{"id":128984,"date":"2023-06-28T22:12:11","date_gmt":"2023-06-29T05:12:11","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=128984"},"modified":"2024-07-30T18:09:00","modified_gmt":"2024-07-31T01:09:00","slug":"manic-menagerie-targets-web-hosting-and-it","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/","title":{"rendered":"Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316"},"content":{"rendered":"<h2><a id=\"post-128984-_r80h3laksrv8\"><\/a><strong>\u6982\u8981<\/strong><\/h2>\n<p>Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u30012020\u5e74\u5f8c\u534a\u304b\u30892022\u5e74\u5f8c\u534a\u306b\u304b\u3051\u3066\u3001\u7c73\u56fd\u30fbEU\u306e\u8907\u6570\u306eWeb\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u30fbIT\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3092\u6a19\u7684\u3068\u3057\u305f\u6d3b\u767a\u306a\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002Unit42\u306f\u3001\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u3059\u308b<a href=\"https:\/\/unit42.paloaltonetworks.jp\/from-activity-to-formal-naming\/\" target=\"_blank\" rel=\"noopener\">\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092CL-CRI-0021\u3068\u3057\u3066\u8ffd\u8de1<\/a>\u3057\u3066\u304a\u308a\u3001\u3053\u308c\u3089\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u304c\u300c<a href=\"https:\/\/www.cyber.gov.au\/sites\/default\/files\/2023-03\/report_manic_menagerie.pdf\" target=\"_blank\" rel=\"noopener\">Manic Menagerie<\/a>\u300d\u3068\u3057\u3066\u77e5\u3089\u308c\u308b\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3068\u540c\u3058\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306b\u3088\u308b\u3082\u306e\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3057\u305f\u30de\u30b7\u30f3\u306b\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u3092\u5c55\u958b\u3057\u3001\u4fb5\u5bb3\u3057\u305f\u30b5\u30fc\u30d0\u30fc \u30ea\u30bd\u30fc\u30b9\u3092\u60aa\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u3002Web\u30b7\u30a7\u30eb\u3092\u5927\u898f\u6a21\u306b\u5c55\u958b\u3057\u3066\u88ab\u5bb3\u74b0\u5883\u3067\u306e\u8db3\u5834\u3092\u3055\u3089\u306b\u56fa\u3081\u3066\u30a2\u30af\u30bb\u30b9\u3092\u6301\u7d9a\u3057\u3001\u540c\u6642\u306b\u4fb5\u5bb3\u3057\u305fWeb\u30b5\u30a4\u30c8\u306e\u5185\u90e8\u30ea\u30bd\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u6301\u7d9a\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u3053\u308c\u306b\u3088\u308a\u3001\u3053\u306e\u653b\u6483\u8005\u306f\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3057\u305f\u6b63\u898fWeb\u30b5\u30a4\u30c8(\u6a19\u7684\u3068\u306a\u3063\u305fWeb\u30db\u30b9\u30c6\u30a3\u30f3\u30b0 \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3084IT\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u304c\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3057\u3066\u3044\u308b\u3082\u306e)\u3092\u5927\u898f\u6a21\u306a\u30b3\u30de\u30f3\u30c9&amp;\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb(C2)\u30b5\u30fc\u30d0\u30fc\u306b\u4f5c\u308a\u5909\u3048\u3001\u6f5c\u5728\u7684\u306b\u4f55\u5343\u3082\u306eWeb\u30da\u30fc\u30b8\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u3066\u3044\u305f\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u307e\u305f\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3001\u30ec\u30d4\u30e5\u30c6\u30fc\u30b7\u30e7\u30f3\u304c\u9ad8\u304f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u306b\u3088\u308b\u60aa\u6027\u30d5\u30e9\u30b0\u304c\u7acb\u3063\u3066\u3044\u306a\u3044\u3001\u6b63\u898f\u306eWeb\u30b5\u30a4\u30c8\u304b\u3089\u3001C2\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u60aa\u7528\u306e\u88ab\u5bb3\u306b\u3042\u3063\u305f\u6b63\u898fWeb\u30b5\u30a4\u30c8\u306f\u591a\u5927\u306a\u5f71\u97ff\u3092\u53d7\u3051\u3066\u3044\u305f\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u305d\u3046\u3057\u305f\u72b6\u6cc1\u3067\u3001\u77e5\u3089\u306c\u9593\u306b\u60aa\u8cea\u306a\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u30db\u30b9\u30c8\u3057\u3001\u72af\u7f6a\u884c\u70ba\u306b\u52a0\u62c5\u3057\u3066\u3044\u305f\u304b\u3082\u3057\u308c\u306a\u3044\u306e\u3067\u3059\u3002\u3053\u3046\u3057\u305f\u72af\u7f6a\u884c\u70ba\u306f\u3001\u5bfe\u8c61Web\u30b5\u30a4\u30c8\u306e\u6240\u6709\u8005\u3084Web\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u4f1a\u793e\u306b\u6cd5\u7684\u304a\u3088\u3073\/\u307e\u305f\u306f\u98a8\u8a55\u4e0a\u306e\u640d\u5bb3\u3092\u4e0e\u3048\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u88ab\u5bb3\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u306e\u6d3b\u52d5\u6642\u3001\u3053\u306e\u653b\u6483\u8005\u306f\u3001\u8907\u6570\u306e\u6280\u8853\u3092\u4f7f\u3063\u3066\u3001\u3055\u307e\u3056\u307e\u306a\u76e3\u8996\u30c4\u30fc\u30eb\u3084\u3001\u74b0\u5883\u5185\u3067\u52d5\u4f5c\u3057\u3066\u3044\u308b\u5546\u7528\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u88fd\u54c1\u306e\u691c\u51fa\u3092\u56de\u907f\u3057\u3088\u3046\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u307e\u305f\u5f7c\u3089\u306f\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5b9f\u884c\u3092\u7d9a\u3051\u3066\u307f\u305f\u308a\u3001\u4ee5\u524d\u306b\u30d6\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u305f\u30c4\u30fc\u30eb\u3092\u518d\u5c55\u958b\u3057\u3066\u518d\u5b9f\u884c\u3057\u3066\u307f\u305f\u308a\u3001\u307b\u304b\u306e\u985e\u4f3c\u30c4\u30fc\u30eb\u3092\u8a66\u3057\u3066\u307f\u305f\u308a\u3082\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u653b\u6483\u8005\u306f\u3001\u65e2\u77e5\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u4f7f\u308f\u305a\u3001\u30ab\u30b9\u30bf\u30e0 \u30c4\u30fc\u30eb\u3092\u53d6\u308a\u5165\u308c\u3001\u8ab0\u3067\u3082\u5165\u624b\u3067\u304d\u308b\u516c\u958b\u3055\u308c\u305f\u6b63\u898f\u30c4\u30fc\u30eb\u3092\u4f7f\u3046\u3053\u3068\u3067\u3001\u691c\u51fa\u3092\u907f\u3051\u3088\u3046\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u6700\u8fd1\u89b3\u6e2c\u3057\u305f\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u308f\u308c\u3066\u3044\u305f\u6226\u8853\u30fb\u6280\u8853\u30fb\u624b\u9806(TTP)\u306b\u57fa\u3065\u304f\u3068\u3001\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u305f\u306e\u306f\u3001\u4ee5\u524d\u300c<a href=\"https:\/\/www.cyber.gov.au\/sites\/default\/files\/2023-03\/report_manic_menagerie.pdf\">Manic Menagerie<\/a>\u300d\u3068\u3044\u3046\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u305f\u306e\u3068\u540c\u3058\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3067\u3042\u308b\u3068\u8003\u3048\u3089\u308c\u307e\u3057\u305f\u3002\u3057\u305f\u304c\u3063\u3066\u79c1\u305f\u3061\u306f\u6700\u8fd1\u89b3\u6e2c\u3057\u305f\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u300cManic Menagerie 2.0\u300d\u3068\u547c\u3076\u3053\u3068\u306b\u3057\u307e\u3057\u305f\u3002<\/p>\n<p><a href=\"https:\/\/www.cyber.gov.au\/\" target=\"_blank\" rel=\"noopener\">Australian Cyber Security Center<\/a>\u306b\u3088\u308c\u3070\u3001\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u5c11\u306a\u304f\u3068\u30822018\u5e74\u304b\u3089\u3001\u30aa\u30fc\u30b9\u30c8\u30e9\u30ea\u30a2\u306eWeb\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u4f1a\u793e\u3092\u6a19\u7684\u3068\u3057\u3066\u6d3b\u52d5\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u5831\u544a\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u540d\u524d(menagerie\u306f\u300c\u898b\u4e16\u7269\u3068\u3057\u3066\u96c6\u3081\u3089\u308c\u305f\u52d5\u7269\u306e\u7fa4\u308c\u300d\u306a\u3044\u3057\u300c\u5947\u5999\u3067\u591a\u69d8\u306a\u4eba\u3005\u3084\u7269\u306e\u96c6\u307e\u308a\u300d\u306e\u610f)\u306f\u304a\u305d\u3089\u304f\u3001\u5f7c\u3089\u306e\u5fd9\u3057\u306a\u3044\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u52a0\u3048\u3066\u3001\u653b\u6483\u3055\u308c\u305fWeb\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u4f1a\u793e\u306e\u591a\u3055\u3084\u3001\u4f7f\u7528\u3055\u308c\u308b\u3055\u307e\u3056\u307e\u306a\u30c4\u30fc\u30eb\u306b\u3061\u306a\u3093\u3060\u3082\u306e\u3067\u306f\u306a\u3044\u304b\u3068\u8003\u3048\u3089\u308c\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u88fd\u54c1\u3068\u30b5\u30fc\u30d3\u30b9\u306b\u3088\u3063\u3066\u672c\u7a3f\u3067\u89e3\u8aac\u3057\u305f\u8105\u5a01\u304b\u3089\u306e\u4fdd\u8b77\u3092\u53d7\u3051\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XDR\" target=\"_blank\" rel=\"&quot;noopener noopener\">Cortex XDR<\/a>\u3068<a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XSIAM\" target=\"_blank\" rel=\"&quot;noopener noopener\">XSIAM<\/a>\u306e\u30ed\u30fc\u30ab\u30eb\u89e3\u6790\u3001\u632f\u308b\u821e\u3044\u8105\u5a01\u9632\u5fa1(BTP)\u3001\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30ca\u30fc \u30e2\u30b8\u30e5\u30fc\u30eb\u3001\u30a2\u30ca\u30ea\u30c6\u30a3\u30af\u30b9<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-url-filtering\/administration\" target=\"_blank\" rel=\"&quot;noopener noopener\">Advanced URL Filtering<\/a>\u3001<a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\">DNS Security<\/a>\u3001<a href=\"https:\/\/docs.paloaltonetworks.com\/wildfire\" target=\"_blank\" rel=\"&quot;noopener noopener\">WildFire<\/a>\u3092\u542b\u3080<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/security-subscriptions\" target=\"_blank\" rel=\"&quot;noopener noopener\">\u30af\u30e9\u30a6\u30c9\u914d\u4fe1\u578b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b5\u30fc\u30d3\u30b9<\/a><\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/managed-detection-and-response\" target=\"_blank\" rel=\"&quot;noopener noopener\">\u30de\u30cd\u30fc\u30b8\u30c9 \u30c7\u30a3\u30c6\u30af\u30b7\u30e7\u30f3&amp;\u30ec\u30b9\u30dd\u30f3\u30b9<\/a> \u30b5\u30fc\u30d3\u30b9<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"&quot;noopener noopener\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb (NGFW)<\/a>\u3068Threat Prevention\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3<\/li>\n<li>\u30af\u30e9\u30a6\u30c9\u914d\u4fe1\u578b\u30de\u30eb\u30a6\u30a7\u30a2\u89e3\u6790\u30b5\u30fc\u30d3\u30b9<a href=\"https:\/\/docs.paloaltonetworks.com\/wildfire\" target=\"_blank\" rel=\"&quot;noopener noopener\">WildFire<\/a><\/li>\n<\/ul>\n<table style=\"width: 100%;\">\n<thead>\n<tr>\n<td style=\"width: 35%;\"><b>\u95a2\u9023\u3059\u308bUnit 42\u306e\u30c8\u30d4\u30c3\u30af<\/b><\/td>\n<td style=\"width: 100%;\"><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/cryptominers-ja\/\" target=\"_blank\" rel=\"noopener\"><b>Cryptominers<\/b><\/a>, <strong><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/webshell-ja\/\" target=\"_blank\" rel=\"noopener\">Web shells<\/a><\/strong><\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<h2><a id=\"post-128984-_mkf6s0gx8fix\"><\/a><strong>\u521d\u671f\u30a2\u30af\u30bb\u30b9\u3068\u6c38\u7d9a\u6027<\/strong><\/h2>\n<p>Manic Menagerie 2.0\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u6700\u521d\u306e\u8db3\u304c\u304b\u308a\u306f2020\u5e74\u5f8c\u534a\u306b\u89b3\u6e2c\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u3068\u304d\u6a19\u7684\u3068\u3055\u308c\u3066\u3044\u305f\u306e\u306f\u7c73\u56fd\u3068EU\u306e\u4f01\u696d\u3067\u3059\u3002\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3001\u8106\u5f31\u306aWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3068IIS\u30b5\u30fc\u30d0\u30fc\u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3057\u3066\u6a19\u7684\u30de\u30b7\u30f3\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3001\u611f\u67d3\u30b5\u30fc\u30d0\u30fc\u4e0a\u306b\u3055\u307e\u3056\u307e\u306aWeb\u30b7\u30a7\u30eb\u3092\u5c55\u958b\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u7a3c\u50cd\u4e2d\u306eWeb\u30b5\u30fc\u30d0\u30fc\u4e0a\u306bWeb\u30b7\u30a7\u30eb\u3092\u5c55\u958b\u3059\u308b\u3053\u3068\u3067\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u6b63\u898fWeb\u30b5\u30a4\u30c8\u3092\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3067\u304d\u307e\u3059\u3002Web\u30b7\u30a7\u30eb\u306f\u3001\u4fb5\u5bb3\u3055\u308c\u305f\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e<span style=\"font-family: 'courier new', courier, monospace;\">C:\\<em>[hosted websites on the server path]<\/em>\\wwwroot\\example.com\\webshell.aspx<\/span>\u30d5\u30a9\u30eb\u30c0\u30fc\u5185\u306b\u30db\u30b9\u30c8\u3055\u308c\u305f\u3053\u308c\u3089\u306eWeb\u30b5\u30a4\u30c8\u4e0a\u306b\u914d\u7f6e\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u3053\u3046\u3059\u308b\u3053\u3068\u3067\u3001\u5c06\u6765\u7684\u306b\u88ab\u5bb3\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u5916\u304b\u3089\u306e\u516c\u958b\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306b\u306a\u308a\u3001\u4e8b\u5b9f\u4e0a\u3001\u3053\u308c\u3089\u306eWeb\u30b5\u30a4\u30c8\u304c\u653b\u6483\u8005\u306eC2\u30b5\u30fc\u30d0\u30fc\u4e88\u5099\u8ecd\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u79c1\u305f\u3061\u306f\u307e\u305f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">xn.aspx<\/span>\u3068\u3044\u3046Web\u30b7\u30a7\u30eb\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306eWeb\u30b7\u30a7\u30eb\u306f\u3001\u30aa\u30fc\u30b9\u30c8\u30e9\u30ea\u30a2\u56fd\u5185\u306eWeb\u30db\u30b9\u30c8\u4f1a\u793e\u3092\u6a19\u7684\u3068\u3057\u305f\u6700\u521d\u306eManic Menagerie\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u95a2\u3059\u308b<a href=\"https:\/\/www.cyber.gov.au\/sites\/default\/files\/2023-03\/report_manic_menagerie.pdf\" target=\"_blank\" rel=\"&quot;noopener noopener\">Australian Cyber Security Center (ACSC)\u306e\u5831\u544a\u66f8<\/a>\u3067\u8a00\u53ca\u3055\u308c\u3066\u3044\u305f\u3082\u306e\u3068\u540c\u3058Web\u30b7\u30a7\u30eb\u3067\u3059\u3002<\/p>\n<p>Manic Menagerie 2.0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3067\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306fWeb\u30b7\u30a7\u30eb\u3092\u5c55\u958b\u5f8c\u3001\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u306e\u5c55\u958b\u3092\u958b\u59cb\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u3001\u4fb5\u5bb3\u3057\u305f\u30b5\u30fc\u30d0\u30fc\u306e\u5f37\u529b\u306a\u30b3\u30f3\u30d4\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0 \u30ea\u30bd\u30fc\u30b9\u3092\u60aa\u7528\u3057\u3001\u30b3\u30a4\u30f3 \u30de\u30a4\u30cb\u30f3\u30b0\u3092\u901a\u3058\u3066\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u91d1\u92ad\u7684\u5229\u76ca\u3092\u5f97\u308b\u305f\u3081\u306b\u884c\u308f\u308c\u305f\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3067\u3057\u3087\u3046\u3002<\/p>\n<p>2021\u5e74\u304b\u30892022\u5e74\u306b\u304b\u3051\u3066\u3001Microsoft Exchange Server\u306e\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u516c\u958b\u3055\u308c\u305f\u3053\u3068\u3092\u53d7\u3051\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u8907\u6570\u306e\u6a19\u7684\u306b\u5bfe\u3057\u3001\u4ee5\u4e0b\u306e\u8106\u5f31\u6027\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u8a66\u307f\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-26855\" target=\"_blank\" rel=\"&quot;noopener noopener\">CVE-2021-26855<\/a>\u3001<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41040\" target=\"_blank\" rel=\"&quot;noopener noopener\">CVE-2022-41040<\/a>: (ProxyNotShell) Exchange Server\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9 \u30ea\u30af\u30a8\u30b9\u30c8 \u30d5\u30a9\u30fc\u30b8\u30a7\u30ea(SSRF)\u306e\u8106\u5f31\u6027<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-34473\" target=\"_blank\" rel=\"&quot;noopener noopener\">CVE-2021-34473<\/a>: (ProxyShell\u8106\u5f31\u6027\u306e1\u3064) Exchange Server\u306b\u304a\u3051\u308b\u30ea\u30e2\u30fc\u30c8 \u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-33766\" target=\"_blank\" rel=\"&quot;noopener noopener\">CVE-2021-33766<\/a>: (ProxyToken) \u653b\u6483\u8005\u304c\u4efb\u610f\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u306e\u8a2d\u5b9a\u3092\u6539\u3056\u3093\u53ef\u80fd<\/li>\n<\/ul>\n<p>\u3064\u307e\u308a\u3001\u74b0\u5883\u5185\u306b\u3042\u308b<a href=\"https:\/\/blog.viettelcybersecurity.com\/deep-understand-aspx-file-handling-and-some-related-attack-vector\/\" target=\"_blank\" rel=\"&quot;noopener noopener\">IIS \u30b5\u30fc\u30d0\u30fc<\/a>\u306e\u8106\u5f31\u6027\u3068<a href=\"https:\/\/attack.mitre.org\/techniques\/T1190\/\" target=\"_blank\" rel=\"&quot;noopener noopener\">\u8106\u5f31\u306aWeb \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3<\/a>\u306b\u3001\u524d\u8ff0\u306e\u8106\u5f31\u6027\u304c\u5408\u308f\u3055\u3063\u3066\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306b\u4fb5\u5165\u3084\u6c38\u7d9a\u6027\u78ba\u4fdd\u306e\u305f\u3081\u306e\u653b\u6483\u30d9\u30af\u30c8\u30eb\u304c\u3055\u3089\u306b\u4e0e\u3048\u3089\u308c\u305f\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<a href=\"https:\/\/blog.morphisec.com\/proxyshellminer-campaign\" target=\"_blank\" rel=\"&quot;noopener noopener\">Morphisec<\/a>\u306f\u6700\u8fd1\u3001\u653b\u6483\u8005\u304cExchange Server\u306b\u304a\u3051\u308b\u8106\u5f31\u6027(ProxyShell\u3068\u7dcf\u79f0\u3055\u308c\u308b)\u3092\u5229\u7528\u3057\u3001\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30ca\u30fc\u3092\u30c9\u30ed\u30c3\u30d7\u3059\u308b\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u8abf\u67fb\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-128984-_c2cym9s0ew2j\"><\/a>\u5075\u5bdf\u3068\u7279\u6a29\u6607\u683c<\/h2>\n<p>Manic Menagerie 2.0\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u4e0e\u3057\u3066\u3044\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3089\u306f\u30012020\u5e74\u5f8c\u534a\u304b\u3089\u3001\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\u306e\u6982\u5ff5\u5b9f\u8a3c(PoC)\u30c4\u30fc\u30eb(\u5f8c\u8ff0)\u3092\u5b9a\u671f\u7684\u306b\u5b9f\u884c\u3057\u306f\u3058\u3081\u307e\u3057\u305f\u3002IIS\u30b5\u30fc\u30d0\u30fc\u306e<span style=\"font-family: 'courier new', courier, monospace;\">Administrators<\/span>\u30b0\u30eb\u30fc\u30d7\u306b\u81ea\u5206\u305f\u3061\u7528\u306e\u30e6\u30fc\u30b6\u30fc\u3092\u8ffd\u52a0\u3057\u3066\u3001\u5229\u76ca\u3092\u3055\u3089\u306b\u62e1\u5927\u3057\u3088\u3046\u3068\u3057\u305f\u306e\u3067\u3059\u3002\u5f7c\u3089\u306f\u3042\u308b\u30c4\u30fc\u30eb\u304c\u5931\u6557\u3057\u3066\u3082\u3001\u4f3c\u305f\u3088\u3046\u306a\u6a5f\u80fd\u3092\u6301\u3064\u5225\u306e\u30c4\u30fc\u30eb\u3067\u518d\u5ea6\u30c1\u30e3\u30ec\u30f3\u30b8\u3057\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u653b\u6483\u8005\u306f\u3001RunasCs\u3068\u547c\u3070\u308c\u308b<span style=\"font-family: 'courier new', courier, monospace;\">runas.exe<\/span>\u306e.NET\u30e9\u30c3\u30d1\u30fc\u306e1\u3064\u3092\u4f7f\u3063\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30c4\u30fc\u30eb\u306f\u8ab0\u3067\u3082\u5165\u624b\u3067\u304d\u308b\u516c\u958b\u30c4\u30fc\u30eb\u3067\u3001\u5143\u306b\u306a\u3063\u305f<span style=\"font-family: 'courier new', courier, monospace;\">runas.exe<\/span>\u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u306b\u306f\u306a\u3044\u62e1\u5f35\u6a5f\u80fd\u3092\u3082\u305f\u305b\u3066\u3042\u308a\u307e\u3059\u3002\u305f\u3068\u3048\u3070\u3001\u660e\u793a\u7684\u306b\u30e6\u30fc\u30b6\u30fc \u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb\u3092\u6307\u5b9a\u3057\u3066\u30d7\u30ed\u30bb\u30b9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3082\u305d\u306e1\u3064\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3001\u8106\u5f31\u306aWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u30e6\u30fc\u30b6\u30fc\u3068\u3057\u3066\u5b9f\u884c\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u611f\u67d3\u74b0\u5883\u5185\u3067\u3055\u3089\u306a\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5075\u5bdf\u3092\u884c\u304a\u3046\u3068\u3057\u3066\u3044\u305f\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u305d\u306e\u5f8c\u3001<span style=\"font-family: 'courier new', courier, monospace;\">au.exe<\/span>(au\u306f\u300cadd user\u300d\u306e\u7565\u3002\u56f31\u53c2\u7167)\u3092\u5b9f\u884c\u3057\u3001\u81ea\u5206\u305f\u3061\u7528\u306e\u30e6\u30fc\u30b6\u30fc\u3092\u8ffd\u52a0\u3057\u3088\u3046\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u7279\u6a29\u3092\u6607\u683c\u3055\u305b\u305f\u30e6\u30fc\u30b6\u30fc\u306b\u5b9f\u884c\u3055\u308c\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u5f7c\u3089\u306f\u3055\u3089\u306b\u305d\u306e\u5f8c\u3001net\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u3001\u4f5c\u6210\u3057\u305f\u30e6\u30fc\u30b6\u30fc\u540d\u306e\u5b58\u5728\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u5f7c\u3089\u306e<span style=\"font-family: 'courier new', courier, monospace;\">iis_user<\/span>\u3001<span style=\"font-family: 'courier new', courier, monospace;\">iis_uses<\/span>\u3068\u3044\u3063\u305f\u30e6\u30fc\u30b6\u30fc\u540d\u306e\u4f7f\u7528\u306f\u6ce8\u76ee\u306b\u5024\u3057\u307e\u3059\u3002\u5f8c\u8005\u306f\u3001\u4e00\u898b\u3059\u308b\u3068\u7db4\u308a\u9593\u9055\u3044\u3068\u3068\u3089\u308c\u304b\u306d\u307e\u305b\u3093\u3002\u3053\u306e\u547d\u540d\u898f\u5247\u306f\u3001\u524d\u8ff0\u306eACSC\u306e\u5831\u544a\u66f8\u306b\u3082\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_128908\" aria-describedby=\"caption-attachment-128908\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128908 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-1.png\" alt=\"\u753b\u50cf1\u306f\u30b3\u30de\u30f3\u30c9 \u30d7\u30ed\u30f3\u30d7\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u30e6\u30fc\u30b6\u30fc\u306fau.exe\u3067\u3001iis_user\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u306f\u60c5\u5831\u306e\u4e00\u90e8\u3092\u4f0f\u305b\u3066\u3042\u308a\u307e\u3059\u3002 \" width=\"400\" height=\"140\" \/><figcaption id=\"caption-attachment-128908\" class=\"wp-caption-text\">\u56f31. <span style=\"font-family: 'courier new', courier, monospace;\">au.exe<\/span>\u306f<span style=\"font-family: 'courier new', courier, monospace;\">iis_user<\/span>\u3068\u3044\u3046\u30e6\u30fc\u30b6\u30fc\u3092\u4f5c\u6210\u3057\u305d\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u751f\u6210<\/figcaption><\/figure>\n<p>\u524d\u8ff0\u306e<span style=\"font-family: 'courier new', courier, monospace;\">au.exe<\/span>\u306f\u3053\u306e\u30a2\u30af\u30bf\u30fc\u304c\u8907\u6570\u56de\u5b9f\u884c\u3057\u3066\u3044\u305f\u30c4\u30fc\u30eb\u3067\u3001\u3053\u308c\u306f\u3055\u3089\u306b\u5225\u306ePoC\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\u30c4\u30fc\u30eb(\u56f32)\u3068\u3064\u306a\u304e\u5408\u308f\u305b\u3066\u4f7f\u308f\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_128910\" aria-describedby=\"caption-attachment-128910\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128910 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-2.png\" alt=\"\u753b\u50cf2\u306f\u3001\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305fRunasCs\u306e\u5b9f\u884c\u30d5\u30ed\u30fc\u56f3\u3067\u3059\u3002\u5b9f\u884c\u304c\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305f\u306e\u306f\u7b2c2\u30ec\u30d9\u30eb\u3067\u3059\u3002 \" width=\"900\" height=\"554\" \/><figcaption id=\"caption-attachment-128910\" class=\"wp-caption-text\">\u56f32. \u8106\u5f31\u306aWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u30e6\u30fc\u30b6\u30fc\u3068\u3057\u3066\u5225\u306e\u30b3\u30de\u30f3\u30c9\u3068\u7d44\u307f\u5408\u308f\u305b\u3066RunasCs\u3092\u5b9f\u884c\u3057\u3088\u3046\u3068\u3057\u305f\u304cCortex XDR\u306b\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305f<\/figcaption><\/figure>\n<p>\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3001\u3084\u306f\u308a\u7279\u6a29\u306e\u6607\u683c\u3092\u72d9\u3063\u3066\u3001\u8907\u6570\u306e\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u3044\u305f\u3088\u3046\u3059\u304c\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u4e0a\u306e\u56f32\u306e64-bit\u7248PrintSpoofer\u304c\u305d\u3046\u3057\u305f\u30c4\u30fc\u30eb\u306e1\u3064\u3067\u3001\u653b\u6483\u8005\u306f\u3053\u306e\u516c\u958b\u30c4\u30fc\u30eb\u3092<span style=\"font-family: 'courier new', courier, monospace;\">au.exe<\/span>\u306e\u7279\u6a29\u6607\u683c\u306b\u4f7f\u3063\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30c4\u30fc\u30eb\u3092\u4f7f\u3063\u3066\u3044\u306a\u3051\u308c\u3070\u3001\u610f\u56f3\u3057\u305f\u3088\u3046\u306a\u30e6\u30fc\u30b6\u30fc\u306e\u8ffd\u52a0\u306f\u3067\u304d\u306a\u3044\u3067\u3057\u3087\u3046\u3002<\/p>\n<h2><a id=\"post-128984-_u5n4f4sfwwe9\"><\/a>Fork\u7206\u5f3e\u3068\u3055\u3089\u306a\u308b\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u6607\u683c<\/h2>\n<p>\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3001\u4e00\u822c\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u8907\u6570\u306e\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u3001\u4ee5\u4e0b\u306e\u8106\u5f31\u6027\u3092\u5229\u7528\u3057\u305f\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u306e\u6607\u683c(Local Privilege Escalation: LPE)\u3092\u8a66\u307f\u3066\u3044\u308b\u3088\u3046\u3059\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-8120\">CVE-2018-8120<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0623\">CVE-2019-0623<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-0803\">CVE-2019-0803<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-1458\">CVE-2019-1458<\/a><\/li>\n<\/ul>\n<p>Manic Menagerie 2.0\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u89b3\u6e2c\u3055\u308c\u305f\u3082\u30461\u3064\u8208\u5473\u6df1\u3044\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">svchost.exe<\/span>\u306e<a href=\"https:\/\/www.okta.com\/identity-101\/fork-bomb\/\">Fork\u7206\u5f3e<\/a>\u3067\u3059\u3002\u6700\u521d\u306eManic Menagerie\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u3059\u308bACSC\u306e\u5831\u544a\u66f8\u3067\u3082\u3001\u3053\u306e\u7a2e\u306e\u30b5\u30fc\u30d3\u30b9\u59a8\u5bb3(DoS)\u30c4\u30fc\u30eb\u306e\u5b58\u5728\u306b\u3075\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>Fork\u7206\u5f3e\u306e\u30b3\u30fc\u30c9\u306f\u975e\u5e38\u306b\u30b7\u30f3\u30d7\u30eb\u3067\u3001\u7121\u9650\u30eb\u30fc\u30d7\u3067\u5b9f\u884c\u3057\u3066(\u56f33)\u3001\u30de\u30b7\u30f3\u306e\u30e1\u30e2\u30ea\u30fc\u304c\u67af\u6e07\u3059\u308b\u307e\u3067\u81ea\u8eab\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u6b21\u304b\u3089\u6b21\u306b\u30aa\u30fc\u30d7\u30f3\u3057\u3066\u3044\u304f\u3060\u3051\u3067\u3059\u3002\u3053\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306f\u3001\u30de\u30b7\u30f3\u3092\u30af\u30e9\u30c3\u30b7\u30e5\u3055\u305b\u3066\u5f37\u5236\u7684\u306b\u518d\u8d77\u52d5\u3059\u308b\u3053\u3068\u3092\u76ee\u7684\u3068\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u3063\u3066\u3001\u305d\u306e\u8d77\u52d5\u306b\u30de\u30b7\u30f3\u306e\u518d\u8d77\u52d5\u3092\u5fc5\u8981\u3068\u3059\u308b\u3001\u3042\u308b\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306e\u6c38\u7d9a\u5316\u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u6a5f\u80fd\u3055\u305b\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128912\" aria-describedby=\"caption-attachment-128912\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128912 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-3.png\" alt=\"\u753b\u50cf3\u306f\u3001Fork\u7206\u5f3e\u306e\u30d0\u30a4\u30ca\u30ea\u30fc\u306b\u3088\u3063\u3066\u7121\u9650\u30eb\u30fc\u30d7\u3092\u4f5c\u6210\u3059\u308b\u30b3\u30fc\u30c9 \u30b9\u30cb\u30da\u30c3\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u308c\u306fwhile(1)\u3067\u59cb\u307e\u308a\u307e\u3059\u3002 \" width=\"700\" height=\"100\" \/><figcaption id=\"caption-attachment-128912\" class=\"wp-caption-text\">\u56f33. Fork\u7206\u5f3e\u30d0\u30a4\u30ca\u30ea\u30fc\u306e\u30a8\u30f3\u30c9\u30ec\u30b9 \u30eb\u30fc\u30d7\u306e\u30b3\u30fc\u30c9\u30b9\u30cb\u30da\u30c3\u30c8<\/figcaption><\/figure>\n<h2><a id=\"post-128984-_27w761vbtm4u\"><\/a>dllnc.dll: \u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5b9f\u884c\u3068\u30e6\u30fc\u30b6\u30fc \u30c4\u30fc\u30eb\u306e\u8ffd\u52a0<\/h2>\n<p>Manic Menagerie 2.0\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u89b3\u6e2c\u3057\u305f\u3082\u30461\u3064\u306e\u30c4\u30fc\u30eb\u3001<span style=\"font-family: 'courier new', courier, monospace;\">dllnc<\/span>\u306b\u306f\u4e3b\u306a\u6a5f\u80fd\u304c2\u3064\u3042\u308a\u307e\u3059\u30021\u3064\u306f\u653b\u6483\u8005\u306e\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3084\u30d0\u30c3\u30c1 \u30d5\u30a1\u30a4\u30eb\u3092\u30ed\u30fc\u30c9\u3059\u308b\u6a5f\u80fd\u3067\u3001\u3082\u30461\u3064\u306f\u653b\u6483\u8005\u306e\u30e6\u30fc\u30b6\u30fc\u3092<span style=\"font-family: 'courier new', courier, monospace;\">Administrators<\/span>\u30b0\u30eb\u30fc\u30d7\u3078\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3092\u60f3\u5b9a\u3057\u305f\u6a5f\u80fd\u3067\u3059\u3002<\/p>\n<p>\u3053\u308c\u306b\u306f\u3001\u793a\u5506\u7684\u306aPDB\u30d1\u30b9\u304c1\u3064\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>2023\u5e745\u6708\u4e2d\u65ec\u73fe\u5728\u3001VirusTotal\u306b\u306f\u3001\u307b\u304b\u306b<span style=\"font-family: 'courier new', courier, monospace;\">F:\\upfile\\3389\\opents\\dlladduser\\x64\\Release\\dllnc.pdb<\/span>\u3092\u542b\u3080\u691c\u7d22\u7d50\u679c\u306f\u5b58\u5728\u3057\u307e\u305b\u3093\u3002\u3053\u306e\u3053\u3068\u304b\u3089\u306f\u3001\u304a\u305d\u3089\u304f\u3053\u306e\u30c4\u30fc\u30eb\u304c\u3053\u306e\u7279\u5b9a\u653b\u6483\u8005\u306e\u30ab\u30b9\u30bf\u30e0 \u30c4\u30fc\u30eb\u3060\u308d\u3046\u3001\u3068\u3044\u3046\u3053\u3068\u304c\u793a\u5506\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30ed\u30fc\u30c0\u30fc\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u306f\u3001\u653b\u6483\u8005\u306e\u30d1\u30b9(\u56f34)\u5185\u3067\u306e\u5b58\u5728\u3092\u60f3\u5b9a\u3057\u305f\u30c4\u30fc\u30eb\u3092\u3044\u304f\u3064\u304b\u30ed\u30fc\u30c9\u3057\u3088\u3046\u3068\u3057\u307e\u3059(\u305d\u308c\u3089\u306e\u30c4\u30fc\u30eb\u306e\u6709\u7121\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3066\u3044\u306a\u3044\u3053\u3068\u304b\u3089\u306e\u63a8\u6e2c)\u3002\u305d\u306e\u3055\u3044\u306f\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u8907\u6570\u306e\u30d1\u30b9\u304c\u5bfe\u8c61\u3068\u306a\u308a\u307e\u3059\u304c\u3001\u305d\u306e\u307b\u3068\u3093\u3069\u304c\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128914\" aria-describedby=\"caption-attachment-128914\" style=\"width: 437px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128914 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-4.png\" alt=\"\u753b\u50cf4\u306f\u4f55\u884c\u3082\u306e\u30b3\u30fc\u30c9\u3067\u3001\u653b\u6483\u8005\u306e\u30c4\u30fc\u30eb\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30d1\u30b9\u3067\u3059\u3002 \" width=\"437\" height=\"612\" \/><figcaption id=\"caption-attachment-128914\" class=\"wp-caption-text\">\u56f34. <span style=\"font-family: 'courier new', courier, monospace;\">dllnc.dll<\/span>\u3067\u78ba\u8a8d\u3055\u308c\u305f\u653b\u6483\u8005\u306e\u30c4\u30fc\u30eb\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30d1\u30b9<\/figcaption><\/figure>\n<p>\u6b21\u306b\u3053\u306e\u30c4\u30fc\u30eb\u306f\u3001\u73fe\u5728\u306e<span style=\"font-family: 'courier new', courier, monospace;\">iis_user<\/span>\u30e6\u30fc\u30b6\u30fc\u3092\u524a\u9664\u3057\u3066\u304b\u3089\u3001\u540c\u3058\u30e6\u30fc\u30b6\u30fc\u3092\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u518d\u5ea6\u8ffd\u52a0\u3057\u307e\u3059\u3002\u3053\u306e\u632f\u308b\u821e\u3044\u3082\u3001\u6700\u521d\u306eManic Menagerie\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u3059\u308bACSC\u306e\u5831\u544a\u66f8\u3068\u306e\u76f8\u95a2\u304c\u898b\u3089\u308c\u307e\u3059\u3002\u3053\u306e\u5831\u544a\u66f8\u3067\u3082\u8a00\u53ca\u3055\u308c\u3066\u3044\u308b<a href=\"https:\/\/www.ired.team\/offensive-security\/persistence\/rid-hijacking\" target=\"_blank\" rel=\"noopener\">Relative ID (RID)\u30cf\u30a4\u30b8\u30e3\u30c3\u30af<\/a>\u30c4\u30fc\u30eb\u306e\u53e4\u3044\u4e9c\u7a2e(\u56f35)\u306f\u3001\u3053\u308c\u3068\u4f3c\u305f\u632f\u308b\u821e\u3044\u3092\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128916\" aria-describedby=\"caption-attachment-128916\" style=\"width: 430px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128916 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-5.png\" alt=\"\u753b\u50cf5\u306f\u7ba1\u7406\u8005\u306e\u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u308c\u306fRID\u30cf\u30a4\u30b8\u30e3\u30c3\u30af \u30c4\u30fc\u30eb\u304b\u3089\u306e\u51fa\u529b\u3067\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u306f\u60c5\u5831\u306e\u4e00\u90e8\u3092\u4f0f\u305b\u3066\u3042\u308a\u307e\u3059\u3002 \" width=\"430\" height=\"185\" \/><figcaption id=\"caption-attachment-128916\" class=\"wp-caption-text\">\u56f35. RID\u30cf\u30a4\u30b8\u30e3\u30c3\u30af \u30c4\u30fc\u30eb\u304b\u3089\u306e\u51fa\u529b\u3002\u51fa\u5178: <a href=\"https:\/\/www.cyber.gov.au\/sites\/default\/files\/2023-03\/report_manic_menagerie.pdf\" target=\"_blank\" rel=\"noopener\">Australian Cyber Security Centre (ACSC) Report 2018-143<\/a> \u56f36<\/figcaption><\/figure>\n<p>\u4e21\u4e9c\u7a2e\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u306f\u660e\u3089\u304b\u306b\u5f37\u3044\u985e\u4f3c\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u4e21\u65b9\u3068\u3082<span style=\"font-family: 'courier new', courier, monospace;\">xman<\/span>\u3068\u3044\u3046\u63a5\u982d\u8f9e\u3092\u4f7f\u3044\u3001\u540c\u3058\u3088\u3046\u306a\u63a5\u5c3e\u8f9e\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059(\u56f36)\u3002<\/p>\n<figure id=\"attachment_128918\" aria-describedby=\"caption-attachment-128918\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128918 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-6.png\" alt=\"\u753b\u50cf6\u306f\u3001iis_user\u3068\u305d\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u60c5\u5831\u306e\u4e00\u90e8\u3092\u4f0f\u305b\u3066\u3042\u308a\u307e\u3059\u3002\" width=\"400\" height=\"76\" \/><figcaption id=\"caption-attachment-128918\" class=\"wp-caption-text\">\u56f36. \u30e6\u30fc\u30b6\u30fc<span style=\"font-family: 'courier new', courier, monospace;\">iis_user<\/span>\u3068\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9<\/figcaption><\/figure>\n<h2><a id=\"post-128984-_e6njsk69lerk\"><\/a>PCHunter<\/h2>\n<p>\u79c1\u305f\u3061\u306f\u3053\u306eManic Menagerie 2.0\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067PCHunter\u3068\u3044\u3046\u5225\u306e\u30c4\u30fc\u30eb\u306e\u4f7f\u7528\u3082\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30c4\u30fc\u30eb\u306fGMER\u3084Rootkit Unhooker\u3068\u3044\u3063\u305f\u53e4\u3044\u30c4\u30fc\u30eb\u3068\u4f3c\u305f\u3082\u306e\u3067\u3001\u3055\u307e\u3056\u307e\u306aWindows\u306e\u5185\u90e8\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306e\u30d6\u30e9\u30a6\u30ba\u3084\u5909\u66f4\u3092\u884c\u3046\u5f37\u529b\u306a\u6b63\u898f\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8\u3067\u3059\u3002\u56f37\u306fPCHunter\u306e\u5b9f\u884c\u304c\u30d6\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u69d8\u5b50\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128920\" aria-describedby=\"caption-attachment-128920\" style=\"width: 450px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128920 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-7.png\" alt=\"\u753b\u50cf7\u306f\u3001Cortex XDR\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3001PCHunter64.exe\u304c\u30d6\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u56f3\u306b\u306f\u30d1\u30b9\u3084SHA\u3001\u7f72\u540d\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"450\" height=\"218\" \/><figcaption id=\"caption-attachment-128920\" class=\"wp-caption-text\">\u56f37 PCHunter\u306e\u5b9f\u884c\u3092\u30d6\u30ed\u30c3\u30af<\/figcaption><\/figure>\n<p>\u56f38\u306f\u3001\u300cEpoolsoft Corporation\u300d\u306b\u3088\u308bPCHunter\u306e\u30c7\u30b8\u30bf\u30eb\u7f72\u540d\u3067\u3059\u3002\u4e2d\u56fd\u8a9e\u306e\u30b3\u30e1\u30f3\u30c8\u306b\u306f\u30c4\u30fc\u30eb\u306e\u7c21\u5358\u306a\u8aac\u660e\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3092\u8a33\u3059\u3068\u300cYipmin\u306fWindows\u306e\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u95b2\u89a7\u30c4\u30fc\u30eb(\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ab\u30c6\u30b4\u30ea\u30fc)\u3067\u3059\u300d\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128922\" aria-describedby=\"caption-attachment-128922\" style=\"width: 468px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128922 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-8.png\" alt=\"\u753b\u50cf8\u306fPCHunter\u306e\u7f72\u540d\u8005\u60c5\u5831\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u308c\u306b\u306f\u3001Copyright\u3001Product\u3001Description\u3001Original Name\u3001Internal Name\u3001File Version\u3001Comments (\u6f22\u5b57\u3067\u66f8\u304b\u308c\u3066\u3044\u308b)\u3001Data signed\u304c\u542b\u307e\u308c\u307e\u3059\u3002\" width=\"468\" height=\"211\" \/><figcaption id=\"caption-attachment-128922\" class=\"wp-caption-text\">\u56f38. PCHunter\u306e\u7f72\u540d\u8005\u60c5\u5831\u3002<\/figcaption><\/figure>\n<h2><a id=\"post-128984-_uu6ks0hz8dtx\"><\/a>\u7b2c2\u306e\u6ce2: \u5927\u898f\u6a21\u306a\u30d0\u30c3\u30af\u30c9\u30a2\u5316<\/h2>\n<h3><a id=\"post-128984-_1qgm1khysxl\"><\/a>\u8907\u6570\u306e\u5b9b\u5148\u3092\u5bfe\u8c61\u3068\u3059\u308b\u65e2\u77e5Web\u30b7\u30a7\u30eb\u306e\u5c55\u958b<\/h3>\n<p>Manic Menagerie 2.0\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u89b3\u6e2c\u3055\u308c\u305f2\u3064\u3081\u306e\u660e\u78ba\u306a\u653b\u6483\u6ce2\u306f\u3001\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3055\u308c\u305fWeb\u30b5\u30a4\u30c8\u306b\u5bfe\u3059\u308b\u5927\u898f\u6a21\u306aWeb\u30b7\u30a7\u30eb\u5c55\u958b\u3068\u3044\u3046\u5927\u304d\u306a\u7279\u5fb4\u3092\u6301\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u3063\u3066\u653b\u6483\u8005\u306f\u3001\u5c06\u6765\u306e\u516c\u958b\u30a2\u30af\u30bb\u30b9\u3092\u6709\u52b9\u306b\u3057\u3066\u8db3\u5834\u3092\u56fa\u3081\u3001\u30cd\u30b9\u30c8\u3057\u305f\u30d5\u30a9\u30eb\u30c0\u30fc\u306e\u5965\u6df1\u304f\u306bWeb\u30b7\u30a7\u30eb\u3092\u96a0\u305b\u307e\u3059\u3002\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3055\u308c\u305f\u3053\u308c\u3089\u306e\u6b63\u898fWeb\u30b5\u30a4\u30c8\u306f\u3001\u5c06\u6765\u7684\u306bC2\u30b5\u30fc\u30d0\u30fc\u3068\u3057\u3066\u4f7f\u7528\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059(\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8 \u30a4\u30f3\u30d5\u30e9\u306e\u4e00\u90e8\u3068\u3057\u3066\u5229\u7528\u3055\u308c\u308b\u306a\u3069)\u3002<\/p>\n<p>\u3053\u306e\u653b\u6483\u8005\u306f\u30012022\u5e74\u521d\u982d\u307e\u3067\u3055\u304b\u306e\u307c\u3063\u3066\u3001ASPXSpy\u3068\u547c\u3070\u308c\u308b\u540c\u3058\u65e2\u77e5\u306eWeb\u30b7\u30a7\u30eb\u3092\u3001\u8907\u6570\u306e\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3055\u308c\u305fWeb\u30b5\u30a4\u30c8\u306b\u5c55\u958b\u3057\u3088\u3046\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u56f39\u306b\u793a\u3059\u3088\u3046\u306b\u3001\u3053\u306eWeb\u30b7\u30a7\u30eb\u306f\u4f55\u767e\u3082\u306e\u7570\u306a\u308b\u30d1\u30b9\u306b\u66f8\u304d\u8fbc\u307e\u308c\u3066\u3044\u305f\u3088\u3046\u3059\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128924\" aria-describedby=\"caption-attachment-128924\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128924 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-9.png\" alt=\"\u753b\u50cf9\u306fCortex XDR\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002ACTION_TYPE\u3001FILE_PATH\u3001FILE_SHA256\u306e\u5217\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002ACTION_TYPE\u306f\u300cFile Write (\u30d5\u30a1\u30a4\u30eb\u306e\u66f8\u304d\u8fbc\u307f)\u300d\u3067\u3059\u3002\u3053\u3053\u3067\u306f\u30d5\u30a1\u30a4\u30eb \u30d1\u30b9\u306e\u307b\u3068\u3093\u3069\u304c\u4f0f\u305b\u5b57\u306b\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"900\" height=\"345\" \/><figcaption id=\"caption-attachment-128924\" class=\"wp-caption-text\">\u56f39. ASPXSpy Web\u30b7\u30a7\u30eb\u304c\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3055\u308c\u305fWeb\u30b5\u30a4\u30c8\u306e\u3055\u307e\u3056\u307e\u306a\u30d1\u30b9\u306b\u66f8\u304d\u8fbc\u307e\u308c\u3066\u3044\u305f<\/figcaption><\/figure>\n<h3><a id=\"post-128984-_vt738m64c8rd\"><\/a>GoIIS<\/h3>\n<p>\u3053\u306e\u653b\u6483\u8005\u306f\u307e\u305f\u30012017\u5e74\u306b\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">IIS1.asp<\/span>\u307e\u305f\u306f<span style=\"font-family: 'courier new', courier, monospace;\">GoIIS.exe<\/span>(\u56f310)\u3068\u547c\u3070\u308c\u308b\u30c4\u30fc\u30eb\u3092\u5b9f\u884c\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30c4\u30fc\u30eb\u306fGolang\u3067\u66f8\u304b\u308c\u3066\u3044\u3066\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u30d5\u30a9\u30eb\u30c0\u30fc\u3092\u8d70\u67fb\u3057\u3001\u305d\u306e\u8a2d\u5b9a\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\u306e\u306b\u4f7f\u308f\u308c\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u3063\u3066\u653b\u6483\u8005\u306f\u4fb5\u5bb3\u3057\u305f\u30b5\u30fc\u30d0\u30fc\u306b\u95a2\u3059\u308b\u4fa1\u5024\u306e\u9ad8\u3044\u60c5\u5831\u3092\u5f97\u3089\u308c\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128926\" aria-describedby=\"caption-attachment-128926\" style=\"width: 679px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128926 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-10.png\" alt=\"\u753b\u50cf10\u306fISS\u30c4\u30fc\u30eb\u51fa\u529b\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u30022\u3064\u306e\u8d64\u3044\u67a0\u306b\u3088\u308b\u30cf\u30a4\u30e9\u30a4\u30c8\u304c\u3042\u308a\u307e\u3059\u3002\" width=\"679\" height=\"264\" \/><figcaption id=\"caption-attachment-128926\" class=\"wp-caption-text\">\u56f310. IIS\u30c4\u30fc\u30eb\u306e\u51fa\u529b<\/figcaption><\/figure>\n<h3><a id=\"post-128984-_gquo2ifwr5im\"><\/a>Sh.exe: \u30ab\u30b9\u30bf\u30e0Web\u30b7\u30a7\u30eb\u5c55\u958b\u30c4\u30fc\u30eb<\/h3>\n<p>2022\u5e74\u306e\u5f8c\u534a\u3001\u3053\u306e\u653b\u6483\u8005\u306fManic Menagerie 2.0\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u4e00\u74b0\u3068\u3057\u3066<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u3068\u3044\u3046\u30ab\u30b9\u30bf\u30e0\u30c4\u30fc\u30eb\u3092\u5c55\u958b\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u5b9f\u884c\u306e\u3088\u3046\u3059\u306f\u4ee5\u4e0b\u306e\u56f311\u3067\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002\u3053\u306e\u30c4\u30fc\u30eb\u306e\u5f79\u5272\u306f\u3001\u4e8b\u524d\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u30d1\u30b9\u306e\u4e00\u89a7\u3068\u3001\u540c\u3058\u30d1\u30d6\u30ea\u30c3\u30afIP\u30a2\u30c9\u30ec\u30b9\u3092\u5171\u6709\u3057\u3066\u3044\u308b\u5bfe\u8c61\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u6e08\u307f\u6b63\u898fWeb\u30b5\u30a4\u30c8\u3092\u3082\u3068\u306b\u3057\u3066\u3001\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3055\u308c\u305fWeb\u30b5\u30a4\u30c8\u306b\u5927\u898f\u6a21\u306aWeb\u30b7\u30a7\u30eb\u3092\u66f8\u304d\u8fbc\u3080\u3053\u3068\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u30c4\u30fc\u30eb\u306e\u4f7f\u7528\u3092\u5bb9\u6613\u306b\u3059\u308b\u305f\u3081\u3001\u653b\u6483\u8005\u306f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u30ea\u30b9\u30c8(ACL)\u7ba1\u7406\u7528\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3 \u30c4\u30fc\u30eb\u3067\u3042\u308b<span style=\"font-family: 'courier new', courier, monospace;\">caclcs.exe<\/span>(<span style=\"font-family: 'courier new', courier, monospace;\">mycacls.com<\/span>\u3068\u3044\u3046\u540d\u524d\u304c\u3064\u3051\u3089\u308c\u3066\u3044\u305f)\u306e\u30ab\u30b9\u30bf\u30e0 \u30e9\u30c3\u30d1\u30fc\u3092\u4f7f\u3063\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30c4\u30fc\u30eb\u3092\u4f7f\u3048\u3070\u3001Web\u30b5\u30fc\u30d0\u30fc\u306eACL\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u4e00\u62ec\u3067\u5909\u66f4\u3057\u305f\u308a\u3001IIS\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u3092\u7de9\u3081\u305f\u308a\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128928\" aria-describedby=\"caption-attachment-128928\" style=\"width: 764px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128928 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-11.png\" alt=\"\u753b\u50cf11\u306fCortex XDR\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u30c4\u30ea\u30fc\u56f3\u306bsh.exe\u304c\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305f\u5834\u6240\u304c\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u306b\u306f\u8907\u6570\u306e\u30d5\u30a1\u30a4\u30eb\u30d1\u30b9\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"764\" height=\"409\" \/><figcaption id=\"caption-attachment-128928\" class=\"wp-caption-text\">\u56f311 \u307b\u304b\u306e\u30c4\u30fc\u30eb\u3084\u30b3\u30de\u30f3\u30c9\u3068\u3068\u3082\u306b<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u306e\u5b9f\u884c\u304c\u8a66\u307f\u3089\u308c\u305f\u304cCortex XDR\u306b\u3088\u3063\u3066\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305f<\/figcaption><\/figure>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u306b\u6e21\u3055\u308c\u308b\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306b\u306f\u3001\u540c\u3058\u30d1\u30d6\u30ea\u30c3\u30afIP\u3092\u5171\u6709\u3059\u308b\u95a2\u9023Web\u30b5\u30a4\u30c8\u306e\u4e00\u89a7\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u5b9f\u884c\u3055\u308c\u305f<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u30c4\u30fc\u30eb\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">images<\/span>\u3084<span style=\"font-family: 'courier new', courier, monospace;\">css<\/span>\u3068\u3044\u3063\u305f\u4e00\u898b\u6b63\u898f\u306e\u3082\u306e\u306b\u898b\u3048\u308b\u3055\u307e\u3056\u307e\u306a\u30b5\u30d6\u30d5\u30a9\u30eb\u30c0\u30fc\u3092\u751f\u6210\u3057\u3001\u81ea\u3089\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306e\u3055\u3089\u306a\u308b\u96a0\u853d\u3092\u306f\u304b\u308a\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u653b\u6483\u8005\u304c\u5c06\u6765\u7684\u306b\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u304b\u3089\u88ab\u5bb3\u8005\u306e\u30de\u30b7\u30f3\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3001\u4eca\u5f8c\u3053\u306e\u30a4\u30f3\u30d5\u30e9\u3092\u5927\u898f\u6a21C2\u30b5\u30fc\u30d0\u30fc\u3068\u3057\u3066\u5229\u7528\u3059\u308b\u3053\u3068\u3092\u610f\u56f3\u3057\u3066\u3044\u305f\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u306f\u300cFujian identical investment co.,Ltd.\u300d\u304c\u767a\u884c\u3057\u305f\u7121\u52b9\u306a\u8a3c\u660e\u66f8\u3067\u7f72\u540d\u3055\u308c\u3066\u3044\u307e\u3059(\u56f312)\u3002\u3053\u306e\u540d\u524d\u306f\u3001ACSC\u306e\u5831\u544a\u66f8\u304c\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u89e3\u8aac\u3057\u305f\u5225\u30c4\u30fc\u30eb\u306e\u7f72\u540d\u306b\u4f7f\u308f\u308c\u305f\u3082\u306e\u3068\u540c\u3058\u540d\u524d\u3067\u3059\u3002<\/p>\n<p>\u79c1\u305f\u3061\u304c\u89b3\u6e2c\u3057\u305f\u30b5\u30f3\u30d7\u30eb\u3067\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u306f2022\u5e7411\u67083\u65e5\u306b\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u305d\u306e\u8a3c\u660e\u66f8\u306f2022\u5e7412\u67086\u65e5\u306b\u7f72\u540d\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u7f72\u540d\u3057\u3066\u307e\u3082\u306a\u304f\u3001\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u3001\u4fb5\u5bb3\u3057\u305f\u74b0\u5883\u306e1\u3064\u3067\u3001<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u3092\u5b9f\u884c\u3059\u308b\u3088\u3046\u3059\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30b3\u30f3\u30d1\u30a4\u30eb\u306e\u30bf\u30a4\u30e0\u30b9\u30bf\u30f3\u30d7\u3068\u3001\u3053\u306e\u7121\u52b9\u306a\u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9593\u306f\u3001\u3053\u306e\u30c4\u30fc\u30eb\u304c\u3053\u306e\u7279\u5b9a\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u305f\u3081\u306b\u7279\u5225\u306b\u4f5c\u3089\u308c\u305f\u3082\u306e\u3067\u3042\u308b\u53ef\u80fd\u6027\u3092\u793a\u5506\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><figure id=\"attachment_128930\" aria-describedby=\"caption-attachment-128930\" style=\"width: 399px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128930 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-12.png\" alt=\"\u753b\u50cf12\u306f\u30c7\u30b8\u30bf\u30eb\u7f72\u540d\u306e\u8a73\u7d30\u306e\u30dd\u30c3\u30d7\u30a2\u30c3\u30d7 \u30a6\u30a3\u30f3\u30c9\u30a6\u3067\u3059\u3002\u3053\u3053\u3067\u306f[General]\u30bf\u30d6\u3092\u958b\u3044\u3066\u3044\u307e\u3059\u3002\u3053\u3053\u306b\u306f\u3001Name\u3001E-mail\u3001Signing time\u306e\u307b\u304b\u3001[View Certificate] \u30dc\u30bf\u30f3\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002Countersignatures\u3082\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"399\" height=\"479\" \/><figcaption id=\"caption-attachment-128930\" class=\"wp-caption-text\">\u56f312. <span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u306e\u7121\u52b9\u306a\u7f72\u540d<\/figcaption><\/figure>\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u307b\u3068\u3093\u3069\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u524a\u9664\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u79c1\u305f\u3061\u306f<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u3068\u305d\u308c\u304c\u30c9\u30ed\u30c3\u30d7\u3057\u305f\u30d5\u30a1\u30a4\u30eb(\u5fa9\u5143\u306f\u3067\u304d\u305a)\u306e\u9593\u306b\u3064\u306a\u304c\u308a\u304c\u3042\u308b\u3053\u3068\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u8abf\u67fb\u306e\u7d50\u679c\u3001\u653b\u6483\u8005\u304c\u4f7f\u7528\u3057\u305f\u30b3\u30f3\u30d1\u30a4\u30eb\u6e08\u307f.NET DLL\u306f3\u7a2e\u985e\u3067\u3042\u308b\u3053\u3068\u304c\u5224\u660e\u3057\u307e\u3057\u305f\u3002<\/p>\n<p><a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/hafnium-china-chopper-and-aspnet-runtime\/\">\u3053\u308c\u3089\u306eDLL<\/a>\u306fraw\u306eASPX\u30d5\u30a1\u30a4\u30eb\u304c\u521d\u3081\u3066\u30a2\u30af\u30bb\u30b9\u3055\u308c\u305f\u3055\u3044\u3001IIS\u30b5\u30fc\u30d0\u30fc\u306b\u3088\u3063\u3066<a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/hafnium-china-chopper-and-aspnet-runtime\/\">\u30b3\u30f3\u30d1\u30a4\u30eb<\/a>\u3055\u308c\u307e\u3059\u3002\u30b3\u30fc\u30c9\u3092\u9006\u30b3\u30f3\u30d1\u30a4\u30eb\u3057\u3066\u307f\u308b\u3068\u3001\u4e21\u30d5\u30a1\u30a4\u30eb\u3067\u78ba\u8a8d\u3055\u308c\u305f\u793a\u5506\u7684\u306a\u6587\u5b57\u5217\u304b\u3089\u3001\u3053\u306eWeb\u30b7\u30a7\u30eb\u3068<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u3068\u306e\u9593\u306b\u8208\u5473\u6df1\u3044\u985e\u4f3c\u70b9\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>Web\u30b7\u30a7\u30eb\u306e1\u3064\u304c\u30c9\u30ed\u30c3\u30d7\u3055\u308c\u305fWeb\u30b5\u30a4\u30c8\u306e1\u3064\u3092\u30d6\u30e9\u30a6\u30ba\u3057\u3066\u307f\u308b\u3068\u3001\u305d\u306e\u30da\u30fc\u30b8\u4e0a\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u306f\u6587\u5b57\u5217<span style=\"font-family: 'courier new', courier, monospace;\">ONEPIECE<\/span>\u3067\u3057\u305f(\u56f313)\u3002<\/p>\n<figure id=\"attachment_128932\" aria-describedby=\"caption-attachment-128932\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128932 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-13.png\" alt=\"\u753b\u50cf13\u306f\u3001Web\u30b7\u30a7\u30eb \u30ea\u30bd\u30fc\u30b9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059(\u4e00\u90e8\u5185\u5bb9\u3092\u4f0f\u305b\u3066\u3042\u308b)\u3002\" width=\"900\" height=\"207\" \/><figcaption id=\"caption-attachment-128932\" class=\"wp-caption-text\">\u56f313. \u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3055\u308c\u305fWeb\u30b5\u30a4\u30c8\u5185\u306eWeb\u30b7\u30a7\u30eb \u30ea\u30bd\u30fc\u30b9\u3092\u30d6\u30e9\u30a6\u30ba<\/figcaption><\/figure>\n<p>Web\u30b7\u30a7\u30eb\u306e\u30b3\u30fc\u30c9\u3092\u30d6\u30e9\u30a6\u30ba\u3057\u3066HTML\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u8868\u793a\u3057\u3066\u3044\u308b\u30b3\u30fc\u30c9\u3092\u898b\u3066\u307f\u308b\u3068\u3001\u3053\u306e\u6587\u5b57\u5217\u306f<span style=\"font-family: 'courier new', courier, monospace;\">x_best_911<\/span>(\u56f314)\u3068\u3044\u3063\u305f\u3001\u307b\u304b\u306e\u793a\u5506\u7684\u306a\u6587\u5b57\u5217\u3068\u3068\u3082\u306b\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128934\" aria-describedby=\"caption-attachment-128934\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128934 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-14.png\" alt=\"\u753b\u50cf14\u306f\u3001\u6570\u884c\u306e\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u308c\u3089\u306f\u6587\u5b57\u5217\u3067\u3001Web\u30b7\u30a7\u30eb\u306eDLL\u30b3\u30fc\u30c9\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3044\u308b\u300cONEPIECE\u300d\u3068\u3044\u3046\u6587\u5b57\u5217\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"400\" height=\"110\" \/><figcaption id=\"caption-attachment-128934\" class=\"wp-caption-text\">\u56f314 \u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fWeb\u30b7\u30a7\u30eb\u306eDLL\u30b3\u30fc\u30c9\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f<span style=\"font-family: 'courier new', courier, monospace;\">ONEPIECE<\/span>\u3068\u3044\u3046\u6587\u5b57\u5217\u3002<\/figcaption><\/figure>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">x_best_911<\/span>\u3068\u3044\u3046\u6587\u5b57\u5217\u306f<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u5185\u3067\u3082\u898b\u3064\u304b\u308a\u307e\u3059(\u56f315)\u3002<\/p>\n<figure id=\"attachment_128936\" aria-describedby=\"caption-attachment-128936\" style=\"width: 633px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128936 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-15.png\" alt=\"\u753b\u50cf15\u306f\u3001\u6570\u884c\u306e\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3044\u308b\u306e\u306fx_best_911\u306e\u6587\u5b57\u5217\u3067\u3059\u3002\" width=\"633\" height=\"126\" \/><figcaption id=\"caption-attachment-128936\" class=\"wp-caption-text\">\u56f315. <span style=\"font-family: 'courier new', courier, monospace;\">sh.exe.<\/span>\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f<span style=\"font-family: 'courier new', courier, monospace;\">x_best_911<\/span>\u3068\u3044\u3046\u6587\u5b57\u5217<\/figcaption><\/figure>\n<p>ACSC\u306e\u5831\u544a\u306b\u623b\u308b\u3068\u3001\u524d\u8ff0\u306eRID\u30cf\u30a4\u30b8\u30e3\u30c3\u30af \u30c4\u30fc\u30eb\u306e\u5b9f\u884c\u6642\u306b\u751f\u6210\u3055\u308c\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u306b\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">xman<\/span>\u3068\u3044\u3046\u6587\u5b57\u5217\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u6587\u5b57\u5217\u306f<span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u304b\u3089\u3082\u898b\u3064\u304b\u3063\u3066\u304a\u308a(\u56f316)\u3001\u4eca\u56de\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3068\u3001\u4ee5\u524d\u306eManic Menagerie\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u898b\u3089\u308c\u305f\u65b0\u305f\u306a\u30c4\u30fc\u30eb\u306e\u9593\u306b\u3055\u3089\u306a\u308b\u985e\u4f3c\u6027\u304c\u793a\u5506\u3055\u308c\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128938\" aria-describedby=\"caption-attachment-128938\" style=\"width: 621px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128938 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-16.png\" alt=\"\u753b\u50cf16\u306f\u3001\u6570\u884c\u306e\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002sh.exe\u306b\u306fxman\u3068\u3044\u3046\u6587\u5b57\u5217\u304c\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"621\" height=\"47\" \/><figcaption id=\"caption-attachment-128938\" class=\"wp-caption-text\">\u56f316. <span style=\"font-family: 'courier new', courier, monospace;\">sh.exe<\/span>\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f<span style=\"font-family: 'courier new', courier, monospace;\">xman<\/span>\u3068\u3044\u3046\u6587\u5b57\u5217<\/figcaption><\/figure>\n<h3><a id=\"post-128984-_kyqexieo76t3\"><\/a>\u3055\u3089\u306a\u308b\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u6607\u683c\u306e\u8a66\u307f<\/h3>\n<h4><a id=\"post-128984-_bxmf6yys1b7x\"><\/a>\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u6607\u683c\u30c4\u30fc\u30eb\u30bb\u30c3\u30c8: Hippos\u3068Potatoes<\/h4>\n<p>\u524d\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u8ff0\u3079\u305f\u3088\u3046\u306b\u3001IIS\u30b5\u30fc\u30d0\u30fc\u304cWeb\u30b7\u30a7\u30eb\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u3042\u308b.NET DLL\u304c\u305d\u306e\u5834\u3067\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u3066\u4e00\u6642\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u7f6e\u304b\u308c\u307e\u3059\u3002\u305d\u3046\u3057\u305f\u30b3\u30f3\u30d1\u30a4\u30eb\u6e08\u307fDLL Web\u30b7\u30a7\u30eb \u30d5\u30a1\u30a4\u30eb\u306e1\u3064\u304c\u3001\u4ee5\u4e0b\u306e\u56f317\u306b\u793a\u3059<span style=\"font-family: 'courier new', courier, monospace;\">App_Web_xvuga1zl.dll<\/span>\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u3059\u308b\u3055\u307e\u3056\u307e\u306a\u30b9\u30c6\u30fc\u30b8\u306e\u653b\u6483\u3067\u898b\u3089\u308c\u305f\u3088\u3046\u306b\u3001\u3053\u306e\u653b\u6483\u8005\u306fWeb\u30b7\u30a7\u30eb\u3068\u306e\u63a5\u7d9a\u3092\u78ba\u7acb\u5f8c\u3001\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u8907\u6570\u306e\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u6607\u683c\u30c4\u30fc\u30eb\u3092\u3001\u30ea\u30e2\u30fc\u30c8\u304b\u3089\u3055\u3089\u306b\u5b9f\u884c\u3057\u3088\u3046\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u540c\u69d8\u306b\u3001\u4eca\u56de\u3082\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u7279\u6a29\u6607\u683c\u30c4\u30fc\u30eb\u304c\u4f7f\u308f\u308c\u307e\u3057\u305f\u3002\u306a\u304b\u306b\u306f\u3001\u305d\u308c\u305e\u308c\u306e\u5b9f\u884c\u9593\u9694\u3092\u6570\u5206\u3057\u304b\u7a7a\u3051\u306a\u3044\u3053\u3068\u3067\u3001\u30d6\u30ed\u30c3\u30af\u3092\u56de\u907f\u3057\u3088\u3046\u3068\u3057\u3066\u3044\u305f\u4e8b\u4f8b\u3082\u3042\u308a\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li>JuicyPotato<\/li>\n<li>PrintSpoofer<\/li>\n<li>JuicyPotatoNG<\/li>\n<li>EfsPotato<\/li>\n<li>PetitPotam (\u30d5\u30e9\u30f3\u30b9\u8a9e\u3067\u300c\u5c0f\u3055\u306a\u30ab\u30d0\u300d)<\/li>\n<\/ul>\n<figure id=\"attachment_128940\" aria-describedby=\"caption-attachment-128940\" style=\"width: 649px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128940 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-17.png\" alt=\"\u753b\u50cf17\u306fCortex XDR\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u308c\u306f\u30c4\u30ea\u30fc\u56f3\u3067\u3059\u3002\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u3088\u3063\u3066\u691c\u51fa\u30fb\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305f\u8907\u6570\u306e\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u6607\u683c\u30c4\u30fc\u30eb\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u8d64\u3044\u67a0\u3067DLL\u304c\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"649\" height=\"684\" \/><figcaption id=\"caption-attachment-128940\" class=\"wp-caption-text\">\u56f317. \u8907\u6570\u306e\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\u30c4\u30fc\u30eb\u3092Cortex XDR\u304c\u691c\u51fa\u30fb\u30d6\u30ed\u30c3\u30af<\/figcaption><\/figure>\n<h4><a id=\"post-128984-_wko2nk77ix42\"><\/a>MyComEop<\/h4>\n<p>Manic Menagerie 2.0\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u6a19\u7684\u3068\u306a\u3063\u305f\u7d44\u7e54\u304b\u3089\u5fa9\u5143\u3057\u305f\u3044\u304f\u3064\u304b\u306e\u30ed\u30fc\u30c0\u30fc\u3092\u5206\u6790\u3057\u305f\u3068\u3053\u308d\u3001\u5225\u306e\u767a\u898b\u304c\u76ee\u306b\u7559\u307e\u308a\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30ed\u30fc\u30c0\u30fc\u306b\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">x<\/span>\u3068<span style=\"font-family: 'courier new', courier, monospace;\">x.tmp<\/span>\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u6587\u5b57\u5217\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30ed\u30fc\u30c0\u30fc\u3092\u30c7\u30d0\u30c3\u30ac\u30fc\u3067\u5b9f\u884c\u3057\u305f\u3068\u3053\u308d\u3001\u3046\u307e\u304f\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5fa9\u53f7\u3067\u304d\u3001\u3055\u3089\u306b\u5225\u306ePoC\u306e\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u6607\u683c\u30fb\u30d0\u30c3\u30af\u30c9\u30a2 \u30c4\u30fc\u30eb\u306e\u5b58\u5728\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u306f\u7279\u5fb4\u7684\u306aPDB\u30d1\u30b9\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">E:\\git\\MyComEopPower\\MyComEopPipe\\Build\\Quantum.pdb<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">E:\\git\\MyComEopPower\\MyComEopPipe\\Build\\MyComEop.pdb<\/span><\/li>\n<\/ul>\n<p>VirusTotal\u3067\u3053\u308c\u3089\u306ePDB\u30d1\u30b9\u3092\u691c\u7d22\u3057\u305f\u3068\u3053\u308d\u3001\u5225\u306e2\u3064\u4e9c\u7a2e\u304b\u3089\u3001\u6ce8\u76ee\u3059\u3079\u304d\u30e1\u30bf\u30c7\u30fc\u30bf\u304c\u3055\u3089\u306b\u898b\u3064\u304b\u308a\u307e\u3057\u305f(\u56f318)\u3002<\/p>\n<figure id=\"attachment_128942\" aria-describedby=\"caption-attachment-128942\" style=\"width: 271px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128942 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-18.png\" alt=\"\u753b\u50cf18\u306f\u3042\u308b\u4e9c\u7a2e\u306e\u30d5\u30a1\u30a4\u30eb \u30d0\u30fc\u30b8\u30e7\u30f3\u60c5\u5831\u3067\u3059\u3002\u3053\u308c\u306b\u306f\u3001Copyright\u3001Product\u3001Description\u3001Original Name\u3001Internal Name\u3001File Version\u3001Comments (\u6f22\u5b57\u3067\u66f8\u304b\u308c\u3066\u3044\u308b)\u3001File Version\u304c\u542b\u307e\u308c\u307e\u3059\u3002\u82f1\u8a9e\u3068\u6f22\u5b57\u304c\u6df7\u5728\u3057\u3066\u3044\u307e\u3059\u3002\" width=\"271\" height=\"171\" \/><figcaption id=\"caption-attachment-128942\" class=\"wp-caption-text\">\u56f318. \u5225\u306e\u4e9c\u7a2e\u304b\u3089\u53d6\u5f97\u3057\u305f\u30d5\u30a1\u30a4\u30eb \u30e1\u30bf\u30c7\u30fc\u30bf\u3002\u540c\u3058PDB\u30d1\u30b9\u304c\u542b\u307e\u308c\u3066\u3044\u308b<\/figcaption><\/figure>\n<p>\u3053\u306e\u88fd\u54c1\u540d\u3068\u8aac\u660e\u3092\u7ffb\u8a33\u3059\u308b\u3068\u300c\u30d7\u30ed\u30c8\u30b3\u30eb\u6a29\u9650\u6607\u683c\u30c4\u30fc\u30eb\u300d\u3068\u300c\u5185\u90e8\u7279\u5225\u7248\u300d\u3068\u306a\u308a\u307e\u3059\u3002\u3053\u306e2\u3064\u306e\u7570\u306a\u308b\u30e1\u30bf\u30c7\u30fc\u30bf \u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u3082\u3068\u306b\u3057\u3066\u3055\u3089\u306b\u691c\u7d22\u3057\u3066\u307f\u308b\u3068\u3001\u3088\u304f\u4f3c\u305fPDB\u30d1\u30b9\u3092\u3082\u3064\u985e\u4f3c\u4e9c\u7a2e\u304c\u3055\u3089\u306b\u5f97\u3089\u308c\u307e\u3057\u305f\u3002\u305d\u306e\u3046\u3061\u3044\u304f\u3064\u304b\u306fVirusTotal\u3067<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-0213\" target=\"_blank\" rel=\"noopener\">CVE-2017-0213<\/a>\u30bf\u30b0\u304c\u4ed8\u3051\u3089\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u8abf\u67fb\u3057\u305f\u7d50\u679c\u3001\u3053\u308c\u3082\u307e\u305f\u7279\u6a29\u6607\u683c\u30fb\u30d0\u30c3\u30af\u30c9\u30a2 \u30c4\u30fc\u30eb\u3067\u3042\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f(\u56f319a\u3001\u56f319b)\u3002<\/p>\n<figure id=\"attachment_128944\" aria-describedby=\"caption-attachment-128944\" style=\"width: 696px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128944 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-19.png\" alt=\"\u753b\u50cf19\u306f\u6570\u884c\u306e\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u308c\u306f\u7279\u6a29\u6607\u683c\u30c4\u30fc\u30eb\u304b\u3089\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30d1\u30b9\u3067\u3059\u3002\" width=\"696\" height=\"74\" \/><figcaption id=\"caption-attachment-128944\" class=\"wp-caption-text\">\u56f319a. \u7279\u6a29\u6607\u683c\u30fb\u30d0\u30c3\u30af\u30c9\u30a2 \u30c4\u30fc\u30eb\u304b\u3089\u898b\u3064\u304b\u3063\u305f\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30d1\u30b9<\/figcaption><\/figure>\n<figure id=\"attachment_128946\" aria-describedby=\"caption-attachment-128946\" style=\"width: 581px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128946 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-20.png\" alt=\"\u753b\u50cf20\u306f\u6570\u884c\u306e\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u306f\u3001\u30d0\u30c3\u30af\u30c9\u30a2\u3068\u3044\u3046\u8a00\u8449\u304c\u8d64\u3067\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306f\u8aac\u660e\u3057\u305f\u30c4\u30fc\u30eb\u306e\u30d0\u30c3\u30af\u30c9\u30a2 \u30ed\u30b0\u3067\u3059\u3002\" width=\"581\" height=\"109\" \/><figcaption id=\"caption-attachment-128946\" class=\"wp-caption-text\">\u56f319b. \u540c\u30c4\u30fc\u30eb\u306e\u30d0\u30c3\u30af\u30c9\u30a2 \u30ed\u30b0<\/figcaption><\/figure>\n<h2><a id=\"post-128984-_nq2ay11j7x62\"><\/a>\u653b\u6483\u518d\u958b\u3078<\/h2>\n<p>2023\u5e744\u6708\u3001Manic Menagerie 2.0\u306b\u95a2\u9023\u3059\u308b\u6d3b\u52d5\u3092\u76e3\u8996\u3057\u3066\u3044\u305f\u3068\u3053\u308d\u3001\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u3001\u66f4\u65b0\u3057\u305f\u30c4\u30fc\u30eb\u3092\u5c55\u958b\u3057\u3001\u8a2d\u7f6e\u6e08\u307f\u306eWeb\u30b7\u30a7\u30eb\u3092\u4ecb\u3057\u3066\u4fb5\u5bb3\u74b0\u5883\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3088\u3046\u3059\u304c\u78ba\u8a8d\u3055\u308c\u306f\u3058\u3081\u307e\u3057\u305f\u3002\u305d\u3046\u3057\u305f\u884c\u70ba\u306f\u3001\u305d\u308c\u3068\u4e26\u884c\u3057\u3066\u5c55\u958b\u3055\u308c\u305f\u53e4\u3044\u30c4\u30fc\u30eb\u306e\u6307\u6a19\u306e\u307b\u304b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">au.exe<\/span>\u3068\u3044\u3063\u305f\u66f4\u65b0\u6e08\u307f\u306e\u30c4\u30fc\u30eb\u3068\u3068\u3082\u306b\u898b\u3064\u304b\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u653b\u6483\u8005\u306f\u307e\u305f\u3001net\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u3001\u81ea\u5206\u306e<span style=\"font-family: 'courier new', courier, monospace;\">iis_user<\/span>\u304c\u5b58\u5728\u3057\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u305d\u306e\u5f8c\u3001\u4fee\u6b63\u6e08\u307f\u30c4\u30fc\u30eb\u3092<span style=\"font-family: 'courier new', courier, monospace;\">%programdata%\\x<\/span>\u30d1\u30b9\u306b\u5c55\u958b\u3057\u306f\u3058\u3081\u307e\u3057\u305f\u3002\u305d\u3046\u3057\u305f\u632f\u308b\u821e\u3044\u306f\u4ee5\u524d\u78ba\u8a8d\u3055\u308c\u3066\u3044\u305f\u306e\u3068\u540c\u3058\u3067\u3059\u3002<\/p>\n<p>\u5f7c\u3089\u304c\u5c55\u958b\u3057\u305f\u30c4\u30fc\u30eb\u306e1\u3064\u306fGodPotato\u3068\u547c\u3070\u308c\u308b\u30c4\u30fc\u30eb\u3067(\u56f320)\u3001\u3053\u308c\u306f \u300cpotatos\u300d\u3068\u3057\u3066\u77e5\u3089\u308c\u308b\u65e2\u77e5\u306e\u30ed\u30fc\u30ab\u30eb\u7279\u6a29\u6607\u683c\u30c4\u30fc\u30eb \u30d5\u30a1\u30df\u30ea\u30fc\u306e\u5225\u4e9c\u7a2e\u3067\u3059\u3002\u3053\u308c\u3082\u516c\u958b\u30c4\u30fc\u30eb\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_128948\" aria-describedby=\"caption-attachment-128948\" style=\"width: 804px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128948 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-21.png\" alt=\"\u753b\u50cf21\u306fGodPotato\u30c4\u30fc\u30eb\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002GodPotato\u3068\u3044\u3046\u5358\u8a9e\u306f\u3001\u5927\u6587\u5b57\u306e\u300cF\u300d\u3067\u4f5c\u3063\u305f\u30a2\u30b9\u30ad\u30fc \u30a2\u30fc\u30c8\u3067\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u306b\u306f\u3001\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u306e\u5165\u529b\u4f8b\u3067\u3042\u308b\u5f15\u6570\u3068\u4f8b\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"804\" height=\"491\" \/><figcaption id=\"caption-attachment-128948\" class=\"wp-caption-text\">\u56f320. GodPotato\u30c4\u30fc\u30eb\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/figcaption><\/figure>\n<p>\u79c1\u305f\u3061\u304c\u89b3\u6e2c\u3057\u305f\u3082\u30461\u3064\u306e\u30c4\u30fc\u30eb\u306f\u3001\u56f321\u306b\u793a\u3057\u305f\u3055\u3089\u306b\u5225\u306e\u30ab\u30b9\u30bf\u30e0 \u30d0\u30c3\u30af\u30c9\u30a2\u3067\u3059\u3002\u305d\u306ePDB\u30d1\u30b9\u3001<span style=\"font-family: 'courier new', courier, monospace;\">D:\\project\\\u540e\u95e8\u7c7b\\dllnc\\exenc\\x64\\Release\\exenc.pdb<\/span>\u3092\u898b\u308b\u3068\u3001\u3053\u308c\u306f\u524d\u8ff0\u306e<span style=\"font-family: 'courier new', courier, monospace;\">dllnc<\/span>\u30c4\u30fc\u30eb\u306e\u65b0\u3057\u3044\u4e9c\u7a2e\u306e\u3088\u3046\u3067\u3059\u3002 \u3053\u306e\u4e9c\u7a2e\u306f\u3001\u30ed\u30fc\u30c0\u30fc\u3068\u3057\u3066\u306e\u4e3b\u305f\u308b\u6a5f\u80fd\u3088\u308a\u3082\u3001\u30d0\u30c3\u30af\u30c9\u30a2\u306e\u6a5f\u80fd\u306b\u91cd\u70b9\u304c\u7f6e\u304b\u308c\u3066\u3044\u307e\u3059\u3002\u300c\u540e\u95e8\u7c7b\u300d\u3092\u8a33\u3059\u3068\u6587\u5b57\u901a\u308a\u300c\u30d0\u30c3\u30af\u30c9\u30a2\u300d\u3068\u3044\u3046\u610f\u5473\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_128950\" aria-describedby=\"caption-attachment-128950\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-128950 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/06\/word-image-128904-22.png\" alt=\"\u753b\u50cf21\u306f\u3001\u4f55\u884c\u306b\u3082\u308f\u305f\u308b\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u65b0\u3057\u3044\u30d0\u30c3\u30af\u30c9\u30a2\u306emain\u30e1\u30bd\u30c3\u30c9\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u306b\u306f\u7de8\u96c6\u3055\u308c\u305f\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"900\" height=\"338\" \/><figcaption id=\"caption-attachment-128950\" class=\"wp-caption-text\">\u56f321. \u65b0\u305f\u306a\u30d0\u30c3\u30af\u30c9\u30a2\u306emain\u30e1\u30bd\u30c3\u30c9<\/figcaption><\/figure>\n<h2><a id=\"post-128984-_raqtwpgzllu4\"><\/a><strong>\u7d50\u8ad6<\/strong><\/h2>\n<p>Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u30012\u5e74\u4ee5\u4e0a\u306b\u308f\u305f\u308aWeb\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u4f01\u696d\u3084IT\u4f01\u696d\u3092\u30bf\u30fc\u30b2\u30c3\u30c8\u306b\u3057\u3066\u304d\u305f\u6d3b\u767a\u306a\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u79c1\u305f\u3061\u306f\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092Manic Menagerie 2.0\u3068\u547c\u3093\u3067\u3044\u307e\u3059\u3002\u79c1\u305f\u3061\u306f\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u3001\u4ee5\u524d\u300cManic Menagerie\u300d\u3068\u3044\u3046\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u305f\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306b\u3088\u308b\u3082\u306e\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002\u4eca\u56de\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u3001\u524d\u56de\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u9032\u5316\u7248\u3067\u3042\u308b\u3053\u3068\u304c\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>Unit 42\u306f\u3001\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u3059\u308b\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092CL-CRI-0021\u3068\u3044\u3046\u540d\u524d\u3067\u8ffd\u8de1\u3057\u3066\u3044\u307e\u3059\u3002Manic Menagerie 2.0\u306b\u95a2\u4e0e\u3057\u3066\u3044\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u73fe\u5728\u3082\u6226\u8853\u30fb\u6280\u8853\u30fb\u624b\u9806(TTP)\u3092\u5909\u5316\u3055\u305b\u306a\u304c\u3089\u6c34\u9762\u4e0b\u3067\u306e\u6d3b\u52d5\u3092\u7d9a\u3051\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u80cc\u5f8c\u306b\u3044\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u4e3b\u306a\u76ee\u7684\u306f\u3001\u4fb5\u5bb3\u3057\u305fWeb\u30b5\u30fc\u30d0\u30fc\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u60aa\u7528\u3057\u3066\u91d1\u92ad\u7684\u5229\u76ca\u3092\u5f97\u308b\u3053\u3068\u306e\u3088\u3046\u3067\u3059\u3002\u3053\u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306f\u3001ACSC\u304c\u6700\u521d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u3064\u3044\u3066\u305d\u3046\u5831\u544a\u3057\u3066\u3044\u305f\u3088\u3046\u306b\u3001Manic Menagerie 2.0\u3067\u3082\u8907\u6570\u306e\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u3092\u5c55\u958b\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u79c1\u305f\u3061\u306e\u8abf\u67fb\u304b\u3089\u306f\u3001\u653b\u6483\u8005\u3089\u304c\u3057\u3060\u3044\u306b\u6b66\u5668\u5eab\u3092\u62e1\u5145\u3057\u3001TTP\u3092\u9032\u5316\u3055\u305b\u3001\u6b63\u898fWeb\u30b5\u30a4\u30c8\u3092\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3092\u7d9a\u3051\u3066\u3044\u308b\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u5f7c\u3089\u306f\u3001\u4fb5\u5bb3\u3057\u305f\u30b5\u30a4\u30c8\u306b\u5927\u898f\u6a21\u306bWeb\u30b7\u30a7\u30eb\u3092\u5c55\u958b\u3057\u3001\u305d\u308c\u3092C2\u30b5\u30fc\u30d0\u30fc\u3068\u3057\u3066\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3053\u308c\u3092\u5b9f\u73fe\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p><strong>\u4fdd\u8b77\u3068\u7de9\u548c\u7b56<\/strong><\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u88fd\u54c1\u3068\u30b5\u30fc\u30d3\u30b9\u306b\u3088\u3063\u3066\u672c\u7a3f\u3067\u89e3\u8aac\u3057\u305f\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u304b\u3089\u306e\u4fdd\u8b77\u3092\u53d7\u3051\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb(<a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">NGFW<\/a>)\u3067<a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Threat Prevention<\/a>\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u3092\u6709\u52b9\u306b\u3057\u3001\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u306b\u5f93\u3063\u3066\u904b\u7528\u3055\u308c\u3066\u3044\u308b\u304a\u5ba2\u69d8\u306f\u672c\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3067\u304d\u307e\u3059\u3002\u5bfe\u5fdc\u3059\u308b\u8105\u5a01\u9632\u5fa1\u306e\u30b7\u30b0\u30cd\u30c1\u30e3\u306f\u3001 <a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=90796\" target=\"_blank\" rel=\"noopener\">90796<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=90815\" target=\"_blank\" rel=\"noopener\">90815<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=91505\" target=\"_blank\" rel=\"noopener\">91505<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=91651\" target=\"_blank\" rel=\"noopener\">91651<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=91368\" target=\"_blank\" rel=\"noopener\">91368<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=91589\" target=\"_blank\" rel=\"noopener\">91589<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=91577\" target=\"_blank\" rel=\"noopener\">91577<\/a>\u3067\u3059\u3002<\/li>\n<li>\u30af\u30e9\u30a6\u30c9\u914d\u4fe1\u578b\u30de\u30eb\u30a6\u30a7\u30a2\u89e3\u6790\u30b5\u30fc\u30d3\u30b9<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/wildfire\" target=\"_blank\" rel=\"noopener\">WildFire<\/a>\u306f\u65e2\u77e5\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u60aa\u610f\u306e\u3042\u308b\u3082\u306e\u3068\u3057\u3066\u6b63\u78ba\u306b\u8b58\u5225\u3057\u307e\u3059\u3002<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-url-filtering\/administration\" target=\"_blank\" rel=\"noopener\">Advanced URL Filtering<\/a>\u3068<a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">DNS Security<\/a>\u306f\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u306b\u95a2\u9023\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u3092\u60aa\u610f\u3042\u308b\u3082\u306e\u3068\u3057\u3066\u8b58\u5225\u3057\u307e\u3059\u3002<\/li>\n<li><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XDR\" target=\"_blank\" rel=\"noopener\">Cortex XDR<\/a>\u306f\u3001\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3001Active Directory\u3001ID\u304a\u3088\u3073\u30a2\u30af\u30bb\u30b9\u7ba1\u7406\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u3001\u30af\u30e9\u30a6\u30c9 \u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u3092\u542b\u3080\u8907\u6570\u306e\u30c7\u30fc\u30bf \u30bd\u30fc\u30b9\u304b\u3089\u306e\u30e6\u30fc\u30b6\u30fc \u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092\u5206\u6790\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u30e6\u30fc\u30b6\u30fc\u304a\u3088\u3073\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb \u30d9\u30fc\u30b9\u306e\u8105\u5a01\u3092\u691c\u51fa\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u6a5f\u68b0\u5b66\u7fd2\u306b\u3088\u308a\u3001\u9577\u671f\u306b\u308f\u305f\u308b\u30e6\u30fc\u30b6\u30fc\u306e\u884c\u52d5\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u69cb\u7bc9\u3057\u307e\u3059\u3002Cortex XDR\u306f\u3001\u904e\u53bb\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3084\u30d4\u30a2\u30fc \u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3001\u671f\u5f85\u3055\u308c\u308b\u540c\u8005\u306e\u884c\u52d5\u3068\u65b0\u3057\u3044\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3068\u3092\u6bd4\u8f03\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb \u30d9\u30fc\u30b9\u306e\u653b\u6483\u3092\u793a\u5506\u3059\u308b\u7570\u5e38\u306a\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092\u691c\u51fa\u3057\u307e\u3059\u3002<br \/>\n\u3055\u3089\u306b\u3001\u672c\u7a3f\u3067\u53d6\u308a\u4e0a\u3052\u305f\u653b\u6483\u306b\u95a2\u9023\u3057\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u4fdd\u8b77\u3082\u63d0\u4f9b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u65e2\u77e5\u306e\u60aa\u610f\u306e\u3042\u308b\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u5b9f\u884c\u3092\u9632\u6b62\u3059\u308b\u307b\u304b\u3001\u30ed\u30fc\u30ab\u30eb\u5206\u6790\u30e2\u30b8\u30e5\u30fc\u30eb\u306b\u3082\u3068\u3065\u304f\u6a5f\u68b0\u5b66\u7fd2\u3068<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/advanced-threat-prevention\" target=\"_blank\" rel=\"noopener\">Behavioral Threat Protection<\/a>\u306b\u3088\u3063\u3066\u672a\u77e5\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u5b9f\u884c\u3082\u9632\u6b62\u3057\u307e\u3059\u3002<\/li>\n<li>Cortex XDR 3.4\u4ee5\u964d\u3067\u5229\u7528\u53ef\u80fd\u306b\u306a\u3063\u305f\u65b0\u305f\u306aCredential Gathering Protection\u3092\u4f7f\u3044\u3001\u8cc7\u683c\u60c5\u5831\u53ce\u96c6\u30c4\u30fc\u30eb\u3084\u6280\u8853\u304b\u3089\u4fdd\u8b77\u3057\u307e\u3059\u3002<\/li>\n<li>Cortex XDR\u30d0\u30fc\u30b8\u30e7\u30f33.4\u3067\u65b0\u305f\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305fAnti-Webshell Protection\u3092\u4f7f\u3044\u3001\u8105\u5a01\u306b\u3088\u308bWeb\u30b7\u30a7\u30eb\u304b\u3089\u306e\u30b3\u30de\u30f3\u30c9\u306e\u30c9\u30ed\u30c3\u30d7\u3084\u5b9f\u884c\u304b\u3089\u4fdd\u8b77\u3057\u307e\u3059\u3002<\/li>\n<li>Anti-Exploitation\u30e2\u30b8\u30e5\u30fc\u30eb\u3068Behavioral Threat Protection\u3092\u4f7f\u3044\u3001ProxyShell\u3084ProxyLogon\u3092\u542b\u3080\u3001\u3055\u307e\u3056\u307e\u306a\u8106\u5f31\u6027\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304b\u3089\u4fdd\u8b77\u3057\u307e\u3059\u3002<\/li>\n<li>Cortex XDR Pro\u306f\u632f\u308b\u821e\u3044\u5206\u6790\u306b\u3088\u308a\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb \u30d9\u30fc\u30b9\u653b\u6483\u3092\u542b\u3080\u3001<a href=\"https:\/\/docs.paloaltonetworks.com\/cortex\/cortex-xdr\/cortex-xdr-analytics-alert-reference\/cortex-xdr-analytics-alert-reference\/analytics-alerts-by-required-data-source\" target=\"_blank\" rel=\"noopener\">\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u5f8c\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3<\/a>\u3092\u691c\u51fa\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u4fb5\u5bb3\u306e\u61f8\u5ff5\u304c\u3042\u308a\u5f0a\u793e\u306b\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u30ec\u30b9\u30dd\u30f3\u30b9\u306b\u95a2\u3059\u308b\u3054\u76f8\u8ac7\u3092\u306a\u3055\u308a\u305f\u3044\u5834\u5408\u306f\u3001<a href=\"https:\/\/start.paloaltonetworks.jp\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">\u3053\u3061\u3089\u306e\u30d5\u30a9\u30fc\u30e0<\/a>\u304b\u3089\u3054\u9023\u7d61\u3044\u305f\u3060\u304f\u304b\u3001infojapan@paloaltonetworks.com\u307e\u3067\u30e1\u30fc\u30eb\u306b\u3066\u3054\u9023\u7d61\u3044\u305f\u3060\u304f\u304b\u3001\u4e0b\u8a18\u306e\u96fb\u8a71\u756a\u53f7\u307e\u3067\u304a\u554f\u3044\u5408\u308f\u305b\u304f\u3060\u3055\u3044(\u3054\u76f8\u8ac7\u306f\u5f0a\u793e\u88fd\u54c1\u306e\u304a\u5ba2\u69d8\u306b\u306f\u9650\u5b9a\u3055\u308c\u307e\u305b\u3093)\u3002<\/p>\n<p>\u5317\u7c73\u30d5\u30ea\u30fc\u30c0\u30a4\u30e4\u30eb: 866.486.4842 (866.4.UNIT42)<\/p>\n<ul>\n<li>\u6b27\u5dde: +31.20.299.3130<\/li>\n<li>\u30a2\u30b8\u30a2\u592a\u5e73\u6d0b: +65.6983.8730<\/li>\n<li>\u65e5\u672c: +81.50.1790.0200<\/li>\n<\/ul>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u30d5\u30a1\u30a4\u30eb \u30b5\u30f3\u30d7\u30eb\u3084\u4fb5\u5bb3\u306e\u5146\u5019\u306a\u3069\u3092\u3075\u304f\u3080\u3053\u308c\u3089\u306e\u8abf\u67fb\u7d50\u679c\u3092Cyber Threat Alliance (CTA) \u306e\u30e1\u30f3\u30d0\u30fc\u3068\u5171\u6709\u3057\u307e\u3057\u305f\u3002CTA \u306e\u30e1\u30f3\u30d0\u30fc\u306f\u3053\u306e\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u3092\u4f7f\u3063\u3066\u3001\u304a\u5ba2\u69d8\u306b\u4fdd\u8b77\u3092\u8fc5\u901f\u306b\u63d0\u4f9b\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u8005\u3092\u4f53\u7cfb\u7684\u306b\u963b\u5bb3\u3067\u304d\u307e\u3059\u3002\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f<a href=\"https:\/\/www.cyberthreatalliance.org\" target=\"_blank\" rel=\"noopener\">Cyber Threat Alliance<\/a>\u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\uff61<\/p>\n<h2><a id=\"post-128984-_pqogv8wtx4ob\"><\/a><strong>IoC (\u4fb5\u5bb3\u6307\u6a19)<\/strong><\/h2>\n<p><strong>Web\u30b7\u30a7\u30eb<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">B00cd3b39bc2fd6a4077c679f050d97ed26ef20a1fe80ad3525ea0dbbd131f74<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">0153246cf5e1d980d65d4920bdc5b2ac4c9aba6d5b6676f0e9bbde794dd04314<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">0f9dca8599d7b350050149e63a6a977f1d157d5967ba6da534919530063cdcde<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">9215371ec6058ba38780a5d336eb3201a47c77bb97bb00a60f1bec0386185c77<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">adf2ee0ad2f5f13b9bf72741c75910f786d2cfee84b5ae78ea3e5464f46addde<\/span><\/li>\n<\/ul>\n<p><strong>\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fWeb\u30b7\u30a7\u30eb\u306eDLL<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">fcd44c32ae6078f2ba44c8c5e2efa3f9b788d4c6470a5ee9bd4944699fb8357a<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">2e24c384f9ae7d09179bd41e51c4a9bb43102d170990e8e1576e79362b049ed6<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">3ab6a849d81b66a52d717cc1b0178882e30d44c39b1089604c5746a187b2e4ce<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">905cf864acad6b4a664582eb9fc6e0afab87198274a29e5f7d7863fee29f37cd<\/span><\/li>\n<\/ul>\n<p><strong>StreamEx\u30de\u30eb\u30a6\u30a7\u30a2<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">a812d5472458c6fc993ae1e9e8b9f04e31d176e2ec9f5ce5ac48e32ed72fb414<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">8402967a4b0bff39fc3ccc7a5b613734135551e9f6f32cf8c14fd6541a85d4d5<\/span><\/li>\n<\/ul>\n<p><strong>\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">4cdcec18ef5d3657b488f32912a8ccf4541891e4e4c8518afbc1e1b0e147e96b<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">db2712470ca60e874b15fa1e5ef667dbf6b755223ee5eb20843843115537e1c4<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">c67ce681677909aa5ae9abcf42c35faffee08cd73b5cee8d975fa07159f76c87<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">308643ef08bd65afaba08315826985975515845fb5d6235db80a9bc5bdbb00f3<\/span><\/li>\n<\/ul>\n<p><strong>SpoolPotato<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">238f5771b8350633e258221e25223e52545709b74cbe2c9361e2b730f9dbfa00<\/span><\/li>\n<\/ul>\n<p><strong>JuicyPotato<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">5cb0710bef7c7b0ff226bf5ca12f499859505547696f22fa06ce1f47ea312d82<\/span><\/li>\n<\/ul>\n<p><strong>x.bat<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">f20b0a716c3980c46a2996ae21e3566c0151202557417d171566b82e97057f2f<\/span><\/li>\n<\/ul>\n<p><strong>x.tmp<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">b4de4eb9763ad18e060513048eed4ac39481cfe62127345d0bb058eb26a18528<\/span><\/li>\n<\/ul>\n<p><strong>x.tmp (\u5fa9\u53f7\u5f8c)<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">2092ce3cef30198cb7833851a1b1805bbfe71474152c1357ecd27f71ce807527<\/span><\/li>\n<\/ul>\n<p><strong>x<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">6f77fea2e8e34fe3bb7134e110036e44e30a6d5144794669a6de21a30f3b7247<\/span><\/li>\n<\/ul>\n<p><strong>x (\u5fa9\u53f7\u5f8c)<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">db7290032479a53fa7a43262188132d572fab63d00d6d64d39f9256df6c10f55<\/span><\/li>\n<\/ul>\n<p><strong>PCHunter<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">5cb0710bef7c7b0ff226bf5ca12f499859505547696f22fa06ce1f47ea312d82<\/span><\/li>\n<\/ul>\n<p><strong>PrintSpoofer<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">609d04a4be3878328503c342f0d73c9ba5ff1c6c62f4c894516e50721207ef83<\/span><\/li>\n<\/ul>\n<p><strong>PetitPotam<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">419e8bfae7a0887fad0eb273791cf0d03c0ed01d1957c7dc796c6e0d1a43f3d6<\/span><\/li>\n<\/ul>\n<p><strong>JuicyPotatoNG<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">181daac34fd958aaadf1c9de1414cc3b331ef394ba47d5d2c77d30e9ac89ef17<\/span><\/li>\n<\/ul>\n<p><strong>EfsPotato<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">ef8eae74cddea603c5051de7808f402943d674c6bb557db1eff6a50d25114b6b<\/span><\/li>\n<\/ul>\n<p><strong>au.exe<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">b08a089f0e44c2703a9e0dc4f6ef8d9285a08241499ad21dbf7f1fbc262d22bd<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">1d61842f5ecdca970f43246ce93f51fa4c85c00b93b6b9e37db17325077497eb<\/span><\/li>\n<\/ul>\n<p><strong>RunasCs_net2<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">009a28656abb84a6e7794fdd721565a2e2ca2565870597962d67a8e2c3707241<\/span><\/li>\n<\/ul>\n<p><strong>CVE-2018-8120<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">88f62989cb2f220db3d289ffea924423487b180fabe37711d2ef5c7f2e306f13<\/span><\/li>\n<\/ul>\n<p><strong>CVE-2019-0803<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">068bfbb2dc6dadc3860eb16cc7ece97d935948f9b64ec66d5afda08e682be790<\/span><\/li>\n<\/ul>\n<p><strong>CVE-2019-1458<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">3e2041c2efd120960c00bf794b5db4c967fc862e2d536ed5f7b5d5d1cf9bfda0<\/span><\/li>\n<\/ul>\n<p><strong>CVE-2019-0623<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">74b95e6b8e02ea623849b6bcbf702922dd064ae06238b27cbb20504e38d85756<\/span><\/li>\n<\/ul>\n<p><strong>Fork\u7206\u5f3e<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">6c569dd683df9600a098a93c9200d44778d535f58f5a82f4a58aeed3855fb9ca<\/span><\/li>\n<\/ul>\n<p><strong>dllnc<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">67fdef1b6fdf6fbec44e4df1608fb46dfbcfa3363bf62872ec132d000092a18f<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">ae35de63065040d752ef9fa76c553c0fa5c3cc5c8d67cf6981c66d3c8d86a6a6<\/span><\/li>\n<\/ul>\n<p><strong>sh.exe<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">9e761c6811679311c80291b7d65f23cdd53865f72af64b5a72ae1a86d9ef27d0<\/span><\/li>\n<\/ul>\n<p><strong>GodPotato<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">4e04472b21365c76d9cf0a324f889f723621fc42433a2f211a23dce728fa4a8a<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">5a4a2272ce4388e56fb9d33255ac8c584d41c7099588ef9f39e4bee54be92992<\/span><\/li>\n<\/ul>\n<p><strong>MyCACLS<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">15c52422bfa461b01901953f5e0d9c77aa0f898c8de4841303a572c59a269674<\/span><\/li>\n<\/ul>\n<p><strong>PDB\u306e\u30d1\u30b9<\/strong><\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\"F:\\upfile\\3389\\opents\\dlladduser\\x64\\Release\\dllnc.pdb\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\"E:\\git\\MyComEopPower\\MyComEopPipe\\Build\\Quantum.pdb\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\"E:\\git\\MyComEopPower\\MyComEopPipe\\Build\\MyComEop.pdb\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\"D:\\project\\\u540e\u95e8\u7c7b\\dllnc\\exenc\\x64\\Release\\exenc.pdb\"<\/span><\/li>\n<\/ul>\n<h2><a id=\"post-128984-_h0cjn3vskud4\"><\/a>\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.cyber.gov.au\/sites\/default\/files\/2023-03\/report_manic_menagerie.pdf\" target=\"_blank\" rel=\"noopener\">Manic Menagerie: Malicious activity targeting web hosting providers<\/a> \u2013 ACSC Report 2018-143, Australian Cyber Security Centre<\/li>\n<li><a href=\"https:\/\/blog.viettelcybersecurity.com\/deep-understand-aspx-file-handling-and-some-related-attack-vector\/\" target=\"_blank\" rel=\"noopener\">Deep understand ASPX file handling and some related attack vectors<\/a> \u2013 Viettel Cyber Security<\/li>\n<li><a href=\"https:\/\/blog.morphisec.com\/proxyshellminer-campaign\" target=\"_blank\" rel=\"noopener\">ProxyShellMiner Campaign Creating Dangerous Backdoors<\/a> \u2013 Morphisec<\/li>\n<li><a href=\"https:\/\/www.okta.com\/identity-101\/fork-bomb\/\">What Is a Fork Bomb?Definition, Code, Prevention &amp; Removal<\/a> \u2013 Okta<\/li>\n<li><a href=\"https:\/\/www.ired.team\/offensive-security\/persistence\/rid-hijacking\" target=\"_blank\" rel=\"noopener\">RID Hijacking<\/a> \u2013 ired.team notes<\/li>\n<li><a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/hafnium-china-chopper-and-aspnet-runtime\/\" target=\"_blank\" rel=\"noopener\">HAFNIUM, China Chopper and ASP.NET Runtime<\/a> \u2013 SpiderLabs Blog, Trustwave<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u30012020\u5e74\u5f8c\u534a\u304b\u30892022\u5e74\u5f8c\u534a\u306b\u304b\u3051\u3066\u3001\u7c73\u56fd\u30fbEU\u306e\u8907\u6570\u306eWeb\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u30fbIT\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3092\u6a19\u7684\u3068\u3057\u305f\u6d3b\u767a\u306a\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002Unit42\u306f\u3001\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u3059<\/p>\n","protected":false},"author":313,"featured_media":134392,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1974,4432],"tags":[5073,4889,5075,5077,5079,5081,5083,5085,5087,5089,5091],"product_categories":[4441,4443,4444,4446,4448,4450,4456,4465],"coauthors":[4017],"class_list":["post-128984","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-ja","category-top-cyberthreats-ja","tag-cryptocurrency-ja","tag-cryptojacking-ja","tag-cve-2021-26855-ja","tag-cve-2021-33766-ja","tag-cve-2021-34473-ja","tag-cve-2022-41040-ja","tag-manic-menagerie-ja","tag-microsoft-exchange-server-ja","tag-persistence-method-ja","tag-proxynotshell-ja","tag-webshell-ja","product_categories-advanced-dns-security-ja","product_categories-advanced-url-filtering-ja","product_categories-advanced-wildfire-ja","product_categories-cloud-delivered-security-services-ja","product_categories-cortex-xdr-ja","product_categories-cortex-xsiam-ja","product_categories-next-generation-firewall-ja","product_categories-unit-42-incident-response-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316<\/title>\n<meta name=\"description\" content=\"Manic Menagerie\u304c\u5175\u5668\u5eab\u3092\u62e1\u5145\u3057\u65b0\u305f\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5c55\u958b\u3057\u3066\u3044\u307e\u3059\u3002Unit 42\u306f\u3053\u308c\u3092Manic Menagerie 2.0\u3068\u3057\u3066\u8ffd\u8de1\u3057\u3066\u3044\u307e\u3059\u3002\u4fb5\u5bb3\u6e08\u307f\u30b5\u30a4\u30c8\u3078\u306eWeb\u30b7\u30a7\u30eb\u5927\u898f\u6a21\u5c55\u958b\u3068C2\u30b5\u30fc\u30d0\u30fc\u5316\u3001\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u306e\u5c55\u958b\u306a\u3069\u304c\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316\" \/>\n<meta property=\"og:description\" content=\"Manic Menagerie\u304c\u5175\u5668\u5eab\u3092\u62e1\u5145\u3057\u65b0\u305f\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5c55\u958b\u3057\u3066\u3044\u307e\u3059\u3002Unit 42\u306f\u3053\u308c\u3092Manic Menagerie 2.0\u3068\u3057\u3066\u8ffd\u8de1\u3057\u3066\u3044\u307e\u3059\u3002\u4fb5\u5bb3\u6e08\u307f\u30b5\u30a4\u30c8\u3078\u306eWeb\u30b7\u30a7\u30eb\u5927\u898f\u6a21\u5c55\u958b\u3068C2\u30b5\u30fc\u30d0\u30fc\u5316\u3001\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u306e\u5c55\u958b\u306a\u3069\u304c\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-29T05:12:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-31T01:09:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/12_Security-Technology_Category_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Daniel Frank\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316","description":"Manic Menagerie\u304c\u5175\u5668\u5eab\u3092\u62e1\u5145\u3057\u65b0\u305f\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5c55\u958b\u3057\u3066\u3044\u307e\u3059\u3002Unit 42\u306f\u3053\u308c\u3092Manic Menagerie 2.0\u3068\u3057\u3066\u8ffd\u8de1\u3057\u3066\u3044\u307e\u3059\u3002\u4fb5\u5bb3\u6e08\u307f\u30b5\u30a4\u30c8\u3078\u306eWeb\u30b7\u30a7\u30eb\u5927\u898f\u6a21\u5c55\u958b\u3068C2\u30b5\u30fc\u30d0\u30fc\u5316\u3001\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u306e\u5c55\u958b\u306a\u3069\u304c\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/","og_locale":"ja_JP","og_type":"article","og_title":"Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316","og_description":"Manic Menagerie\u304c\u5175\u5668\u5eab\u3092\u62e1\u5145\u3057\u65b0\u305f\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5c55\u958b\u3057\u3066\u3044\u307e\u3059\u3002Unit 42\u306f\u3053\u308c\u3092Manic Menagerie 2.0\u3068\u3057\u3066\u8ffd\u8de1\u3057\u3066\u3044\u307e\u3059\u3002\u4fb5\u5bb3\u6e08\u307f\u30b5\u30a4\u30c8\u3078\u306eWeb\u30b7\u30a7\u30eb\u5927\u898f\u6a21\u5c55\u958b\u3068C2\u30b5\u30fc\u30d0\u30fc\u5316\u3001\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u306e\u5c55\u958b\u306a\u3069\u304c\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/","og_site_name":"Unit 42","article_published_time":"2023-06-29T05:12:11+00:00","article_modified_time":"2024-07-31T01:09:00+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/12_Security-Technology_Category_1920x900.jpg","type":"image\/jpeg"}],"author":"Daniel Frank","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/"},"author":{"name":"Durgesh Sangvikar","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/9812085fd6a97f55562ad30a993c19c7"},"headline":"Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316","datePublished":"2023-06-29T05:12:11+00:00","dateModified":"2024-07-31T01:09:00+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/"},"wordCount":1388,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/12_Security-Technology_Category_1920x900.jpg","keywords":["Cryptocurrency","cryptojacking","CVE-2021-26855","CVE-2021-33766","CVE-2021-34473","CVE-2022-41040","Manic Menagerie","Microsoft Exchange Server","persistence method","ProxyNotShell","webshell"],"articleSection":["\u30de\u30eb\u30a6\u30a7\u30a2","\u4e3b\u306a\u30b5\u30a4\u30d0\u30fc\u8105\u5a01"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/","name":"Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/12_Security-Technology_Category_1920x900.jpg","datePublished":"2023-06-29T05:12:11+00:00","dateModified":"2024-07-31T01:09:00+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/9812085fd6a97f55562ad30a993c19c7"},"description":"Manic Menagerie\u304c\u5175\u5668\u5eab\u3092\u62e1\u5145\u3057\u65b0\u305f\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5c55\u958b\u3057\u3066\u3044\u307e\u3059\u3002Unit 42\u306f\u3053\u308c\u3092Manic Menagerie 2.0\u3068\u3057\u3066\u8ffd\u8de1\u3057\u3066\u3044\u307e\u3059\u3002\u4fb5\u5bb3\u6e08\u307f\u30b5\u30a4\u30c8\u3078\u306eWeb\u30b7\u30a7\u30eb\u5927\u898f\u6a21\u5c55\u958b\u3068C2\u30b5\u30fc\u30d0\u30fc\u5316\u3001\u30b3\u30a4\u30f3\u30de\u30a4\u30ca\u30fc\u306e\u5c55\u958b\u306a\u3069\u304c\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/12_Security-Technology_Category_1920x900.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/12_Security-Technology_Category_1920x900.jpg","width":1920,"height":900,"caption":"Extreme closeup of a person wearing glasses. Reflected in their lenses is code on a computer screen."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/manic-menagerie-targets-web-hosting-and-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"Manic Menagerie 2.0: \u7cbe\u529b\u7684\u306b\u6d3b\u52d5\u3092\u7d9a\u3051\u308b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u306e\u9032\u5316"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/9812085fd6a97f55562ad30a993c19c7","name":"Durgesh Sangvikar","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/4ffb3c2d260a0150fb91b3715442f8b3","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Durgesh Sangvikar"},"url":"https:\/\/unit42.paloaltonetworks.com\/ja\/author\/durgesh-sangvikar\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/128984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/313"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=128984"}],"version-history":[{"count":14,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/128984\/revisions"}],"predecessor-version":[{"id":135971,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/128984\/revisions\/135971"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/134392"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=128984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=128984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=128984"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=128984"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=128984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}