{"id":131581,"date":"2023-12-07T23:03:22","date_gmt":"2023-12-08T07:03:22","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=131581"},"modified":"2024-06-17T01:28:28","modified_gmt":"2024-06-17T08:28:28","slug":"russian-apt-fighting-ursa-exploits-cve-2023-233397","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/","title":{"rendered":"Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66"},"content":{"rendered":"<h2><a id=\"post-131581-_4lt92rr5muov\"><\/a><strong>\u6982\u8981<\/strong><\/h2>\n<p>\u4eca\u5e74\u521d\u3081\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u306e\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u304c\u3001Fighting Ursa \u306b\u3088\u308b Microsoft Outlook \u306e\u30bc\u30ed\u30c7\u30a4 \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 (\u73fe\u5728\u306f CVE-2023-23397 \u3068\u3057\u3066\u77e5\u3089\u308c\u308b) \u306e\u5229\u7528\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306b\u30e6\u30fc\u30b6\u30fc\u64cd\u4f5c\u304c\u5fc5\u8981\u306a\u304f\u3001\u3068\u304f\u306b\u61f8\u5ff5\u3055\u308c\u308b\u3082\u306e\u3067\u3059\u3002Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u304c\u904e\u53bb 20 \u304b\u6708\u9593\u306b\u308f\u305f\u308a\u3001CVE-2023-23397 \u3092\u4f7f\u3044\u3001\u30ed\u30b7\u30a2\u653f\u5e9c\u3068\u30ed\u30b7\u30a2\u8ecd\u306b\u3068\u3063\u3066\u6226\u7565\u7684\u8adc\u5831\u4fa1\u5024\u3092\u6301\u3063\u3066\u3044\u308b\u53ef\u80fd\u6027\u306e\u9ad8\u3044 14 \u304b\u56fd\u3067\u3001\u5c11\u306a\u304f\u3068\u3082 30 \u306e\u7d44\u7e54\u3092\u6a19\u7684\u306b\u3057\u3066\u3044\u305f\u3053\u3068\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u3053\u306e\u9593\u3001Fighting Ursa \u306f\u3053\u306e\u8106\u5f31\u6027\u3092\u5229\u7528\u3057\u305f\u5c11\u306a\u304f\u3068\u3082 2 \u3064\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u5b9f\u65bd\u3057\u305f\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u6700\u521d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f 2022 \u5e74 3 \u6708\u304b\u3089 12 \u6708\u306e\u9593\u30012 \u56de\u76ee\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f 2023 \u5e74 3 \u6708\u306b\u767a\u751f\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001\u6700\u8fd1\u30a2\u30af\u30c6\u30a3\u30d6\u306b\u306a\u3063\u305f 3 \u56de\u76ee\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u304c\u3001\u305d\u306e\u306a\u304b\u3067\u3082 Fighting Ursa \u306f\u3053\u306e\u8106\u5f31\u6027\u3092\u5229\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u306f\u30012023 \u5e74 9 \u6708\u304b\u3089 10 \u6708\u306b\u304b\u3051\u30017 \u304b\u56fd\u306e\u5c11\u306a\u304f\u3068\u3082 9 \u3064\u306e\u7d44\u7e54\u3092\u5bfe\u8c61\u306b\u3001\u3053\u306e\u6700\u65b0\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u5b9f\u65bd\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>3 \u3064\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3059\u3079\u3066\u3067\u6a19\u7684\u3068\u306a\u3063\u305f 14 \u304b\u56fd\u306e\u3046\u3061\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u3001\u30e8\u30eb\u30c0\u30f3\u3001\u30a2\u30e9\u30d6\u9996\u9577\u56fd\u9023\u90a6\u306e\u7d44\u7e54\u3092\u9664\u304f\u3059\u3079\u3066\u304c NATO \u52a0\u76df\u56fd\u306e\u7d44\u7e54\u3067\u3059\u3002\u3053\u308c\u3089\u306e\u7d44\u7e54\u306b\u306f\u3001\u5916\u4ea4\u3001\u7d4c\u6e08\u3001\u8ecd\u4e8b\u554f\u984c\u306b\u304a\u3044\u3066\u60c5\u5831\u4e0a\u306e\u512a\u4f4d\u6027\u3092\u3082\u305f\u3089\u3059\u91cd\u8981\u30a4\u30f3\u30d5\u30e9\u3084\u7d44\u7e54\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u6a19\u7684\u3068\u3055\u308c\u305f\u7d44\u7e54\u306b\u306f\u3001\u4ee5\u4e0b\u306b\u95a2\u9023\u3059\u308b\u7d44\u7e54\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u30a8\u30cd\u30eb\u30ae\u30fc\u306e\u751f\u7523\u3068\u914d\u7d66<\/li>\n<li>\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3 \u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3<\/li>\n<li>\u7269\u8cc7\u3001\u4eba\u54e1\u3001\u822a\u7a7a\u8f38\u9001<\/li>\n<li>\u9632\u885b\u7701<\/li>\n<li>\u5916\u52d9\u7701<\/li>\n<li>\u7dcf\u52d9\u7701<\/li>\n<li>\u7d4c\u6e08\u7701<\/li>\n<\/ul>\n<p>Fighting Ursa (\u5225\u540d APT28\u3001Fancy Bear\u3001Strontium\/Forest Blizzard\u3001Pawn Storm\u3001Sofacy\u3001Sednit) \u306f\u3001\u30ed\u30b7\u30a2\u306e\u8ecd\u4e8b\u8adc\u5831\u6a5f\u95a2\u306b\u95a2\u9023\u3059\u308b\u30b0\u30eb\u30fc\u30d7\u3067\u3042\u308a\u3001\u30ed\u30b7\u30a2\u304c\u95a2\u5fc3\u3092\u3082\u3064\u6a19\u7684\u3001\u3068\u304f\u306b\u8ecd\u4e8b\u4e0a\u95a2\u5fc3\u3092\u3082\u3064\u6a19\u7684\u306b\u7126\u70b9\u3092\u5f53\u3066\u3066\u3044\u308b\u3053\u3068\u3067\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u307e\u3059\u3002Fighting Ursa \u306f\u3001\u30ed\u30b7\u30a2\u9023\u90a6\u8ecd\u53c2\u8b00\u672c\u90e8\u60c5\u5831\u7dcf\u5c40 (GRU) \u6240\u5c5e\u7b2c 85 \u4e3b\u8981\u7279\u6b8a\u30b5\u30fc\u30d3\u30b9\u30bb\u30f3\u30bf\u30fc (GTsSS) 26165 \u8ecd\u4e8b\u8adc\u5831\u90e8\u968a\u306b\u5e30\u5c5e\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u696d\u754c\u304c\u305d\u308c\u305e\u308c\u306e\u30ea\u30b5\u30fc\u30c1\u3067\u672c\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u3064\u3044\u3066\u6587\u66f8\u5316\u6e08\u307f\u306a\u306e\u3067\u3001Fighting Ursa \u306e\u6226\u7565\u306f\u3059\u3067\u306b\u660e\u3089\u304b\u306b\u306f\u306a\u3063\u3066\u3044\u307e\u3059\u304c\u3001\u672c\u7a3f\u306b\u30ea\u30b5\u30fc\u30c1\u3092\u516c\u958b\u3059\u308b\u3053\u3068\u3067\u3001Fighting Ursa \u304c\u8907\u6570\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u540c\u8106\u5f31\u6027\u3092\u5229\u7528\u3057\u305f\u4ef6\u306b\u5149\u3092\u5f53\u3066\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002\u6a19\u7684\u306b\u3055\u308c\u308b\u30ea\u30b9\u30af\u306e\u9ad8\u3044\u7d44\u7e54\u3068\u56fd\u3067 Microsoft Outlook \u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u305f\u3060\u3061\u306b CVE-2023-23397 \u306b\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u9069\u7528\u3057\u3001\u9069\u5207\u306a\u69cb\u6210\u3092\u78ba\u4fdd\u3057\u305f\u3046\u3048\u3067\u3001\u5c06\u6765\u306e\u653b\u6483\u304b\u3089\u9632\u5fa1\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u88fd\u54c1\u3092\u901a\u3058\u3001\u672c\u7a3f\u3067\u89e3\u8aac\u3057\u305f\u7a2e\u985e\u306e\u8105\u5a01\u306b\u5bfe\u3059\u308b\u4fdd\u8b77\u3092\u53d7\u3051\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/cortex-xdr\" target=\"_blank\" rel=\"noopener\">Cortex XDR<\/a><\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/products\/secure-the-network\/wildfire\" target=\"_blank\" rel=\"noopener\">WildFire<\/a><\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/advanced-url-filtering\" target=\"_blank\" rel=\"noopener\">Advanced URL Filtering<\/a><\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/advanced-threat-prevention\" target=\"_blank\" rel=\"noopener\">Advanced Threat Prevention<\/a><\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/dns-security\" target=\"_blank\" rel=\"noopener\">DNS Security<\/a> \u306e\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u30b5\u30fc\u30d3\u30b9\u3092\u6709\u52b9\u306b\u3057\u305f<a href=\"https:\/\/www.paloaltonetworks.jp\/network-security\/next-generation-firewall\" target=\"_blank\" rel=\"noopener\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a><\/li>\n<li><a href=\"https:\/\/start.paloaltonetworks.jp\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">Unit 42 \u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 \u30ec\u30b9\u30dd\u30f3\u30b9 \u30c1\u30fc\u30e0<\/a>\u306b\u3088\u308b\u672c\u7a3f\u3067\u53d6\u308a\u4e0a\u3052\u305f\u8105\u5a01\u3092\u306f\u3058\u3081\u3068\u3059\u308b\u3055\u307e\u3056\u307e\u306a\u8105\u5a01\u3078\u306e\u500b\u5225\u5bfe\u5fdc<\/li>\n<\/ul>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><b>\u95a2\u9023\u3059\u308b Unit 42 \u306e\u30c8\u30d4\u30c3\u30af<\/b><\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/russia-ja\/\" target=\"_blank\" rel=\"noopener\"><strong>Russia<\/strong><\/a>, <a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/ukraine-ja\/\" target=\"_blank\" rel=\"noopener\"><strong>Ukraine<\/strong><\/a><\/td>\n<\/tr>\n<tr>\n<td><b>Fighting Ursa APT \u30b0\u30eb\u30fc\u30d7\u306e\u5225\u540d<\/b><\/td>\n<td><span style=\"font-weight: 400;\">APT28, UAC-0001, Fancy Bear, Strontium \/ Forest Blizzard, Pawn Storm, Sofacy, Sednit<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><a id=\"post-131581-_a3ba2o667mst\"><\/a><strong>CVE-2023-23397: \u6982\u8981<\/strong><\/h2>\n<p>Fighting Ursa \u306f\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u3067\u306e\u7d1b\u4e89\u306b\u5148\u7acb\u3061\u3001\u30ed\u30b7\u30a2\u306e\u60c5\u5831\u6226\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u652f\u63f4\u3059\u308b\u30cf\u30c3\u30ad\u30f3\u30b0\u306b\u3088\u3063\u3066\u305d\u306e\u5b9a\u8a55\u3092\u78ba\u7acb\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u3046\u3057\u305f<a href=\"https:\/\/www.justice.gov\/opa\/pr\/us-charges-russian-gru-officers-international-hacking-and-related-influence-and\" target=\"_blank\" rel=\"noopener\">\u652f\u63f4\u306b\u306f\u4ee5\u4e0b\u306e\u53d6\u308a\u7d44\u307f\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059<\/a>\u3002<\/p>\n<ul>\n<li>\u30aa\u30ea\u30f3\u30d4\u30c3\u30af\u306e\u53cd\u30c9\u30fc\u30d4\u30f3\u30b0\u8abf\u67fb\u5831\u9053\u3078\u306e\u5bfe\u6297<\/li>\n<li>\u82f1\u56fd\u306b\u304a\u3051\u308b GRU \u306b\u3088\u308b\u6697\u6bba\u672a\u9042\u4e8b\u4ef6\u3067\u3001\u5316\u5b66\u7269\u8cea\u306e\u4f7f\u7528\u306b\u95a2\u3059\u308b\u635c\u67fb\u3092\u59a8\u5bb3<\/li>\n<li><a href=\"https:\/\/www.justice.gov\/opa\/pr\/grand-jury-indicts-12-russian-intelligence-officers-hacking-offenses-related-2016-election\" target=\"_blank\" rel=\"noopener\">\u7c73\u56fd<\/a>\u3001<a href=\"https:\/\/www.reuters.com\/article\/us-france-election-macron-cyber-idUSKBN17Q200\" target=\"_blank\" rel=\"noopener\">\u30d5\u30e9\u30f3\u30b9<\/a>\u3001<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/espionage-cyber-propaganda-two-years-of-pawn-storm\" target=\"_blank\" rel=\"noopener\">\u30c9\u30a4\u30c4<\/a>\u306e\u6c11\u4e3b\u7684\u9078\u6319\u30d7\u30ed\u30bb\u30b9\u3078\u306e\u5f71\u97ff\u884c\u4f7f<\/li>\n<\/ul>\n<p>\u56fd\u969b\u7684\u306b\u306f\u3042\u307e\u308a\u77e5\u3089\u308c\u3066\u3044\u306a\u3044\u306e\u304c\u3001\u30ed\u30b7\u30a2\u306e\u30a6\u30af\u30e9\u30a4\u30ca\u4fb5\u653b\u306b\u5148\u7acb\u3061\u4eca\u65e5\u306b\u81f3\u308b\u307e\u3067\u884c\u308f\u308c\u3066\u3044\u308b Fighting Ursa \u306e\u4e00\u9023\u306e\u30cf\u30c3\u30ad\u30f3\u30b0 \u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u3059\u3002<\/p>\n<p>2022 \u5e74 2 \u6708 24 \u65e5\u3001\u30ed\u30b7\u30a2\u306f\u30a6\u30af\u30e9\u30a4\u30ca\u3078\u306e\u672c\u683c\u7684\u306a\u6b66\u529b\u4fb5\u653b\u3092\u958b\u59cb\u3057\u307e\u3057\u305f\u3002\u305d\u306e 3 \u9031\u9593\u5f8c (2022 \u5e74 3 \u6708 18 \u65e5)\u3001Fighting Ursa \u306f\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u306e\u79fb\u6c11\u5c40 (State Migration Service) \u3092\u6a19\u7684\u3068\u3057\u3001<a href=\"https:\/\/unit42.paloaltonetworks.jp\/threat-brief-cve-2023-23397\/\" target=\"_blank\" rel=\"noopener\">CVE-2023-23397<\/a> \u306e\u8106\u5f31\u6027 (\u5f53\u6642\u672a\u767a\u898b\u306e\u30bc\u30ed\u30c7\u30a4 \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8) \u3092\u4f7f\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>Fighting Ursa \u306f\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u306e\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u304c\u540c\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u767a\u898b\u3057\u3001Microsoft \u304c 2023 \u5e74 3 \u6708 14 \u65e5\u306b\u540c\u8106\u5f31\u6027\u3078\u306e\u5bfe\u7b56\u30d1\u30c3\u30c1\u3092\u767a\u884c\u3057\u305f\u3055\u3044\u3001<a href=\"https:\/\/msrc.microsoft.com\/blog\/2023\/03\/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability\/\" target=\"_blank\" rel=\"noopener\">\u516c\u7684\u306b\u3053\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u4f7f\u7528\u3092\u300c\u3042\u308b\u30ed\u30b7\u30a2\u3092\u62e0\u70b9\u3068\u3059\u308b\u653b\u6483\u8005\u300d\u306b\u5e30\u5c5e\u3057\u305f<\/a>\u5f8c\u3082\u3001\u6a19\u7684\u6226\u7565\u306e\u306a\u304b\u3067\u3053\u306e\u8106\u5f31\u6027\u3092\u5229\u7528\u3057\u7d9a\u3051\u307e\u3057\u305f\u3002<\/p>\n<p>\u5168\u4f53\u3067\u306f\u3001Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3053\u306e CVE \u306b\u95a2\u9023\u3059\u308b 3 \u3064\u306e\u7570\u306a\u308b Fighting Ursa \u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u89b3\u6e2c\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li><strong>\u30bc\u30ed\u30c7\u30a4<\/strong> <strong>\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/strong> (CVE \u767a\u898b\u524d\u306e\u6700\u521d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3): 2022 \u5e74 3 \u6708 18 \u65e5 \uff5e 12 \u6708 29 \u65e5<\/li>\n<li><strong>\u7b2c 2 \u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/strong> (CVE \u7279\u5b9a\u5f8c\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3): 2023 \u5e74 3 \u6708 15 \u65e5 \uff5e 29 \u65e5<\/li>\n<li><strong>\u7b2c 3 \u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/strong>: 2023 \u5e74 8 \u6708 30 \u65e5\uff5e 10 \u670811 \u65e5<\/li>\n<\/ul>\n<p>\u56f3 1 \u306f Fighting Ursa \u304c CVE-2023-23397 \u3092\u4f7f\u3063\u3066\u884c\u3063\u305f\u6700\u5f8c\u306b\u89b3\u6e2c\u3055\u308c\u305f\u8a66\u307f\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3001\u305d\u306e\u8a66\u307f\u3067\u306f 2023 \u5e74 10 \u6708 11 \u65e5\u306b\u30e2\u30f3\u30c6\u30cd\u30b0\u30ed\u56fd\u9632\u7701\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u5b9b\u306b\u30e1\u30c3\u30bb\u30fc\u30b8\u3092 1 \u901a\u9001\u4fe1\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u3001\u30a2\u30af\u30bf\u30fc\u304c\u30d1\u30d6\u30ea\u30c3\u30af \u30e1\u30fc\u30eb \u30b5\u30fc\u30d3\u30b9 (<span style=\"font-family: 'courier new', courier, monospace;\">portugalmail[.]pt<\/span>) \u3067\u4f5c\u6210\u3057\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u304b\u3089\u9001\u4fe1\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_131558\" aria-describedby=\"caption-attachment-131558\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131558 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/word-image-131555-1.png\" alt=\"\u753b\u50cf 1 \u306f\u3001Microsoft Outlook \u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3001\u3053\u3053\u3067\u306f\u60aa\u610f\u306e\u3042\u308b\u30bf\u30b9\u30af\u304c\u30e2\u30f3\u30c6\u30cd\u30b0\u30ed\u56fd\u9632\u7701\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u9001\u4fe1\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u96fb\u5b50\u30e1\u30fc\u30eb\u306f daniel.myers1998@portugalmail[.]pt \u304b\u3089\u306e\u3082\u306e\u3067\u3059\u3002to \u306e\u884c\u306f\u4f0f\u305b\u3066\u3042\u308a\u307e\u3059\u3002\u4ef6\u540d\u306f Test Meeting \u3067\u3059\u30022023 \u5e74 10 \u6708 11 \u65e5\u6c34\u66dc\u65e5\u306b\u53d7\u4fe1\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"425\" \/><figcaption id=\"caption-attachment-131558\" class=\"wp-caption-text\">\u56f3 1. \u60aa\u610f\u306e\u3042\u308b\u30bf\u30b9\u30af \u30ea\u30af\u30a8\u30b9\u30c8\u304c\u30e2\u30f3\u30c6\u30cd\u30b0\u30ed\u56fd\u9632\u7701\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u9001\u4fe1\u3055\u308c\u305f (SHA256 <span style=\"font-family: 'courier new', courier, monospace;\">4238c061102400fa27356266c6f677d1d7320f66f955a7f389eb24f10a49b53d<\/span>)<\/figcaption><\/figure>\n<p>\u3053\u306e\u8106\u5f31\u6027\u3092\u4f7f\u3046 Microsoft Outlook \u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u6210\u529f\u3059\u308b\u3068\u3001Windows NT LAN Manager (<a href=\"https:\/\/learn.microsoft.com\/ja-jp\/openspecs\/windows_protocols\/ms-nlmp\/c50a85f0-5940-42d8-9e82-ed206902e919\" target=\"_blank\" rel=\"noopener\">NTLM<\/a>) \u3092\u4f7f\u3063\u305f\u30ea\u30ec\u30fc\u653b\u6483\u304c\u767a\u751f\u3057\u307e\u3059 (\u8a73\u7d30\u306f\u300e<a href=\"https:\/\/unit42.paloaltonetworks.jp\/threat-brief-cve-2023-23397\/\" target=\"_blank\" rel=\"noopener\">\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Microsoft Outlook\u306b\u304a\u3051\u308b\u7279\u6a29\u6607\u683c\u306e\u8106\u5f31\u6027(CVE-2023-23397)<\/a>\u300f\u3092\u53c2\u7167)\u3002<\/p>\n<p>NTLM \u306f\u3001\u30ea\u30ec\u30fc\u653b\u6483\u3092\u53d7\u3051\u3084\u3059\u3044\u30c1\u30e3\u30ec\u30f3\u30b8\/\u30ec\u30b9\u30dd\u30f3\u30b9\u578b\u306e\u8a8d\u8a3c\u30d7\u30ed\u30c8\u30b3\u30eb\u3067\u3059\u3002\u3053\u306e\u305f\u3081\u3001Windows 2000 \u4ee5\u964d\u306e Windows \u30b7\u30b9\u30c6\u30e0\u3067\u306f Kerberos \u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u8a8d\u8a3c\u30d7\u30ed\u30c8\u30b3\u30eb\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u591a\u304f\u306e Microsoft \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u306f\u3001Kerberos \u304c\u5b9f\u884c\u3067\u304d\u306a\u3044\u5834\u5408\u306e\u30d5\u30a9\u30fc\u30eb\u30d0\u30c3\u30af \u30d7\u30ed\u30c8\u30b3\u30eb\u3068\u3057\u3066<a href=\"https:\/\/www.securityweek.com\/microsoft-improving-windows-authentication-disabling-ntlm\/\" target=\"_blank\" rel=\"noopener\">\u4eca\u3082 NTLM \u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059<\/a>\u3002Microsoft Outlook \u306f\u305d\u3046\u3057\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e 1 \u3064\u3067\u3059\u3002<\/p>\n<p>\u8106\u5f31\u306a\u3001\u3042\u308b\u3044\u306f\u69cb\u6210\u4e0a\u306e\u554f\u984c\u306e\u3042\u308b Outlook \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u3001CVE-2023-23397 \u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3059\u308b\u7279\u5225\u306b\u7d30\u5de5\u3055\u308c\u305f\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u53d7\u4fe1\u3057\u305f\u5834\u5408\u3001Outlook \u306f\u653b\u6483\u8005\u304c\u5236\u5fa1\u3059\u308b\u30ea\u30e2\u30fc\u30c8 \u30d5\u30a1\u30a4\u30eb\u5171\u6709\u306b NTLM \u8a8d\u8a3c\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u9001\u4fe1\u3057\u307e\u3059\u3002NTLM \u306e\u8a8d\u8a3c\u30ec\u30b9\u30dd\u30f3\u30b9\u306f <a href=\"https:\/\/learn.microsoft.com\/ja-jp\/answers\/questions\/221463\/advanced-threat-analytics-(atauser)-leaks-ntlmv2-h\" target=\"_blank\" rel=\"noopener\">NTLMv2 \u30cf\u30c3\u30b7\u30e5<\/a>\u3067\u3059\u3002Fighting Ursa \u306f\u3001\u3053\u306e\u30cf\u30c3\u30b7\u30e5\u3092\u4f7f\u3063\u3066\u88ab\u5bb3\u8005\u306b\u306a\u308a\u3059\u307e\u3057\u3001\u88ab\u5bb3\u8005\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u306e\u5de5\u4f5c\u6d3b\u52d5\u3092\u884c\u3044\u307e\u3059\u3002\u3053\u308c\u306f\u4e00\u822c\u306b <a href=\"https:\/\/www.csoonline.com\/article\/571263\/ntlm-relay-attacks-explained-and-why-petitpotam-is-the-most-dangerous.html\" target=\"_blank\" rel=\"noopener\">NTLM \u30ea\u30ec\u30fc\u653b\u6483<\/a>\u306e\u540d\u3067\u77e5\u3089\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001\u4e3b\u306b 2 \u3064\u306e\u7406\u7531\u304b\u3089\u3001\u3053\u308c\u3089\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c Fighting Ursa \u306b\u5e30\u5c5e\u3059\u308b\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<ol>\n<li>\u3053\u308c\u3089\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u6a19\u7684\u3068\u3055\u308c\u305f\u88ab\u5bb3\u8005\u306b\u306f\u3044\u305a\u308c\u3082\u30ed\u30b7\u30a2\u8ecd\u306b\u3068\u3063\u3066\u660e\u767d\u306a\u8adc\u5831\u7684\u4fa1\u5024\u304c\u3042\u308b\u3002<\/li>\n<li>\u3053\u308c\u3089\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u3059\u3079\u3066\u3001\u76d7\u3093\u3060 Ubiquiti \u30cd\u30c3\u30c8\u30ef\u30fc\u30ad\u30f3\u30b0 \u30c7\u30d0\u30a4\u30b9\u3092\u4f7f\u3063\u3066\u88ab\u5bb3\u8005\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304b\u3089 NTLM \u8a8d\u8a3c\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u53ce\u96c6\u3057\u3066\u3044\u305f\u3002\u3053\u306e\u624b\u53e3\u306f\u3053\u308c\u307e\u3067\u306e Fighting Ursa \u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u624b\u53e3\u3068\u4e00\u81f4\u3057\u3066\u3044\u308b\u3002<\/li>\n<\/ol>\n<h2><a id=\"post-131581-_c6jmeih1194x\"><\/a><strong>\u88ab\u5bb3\u8005\u5b66: \u30ed\u30b7\u30a2\u306e\u6a19\u7684\u9078\u5b9a\u306e\u512a\u5148\u9806\u4f4d\u306b\u95a2\u3059\u308b\u7814\u7a76<\/strong><\/h2>\n<p>Fighting Ursa \u304c CVE-2023-23397 \u3092\u4f7f\u3063\u3066\u88ab\u5bb3\u8005\u3092\u6a19\u7684\u5316\u3057\u305f 50 \u4ef6\u4ee5\u4e0a\u306e\u89b3\u6e2c\u6e08\u307f\u30b5\u30f3\u30d7\u30eb\u3092\u8a73\u3057\u304f\u8abf\u3079\u308b\u3053\u3068\u3067\u3001\u3053\u306e\u56fd\u969b\u7d1b\u4e89\u6642\u4ee3\u306b\u30ed\u30b7\u30a2\u304c\u8ecd\u4e8b\u7684\u306b\u512a\u5148\u3059\u308b\u4e8b\u9805\u306b\u95a2\u3057\u3001\u30e6\u30cb\u30fc\u30af\u3067\u6709\u76ca\u306a\u6d1e\u5bdf\u304c\u5f97\u3089\u308c\u307e\u3059\u3002\u30bc\u30ed\u30c7\u30a4 \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u305d\u306e\u6027\u8cea\u4e0a\u3001APT \u306b\u3068\u3063\u3066\u306f\u9ad8\u4fa1\u5024\u5546\u54c1\u3067\u3059\u3002\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30bc\u30ed\u30c7\u30a4 \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u4f7f\u7528\u3059\u308b\u306e\u306f\u3001\u30a2\u30af\u30bb\u30b9\u3068\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u7372\u5f97\u304b\u3089\u306e\u5831\u916c\u304c\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u516c\u306b\u767a\u898b\u3055\u308c\u308b\u30ea\u30b9\u30af\u3092\u4e0a\u56de\u308b\u5834\u5408\u306e\u307f\u3067\u3059\u3002<\/p>\n<p>\u3042\u308b\u6a19\u7684\u306b\u5bfe\u3057\u3066\u30bc\u30ed\u30c7\u30a4\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u4f7f\u3046\u3068\u3044\u3046\u3053\u3068\u306f\u3001\u5bfe\u8c61\u306b\u5927\u304d\u306a\u4fa1\u5024\u304c\u3042\u308b\u3053\u3068\u3092\u793a\u5506\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u307e\u305f\u3001\u305d\u306e\u5f53\u6642\u306b\u6301\u3063\u3066\u3044\u305f\u6a19\u7684\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3068\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u304c\u4e0d\u8db3\u3057\u3066\u3044\u305f\u3053\u3068\u3082\u793a\u5506\u3057\u307e\u3059\u3002<\/p>\n<p>2 \u56de\u76ee\u3068 3 \u56de\u76ee\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067 Fighting Ursa \u306f\u6280\u8853\u3092\u5909\u66f4\u305b\u305a\u3001\u3059\u3067\u306b\u81ea\u5206\u305f\u3061\u306b\u5e30\u5c5e\u3055\u308c\u3066\u3044\u305f\u516c\u77e5\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u4f7f\u3044\u7d9a\u3051\u307e\u3057\u305f\u3002\u3053\u306e\u3053\u3068\u306f\u3001\u3053\u308c\u3089\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u5f97\u3089\u308c\u308b\u30a2\u30af\u30bb\u30b9\u3084\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u304c\u3001\u516c\u306b\u3055\u3089\u3055\u308c\u305f\u308a\u767a\u898b\u3055\u308c\u305f\u308a\u3059\u308b\u3053\u3068\u304b\u3089\u304f\u308b\u5f71\u97ff\u3092\u4e0a\u56de\u3063\u305f\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u3046\u3057\u305f\u7406\u7531\u304b\u3089\u30013 \u3064\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3059\u3079\u3066\u3067\u6a19\u7684\u3068\u306a\u3063\u3066\u3044\u305f\u7d44\u7e54\u306f\u3001\u30ed\u30b7\u30a2\u8adc\u5831\u6a5f\u95a2\u306b\u3068\u3063\u3066\u3001\u901a\u5e38\u3088\u308a\u9ad8\u3044\u512a\u5148\u9806\u4f4d\u3092\u6301\u3063\u3066\u3044\u305f\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3068\u3044\u3048\u307e\u3059\u3002<\/p>\n<p>\u56f3 2 \u306b\u793a\u3059\u6a19\u7684\u306e\u307e\u3068\u3081\u3092\u898b\u3066\u307f\u308b\u3068\u3001\u3044\u304f\u3064\u304b\u91cd\u8981\u306a\u30dd\u30a4\u30f3\u30c8\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<ol>\n<li>\u30a6\u30af\u30e9\u30a4\u30ca\u3092\u9664\u304d\u3001\u6a19\u7684\u3068\u306a\u3063\u305f\u6b27\u5dde\u8af8\u56fd\u306f\u3059\u3079\u3066\u3001\u73fe\u5728\u306e\u5317\u5927\u897f\u6d0b\u6761\u7d04\u6a5f\u69cb (NATO) \u306e\u52a0\u76df\u56fd\u3002<\/li>\n<li>\u653b\u6483\u8005\u306f\u5c11\u306a\u304f\u3068\u3082 1 \u540d\u306e <a href=\"https:\/\/www.nato.int\/cps\/en\/natohq\/topics_50088.htm\" target=\"_blank\" rel=\"noopener\">NATO \u7dca\u6025\u5c55\u958b\u8ecd\u56e3<\/a> \u30e1\u30f3\u30d0\u30fc\u3092\u6a19\u7684\u306b\u3057\u3066\u3044\u308b\u3002<\/li>\n<li>\u653f\u5e9c\u6a5f\u95a2\u4ee5\u5916\u3067\u306f\u3001\u653b\u6483\u8005\u306f\u4ee5\u4e0b\u306e\u30bb\u30af\u30bf\u30fc\u306e\u91cd\u8981\u30a4\u30f3\u30d5\u30e9\u95a2\u9023\u7d44\u7e54\u3092\u4e2d\u5fc3\u306b\u6a19\u7684\u5316\u3057\u3066\u3044\u305f\u3002\n<ol>\n<li>\u30a8\u30cd\u30eb\u30ae\u30fc<\/li>\n<li>\u904b\u8f38<\/li>\n<li>\u96fb\u6c17\u901a\u4fe1<\/li>\n<li>\u60c5\u5831\u6280\u8853<\/li>\n<li>\u8ecd\u4e8b\u7523\u696d\u57fa\u76e4<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<figure id=\"attachment_131565\" aria-describedby=\"caption-attachment-131565\" style=\"width: 700px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131566 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/2022-Fighting-Ursa-F2-ja-1.png\" alt=\"\u56fd\u3001\u30bb\u30af\u30bf\u30fc\u3001\u56fd\u969b\u6a5f\u95a2\u3092\u542b\u3080\u6a19\u7684\u5316\u3055\u308c\u305f\u7d44\u7e54\u306e\u4e00\u89a7\u8868\" width=\"700\" height=\"623\" \/><figcaption id=\"caption-attachment-131565\" class=\"wp-caption-text\">\u56f3 2. CVE-2023-23397 \u3092\u4f7f\u3046\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067 Fighting Ursa \u306e\u6a19\u7684\u306b\u9078\u5b9a\u3055\u308c\u305f\u3053\u3068\u304c\u89b3\u6e2c\u3055\u308c\u305f\u7d44\u7e54<\/figcaption><\/figure>\n<h2><a id=\"post-131581-_2an8ryq91inv\"><\/a><strong>\u7d50\u8ad6<\/strong><\/h2>\n<p>APT\u3001\u3068\u304f\u306b\u30ed\u30b7\u30a2\u8ecd\u306e\u305f\u3081\u306e\u653b\u6483\u9042\u884c\u3092\u4f7f\u547d\u3068\u3059\u308b Fighting Ursa \u306e\u3088\u3046\u306a APT \u306b\u304a\u3051\u308b\u6a19\u7684\u306e\u9078\u5b9a\u512a\u5148\u9806\u4f4d\u3092\u8a73\u7d30\u306b\u7406\u89e3\u3067\u304d\u308b\u6a5f\u4f1a\u306f\u305d\u3046\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n<p>NATO \u3084\u6b27\u5dde\u8af8\u56fd\u306e\u653f\u5e9c\u30fb\u91cd\u8981\u30a4\u30f3\u30d5\u30e9\u4e8b\u696d\u8005\u306f\u3001\u6b21\u306e\u63aa\u7f6e\u3092\u8b1b\u3058\u308b\u3053\u3068\u304c\u5968\u52b1\u3055\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u672c\u7a3f\u3067\u8ff0\u3079\u305f\u6226\u8853\u306b\u7559\u610f\u3059\u308b<\/li>\n<li>\u672c\u8106\u5f31\u6027\u306b\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u9069\u7528\u3057\u3066\u304a\u304f<\/li>\n<li>\u672c\u7a3f\u3067\u8ff0\u3079\u305f\u3088\u3046\u306a\u60aa\u610f\u306e\u3042\u308b\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u30d6\u30ed\u30c3\u30af\u3067\u304d\u308b\u3088\u3046\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u4fdd\u8b77\u3092\u69cb\u6210\u3059\u308b<\/li>\n<\/ul>\n<h2><a id=\"post-131581-_k4ekm0r0mpzn\"><\/a>\u4fdd\u8b77\u3068\u7de9\u548c\u7b56<\/h2>\n<ul>\n<li><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XDR\" target=\"_blank\" rel=\"noopener\">Cortex XDR<\/a>\u306e Advanced API Monitoring \u3092\u6709\u52b9\u306b\u3057\u3066\u3044\u308b\u304a\u5ba2\u69d8\u306f\u3001XDR \u306e Anti-Exploit Protection \u306b\u3088\u308a CVE-2023-23397 \u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u8a66\u884c\u304b\u3089\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>\u3067 <a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Advanced Threat Prevention <\/a>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u3092\u6709\u52b9\u306b\u3057\u3066\u3044\u308b\u5834\u5408\u3001Threat Prevention \u306e\u30b7\u30b0\u30cd\u30c1\u30e3\u30fc <a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=93635\">93635<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=93705\" target=\"_blank\" rel=\"noopener\">93705<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=93584\" target=\"_blank\" rel=\"noopener\">93584<\/a> \u3092\u901a\u3058\u305f\u30d9\u30b9\u30c8 \u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u304c\u653b\u6483\u9632\u6b62\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/li>\n<li>\u3053\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u95a2\u9023\u3059\u308b\u60aa\u610f\u306e\u3042\u308b URL \u3068 IP \u306f\u3001<a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-url-filtering\/administration\" target=\"_blank\" rel=\"noopener\">Advanced URL Filtering<\/a> \u3068 <a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">DNS Security<\/a> \u306b\u3088\u3063\u3066\u30d6\u30ed\u30c3\u30af\u3055\u308c\u307e\u3059\u3002<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/wildfire\" target=\"_blank\" rel=\"noopener\">Advanced WildFire<\/a> \u306f\u3001\u672c\u7a3f\u3067\u89e3\u8aac\u3057\u305f IoC \u306b\u9451\u307f\u3001\u6a5f\u68b0\u5b66\u7fd2\u30e2\u30c7\u30eb\u3068\u5206\u6790\u624b\u6cd5\u306e\u898b\u76f4\u3057\u3068\u66f4\u65b0\u3092\u884c\u3044\u307e\u3057\u305f\u3002<\/li>\n<\/ul>\n<p>\u4fb5\u5bb3\u306e\u61f8\u5ff5\u304c\u3042\u308a\u5f0a\u793e\u306b\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u30ec\u30b9\u30dd\u30f3\u30b9\u306b\u95a2\u3059\u308b\u3054\u76f8\u8ac7\u3092\u306a\u3055\u308a\u305f\u3044\u5834\u5408\u306f\u3001<a href=\"https:\/\/start.paloaltonetworks.jp\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">\u3053\u3061\u3089\u306e\u30d5\u30a9\u30fc\u30e0<\/a>\u304b\u3089\u3054\u9023\u7d61\u3044\u305f\u3060\u304f\u304b\u3001infojapan@paloaltonetworks.com\u307e\u3067\u30e1\u30fc\u30eb\u306b\u3066\u3054\u9023\u7d61\u3044\u305f\u3060\u304f\u304b\u3001\u4e0b\u8a18\u306e\u96fb\u8a71\u756a\u53f7\u307e\u3067\u304a\u554f\u3044\u5408\u308f\u305b\u304f\u3060\u3055\u3044(\u3054\u76f8\u8ac7\u306f\u5f0a\u793e\u88fd\u54c1\u306e\u304a\u5ba2\u69d8\u306b\u306f\u9650\u5b9a\u3055\u308c\u307e\u305b\u3093)\u3002<\/p>\n<ul>\n<li>\u5317\u7c73\u30d5\u30ea\u30fc\u30c0\u30a4\u30e4\u30eb: 866.486.4842 (866.4.UNIT42)<\/li>\n<li>EMEA: +31.20.299.3130<\/li>\n<li>APAC: +65.6983.8730<\/li>\n<li>\u65e5\u672c: (+81) 50-1790-0200<\/li>\n<\/ul>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u3001\u3053\u308c\u3089\u306e\u8abf\u67fb\u7d50\u679c\u3092 Cyber Threat Alliance (CTA: \u30b5\u30a4\u30d0\u30fc\u8105\u5a01\u30a2\u30e9\u30a4\u30a2\u30f3\u30b9) \u306e\u30e1\u30f3\u30d0\u30fc\u3068\u5171\u6709\u3057\u307e\u3057\u305f\u3002CTA \u306e\u30e1\u30f3\u30d0\u30fc\u306f\u3053\u306e\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u3092\u4f7f\u3063\u3066\u3001\u304a\u5ba2\u69d8\u306b\u4fdd\u8b77\u3092\u8fc5\u901f\u306b\u63d0\u4f9b\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u8005\u3092\u4f53\u7cfb\u7684\u306b\u963b\u5bb3\u3067\u304d\u307e\u3059\u3002\u8a73\u7d30\u306f <a href=\"https:\/\/www.cyberthreatalliance.org\" target=\"_blank\" rel=\"noopener\">Cyber Threat Alliance<\/a> \u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\uff61<\/p>\n<h2><a id=\"post-131581-_v8176g40kstn\"><\/a><strong>IoC (\u4fb5\u5bb3\u6307\u6a19)<\/strong><\/h2>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">5.199.162[.]132<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">101.255.119[.]42<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">181.209.99[.]204<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">213.32.252[.]221<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">168.205.200[.]55<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">69.162.253[.]21<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">185.132.17[.]160<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">69.51.2[.]106<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">113.160.234[.]229<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">24.142.165[.]2<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">85.195.206[.]7<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">42.98.5[.]225<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">61.14.68[.]33<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">50.173.136[.]70<\/span><\/li>\n<\/ul>\n<h2><a id=\"post-131581-_570cbe1pdhwx\"><\/a><strong>\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/strong><\/h2>\n<ul>\n<li><a href=\"https:\/\/unit42.paloaltonetworks.jp\/threat-brief-cve-2023-23397\/\" target=\"_blank\" rel=\"noopener\">\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Microsoft Outlook\u306b\u304a\u3051\u308b\u7279\u6a29\u6607\u683c\u306e\u8106\u5f31\u6027(CVE-2023-23397)<\/a> \u2013 \u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9 Unit 42<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/security-operations\/playbook-of-the-week-automated-rapid-response-to-microsoft-outlook-for-windows-vulnerability\/\" target=\"_blank\" rel=\"noopener\">CVE-2023-23397 Playbook of the week<\/a> \u2013 \u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23397\" target=\"_blank\" rel=\"noopener\">Microsoft Outlook Elevation of Privilege Vulnerability: CVE-2023-23397<\/a> - Microsoft<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/blog\/2023\/03\/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability\/\" target=\"_blank\" rel=\"noopener\">Microsoft Mitigates Outlook Elevation of Privilege Vulnerability<\/a> - Microsoft<\/li>\n<li><a href=\"https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2023-CTI-009\/\" target=\"_blank\" rel=\"noopener\">Campagnes d\u2019attaques du mode op\u00e9ratoire APT28 depuis 2021<\/a> - CERT-France<\/li>\n<li><a href=\"https:\/\/www.justice.gov\/opa\/pr\/us-charges-russian-gru-officers-international-hacking-and-related-influence-and\" target=\"_blank\" rel=\"noopener\">U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations<\/a> - United States Department of Justice<\/li>\n<li><a href=\"https:\/\/www.justice.gov\/opa\/pr\/grand-jury-indicts-12-russian-intelligence-officers-hacking-offenses-related-2016-election\" target=\"_blank\" rel=\"noopener\">Grand Jury Indicts 12 Russian Intelligence Officers for Hacking Offenses Related to the 2016 Election<\/a> - United States Department of Justice<\/li>\n<li><a href=\"https:\/\/www.reuters.com\/article\/us-france-election-macron-cyber-idUSKBN17Q200\" target=\"_blank\" rel=\"noopener\">Macron campaign was target of cyber attacks by spy-linked group<\/a> - Reuters<\/li>\n<li><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/espionage-cyber-propaganda-two-years-of-pawn-storm\" target=\"_blank\" rel=\"noopener\">From Espionage to Cyber Propaganda: Pawn Storm's Activities over the Past Two Years<\/a> - Trend Micro<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 \u4eca\u5e74\u521d\u3081\u3001\u30a6\u30af\u30e9\u30a4\u30ca\u306e\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u304c\u3001Fighting Ursa \u306b\u3088\u308b Microsoft Outlook \u306e\u30bc\u30ed\u30c7\u30a4 \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8 (\u73fe\u5728\u306f CVE-2023-23397 \u3068\u3057\u3066\u77e5\u3089\u308c\u308b)<\/p>\n","protected":false},"author":23,"featured_media":131557,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4433,4431,4470],"tags":[4499,4801,4803,4805,4807,4809,4811,4813,4791,4815,4817,4591],"product_categories":[4441,4442,4443,4447,4448,4456,4465],"coauthors":[1025],"class_list":["post-131581","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nation-state-cyberattacks-ja","category-threat-actor-groups-ja","category-vulnerabilities-ja","tag-advanced-persistent-threat-ja","tag-apt28-ja","tag-cortex-xdr-ja","tag-cve-2023-23397-ja","tag-fancy-bear-ja","tag-fighting-ursa-ja","tag-microsoft-outlook-ja","tag-microsoft-vulnerability-ja","tag-privilege-escalation-ja","tag-russia-ja","tag-uac-0001-ja","tag-ukraine-ja","product_categories-advanced-dns-security-ja","product_categories-advanced-threat-prevention-ja","product_categories-advanced-url-filtering-ja","product_categories-cortex-ja","product_categories-cortex-xdr-ja","product_categories-next-generation-firewall-ja","product_categories-unit-42-incident-response-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66<\/title>\n<meta name=\"description\" content=\"\u30ed\u30b7\u30a2\u7cfbAPT\u30b0\u30eb\u30fc\u30d7Fighting Ursa\u306e\u5b9f\u65bd\u3057\u305f20\u30f6\u6708\u306b\u304a\u3088\u3076\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u3001\u8adc\u5831\u4e0a\u306e\u4fa1\u5024\u304c\u9ad8\u304430\u306e\u7d44\u7e54\u304c\u6a19\u7684\u5316\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u540c\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u5171\u901a\u3067\u5229\u7528\u3055\u308c\u305f\u8106\u5f31\u6027CVE-2023-23397\u306e\u6982\u8981\u3068\u5f7c\u3089\u306e\u6a19\u7684\u9078\u5b9a\u306e\u512a\u5148\u9806\u4f4d\u3092\u5b66\u3073\u307e\u3059\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66\" \/>\n<meta property=\"og:description\" content=\"\u30ed\u30b7\u30a2\u7cfbAPT\u30b0\u30eb\u30fc\u30d7Fighting Ursa\u306e\u5b9f\u65bd\u3057\u305f20\u30f6\u6708\u306b\u304a\u3088\u3076\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u3001\u8adc\u5831\u4e0a\u306e\u4fa1\u5024\u304c\u9ad8\u304430\u306e\u7d44\u7e54\u304c\u6a19\u7684\u5316\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u540c\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u5171\u901a\u3067\u5229\u7528\u3055\u308c\u305f\u8106\u5f31\u6027CVE-2023-23397\u306e\u6982\u8981\u3068\u5f7c\u3089\u306e\u6a19\u7684\u9078\u5b9a\u306e\u512a\u5148\u9806\u4f4d\u3092\u5b66\u3073\u307e\u3059\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-08T07:03:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-17T08:28:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/PA-Unit42-TAC-FightingURSA_-Landscape.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1505\" \/>\n\t<meta property=\"og:image:height\" content=\"922\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Unit 42\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66","description":"\u30ed\u30b7\u30a2\u7cfbAPT\u30b0\u30eb\u30fc\u30d7Fighting Ursa\u306e\u5b9f\u65bd\u3057\u305f20\u30f6\u6708\u306b\u304a\u3088\u3076\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u3001\u8adc\u5831\u4e0a\u306e\u4fa1\u5024\u304c\u9ad8\u304430\u306e\u7d44\u7e54\u304c\u6a19\u7684\u5316\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u540c\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u5171\u901a\u3067\u5229\u7528\u3055\u308c\u305f\u8106\u5f31\u6027CVE-2023-23397\u306e\u6982\u8981\u3068\u5f7c\u3089\u306e\u6a19\u7684\u9078\u5b9a\u306e\u512a\u5148\u9806\u4f4d\u3092\u5b66\u3073\u307e\u3059\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/","og_locale":"ja_JP","og_type":"article","og_title":"Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66","og_description":"\u30ed\u30b7\u30a2\u7cfbAPT\u30b0\u30eb\u30fc\u30d7Fighting Ursa\u306e\u5b9f\u65bd\u3057\u305f20\u30f6\u6708\u306b\u304a\u3088\u3076\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u3001\u8adc\u5831\u4e0a\u306e\u4fa1\u5024\u304c\u9ad8\u304430\u306e\u7d44\u7e54\u304c\u6a19\u7684\u5316\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u540c\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u5171\u901a\u3067\u5229\u7528\u3055\u308c\u305f\u8106\u5f31\u6027CVE-2023-23397\u306e\u6982\u8981\u3068\u5f7c\u3089\u306e\u6a19\u7684\u9078\u5b9a\u306e\u512a\u5148\u9806\u4f4d\u3092\u5b66\u3073\u307e\u3059\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/","og_site_name":"Unit 42","article_published_time":"2023-12-08T07:03:22+00:00","article_modified_time":"2024-06-17T08:28:28+00:00","og_image":[{"width":1505,"height":922,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/PA-Unit42-TAC-FightingURSA_-Landscape.jpg","type":"image\/jpeg"}],"author":"Unit 42","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/"},"author":{"name":"Unit 42","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63"},"headline":"Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66","datePublished":"2023-12-08T07:03:22+00:00","dateModified":"2024-06-17T08:28:28+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/"},"wordCount":338,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/PA-Unit42-TAC-FightingURSA_-Landscape.jpg","keywords":["Advanced Persistent Threat","APT28","Cortex XDR","CVE-2023-23397","Fancy Bear","Fighting Ursa","Microsoft Outlook","Microsoft Vulnerability","privilege escalation","Russia","UAC-0001","Ukraine"],"articleSection":["\u56fd\u5bb6\u652f\u63f4\u578b\u30b5\u30a4\u30d0\u30fc\u653b\u6483","\u8105\u5a01\u30a2\u30af\u30bf\u30fc \u30b0\u30eb\u30fc\u30d7","\u8106\u5f31\u6027"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/","name":"Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/PA-Unit42-TAC-FightingURSA_-Landscape.jpg","datePublished":"2023-12-08T07:03:22+00:00","dateModified":"2024-06-17T08:28:28+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63"},"description":"\u30ed\u30b7\u30a2\u7cfbAPT\u30b0\u30eb\u30fc\u30d7Fighting Ursa\u306e\u5b9f\u65bd\u3057\u305f20\u30f6\u6708\u306b\u304a\u3088\u3076\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u3001\u8adc\u5831\u4e0a\u306e\u4fa1\u5024\u304c\u9ad8\u304430\u306e\u7d44\u7e54\u304c\u6a19\u7684\u5316\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u540c\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u5171\u901a\u3067\u5229\u7528\u3055\u308c\u305f\u8106\u5f31\u6027CVE-2023-23397\u306e\u6982\u8981\u3068\u5f7c\u3089\u306e\u6a19\u7684\u9078\u5b9a\u306e\u512a\u5148\u9806\u4f4d\u3092\u5b66\u3073\u307e\u3059\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/PA-Unit42-TAC-FightingURSA_-Landscape.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2023\/12\/PA-Unit42-TAC-FightingURSA_-Landscape.jpg","width":1505,"height":922,"caption":"A stylized portrayal of APT Fighting Ursa. The marks from bear claws in bright orange against the backdrop of a night sky."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/russian-apt-fighting-ursa-exploits-cve-2023-233397\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"Fighting Ursa (APT28) \u306e\u96a0\u5bc6\u4f5c\u6226\u3067\u5b66\u3076 APT \u8105\u5a01\u306e\u88ab\u5bb3\u8005\u5b66"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63","name":"Unit 42","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/24dfba25c0e71d4de1836b78795bc2e5","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/Insights_headshot-placeholder-300x300.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/Insights_headshot-placeholder-300x300.jpg","caption":"Unit 42"},"url":"https:\/\/unit42.paloaltonetworks.com\/ja\/author\/unit42\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/131581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=131581"}],"version-history":[{"count":16,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/131581\/revisions"}],"predecessor-version":[{"id":135039,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/131581\/revisions\/135039"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/131557"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=131581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=131581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=131581"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=131581"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=131581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}