{"id":123658,"date":"2022-06-16T02:42:39","date_gmt":"2022-06-16T09:42:39","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=123658"},"modified":"2022-06-16T02:46:19","modified_gmt":"2022-06-16T09:46:19","slug":"helloxd-ransomware","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/","title":{"rendered":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f"},"content":{"rendered":"<h2><a id=\"post-123363-_4lt92rr5muov\"><\/a><strong>\u6982\u8981<\/strong><\/h2>\n<p>HelloXD\u306f2021\u5e7411\u6708\u306b\u6d6e\u4e0a\u3057\u3066\u304d\u305f\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u3067\u3001\u4e8c\u91cd\u6050\u559d\u653b\u6483\u3092\u884c\u3044\u307e\u3059\u3002\u79c1\u305f\u3061\u306e\u8abf\u67fb\u3067\u306f\u3001Windows\u30b7\u30b9\u30c6\u30e0\u3068Linux\u30b7\u30b9\u30c6\u30e0\u306b\u5f71\u97ff\u3059\u308b\u8907\u6570\u306e\u4e9c\u7a2e\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002\u4ed6\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b0\u30eb\u30fc\u30d7\u3068\u7570\u306a\u308a\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u306f\u30a2\u30af\u30c6\u30a3\u30d6\u306a\u30ea\u30fc\u30af\u30b5\u30a4\u30c8\u3092\u6301\u3061\u307e\u305b\u3093\u3002\u305d\u306e\u304b\u308f\u308a\u3001TOX\u30c1\u30e3\u30c3\u30c8\u3084onion\u30d9\u30fc\u30b9\u306e\u30e1\u30c3\u30bb\u30f3\u30b8\u30e3\u30fc\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u901a\u3058\u305f\u4ea4\u6e09\u3078\u3068\u5f71\u97ff\u3092\u53d7\u3051\u305f\u88ab\u5bb3\u8005\u3092\u8a98\u5c0e\u3059\u308b\u3053\u3068\u3092\u597d\u307f\u307e\u3059\u3002<\/p>\n<p>Unit 42\u306f\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u3092\u8a73\u7d30\u306b\u5206\u6790\u3057\u3001\u305d\u3053\u3067\u4f7f\u308f\u308c\u3066\u3044\u308b\u96e3\u8aad\u5316\u3084\u5b9f\u884c\u306e\u624b\u53e3\u3092\u8abf\u3079\u307e\u3057\u305f\u304c\u3001\u3053\u308c\u306f\u6d41\u51fa\u3057\u305fBabuk\/Babyk\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3068\u6839\u5e79\u306e\u6a5f\u80fd\u304c\u975e\u5e38\u306b\u3088\u304f\u4f3c\u305f\u3082\u306e\u3067\u3057\u305f\u3002\u307e\u305f\u79c1\u305f\u3061\u306f\u3001\u653b\u6483\u8005\u304c\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30d0\u30c3\u30af\u30c9\u30a2\u3067\u3042\u308bMicroBackdoor\u3092\u5c55\u958b\u3057\u3066\u3044\u308b\u30b5\u30f3\u30d7\u30eb\u304c\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u30d0\u30c3\u30af\u30c9\u30a2\u3092\u4f7f\u3046\u3053\u3068\u3067\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306e\u95b2\u89a7\u3084\u30d5\u30a1\u30a4\u30eb\u306e\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u30fb\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3001\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u3001\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u306e\u81ea\u8eab\u306e\u524a\u9664\u304c\u884c\u3048\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u308c\u306f\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u9032\u6357\u3092\u76e3\u8996\u3057\u3001\u611f\u67d3\u30b7\u30b9\u30c6\u30e0\u306b\u3055\u3089\u306a\u308b\u8db3\u5834\u3092\u78ba\u4fdd\u3059\u308b\u305f\u3081\u306b\u884c\u308f\u308c\u305f\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3068\u8003\u3048\u3089\u308c\u307e\u3059\u3002<\/p>\n<p>MicroBackdoor\u30b5\u30f3\u30d7\u30eb\u3092\u5206\u6790\u4e2d\u3001\u305d\u306e\u8a2d\u5b9a\u3092\u898b\u3066\u3044\u304f\u3068\u3001\u4f5c\u8005\u306e\u53ef\u80fd\u6027\u306e\u3042\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3001<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>(\u30a8\u30a4\u30ea\u30a2\u30b9\u540d\u306f\u307b\u304b\u306b<span style=\"font-family: 'courier new', courier, monospace;\">L4ckyguy\u3001unKn0wn\u3001unk0w\u3001 _unkn0wn<\/span>\u3001<span style=\"font-family: 'courier new', courier, monospace;\">x4kme<\/span>)\u304c\u6240\u6709\u3059\u308bIP\u30a2\u30c9\u30ec\u30b9\u304c\u57cb\u3081\u8fbc\u307e\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>Unit 42\u304c\u3055\u307e\u3056\u307e\u306a\u30cf\u30c3\u30ad\u30f3\u30b0\u30d5\u30a9\u30fc\u30e9\u30e0\u3084\u30cf\u30c3\u30ad\u30f3\u30b0\u4ee5\u5916\u306e\u30d5\u30a9\u30fc\u30e9\u30e0\u3067<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u3092\u89b3\u5bdf\u3057\u305f\u3068\u3053\u308d\u3001\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u307b\u304b\u306b\u3082\u6b21\u306e\u3088\u3046\u306a\u60aa\u8cea\u306a\u6d3b\u52d5\u306b\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li>Cobalt Strike Beacon\u306e\u5c55\u958b<\/li>\n<li>PoC(\u6982\u5ff5\u5b9f\u8a3c)\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u8ca9\u58f2<\/li>\n<li>\u30af\u30ea\u30d7\u30bf\u30fc(\u5fa9\u53f7\u30c4\u30fc\u30eb)\u30b5\u30fc\u30d3\u30b9<\/li>\n<li>Kali Linux\u306e\u30ab\u30b9\u30bf\u30e0\u30c7\u30a3\u30b9\u30c8\u30ed\u958b\u767a<\/li>\n<li>\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3068\u914d\u5e03<\/li>\n<li>\u60aa\u610f\u306e\u3042\u308b\u30a4\u30f3\u30d5\u30e9\u306e\u5c55\u958b<\/li>\n<\/ul>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u3067\u306f\u3001<a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/cortex-xdr\">Cortex XDR<\/a>\u304a\u3088\u3073<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/next-generation-firewall\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>(<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/next-generation-firewall\">WildFire<\/a>\u306a\u3069\u306e\u30af\u30e9\u30a6\u30c9\u63d0\u4f9b\u578b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u3092\u5229\u7528)\u306a\u3069\u306e\u88fd\u54c1\u3068\u30b5\u30fc\u30d3\u30b9\u3067HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u691c\u77e5\u30fb\u9632\u6b62\u3057\u307e\u3059\u3002<\/p>\n<p>\u60aa\u610f\u306e\u3042\u308b\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306e\u6025\u5897\u3092\u53d7\u3051\u3001\u8105\u5a01\u5168\u5bb9\u306e\u628a\u63e1\u306e\u305f\u3081\u3001\u672c\u8105\u5a01\u8a55\u4fa1\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002<\/p>\n<table style=\"width: 100.329%;\">\n<tbody>\n<tr>\n<td style=\"width: 34.9474%;\"><span style=\"font-weight: 400;\">Unit 42\u306e\u95a2\u9023\u30c8\u30d4\u30c3\u30af<\/span><\/td>\n<td style=\"width: 258.526%;\"><a href=\"https:\/\/unit42.paloaltonetworks.jp\/category\/ransomware-ja\/\"><span style=\"font-weight: 400;\">Ransomware<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/ransomware-threat-report-ja\/\"><span style=\"font-weight: 400;\">Ransomware Threat Report<\/span><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><a id=\"post-123363-_pithm4vza0gc\"><\/a>\u76ee\u6b21<\/h2>\n<p><a href=\"#HelloXD-Malware-Overview\">HelloXD\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u6982\u8981<\/a><br \/>\n<a href=\"#Packer-Analyses\">\u30d1\u30c3\u30ab\u30fc\u306e\u5206\u6790<\/a><br \/>\n<a href=\"#Ransomware-Internals\">\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u5185\u90e8\u69cb\u9020<\/a><br \/>\n<a href=\"#wtfbbq-pivots\">\u6587\u5b57\u5217\u300c:wtfbbq\u300d\u304b\u3089\u306e\u8abf\u67fb<\/a><br \/>\n<a href=\"#Hunting-for-Ransomware-Attribution\">\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306e\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0<\/a><br \/>\n<a href=\"#Conclusion\">\u7d50\u8ad6<\/a><br \/>\n<a href=\"#Indicators-of-Compromise\">IoC<\/a><br \/>\n<a href=\"#Additional-Resources\">\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/a><\/p>\n<h2><a id=\"HelloXD-Malware-Overview\"><\/a>HelloXD\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u6982\u8981<\/h2>\n<p>HelloXD\u306f2021\u5e7411\u670830\u65e5\u306b\u521d\u3081\u3066\u5b9f\u5730\u3067\u89b3\u6e2c\u3055\u308c\u305f\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u3067\u3001\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306b\u306fClamAV\u306e\u30ed\u30b4\u3092\u6539\u5909\u3057\u305f\u3082\u306e\u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\u3002ClamAV\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9\u30a8\u30f3\u30b8\u30f3\u3067\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u691c\u51fa\u306b\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u307b\u304b\u3001\u30ed\u30b4\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u7570\u306a\u308b\u5225\u30b5\u30f3\u30d7\u30eb\u3082\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u3069\u3046\u3084\u3089\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u958b\u767a\u8005\u306fClamAV\u306e\u30d6\u30e9\u30f3\u30c9\u540d\u3092\u597d\u3093\u3067\u81ea\u8eab\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306b\u4f7f\u3063\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002\u89b3\u6e2c\u3057\u305f\u30b5\u30f3\u30d7\u30eb\u306e\u4e2d\u306b\u306f\u3001\u56f31\u3067\u793a\u3059\u30d7\u30ed\u30d1\u30c6\u30a3\u60c5\u5831\u3092\u3082\u3064\u3082\u306e\u3082\u3042\u308a\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_123521\" aria-describedby=\"caption-attachment-123521\" style=\"width: 358px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123522 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-48.png\" alt=\"\u56f31. \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u306e\u30d7\u30ed\u30d1\u30c6\u30a3\u8a73\u7d30\" width=\"358\" height=\"523\" \/><figcaption id=\"caption-attachment-123521\" class=\"wp-caption-text\">\u56f31. \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u306e\u30d7\u30ed\u30d1\u30c6\u30a3\u8a73\u7d30<\/figcaption><\/figure>\n<p>\u30d5\u30a1\u30a4\u30eb\u306e\u8aac\u660e\u306fClamAV\u3092\u3082\u3058\u3063\u305f<span style=\"font-family: 'courier new', courier, monospace;\">VlahmAV<\/span>\u3068\u3044\u3046\u9805\u76ee\u3092\u542b\u307f\u3001\u3053\u306e\u958b\u767a\u8005\u306f\u540c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092<span style=\"font-family: 'courier new', courier, monospace;\">HelloXD<\/span>\u3068\u540d\u4ed8\u3051\u3066\u3001\u8457\u4f5c\u6a29\u6b04\u306bHelloXD\u306e\u958b\u767a\u8005\u3068\u3057\u3066\u5225\u306e\u30a8\u30a4\u30ea\u30a2\u30b9\u306e\u53ef\u80fd\u6027\u304c\u3042\u308b\u300c<span style=\"font-family: 'courier new', courier, monospace;\">uKnow<\/span>\u300d\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5b9f\u884c\u3055\u308c\u305fHelloXD\u306f\u307e\u305a\u30b7\u30e3\u30c9\u30a6\u30b3\u30d4\u30fc\u306e\u7121\u52b9\u5316\u3092\u8a66\u307f\u3001\u30b7\u30b9\u30c6\u30e0\u5fa9\u5143\u304c\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u306f\u30b5\u30f3\u30d7\u30eb\u306b\u57cb\u3081\u8fbc\u307e\u308c\u305f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u304c\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002\u305d\u306e\u5f8c\u3001\u30d5\u30a1\u30a4\u30eb\u304c\u6697\u53f7\u5316\u3055\u308c\u307e\u3059\u3002<\/p>\n<p><img  class=\"aligncenter wp-image-123524 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-49.png\" alt=\"HelloXD\u306f\u30b7\u30e3\u30c9\u30a6\u30b3\u30d4\u30fc\u306e\u7121\u52b9\u5316\u306e\u305f\u3081\u3053\u3053\u306b\u793a\u3057\u305f\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002\" width=\"638\" height=\"107\" \/><\/p>\n<p>\u3055\u3089\u306b\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f<span style=\"font-family: 'courier new', courier, monospace;\">1.1.1[.]1<\/span>\u306bping\u3092\u9001\u4fe1\u3057\u3001\u5404\u5fdc\u7b54\u306e\u9593\u306b3000\u30df\u30ea\u79d2(3\u79d2)\u306e\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u3092\u5f85\u3064\u3088\u3046\u306b\u6c42\u3081\u307e\u3059\u3002\u305d\u3057\u3066\u305d\u306e\u5f8c\u3059\u3050\u306b\u521d\u671f\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u524a\u9664\u3059\u308b\u305f\u3081\u306edelete\u30b3\u30de\u30f3\u30c9\u304c\u7d9a\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"lang:default decode:true \">cmd.exe \/C ping 1.1.1[.]1 -n 1 -w 3000 &gt; Nul &amp; Del \/f \/q\r\n\"C:\\Users\\admin\\Desktop\\xd.exe\"<\/pre>\n<p>\u8b58\u5225\u3055\u308c\u305f\u521d\u671f\u30b5\u30f3\u30d7\u30eb\u306e\u3046\u30612\u3064\u306f\u6b21\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u542b\u3080\u4e00\u610f\u306a\u30df\u30e5\u30fc\u30c6\u30c3\u30af\u30b9\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<table style=\"width: 101.444%;\">\n<tbody>\n<tr>\n<td style=\"width: 100%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">mutex: With best wishes And good intentions...\u00a0<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u3053\u308c\u3089\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u5f8c\u3001\u540c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f<span style=\"font-family: 'courier new', courier, monospace;\">Hello.txt<\/span>\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u3092\u6b8b\u3059\u3068\u3068\u3082\u306b\u3001\u30d5\u30a1\u30a4\u30eb\u62e1\u5f35\u5b50<span style=\"font-family: 'courier new', courier, monospace;\">.hello<\/span>\u3092\u4ed8\u52a0\u3057\u3066\u7d42\u4e86\u3057\u307e\u3059(\u56f32)\u3002<\/p>\n<figure id=\"attachment_123525\" aria-describedby=\"caption-attachment-123525\" style=\"width: 618px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123526 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-50.png\" alt=\"\u56f32. \u6697\u53f7\u5316\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u3068\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\" width=\"618\" height=\"177\" \/><figcaption id=\"caption-attachment-123525\" class=\"wp-caption-text\">\u56f32. \u6697\u53f7\u5316\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u3068\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2<\/figcaption><\/figure>\n<p>\u79c1\u305f\u3061\u304c\u89b3\u6e2c\u3057\u305f\u8907\u6570\u306e\u30b5\u30f3\u30d7\u30eb\u9593\u3067\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u306f\u5909\u66f4\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u79c1\u305f\u3061\u304c\u6700\u521d\u306b\u906d\u9047\u3057\u305f\u30b5\u30f3\u30d7\u30eb(\u56f33\u5de6)\u3067\u306f\u3001\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u306fTOX\u306eID\u306b\u306e\u307f\u30ea\u30f3\u30af\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u5f8c\u306b\u89b3\u6e2c\u3055\u308c\u305f\u30b5\u30f3\u30d7\u30eb(\u56f33\u53f3)\u3067\u306f\u3001TOX\u306eID(\u6700\u521d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u3082\u306e\u3068\u306f\u7570\u306a\u308b)\u306b\u52a0\u3048\u3066onion\u30c9\u30e1\u30a4\u30f3\u306b\u3082\u30ea\u30f3\u30af\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067\u3053\u306e\u30b5\u30a4\u30c8\u306f\u30aa\u30d5\u30e9\u30a4\u30f3\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_123575\" aria-describedby=\"caption-attachment-123575\" style=\"width: 546px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123576 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/image13.png\" alt=\"\u56f33. \u89b3\u6e2c\u3055\u308c\u305f2\u3064\u306e\u4e9c\u7a2e\u306e\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u3092\u6bd4\u8f03\u3057\u305f\u3068\u3053\u308d\" width=\"546\" height=\"593\" \/><figcaption id=\"caption-attachment-123575\" class=\"wp-caption-text\">\u56f33. \u89b3\u6e2c\u3055\u308c\u305f2\u3064\u306e\u4e9c\u7a2e\u306e\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u3092\u6bd4\u8f03\u3057\u305f\u3068\u3053\u308d<\/figcaption><\/figure>\n<p><img  class=\"wp-image-123528 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-51.png\" width=\"1\" height=\"1\" \/>\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u88ab\u5bb3\u8005\u306eID\u3092\u4f5c\u3063\u3066\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306b\u9001\u308b\u3053\u3068\u3067\u3001\u88ab\u5bb3\u8005\u3092\u7279\u5b9a\u3057\u3001\u5fa9\u53f7\u30c4\u30fc\u30eb(\u30c7\u30af\u30ea\u30d7\u30bf)\u3092\u63d0\u4f9b\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u307e\u305f\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u306f\u88ab\u5bb3\u8005\u306b<a href=\"https:\/\/tox.chat\/\">Tox<\/a>\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u3088\u3046\u306b\u6307\u793a\u3057\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3068\u9023\u7d61\u3092\u53d6\u308b\u305f\u3081\u306eTox Chat ID\u3082\u63d0\u4f9b\u3057\u3066\u3044\u307e\u3059\u3002Tox\u306f\u3001\u30a8\u30f3\u30c9\u30c4\u30fc\u30a8\u30f3\u30c9\u306e\u6697\u53f7\u5316\u3092\u63d0\u4f9b\u3059\u308b\u30d4\u30a2\u30c4\u30fc\u30d4\u30a2\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30c8\u30e1\u30c3\u30bb\u30fc\u30b8\u30f3\u30b0\u30d7\u30ed\u30c8\u30b3\u30eb\u3067\u3001\u4ed6\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b0\u30eb\u30fc\u30d7\u3082\u4ea4\u6e09\u306b\u5229\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u300c<a href=\"https:\/\/unit42.paloaltonetworks.jp\/lockbit-2-ransomware\/\">LockBit 2.0<\/a>\u300d\u3067\u306fTox Chat\u3092\u4f7f\u3063\u3066\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3068\u306e\u30b3\u30df\u30e5\u30cb\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u3068\u308a\u307e\u3059\u3002<\/p>\n<p>\u4eee\u60f3\u74b0\u5883\u4e0a\u3067\u4e21\u4e9c\u7a2e\u306e\u5b9f\u884c\u306e\u3088\u3046\u3059\u3092\u89b3\u5bdf\u3057\u305f\u3068\u3053\u308d\u3001\u6700\u8fd1\u306e\u4e9c\u7a2e\u306f\u80cc\u666f\u3092\u5e7d\u970a\u306b\u5909\u3048\u3066\u3044\u308b\u3053\u3068\u306b\u6c17\u3065\u304d\u307e\u3057\u305f\u3002\u5e7d\u970a\u3068\u3044\u3046\u306e\u306f\u3001\u540c\u8105\u5a01\u306e\u6d3b\u52d5\u306b\u304a\u3044\u3066\u521d\u89b3\u6e2c\u6642\u70b9\u304b\u3089\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b\u30c6\u30fc\u30de\u3067\u3059\u3002\u305f\u3060\u3057\u3053\u308c\u3088\u308a\u524d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u306f\u80cc\u666f\u3092\u5909\u3048\u305a\u3001\u5148\u306b\u89b3\u6e2c\u3055\u308c\u3066\u3044\u305f\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u3092\u6b8b\u3059\u3060\u3051\u3067\u3057\u305f(\u56f34)\u3002<\/p>\n<figure id=\"attachment_123577\" aria-describedby=\"caption-attachment-123577\" style=\"width: 623px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123578 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/image19.png\" alt=\"\u56f34 \u30c7\u30b9\u30af\u30c8\u30c3\u30d7\u58c1\u7d19\u304c\u5909\u66f4\u3055\u308c\u3066\u3044\u308b\u3002\u65e7\u4e9c\u7a2e(\u5de6)\u306f\u5909\u66f4\u304c\u306a\u304f\u65b0\u4e9c\u7a2e(\u53f3)\u306f\u5e7d\u970a\u306b\u5909\u66f4\u3057\u3066\u3044\u308b\" width=\"623\" height=\"269\" \/><figcaption id=\"caption-attachment-123577\" class=\"wp-caption-text\">\u56f34. \u30c7\u30b9\u30af\u30c8\u30c3\u30d7\u58c1\u7d19\u304c\u5909\u66f4\u3055\u308c\u3066\u3044\u308b\u3002\u65e7\u4e9c\u7a2e(\u5de6)\u306f\u5909\u66f4\u304c\u306a\u304f\u65b0\u4e9c\u7a2e(\u53f3)\u306f\u5e7d\u970a\u306b\u5909\u66f4\u3057\u3066\u3044\u308b<\/figcaption><\/figure>\n<h2><a id=\"Packer-Analyses\"><\/a>\u30d1\u30c3\u30ab\u30fc\u306e\u5206\u6790<\/h2>\n<p>\u5206\u6790\u3068\u8105\u5a01\u60c5\u5831\u306e\u53ce\u96c6\u3092\u3057\u305f\u7d50\u679c\u3001HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d0\u30a4\u30ca\u30ea\u304c\u4e3b\u306b\u4f7f\u7528\u3057\u3066\u3044\u308b2\u7a2e\u985e\u306e\u30d1\u30c3\u30ab\u30fc\u304c\u78ba\u8a8d\u3055\u308c\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u4f5c\u8005\u3068\u7591\u308f\u308c\u308b\u4eba\u7269\u306b\u3064\u306a\u304c\u308b\u4ed6\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u3082\u767a\u898b\u3055\u308c\u307e\u3057\u305f(\u56f35)\u3002<\/p>\n<p>1\u7a2e\u985e\u76ee\u306e\u30d1\u30c3\u30ab\u30fc\u306fUPX\u3092\u6539\u5909\u3057\u305f\u3082\u306e\u3067\u3059\u3002UPX\u3067\u30d1\u30c3\u30af\u3055\u308c\u305f\u30d0\u30a4\u30ca\u30ea\u3068\u30ab\u30b9\u30bf\u30e0\u30d1\u30c3\u30ab\u30fc\u306e\u30b3\u30fc\u30c9\u306f\u975e\u5e38\u306b\u3088\u304f\u4f3c\u3066\u3044\u307e\u3059\u304c\u3001\u30ab\u30b9\u30bf\u30e0\u30d1\u30c3\u30ab\u30fc\u306f<span style=\"font-family: 'courier new', courier, monospace;\">.UPX0<\/span>\u3084 <span style=\"font-family: 'courier new', courier, monospace;\">.UPX1<\/span>\u3068\u3044\u3063\u305f\u8b58\u5225\u53ef\u80fd\u306a\u30bb\u30af\u30b7\u30e7\u30f3\u540d\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u305b\u3093\u3002\u307e\u305f\u30c7\u30d5\u30a9\u30eb\u30c8\u306e<span style=\"font-family: 'courier new', courier, monospace;\">.text<\/span>\u3084<span style=\"font-family: 'courier new', courier, monospace;\">.data<\/span>\u3001<span style=\"font-family: 'courier new', courier, monospace;\">.rsrc<\/span>\u306e\u540d\u524d\u3092\u5909\u66f4\u3057\u306a\u3044\u307e\u307e\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u3055\u3089\u306b\u3001UPX\u3067\u30d1\u30c3\u30af\u3055\u308c\u305f\u30d0\u30a4\u30ca\u30ea(\u30de\u30b8\u30c3\u30af\u30d0\u30a4\u30c8\u300c<span style=\"font-family: 'courier new', courier, monospace;\">UPX!<\/span>\u300d\u3092\u542b\u3080)\u3068\u9055\u3044\u3001\u30d1\u30c3\u30af\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u5185\u306b\u306f\u30de\u30b8\u30c3\u30af\u30d0\u30a4\u30c8\u304c\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n<p>\u305f\u3060\u3057\u3053\u306e\u30b5\u30f3\u30d7\u30eb\u304c\u30d1\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u306f\u81ea\u660e\u3067\u3059\u3002<span style=\"font-family: 'courier new', courier, monospace;\">.text<\/span>\u30bb\u30af\u30b7\u30e7\u30f3\u306eraw\u30b5\u30a4\u30ba\u304c\u30bc\u30ed\u57cb\u3081\u3055\u308c\u3066\u3044\u308b\u4e00\u65b9\u3067\u4eee\u60f3\u30b5\u30a4\u30ba\u306f\u4e88\u60f3\u3055\u308c\u308b\u901a\u308a\u306f\u308b\u304b\u306b\u5927\u304d\u304f\u306a\u3063\u3066\u304a\u308a\u3001\u3053\u308c\u304c<span style=\"font-family: 'courier new', courier, monospace;\">.UPX0<\/span>\u30bb\u30af\u30b7\u30e7\u30f3\u3068\u540c\u4e00\u3060\u304b\u3089\u3067\u3059\u3002\u30c7\u30a3\u30b9\u30af\u4e0a\u306e<span style=\"font-family: 'courier new', courier, monospace;\">.text<\/span>\u30bb\u30af\u30b7\u30e7\u30f3\u306b\u306f\u30c7\u30fc\u30bf\u304c\u306a\u3044\u306e\u3067\u3001\u30a2\u30f3\u30d1\u30c3\u30af\u3057\u305f\u30b9\u30bf\u30d6\u306e\u30a8\u30f3\u30c8\u30ea\u30dd\u30a4\u30f3\u30c8\u306f<span style=\"font-family: 'courier new', courier, monospace;\">.data<\/span>\u30bb\u30af\u30b7\u30e7\u30f3\u5185\u306b\u3042\u308a\u3001\u3053\u308c\u304c\u5b9f\u884c\u6642\u306b\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092<span style=\"font-family: 'courier new', courier, monospace;\">.text<\/span>\u30bb\u30af\u30b7\u30e7\u30f3\u306b\u30a2\u30f3\u30d1\u30c3\u30af\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u3053\u3068\u304b\u3089\u540c\u30a2\u30af\u30bf\u30fc\u304cUPX\u30d1\u30c3\u30ab\u30fc\u304b\u3089\u7279\u5b9a\u306e\u8981\u7d20\u3092\u4fee\u6b63\u306a\u3044\u3057\u30b3\u30d4\u30fc\u3057\u3066\u304d\u305f\u3053\u3068\u304c\u793a\u5506\u3055\u308c\u307e\u3059\u3002\u3053\u306e\u3053\u3068\u306f\u3001UPX\u30d1\u30c3\u30af\u3057\u305f\u30d0\u30a4\u30ca\u30ea\u3068\u30ab\u30b9\u30bf\u30e0\u30d1\u30c3\u30af\u306eHelloXD\u30d0\u30a4\u30ca\u30ea\u3092\u6bd4\u8f03\u3059\u308b\u3053\u3068\u3067\u3055\u3089\u306b\u8ffd\u8a8d\u53ef\u80fd\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_123531\" aria-describedby=\"caption-attachment-123531\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123532 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-53.png\" alt=\"\u56f35 \u30ab\u30b9\u30bf\u30e0\u30d1\u30c3\u30af\u3057\u305f\u30b5\u30f3\u30d7\u30eb(\u5de6)\u3068\u30aa\u30ea\u30b8\u30ca\u30eb\u306eUPX\u3067\u30d1\u30c3\u30af\u3057\u305f\u30b5\u30f3\u30d7\u30eb(\u53f3)\u306e\u985e\u4f3c\u6027\" width=\"900\" height=\"299\" \/><figcaption id=\"caption-attachment-123531\" class=\"wp-caption-text\">\u56f35. \u30ab\u30b9\u30bf\u30e0\u30d1\u30c3\u30af\u3057\u305f\u30b5\u30f3\u30d7\u30eb(\u5de6)\u3068\u30aa\u30ea\u30b8\u30ca\u30eb\u306eUPX\u3067\u30d1\u30c3\u30af\u3057\u305f\u30b5\u30f3\u30d7\u30eb(\u53f3)\u306e\u985e\u4f3c\u6027<\/figcaption><\/figure>\n<p>\u79c1\u305f\u3061\u304c\u767a\u898b\u3057\u305f2\u7a2e\u985e\u76ee\u306e\u30d1\u30c3\u30ab\u30fc\u306f2\u6bb5\u69cb\u3048\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u30022\u6bb5\u76ee\u306f\u5148\u306b\u8aac\u660e\u3057\u305f\u30ab\u30b9\u30bf\u30e0UPX\u30d1\u30c3\u30ab\u30fc\u3067\u3059\u3002\u3053\u306e2\u7a2e\u985e\u76ee\u306e\u30d1\u30c3\u30ab\u30fc\u306fx64\u30d0\u30a4\u30ca\u30ea\u3067\u306f\u3088\u308a\u4e00\u822c\u7684\u306a\u3082\u306e\u306e\u3088\u3046\u3067\u3001\u304a\u305d\u3089\u304f\u30ab\u30b9\u30bf\u30e0\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3068\u601d\u308f\u308c\u308b\u3082\u306e\u3092\u4f7f\u3063\u3066\u57cb\u3081\u8fbc\u307f\u30d6\u30ed\u30d6\u3092\u5fa9\u53f7\u3059\u308b\u51e6\u7406\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3001\u3053\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u304c\u307b\u304b\u3067\u306f\u898b\u306a\u3044\u30bf\u30a4\u30d7\u3067XLAT(\u56f36\u53c2\u7167)\u306e\u3088\u3046\u306a\u547d\u4ee4\u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_123533\" aria-describedby=\"caption-attachment-123533\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123534 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-54.png\" alt=\"\u56f36 \u30d1\u30c3\u30ab\u30fc\u5185\u3067XLAT\u547d\u4ee4\u3068ROR8\u547d\u4ee4\u3067\u5fa9\u53f7\u3057\u3066\u3044\u308b\" width=\"900\" height=\"489\" \/><figcaption id=\"caption-attachment-123533\" class=\"wp-caption-text\">\u56f36. \u30d1\u30c3\u30ab\u30fc\u5185\u3067XLAT\u547d\u4ee4\u3068ROR8\u547d\u4ee4\u3067\u5fa9\u53f7\u3057\u3066\u3044\u308b<\/figcaption><\/figure>\n<p>2\u6bb5\u76ee\u3092\u6697\u53f7\u5316\u3057\u3066\u683c\u7d0d\u3059\u308b\u3053\u3068\u3092\u9664\u3044\u3066\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">VirtualAlloc<\/span>\u3084<span style=\"font-family: 'courier new', courier, monospace;\">VirtualProtect<\/span>\u306a\u3069\u306eAPI\u547c\u3073\u51fa\u3057\u306f\u306f\u3063\u304d\u308a\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3057\u3001\u5236\u5fa1\u30d5\u30ed\u30fc\u3082\u96e3\u8aad\u5316\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002<\/p>\n<h2><a id=\"Ransomware-Internals\"><\/a><strong>\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u5185\u90e8\u69cb\u9020<\/strong><\/h2>\n<p>\u79c1\u305f\u3061\u306f2\u7a2e\u985e\u306e\u7570\u306a\u308bHelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002\u3064\u307e\u308a\u4f5c\u8005\u306f\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u307e\u3060\u958b\u767a\u4e2d\u3067\u3042\u308b\u3053\u3068\u304c\u793a\u5506\u3055\u308c\u307e\u3059\u30021\u7a2e\u985e\u76ee\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u304b\u306a\u308a\u539f\u59cb\u7684\u306a\u3082\u306e\u3067\u3059\u3002\u6700\u5c0f\u9650\u306e\u96e3\u8aad\u5316\u3057\u304b\u3055\u308c\u3066\u3044\u306a\u3044\u3057\u3001\u3088\u304f\u3042\u308b\u901a\u308a\u3001\u96e3\u8aad\u5316\u3055\u308c\u305f\u30ed\u30fc\u30c0\u30fc\u3068\u30da\u30a2\u3067\u4f7f\u308f\u308c\u3066\u3044\u3066\u3001\u3053\u306e\u30ed\u30fc\u30c0\u30fc\u306bWinCrypt API\u3067\u81ea\u8eab\u3092\u5fa9\u53f7\u3055\u305b\u3066\u304b\u3089\u30e1\u30e2\u30ea\u306b\u30a4\u30f3\u30b8\u30a7\u30af\u30c8\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3068\u6bd4\u3079\u30662\u7a2e\u985e\u76ee\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u9ad8\u5ea6\u306b\u96e3\u8aad\u5316\u3055\u308c\u3066\u3044\u3066\u3001\u672c\u683c\u7684\u306a\u30ed\u30fc\u30c0\u30fc\u3067\u306f\u306a\u304f\u30d1\u30c3\u30ab\u30fc\u306b\u3088\u3063\u3066\u30e1\u30e2\u30ea\u5185\u3067\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u96e3\u8aad\u5316\u3084\u5b9f\u884c\u306e\u624b\u6cd5\u306f\u4e21\u8005\u3067\u7570\u306a\u308b\u3082\u306e\u306e\u3001\u3069\u3061\u3089\u306e\u30b5\u30f3\u30d7\u30eb\u3082\u6839\u5e79\u306e\u6a5f\u80fd\u306f\u975e\u5e38\u306b\u3088\u304f\u4f3c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306f\u3053\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u4f5c\u8005\u304cHelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u958b\u767a\u306b\u3042\u305f\u308a\u3001\u6d41\u51fa\u3057\u305fBabuk\/Babyk\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3092\u30b3\u30d4\u30fc\u3057\u305f\u305f\u3081\u3067\u3059(\u56f37\u53c2\u7167)\u3002\u7d50\u679c\u3068\u3057\u3066\u96e3\u8aad\u5316\u3092\u89e3\u9664\u3057\u3066\u307f\u308b\u3068\u305d\u306e\u6a5f\u80fd\u7684\u69cb\u9020\u306e\u591a\u304f\u304cBabuk\u3068\u91cd\u306a\u308a\u307e\u3059\u3002<\/p>\n<table style=\"width: 100.963%;\">\n<tbody>\n<tr>\n<td style=\"width: 12.9389%;\"><\/td>\n<td style=\"width: 43.38%;\"><b>\u30b5\u30f3\u30d7\u30eb1 - Windows<\/b><\/td>\n<td style=\"width: 119.435%;\"><b>\u30b5\u30f3\u30d7\u30eb2 - Windows<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 12.9389%;\"><span style=\"font-weight: 400;\">\u30cf\u30c3\u30b7\u30e5\u5024<\/span><\/td>\n<td style=\"width: 43.38%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">4a2ee1666e2e9c40d372853e2203a7f2336b6e03<\/span><\/td>\n<td style=\"width: 119.435%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">1758a8db8485f7e70432c07a9e3d5c0bb5743889<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 12.9389%;\"><span style=\"font-weight: 400;\">\u5b9f\u884c<\/span><\/td>\n<td style=\"width: 43.38%;\"><span style=\"font-weight: 400;\">\u96e3\u8aad\u5316\u3055\u308c\u305f\u30ed\u30fc\u30c0\u30fc<\/span><\/td>\n<td style=\"width: 119.435%;\"><span style=\"font-weight: 400;\">\u30d1\u30c3\u30ab\u30fc<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 12.9389%;\"><span style=\"font-weight: 400;\">\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/span><\/td>\n<td style=\"width: 43.38%;\"><span style=\"font-weight: 400;\">\u4fee\u6b63\u7248HC-128\u3001Curve25519-Donna<\/span><\/td>\n<td style=\"width: 119.435%;\"><span style=\"font-weight: 400;\">Rabbit Cipher\u3001Curve25519-Donna<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 12.9389%;\"><span style=\"font-weight: 400;\">\u96e3\u8aad\u5316<\/span><\/td>\n<td style=\"width: 43.38%;\"><span style=\"font-weight: 400;\">\u6700\u4f4e\u9650<\/span><\/td>\n<td style=\"width: 119.435%;\"><span style=\"font-weight: 400;\">\u5236\u5fa1\u30d5\u30ed\u30fc<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 12.9389%;\"><span style=\"font-weight: 400;\">\u30d5\u30a1\u30a4\u30eb<\/span><\/td>\n<td style=\"width: 43.38%;\"><span style=\"font-weight: 400;\">\u6c4e\u7528\u30d5\u30a1\u30a4\u30eb<\/span><\/td>\n<td style=\"width: 119.435%;\"><span style=\"font-weight: 400;\">\u6c4e\u7528\u30d5\u30a1\u30a4\u30eb\u3001MBR\u3001\u30d6\u30fc\u30c8\u30d5\u30a1\u30a4\u30eb<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"color: #999999;\"><sup><em>\u88681 \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u306e\u6bd4\u8f03\u307e\u3068\u3081<\/em><\/sup><\/span><\/p>\n<figure id=\"attachment_123535\" aria-describedby=\"caption-attachment-123535\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123536 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-55.png\" alt=\"\u56f37 Babuk\u306e\u6697\u53f7\u5316\u6a5f\u80fd(\u5de6)\u3068HelloXD\u306e\u6697\u53f7\u5316\u6a5f\u80fd(\u53f3)\u3092\u4e26\u3079\u3066\u8868\u793a\u3057\u305f\u3068\u3053\u308d\" width=\"900\" height=\"305\" \/><figcaption id=\"caption-attachment-123535\" class=\"wp-caption-text\">\u56f37 Babuk\u306e\u6697\u53f7\u5316\u6a5f\u80fd(\u5de6)\u3068HelloXD\u306e\u6697\u53f7\u5316\u6a5f\u80fd(\u53f3)\u3092\u4e26\u3079\u3066\u8868\u793a\u3057\u305f\u3068\u3053\u308d<\/figcaption><\/figure>\n<p>\u3053\u308c\u30892\u7a2e\u306eHelloXD\u3068Babuk\u3068\u306e\u9593\u306b\u306f\u91cd\u8907\u3082\u591a\u3044\u3067\u3059\u304c\u3001\u5c0f\u3055\u3044\u306a\u304c\u3089\u3082\u6ce8\u610f\u3059\u3079\u304d\u91cd\u8981\u306a\u9055\u3044\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u30d0\u30fc\u30b8\u30e7\u30f31\u306eHelloXD\u306fBabuk\u306b\u6700\u4f4e\u9650\u306e\u5909\u66f4\u306e\u307f\u3092\u52a0\u3048\u305f\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3001Curve25519-Donna\u3068\u4fee\u6b63\u7248HC-128\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3067\u30d5\u30a1\u30a4\u30eb\u30c7\u30fc\u30bf\u3092\u6697\u53f7\u5316\u3057\u3066\u3044\u307e\u3059\u3002\u3057\u304b\u3057\u306a\u304c\u3089\u3001<span style=\"font-family: 'courier new', courier, monospace;\">dong<\/span>\u3068\u3044\u3046\u6587\u5b57\u5217\u3092\u542b\u3080CRC\u30cf\u30c3\u30b7\u30e5\u30eb\u30fc\u30c1\u30f3\u306f\u4e21\u8005\u3067\u540c\u4e00\u3067\u3059\u3002\u306a\u304a\u3001\u3053\u306e\u6587\u5b57\u5217\u306f\u4ee5\u524dBabuk\u306e\u6700\u521d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u5206\u6790\u3057\u5831\u544a\u3057\u305fChuong Dong\u6c0f\u306b\u3064\u3044\u3066\u8a00\u53ca\u3057\u305f\u3082\u306e(\u56f38)\u3068\u601d\u308f\u308c\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_123537\" aria-describedby=\"caption-attachment-123537\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123538 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-56.png\" alt=\"\u56f38 HelloXD\u306e\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\u8a08\u7b97\" width=\"900\" height=\"115\" \/><figcaption id=\"caption-attachment-123537\" class=\"wp-caption-text\">\u56f38 HelloXD\u306e\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\u8a08\u7b97<\/figcaption><\/figure>\n<p>\u305f\u3060\u3057HelloXD\u306e\u4f5c\u8005\u306f\u60aa\u540d\u9ad8\u3044\u30d5\u30a1\u30a4\u30eb\u30de\u30fc\u30ab\u30fc\u3068\u30df\u30e5\u30fc\u30c6\u30c3\u30af\u30b9\u306f\u5909\u66f4\u3057\u3066\u3044\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u30de\u30fc\u30ab\u30fc\u306b\u306f\u300c<span style=\"font-family: 'courier new', courier, monospace;\">dxunmgqehhehyrhtxywuhwrvzxqrcblo<\/span>\u300d\u3092\u4f7f\u3044\u3001\u30df\u30e5\u30fc\u30c6\u30c3\u30af\u30b9\u306b\u306f\u300c<span style=\"font-family: 'courier new', courier, monospace;\">With best wishes And good intentions<\/span>...\u300d\u3092\u9078\u3093\u3067\u3044\u307e\u3059(\u56f39\u53c2\u7167)\u3002<\/p>\n<figure id=\"attachment_123539\" aria-describedby=\"caption-attachment-123539\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123540 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-57.png\" alt=\"\u56f39 HelloXD\u72ec\u81ea\u306e\u30df\u30e5\u30fc\u30c6\u30c3\u30af\u30b9\" width=\"900\" height=\"919\" \/><figcaption id=\"caption-attachment-123539\" class=\"wp-caption-text\">\u56f39 HelloXD\u72ec\u81ea\u306e\u30df\u30e5\u30fc\u30c6\u30c3\u30af\u30b9<\/figcaption><\/figure>\n<p>\u30d0\u30fc\u30b8\u30e7\u30f32\u306eHelloXD\u306f\u3001\u6697\u53f7\u5316\u30eb\u30fc\u30c1\u30f3\u3092\u5909\u66f4\u3057\u3001\u4fee\u6b63\u7248HC-128\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092<a href=\"https:\/\/github.com\/vbdaga\/Rabbit-Cipher\">Rabbit\u5171\u901a\u9375\u6697\u53f7<\/a>\u306b\u7f6e\u304d\u63db\u3048\u308b\u3053\u3068\u3092\u9078\u3093\u3067\u3044\u307e\u3059\u3002\u3055\u3089\u306b\u30d5\u30a1\u30a4\u30eb\u30de\u30fc\u30ab\u30fc\u3082\u518d\u5ea6\u5909\u66f4\u3057\u3001\u4eca\u5ea6\u306f\u610f\u5473\u306e\u3042\u308b\u6587\u5b57\u5217\u3067\u306f\u306a\u304f\u4e00\u898b\u30e9\u30f3\u30c0\u30e0\u306a\u30d0\u30a4\u30c8\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u30df\u30e5\u30fc\u30c6\u30c3\u30af\u30b9\u3082\u5909\u66f4\u3057\u3066\u304a\u308a\u3001\u3042\u308b\u30b5\u30f3\u30d7\u30eb\u3067\u306f\u3053\u308c\u304c<span style=\"font-family: 'courier new', courier, monospace;\">nqldslhumipyuzjnatqucmuycqkxjon<\/span>\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u307e\u3057\u305f(\u56f310)\u3002<\/p>\n<figure id=\"attachment_123541\" aria-describedby=\"caption-attachment-123541\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123542 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-58.png\" alt=\"\u56f310 Rabbit\u6697\u53f7\" width=\"900\" height=\"413\" \/><figcaption id=\"caption-attachment-123541\" class=\"wp-caption-text\">\u56f310 Rabbit\u6697\u53f7<\/figcaption><\/figure>\n<p>\u3069\u3061\u3089\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3082\u540c\u3058\u30b3\u30f3\u30d1\u30a4\u30e9(\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3055\u308c\u305f\u540d\u524d\u306e\u4fee\u98fe\u304b\u3089GCC 3.x\u4ee5\u4e0a\u3068\u601d\u308f\u308c\u308b)\u3067\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304b\u3089\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u4e9c\u7a2e\u540c\u58eb\u3060\u3051\u3067\u306a\u304f\u3001\u540c\u3058\u4f5c\u8005\u306e\u624b\u306b\u3088\u308b\u3068\u898b\u3089\u308c\u308b\u4ed6\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u540c\u58eb\u3082\u975e\u5e38\u306b\u3088\u304f\u4f3c\u305f\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u5185\u5bb9\u306b\u306a\u3063\u3066\u3044\u307e\u3059(\u56f311)\u3002<\/p>\n<figure id=\"attachment_123543\" aria-describedby=\"caption-attachment-123543\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123544 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-59.png\" alt=\"\u56f311 \u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u30c6\u30fc\u30d6\u30eb\u304b\u3089\u3088\u304f\u4f3c\u305f\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u547d\u540d\u898f\u5247\u304c\u4f7f\u308f\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308b\" width=\"900\" height=\"181\" \/><figcaption id=\"caption-attachment-123543\" class=\"wp-caption-text\">\u56f311 \u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u30c6\u30fc\u30d6\u30eb\u304b\u3089\u3088\u304f\u4f3c\u305f\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u547d\u540d\u898f\u5247\u304c\u4f7f\u308f\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308b<\/figcaption><\/figure>\n<p>\u30d0\u30fc\u30b8\u30e7\u30f31\u30682\u306e\u6700\u5927\u306e\u9055\u3044\u306f\u3001\u30d0\u30fc\u30b8\u30e7\u30f32\u5185\u306b\u8ffd\u52a0\u3067\u4e8c\u6bb5\u76ee\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u57cb\u3081\u8fbc\u3093\u3067\u3044\u308b\u3068\u3044\u3046\u8208\u5473\u6df1\u3044\u3082\u306e\u3067\u3059\u3002\u3053\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u5148\u306b\u8aac\u660e\u3057\u305f\u96e3\u8aad\u5316\u6e08\u307f\u30ed\u30fc\u30c0\u30fc\u3068\u540c\u3058\u624b\u6cd5\u3067WinCrypt API\u306b\u3088\u308b\u6697\u53f7\u5316\u304c\u884c\u308f\u308c\u3066\u3044\u307e\u3059\u3002\u5fa9\u53f7\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u306fSystem32\u306b<span style=\"font-family: 'courier new', courier, monospace;\">userlogin.exe<\/span>\u3068\u3044\u3046\u540d\u524d\u3067\u30c9\u30ed\u30c3\u30d7\u3055\u308c\u3001\u3053\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30dd\u30a4\u30f3\u30c8\u3059\u308b\u30b5\u30fc\u30d3\u30b9\u304c\u4f5c\u6210\u3055\u308c\u3066\u304b\u3089<span style=\"font-family: 'courier new', courier, monospace;\">userlogin.exe<\/span>\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059(\u56f312)\u3002<\/p>\n<figure id=\"attachment_123545\" aria-describedby=\"caption-attachment-123545\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123546 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-60.png\" alt=\"\u56f312 HelloXD\u306fMicroBackdoor\u3092\u5fa9\u53f7\u3057\u3066userlogin.exe\u3068\u3044\u3046\u540d\u524d\u3067\u30c9\u30ed\u30c3\u30d7\u3059\u308b\" width=\"900\" height=\"311\" \/><figcaption id=\"caption-attachment-123545\" class=\"wp-caption-text\">\u56f312. HelloXD\u306fMicroBackdoor\u3092\u5fa9\u53f7\u3057\u3066userlogin.exe\u3068\u3044\u3046\u540d\u524d\u3067\u30c9\u30ed\u30c3\u30d7\u3059\u308b<\/figcaption><\/figure>\n<p>\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u5909\u308f\u3063\u3066\u3044\u308b\u306e\u306f\u3001\u3053\u308c\u304c\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306eMicroBackdoor\u306e\u4e9c\u7a2e\u3067\u3001\u653b\u6483\u8005\u304c\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306e\u95b2\u89a7\u3084\u30d5\u30a1\u30a4\u30eb\u306e\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u30fb\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3001\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u3001\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u306e\u81ea\u8eab\u306e\u524a\u9664\u3092\u884c\u3048\u308b\u3088\u3046\u306b\u3059\u308b\u30d0\u30c3\u30af\u30c9\u30a2\u3067\u3042\u308b\u3068\u3044\u3046\u70b9\u3067\u3059(\u56f313)\u3002\u901a\u5e38\u306a\u3089\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u5c55\u958b\u6642\u70b9\u3067\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3078\u306e\u8db3\u5834\u3092\u78ba\u4fdd\u3057\u3066\u3044\u308b\u306f\u305a\u306a\u306e\u3067\u3001\u306a\u305c\u3053\u306e\u30d0\u30c3\u30af\u30c9\u30a2\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u5b9f\u884c\u306b\u542b\u307e\u308c\u3066\u3044\u308b\u306e\u304b\u306f\u8b0e\u3067\u3059\u30021\u3064\u306e\u53ef\u80fd\u6027\u3068\u3057\u3066\u8003\u3048\u3089\u308c\u308b\u306e\u306f\u300c\u30d6\u30eb\u30fc\u30c1\u30fc\u30e0\u3084\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u30ec\u30b9\u30dd\u30f3\u30b9(IR)\u6d3b\u52d5\u3067\u3001\u8eab\u4ee3\u91d1\u3092\u8981\u6c42\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u306e\u76e3\u8996\u306b\u4f7f\u3046\u300d\u3068\u3044\u3046\u3053\u3068\u3067\u3057\u3087\u3046\u304c\u3001\u305d\u306e\u5834\u5408\u3067\u3082\u3001\u611f\u67d3\u306e\u3053\u306e\u6bb5\u968e\u3067\u653b\u6483\u7528\u30c4\u30fc\u30eb\u304c\u30c9\u30ed\u30c3\u30d7\u3055\u308c\u308b\u306e\u306f\u7570\u4f8b\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_123547\" aria-describedby=\"caption-attachment-123547\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123548 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-61.png\" alt=\"\u56f313 MicroBackdoor\u306e\u8a2d\u5b9a\" width=\"900\" height=\"548\" \/><figcaption id=\"caption-attachment-123547\" class=\"wp-caption-text\">\u56f313. MicroBackdoor\u306e\u8a2d\u5b9a<\/figcaption><\/figure>\n<h2><a id=\"wtfbbq-pivots\"><\/a>\u6587\u5b57\u5217\u300c:wtfbbq\u300d\u304b\u3089\u306e\u8abf\u67fb<\/h2>\n<p>\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30d0\u30a4\u30ca\u30ea\u3092\u89e3\u6790\u3057\u3066\u3044\u308b\u3068\u3001\u307b\u307c\u5168\u3066\u306e\u30b5\u30f3\u30d7\u30eb\u306b\u5171\u901a\u3057\u3066\u898b\u3089\u308c\u308b\u7279\u7570\u306a\u6587\u5b57\u5217\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\u3002 \u300c<span style=\"font-family: 'courier new', courier, monospace;\"><strong>:wtfbbq<\/strong><\/span>\u300d(UTF-16LE\u3068\u3057\u3066\u683c\u7d0d\u3055\u308c\u3066\u3044\u308b)\u3068\u3044\u3046\u6587\u5b57\u5217\u3067\u3059\u3002\u3053\u306e\u6587\u5b57\u5217\u3067VirusTotal\u306b\u30af\u30a8\u30ea\u3092\u304b\u3051\u305f\u3068\u3053\u308d\u30018\u3064\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\u3002\u3053\u306e\u3046\u30616\u3064\u306f\u3001x4k\u304c\u81ea\u8eab\u306e\u30a4\u30f3\u30d5\u30e9\u3092\u30de\u30c3\u30d4\u30f3\u30b0\u3057\u305fVirusTotal\u30b0\u30e9\u30d5\u306b\u3088\u308a\u3001<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306b\u76f4\u63a5\u30a2\u30c8\u30ea\u30d3\u30e5\u30fc\u30c8(\u5e30\u5c5e)\u53ef\u80fd\u3067\u3042\u308b\u3053\u3068\u304c\u5224\u660e\u3057\u307e\u3057\u305f\u3002VirusTotal\u3067\u898b\u3064\u304b\u3063\u305f\u3053\u308c\u3089\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u4e3b\u306bCobalt Strike Beacon\u3067\u3057\u305f\u304c\u3001\u3053\u308c\u307e\u3067\u898b\u3066\u304d\u305fHelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30b5\u30f3\u30d7\u30eb\u3068\u9055\u3063\u3066\u5236\u5fa1\u30d5\u30ed\u30fc\u304c\u9ad8\u5ea6\u306b\u96e3\u8aad\u5316\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u6b8b\u5ff5\u306a\u304c\u3089\u3053\u306e\u6587\u5b57\u5217\u306fx4k\u306b\u56fa\u6709\u306e\u3082\u306e\u3067\u306f\u306a\u304f\u8907\u6570\u306eGitHub\u30ea\u30dd\u30b8\u30c8\u30ea\u3067\u898b\u3064\u304b\u3063\u3066\u3044\u3066\u3001\u3053\u308c\u306f\u300c\u30d5\u30a1\u30a4\u30eb\u5185\u306e\u4e3b\u8981\u30c7\u30fc\u30bf\u30b9\u30c8\u30ea\u30fc\u30e0\u540d\u3092<span style=\"font-family: 'courier new', courier, monospace;\"><strong>:wtfbbq<\/strong><\/span>\u306b\u5909\u66f4\u3059\u308b\u3053\u3068\u3067\u5b9f\u884c\u4e2d\u306e\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306b\u30c7\u30a3\u30b9\u30af\u304b\u3089\u81ea\u8eab\u3092\u524a\u9664\u3055\u305b\u308b\u300d\u3068\u3044\u3046\u30c6\u30af\u30cb\u30c3\u30af\u306e\u4e00\u90e8\u3092\u306a\u3057\u3066\u3044\u307e\u3057\u305f\u3002UTF-16LE\u4ee5\u5916\u306e\u6587\u5b57\u5217\u3092\u691c\u7d22\u3059\u308b\u3068\u30d5\u30a1\u30a4\u30eb\u304c\u8907\u6570\u898b\u3064\u304b\u308a\u307e\u3059\u3002\u3053\u308c\u3089\u3092\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3067\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3059\u308b\u306810\u500b\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u898b\u3064\u304b\u308a\u307e\u3059\u3002\u305d\u306e\u307b\u3068\u3093\u3069\u306fNim\u8a00\u8a9e\u30d9\u30fc\u30b9\u306e\u30d0\u30a4\u30ca\u30ea\u3067\u3001\u3053\u306e<a href=\"https:\/\/github.com\/byt3bl33d3r\/OffensiveNim\/blob\/master\/src\/self_delete_bin.nim\">GitHub\u30ea\u30dd\u30b8\u30c8\u30ea<\/a>\u306b\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u300c<span style=\"font-family: 'courier new', courier, monospace;\"><strong>:wtfbbq<\/strong><\/span>\u300d\u3068\u3044\u3046\u6587\u5b57\u5217\u306f<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306b\u56fa\u6709\u306e\u3082\u306e\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u5206\u6790\u3057\u305fHelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u5185\u3067\u898b\u3064\u304b\u3063\u305fUTF-16LE\u7248\u306e\u540c\u6587\u5b57\u5217\u3092\u691c\u7d22\u3059\u308b\u3068<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306e\u30a4\u30f3\u30d5\u30e9\u306b\u30ea\u30f3\u30af\u3057\u305f\u30d0\u30a4\u30ca\u30ea\u3057\u304b\u898b\u3064\u304b\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u3053\u306e\u3053\u3068\u306fHelloXD\u3068<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u3068\u306e\u5f37\u3044\u95a2\u9023\u6027\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2><a id=\"Hunting-for-Ransomware-Attribution\"><\/a>\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u306e\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0<\/h2>\n<p>\u3053\u306e\u30d0\u30c3\u30af\u30c9\u30a2\u304b\u3089\u306f\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u80cc\u5f8c\u306b\u3044\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u6b63\u4f53\u306b\u95a2\u3059\u308b\u975e\u5e38\u306b\u6709\u76ca\u306a\u77e5\u898b\u304c\u5f97\u3089\u308c\u307e\u3057\u305f\u3002\u30b3\u30de\u30f3\u30c9\uff06\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb(C2)\u7528\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305fIP\u30a2\u30c9\u30ec\u30b9<span style=\"font-family: 'courier new', courier, monospace;\">193[.]242[.]145[.]158<\/span>\u304c\u542b\u307e\u308c\u3066\u3044\u305f\u306e\u3067\u3059\u3002\u3053\u306eIP\u30a2\u30c9\u30ec\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u30da\u30fc\u30b8\u30bf\u30a4\u30c8\u30eb\u306b<span style=\"font-family: 'courier new', courier, monospace;\">tebya@poime[.]li<\/span>\u3068\u3044\u3046\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u308c\u304c\u30a2\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u30c1\u30a7\u30fc\u30f3\u306e\u6700\u521d\u306e\u30ea\u30f3\u30af\u306b\u306a\u308a\u307e\u3057\u305f (\u56f314)\u3002<\/p>\n<figure id=\"attachment_123549\" aria-describedby=\"caption-attachment-123549\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123550 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-62.png\" alt=\"\u56f314 \u30da\u30fc\u30b8\u30bf\u30a4\u30c8\u30eb\u306b\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u30b5\u30a4\u30c8\u30b3\u30f3\u30c6\u30f3\u30c4\" width=\"900\" height=\"148\" \/><figcaption id=\"caption-attachment-123549\" class=\"wp-caption-text\">\u56f314 \u30da\u30fc\u30b8\u30bf\u30a4\u30c8\u30eb\u306b\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u30b5\u30a4\u30c8\u30b3\u30f3\u30c6\u30f3\u30c4<\/figcaption><\/figure>\n<p>\u3053\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u8ef8\u306b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">tebya@poime[.]li<\/span>\u306b\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u3092\u8ffd\u52a0\u3067\u7279\u5b9a\u3057\u307e\u3057\u305f\u3002<\/p>\n<table style=\"width: 100.803%;\">\n<tbody>\n<tr>\n<td style=\"width: 8.11469%;\"><b>\u30c9\u30e1\u30a4\u30f3<\/b><\/td>\n<td style=\"width: 8.4475%;\"><b>\u96fb\u5b50\u30e1\u30fc\u30eb<\/b><\/td>\n<td style=\"width: 8.68397%;\"><b>\u96fb\u8a71\u756a\u53f7<\/b><\/td>\n<td style=\"width: 35.1835%;\"><b>\u30cd\u30fc\u30e0\u30b5\u30fc\u30d0\u30fc<\/b><\/td>\n<td style=\"width: 10.6535%;\"><b>\u30ec\u30b8\u30b9\u30c8\u30e9<\/b><\/td>\n<td style=\"width: 8.34636%;\"><b>\u56fd\u540d<\/b><\/td>\n<td style=\"width: 9.05232%;\"><b>\u4f5c\u6210\u65e5<\/b><\/td>\n<td style=\"width: 35.4213%;\"><b>IP\u00a0<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 8.11469%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">x4k.us<\/span><\/td>\n<td style=\"width: 8.4475%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">tebya@poime.li<\/span><\/td>\n<td style=\"width: 8.68397%;\"><span style=\"font-weight: 400;\">19253078717<\/span><\/td>\n<td style=\"width: 35.1835%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">dns1.registrar-servers.com;dns2.registrar-servers.com;<\/span><\/td>\n<td style=\"width: 10.6535%;\"><span style=\"font-weight: 400;\">namecheap, inc.<\/span><\/td>\n<td style=\"width: 8.34636%;\"><span style=\"font-weight: 400;\">NZ<\/span><\/td>\n<td style=\"width: 9.05232%;\"><span style=\"font-weight: 400;\">2020-07-26<\/span><\/td>\n<td style=\"width: 35.4213%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 8.11469%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">1q.is<\/span><\/td>\n<td style=\"width: 8.4475%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">tebya@poime.li<\/span><\/td>\n<td style=\"width: 8.68397%;\"><span style=\"font-weight: 400;\">19253078717<\/span><\/td>\n<td style=\"width: 35.1835%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">forwarding00.isnic.is<\/span><\/td>\n<td style=\"width: 10.6535%;\"><span style=\"font-weight: 400;\">N\/A<\/span><\/td>\n<td style=\"width: 8.34636%;\"><span style=\"font-weight: 400;\">NZ<\/span><\/td>\n<td style=\"width: 9.05232%;\"><span style=\"font-weight: 400;\">2021-05-30<\/span><\/td>\n<td style=\"width: 35.4213%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29\u00a0<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"color: #999999;\"><sup><em>\u88682 tebya@poime.li \u306b\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3<\/em><\/sup><\/span><\/p>\n<p>\u305d\u306e\u3046\u3061\u306e\u3044\u304f\u3064\u304b\u306f\u6b74\u53f2\u7684\u306b\u60aa\u610f\u306e\u3042\u308bIP\u306b\u89e3\u6c7a\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u3053\u304b\u3089\u3055\u3089\u306b\u307b\u304b\u306e\u30c9\u30e1\u30a4\u30f3\u3067\u30db\u30b9\u30c8\u3055\u308c\u3066\u3044\u308b\u8ffd\u52a0\u306e\u30a4\u30f3\u30d5\u30e9\u3068\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u767a\u898b\u3067\u304d\u307e\u3057\u305f(\u88683)\u3002\u3053\u306e\u591a\u304f\u306f\u30c9\u30e1\u30a4\u30f3\u306b<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306e\u540d\u524d\u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<table style=\"width: 101.353%;\">\n<tbody>\n<tr>\n<td style=\"width: 39.0681%;\"><b>\u30c9\u30e1\u30a4\u30f3<\/b><\/td>\n<td style=\"width: 24.7312%;\"><b>IP<\/b><\/td>\n<td style=\"width: 17.9211%;\"><b>\u521d\u8a8d<\/b><\/td>\n<td style=\"width: 167.742%;\"><b>\u7d42\u8a8d<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">1q.is<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-06-15<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2022-03-24<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">x4k.sh<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-01-14<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2022-03-22<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">mundo-telenovelas.x4k.dev<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-11-02<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-11-02<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">acp.x4k.dev<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-11-02<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-11-02<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">relay1.l4cky.com<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-03-25<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-04-28<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">oelwein-ia.x4k.dev<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-11-02<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-11-02<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">mallik.x4k.dev<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2022-03-19<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2022-03-19<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">mamba77.red<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-09-19<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-09-24<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">xn--90a5ai.com<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-09-29<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-09-29<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">x4k.dev<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2020-09-17<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-10-28<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">oxoo.cc<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2020-08-16<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2020-09-15<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">bw.x4k.me<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2020-09-24<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-04-24<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">ldap.l4cky.men<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2020-08-08<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2020-12-15<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">www.y24.co<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2019-03-11<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2019-03-25<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">smtp1.l4cky.com<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2020-12-26<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2020-12-26<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">vmi606037.contaboserver.net<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2021-10-15<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2021-10-30<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 39.0681%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">x4k.us<\/span><\/td>\n<td style=\"width: 24.7312%;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><\/td>\n<td style=\"width: 17.9211%;\"><span style=\"font-weight: 400;\">2020-07-29T<\/span><\/td>\n<td style=\"width: 167.742%;\"><span style=\"font-weight: 400;\">2020-07-29<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"color: #999999;\"><sup><em>\u88683 164[.]68[.]114[.]29\u3001167[.]86[.]87[.]27\u306ePassive DNS<\/em><\/sup><\/span><\/p>\n<p>\u3053\u306e\u30a4\u30f3\u30d5\u30e9\u3092VirusTotal\u3067\u8abf\u3079\u308b\u3068\u3001\u767a\u898b\u3057\u305f\u30c9\u30e1\u30a4\u30f3\u306e\u4e00\u90e8\u306f\u30012021\u5e746\u670830\u65e5\u306b\u30e6\u30fc\u30b6\u30fc<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u304c\u4f5c\u6210\u3057\u305f<span style=\"font-family: 'courier new', courier, monospace;\">a.y.e\/<\/span>\u3068\u3044\u3046VirusTotal\u306e\u30b0\u30e9\u30d5\u306e\u4e00\u90e8\u3067\u3042\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u30b0\u30e9\u30d5\u306b\u306fx4k\u306e\u30a4\u30f3\u30d5\u30e9\u304c\u30de\u30c3\u30d4\u30f3\u30b0\u3055\u308c\u3066\u304a\u308a\u3001\u60aa\u610f\u306e\u3042\u308b\u30d5\u30a1\u30a4\u30eb\u3082\u305d\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u306b\u30ea\u30f3\u30af\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002\u3057\u304b\u3057\u3001<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u304c\u4f5c\u6210\u3057\u305f\u30b0\u30e9\u30d5\u306f\u3053\u308c\u3060\u3051\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u300c\u30ed\u30b7\u30a2\u306e\u30db\u30b9\u30c8\u300d\u300cDDoS\u30ac\u30fc\u30c9\u300d\u306a\u3069\u306e\u3055\u307e\u3056\u307e\u306a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u30de\u30c3\u30d4\u30f3\u30b0\u3057\u305f\u30b0\u30e9\u30d5\u3082\u8ffd\u52a0\u3067\u898b\u3064\u304b\u308a\u307e\u3057\u305f(\u56f315)\u304c\u3001\u53e4\u304f\u306f2020\u5e748\u670810\u65e5\u306b\u307e\u3067\u3055\u304b\u306e\u307c\u3063\u3066\u4f5c\u6210\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<img  class=\"wp-image-123552 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-63.png\" width=\"1\" height=\"1\" \/><\/p>\n<figure id=\"attachment_123553\" aria-describedby=\"caption-attachment-123553\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123554 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-64.png\" alt=\"\u56f315 x4k\u304c\u4f5c\u6210\u3057\u305fx4k\u81ea\u8eab\u306eVirusTotal\u306e\u30b0\u30e9\u30d5\" width=\"900\" height=\"506\" \/><figcaption id=\"caption-attachment-123553\" class=\"wp-caption-text\">\u56f315. x4k\u304c\u4f5c\u6210\u3057\u305fx4k\u81ea\u8eab\u306eVirusTotal\u306e\u30b0\u30e9\u30d5<\/figcaption><\/figure>\n<p>\u307e\u305f\u79c1\u305f\u3061\u306f\u3001\u6700\u521d\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c<a href=\"https:\/\/github.com\/x4kme\">\u3053\u3061\u3089\u306eGitHub\u306e\u30a2\u30ab\u30a6\u30f3\u30c8<\/a>\u306b\u30ea\u30f3\u30af\u3055\u308c\u3066\u3044\u308b\u3053\u3068(\u56f316)\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u3055\u3089\u306b\u3001XSS(\u30ed\u30b7\u30a2\u8a9e\u3067\u3084\u308a\u3068\u308a\u3055\u308c\u308b\u30cf\u30c3\u30ad\u30f3\u30b0\u30d5\u30a9\u30fc\u30e9\u30e0\u3067\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3084\u8106\u5f31\u6027\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u4fb5\u5165\u306b\u95a2\u3059\u308b\u77e5\u8b58\u3092\u5171\u6709\u3057\u3066\u3044\u308b)\u3092\u542b\u3080\u3055\u307e\u3056\u307e\u306a\u30d5\u30a9\u30fc\u30e9\u30e0\u306b\u3082\u3053\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_123555\" aria-describedby=\"caption-attachment-123555\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123556 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-65.png\" alt=\"\u56f316 x4k\u306eGitHub\u30a2\u30ab\u30a6\u30f3\u30c8\" width=\"900\" height=\"657\" \/><figcaption id=\"caption-attachment-123555\" class=\"wp-caption-text\">\u56f316. x4k\u306eGitHub\u30a2\u30ab\u30a6\u30f3\u30c8<\/figcaption><\/figure>\n<p>\u3053\u306eGitHub\u306e\u30da\u30fc\u30b8\u304b\u3089\u3001\u3042\u308b\u30b5\u30a4\u30c8\u3078\u306eURL (<span style=\"font-family: 'courier new', courier, monospace;\">xn--90a5ai[.]com(\u0444\u0441\u0431[.]com<\/span>) \u304c\u3001\u5148\u306b\u8ff0\u3079\u305fIP<span style=\"font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29<\/span>\u306b\u89e3\u6c7a\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3082\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u304c\u3001\u3053\u306e\u6642\u70b9\u3067\u306f\u9023\u7d9a\u3057\u305f\u30c9\u30c3\u30c8\u306e\u30a2\u30cb\u30e1\u30fc\u30b7\u30e7\u30f3\u304c\u8868\u793a\u3055\u308c\u308b\u306e\u307f\u3067\u3057\u305f\u3002\u305f\u3060\u3057\u3053\u306e\u30b5\u30a4\u30c8\u306eHTML\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3092\u898b\u308b\u3068\u3001\u305d\u308c\u307e\u3067\u306b\u898b\u3064\u304b\u3063\u3066\u3044\u305f\u30e6\u30fc\u30b6\u30fc<span style=\"font-family: 'courier new', courier, monospace;\">x4kme<\/span>\u3084\u3001HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u3067\u89b3\u6e2c\u3055\u308c\u3066\u3044\u308b<span style=\"font-family: 'courier new', courier, monospace;\">uKn0wn<\/span>\u3068\u3044\u3063\u305f\u30a8\u30a4\u30ea\u30a2\u30b9\u304c\u8907\u6570\u53c2\u7167\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002<\/p>\n<p><figure id=\"attachment_123557\" aria-describedby=\"caption-attachment-123557\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123558 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-66.png\" alt=\"\u56f317 HTML\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u5185\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b9\u30cb\u30da\u30c3\u30c8 (xn--90a5ai[.]com)\" width=\"900\" height=\"56\" \/><figcaption id=\"caption-attachment-123557\" class=\"wp-caption-text\">\u56f317. HTML\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u5185\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b9\u30cb\u30da\u30c3\u30c8 (xn--90a5ai[.]com)<\/figcaption><\/figure>\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u4f7f\u7528\u3057\u305f\u30a8\u30a4\u30ea\u30a2\u30b9\u306e\u30ea\u30b9\u30c8\u304b\u3089\u3001<span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/github.com\/l4ckyguy\">l4ckyguy<\/a><\/span>\u3068\u3044\u3046\u540d\u524d\u306e\u307e\u305f\u5225\u306eGitHub\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u89b3\u6e2c\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u30d7\u30ed\u30d5\u30a3\u30fc\u30eb\u753b\u50cf\u3084\u8aac\u660e\u4ee5\u4e0b\u306e\u5834\u6240\u3084URL\u304c\u5171\u901a\u3057\u3066\u304a\u308a\u3001\u305d\u308c\u307e\u3067\u306b\u89b3\u6e2c\u3055\u308c\u3066\u3044\u305f\u30a2\u30ab\u30a6\u30f3\u30c8(<span style=\"font-family: 'courier new', courier, monospace;\">x4kme<\/span>)\u3084<span style=\"font-family: 'courier new', courier, monospace;\">Ivan Topor<\/span>\u3068\u3044\u3046\u540d\u524d(\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u5225\u540d\u3067\u3042\u308b\u3068\u601d\u308f\u308c\u308b)\u3068\u306e\u30ea\u30f3\u30af\u3082\u3042\u308a\u307e\u3057\u305f\u3002\u3055\u3089\u306b\u5225\u306e\u30a2\u30ab\u30a6\u30f3\u30c8 <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/github.com\/l4cky-control\">l4cky-control<\/a><\/span>\u3082\u767a\u898b\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u306b\u306fPython\u30b9\u30af\u30ea\u30d7\u30c8\u304c1\u3064\u542b\u307e\u308c\u3066\u3044\u3066\u3001\u3053\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u304c2\u3064\u3081\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5fa9\u53f7\u3057\u307e\u3059\u3002\u3053\u306e2\u3064\u3081\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u304cIP\u30a2\u30c9\u30ec\u30b9<span style=\"font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span>\u306b\u63a5\u7d9a\u3057\u3001\u3055\u3089\u306b\u5225\u306ePython\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u5b9f\u884c\u3057\u307e\u3059\u3002\u3053\u306e\u7279\u5b9a\u306eIP\u30a2\u30c9\u30ec\u30b9\u306f<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u304c\u524d\u8ff0\u306eVirusTotal\u306e\u30b0\u30e9\u30d5\u306b\u542b\u3081\u3066\u3044\u305fContabo\u30b5\u30fc\u30d0\u30fc\u3068\u30ea\u30f3\u30af\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u307e\u305f\u6700\u521d\u306e\u30e1\u30fc\u30eb<span style=\"font-family: 'courier new', courier, monospace;\">tebya@poime[.]li<\/span>\u3067\u540c\u30a2\u30af\u30bf\u30fc\u3068\u30ea\u30f3\u30af\u3057\u3066\u3044\u308bYouTube\u30a2\u30ab\u30a6\u30f3\u30c8\u3082\u898b\u3064\u304b\u308a\u307e\u3057\u305f\u3002\u3053\u306eYouTube\u30a2\u30ab\u30a6\u30f3\u30c8\u306f<span style=\"font-family: 'courier new', courier, monospace;\">Vanya Topor<\/span>\u3068\u3044\u3046\u30a8\u30a4\u30ea\u30a2\u30b9\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u304c\u3001\u300cVanya(\u30ef\u30fc\u30cb\u30e3)\u300d\u306f\u300cIvan(\u30a4\u30ef\u30f3)\u300d\u306e\u611b\u79f0\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_123579\" aria-describedby=\"caption-attachment-123579\" style=\"width: 624px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123580 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/image9.png\" alt=\"\u56f318 l4ckyguy\u306eGitHub\u30a2\u30ab\u30a6\u30f3\u30c8(\u5de6)\u3068Vanya Topor\u306eYouTube\u30a2\u30ab\u30a6\u30f3\u30c8(\u53f3)\" width=\"624\" height=\"282\" \/><figcaption id=\"caption-attachment-123579\" class=\"wp-caption-text\">\u56f318. l4ckyguy\u306eGitHub\u30a2\u30ab\u30a6\u30f3\u30c8(\u5de6)\u3068Vanya Topor\u306eYouTube\u30a2\u30ab\u30a6\u30f3\u30c8(\u53f3)<\/figcaption><\/figure>\n<p>\u3053\u306eYouTube\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u306f\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u52d5\u753b\u304c\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u3055\u307e\u3056\u307e\u306a\u30cf\u30c3\u30ad\u30f3\u30b0\u30d5\u30a9\u30fc\u30e9\u30e0\u3067\u30ea\u30b9\u30c8\u306b\u8f09\u305b\u3066\u3044\u306a\u3044\u30ea\u30f3\u30af\u3092\u5171\u6709\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u52d5\u753b\u306e\u5185\u5bb9\u306f\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u3084\u30a6\u30a9\u30fc\u30af\u30b9\u30eb\u30fc\u3067\u3001\u5185\u5bb9\u306b\u5fdc\u3058\u3066\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u5b9f\u6f14\u3057\u3066\u307f\u305b\u3066\u65b9\u6cd5\u8ad6\u3092\u793a\u3059\u5185\u5bb9\u3067\u3057\u305f\u3002\u6620\u50cf\u306b\u306f\u97f3\u58f0\u304c\u306a\u304f\u3001\u8996\u8074\u8005\u304c\u753b\u9762\u3067\u898b\u3066\u3044\u308b\u3082\u306e\u304c\u4f55\u3067\u3042\u308b\u304b\u3092\u30a2\u30af\u30bf\u30fc\u304c\u7aef\u672b\u304b\u3089\u6253\u3061\u8fbc\u3093\u3067\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n<p>\u767a\u898b\u3055\u308c\u305f\u52d5\u753b\u304b\u3089\u306f\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u6d3b\u52d5\u306b\u7279\u5316\u3059\u308b\u524d\u306e<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306e\u6d3b\u52d5\u306b\u95a2\u3059\u308b\u6d1e\u5bdf\u3092\u5f97\u3089\u308c\u307e\u3057\u305f\u3002\u79c1\u305f\u3061\u306f\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306bCobalt Strike\u3092\u3069\u3046\u6d3b\u7528\u3057\u3066\u3044\u308b\u304b\u3092\u5b66\u3073\u307e\u3057\u305f\u3002\u305d\u306e\u306a\u304b\u306b\u306f\u3001Beacon\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3084\u3001\u4fb5\u5bb3\u30b7\u30b9\u30c6\u30e0\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u9001\u4fe1\u3059\u308b\u65b9\u6cd5\u306a\u3069\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3042\u308b\u52d5\u753b\u3067\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u81ea\u5206\u306eAndroid\u7aef\u672b\u3067DNS\u30ea\u30fc\u30af\u30c6\u30b9\u30c8\u3092\u884c\u3063\u3066\u3044\u308b\u69d8\u5b50\u3092\u5b9f\u969b\u306b\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u307e\u305f2020\u5e7410\u6708\u6642\u70b9\u3067\u30c9\u30e1\u30a4\u30f3\u0444\u0441\u0431<span style=\"font-family: 'courier new', courier, monospace;\">[.]com<\/span>\u304c\u3069\u306e\u3088\u3046\u306a\u898b\u305f\u76ee\u3060\u3063\u305f\u306e\u304b\u3082\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002\u3042\u308b\u7a2e\u306e\u30d6\u30ed\u30b0\u306e\u3088\u3046\u306a\u3082\u306e\u3067\u3001\u300cGhost in the Wire\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u304c\u3064\u3044\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3053\u3053\u3067\u3082\u300c\u5e7d\u970a\u300d\u3068\u3044\u3046\u30c6\u30fc\u30de\u306b\u8a00\u53ca\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u540c\u69d8\u306e\u30c6\u30fc\u30de\u304cHelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30b5\u30f3\u30d7\u30eb\u3067\u3082\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059(\u56f319)\u3002<\/p>\n<figure id=\"attachment_123581\" aria-describedby=\"caption-attachment-123581\" style=\"width: 622px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123582 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/image11.png\" alt=\"\u56f319 \u30ea\u30b9\u30c8\u306b\u8f09\u305b\u3066\u3044\u306a\u3044x4k\u306eYouTube\u52d5\u753b\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\" width=\"622\" height=\"487\" \/><figcaption id=\"caption-attachment-123581\" class=\"wp-caption-text\">\u56f319. \u30ea\u30b9\u30c8\u306b\u8f09\u305b\u3066\u3044\u306a\u3044x4k\u306eYouTube\u52d5\u753b\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/figcaption><\/figure>\n<p>\u5225\u306e\u30d3\u30c7\u30aa\u3067\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u89e3\u6790\u30c4\u30fc\u30eb\u3067\u3042\u308bCuckoo\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u306bLockBit 2.0\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3001\u305d\u308c\u3088\u308a\u524d\u306b\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3044\u305f\u3089\u3057\u3044\u5225\u306eLockBit 2.0\u30b5\u30f3\u30d7\u30eb\u3068\u7d50\u679c\u3092\u6bd4\u3079\u3066\u3044\u308b\u3088\u3046\u3059\u304c\u89b3\u5bdf\u3055\u308c\u307e\u3057\u305f\u3002\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067\u79c1\u305f\u3061\u306f<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u304cLockBit 2.0\u306e\u6d3b\u52d5\u306b\u95a2\u9023\u3057\u3066\u3044\u308b\u3068\u306f\u8003\u3048\u3066\u3044\u307e\u305b\u3093\u304c\u3001\u3053\u306e\u7279\u5b9a\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u3092\u9078\u629e\u3057\u305f\u3053\u3068\u306f\u8208\u5473\u6df1\u3044\u3068\u611f\u3058\u307e\u3057\u305f(\u56f320)\u3002\u307e\u305f\u79c1\u305f\u3061\u306f\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304cCuckoo\u4ee5\u5916\u306e\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9(ANY.RUN\u3084Hybrid Analysis\u306a\u3069)\u3092\u3055\u307e\u3056\u307e\u306a\u4eee\u60f3\u30de\u30b7\u30f3\u3068\u3068\u3082\u306b\u4f7f\u3063\u3066\u5224\u5b9a\u304c\u3069\u3046\u306a\u308b\u304b\u8a66\u3057\u305f\u308a\u3001\u30c4\u30fc\u30eb\u3092\u30c6\u30b9\u30c8\u3057\u3066\u3044\u305f\u3088\u3046\u3059\u3082\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_123563\" aria-describedby=\"caption-attachment-123563\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123564 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-69.png\" alt=\"\u56f320a. X4K\u304cYouTube\u52d5\u753b\u3067LockBit 2.0\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3068\u3053\u308d\" width=\"900\" height=\"541\" \/><figcaption id=\"caption-attachment-123563\" class=\"wp-caption-text\">\u56f320a. X4K\u304cYouTube\u52d5\u753b\u3067LockBit 2.0\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3068\u3053\u308d<\/figcaption><\/figure>\n<figure id=\"attachment_123565\" aria-describedby=\"caption-attachment-123565\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123566 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-70.png\" alt=\"\u56f320b. X4K\u304cYouTube\u52d5\u753b\u3067LockBit 2.0\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3068\u3053\u308d\" width=\"900\" height=\"555\" \/><figcaption id=\"caption-attachment-123565\" class=\"wp-caption-text\">\u56f320b. X4K\u304cYouTube\u52d5\u753b\u3067LockBit 2.0\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3068\u3053\u308d<\/figcaption><\/figure>\n<p>\u307e\u305f\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30c4\u30fc\u30eb\u3092\u4f7f\u3046\u307b\u304b\u3001\u72ec\u81ea\u306e\u30c4\u30fc\u30eb\u3084\u30b9\u30af\u30ea\u30d7\u30c8\u3082\u958b\u767a\u3057\u3066\u304a\u308a\u3001\u30d5\u30a1\u30a4\u30eb\u306e\u96e3\u8aad\u5316\u3084\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306e\u4f5c\u6210\u3001\u30b3\u30fc\u30c9\u3078\u306e\u7f72\u540d\u306a\u3069\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u81ea\u52d5\u5316\u3057\u3066\u5b9f\u884c\u3059\u308b\u30c4\u30fc\u30eb\u3092\u3044\u304f\u3064\u304b\u306e\u52d5\u753b\u3067\u5b9f\u6f14\u3057\u3066\u3044\u308b\u69d8\u5b50\u3082\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f(\u56f321)\u3002<img  class=\"wp-image-123568 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/word-image-71.png\" width=\"1\" height=\"1\" \/><\/p>\n<figure id=\"attachment_123583\" aria-describedby=\"caption-attachment-123583\" style=\"width: 624px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123584 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/image1.png\" alt=\"\u56f321 x4k\u306e\u4f7f\u3063\u3066\u3044\u308b\u30ab\u30b9\u30bf\u30e0\u30b9\u30af\u30ea\u30d7\u30c8\" width=\"624\" height=\"1031\" \/><figcaption id=\"caption-attachment-123583\" class=\"wp-caption-text\">\u56f321. x4k\u306e\u4f7f\u3063\u3066\u3044\u308b\u30ab\u30b9\u30bf\u30e0\u30b9\u30af\u30ea\u30d7\u30c8<\/figcaption><\/figure>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u304c\u4e3b\u306b\u4f7f\u3063\u3066\u3044\u308bOS\u3092\u3088\u304f\u78ba\u8a8d\u3057\u305f\u3068\u3053\u308d\u3001\u3053\u308c\u306f\u30cb\u30fc\u30ba\u306b\u5408\u308f\u305b\u3066\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3057\u305fKali Linux\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3068\u601d\u308f\u308c\u307e\u3059\u3002\u3053\u3046\u3057\u305f\u30d3\u30c7\u30aa\u3084\u30b3\u30e1\u30f3\u30c8\u3001\u8a2d\u5b9a\u3001\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u306e\u307b\u3068\u3093\u3069\u306f\u30ed\u30b7\u30a2\u8a9e\u3067\u66f8\u304b\u308c\u3066\u3044\u307e\u3059\u3057\u3001\u540c\u6c0f\u306eOpSec\u4e0a\u306e\u30df\u30b9\u304b\u3089\u5f97\u305f\u77e5\u8b58\u3082\u5408\u308f\u305b\u308b\u3068\u3001<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306e\u51fa\u8eab\u5730\u3082\u30ed\u30b7\u30a2\u3068\u8003\u3048\u3089\u308c\u307e\u3059\u3002\u3055\u3089\u306b\u79c1\u305f\u3061\u306f\u3042\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u30a6\u30a9\u30fc\u30af\u30b9\u30eb\u30fc\u30d3\u30c7\u30aa\u5185\u3067ClamAV\u306e\u30ed\u30b4\u3092\u898b\u3064\u3051\u307e\u3057\u305f\u3002\u3053\u306e\u30ed\u30b4\u306fHelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u3082\u306e\u3068\u540c\u3058\u30ed\u30b4\u3067\u3059(\u56f322)\u3002\u4eca\u56de<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306f\u3053\u306e\u30ed\u30b4\u3092OS\u74b0\u5883\u306e\u30b9\u30bf\u30fc\u30c8\u30e1\u30cb\u30e5\u30fc\u306b\u4f7f\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_123585\" aria-describedby=\"caption-attachment-123585\" style=\"width: 570px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123586 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/image10.png\" alt=\"\u56f322 \u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u500b\u4eba\u74b0\u5883\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308bClamAV\u30ed\u30b4\" width=\"570\" height=\"261\" \/><figcaption id=\"caption-attachment-123585\" class=\"wp-caption-text\">\u56f322. \u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u500b\u4eba\u74b0\u5883\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308bClamAV\u30ed\u30b4<\/figcaption><\/figure>\n<p>\u540c\u3058\u30bf\u30b9\u30af\u30d0\u30fc\u306b\u306fTelegram\u306e\u30a2\u30a4\u30b3\u30f3\u304c\u3042\u308b\u3053\u3068\u3082\u898b\u3066\u53d6\u308c\u307e\u3059\u3002Telegram\u306f\u4eba\u6c17\u306e\u9ad8\u3044\u30e1\u30c3\u30bb\u30fc\u30b8\u30f3\u30b0\u30a2\u30d7\u30ea\u3067\u3059\u304c\u3001LAPSUS$\u3092\u306f\u3058\u3081\u3068\u3059\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u7279\u5b9a\u30c1\u30e3\u30f3\u30cd\u30eb\u306b\u30cb\u30e5\u30fc\u30b9\u3092\u6295\u7a3f\u3059\u308b\u3055\u3044\u306b\u3082\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30a8\u30a4\u30ea\u30a2\u30b9\u3001\u305d\u308c\u3089\u3092\u8ef8\u306b\u3057\u3066\u5f97\u305f\u60c5\u5831\u304b\u30892\u3064\u306e\u30c6\u30ec\u30b0\u30e9\u30e0\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u7279\u5b9a\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u306f\u3059\u3067\u306b\u89b3\u6e2c\u3055\u308c\u3066\u3044\u305f\u3082\u306e\u3068\u540c\u3058\u30d7\u30ed\u30d5\u30a3\u30fc\u30eb\u753b\u50cf\u304c\u4f7f\u308f\u308c\u3066\u3044\u3066\u3001\u8aac\u660e\u6b04\u306b\u306f\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u30e1\u30a4\u30f3\u30b5\u30a4\u30c8\u3067\u3042\u308b\u300c<span style=\"font-family: 'courier new', courier, monospace;\">\u0444\u0441\u0431[.]com<\/span>\u300d\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306eTelegram\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u53e4\u3044\u65b9\u306e\u30a2\u30ab\u30a6\u30f3\u30c8(Telegram\u306b\u3088\u308c\u3070\u3057\u3070\u3089\u304f\u30a2\u30af\u30c6\u30a3\u30d6\u306b\u306a\u3063\u3066\u3044\u306a\u3044)\u3068\u6bd4\u3079\u3066\u6d3b\u767a\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f(\u56f323)\u3002<\/p>\n<figure id=\"attachment_123587\" aria-describedby=\"caption-attachment-123587\" style=\"width: 624px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-123588 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2022\/06\/image4.png\" alt=\"\u56f323 \u30c6\u30ec\u30b0\u30e9\u30e0\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\" width=\"624\" height=\"531\" \/><figcaption id=\"caption-attachment-123587\" class=\"wp-caption-text\">\u56f323. \u30c6\u30ec\u30b0\u30e9\u30e0\u306e\u30a2\u30ab\u30a6\u30f3\u30c8<\/figcaption><\/figure>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306f\u30cd\u30c3\u30c8\u4e0a\u3067\u306e\u5b58\u5728\u611f\u304c\u5927\u304d\u304f\u3001\u3053\u30532\u5e74\u9593\u306e\u6d3b\u52d5\u306e\u591a\u304f\u3092\u660e\u3089\u304b\u306b\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u306e\u30a2\u30af\u30bf\u30fc\u306f\u60aa\u610f\u306e\u3042\u308b\u6d3b\u52d5\u3092\u307b\u3068\u3093\u3069\u96a0\u853d\u3057\u3066\u3044\u307e\u305b\u3093\u3057\u3001\u304a\u305d\u3089\u304f\u3053\u3046\u3057\u305f\u632f\u308b\u821e\u3044\u306f\u5909\u308f\u3089\u306a\u3044\u3067\u3057\u3087\u3046\u3002<\/p>\n<h2><a id=\"Conclusion\"><\/a>\u7d50\u8ad6<\/h2>\n<p>Unit 42\u306e\u8abf\u67fb\u3067\u6d6e\u304b\u3073\u4e0a\u304c\u3063\u3066\u304d\u305fHelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u4eca\u306f\u958b\u767a\u521d\u671f\u6bb5\u968e\u3067\u3059\u304c\u3059\u3067\u306b\u7d44\u7e54\u3078\u306e\u5f71\u97ff\u3092\u72d9\u3063\u3066\u3044\u307e\u3059\u3002\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u6a5f\u80fd\u3058\u305f\u3044\u306f\u3068\u304f\u306b\u76ee\u65b0\u3057\u304f\u306a\u3044\u3067\u3059\u304c\u3001\u624b\u304c\u304b\u308a\u3092\u8ffd\u3063\u3066\u3044\u304f\u3068\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u304c<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u3068\u3044\u3046\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306b\u958b\u767a\u3055\u308c\u305f\u3082\u306e\u3067\u3042\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3055\u307e\u3056\u307e\u306a\u30cf\u30c3\u30ad\u30f3\u30b0\u30d5\u30a9\u30fc\u30e9\u30e0\u3067\u3088\u304f\u77e5\u3089\u308c\u305f\u5b58\u5728\u3067\u3001\u304a\u305d\u3089\u304f\u306f\u30ed\u30b7\u30a2\u7cfb\u3067\u3059\u3002Unit 42\u3067\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u30a4\u30f3\u30d5\u30e9\u3068\u30ea\u30f3\u30af\u3059\u308b<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306e\u6d3b\u52d5\u3092\u8ffd\u52a0\u3067\u7279\u5b9a\u3057\u3001\u6700\u521d\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u4ee5\u5916\u306e\u8ffd\u52a0\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u30922020\u5e74\u307e\u3067\u9061\u3063\u3066\u767a\u898b\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u3046\u307e\u304f\u3084\u308c\u3070\u5132\u304b\u308b\u30d3\u30b8\u30cd\u30b9\u3067\u3059\u3002Unit 42\u306f\u3001\u6700\u65b0\u306e<a href=\"https:\/\/unit42.paloaltonetworks.jp\/2022-ransomware-threat-report-highlights\/\">2022 Unit 42 Ransomware Threat Report (2022 Unit 42\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u8105\u5a01\u30ec\u30dd\u30fc\u30c8)<\/a>\u3067\u3001\u8eab\u4ee3\u91d1\u306e\u5e73\u5747\u8981\u6c42\u91d1\u984d\u3068<a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2022\/06\/average-ransomware-payment-update\/?lang=ja\">\u5e73\u5747\u652f\u6255\u91d1\u984d<\/a>\u306e\u5897\u52a0\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002Unit 42\u3067\u306f\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u304c\u4ed6\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b0\u30eb\u30fc\u30d7\u304c\u5f97\u3066\u3044\u308b\u5229\u76ca\u306e\u4e00\u90e8\u306b\u3042\u305a\u304b\u308d\u3046\u3068\u3057\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d3\u30b8\u30cd\u30b9\u306b\u624b\u3092\u51fa\u3057\u3066\u304d\u305f\u3082\u306e\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306fHelloXD\u3068<span style=\"font-family: 'courier new', courier, monospace;\">x4k<\/span>\u306e\u6d3b\u52d5\u3092\u6b21\u306e\u65b9\u6cd5\u3067\u691c\u51fa\/\u9632\u6b62\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/products\/secure-the-network\/wildfire\">WildFire<\/a>: \u65e2\u77e5\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u3059\u3079\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u3068\u3057\u3066\u8b58\u5225\u3055\u308c\u307e\u3059\u3002<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/cortex-xdr\">Cortex XDR<\/a>:\n<ul>\n<li>HelloXD\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3092\u542b\u307f\u307e\u3059\u3002<\/li>\n<li>\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u5bfe\u7b56\u30e2\u30b8\u30e5\u30fc\u30eb\u3067Windows\u4e0a\u3067\u306eHelloXD\u306b\u3088\u308b\u6697\u53f7\u5316\u306e\u632f\u308b\u821e\u3044\u3092\u691c\u51fa\u3057\u307e\u3059\u3002<\/li>\n<li>Windows\u4e0a\u3067\u306e\u30ed\u30fc\u30ab\u30eb\u5206\u6790\u306b\u3088\u308aHelloXD\u30d0\u30a4\u30ca\u30ea\u3092\u691c\u51fa\u3057\u307e\u3059\u3002<\/li>\n<li>BTP(\u632f\u308b\u821e\u3044\u9632\u5fa1)\u30eb\u30fc\u30eb\u304cLinux\u4e0a\u3067\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u6d3b\u52d5\u3092\u9632\u6b62\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/next-generation-firewall\">NGFW\u306e\u5404\u30b7\u30ea\u30fc\u30ba<\/a>: DNS\u30b7\u30b0\u30cd\u30c1\u30e3\u304c\u65e2\u77e5\u306eC2\u30c9\u30e1\u30a4\u30f3\u3092\u691c\u51fa\u3057\u3001Advanced URL Filtering\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u304c\u540c\u30c9\u30e1\u30a4\u30f3\u3092\u30de\u30eb\u30a6\u30a7\u30a2\u3068\u3057\u3066\u5206\u985e\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<p>\u4fb5\u5bb3\u306e\u61f8\u5ff5\u304c\u3042\u308a\u5f0a\u793e\u306b\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u30ec\u30b9\u30dd\u30f3\u30b9\u306b\u95a2\u3059\u308b\u3054\u76f8\u8ac7\u3092\u306a\u3055\u308a\u305f\u3044\u5834\u5408\u306f\u3001<a href=\"mailto:infojapan@paloaltonetworks.com\">infojapan@paloaltonetworks.com<\/a> \u307e\u3067\u96fb\u5b50\u30e1\u30fc\u30eb\u306b\u3066\u3054\u9023\u7d61\u3044\u305f\u3060\u304f\u304b\u3001\u4e0b\u8a18\u306e\u96fb\u8a71\u756a\u53f7\u307e\u3067\u304a\u554f\u3044\u5408\u308f\u305b\u304f\u3060\u3055\u3044(\u3054\u76f8\u8ac7\u306f\u5f0a\u793e\u88fd\u54c1\u306e\u304a\u5ba2\u69d8\u306b\u306f\u9650\u5b9a\u3055\u308c\u307e\u305b\u3093)\u3002<\/p>\n<ul>\n<li>\u5317\u7c73\u30d5\u30ea\u30fc\u30c0\u30a4\u30e4\u30eb: 866.486.4842 (866.4.UNIT42)<\/li>\n<li>\u6b27\u5dde: +31.20.299.3130<\/li>\n<li>\u30a2\u30b8\u30a2\u592a\u5e73\u6d0b: +65.6983.8730<\/li>\n<li>\u65e5\u672c: +81.50.1790.0200<\/li>\n<\/ul>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u30d5\u30a1\u30a4\u30eb\u30b5\u30f3\u30d7\u30eb\u3084\u4fb5\u5bb3\u306e\u5146\u5019\u306a\u3069\u3092\u3075\u304f\u3080\u3053\u308c\u3089\u306e\u8abf\u67fb\u7d50\u679c\u3092Cyber Threat Alliance (CTA \u30b5\u30a4\u30d0\u30fc\u8105\u5a01\u30a2\u30e9\u30a4\u30a2\u30f3\u30b9) \u306e\u30e1\u30f3\u30d0\u30fc\u3068\u5171\u6709\u3057\u307e\u3057\u305f\u3002CTA \u306e\u30e1\u30f3\u30d0\u30fc\u306f\u3053\u306e\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u3092\u4f7f\u7528\u3057\u3066\u3001\u304a\u5ba2\u69d8\u306b\u4fdd\u8b77\u3092\u8fc5\u901f\u306b\u63d0\u4f9b\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u8005\u3092\u4f53\u7cfb\u7684\u306b\u963b\u5bb3\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f <a href=\"https:\/\/www.cyberthreatalliance.org\">Cyber Threat Alliance <\/a>\u304b\u3089\u3054\u89a7\u304f\u3060\u3055\u3044\uff61<\/p>\n<h3><a id=\"Indicators-of-Compromise\"><\/a><strong>IoC<\/strong><\/h3>\n<h5><strong>HelloXD Ransomware\u306e\u30b5\u30f3\u30d7\u30eb<\/strong><\/h5>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ebd310cb5f63b364c4ce3ca24db5d654132b87728babae4dc3fb675266148fe9<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">65ccbd63fbe96ea8830396c575926af476c06352bb88f9c22f90de7bb85366a3<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">903c04976fa6e6721c596354f383a4d4272c6730b29eee00b0ec599265963e74<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">7247f33113710e5d9bd036f4c7ac2d847b0bf2ac2769cd8246a10f09d0a41bab<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">4e9d4afc901fa1766e48327f3c9642c893831af310bc18ccf876d44ea4efbf1d<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">709b7e8edb6cc65189739921078b54f0646d38358f9a8993c343b97f3493a4d9<\/span><\/p>\n<h5><strong>x4k\u306e\u30a4\u30f3\u30d5\u30e9\u306b\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b\u30de\u30eb\u30a6\u30a7\u30a2<\/strong><\/h5>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">0e1aa5bb7cdccacfa8cbfe1aa71137b361bea04252fff52a9274b32d0e23e3aa<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">1fafe53644e1bb8fbc9d617dd52cd7d0782381a9392bf7bcab4db77edc20b58b<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">3477b704f6dceb414dad49bf8d950ef55205ffc50d2945b7f65fb2d5f47e4894<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">3eb1a41c86b3846d33515536c760e98f5cf0a741c682227065cbafea9d350806<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">4245990f42509474bbc912a02a1e5216c4eb87ea200801e1028291b74e45e43b<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">4de1279596cf5e0b2601f8b719b5240cb00b70c0d6aa0c11e2f32bc3ded020aa<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">4ea43678c3f84a66ce93cff50b11aabbe28c99c058e7043f275fea3456f55b88<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">5ae0d9e7ae61f3afb989aaf8e36eda1816ec44ceae666aea87a9fdc6fed35594<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">667b8abb731656c83f2f53815be68cce5d1ace3cb4ed242c9fecd4a66ac2f816<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">78ae3726d5b0815ad2e5a775ecf1a6cd36e1eeeee133b0766158a6b107ef7c34<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">7da83a27e4d788ca33b8b05d365fdf803cb68e0df4d69942ba9b7bde54619322<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">8a02f01cc3ac71b2c440148fd51b44e260a953e4fc1ee1c3fe787395b8c712ab<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">963cacd7eeebfb09950668bf1c6adf5452b992fc09119835cd256c5d3cf17f91<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">a57b1cfd3e801305856cdb75839de05f03439e264ccdbd1497685878a2605b5a<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">bd111240c24a6a188f2664eb15195630b13aa6d9483fc8cfed339dddf803fd4e<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">d8026801e1b78d9bdcb4954c194748d0fdc631594899b29a2746ae425b8bfc79<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">d8db562070b06d835721413a98f757b88d59277bf638467fda2ee254afc692a0<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">d97d666239cc973a38dc788bf017f5d8ae19257561888b61ecff8e086c4e3ea0<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">19d7e899777fbe432b2c90b992604599706b4109c3ceaa7946e8548f4c190a19<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">1dbf8ae62cc90c837ba12ceee08a1d989732a95bdcef5ca18151ef698ed98a03<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">22b32bb7c791842a6aa604d08208b13db07ccd1fe81f47ea8369537addb26c7b<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">26019b86686c1038326f075663d79803e4412bf9952eae65d7b9278be74ac55c<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">26cccc7e9155bd746e3bb963d40d6edfc001e6d936faf9392202e3788996105a<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">43fa55c88453db0de0c22f3eb0b11d1db9286f3ee423e82704fdce506d3af516<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">4564ca0c436fde9e76f5fa65cbcf483adf1fbfa3d7369b7bb67d2c95457f6bc5<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">585a22e822ade633cee349fd0a9e6a7d083de250fb56189d5a29d3fc5468680c<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">592b1e55ceef3b8a1ecb28721ebf2e8edd109b9b492cf3c0c0d30831c7432e00<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">611f3b0ed65dc98a0d7f5c57512212c6ab0a5de5d6bbf7131d3b7ebf360773c6<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">6b437208dfb4a7906635e16a5cbb8a1719dc49c51e73b7783202ab018181b616<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">6e8ececfdc74770885f9dc63b4b2316e8c4a011fd9e382c1ba7c4f09f256925d<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">99f97a47d8d60b8fa65b4ddaf5f43e4352765a91ab053ceb8a3162084df7d099<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">9e2524b2eaf5248eed6b2d20ae5144fb3bb543647cf612e5ca52135d16389f1a<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">c15111a5f33b3c51a26f814b64c891791ff21104ee75a4773fef86dfc7a8e7ca<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">cd9908f50c9dd97a2ce22ee57ba3e014e204369e5b75b88cefb270dc44a5ca50<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ddc96ac931762065fc085be8138c38f2b6b52095a42b34bc415c9572de17386a<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">e9b832fa02235b95a65ad716342d01ae87fcdb686b448e8462d6e86c1f4b3156<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">f055577220c7dc4be46510b9fed4ecfa78920025d1b2ac5853b5bf7ea136cf37<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">f7ae6b5ed444abfceda7217b9158895ed28cfdd946bf3e5c729570a5c29d5d82<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">b843d7498506ddc272e183bbe90cf73cc4779b37341108e002923aa938ca9169<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">77dec8fc40ff9332eb6d40ded23d606c88d9fa3785a820ea7b1ef0d12a5c4447<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">f52fb7ba5061ee4144439ff652c0b4f3cf941fe37fbd66e9d7672dd213fbcdb2<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">beee37fb9cf3e02121b2169399948c1b0830a626d4ed27a617813fa67dd91d58<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">b4c11c97d23ea830bd13ad4a05a87be5d8cc55ebdf1e1b458fd68bea71d80b54<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">f1425cff3d28afe5245459afa6d7985081bc6a62f86dce64c63daeb2136d7d2c<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">c619edb3fa8636c50b59a42d0bdc4c71cbd46a0586b683773e9a5e509f688176<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">50a479f16713d03b95103e0a95a3d575b7263bd16c334258eefa3ae8f46e3d1d<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">83b5c6d73f3fc893dbd7effa7c50dc9b2455ec053aa9c51d70e13305ecf21fa4<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">02894fa01c9b82dcfd93e35f49a0d5408f7f4f8a25f33ad17426bb00afa71f63<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">98ba86c1273b5e8d68ce90ac1745d16335c5e04ec76e8c58448ae6c91136fc4d<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">5fa5b5dddfe588791b59c945beba1f57a74bd58b53a09d38ac8a8679a0541f16<\/span><\/p>\n<h5><strong>x4k\u306e\u30a4\u30f3\u30d5\u30e9<\/strong><\/h5>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">164[.]68[.]114[.]29 <\/span><br \/>\n<span style=\"font-family: 'courier new', courier, monospace;\">167[.]86[.]87[.]27<\/span><br \/>\n<span style=\"font-family: 'courier new', courier, monospace;\">63[.]250[.]53[.]180<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">45[.]15[.]19[.]130<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">46[.]39[.]229[.]17<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">www.zxlab.iol4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">btc-trazer[.]xyz<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">sandbox[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">malware[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">f[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">0[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">pwn[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">docker[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">apk[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">powershell[.]services<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">vmi378732[.]contaboserver[.]net<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">x4k[.]in<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">L4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">m[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mx2[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mailhost[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">www1[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">authsmtp[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ns[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mailer[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">imap2[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ns2[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">server[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">auth[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">remote[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mx10[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ms1[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mx5[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">relay2[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ns1[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">email[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">imap[.]l4cky[.]com<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mail[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">repo[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">bw[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">collabora[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">cloud[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">yacht[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">book[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">teleport[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">subspace[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">windows[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">sf[.]x4k[.]me<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">dc-b00e12923fb6.l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">box[.]l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mail[.]l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">www[.]l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">mta-sts[.]l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ldap[.]l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">cloud[.]l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">office[.]l4cky[.]men<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">rexdooley[.]ml<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">relay2[.]kuimvd[.]ru<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">ns2[.]webmiting[.]ru<br \/>\n<\/span><span style=\"font-family: 'courier new', courier, monospace;\">https:\/\/\u0444\u0441\u0431[.]com<\/span><\/p>\n<h3><a id=\"Additional-Resources\"><\/a><strong>\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/strong><\/h3>\n<p><a href=\"https:\/\/unit42.paloaltonetworks.jp\/2022-ransomware-threat-report-highlights\/\">20222022 Unit 42 \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u8105\u5a01\u30ec\u30dd\u30fc\u30c8\u304b\u3089\u306e\u6ce8\u76ee\u30dd\u30a4\u30f3\u30c8: \u4f9d\u7136\u3068\u3057\u3066\u4e3b\u8981\u306a\u8105\u5a01<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 HelloXD\u306f2021\u5e7411\u6708\u306b\u6d6e\u4e0a\u3057\u3066\u304d\u305f\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u3067\u3001\u4e8c\u91cd\u6050\u559d\u653b\u6483\u3092\u884c\u3044\u307e\u3059\u3002\u79c1\u305f\u3061\u306e\u8abf\u67fb\u3067\u306f\u3001Windows\u30b7\u30b9\u30c6\u30e0\u3068Linux\u30b7\u30b9\u30c6\u30e0\u306b\u5f71\u97ff\u3059\u308b\u8907\u6570\u306e\u4e9c\u7a2e\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002\u4ed6\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30b0<\/p>\n","protected":false},"author":343,"featured_media":134364,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4327,3057,4432,4428],"tags":[5645,5646],"product_categories":[4444,4446,4448,4456,4344,4465],"coauthors":[2370,3210],"class_list":["post-123658","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-top-cyberthreats","category-ransomware-ja","category-top-cyberthreats-ja","category-threat-research-ja","tag-helloxd-ja","tag-x4k","product_categories-advanced-wildfire-ja","product_categories-cloud-delivered-security-services-ja","product_categories-cortex-xdr-ja","product_categories-next-generation-firewall-ja","product_categories-unit-42-incident-response","product_categories-unit-42-incident-response-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f<\/title>\n<meta name=\"description\" content=\"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u306f\u307e\u3060\u958b\u767a\u521d\u671f\u6bb5\u968e\u3067\u3059\u304c\u3001\u3059\u3067\u306b\u7d44\u7e54\u3078\u306e\u5f71\u97ff\u3092\u72d9\u3063\u3066\u3044\u307e\u3059\u3002\u30b5\u30f3\u30d7\u30eb\u3092\u5206\u6790\u3057\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u4f5c\u8005\u306e\u6b63\u4f53\u306b\u8feb\u308a\u307e\u3057\u305f\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f\" \/>\n<meta property=\"og:description\" content=\"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u306f\u307e\u3060\u958b\u767a\u521d\u671f\u6bb5\u968e\u3067\u3059\u304c\u3001\u3059\u3067\u306b\u7d44\u7e54\u3078\u306e\u5f71\u97ff\u3092\u72d9\u3063\u3066\u3044\u307e\u3059\u3002\u30b5\u30f3\u30d7\u30eb\u3092\u5206\u6790\u3057\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u4f5c\u8005\u306e\u6b63\u4f53\u306b\u8feb\u308a\u307e\u3057\u305f\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-16T09:42:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-16T09:46:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/04_Ransomware_Category_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Doel Santos, Daniel Bunce\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f","description":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u306f\u307e\u3060\u958b\u767a\u521d\u671f\u6bb5\u968e\u3067\u3059\u304c\u3001\u3059\u3067\u306b\u7d44\u7e54\u3078\u306e\u5f71\u97ff\u3092\u72d9\u3063\u3066\u3044\u307e\u3059\u3002\u30b5\u30f3\u30d7\u30eb\u3092\u5206\u6790\u3057\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u4f5c\u8005\u306e\u6b63\u4f53\u306b\u8feb\u308a\u307e\u3057\u305f\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/","og_locale":"ja_JP","og_type":"article","og_title":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f","og_description":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u306f\u307e\u3060\u958b\u767a\u521d\u671f\u6bb5\u968e\u3067\u3059\u304c\u3001\u3059\u3067\u306b\u7d44\u7e54\u3078\u306e\u5f71\u97ff\u3092\u72d9\u3063\u3066\u3044\u307e\u3059\u3002\u30b5\u30f3\u30d7\u30eb\u3092\u5206\u6790\u3057\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u4f5c\u8005\u306e\u6b63\u4f53\u306b\u8feb\u308a\u307e\u3057\u305f\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/","og_site_name":"Unit 42","article_published_time":"2022-06-16T09:42:39+00:00","article_modified_time":"2022-06-16T09:46:19+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/04_Ransomware_Category_1920x900.jpg","type":"image\/jpeg"}],"author":"Doel Santos, Daniel Bunce","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/"},"author":{"name":"Doel Santos","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef34f17a15575a4a58a57503c03dcc00"},"headline":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f","datePublished":"2022-06-16T09:42:39+00:00","dateModified":"2022-06-16T09:46:19+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/"},"wordCount":10596,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/04_Ransomware_Category_1920x900.jpg","keywords":["HelloXD","x4k"],"articleSection":["High Profile Threats","\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2","\u4e3b\u306a\u30b5\u30a4\u30d0\u30fc\u8105\u5a01","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/","name":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/04_Ransomware_Category_1920x900.jpg","datePublished":"2022-06-16T09:42:39+00:00","dateModified":"2022-06-16T09:46:19+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef34f17a15575a4a58a57503c03dcc00"},"description":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u306f\u307e\u3060\u958b\u767a\u521d\u671f\u6bb5\u968e\u3067\u3059\u304c\u3001\u3059\u3067\u306b\u7d44\u7e54\u3078\u306e\u5f71\u97ff\u3092\u72d9\u3063\u3066\u3044\u307e\u3059\u3002\u30b5\u30f3\u30d7\u30eb\u3092\u5206\u6790\u3057\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u4f5c\u8005\u306e\u6b63\u4f53\u306b\u8feb\u308a\u307e\u3057\u305f\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/04_Ransomware_Category_1920x900.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/04_Ransomware_Category_1920x900.jpg","width":1920,"height":900,"caption":"A digital illustration of a laptop with cybersecurity imagery including a padlock hologram, surrounded by stacks of coins and a credit card, emphasizing financial security. The setting is illuminated in blue, pink, and purple tones."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/helloxd-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"HelloXD\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u8105\u5a01\u30a2\u30af\u30bf\u30fcx4k\u3092\u3042\u3070\u304f"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef34f17a15575a4a58a57503c03dcc00","name":"Doel Santos","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/4ffb3c2d260a0150fb91b3715442f8b3","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Doel Santos"},"url":"https:\/\/unit42.paloaltonetworks.com\/ja\/author\/doel-santos\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/123658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/343"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=123658"}],"version-history":[{"count":5,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/123658\/revisions"}],"predecessor-version":[{"id":123662,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/123658\/revisions\/123662"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/134364"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=123658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=123658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=123658"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=123658"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=123658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}