\u76ee\u6b21<\/h2>\n
\u653b\u6483\u306e\u6982\u8981<\/a> 2022\u5e742\u67081\u65e5\u3001Unit 42\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u3001\u3042\u308b\u30a6\u30af\u30e9\u30a4\u30ca\u306e\u30a8\u30cd\u30eb\u30ae\u30fc\u95a2\u9023\u7d44\u7e54\u306e\u500b\u4eba\u306b\u6a19\u7684\u578b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3057\u3066\u3044\u305f\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u30e1\u30fc\u30eb\u306f\u6b21\u306e\u3088\u3046\u306a\u30a2\u30c8\u30ea\u30d3\u30e5\u30fc\u30c8(\u5c5e\u6027)\u3092\u3082\u3064\u3082\u306e\u3067\u3057\u305f\u3002<\/p>\n \u9001\u4fe1\u8005: mariaparsons10811@gmail[.]com \u30e1\u30fc\u30eb\u306e\u4ef6\u540d\u3068\u6dfb\u4ed8\u66f8\u985e\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u30a6\u30af\u30e9\u30a4\u30ca\u8a9e\u304b\u3089\u7ffb\u8a33\u3059\u308b\u3068\u300c\u72af\u7f6a\u9042\u884c\u306b\u95a2\u3059\u308b\u5831\u544a\u66f8(<\u500b\u4eba\u540d\u7701\u7565>)<\/span>\u300d\u3068\u306a\u308a\u307e\u3059\u3002\u3053\u306e\u30e1\u30fc\u30eb\u306f\u3001\u5f53\u8a72\u500b\u4eba\u304c\u72af\u7f6a\u884c\u70ba\u306b\u95a2\u4e0e\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u793a\u5506\u3059\u308b\u3082\u306e\u3067\u3001\u6a19\u7684\u3068\u3055\u308c\u305f\u500b\u4eba\u306b\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u304b\u305b\u308b\u305f\u3081\u306e\u30a2\u30af\u30bf\u30fc\u306b\u3088\u308b\u30bd\u30fc\u30b7\u30e3\u30eb\u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u6d3b\u52d5\u306e\u4e00\u74b0\u3068\u8003\u3048\u3089\u308c\u307e\u3059\u3002\u60aa\u610f\u306e\u3042\u308bWord\u6587\u66f8\u306b\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002<\/p>\n \u6dfb\u4ed8\u6587\u66f8\u306e\u5185\u5bb9\u3082\u914d\u4fe1\u3055\u308c\u305f\u30e1\u30fc\u30eb\u306e\u30c6\u30fc\u30de\u306b\u6cbf\u3046\u3082\u306e\u3067\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u56fd\u5bb6\u8b66\u5bdf\u306e\u72af\u7f6a\u635c\u67fb\u5831\u544a\u66f8\u304c\u4e00\u90e8\u4f0f\u305b\u5b57\u306b\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306b\u898b\u3048\u307e\u3059\u3002\u3053\u306e\u6587\u66f8\u306f\u53d7\u4fe1\u8005\u304c\u611f\u5606\u7b26\u306e\u3064\u3044\u305f\u30a2\u30a4\u30b3\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308c\u3070\u3001\u9ed2\u3044\u7dda\u3067\u5857\u308a\u3064\u3076\u3055\u308c\u305f\u30c6\u30ad\u30b9\u30c8\u5185\u5bb9\u304c\u8868\u793a\u3055\u308c\u308b\u3068\u3057\u3066\u3044\u307e\u3059\u3002\u4f0f\u305b\u5b57\u306b\u306a\u3063\u3066\u3044\u308b\u3068\u3055\u308c\u308b\u5404\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u90e8\u4f4d\u306b\u306f\u30a2\u30a4\u30b3\u30f3\u304c\u3042\u308a\u3001\u3053\u308c\u3089\u3092\u30c0\u30d6\u30eb\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u6587\u66f8\u5185\u306b\u57cb\u3081\u8fbc\u307e\u308c\u305f\u60aa\u610f\u306e\u3042\u308bJavaScript(SHA256: b258a747202b1e80421f8c841c57438fb0670299f067dfeb2c53ab50ff6d<\/span>)\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002\u53d7\u4fe1\u8005\u304c\u3053\u306e\u30a2\u30a4\u30b3\u30f3\u3092\u30c0\u30d6\u30eb\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001Word\u306f\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30b7\u30b9\u30c6\u30e0\u306b\u66f8\u304d\u8fbc\u307f\u3001Windows Script Host(wscript)\u3067\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\GSU207@POLICE.GOV.UA - \u041f\u043e\u0432\u0456\u0434\u043e\u043c\u043b\u0435\u043d\u043d\u044f (15).js<\/span><\/p>\n \u3053\u306eJavaScript\u30d5\u30a1\u30a4\u30eb\u306f\u6b21\u306e\u30d7\u30ed\u30bb\u30b9\u3092\u5b9f\u884c\u3057\u3001\u5b9f\u884c\u3055\u308c\u305f\u30d7\u30ed\u30bb\u30b9\u306fPowerShell\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n \u4e0a\u8a18\u306ePowerShell\u30ef\u30f3\u30e9\u30a4\u30ca\u30fc\u306f\u3001\u4ee5\u4e0b\u306eURL\u304b\u3089\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3001%PUBLIC%\\GoogleChromeUpdate.exe<\/span>\u00a0\u3068\u3057\u3066\u4fdd\u5b58\u3057\u3066\u304b\u3089\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n hxxps:\/\/cdn.discordapp[.]com\/attachments\/932413459872747544\/938291977735266344\/putty.exe<\/span><\/p>\n CERT-UA<\/a>\u306b\u3088\u308b\u3068\u3001\u3053\u306ePowerShell\u306e\u30ef\u30f3\u30e9\u30a4\u30ca\u30fc\u306f\u3001\u6570\u65e5\u524d\u306e1\u670831\u65e5\u306b\u767a\u751f\u3057\u305f\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u306b\u5e30\u5c5e\u3055\u308c\u308b\u5225\u306e\u653b\u6483\u306b\u3082\u767b\u5834\u3057\u305f\u3088\u3046\u3067\u3059\u3002<\/p>\n \u3053\u306e\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u653b\u6483\u8a66\u884c\u304c\u3082\u305f\u3089\u3057\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5206\u6790<\/a>(SaintBot\u30c0\u30a6\u30f3\u30ed\u30fc\u30c0\u3068OutSteel\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30b9\u30c6\u30a3\u30fc\u30e9\u304c\u542b\u307e\u308c\u3066\u3044\u305f)\u306b\u3082\u3068\u3065\u304f\u3068\u3001\u540c\u653b\u6483\u306b\u304a\u3051\u308b\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u306e\u76ee\u6a19\u306f\u5f53\u8a72\u30a8\u30cd\u30eb\u30ae\u30fc\u7d44\u7e54\u304b\u3089\u306e\u30c7\u30fc\u30bf\u6f0f\u51fa\u306b\u95a2\u9023\u3059\u308b\u3082\u306e\u3067\u3042\u3063\u305f\u3068\u63a8\u6e2c\u3055\u308c\u307e\u3059\u3002<\/p>\n CERT-UA<\/a>\u306f\u3053\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092UAC-0056\u3068\u3044\u3046\u540d\u524d\u3067\u8ffd\u8de1\u3057\u3066\u3044\u308b\u3068\u8ff0\u3079\u3066\u3044\u307e\u3059\u3002\u4ed6\u306e\u7d44\u7e54\u3067\u306fTA471<\/a>\u3001SaintBear<\/a>\u3001Lorec53<\/a>\u306e\u540d\u524d\u3067\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u3092\u8ffd\u8de1\u3057\u3066\u3044\u307e\u3059\u3002\u79c1\u305f\u3061\u306e\u8abf\u67fb\u3067\u306f\u3001\u3053\u308c\u3089\u306e\u653b\u6483\u304c\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u5185\u30fb\u30b8\u30e7\u30fc\u30b8\u30a2\u5185\u306e\u4ed6\u306e\u7d44\u7e54\u3084\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u5185\u306e\u4ed6\u56fd\u8cc7\u7523\u306b\u7684\u3092\u3057\u307c\u3063\u305f\u904e\u53bb\u306e\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3068\u6570\u3005\u306e\u91cd\u8907\u304c\u898b\u3089\u308c\u308b\u3053\u3068\u304c\u5206\u304b\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u91cd\u8907\u306b\u306f\u3001SaintBot\u30c0\u30a6\u30f3\u30ed\u30fc\u30c0\u3084\u5171\u6709\u30a4\u30f3\u30d5\u30e9\u306a\u3069\u306e\u5171\u901a\u8981\u7d20\u304c\u542b\u307e\u308c\u307e\u3059\u3002\u56f33\u306f\u3001\u3053\u306e\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u306b\u95a2\u9023\u3059\u308b\u65e2\u77e5\u306e\u653b\u6483\u3092\u6642\u7cfb\u5217\u3067\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u5177\u4f53\u7684\u306b\u306f\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u30e1\u30fc\u30eb\u306e\u9001\u4fe1\u65e5\u3068\u5404\u30e1\u30fc\u30eb\u306e\u4ef6\u540d\u3092\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n \u30bf\u30a4\u30e0\u30e9\u30a4\u30f3\u3092\u898b\u308b\u3068\u30012021\u5e744\u6708\u304b\u30897\u6708\u306b\u304b\u3051\u3066\u3001\u8907\u6570\u306e\u653b\u6483\u304c\u884c\u308f\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u30022021\u5e74\u306e\u653b\u6483\u30682022\u5e74\u306b\u89b3\u6e2c\u3055\u308c\u305f\u653b\u6483\u3068\u306e\u9593\u306b\u306f\u3001\u6570\u30f6\u6708\u9593\u306e\u7a7a\u304d\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u7a7a\u304d\u306f\u6d3b\u52d5\u306e\u4f11\u6b62\u3067\u306f\u306a\u304f\u5358\u306b\u898b\u3048\u3066\u3044\u306a\u3044\u3060\u3051\u3068\u601d\u308f\u308c\u307e\u3059\u3002\u30bf\u30a4\u30e0\u30e9\u30a4\u30f3\u4e0a\u3001\u4e00\u898b\u4f11\u6b62\u3057\u3066\u3044\u308b\u3088\u3046\u306b\u898b\u3048\u308b\u671f\u9593\u3082\u8ffd\u52a0\u306e\u653b\u6483\u304c\u884c\u308f\u308c\u305f\u3053\u3068\u3092\u793a\u5506\u3059\u308b\u914d\u5e03\u6587\u66f8\u3084\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u8a8d\u8b58\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u5f53\u8a72\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u306f\u3053\u306e\u671f\u9593\u3082\u6d3b\u52d5\u3092\u4f11\u6b62\u3057\u3066\u3044\u306a\u304b\u3063\u305f\u3082\u306e\u3068\u79c1\u305f\u3061\u306f\u8003\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n UAC-0056 \u3068\u95a2\u9023\u3057\u3066\u3044\u308b\u4ee5\u524d\u306e\u65e2\u77e5\u306e\u653b\u6483\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u4ed8\u9332 A<\/a>\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u4ed8\u9332\u3067\u8aac\u660e\u3057\u305f\u653b\u6483\u306b\u306f\u4ee5\u4e0b\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n \u4e0a\u8a18\u56f32\u306b\u793a\u3057\u305f\u3068\u304a\u308a\u3001\u3053\u306e\u30a2\u30af\u30bf\u30fc\u306fDiscord\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u914d\u4fe1\u30cd\u30c3\u30c8\u30ef\u30fc\u30af(CDN)\u3092\u5229\u7528\u3057\u3066\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30db\u30b9\u30c8\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u308c\u306f\u540c\u8105\u5a01\u653b\u6483\u30b0\u30eb\u30fc\u30d7\u304c\u6570\u591a\u304f\u306e\u653b\u6483\u3067\u4f7f\u3063\u3066\u3044\u308b\u624b\u53e3\u3067\u3059\u3002Discord\u306e\u30b5\u30fc\u30d0\u30fc\u306f\u30b2\u30fc\u30e0\u3084\u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306a\u3069\u306e\u5408\u6cd5\u7528\u9014\u3067\u3082\u4eba\u6c17\u304c\u3042\u308b\u3053\u3068\u304b\u3089\u3001\u591a\u304f\u306eURL\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u3067\u3053\u306e\u30c9\u30e1\u30a4\u30f3\u3078\u306e\u4fe1\u983c\u5ea6\u304c\u9ad8\u304f\u3001Discord\u306e\u5229\u7528\u306f\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306b\u3068\u3063\u3066\u6709\u76ca\u3067\u3059\u3002Discord\u306f\u5229\u7528\u898f\u7d04\u3067CDN\u306e\u4e0d\u6b63\u5229\u7528\u3092\u7981\u6b62\u3057\u3066\u304a\u308a\u3001\u540c\u793e\u306f\u81ea\u793e\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306e\u60aa\u7528\u306e\u767a\u898b\u30fb\u30d6\u30ed\u30c3\u30af\u306b\u52aa\u3081\u3066\u3044\u307e\u3059\u3002<\/p>\n \u3053\u306e\u653b\u6483\u3067\u306f\u3001\u3053\u306e Discord \u306e URL \u304c\u30ed\u30fc\u30c0\u3067\u3042\u308b\u60aa\u610f\u306e\u3042\u308b\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb (SHA256:f58c41d83c0f1c1e8c3bd99ab6deabb14a763b54a3c5f1e821210c0536c3ff<\/span>) \u3092\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30ed\u30fc\u30c0\u306f\u3001\u611f\u67d3\u30c1\u30a7\u30fc\u30f3\u5168\u4f53\u306e\u8907\u6570\u306e\u30b9\u30c6\u30fc\u30b8\u306e\u3046\u3061\u6700\u521d\u306e\u30b9\u30c6\u30fc\u30b8\u3068\u3057\u3066\u6a5f\u80fd\u3059\u308b\u3082\u306e\u3067\u3001\u305d\u308c\u305e\u308c\u306e\u30b9\u30c6\u30fc\u30b8\u304c\u3055\u307e\u3056\u307e\u306a\u30ec\u30d9\u30eb\u306e\u8907\u96d1\u6027\u3092\u6301\u3063\u3066\u3044\u307e\u3059\u3002\u6700\u7d42\u7684\u306b\u3053\u306e\u611f\u67d3\u30c1\u30a7\u30fc\u30f3\u306f\u3001OutSteel\u3068\u547c\u3070\u308c\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30b9\u30c6\u30a3\u30fc\u30e9\u3001SaintBot\u3068\u547c\u3070\u308c\u308b\u30c8\u30ed\u30a4\u306e\u6728\u99ac\u306e\u30ed\u30fc\u30c0\u3001Windows Defender\u3092\u7121\u52b9\u306b\u3059\u308b\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u5316\u3057\u305f\u30d0\u30c3\u30c1\u30b9\u30af\u30ea\u30d7\u30c8\u3001\u6b63\u898f\u306eGoogle Chrome\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3092\u305d\u308c\u305e\u308c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30fb\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n \u914d\u5e03\u6587\u66f8\u306eJavaScript\u3067\u6700\u521d\u306b\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u308b\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306f\u30c8\u30ed\u30a4\u306e\u6728\u99ac\u578b\u306e\u521d\u671f\u30ed\u30fc\u30c0\u3067\u3001\u4f5c\u6210\u8005\u306fOrganization(\u7d44\u7e54)\u306e\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u300cElectrum Technologies GmbH\u300d\u3092\u8a2d\u5b9a\u3057\u305f\u8a3c\u660e\u66f8(SHA1: 60aac9d079a28bd9ee0372e39f23a6a92e9236bd<\/span>)\u3067\u3053\u306e\u30ed\u30fc\u30c0\u306b\u7f72\u540d\u3092\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306f\u4ee5\u4e0b\u306b\u793a\u3059\u3068\u304a\u308a\u3001Electrum Bitcoin\u30a6\u30a9\u30ec\u30c3\u30c8(Bitcoin\u5c02\u7528\u306e\u4eee\u60f3\u901a\u8ca8\u30a6\u30a9\u30ec\u30c3\u30c8)\u3068\u95a2\u9023\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n Certificate: \u3053\u306e\u7b2c1\u30b9\u30c6\u30fc\u30b8\u306e\u30ed\u30fc\u30c0\u306f\u305d\u306e\u5f8c\u306b\u3064\u3065\u304f\u8907\u6570\u306e\u30b9\u30c6\u30fc\u30b8\u7528\u306e\u5358\u7d14\u306a\u30e9\u30c3\u30d1\u30fc\u3067\u3001\u3053\u308c\u3089\u306e\u5f8c\u534a\u306e\u30b9\u30c6\u30fc\u30b8\u306f\u5358\u306b\u30ea\u30bd\u30fc\u30b9\u304b\u3089DLL\u3092\u5fa9\u53f7\u3057\u3001\u30e1\u30e2\u30ea\u306b\u30ed\u30fc\u30c9\u3057\u3001\u30a8\u30f3\u30c8\u30ea\u30dd\u30a4\u30f3\u30c8\u3092\u547c\u3073\u51fa\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n \u521d\u671f\u30ed\u30fc\u30c0\u306e\u30d1\u30c3\u30af\u30fb\u96e3\u8aad\u5316\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30c3\u30ab\u30fc\u3092\u4f7f\u3048\u3070\u3001\u30d1\u30c3\u30ab\u30fc\u5229\u7528\u8005\u306f\u4ed6\u306e.NET\u30d0\u30a4\u30ca\u30ea\u3084\u30b3\u30d4\u30fc\u3057\u305f\u8a3c\u660e\u66f8\u304b\u3089 .NET\u30a2\u30bb\u30f3\u30d6\u30ea\u306e\u30af\u30ed\u30fc\u30f3\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5927\u90e8\u5206\u304c\u6b63\u898f\u30e9\u30a4\u30d6\u30e9\u30ea\u304b\u3089\u53d6\u5f97\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3084\u3001\u6dfb\u4ed8\u3055\u308c\u3066\u3044\u308b\u306e\u304cElectrum\u306e\u8a3c\u660e\u66f8\u3067\u3042\u308b\u3053\u3068\u306b\u3064\u3044\u3066\u306f\u3053\u308c\u3067\u8aac\u660e\u304c\u3064\u304d\u307e\u3059\u3002<\/p>\n SHCore2.dll<\/span>\u3068\u3044\u3046\u540d\u524d\u306e\u5fa9\u53f7\u3055\u308c\u305fDLL\u3082\u96e3\u8aad\u5316\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u8208\u5473\u6df1\u3044\u3053\u3068\u306b\u3001\u3053\u306e\u96e3\u8aad\u5316\u30c4\u30fc\u30eb\u306f\u30af\u30e9\u30b9\u540d\u3092\u5b8c\u5168\u306b\u306f\u524a\u9664\u3057\u3066\u3044\u307e\u305b\u3093(\u56f35\u53c2\u7167)\u3002\u3053\u306e\u304a\u304b\u3052\u3067\u30b5\u30f3\u30d7\u30eb\u306e\u6a5f\u80fd\u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u3059\u3070\u3084\u304f\u53ce\u96c6\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u306eDLL\u306f\u6700\u7d42\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u3042\u308b\u3088\u3046\u306b\u898b\u3048\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u304c\u3001\u5b9f\u306f\u3053\u308c\u3082\u5358\u306a\u308b\u30b9\u30c6\u30fc\u30b8\u30e3\u3067\u3057\u304b\u306a\u304f\u3001\u5408\u8a08\u30674\u3064\u306e\u57cb\u3081\u8fbc\u307f\u30d0\u30a4\u30ca\u30ea\u3092\u5fa9\u53f7\u3057\u3066\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n \u30b9\u30c6\u30fc\u30b8\u30e3\u306b\u306f\u8208\u5473\u6df1\u3044\u89e3\u6790\u9632\u6b62\u6a5f\u80fd\u304c\u3042\u308a\u3001\u4eee\u60f3\u30de\u30b7\u30f3\u5185\u3084\u3001\u5834\u5408\u306b\u3088\u3063\u3066\u306f\u30d9\u30a2\u30e1\u30bf\u30eb\u30b7\u30b9\u30c6\u30e0\u3067\u306e\u5b9f\u884c\u3082\u62d2\u5426\u3057\u307e\u3059\u3002\u305d\u306e\u305f\u3081\u52d5\u7684\u89e3\u6790\u306f\u56f0\u96e3\u306a\u306e\u3067\u3059\u304c\u3001\u5f53\u8a72\u30b5\u30f3\u30d7\u30eb\u306f\u4eee\u60f3\u30de\u30b7\u30f3\u306e\u30c1\u30a7\u30c3\u30af\u3092\u884c\u3046\u524d\u306b\u3001Class5_Decrypter<\/span>\u30af\u30e9\u30b9\u5185\u306e\u95a2\u6570\u3092\u547c\u3073\u51fa\u3057\u3066\u304a\u308a\u3001\u3053\u308c\u304c\u57cb\u3081\u8fbc\u307e\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5fa9\u53f7\u3092\u62c5\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3092\u5229\u7528\u3057\u3066\u30b5\u30f3\u30d7\u30eb\u3092\u30c7\u30d0\u30c3\u30b0\u3057\u3066\u5fa9\u53f7\u3057\u305f\u5f8c\u3067\u305d\u308c\u3089\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u62bd\u51fa\u3067\u304d\u307e\u3059\u3002<\/p>\n \u30b9\u30c6\u30fc\u30b8\u30e3\u304c\u5fa9\u53f7\u30fb\u5b9f\u884c\u3059\u308b\u57cb\u3081\u8fbc\u307f\u30d0\u30a4\u30ca\u30ea\u306f\u3001OutSteel\u3001SaintBot\u3001Windows Defender\u306e\u7121\u52b9\u5316\u3092\u884c\u3046\u30d0\u30c3\u30c1\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3001Google Chrome\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30e9\u306e4\u3064\u3067\u3059(\u88681\u53c2\u7167)\u3002<\/p>\n
\n\u904e\u53bb\u306e\u653b\u6483\u3068\u306e\u95a2\u9023<\/a>
\n2\u67082\u65e5\u306e\u653b\u6483\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u89e3\u6790<\/a>
\n\u521d\u671f\u306e\u30ed\u30fc\u30c0<\/a>
\n\u653b\u6483\u306b\u95a2\u9023\u3059\u308b\u8ffd\u52a0\u30d5\u30a1\u30a4\u30eb<\/a>
\n\u7d50\u8ad6<\/a>
\n\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/a>
\nIoC<\/a>
\n\u4ed8\u9332A: UAC-0056\u3068\u95a2\u9023\u3059\u308b\u904e\u53bb\u306e\u653b\u6483<\/a>
\n2021\u5e743\u6708\u306e\u653b\u6483<\/a>
\n2021\u5e744\u6708\u306e\u653b\u6483<\/a>
\n2021\u5e745\u6708\u306e\u653b\u6483<\/a>
\n2021\u5e746\u6708\u306e\u653b\u6483<\/a>
\n2021\u5e747\u6708\u306e\u6a19\u7684<\/a><\/p>\n<\/a>\u653b\u6483\u306e\u6982\u8981<\/h2>\n
\n<\/span>\u4ef6\u540d: \u041f\u043e\u0432\u0456\u0434\u043e\u043c\u043b\u0435\u043d\u043d\u044f \u043f\u0440\u043e \u0432\u0447\u0438\u043d\u0435\u043d\u043d\u044f \u0437\u043b\u043e\u0447\u0438\u043d\u0443 (<\u500b\u4eba\u540d\u7701\u7565>)
\n<\/span>\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb: \u041f\u043e\u0432\u0456\u0434\u043e\u043c\u043b\u0435\u043d\u043d\u044f \u043f\u0440\u043e \u0432\u0447\u0438\u043d\u0435\u043d\u043d\u044f \u0437\u043b\u043e\u0447\u0438\u043d\u0443 (<\u500b\u4eba\u540d\u7701\u7565>).docx<\/span><\/p>\n![\"\u30a6\u30af\u30e9\u30a4\u30ca\u306e\u7d44\u7e54\u306e\u6a19\u7684\u3068\u306a\u3063\u305f\u500b\u4eba\u306b\u9001\u3089\u308c\u305f\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u30e1\u30fc\u30eb\u306b\u6dfb\u4ed8\u3055\u308c\u305f\u60aa\u8cea\u306aWord\u6587\u66f8\u3002\u9ed2\u304f\u5857\u308a\u3064\u3076\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306b\u898b\u3048\u308b\u7b87\u6240\u306f\u3001\u6a19\u7684\u3068\u306a\u3063\u305f\u500b\u4eba\u304c\u6587\u66f8\u5185\u306e\u30a2\u30a4\u30b3\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3088\u3046\u306b\u4ed5\u5411\u3051\u308b\u3079\u304f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u4ed5\u7d44\u3093\u3060\u3082\u306e\u3002\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-25.png\")
![\"PowerShell\u306e\u30ef\u30f3\u30e9\u30a4\u30ca\u30fc\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image.jpeg\")
<\/a>\u904e\u53bb\u306e\u653b\u6483\u3068\u306e\u95a2\u9023<\/h2>\n
![\"UAC-0056\u306b\u95a2\u9023\u3059\u308b\u65e2\u77e5\u306e\u653b\u6483\u306e\u30bf\u30a4\u30e0\u30e9\u30a4\u30f3\u3002\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u30e1\u30fc\u30eb\u306e\u9001\u4fe1\u65e5\u3068\u305d\u306e\u4ef6\u540d\u3092\u793a\u3057\u305f\u3082\u306e\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-26-jp.png\")
<\/a>\n
<\/a>2\u67082\u65e5\u306e\u653b\u6483\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u89e3\u6790<\/h2>\n
<\/a>\u521d\u671f\u306e\u30ed\u30fc\u30c0<\/h3>\n
\n<\/span>\u00a0 \u00a0 Data:
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 Version: 3 (0x2)
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 Serial Number:
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 3b:11:e7:6e:da:51:82:ce:c2:d4:e7:2d:8c:05:f6:9a
\n<\/span>\u00a0 \u00a0 Signature Algorithm: sha256WithRSAEncryption
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA - G2
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 Validity
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Not Before: May 8 00:00:00 2020 GMT
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Not After : May 8 23:59:59 2022 GMT
\n<\/span>\u00a0 \u00a0 \u00a0 \u00a0 Subject: C=DE, ST=Berlin, L=Berlin, O=Electrum Technologies GmbH<\/strong>, CN=Electrum Technologies GmbH<\/span><\/p>\n![\"\u5fa9\u53f7\u3055\u308c\u305fSHCore2.dll\u3092\u8aad\u307f\u8fbc\u3093\u3067\u30a8\u30f3\u30c8\u30ea\u30dd\u30a4\u30f3\u30c8\u3092\u547c\u3073\u51fa\u3059\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-27.png\")
![\"SHCore2.dll](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-28.png\")
![\"\u5fa9\u53f7\u3057\u305f\u3082\u306e](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-29.png\")
![\"OutSteel\u306e\u4e3b\u90e8\u3068\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u691c\u7d22\u30eb\u30fc\u30d7\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-30.png\")
![\"OutSteel\u304cSaintBot\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066rmm.bat\u3092\u5b9f\u884c\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-31.png\")
![\"rmm.bat\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-32.png\")
![\"windows_defender_disable.bat\u30b9\u30af\u30ea\u30d7\u30c8\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-33.png\")
![\"PowerShell\u30ef\u30f3\u30e9\u30a4\u30ca\u30fc\u306e\u5b9f\u884c\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-34.png\")
![\"\u30ea\u30bd\u30fc\u30b9\u5185\u306e\u9006\u9806\u306b\u306a\u3063\u305f\u30d0\u30a4\u30ca\u30ea\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-35.png\")
![\"\u4eee\u60f3\u30de\u30b7\u30f3\u5bfe\u7b56\u306e\u30c1\u30a7\u30c3\u30af\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-36.png\")
![\"\u30d7\u30ed\u30bb\u30b9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u884c\u3046API\u306e\u30ed\u30fc\u30c9\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-37.png\")
![\"SaintBot\u30c0\u30a6\u30f3\u30ed\u30fc\u30c0\u306e\u30b7\u30b9\u30c6\u30e0\u30ed\u30b1\u30fc\u30eb\u30c1\u30a7\u30c3\u30af\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-38.png\")
![\"SaintBot\u7528\u306e\u4e3b\u8981\u30d5\u30a9\u30eb\u30c0\u306e\u8a2d\u5b9a\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-39.png\")
![\"slideshow.mp4\u7d4c\u7531\u3067API\u3092\u89e3\u6c7a\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-40.png\")
![\"\u56f318.](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-41.png\")
![\"fodhelper.exe\u7d4c\u7531\u306e\u7279\u6a29\u6607\u683c\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-42.png\")
![\"\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305fC2\"](\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/02\/word-image-43.png\")