C2\u30b5\u30fc\u30d0\u306b\u9001\u308a\u8fd4\u3055\u308c\u308bHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u4e2d\u306b\u542b\u307e\u308c\u3066\u3044\u307e\u3059(\u56f34\u53c2\u7167)\u3002<\/p>\n

    C2\u30b5\u30fc\u30d0\u306f\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5fdc\u7b54\u3057\u3066\u30c7\u30fc\u30bf\u3092\u9001\u308a\u3001\u3053\u306e\u30c7\u30fc\u30bf\u306e\u5fa9\u53f7\u5316\u3092ActionScript\u304ck3\u5909\u6570\u306e\u5024\u3092\u4f7f\u7528\u3057\u3066\u884c\u3044\u307e\u3059\u3002<\/p>\n

    \u6d3b\u52d5\u4e2d\u306eC2\u30b5\u30fc\u30d0\u306f\u4e9c\u7a2eB\u306b\u60aa\u610f\u306e\u3042\u308bSWF\u30d5\u30a1\u30a4\u30eb\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u3001CVE-2015-7645<\/a>\u00a0(2016\u5e7410\u6708\u306bAdobe Security Bulletin\u00a0APSA15-05<\/a>\u3067\u5bfe\u5fdc\u6e08\u307f)\u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3057\u305f\u540c\u3058SWF\u30d5\u30a1\u30a4\u30eb\u3067\u3042\u308a\u3001\u4e9c\u7a2eA\u306e\u30b5\u30f3\u30d7\u30eb\u5185\u3067\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n

    c42a0d50eac9399914090f1edc2bda9ac1079edff4528078549c824c4d023ff9
    \n45a4a376cb7a36f8c7851713c7541cb7e347dafb08980509069a078d3bcb1405<\/p>\n

    \"\u56f34<\/a>
    \u56f34 DealersChoice\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8(Adobe Flash Player\u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3059\u308b\u60aa\u610f\u306e\u3042\u308bSWF\u30d5\u30a1\u30a4\u30eb\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306e\u3082\u306e)<\/figcaption><\/figure>\n

    \u60aa\u610f\u306e\u3042\u308bSWF\u30d5\u30a1\u30a4\u30eb\u3092\u53d7\u3051\u53d6\u308b\u3068\u3001\u4e9c\u7a2eB\u306f\u305d\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306e\u30c8\u30fc\u30af\u30f3\u3068\u3057\u3066k2\u5909\u6570\u3092\u4f7f\u7528\u3059\u308bHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u767a\u884c\u3057\u307e\u3059(\u56f35\u53c2\u7167)\u3002C2\u30b5\u30fc\u30d0\u306f\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5fdc\u7b54\u3057\u3066\u30c7\u30fc\u30bf\u3092\u9001\u308a\u3001\u3053\u306e\u30c7\u30fc\u30bf\u306e\u5fa9\u53f7\u5316\u3092\u4e9c\u7a2eB\u304ck4\u5909\u6570\u306e\u5024\u3092\u30ad\u30fc\u3068\u3057\u3066\u4f7f\u7528\u3057\u3066\u884c\u3044\u307e\u3059\u3002\u7d50\u679c\u3068\u3057\u3066\u5f97\u3089\u308c\u308b\u5fa9\u53f7\u5316\u6e08\u307f\u30c7\u30fc\u30bf\u306b\u306f\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u304a\u3088\u3073\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u304c\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5fa9\u53f7\u5316\u3057\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n

    \"\u56f35<\/a>
    \u56f35 DealersChoice\u306eHTTP \u30ea\u30af\u30a8\u30b9\u30c8(\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u6210\u529f\u6642\u306b\u5b9f\u884c\u3059\u308b\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u304a\u3088\u3073\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306e\u3082\u306e)<\/figcaption><\/figure>\n

    \u6d3b\u52d5\u4e2d\u306eC2\u30b5\u30fc\u30d0versiontask[.]com\u304a\u3088\u3073postlkwarn[.]com\u306f\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5fa9\u53f7\u5316\u3057\u5b9f\u884c\u3059\u308b\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002\u4e21\u8005\u3044\u305a\u308c\u306e\u5834\u5408\u3082\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u30ed\u30fc\u30c0\u30fc\u578b\u30c8\u30ed\u30a4\u306e\u6728\u99ac\u3067\u3042\u308a\u3001\u30b7\u30b9\u30c6\u30e0\u306b\u4fdd\u5b58\u3057\u3066\u3042\u308b\u57cb\u3081\u8fbc\u307f\u578bDLL\u3092\u62bd\u51fa\u3057\u5fa9\u53f7\u5316\u3057\u307e\u3059\u3002<\/p>\n

    5dd3066a8ee3ab5b380eb7781c85e4253683cd7e3eee1c29013a7a62cd9bef8c fa8b4f64bff799524f6059c3a4ed5d169e9e7ef730f946ac7ad8f173e8294ed8<\/p>\n

    \u307e\u305f\u3001\u3044\u305a\u308c\u306e\u5834\u5408\u3082\u3001\u30b7\u30b9\u30c6\u30e0\u306b\u4fdd\u5b58\u3057\u3066\u3042\u308bDLL\u306fCarberp\u30bd\u30fc\u30b9 \u30b3\u30fc\u30c9\u3092\u4f7f\u7528\u3059\u308bSofacy\u306e\u30c4\u30fc\u30eb\u306e\u4e9c\u7a2e\u3067\u3059\u3002<\/p>\n

    82213713cf442716eac3f8c95da8d631aab2072ba44b17dda86873e462e10421 3ff1332a84d615a242a454e5b29f08143b1a89ac9bd7bfaa55ba0c546db10e4b<\/p>\n

    Seduploader\u30c4\u30fc\u30eb\u306e\u3053\u306e2\u3064\u306e\u4e9c\u7a2e\u306f\u540c\u3058C2\u30c9\u30e1\u30a4\u30f3apptaskserver[.]com\u3092\u5171\u6709\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u306eC2\u30c9\u30e1\u30a4\u30f3\u306fappservicegroup[.]com\u304a\u3088\u3073joshel[.]com\u3068\u3044\u3046\u7570\u306a\u308b\u3082\u306e\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n

    \u6700\u5f8c\u306e\u5207\u308a\u672d: \u88ab\u5bb3\u8005\u306e\u30d5\u30a3\u30f3\u30ac\u30fc\u30d7\u30ea\u30f3\u30c6\u30a3\u30f3\u30b0\u3092\u5206\u6790\u3059\u308b<\/h3>\n

    \u4e9c\u7a2eB\u306e\u6d3b\u52d5\u4e2d\u306eC2\u30b5\u30fc\u30d0\u3092\u5206\u6790\u3057\u3066\u3044\u308b\u904e\u7a0b\u3067\u3001\u79c1\u305f\u3061\u306f\u3001C2\u30b5\u30fc\u30d0\u304c\u88ab\u5bb3\u8005\u306e\u30d5\u30a3\u30f3\u30ac\u30fc\u30d7\u30ea\u30f3\u30c6\u30a3\u30f3\u30b0\u306b\u57fa\u3065\u3044\u3066\u3001\u7570\u306a\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 \u30b3\u30fc\u30c9\u3092\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3044\u3046\u4eee\u8aac\u3092\u30c6\u30b9\u30c8\u3057\u305f\u3044\u3068\u601d\u3046\u306b\u81f3\u308a\u307e\u3057\u305f\u3002\u79c1\u305f\u3061\u306fC2\u30b5\u30fc\u30d0\u306b\u5bfe\u3057\u3066\u3055\u307e\u3056\u307e\u306a\u5fdc\u7b54\u3092\u4e0e\u3048\u308b\u3053\u3068\u3067\u3053\u308c\u3092\u30c6\u30b9\u30c8\u3057\u307e\u3057\u305f\u3002<\/p>\n

    \u307e\u305a\u3001C2\u30b5\u30fc\u30d0\u306b\u5bfe\u3057\u3066\u7c73\u56fd\u30ab\u30ea\u30d5\u30a9\u30eb\u30cb\u30a2\u306b\u3042\u308bVPN\u304b\u3089\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u767a\u884c\u3057\u307e\u3057\u305f\u304c\u3001\u30b5\u30fc\u30d0\u306f\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5fdc\u7b54\u3057\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u6b21\u306b\u3001\u4e2d\u6771\u306b\u3042\u308b\u5225\u306eVPN\u306b\u63a5\u7d9a\u3057\u3001\u540c\u3058\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u767a\u884c\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u5730\u70b9\u3060\u3068C2\u30b5\u30fc\u30d0\u306f\u60aa\u610f\u306e\u3042\u308bSWF\u304a\u3088\u3073\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u4f34\u3046\u5fdc\u7b54\u3092\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u4e8b\u5b9f\u304b\u3089\u3001Sofacy\u30b0\u30eb\u30fc\u30d7\u304c\u5730\u7406\u4f4d\u7f6e\u60c5\u5831\u3092\u4f7f\u3063\u3066\u3001\u9001\u4fe1\u5143\u306e\u4f4d\u7f6e\u304c\u3001\u30b0\u30eb\u30fc\u30d7\u304c\u6a19\u7684\u3068\u3059\u308b\u4f4d\u7f6e\u3068\u4e00\u81f4\u3057\u306a\u3044\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9664\u5916\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u4f3a\u3048\u307e\u3059\u3002<\/p>\n

    \u305d\u3053\u3067\u79c1\u305f\u3061\u304cC2\u3092\u30c6\u30b9\u30c8\u3059\u308b\u305f\u3081\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u3044\u304f\u3064\u304b\u767a\u884c\u3057\u305f\u3068\u3053\u308d\u3001\u30b5\u30fc\u30d0\u304c\u6bce\u56de\u7570\u306a\u308b\u5909\u6570k1\u3001k2\u3001k3\u304a\u3088\u3073k4\u3092\u4f34\u3063\u3066\u5fdc\u7b54\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u3053\u3068\u304b\u3089\u3001\u30b5\u30fc\u30d0\u304c\u53d7\u4fe1\u3057\u305f\u5404\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u3053\u308c\u3089\u306e\u5024\u3092\u30e9\u30f3\u30c0\u30e0\u306b\u9078\u3093\u3067\u3044\u308b\u3053\u3068\u304c\u4f3a\u3048\u307e\u3059\u3002<\/p>\n

    C2\u30b5\u30fc\u30d0\u306e\u30ed\u30b8\u30c3\u30af\u3092\u3055\u3089\u306b\u30c6\u30b9\u30c8\u3059\u308b\u305f\u3081\u3001\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u3068Flash Player\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u793a\u3059\u3055\u307e\u3056\u307e\u306a\u5024\u3092\u542b\u3093\u3060\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002C2\u30b5\u30fc\u30d0\u306b\u5bfe\u3057\u3066Adobe Flash Player\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u309223.0.0.185\u306b\u8a2d\u5b9a\u3057\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306fCVE-2016-7855\u306b\u5bfe\u3057\u3066\u8106\u5f31\u6027\u306e\u3042\u308bFlash\u306e\u4e00\u756a\u65b0\u3057\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059\u3002\u3059\u308b\u3068\u3001\u30b5\u30fc\u30d0\u306f\u5727\u7e2e\u6e08\u307f\u306eSWF\u30d5\u30a1\u30a4\u30eb(SHA256: c993c1e10299162357196de33e4953ab9ab9e9359fa1aea00d92e97e7d8c5f2c)\u3092\u4f34\u3046\u5fdc\u7b54\u3092\u3057\u3066\u304d\u307e\u3057\u305f\u304c\u3001\u307e\u3055\u306b\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u3001\u3053\u306e\u8106\u5f31\u6027\u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3057\u307e\u3057\u305f\u3002<\/p>\n

    \u6700\u5f8c\u306b\u79c1\u305f\u3061\u304cC2\u30b5\u30fc\u30d0\u306b\u5bfe\u3057\u3066\u88ab\u5bb3\u8005\u304cMacOS\u30b7\u30b9\u30c6\u30e0\u3067\u3042\u308b\u3053\u3068\u3092\u793a\u3059\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u767a\u884c\u3059\u308b\u3068\u3001C2\u30b5\u30fc\u30d0\u306f\u524d\u56de\u540c\u69d8\u3001\u540c\u3058\u60aa\u610f\u306e\u3042\u308bSWF\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073Windows\u7528\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u5fdc\u7b54\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u3053\u3068\u304b\u3089\u3001\u3053\u306e\u6642\u70b9\u3067Sofacy\u30b0\u30eb\u30fc\u30d7\u304c\u88ab\u5bb3\u8005\u306e\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306e\u7a2e\u985e\u3092\u8abf\u3079\u308b\u306e\u306bDealersChoice\u3092\u4f7f\u3063\u3066\u3044\u306a\u3044\u3053\u3068\u304c\u4f3a\u3048\u307e\u3059\u3002<\/p>\n

    \u3059\u3079\u3066\u306e\u5834\u5408\u306b\u304a\u3044\u3066\u3001C2\u30b5\u30fc\u30d0\u304c\u914d\u4fe1\u3059\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u30ed\u30fc\u30c0\u30fc\u578b\u30c8\u30ed\u30a4\u306e\u6728\u99ac(SHA256: 3bb47f37e16d09a7b9ba718d93cfe4d5ebbaecd254486d5192057c77c4a25363)\u3067\u3042\u308a\u3001\u3053\u306e\u30c8\u30ed\u30a4\u306e\u6728\u99ac\u304cSeduploader\u306e\u4e9c\u7a2e(SHA256: 4cbb0e3601242732d3ea7c89b4c0fd1074fae4a6d20e5f3afc3bc153b6968d6e)\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001\u3053\u306e\u4e9c\u7a2e\u304cC2\u30b5\u30fc\u30d0akamaisoftupdate[.]com\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n

    \u624b\u672d\u3092\u898b\u305b\u308d: \u304a\u3068\u308a\u306e\u6587\u66f8<\/h3>\n

    \u3053\u306eDealersChoice\u306e\u653b\u6483\u6ce2\u306b\u95a2\u3057\u3066\u6587\u66f8\u304c6\u500b\u53ce\u96c6\u3055\u308c\u307e\u3057\u305f\u304c\u3001\u3059\u3079\u3066\u4e9c\u7a2eB\u3068\u601d\u308f\u308c\u307e\u3059\u3002\u3053\u308c\u3089\u306f\u3001\u4ee5\u524d\u306e\u653b\u6483\u6ce2\u3067\u79c1\u305f\u3061\u304c\u89b3\u5bdf\u3057\u305f\u3082\u306e\u306b\u985e\u4f3c\u3059\u308b\u304a\u3068\u308a\u3092\u4f7f\u3063\u3066\u3044\u307e\u3057\u305f\u3002\u767a\u898b\u3057\u305f6\u500b\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n