{"id":131947,"date":"2024-01-11T17:09:50","date_gmt":"2024-01-12T01:09:50","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=131947"},"modified":"2024-06-17T01:03:05","modified_gmt":"2024-06-17T08:03:05","slug":"medusa-ransomware-escalation-new-leak-site","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/","title":{"rendered":"\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2"},"content":{"rendered":"<h2><a id=\"post-131947-_bp3g9a6zih45\"><\/a>\u6982\u8981<\/h2>\n<p>Unit 42 \u8105\u5a01\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9 \u30c1\u30fc\u30e0\u306e\u30a2\u30ca\u30ea\u30b9\u30c8\u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u6d3b\u767a\u5316\u3057\u3001\u6050\u559d\u3078\u3068\u6226\u8853\u304c\u30b7\u30d5\u30c8\u3057\u3066\u304d\u305f\u3053\u3068\u306b\u6c17\u3065\u304d\u307e\u3057\u305f\u3002\u305f\u3068\u3048\u3070 2023 \u5e74\u521d\u982d\u3001Medusa Blog \u3068\u547c\u3070\u308c\u308b\u5c02\u7528\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u304c\u5c0e\u5165\u3055\u308c\u305f\u3053\u3068\u306f\u3001\u305d\u3046\u3057\u305f\u6226\u8853\u30b7\u30d5\u30c8\u306e\u7279\u5fb4\u3068\u3057\u3066\u6319\u3052\u3089\u308c\u307e\u3059\u3002Medusa \u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3089\u306f\u3053\u306e\u30b5\u30a4\u30c8\u3092\u4f7f\u3044\u3001\u8eab\u4ee3\u91d1\u8981\u6c42\u306b\u5fdc\u3058\u3088\u3046\u3068\u3057\u306a\u3044\u88ab\u5bb3\u8005\u304b\u3089\u5f97\u305f\u6a5f\u5fae\u30c7\u30fc\u30bf\u3092\u958b\u793a\u3057\u307e\u3059\u3002<\/p>\n<p>\u591a\u91cd\u6050\u559d\u6226\u7565\u306e\u4e00\u74b0\u3068\u3057\u3066\u540c\u30b0\u30eb\u30fc\u30d7\u306f\u3001\u88ab\u5bb3\u8005\u306e\u30c7\u30fc\u30bf\u304c\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u306b\u63b2\u8f09\u3055\u308c\u305f\u3055\u3044\u3001\u6642\u9593\u306e\u5ef6\u9577\u3001\u30c7\u30fc\u30bf\u306e\u524a\u9664\u3001\u5168\u30c7\u30fc\u30bf\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306a\u3069\u3001\u8907\u6570\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u88ab\u5bb3\u8005\u306b\u63d0\u4f9b\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u306f\u3059\u3079\u3066\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u306e\u5f71\u97ff\u3092\u53d7\u3051\u308b\u7d44\u7e54\u306b\u3088\u3063\u3066\u5024\u6bb5\u304c\u7570\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>Onion \u30b5\u30a4\u30c8\u3092\u6050\u559d\u306b\u5229\u7528\u3059\u308b\u6226\u7565\u306e\u307b\u304b\u306b\u3001Medusa \u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3089\u306f\u300c\u60c5\u5831\u30b5\u30dd\u30fc\u30c8 (information support)\u300d\u3068\u547c\u3070\u308c\u308b\u516c\u958b Telegram \u30c1\u30e3\u30f3\u30cd\u30eb\u3082\u6d3b\u7528\u3057\u3066\u304a\u308a\u3001\u305d\u3053\u3067\u306f\u4fb5\u5bb3\u3055\u308c\u305f\u7d44\u7e54\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u516c\u958b\u3067\u5171\u6709\u3055\u308c\u3001\u5f93\u6765\u306e Onion \u30b5\u30a4\u30c8\u3088\u308a\u3082\u30a2\u30af\u30bb\u30b9\u3057\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>Unit 42 \u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 \u30ec\u30b9\u30dd\u30f3\u30b9 \u30c1\u30fc\u30e0\u306f\u3001Medusa \u306b\u3088\u308b\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u306b\u3082\u5bfe\u5fdc\u3057\u3066\u304a\u308a\u3001\u305d\u3053\u304b\u3089 Medusa \u306e\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3089\u304c\u4f7f\u3046\u8208\u5473\u6df1\u3044\u6226\u8853\u3001\u6280\u8853\u3001\u624b\u9806\u306e\u767a\u898b\u306b\u3044\u305f\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001<a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XDR\" target=\"_blank\" rel=\"noopener\">Cortex XDR<\/a> \u3068<a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>\u5411\u3051\u306e<a href=\"https:\/\/docs.paloaltonetworks.com\/cdss\" target=\"_blank\" rel=\"noopener\">\u30af\u30e9\u30a6\u30c9\u914d\u4fe1\u578b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30b5\u30fc\u30d3\u30b9<\/a>\u3067\u3042\u308b <a href=\"https:\/\/docs.paloaltonetworks.com\/wildfire\" target=\"_blank\" rel=\"noopener\">WildFire<\/a> \u306b\u3088\u308a\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u304c\u4f7f\u7528\u3059\u308b\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u304b\u3089\u306e\u3088\u308a\u5f37\u529b\u306a\u4fdd\u8b77\u3092\u53d7\u3051\u3066\u3044\u307e\u3059\u3002\u3068\u304f\u306b Cortex XDR \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u306f\u3001\u5c0e\u5165\u5f8c\u305d\u306e\u307e\u307e\u3059\u3050\u306b\u4f7f\u3048\u308b\u4fdd\u8b77\u6a5f\u80fd\u3092\u5099\u3048\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u7279\u5b9a\u306e\u691c\u51fa\u30ed\u30b8\u30c3\u30af\u3084\u30b7\u30b0\u30cd\u30c1\u30e3\u30fc\u3092\u5fc5\u8981\u3068\u305b\u305a\u3001\u79c1\u305f\u3061\u304c\u30c6\u30b9\u30c8\u3057\u305f Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b5\u30f3\u30d7\u30eb\u306b\u3088\u308b\u60aa\u610f\u306e\u3042\u308b\u632f\u308b\u821e\u3044\u3092\u9632\u3050\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<a href=\"https:\/\/docs.paloaltonetworks.com\/prisma\/prisma-cloud\" target=\"_blank\" rel=\"noopener\">Prisma Cloud<\/a> Defender Agents \u306f\u3001\u65e2\u77e5\u306e Medusa \u30de\u30eb\u30a6\u30a7\u30a2\u304c\u898b\u3089\u308c\u306a\u3044\u304b\u3069\u3046\u304b\u3001Windows \u4eee\u60f3\u30de\u30b7\u30f3 \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u76e3\u8996\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/cortex-xpanse\" target=\"_blank\" rel=\"noopener\">Cortex Xpanse<\/a> \u306f\u3001Medusa \u306a\u3069\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3055\u308c\u3001\u611f\u67d3\u3059\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u76f4\u63a5\u63a5\u7d9a\u3055\u308c\u305f\u8106\u5f31\u306a\u30b5\u30fc\u30d3\u30b9\u3092\u691c\u51fa\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u307e\u305f\u3001<a href=\"https:\/\/start.paloaltonetworks.jp\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">Unit 42\u306e\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 \u30ec\u30b9\u30dd\u30f3\u30b9 \u30c1\u30fc\u30e0<\/a>\u306f\u3001\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u5834\u5408\u306e\u652f\u63f4\u3084\u3001\u304a\u5ba2\u69d8\u306e\u30ea\u30b9\u30af\u4f4e\u6e1b\u306e\u305f\u3081\u306e\u4e8b\u524d\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6e96\u5099\u72b6\u6cc1\u8a55\u4fa1\u3092\u884c\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<table style=\"width: 100%;\">\n<thead>\n<tr>\n<td style=\"width: 35%;\"><b>\u95a2\u9023\u3059\u308b Unit 42 \u306e\u30c8\u30d4\u30c3\u30af<\/b><\/td>\n<td style=\"width: 100%;\"><a href=\"https:\/\/unit42.paloaltonetworks.jp\/tag\/raas-ja\/\" target=\"_blank\" rel=\"noopener\"><b>RaaS<\/b><\/a>, <strong><a href=\"https:\/\/unit42.paloaltonetworks.jp\/category\/ransomware-ja\/\" target=\"_blank\" rel=\"noopener\">Ransomware<\/a><\/strong><\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<h2><a id=\"post-131947-_fzuxvr33sgfd\"><\/a>\u300c\u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 (RaaS)\u300dMedusa \u306e\u6982\u8981<\/h2>\n<p>Medusa \u306f 2022 \u5e74\u5f8c\u534a\u306b\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u30fb\u30a2\u30ba\u30fb\u30a2\u30fb\u30b5\u30fc\u30d3\u30b9 (RaaS) \u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3068\u3057\u3066\u767b\u5834\u3057\u30012023 \u5e74\u521d\u982d\u306b\u306f\u3001\u4e3b\u306b Windows \u74b0\u5883\u3092\u6a19\u7684\u3068\u3057\u3066\u60aa\u540d\u3092\u99b3\u305b\u307e\u3057\u305f\u30022019 \u5e74\u304b\u3089\u63d0\u4f9b\u3055\u308c\u3066\u3044\u308b\u3079\u3064\u306e RaaS\u3001MedusaLocker \u3068\u540d\u524d\u306f\u4f3c\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u308c\u3092 Medusa \u3068\u6df7\u540c\u3057\u306a\u3044\u3088\u3046\u306b\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u79c1\u305f\u3061\u306e\u5206\u6790\u306f\u30012023 \u5e74\u304b\u3089\u516c\u306b\u77e5\u3089\u308c\u3001\u7d44\u7e54\u306e Windows \u74b0\u5883\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u3066\u3044\u308b Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u307f\u306b\u7126\u70b9\u3092\u7d5e\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306f\u4e3b\u306b\u3001\u8106\u5f31\u6027\u306e\u3042\u308b\u30b5\u30fc\u30d3\u30b9 (\u305f\u3068\u3048\u3070\u65e2\u77e5\u306e\u672a\u4fee\u6b63\u306e\u8106\u5f31\u6027\u3092\u3082\u3064\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u516c\u958b\u8cc7\u7523) \u306e\u60aa\u7528\u3084\u6b63\u898f\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u4e57\u3063\u53d6\u308a\u3092\u901a\u3058\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u62e1\u6563\u3055\u305b\u3066\u304a\u308a\u3001\u4fb5\u5165\u306e\u305f\u3081\u306b\u521d\u671f\u30a2\u30af\u30bb\u30b9 \u30d6\u30ed\u30fc\u30ab\u30fc\u3082\u3088\u304f\u5229\u7528\u3057\u307e\u3059\u3002\u5f7c\u3089\u306e\u63a1\u7528\u3059\u308b\u521d\u671f\u30a2\u30af\u30bb\u30b9\u6226\u7565\u3084\u3055\u3089\u306b\u8907\u96d1\u306a\u6280\u8853\u306b\u3064\u3044\u3066\u306f\u3001\u672c\u7a3f\u5f8c\u534a\u3067\u8a73\u3057\u304f\u898b\u3066\u3044\u304d\u307e\u3059\u3002\u307e\u305f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u3001\u60aa\u610f\u3092\u6301\u3063\u3066\u6b63\u898f\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u5229\u7528\u3059\u308b<a href=\"https:\/\/www.malwarebytes.com\/blog\/business\/2023\/04\/living-off-the-land-lotl-attacks-detecting-ransomware-gangs-hiding-in-plain-sight\" target=\"_blank\" rel=\"noopener\">\u74b0\u5883\u5bc4\u751f\u578b (living-off-the-land) \u6280\u8853<\/a>\u3092\u5b9f\u88c5\u3057\u3066\u3044\u308b\u3088\u3046\u3059\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u901a\u5e38\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3084\u632f\u308b\u821e\u3044\u306e\u306a\u304b\u306b\u81ea\u3089\u3092\u7d1b\u308c\u8fbc\u307f\u3084\u3059\u304f\u3057\u3001\u3053\u3046\u3057\u305f\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u5bfe\u3059\u308b\u30d5\u30e9\u30b0\u3092\u7acb\u3066\u3065\u3089\u304f\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u79c1\u305f\u3061\u306f\u30012023 \u5e74\u306e\u521d\u3081\u306b\u516c\u958b\u3055\u308c\u305f\u3001TOR \u7d4c\u7531\u3067\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a <span style=\"font-family: 'courier new', courier, monospace;\">.onion<\/span> \u30b5\u30a4\u30c8\u4e0a\u306b\u3042\u308b\u65b0\u305f\u306a Medusa Blog \u306e\u5c0e\u5165\u306b\u3088\u308a\u3001\u5f7c\u3089\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u8457\u3057\u304f\u30a8\u30b9\u30ab\u30ec\u30fc\u30c8\u3057\u3066\u3044\u308b\u3053\u3068\u306b\u6c17\u3065\u304d\u307e\u3057\u305f\u3002Medusa Blog \u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3092\u56f31\u306b\u793a\u3057\u307e\u3059\u3002\u72af\u4eba\u306f\u8eab\u4ee3\u91d1\u8981\u6c42\u306b\u5fdc\u3058\u306a\u3044\u88ab\u5bb3\u8005\u306e\u6a5f\u5bc6\u30c7\u30fc\u30bf\u3092\u958b\u793a\u3059\u308b\u305f\u3081\u306b\u3053\u306e\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3092\u4f7f\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131840\" aria-describedby=\"caption-attachment-131840\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131841 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-1-ja.png\" alt=\"\u753b\u50cf 1 \u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u4e00\u90e8\u306e\u60c5\u5831\u306f\u4f0f\u305b\u3089\u308c\u3066\u3044\u307e\u3059\u3002\u30e1\u30c7\u30e5\u30fc\u30b5\u306e\u982d\u306e\u30a2\u30a4\u30b3\u30f3\u304c\u3042\u308a\u307e\u3059\u3002Medusa Blog \u3067\u3059\u3002Twitter \u3068 Telegram \u3078\u306e\u30ea\u30f3\u30af\u304c\u3042\u308a\u307e\u3059\u3002\u4fa1\u683c\u30bf\u30b0\u304c\u3064\u3044\u3044\u3066\u3044\u307e\u3059\u3002\u30ab\u30a6\u30f3\u30c8\u30c0\u30a6\u30f3\u304c\u3042\u308a\u307e\u3059\u3002\u8a2a\u554f\u8005\u6570\u304c\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u88ab\u5bb3\u8005\u306e\u8aac\u660e\u304c\u66f8\u304b\u308c\u3066\u3044\u307e\u3059\u3002\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u30fc\u304c\u691c\u7d22\u3067\u304d\u308b\u3088\u3046\u3001\u866b\u773c\u93e1\u30a2\u30a4\u30b3\u30f3\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"615\" \/><figcaption id=\"caption-attachment-131840\" class=\"wp-caption-text\">\u56f3 1. Medusa Blog \u306e\u5c02\u7528\u30ea\u30fc\u30af \u30b5\u30a4\u30c8<\/figcaption><\/figure>\n<p>\u591a\u91cd\u6050\u559d\u4f5c\u6226\u3068\u3057\u3066\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u306e\u767a\u8868\u306b\u306f\u3001\u88ab\u5bb3\u8005\u306b\u8eab\u4ee3\u91d1\u306e\u652f\u6255\u3044\u3092\u8feb\u308b\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u4fa1\u683c: \u8868\u793a\u91d1\u984d\u306f\u5f71\u97ff\u3092\u53d7\u3051\u305f\u7d44\u7e54\u304c\u30b5\u30a4\u30c8\u304b\u3089\u30c7\u30fc\u30bf\u3092\u524a\u9664\u3059\u308b\u305f\u3081\u306b\u30b0\u30eb\u30fc\u30d7\u306b\u652f\u6255\u3046\u5fc5\u8981\u304c\u3042\u308b\u91d1\u984d\u3002(Unit42 \u306f\u3001\u591a\u304f\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u540c\u69d8\u3001Medusa \u306b\u306f\u88ab\u5bb3\u8005\u3068\u4ea4\u6e09\u3059\u308b\u610f\u601d\u304c\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002\u5b9f\u969b\u306e\u652f\u6255\u984d\u306f\u30b5\u30a4\u30c8\u8868\u793a\u4fa1\u683c\u3068\u76f4\u63a5\u4e00\u81f4\u3057\u306a\u3044\u5834\u5408\u304c\u3042\u308a\u307e\u3059)\u3002<\/li>\n<li>\u30ab\u30a6\u30f3\u30c8\u30c0\u30a6\u30f3: \u76d7\u3093\u3060\u30c7\u30fc\u30bf\u304c\u516c\u958b\u3055\u308c\u3066\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u53ef\u80fd\u306b\u306a\u308b\u307e\u3067\u306b\u88ab\u5bb3\u8005\u306b\u6b8b\u3055\u308c\u305f\u6642\u9593\u3002<\/li>\n<li>\u8a2a\u554f\u8005\u6570: \u88ab\u5bb3\u8005\u306b\u652f\u6255\u3044\u3092\u8feb\u308b\u4ea4\u6e09\u6226\u7565\u3067\u4f7f\u308f\u308c\u308b\u3002<\/li>\n<li>\u88ab\u5bb3\u8005\u540d\u3068\u305d\u306e\u8aac\u660e: \u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u7d44\u7e54\u306b\u95a2\u3059\u308b\u7279\u5b9a\u53ef\u80fd\u306a\u60c5\u5831\u3002<\/li>\n<\/ul>\n<p>\u540c\u30b0\u30eb\u30fc\u30d7\u306e\u6295\u7a3f\u3067\u306f\u901a\u5e38\u3001\u4fb5\u5bb3\u306e\u8a3c\u8de1\u3082\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002\u5f7c\u3089\u306f\u307e\u305f\u3001\u56f3 2 \u306b\u793a\u3059\u3088\u3046\u306b\u3001\u4e3b\u8981\u306a\u8eab\u4ee3\u91d1\u306e\u652f\u6255\u3044\u3068\u306f\u3079\u3064\u306e\u3001\u6063\u610f\u7684\u3067\u6c17\u307e\u3050\u308c\u306a\u3001\u3055\u307e\u3056\u307e\u306a\u300c\u9078\u629e\u80a2\u300d\u3092\u88ab\u5bb3\u7d44\u7e54\u306b\u63d0\u793a\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u9078\u629e\u80a2\u306b\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u3082\u306e\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u30b5\u30a4\u30c8\u4e0a\u306e\u30c7\u30fc\u30bf\u516c\u958b\u3092\u9632\u3050\u671f\u9593\u5ef6\u9577\u306e\u305f\u3081\u306e 1 \u4e07\u30c9\u30eb\u306e\u6a19\u6e96\u6599\u91d1<\/li>\n<li>\u30c7\u30fc\u30bf\u524a\u9664\u8981\u6c42<\/li>\n<li>\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 \u30aa\u30d7\u30b7\u30e7\u30f3<\/li>\n<\/ul>\n<p>\u3053\u308c\u3089 2 \u3064\u306e\u30b5\u30fc\u30d3\u30b9\u4fa1\u683c\u306f\u3001\u7d44\u7e54\u306b\u3088\u3063\u3066\u7570\u306a\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131842\" aria-describedby=\"caption-attachment-131842\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131842 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-2.png\" alt=\"\u753b\u50cf 2 \u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u306e\u30d6\u30ed\u30b0\u306f\u7279\u5b9a\u306e\u88ab\u5bb3\u8005\u3092\u53d6\u308a\u4e0a\u3052\u3066\u3044\u307e\u3059\u3002\u307b\u3068\u3093\u3069\u306e\u60c5\u5831\u306f\u30e2\u30b6\u30a4\u30af\u3092\u304b\u3051\u3066\u4f0f\u305b\u3066\u3042\u308a\u307e\u3059\u3002\u65e5\u3001\u6642\u3001\u5206\u3001\u79d2\u306e\u30ab\u30a6\u30f3\u30bf\u30fc\u304c\u4e0a\u90e8\u306b\u3042\u308a\u307e\u3059\u30021 \u65e5\u5206\u306e\u6642\u9593\u8ffd\u52a0\u3001\u5168\u30c7\u30fc\u30bf\u306e\u524a\u9664\u3001\u5168\u30c7\u30fc\u30bf\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306e\u6599\u91d1\u304c\u63d0\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u307b\u304b\u3001\u30d5\u30a1\u30a4\u30eb \u30c4\u30ea\u30fc\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u30aa\u30d7\u30b7\u30e7\u30f3\u3082\u3042\u308a\u307e\u3059\u3002 \" width=\"900\" height=\"1095\" \/><figcaption id=\"caption-attachment-131842\" class=\"wp-caption-text\">\u56f3 2. \u3042\u308b\u88ab\u5bb3\u8005\u306b\u5bfe\u3059\u308b Medusa Blog \u306e\u6295\u7a3f<\/figcaption><\/figure>\n<p>Medusa Blog \u306e\u6700\u8fd1\u306e\u6295\u7a3f\u3067\u306f\u3001\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u7d44\u7e54\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u8868\u793a\u3057\u305f\u30d3\u30c7\u30aa\u3092\u5171\u6709\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30d3\u30c7\u30aa\u306b\u306f\u300cMedusa Media Team\u300d\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb \u30ad\u30e3\u30d7\u30b7\u30e7\u30f3\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u3053\u308c\u306f\u540c\u30b0\u30eb\u30fc\u30d7\u306e\u30d1\u30d6\u30ea\u30c3\u30af \u30d6\u30e9\u30f3\u30c9 (\u56f3 3) \u3092\u6271\u3046\u90e8\u9580\u3068\u601d\u308f\u308c\u307e\u3059\u3002\u88ab\u5bb3\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u8868\u793a\u3059\u308b\u52d5\u753b\u304c\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u3078\u306e\u6295\u7a3f\u306e\u3064\u3069\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b\u308f\u3051\u3067\u306f\u306a\u3044\u306e\u3067\u3001\u3053\u308c\u304c\u30c8\u30ec\u30f3\u30c9\u306b\u306a\u3063\u3066\u3044\u304f\u304b\u3069\u3046\u304b\u306f\u4eca\u306e\u3068\u3053\u308d\u308f\u304b\u308a\u307e\u305b\u3093\u3002\u305f\u3060\u3057 Medusa \u306e\u3088\u3046\u306a\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306f\u30d6\u30e9\u30f3\u30c9\u3084\u8a55\u5224\u306e\u78ba\u7acb\u3092\u76ee\u6307\u3057\u3066\u3044\u308b\u3053\u3068\u304b\u3089\u3001\u3053\u3046\u3057\u305f\u30d3\u30c7\u30aa\u3092\u4f5c\u6210\u3059\u308c\u3070\u3001\u6050\u308b\u3079\u304d\u8105\u5a01\u3068\u3057\u3066\u306e\u30a4\u30e1\u30fc\u30b8\u306f\u5f37\u5316\u3055\u308c\u307e\u3059\u3057\u3001\u4fe1\u3074\u3087\u3046\u6027\u3082\u9ad8\u307e\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131844\" aria-describedby=\"caption-attachment-131844\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131844 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-3.png\" alt=\"\u753b\u50cf 3 \u306f Medusa Media Team \u306e\u30d3\u30c7\u30aa\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u8239\u8236\u306e\u64cd\u8235\u8f2a\u306e\u3088\u3046\u306a\u3082\u306e\u3092\u80cc\u666f\u306b\u3001\u5927\u6587\u5b57\u3067\u66f8\u304b\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"800\" height=\"536\" \/><figcaption id=\"caption-attachment-131844\" class=\"wp-caption-text\">\u56f3 3. Medusa Media Team \u30d3\u30c7\u30aa\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/figcaption><\/figure>\n<p>\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u306e\u884c\u70ba\u306f\u3001\u6050\u559d\u3092\u72d9\u3063\u305f\u5c02\u7528\u30ea\u30fc\u30af\u30b5\u30a4\u30c8\u3084\u30d3\u30c7\u30aa\u306e\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u306b\u306f\u3068\u3069\u307e\u308a\u307e\u305b\u3093\u3002\u5f7c\u3089\u306f Medusa Blog \u306e\u30b5\u30a4\u30c8\u306b Telegram \u3084 X (\u65e7 Twitter) \u3078\u306e\u30ea\u30f3\u30af\u3082\u7d44\u307f\u8fbc\u3093\u3067\u3044\u307e\u3057\u305f\u3002Medusa \u304c\u4f7f\u3046 Telegram \u30c1\u30e3\u30f3\u30cd\u30eb\u306f\u300cinformation support (\u60c5\u5831\u30b5\u30dd\u30fc\u30c8)\u300d\u3068\u9298\u6253\u305f\u308c\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u304c\u6f0f\u51fa\u3055\u305b\u305f\u30c7\u30fc\u30bf\u306e\u516c\u8868\/\u516c\u958b\u306b\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\u3002\u4e00\u65b9\u3001X \u3078\u306e\u30ea\u30f3\u30af\u306f\u5358\u306b\u300cMedusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u300d\u306e\u691c\u7d22\u7d50\u679c\u30da\u30fc\u30b8\u306b\u3064\u306a\u304c\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e Telegram \u30c1\u30e3\u30f3\u30cd\u30eb\u306f 2021 \u5e74 7 \u6708\u306b\u4f5c\u3089\u308c\u305f\u3082\u306e\u3067\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u306e\u51fa\u73fe\u3088\u308a\u524d\u306b\u516c\u306b\u77e5\u3089\u308c\u3066\u3044\u305f\u4fb5\u5bb3\u306b\u57fa\u3065\u304f\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u3044\u304f\u3064\u304b\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u610f\u5916\u306b\u3082\u3053\u306e\u30c1\u30e3\u30f3\u30cd\u30eb\u306f Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3068\u3057\u3066\u30d6\u30e9\u30f3\u30c7\u30a3\u30f3\u30b0\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u3068\u306f\u3044\u3048\u3001\u3053\u306e\u30c1\u30e3\u30f3\u30cd\u30eb\u3067\u306f\u3001Medusa \u306e\u4fb5\u5bb3\u306b\u95a2\u308f\u308b\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u30ea\u30fc\u30af\u3084\u3001\u540c\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u306e\u4ee3\u8868\u8005\u3068\u306e\u4f1a\u5408\u3092\u4e3b\u5f35\u3059\u308b\u6295\u7a3f\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u305d\u3046\u3057\u305f\u6295\u7a3f\u306e\u4f8b\u3092\u56f3 4 \u306b\u793a\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131846\" aria-describedby=\"caption-attachment-131846\" style=\"width: 640px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131846 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-4.png\" alt=\"\u753b\u50cf 4 \u306f\u7ba1\u7406\u8005\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u65e5\u4ed8\u306f 2022 \u5e74 11 \u6708 25 \u65e5\u3067\u3059\u3002Hello community!I love looking for hidden information on the Internet. Today I met the guys from the hacker group Medusa. She kindly agreed to provide me with a video overview of her activities on the example of a very cool casino located in the United States of America \u2014 Eureka casino. While I was watching the video, I saw how the Eureka casino visitors are deceived, how the slot machines are reprogrammed. After watching the video, you will understand why you don't have to go to this casino for sure!And yes, Medusa has a really cool media team \u2013 I was jealous!I reminded you that you can find much more information in my telegram channel, and I also invite you to my Twitter and Facebook. And waiting for your subscription and likes Dash this motivates, you to search for new and new content, as well as publish data in the telegram channel. Links are in the description of the channel. Enjoy watching!\u95b2\u89a7\u6570\u306f 734 \u56de\u3067\u3059\u300202:18 PM \u3068\u3044\u3046\u6642\u523b\u8868\u793a\u3068 YouTube \u30d3\u30c7\u30aa\u3078\u306e\u30ea\u30f3\u30af\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u4e00\u90e8\u306e\u60c5\u5831\u306f\u7de8\u96c6\u3055\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"640\" height=\"292\" \/><figcaption id=\"caption-attachment-131846\" class=\"wp-caption-text\">\u56f3 4. information support (\u60c5\u5831\u30b5\u30dd\u30fc\u30c8) \u306e\u7ba1\u7406\u8005\u30e1\u30c3\u30bb\u30fc\u30b8<\/figcaption><\/figure>\n<p>2023 \u5e74 2 \u6708 20 \u65e5\u3001\u3053\u306e Telegram \u30c1\u30e3\u30f3\u30cd\u30eb\u3067\u3001Medusa \u306e\u516c\u5f0f\u30ea\u30fc\u30af \u30b5\u30a4\u30c8 (\u7ba1\u7406\u8005\u66f0\u304f\u300ca new blog of a hacker jellyfish group (\u30af\u30e9\u30b2 \u30cf\u30c3\u30ab\u30fc \u30b0\u30eb\u30fc\u30d7\u306e\u65b0\u30d6\u30ed\u30b0\u300d) \u306e\u516c\u958b\u304c\u767a\u8868\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u767a\u8868\u3067\u306f\u3001\u56f3 5 \u306b\u793a\u3059\u3088\u3046\u306b\u3001Medusa \u306e\u516c\u5f0f\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u3068\u540c\u3058\u30d6\u30e9\u30f3\u30c7\u30a3\u30f3\u30b0\u3092\u30d5\u30a3\u30fc\u30c1\u30e3\u30fc\u3057\u305f\u30a4\u30e1\u30fc\u30b8\u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_131848\" aria-describedby=\"caption-attachment-131848\" style=\"width: 569px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131848 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-5.png\" alt=\"\u753b\u50cf 5 \u306f\u3001Medulsa Blog \u3092\u767a\u8868\u3059\u308b\u7ba1\u7406\u8005\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002Hello community. I want to introduce you to a new blog of a hacker jellyfish group. I reaccontate to visit and see: [onion link to Medusa site]. The message has one thumbs up snd one heart. February 20. 3,300 \u56de\u95b2\u89a7\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u6642\u523b\u306f 06:27 AM \u3067\u3059\u3002 \u4e00\u90e8\u306e\u60c5\u5831\u306f\u7de8\u96c6\u3055\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"569\" height=\"447\" \/><figcaption id=\"caption-attachment-131848\" class=\"wp-caption-text\">\u56f3 5. Information support (\u60c5\u5831\u30b5\u30dd\u30fc\u30c8) \u306e\u7ba1\u7406\u8005\u30e1\u30c3\u30bb\u30fc\u30b8\u3002Medusa Blog \u30b5\u30a4\u30c8\u306b\u3064\u3044\u3066\u767a\u8868\u3057\u3066\u3044\u308b<\/figcaption><\/figure>\n<p>\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067\u306f\u3001\u3053\u306e\u30c1\u30e3\u30f3\u30cd\u30eb\u306e\u30aa\u30fc\u30ca\u30fc\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3058\u305f\u3044\u306b\u52a0\u308f\u3063\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u306f\u4e0d\u660e\u3067\u3059\u3002\u305f\u3060\u3057\u79c1\u305f\u3061\u306f\u3001\u3053\u306e\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u304c\u4fb5\u5bb3\u306e\u516c\u8868\u3068\u6f0f\u51fa\u60c5\u5831\u306e\u516c\u958b\u306b\u4f7f\u308f\u308c\u3066\u3044\u308b\u70b9\u306f\u628a\u63e1\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-131947-_7datli60tj7t\"><\/a>Medusa \u306e\u72d9\u3046\u7d44\u7e54\u3068\u306f: \u88ab\u5bb3\u8005\u50cf\u3092\u7406\u89e3\u3059\u308b<\/h2>\n<p>\u79c1\u305f\u3061\u306f 2023 \u5e74\u306b\u89b3\u6e2c\u3055\u308c\u305f Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b5\u30f3\u30d7\u30eb\u3092\u4e2d\u5fc3\u306b\u5206\u6790\u3092\u884c\u3063\u3066\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u5f7c\u3089\u306e\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u306b\u57fa\u3065\u304f\u3068 Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f 2023 \u5e74\u306b\u4e16\u754c\u3067 74 \u306e\u7d44\u7e54\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u305f\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u6700\u3082\u5f71\u97ff\u3092\u53d7\u3051\u305f\u306e\u306f\u3001\u30cf\u30a4\u30c6\u30af\u3001\u6559\u80b2\u3001\u88fd\u9020\u696d\u306a\u3069\u3067\u3059\u3002\u305f\u3060\u3057\u3001\u5f71\u97ff\u3092\u53d7\u3051\u305f\u30bb\u30af\u30bf\u30fc\u304c\u591a\u5c90\u306b\u308f\u305f\u308b\u3068\u3053\u308d\u3092\u898b\u308b\u3068\u3001\u591a\u304f\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3067\u3082\u7279\u5fb4\u3068\u306a\u3063\u3066\u3044\u308b\u65e5\u548c\u898b\u4e3b\u7fa9\u7684\u306a\u6027\u8cea\u304c\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u306b\u3064\u3044\u3066\u3082\u6d6e\u304b\u3073\u3042\u304c\u3063\u3066\u304d\u307e\u3059\u3002Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u5358\u4e00\u696d\u754c\u3092\u72d9\u3063\u3066\u3044\u308b\u308f\u3051\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u56f3 6 \u304b\u3089\u306f\u3001\u5f7c\u3089\u306e\u653b\u6483\u306e\u5f71\u97ff\u304c\u5e83\u7bc4\u56f2\u306b\u53ca\u3093\u3067\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131850\" aria-describedby=\"caption-attachment-131850\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131851 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/chart-ja.png\" alt=\"\u753b\u50cf 6 \u306f\u3001Medusa \u306b\u3088\u308b\u5f71\u97ff\u3092\u53d7\u3051\u305f\u30bb\u30af\u30bf\u30fc\u3092\u793a\u3057\u305f\u68d2\u30b0\u30e9\u30d5\u3067\u3059\u3002\u6700\u3082\u5f37\u304f\u5f71\u97ff\u3092\u53d7\u3051\u305f\u306e\u306f\u3001\u30cf\u30a4\u30c6\u30af\u3001\u6559\u80b2\u3001\u88fd\u9020\u696d\u3001\u30d8\u30eb\u30b9\u30b1\u30a2\u3067\u3059\u3002\u4e2d\u7a0b\u5ea6\u306e\u5f71\u97ff\u3092\u53d7\u3051\u305f\u30bb\u30af\u30bf\u30fc\u306b\u306f\u3001\u30b5\u30fc\u30d3\u30b9\u696d\u3001\u975e\u55b6\u5229\u56e3\u4f53\u3001\u8fb2\u696d\u304c\u542b\u307e\u308c\u307e\u3059\u3002\u6700\u3082\u5f71\u97ff\u304c\u5c11\u306a\u304b\u3063\u305f\u306e\u306f\u96fb\u6c17\u901a\u4fe1\u3001\u9023\u90a6\u653f\u5e9c\u3001\u4e0d\u52d5\u7523\u306a\u3069\u3067\u3059\u3002 \" width=\"900\" height=\"574\" \/><figcaption id=\"caption-attachment-131850\" class=\"wp-caption-text\">\u56f3 6. Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306b\u3088\u308b\u5f71\u97ff\u3092\u53d7\u3051\u305f\u30bb\u30af\u30bf\u30fc (\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u306b\u57fa\u3065\u304f)<\/figcaption><\/figure>\n<p>Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u653b\u6483\u306e\u8db3\u8de1\u306f\u4e16\u754c\u306e\u5e83\u7bc4\u56f2\u306b\u53ca\u3093\u3067\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u306b\u3088\u308b\u5f71\u97ff\u3092\u6700\u3082\u5f37\u304f\u53d7\u3051\u3066\u3044\u308b\u306e\u306f\u7c73\u56fd\u3067\u3001\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067 24 \u4ef6\u306e\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u304c\u767a\u751f\u3057\u3066\u3044\u307e\u3059\u3002\u6a19\u7684\u3068\u306a\u3063\u305f\u7d44\u7e54\u306e\u304b\u306a\u308a\u306e\u6570\u306f\u30e8\u30fc\u30ed\u30c3\u30d1\u306b\u62e0\u70b9\u3092\u7f6e\u3044\u3066\u3044\u307e\u3059\u3002\u30a2\u30d5\u30ea\u30ab\u3001\u5357\u7c73\u3001\u30a2\u30b8\u30a2\u3067\u306e\u5b64\u767a\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u306f\u3001\u540c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u7121\u5dee\u5225\u7684\u306a\u30a2\u30d7\u30ed\u30fc\u30c1\u3092\u5f37\u8abf\u3059\u308b\u3082\u306e\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u5831\u544a\u4ef6\u6570\u304c\u5c11\u306a\u3044\u5730\u57df\u306f\u898b\u3089\u308c\u308b\u3082\u306e\u306e\u3001\u653b\u6483\u306f\u4e16\u754c\u7684\u898f\u6a21\u306b\u53ca\u3093\u3067\u3044\u307e\u3059\u3002\u56f3 7 \u306f\u3053\u306e\u70b9\u3092\u5f37\u8abf\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131853\" aria-describedby=\"caption-attachment-131853\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131853 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/chart-1-ja.png\" alt=\"\u56f3 7. \u88ab\u5bb3\u7d44\u7e54\u306e\u6240\u5728\u56fd (\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u306b\u57fa\u3065\u304f)\" width=\"900\" height=\"431\" \/><figcaption id=\"caption-attachment-131853\" class=\"wp-caption-text\">\u56f3 7. \u88ab\u5bb3\u7d44\u7e54\u306e\u6240\u5728\u56fd (\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u306b\u57fa\u3065\u304f)<\/figcaption><\/figure>\n<h2><a id=\"post-131947-_45827brfuaq8\"><\/a>Medusa \u306e\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8: \u8b0e\u591a\u304d\u30c4\u30fc\u30eb\u3092\u89e3\u660e\u3059\u308b<\/h2>\n<p>\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001\u79c1\u305f\u3061\u304c\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u3092\u884c\u3046\u306a\u304b\u3067\u767a\u898b\u3057\u305f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30a2\u30af\u30bf\u30fc\u306e\u4f7f\u3046\u30c4\u30fc\u30eb\u3084\u6280\u8853\u306e\u4e00\u90e8\u3092\u660e\u3089\u304b\u306b\u3057\u307e\u3059\u3002\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u4ed5\u639b\u3051\u308b\u524d\u306b\u4f7f\u308f\u308c\u3066\u3044\u305f\u6280\u8853\u306f\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u9593\u3067\u5171\u901a\u3059\u308b\u30c6\u30fc\u30de\u3084\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u3067\u3088\u308a\u7279\u7570\u7684\u306b\u898b\u3089\u308c\u305f\u30c4\u30fc\u30eb\u958b\u767a\u306b\u95a2\u3057\u3001\u8208\u5473\u6df1\u3044\u624b\u304c\u304b\u308a\u3092\u4e0e\u3048\u3066\u304f\u308c\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<h3><a id=\"post-131947-_frgmgff0e084\"><\/a>Initial Access (\u521d\u671f\u30a2\u30af\u30bb\u30b9)<\/h3>\n<p>Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u304c\u3001Microsoft Exchange Server \u3092\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3057\u3001\u3042\u308b Web \u30b7\u30a7\u30eb\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002\u3053\u306e Web \u30b7\u30a7\u30eb\u306e\u6a5f\u80fd\u306f\u3001\u904e\u53bb\u306b\u5831\u544a\u306e\u3042\u308b <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/thedfirreport.com\/2021\/11\/15\/exchange-exploit-leads-to-domain-wide-ransomware\/\" target=\"_blank\" rel=\"noopener\">login.aspx<\/a><\/span> \u3084<span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/github.com\/tennc\/webshell\/blob\/master\/web-malware-collection-13-06-2012\/ASP\/cmd.aspx\" target=\"_blank\" rel=\"noopener\">cmd.aspx<\/a><\/span> \u306e ASPX \u30d5\u30a1\u30a4\u30eb\u3068\u91cd\u8907\u3057\u3066\u3044\u307e\u3059\u3002<span style=\"font-family: 'courier new', courier, monospace;\">cmd.aspx<\/span> \u306e\u4f8b\u3092\u56f3 8 \u306b\u793a\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131854\" aria-describedby=\"caption-attachment-131854\" style=\"width: 875px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131854 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-8.png\" alt=\"\u753b\u50cf 8 \u306f cmd.aspx \u306e Web \u30b7\u30a7\u30eb\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002 \" width=\"875\" height=\"760\" \/><figcaption id=\"caption-attachment-131854\" class=\"wp-caption-text\">\u56f3 8. cmd.aspx Web \u30b7\u30a7\u30eb\u306e\u4f8b<\/figcaption><\/figure>\n<p>Web \u30b7\u30a7\u30eb\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u7d9a\u3044\u3066\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3089\u306f PowerShell \u3092\u4f7f\u3063\u3066\u3001<span style=\"font-family: 'courier new', courier, monospace;\">filemail[.]com<\/span> \u3068\u547c\u3070\u308c\u308b\u30d5\u30a1\u30a4\u30eb \u30db\u30b9\u30c6\u30a3\u30f3\u30b0 \u30b5\u30a4\u30c8\u304b\u3089\u306e <a href=\"https:\/\/learn.microsoft.com\/ja-jp\/windows-server\/administration\/windows-commands\/bitsadmin-transfer\" target=\"_blank\" rel=\"noopener\"><span style=\"font-family: 'courier new', courier, monospace;\">bitsadmin transfer<\/span><\/a> \u3092\u5b9f\u884c\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30b5\u30a4\u30c8\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u306f ZIP \u5727\u7e2e\u3055\u308c\u3066\u3044\u3066\u3001\u30bf\u30a4\u30c8\u30eb\u306f <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/www.virustotal.com\/gui\/file\/9e3f4e2ece572f2964cf24d98af08451e732a4e1ceb05671a12ded454613bd7c\" target=\"_blank\" rel=\"noopener\">baby.zip<\/a><\/span> \u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002 \u3053\u308c\u3092\u5c55\u958b\u3057\u3066\u5b9f\u884c\u3059\u308b\u3068\u3001\u30ea\u30e2\u30fc\u30c8\u76e3\u8996\u30fb\u7ba1\u7406 (RMM) \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u3042\u308b <a href=\"https:\/\/www.crn.com\/news\/security\/connectwise-control-was-used-by-bad-actors-blackpoint-cyber\" target=\"_blank\" rel=\"noopener\">ConnectWise<\/a> \u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<h3><a id=\"post-131947-_r640iurabfit\"><\/a>Defense Evasion (\u9632\u885b\u56de\u907f)<\/h3>\n<p>Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u304c\u3001\u7570\u306a\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u88fd\u54c1\u7fa4\u3092\u6a19\u7684\u3068\u3057\u30012 \u3064\u306e\u30ab\u30fc\u30cd\u30eb \u30c9\u30e9\u30a4\u30d0\u30fc\u3092\u30c9\u30ed\u30c3\u30d7\u3057\u3066\u3044\u308b\u3088\u3046\u3059\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002\u5404\u30ab\u30fc\u30cd\u30eb \u30c9\u30e9\u30a4\u30d0\u30fc\u306f <a href=\"https:\/\/www.safengine.com\/en-us\" target=\"_blank\" rel=\"noopener\">Safengine Shielden<\/a> \u3068\u547c\u3070\u308c\u308b\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30d7\u30ed\u30c6\u30af\u30bf\u30fc\u3067\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30c9\u30e9\u30a4\u30d0\u30fc\u306b\u4f7f\u308f\u308c\u3066\u3044\u308b Safengine Shielden \u30d7\u30ed\u30c6\u30af\u30bf\u30fc\u306f\u3001\u30b3\u30fc\u30c9\u3092\u3055\u307e\u3056\u307e\u306b\u5909\u7570\u3055\u305b\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u30b3\u30fc\u30c9\u3092\u30e9\u30f3\u30c0\u30e0\u5316\u3057\u3001\u30b3\u30fc\u30c9\u306e\u30d5\u30ed\u30fc\u3092\u96e3\u8aad\u5316\u3057\u307e\u3059\u3002\u305d\u306e\u5f8c\u3001\u7d44\u307f\u8fbc\u307f\u306e\u4eee\u60f3\u30de\u30b7\u30f3 \u30a4\u30f3\u30bf\u30d7\u30ea\u30bf\u30fc\u3092\u4f7f\u3063\u3066\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n<p>Unit 42 \u306f\u3053\u308c\u3089\u306e\u5404\u30c9\u30e9\u30a4\u30d0\u30fc\u304c\u5c02\u7528\u306e\u30ed\u30fc\u30c0\u30fc\u3068\u5bfe\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u3082\u89b3\u5bdf\u3057\u307e\u3057\u305f\u3002\u5404\u30ed\u30fc\u30c0\u30fc\u306f\u3001<a href=\"https:\/\/github.com\/DosX-dev\/ASM-Guard\" target=\"_blank\" rel=\"noopener\">ASM Guard<\/a> \u3068\u547c\u3070\u308c\u308b\u30d1\u30c3\u30ab\u30fc\u3067\u30d1\u30c3\u30af\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u30d1\u30c3\u30af\u3055\u308c\u305f\u30ed\u30fc\u30c0\u30fc\u306f\u507d UPX \u30d8\u30c3\u30c0\u30fc\u3068\u305d\u306e\u507d\u306e UPX \u30d0\u30a4\u30c8\u306b\u96a3\u63a5\u3057\u3066\u305d\u306e\u5f8c\u306b\u7d9a\u3044\u3066\u3044\u308b\u30a2\u30c9\u30ec\u30b9\u3092\u4f7f\u3044\u307e\u3059 (\u56f3 9)\u3002\u30ea\u30bd\u30fc\u30b9 \u30bb\u30af\u30b7\u30e7\u30f3\u306b\u306f\u3001ASM Guard \u3078\u306e\u53c2\u7167\u306e\u307b\u304b\u3001\u507d\u306e WINAPI \u30a4\u30f3\u30dd\u30fc\u30c8\u3084\u3055\u307e\u3056\u307e\u306a\u30b8\u30e3\u30f3\u30af \u30d1\u30c7\u30a3\u30f3\u30b0\u304c\u591a\u6570\u5b58\u5728\u3057\u3066\u3044\u307e\u3059 (\u56f3 10)\u3002<\/p>\n<figure id=\"attachment_131856\" aria-describedby=\"caption-attachment-131856\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131856 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-9.png\" alt=\"\u753b\u50cf 9 \u306f\u3001ASM Guard \u3067\u30d1\u30c3\u30af\u3055\u308c\u305f\u30c9\u30e9\u30a4\u30d0\u30fc \u30ed\u30fc\u30c0\u30fc\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u53f3\u4e0a\u3092\u9ec4\u8272\u3067\u30cf\u30a4\u30e9\u30a4\u30c8\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"800\" height=\"236\" \/><figcaption id=\"caption-attachment-131856\" class=\"wp-caption-text\">\u56f3 9. \u30c9\u30e9\u30a4\u30d0\u30fc \u30ed\u30fc\u30c0\u30fc\u306e\u30d8\u30c3\u30c0\u30fc\u3002ASM Guard \u3067\u30d1\u30c3\u30af\u3055\u308c\u3066\u3044\u308b<\/figcaption><\/figure>\n<figure id=\"attachment_131858\" aria-describedby=\"caption-attachment-131858\" style=\"width: 812px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131858 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-10.png\" alt=\"\u753b\u50cf 10 \u306f\u3001ASM Guard \u3067\u30d1\u30c3\u30af\u3055\u308c\u305f\u30c9\u30e9\u30a4\u30d0\u30fc \u30ed\u30fc\u30c0\u30fc\u306e\u30ea\u30bd\u30fc\u30b9 \u30bb\u30af\u30b7\u30e7\u30f3\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002ASM Guard \u3068\u8868\u793a\u3055\u308c\u305f 2 \u3064\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u304c\u5de6\u53f3\u306b\u4e26\u3093\u3067\u3044\u307e\u3059\u3002 \" width=\"812\" height=\"330\" \/><figcaption id=\"caption-attachment-131858\" class=\"wp-caption-text\">\u56f310 \u30c9\u30e9\u30a4\u30d0\u30fc \u30ed\u30fc\u30c0\u30fc\u306e\u30ea\u30bd\u30fc\u30b9 \u30bb\u30af\u30b7\u30e7\u30f3\u3002ASM Guard \u3067\u30d1\u30c3\u30af\u3055\u308c\u3066\u3044\u308b<\/figcaption><\/figure>\n<p>\u56f3 11 \u306f Safengine Shielden \u3067\u4fdd\u8b77\u3055\u308c\u305f\u30c9\u30e9\u30a4\u30d0\u30fc\u306e\u30a8\u30f3\u30c8\u30ea\u30fc \u30dd\u30a4\u30f3\u30c8\u304c\u3069\u306e\u3088\u3046\u306b\u898b\u3048\u308b\u304b\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_131860\" aria-describedby=\"caption-attachment-131860\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131860 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-11.png\" alt=\"\u753b\u50cf 11 \u306f\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u30c9\u30e9\u30a4\u30d0\u30fc\u306f Safengine Sheldon v2.0.0 \u3067\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"900\" height=\"692\" \/><figcaption id=\"caption-attachment-131860\" class=\"wp-caption-text\">\u56f3 11. Safengine Shielden \u3067\u4fdd\u8b77\u3055\u308c\u305f\u30c9\u30e9\u30a4\u30d0\u30fc\u3092\u30b9\u30bf\u30c6\u30a3\u30c3\u30af\u306b\u898b\u305f\u3068\u3053\u308d<\/figcaption><\/figure>\n<p>\u4e21\u30c9\u30e9\u30a4\u30d0\u30fc\u306e\u4e3b\u306a\u76ee\u7684\u306f\u3001\u7d42\u4e86\u306a\u3044\u3057\u524a\u9664\u5bfe\u8c61\u3068\u306a\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u88fd\u54c1\u306e\u30ea\u30b9\u30c8\u3092\u4fdd\u6301\u3059\u308b\u3053\u3068\u306b\u3042\u308a\u307e\u3059\u3002\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u88fd\u54c1\u306e\u6587\u5b57\u5217\u540d\u30ea\u30b9\u30c8 (\u56f3 12) \u306f\u3001\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u30a2\u30af\u30c6\u30a3\u30d6\u306a\u30d7\u30ed\u30bb\u30b9\u3068\u306e\u6bd4\u8f03\u51e6\u7406\u306b\u4f7f\u308f\u308c\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131862\" aria-describedby=\"caption-attachment-131862\" style=\"width: 744px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131862 size-full lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-12.png\" alt=\"\u753b\u50cf 12 \u306f\u3001\u4f55\u884c\u3082\u306e\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u30021 \u3064\u3081\u306e\u30c9\u30e9\u30a4\u30d0\u30fc\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u88fd\u54c1\u306e\u30d7\u30ed\u30bb\u30b9\u3092\u6a19\u7684\u3068\u3057\u3001\u305d\u306e\u30d7\u30ed\u30bb\u30b9\u3092\u7d42\u4e86\u3055\u305b\u307e\u3059\u3002\u30ea\u30b9\u30c8\u306f 51 \u884c\u76ee\u304b\u3089 86 \u884c\u76ee\u307e\u3067\u7d9a\u3044\u3066\u3044\u307e\u3059\u3002 \" width=\"744\" height=\"816\" \/><figcaption id=\"caption-attachment-131862\" class=\"wp-caption-text\">\u56f3 12. 1 \u3064\u3081\u306e\u30c9\u30e9\u30a4\u30d0\u30fc\u306f\u4e00\u9023\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u88fd\u54c1\u306e\u30d7\u30ed\u30bb\u30b9\u3092\u6a19\u7684\u3068\u3057\u3001\u305d\u308c\u3089\u306e\u7d42\u4e86\u3092\u306f\u304b\u308b<\/figcaption><\/figure>\n<p>\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c4\u30fc\u30eb\u306e\u30d7\u30ed\u30bb\u30b9\u540d\u3068\u4e00\u81f4\u3059\u308b\u30d7\u30ed\u30bb\u30b9\u540d\u304c\u30b7\u30b9\u30c6\u30e0\u4e0a\u306b\u3042\u308c\u3070\u3001\u6587\u66f8\u5316\u3055\u308c\u3066\u3044\u306a\u3044 <a href=\"https:\/\/learn.microsoft.com\/ja-jp\/windows-hardware\/drivers\/kernel\/introduction-to-i-o-control-codes\" target=\"_blank\" rel=\"noopener\">IOCTL \u30b3\u30fc\u30c9<\/a> (<span style=\"font-family: 'courier new', courier, monospace;\">0x222094<\/span>) \u3092\u4f7f\u3063\u3066\u305d\u306e\u30d7\u30ed\u30bb\u30b9\u306f\u7d42\u4e86\u3055\u308c\u307e\u3059 (\u56f3 13)\u3002\u3053\u306e 2 \u3064\u306e\u30c9\u30e9\u30a4\u30d0\u30fc\u306e\u4e3b\u306a\u9055\u3044\u306f\u30d5\u30a1\u30a4\u30eb \u30d1\u30b9\u3068 IOCTL (<span style=\"font-family: 'courier new', courier, monospace;\">0x222184<\/span>) \u306e\u4f7f\u7528\u3067\u3001IOCTL \u306f\u6307\u5b9a\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb \u30d1\u30b9\u306b\u57fa\u3065\u3044\u3066\u30d5\u30a1\u30a4\u30eb\u3092\u524a\u9664\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131865\" aria-describedby=\"caption-attachment-131865\" style=\"width: 901px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131865 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-13-ja.png\" alt=\"\u753b\u50cf 13 \u306f\u3001\u591a\u6570\u306e\u30b3\u30fc\u30c9\u884c\u304b\u3089\u306a\u308b\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u30022 \u3064\u3081\u306e\u30c9\u30e9\u30a4\u30d0\u30fc\u306f\u3001\u30d5\u30a1\u30a4\u30eb \u30d1\u30b9\u3068\u30d7\u30ed\u30bb\u30b9\u3092\u72d9\u3063\u3066\u3044\u307e\u3059\u30021 \u672c\u3081\u306e\u77e2\u5370\u306f 63 \u884c\u76ee\u3092\u6307\u3057\u3066\u3044\u307e\u3059\u3002Function IOCTL: 0x222184. 2 \u672c\u3081\u306e\u77e2\u5370\u306f 76 \u884c\u76ee\u3092\u6307\u3057\u3066\u3044\u307e\u3059\u3002Function IOCTL: 0x222094. \" width=\"901\" height=\"264\" \/><figcaption id=\"caption-attachment-131865\" class=\"wp-caption-text\">\u56f3 13. 2 \u3064\u3081\u306e\u30c9\u30e9\u30a4\u30d0\u30fc\u306f\u30d5\u30a1\u30a4\u30eb \u30d1\u30b9\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u30ea\u30b9\u30c8\u3067\u6a19\u7684\u3092\u9078\u5b9a\u3059\u308b<\/figcaption><\/figure>\n<h3><a id=\"post-131947-_iehchptfrmyw\"><\/a>Discovery and Reconnaissance (\u63a2\u7d22\u3068\u5075\u5bdf)<\/h3>\n<p>Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30af\u30bf\u30fc\u3089\u304c\u30dd\u30fc\u30bf\u30d6\u30eb\u7248\u306e <a href=\"https:\/\/www.cisa.gov\/news-events\/analysis-reports\/ar21-126a#:~:text=netscan.exe\" target=\"_blank\" rel=\"noopener\">netscan<\/a> \u3092\u3072\u3068\u304f\u3075\u3046\u3057\u3066\u4f7f\u3063\u3066\u3044\u305f\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002\u95a2\u9023\u3059\u308b <span style=\"font-family: 'courier new', courier, monospace;\">netscan.xml<\/span> \u30d5\u30a1\u30a4\u30eb\u306f\u3001\u305d\u306e\u307e\u307e\u4f7f\u3048\u3070\u3059\u3050\u306b\u6a5f\u80fd\u5168\u822c\u3092\u5f37\u5316\u3057\u3066\u304f\u308c\u308b\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3068\u7d44\u307f\u3042\u308f\u305b\u3066\u3042\u308a\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u306f\u3001\u3055\u307e\u3056\u307e\u306a\u7a2e\u985e\u306e\u30ea\u30e2\u30fc\u30c8 \u30b5\u30fc\u30d3\u30b9\u691c\u51fa\u3084\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30d0\u30a4\u30ca\u30ea\u30fc\u306e\u5c55\u958b\u3084 <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/learn.microsoft.com\/ja-jp\/sysinternals\/downloads\/psexec\" target=\"_blank\" rel=\"noopener\">PsExec<\/a><\/span> \u306a\u3069\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u7528\u306b\u4e8b\u524d\u8a2d\u5b9a\u3055\u308c\u305f\u30de\u30c3\u30d4\u30f3\u30b0\u306a\u3069\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u30ab\u30b9\u30bf\u30e0 \u30b3\u30f3\u30d5\u30a3\u30ae\u30e5\u30ec\u30fc\u30b7\u30e7\u30f3\u3067\u306f\u3001\u4ee5\u4e0b\u306b\u95a2\u3059\u308b\u3055\u307e\u3056\u307e\u306a\u30aa\u30d7\u30b7\u30e7\u30f3\u304c\u5229\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li>WMI<\/li>\n<li>\u30ec\u30b8\u30b9\u30c8\u30ea\u30fc<\/li>\n<li>\u30b5\u30fc\u30d3\u30b9<\/li>\n<li>\u30d5\u30a1\u30a4\u30eb<\/li>\n<li>SNMP<\/li>\n<li>\u30a2\u30ab\u30a6\u30f3\u30c8 \u30b0\u30eb\u30fc\u30d7<\/li>\n<li>XML<\/li>\n<li>SSH<\/li>\n<li>PowerShell<\/li>\n<\/ul>\n<p>\u30ea\u30e2\u30fc\u30c8 \u30b9\u30af\u30ea\u30d7\u30c8\u6a5f\u80fd\u306f\u3001VBScript \u3068 JScript \u3067\u30c4\u30fc\u30eb\u306e\u6a5f\u80fd\u3092\u62e1\u5f35\u3057\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u306b\u542b\u307e\u308c\u3066\u3044\u308b\u30ea\u30e2\u30fc\u30c8 \u30b9\u30af\u30ea\u30d7\u30c8\u306b\u306f\u30ad\u30ea\u30eb\u6587\u5b57\u304c\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059 (\u56f3 14)\u3002\u3053\u308c\u3092\u82f1\u8a9e\u306b\u8a33\u3057\u305f\u3082\u306e\u3092 \u56f3 15 \u306b\u793a\u3057\u307e\u3059\u3002\u3053\u306e\u3053\u3068\u306f\u3001\u3053\u306e\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u306e\u4f5c\u6210\u8005\u3084\u4f7f\u7528\u8005\u304c\u597d\u3080\u8a00\u8a9e\u3084\u3001\u3053\u308c\u3089\u306e\u6a5f\u80fd\u3092\u4f7f\u3046 Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u80cc\u666f\u3092\u77e5\u308b\u624b\u304c\u304b\u308a\u3068\u306a\u308a\u3048\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131866\" aria-describedby=\"caption-attachment-131866\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131866 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-14.png\" alt=\"\u753b\u50cf 14 \u306f Remote Scripting \u30a6\u30a3\u30f3\u30c9\u30a6\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u8d64\u3044\u56db\u89d2\u3067 Item Name \u5217\u3068 Script \u5217\u304c\u5f37\u8abf\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30c6\u30ad\u30b9\u30c8\u306f\u30ad\u30ea\u30eb\u6587\u5b57\u3067\u66f8\u304b\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"590\" \/><figcaption id=\"caption-attachment-131866\" class=\"wp-caption-text\">\u56f3 14. Remote Scripting \u306e\u6a5f\u80fd (\u30ad\u30ea\u30eb\u6587\u5b57\u306b\u3088\u308b\u30aa\u30ea\u30b8\u30ca\u30eb)<\/figcaption><\/figure>\n<figure id=\"attachment_131868\" aria-describedby=\"caption-attachment-131868\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131868 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-15.png\" alt=\"\u753b\u50cf 15 \u306f Remote Scripting \u30a6\u30a3\u30f3\u30c9\u30a6\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u8d64\u3044\u56db\u89d2\u3067 Item Name \u5217\u3068 Script \u5217\u304c\u5f37\u8abf\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30c6\u30ad\u30b9\u30c8\u306f\u82f1\u8a9e\u306b\u7ffb\u8a33\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb \u30ea\u30b9\u30c8\u3001\u30ed\u30b0\u30a4\u30f3\u306e\u6642\u9593\u3001IP \u3068 MAC \u306e\u8a2d\u5b9a\u306a\u3069\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"592\" \/><figcaption id=\"caption-attachment-131868\" class=\"wp-caption-text\">\u56f315 Remote Scripting \u306e\u6a5f\u80fd (\u82f1\u8a9e\u306b\u7ffb\u8a33\u3057\u305f\u3082\u306e)<\/figcaption><\/figure>\n<p>\u56f3 16 \u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">list of files<\/span> \u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b3\u30fc\u30c9\u30d9\u30fc\u30b9\u3068\u3001Windows \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u4ee5\u4e0b\u306e\u5217\u6319\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u306e\u51fa\u529b\u5185\u5bb9\u4f8b\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_131871\" aria-describedby=\"caption-attachment-131871\" style=\"width: 862px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131871 size-full lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-16-ja.png\" alt=\"\u753b\u50cf 16 \u306f list of files \u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u8d64\u3044\u77e2\u5370\u304c\u30b9\u30af\u30ea\u30d7\u30c8\u304b\u3089\u306e\u51fa\u529b\u7d50\u679c\u3092\u6307\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"862\" height=\"746\" \/><figcaption id=\"caption-attachment-131871\" class=\"wp-caption-text\">\u56f3 16. list of files \u30b9\u30af\u30ea\u30d7\u30c8\u306e\u51fa\u529b\u4f8b<\/figcaption><\/figure>\n<p>\u56f3 17 \u306f\u3001\u898b\u3064\u304b\u3063\u305f\u7279\u5b9a\u306e\u30ed\u30b0\u30a4\u30f3 \u30bf\u30a4\u30d7\u3068\u3001\u305d\u308c\u304c\u8fd4\u3059\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u95a2\u9023\u3059\u308b<span style=\"font-family: 'courier new', courier, monospace;\"> login time <\/span>\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b3\u30fc\u30c9\u30d9\u30fc\u30b9\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_131872\" aria-describedby=\"caption-attachment-131872\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131872 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-17.png\" alt=\"\u753b\u50cf 17 \u306f\u3001login time \u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b5\u30f3\u30d7\u30eb\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u60c5\u5831\u306e\u4e00\u90e8\u306f\u5272\u611b\u3057\u3066\u3042\u308a\u307e\u3059\u3002\" width=\"900\" height=\"1130\" \/><figcaption id=\"caption-attachment-131872\" class=\"wp-caption-text\">\u56f3 17. login time \u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b5\u30f3\u30d7\u30eb<\/figcaption><\/figure>\n<p>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30b9\u30ad\u30e3\u30f3\u304c\u7d42\u4e86\u3059\u308b\u3068\u3001\u3053\u306e\u30c4\u30fc\u30eb\u306e\u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u306f\u3001\u7d50\u679c\u306b\u8868\u793a\u3055\u308c\u305f\u30c7\u30d0\u30a4\u30b9\u3092\u53f3\u30af\u30ea\u30c3\u30af\u3057\u3001\u30ea\u30e2\u30fc\u30c8 \u30b7\u30b9\u30c6\u30e0\u4e0a\u306e\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3055\u308c\u305f\u3055\u307e\u3056\u307e\u306a\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8 \u30e1\u30cb\u30e5\u30fc\u304b\u3089\u30af\u30ea\u30c3\u30af\u3059\u308c\u3070\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059 (\u56f3 18)\u3002\u56f3 18 \u306b\u793a\u3057\u305f\u30e1\u30cb\u30e5\u30fc\u306e\u300cGaze\u300d\u3067\u7d42\u308f\u3063\u3066\u3044\u308b\u30aa\u30d7\u30b7\u30e7\u30f3\u306f\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30d0\u30a4\u30ca\u30ea\u30fc\u306b\u95a2\u9023\u3057\u3066 Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u304c\u4f7f\u3046\u547d\u540d\u898f\u5247\u3092\u793a\u3059\u3082\u306e\u3067\u3001\u3053\u3053\u304b\u3089 Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u304c\u5c55\u958b\u306b\u4f7f\u3046\u6280\u8853\u3092\u77e5\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">Copy_Gaze<\/span> (Ctrl+G)<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">Deploy Gaze<\/span> (Ctrl+T)<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">Copy_Run_Gaze<\/span> (Ctrl+W)<\/li>\n<\/ul>\n<figure id=\"attachment_131874\" aria-describedby=\"caption-attachment-131874\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131874 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-18.png\" alt=\"\u753b\u50cf 18 \u306f SoftPerfect Network Scanner \u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002[Open Device] \u30e1\u30cb\u30e5\u30fc\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8 \u30e1\u30cb\u30e5\u30fc\u304c\u8d64\u3044\u56db\u89d2\u3067\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30c6\u30ad\u30b9\u30c8\u306e\u4e00\u90e8\u306f\u30ad\u30ea\u30eb\u6587\u5b57\u3067\u3059\u3002 \" width=\"900\" height=\"760\" \/><figcaption id=\"caption-attachment-131874\" class=\"wp-caption-text\">\u56f3 18. Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u69cb\u6210<\/figcaption><\/figure>\n<h2><a id=\"post-131947-_3bipxxi9l79\"><\/a>Medusa \u306e Gaze (\u51dd\u8996) \u3092\u3058\u3063\u304f\u308a\u898b\u308b<\/h2>\n<p>Unit 42 \u306f\u3001Medusa \u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30d0\u30a4\u30ca\u30ea\u30fc\u306b\u306f\u3001\u898b\u305f\u3082\u306e\u3092\u6050\u6016\u3067\u77f3\u306b\u5909\u3048\u3066\u3057\u307e\u3046\u3068\u3044\u3046\u3042\u306e\u30ae\u30ea\u30b7\u30e3\u795e\u8a71\u306e\u30e1\u30c7\u30e5\u30fc\u30b5\u3068\u4e00\u81f4\u3057\u305f\u3001\u5171\u901a\u30c6\u30fc\u30de\u304c\u898b\u3089\u308c\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002\u56f3 19 \u306b\u793a\u3059\u3088\u3046\u306b\u3001<a href=\"https:\/\/www.winitor.com\/\" target=\"_blank\" rel=\"noopener\">PEStudio<\/a> \u306e\u30c7\u30d0\u30c3\u30b0 \u30d1\u30b9\u306b\u306f\u300c<span style=\"font-family: 'courier new', courier, monospace;\">gaze<\/span> (\u51dd\u8996)\u300d\u3068\u3044\u3046\u7528\u8a9e\u304c\u4f7f\u7528\u30fb\u542b\u6709\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3059\u3002\u3053\u306e\u30c6\u30fc\u30de\u306f\u30d0\u30a4\u30ca\u30ea\u30fc\u540d\u3084 <span style=\"font-family: 'courier new', courier, monospace;\">netscan.xml<\/span> \u306e\u69cb\u6210\u30d5\u30a1\u30a4\u30eb (\u524d\u8ff0) \u3067\u4f7f\u308f\u308c\u308b\u547d\u540d\u898f\u5247\u3067\u3082\u7d9a\u3051\u3066\u898b\u3089\u308c\u307e\u3057\u305f\u3002\u6b21\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u79c1\u305f\u3061\u306f\u3053\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30d0\u30a4\u30ca\u30ea\u30fc\u3092\u300cGaze\u300d\u3068\u547c\u3093\u3067\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131876\" aria-describedby=\"caption-attachment-131876\" style=\"width: 862px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131876 size-full lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-19.png\" alt=\"\u753b\u50cf 19 \u306f pestudio 9.34 \u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002Gaze \u30d0\u30a4\u30ca\u30ea\u30fc\u306e PDB \u6587\u5b57\u5217\u3092\u8d64\u3044\u56db\u89d2\u3067\u30cf\u30a4\u30e9\u30a4\u30c8\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"862\" height=\"494\" \/><figcaption id=\"caption-attachment-131876\" class=\"wp-caption-text\">\u56f3 19. Gaze \u30d0\u30a4\u30ca\u30ea\u30fc\u306e PDB \u6587\u5b57\u5217<\/figcaption><\/figure>\n<p>Windows \u7248\u306e Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u3001\u4ee5\u4e0b\u306e\u8868 1 \u306b\u793a\u3059\u3068\u304a\u308a\u300111 \u7a2e\u985e\u306e\u5f15\u6570\u3092\u6307\u5b9a\u3057\u3066\u5b9f\u884c\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><b>\u5f15\u6570<\/b><\/td>\n<td style=\"text-align: center;\"><b>\u76ee\u7684<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">V<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30d0\u30a4\u30ca\u30ea\u30fc\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u78ba\u8a8d\u3059\u308b<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">n<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30c9\u30e9\u30a4\u30d6\u3092\u4f7f\u7528\u3059\u308b (\u30d0\u30a4\u30c8 \u30d5\u30e9\u30b0\u3092\u4f7f\u7528)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">s<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30b7\u30b9\u30c6\u30e0 \u30c9\u30e9\u30a4\u30d6\u3092\u9664\u5916\u3059\u308b (\u30d0\u30a4\u30c8 \u30d5\u30e9\u30b0\u3092\u4f7f\u7528)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">d<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u81ea\u5206\u81ea\u8eab\u3092\u524a\u9664\u3057\u306a\u3044<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">f<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30b7\u30b9\u30c6\u30e0 \u30d5\u30a9\u30eb\u30c0\u30fc\u3092\u9664\u5916\u3059\u308b<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">p<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30d7\u30ea\u30d7\u30ed\u30bb\u30b9\u3092\u4f7f\u7528\u3057\u306a\u3044 (\u30d0\u30a4\u30c8 \u30d5\u30e9\u30b0\u3092\u4f7f\u7528)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">k<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30d5\u30a1\u30a4\u30eb\u304b\u3089 RSA \u516c\u958b\u9375\u3092\u30ed\u30fc\u30c9\u3059\u308b<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">t<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30d5\u30a1\u30a4\u30eb\u304b\u3089\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u3092\u30ed\u30fc\u30c9\u3059\u308b<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">w<\/span><\/td>\n<td><span style=\"font-weight: 400;\">PowerShell <\/span><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">-execution policy bypass -File %s<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">v<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u30b3\u30f3\u30bd\u30fc\u30eb \u30a6\u30a3\u30f3\u30c9\u30a6\u3092\u8868\u793a\u3059\u308b<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">i<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u7279\u5b9a\u306e\u30d5\u30a9\u30eb\u30c0\u30fc\u3092\u6697\u53f7\u5316\u3059\u308b<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"font-size: 8pt; color: #999999;\"><em>\u8868 1. Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc<\/em><\/span><\/p>\n<p>2023 \u5e74 11 \u6708\u306e Windows \u5b9f\u884c\u30b5\u30f3\u30d7\u30eb\u306b\u5f15\u6570 <span style=\"font-family: 'courier new', courier, monospace;\">-V<\/span> \u3092\u6307\u5b9a\u3057\u3066\u5b9f\u884c\u3059\u308b\u3068\u3001\u3053\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u30d0\u30fc\u30b8\u30e7\u30f3 1.20 \u3068\u8b58\u5225\u3055\u308c\u307e\u3059 (\u56f3 20)\u3002\u3053\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u306f\u3001\u5f53\u8a72\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306b\u4f55\u3089\u304b\u306e\u958b\u767a\u30b5\u30a4\u30af\u30eb\u304c\u3042\u308b\u3053\u3068\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u540c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30d0\u30a4\u30ca\u30ea\u30fc\u6700\u521d\u671f\u306e\u516c\u958b\u30b5\u30f3\u30d7\u30eb\u306e 1 \u3064\u306f 2023 \u5e74 2 \u6708\u306b\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3055\u308c\u305f\u3082\u306e\u3067\u3001\u3053\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f 1.10 \u3060\u3063\u305f\u304b\u3089\u3067\u3059\u3002\u3053\u306e\u30b5\u30f3\u30d7\u30eb\u306e SHA-256 \u5024\u306f <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/www.virustotal.com\/gui\/file\/736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270\" target=\"_blank\" rel=\"noopener\">736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270<\/a><\/span> \u3067\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_131878\" aria-describedby=\"caption-attachment-131878\" style=\"width: 373px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131878 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-20.png\" alt=\"\u753b\u50cf 20 \u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u793a\u3059\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u4e00\u90e8\u306e\u60c5\u5831\u306f\u4f0f\u305b\u3089\u308c\u3066\u3044\u307e\u3059\u3002\u30d0\u30fc\u30b8\u30e7\u30f3\u306f 1.20 \u3067\u3059 \" width=\"373\" height=\"66\" \/><figcaption id=\"caption-attachment-131878\" class=\"wp-caption-text\">\u56f3 20. \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b5\u30f3\u30d7\u30eb\u306e\u30d0\u30fc\u30b8\u30e7\u30f3<\/figcaption><\/figure>\n<p>Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30d0\u30a4\u30ca\u30ea\u30fc\u306f\u3001\u4ee5\u4e0b\u306e\u6a5f\u80fd\u306b\u3064\u3044\u3066\u6587\u5b57\u5217\u306e\u6697\u53f7\u5316\u3092\u63a1\u7528\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u6a19\u7684\u306e\u30b5\u30fc\u30d3\u30b9<\/li>\n<li>\u6a19\u7684\u306e\u30d7\u30ed\u30bb\u30b9<\/li>\n<li>\u30d5\u30a1\u30a4\u30eb\u62e1\u5f35\u5b50\u306e\u8a31\u53ef\u30ea\u30b9\u30c8<\/li>\n<li>\u30d5\u30a9\u30eb\u30c0\u30fc \u30d1\u30b9\u306e\u8a31\u53ef\u30ea\u30b9\u30c8<\/li>\n<\/ul>\n<p>\u56f3 21 \u306f\u3001\u30d0\u30a4\u30ca\u30ea\u30fc\u5185\u306b\u3042\u308b\u591a\u6570\u306e\u6587\u5b57\u5217\u5fa9\u53f7\u30b3\u30fc\u30c9 \u30d6\u30ed\u30c3\u30af\u306e 1 \u3064\u306e\u30b3\u30fc\u30c9 \u30d6\u30ed\u30c3\u30af\u4f8b\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3001\u3053\u308c\u3089\u306f\u3059\u3079\u3066\u4f3c\u305f\u3088\u3046\u306a\u5236\u5fa1\u30d5\u30ed\u30fc\u3092\u6301\u3063\u3066\u3044\u307e\u3059\u3002\u305d\u308c\u305e\u308c\u306e\u6587\u5b57\u5217\u5fa9\u53f7\u30b3\u30fc\u30c9 \u30d6\u30ed\u30c3\u30af\u306b\u306f\u95a2\u6570\u304c 2 \u3064\u3042\u308a\u307e\u3059\u30021 \u3064\u3081\u306e\u95a2\u6570\u306f\u3001\u56f3 21 \u306e <span style=\"font-family: 'courier new', courier, monospace;\">u42_push_string_medusa<\/span> \u304c\u793a\u3059\u3088\u3046\u306b\u3001\u6697\u53f7\u5316\u3055\u308c\u305f\u6587\u5b57\u5217\u3092\u30e1\u30e2\u30ea\u30fc\u306b\u79fb\u52d5\u3057\u307e\u3059\u30022 \u3064\u3081\u306e\u95a2\u6570\u306f <span style=\"font-family: 'courier new', courier, monospace;\">u42_string_decrypt_7characters<\/span> \u3068\u3044\u3046\u540d\u524d\u306e\u3082\u306e\u3067\u3001\u3053\u308c\u306f <span style=\"font-family: 'courier new', courier, monospace;\">0x2E <\/span>\u3092\u30ad\u30fc\u3068\u3059\u308b XOR \u6697\u53f7\u65b9\u5f0f\u3092\u63a1\u7528\u3057\u3066\u3044\u307e\u3059 (\u56f3 21\u3082\u53c2\u7167)\u3002<\/p>\n<figure id=\"attachment_131880\" aria-describedby=\"caption-attachment-131880\" style=\"width: 438px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131880 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-21.png\" alt=\"\u753b\u50cf 21 \u306f\u3001Gaze.exe \u306e\u6587\u5b57\u5217\u5fa9\u53f7\u5316\u6a5f\u80fd\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002 \" width=\"438\" height=\"200\" \/><figcaption id=\"caption-attachment-131880\" class=\"wp-caption-text\">\u56f3 21. <span style=\"font-family: 'courier new', courier, monospace;\">Gaze.exe<\/span> \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b5\u30f3\u30d7\u30eb\u5185\u306e\u6587\u5b57\u5217\u5fa9\u53f7\u95a2\u6570<\/figcaption><\/figure>\n<p>\u56f3 22 \u3067\u3001\u6587\u5b57\u5217\u306e 16 \u9032\u6570\u8868\u8a18\u306f\u3001\u95a2\u6570\u30b9\u30bf\u30c3\u30af \u30d5\u30ec\u30fc\u30e0\u3078\u306e\u79fb\u52d5\u30fb\u5272\u308a\u5f53\u3066\u3092\u53d7\u3051\u3001\u305d\u306e\u5f8c\u3042\u308b\u30e1\u30e2\u30ea\u30fc \u30bb\u30af\u30b7\u30e7\u30f3\u306b\u79fb\u52d5\u3055\u308c\u3001\u30c7\u30ea\u30d5\u30a1\u30ec\u30f3\u30b9\u3055\u308c\u305f\u30dd\u30a4\u30f3\u30bf\u30fc\u306b\u3088\u308a\u53d6\u5f97\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131882\" aria-describedby=\"caption-attachment-131882\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131882 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-22.png\" alt=\"\u753b\u50cf 22 \u306f\u3001\u6697\u53f7\u5316\u3055\u308c\u305f 16 \u9032\u6570\u8868\u8a18\u6587\u5b57\u5217 0x2E6F7D7B6A6B6300 \u3092\u9006\u30b3\u30f3\u30d1\u30a4\u30eb\u3057\u305f\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002 \" width=\"800\" height=\"250\" \/><figcaption id=\"caption-attachment-131882\" class=\"wp-caption-text\">\u56f3 22. \u6697\u53f7\u5316\u3055\u308c\u305f 16 \u9032\u8868\u8a18\u306e\u6587\u5b57\u5217 <span style=\"font-family: 'courier new', courier, monospace;\">0x2E6F7D7B6A6B6300<\/span> \u306e\u79fb\u52d5\u3092\u9006\u30b3\u30f3\u30d1\u30a4\u30eb\u3057\u3066\u898b\u305f\u3068\u3053\u308d<\/figcaption><\/figure>\n<p>\u95a2\u6570 <span style=\"font-family: 'courier new', courier, monospace;\">u42_push_string_medusa<\/span> \u304c\u5b8c\u4e86\u3057\u3066\u6587\u5b57\u5217\u3078\u306e\u30dd\u30a4\u30f3\u30bf\u30fc\u3092\u8fd4\u3059\u3068\u3001\u3053\u306e\u6587\u5b57\u5217\u306f\u6700\u521d\u306f <span style=\"font-family: 'courier new', courier, monospace;\">EAX<\/span> \u306b\u683c\u7d0d\u3055\u308c\u307e\u3059 (\u56f3 21)\u3002<span style=\"font-family: 'courier new', courier, monospace;\">EAX<\/span> \u306e\u5185\u5bb9\u306f <span style=\"font-family: 'courier new', courier, monospace;\">ESI <\/span> \u306b\u79fb\u52d5\u3055\u308c\u3001<span style=\"font-family: 'courier new', courier, monospace;\">ESI<\/span> \u306e\u5185\u5bb9\u306f\u3055\u3089\u306b <span style=\"font-family: 'courier new', courier, monospace;\">ECX<\/span> \u306b\u79fb\u52d5\u3055\u308c\u307e\u3059\u3002\u30ec\u30b8\u30b9\u30bf\u30fc <span style=\"font-family: 'courier new', courier, monospace;\">ECX<\/span> \u306f\u95a2\u6570 <span style=\"font-family: 'courier new', courier, monospace;\">u42_string_decrypt_7character<\/span> \u306b\u6e21\u3055\u308c\u308b\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3067\u3001\u305d\u306e\u306a\u304b\u306b\u306f\u6697\u53f7\u5316\u3055\u308c\u305f\u6587\u5b57\u5217\u306e\u30dd\u30a4\u30f3\u30bf\u30fc\u304c\u683c\u7d0d\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u6587\u5b57\u5217\u30b3\u30f3\u30c6\u30f3\u30c4\u3078\u306e\u30dd\u30a4\u30f3\u30bf\u30fc\u306f\u3001\u5f53\u8a72\u6587\u5b57\u5217\u5185\u306e\u5404\u6587\u5b57\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u305f\u3081\u306e\u914d\u5217\u3068\u3057\u3066\u4f7f\u308f\u308c\u307e\u3059\u3002\u56f3 23 \u306b\u793a\u3059\u3088\u3046\u306b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">0x2E<\/span> \u3092\u30ad\u30fc\u3068\u3057\u3066 XOR \u304c\u3053\u308c\u3092\u5fa9\u53f7\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131884\" aria-describedby=\"caption-attachment-131884\" style=\"width: 488px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131884 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-23.png\" alt=\"\u753b\u50cf 23 \u306f\u3001\u9006\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305f\u6587\u5b57\u5217\u5fa9\u53f7\u5316\u95a2\u6570 0x2E6F7D7B6A6B6300 \u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002 \" width=\"488\" height=\"298\" \/><figcaption id=\"caption-attachment-131884\" class=\"wp-caption-text\">\u56f3 23. \u6587\u5b57\u5217 <span style=\"font-family: 'courier new', courier, monospace;\">0x2E6F7D7B6A6B6300<\/span> \u306b\u5bfe\u3057\u3066\u4f7f\u308f\u308c\u308b\u6587\u5b57\u5217\u5fa9\u53f7\u95a2\u6570\u3092\u9006\u30b3\u30f3\u30d1\u30a4\u30eb\u3057\u3066\u898b\u305f\u3068\u3053\u308d<\/figcaption><\/figure>\n<p>\u56f3 24 \u306b\u793a\u3057\u305f\u3088\u3046\u306b\u3001\u6587\u5b57\u5217\u5fa9\u53f7\u30e1\u30bd\u30c3\u30c9\u306e\u691c\u8a3c\u306f\u3001CyberChef \u30ec\u30b7\u30d4\u3067\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131886\" aria-describedby=\"caption-attachment-131886\" style=\"width: 775px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131886 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-24.png\" alt=\"\u753b\u50cf 24 \u306f CyberChef \u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u6587\u5b57\u5217\u306e\u5fa9\u53f7\u3092\u691c\u8a3c\u3057\u3066\u3044\u307e\u3059\u3002\u5de6\u5217\u304c\u30ec\u30b7\u30d4\u3067\u3059\u3002\u53f3\u5217\u306b\u306f Input \u3068 Output \u304c\u3042\u308a\u3001\u305d\u308c\u305e\u308c\u8d64\u3044\u56db\u89d2\u3067\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"775\" height=\"763\" \/><figcaption id=\"caption-attachment-131886\" class=\"wp-caption-text\">\u56f3 24. CyberChef \u3092\u4f7f\u3063\u3066\u6587\u5b57\u5217\u306e\u5fa9\u53f7\u3092\u691c\u8a3c<\/figcaption><\/figure>\n<p>Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u3001\u88ab\u5bb3\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u6697\u53f7\u5316\u306b\u4f7f\u3046 <span style=\"font-family: 'courier new', courier, monospace;\">AES256<\/span> \u30ad\u30fc\u3092\u4fdd\u8b77\u3059\u308b\u305f\u3081\u3001RSA \u975e\u5bfe\u79f0\u6697\u53f7\u3092\u4f7f\u3044\u307e\u3059\u3002\u3053\u306e <span style=\"font-family: 'courier new', courier, monospace;\">AES256<\/span> \u30ad\u30fc\u306f\u300132 \u30d0\u30a4\u30c8\u306e\u30ad\u30fc\u3068 16 \u30d0\u30a4\u30c8\u306e\u521d\u671f\u5316\u30d9\u30af\u30c8\u30eb (IV) \u3092\u4f7f\u3063\u3066\u8a2d\u5b9a\u3055\u308c\u307e\u3059\u3002\u6697\u53f7\u5316\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u306f\u62e1\u5f35\u5b50\u304c <span style=\"font-family: 'courier new', courier, monospace;\">.medusa<\/span> \u306b\u30ea\u30cd\u30fc\u30e0\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u30d5\u30a1\u30a4\u30eb\u306e\u5217\u6319\u30fb\u6697\u53f7\u5316\u4e2d\u3001\u3053\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u4ee5\u4e0b\u306e\u62e1\u5f35\u5b50\u3092\u3082\u3064\u30d5\u30a1\u30a4\u30eb\u3092\u9664\u5916\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">.dll<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">.exe<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">.lnk<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">.medusa<\/span><\/li>\n<\/ul>\n<p>\u4ee5\u4e0b\u306e\u30d5\u30a9\u30eb\u30c0\u30fc \u30d1\u30b9\u3082\u9664\u5916\u3055\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\\Windows\\<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\\Windows.old\\<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\\PerfLogs\\<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">\\MSOCache\\<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">G_skp_dir<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">Program Files<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">Program Files (x86)<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">ProgramData<\/span><\/li>\n<\/ul>\n<p>\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u306f <span style=\"font-family: 'courier new', courier, monospace;\">!!read_me_medusa!!!txt<\/span> \u3068\u3044\u3046\u540d\u524d\u3067\u30c9\u30ed\u30c3\u30d7\u3055\u308c\u307e\u3059\u3002\u305d\u306e\u5185\u5bb9\u3092\u56f3 25 \u306b\u793a\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_131888\" aria-describedby=\"caption-attachment-131888\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-131888 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/01\/word-image-131837-25.png\" alt=\"\u753b\u50cf 25 \u306f Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3059\u3002\u3053\u306e\u30e1\u30e2\u306f MEDUSA \u3068\u3044\u3046\u6587\u5b57\u306e\u30a2\u30b9\u30ad\u30fc\u30a2\u30fc\u30c8\u304b\u3089\u59cb\u307e\u3063\u3066\u3044\u307e\u3059\u3002\u305d\u306e\u5f8c\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3084\u30c7\u30fc\u30bf\u306b\u4f55\u304c\u8d77\u3053\u3063\u305f\u304b\u3001\u4fdd\u8a3c\u3055\u308c\u308b\u5185\u5bb9\u306e\u4e00\u89a7\u3001\u8ab0\u306b\u3069\u306e\u3088\u3046\u306b\u9023\u7d61\u3059\u3079\u304d\u304b\u3001TOR \u306e\u4f7f\u3044\u304b\u305f\u306e\u8aac\u660e\u304c\u7d9a\u304d\u307e\u3059\u3002\u60c5\u5831\u306e\u4e00\u90e8\u306f\u5272\u611b\u3057\u3066\u3042\u308a\u307e\u3059\u3002 \" width=\"900\" height=\"921\" \/><figcaption id=\"caption-attachment-131888\" class=\"wp-caption-text\">\u56f3 25. Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u8eab\u4ee3\u91d1\u8981\u6c42\u30e1\u30e2<\/figcaption><\/figure>\n<p>\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u3055\u307e\u3056\u307e\u306a <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/learn.microsoft.com\/ja-jp\/windows-server\/administration\/windows-commands\/vssadmin\" target=\"_blank\" rel=\"noopener\">vssadmin<\/a><\/span> \u306b\u95a2\u9023\u3059\u308b\u64cd\u4f5c\u3092\u884c\u3044\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u81ea\u5206\u81ea\u8eab\u3092\u524a\u9664\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u5fa9\u65e7\u3084\u30d5\u30a9\u30ec\u30f3\u30b8\u30c3\u30af\u4f5c\u696d\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u3002<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">vssadmin Delete Shadows \/all \/quiet<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">vssadmin resize shadowstorage \/for=C: \/on=C: \/maxsize=401MB<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">vssadmin resize shadowstorage \/for=C: \/on=C: \/maxsize=unbounded<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">cmd \/c ping localhost -n 3 &gt; nul &amp; del<\/span><\/li>\n<\/ul>\n<h2><a id=\"post-131947-_t6slk6wb6ph9\"><\/a>\u7d50\u8ad6<\/h2>\n<p>2022 \u5e74\u5f8c\u534a\u306e Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u53f0\u982d\u3068 2023 \u5e74\u306b\u304a\u3051\u308b\u305d\u306e\u60aa\u540d\u306e\u5e83\u304c\u308a\u306f\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u6982\u6cc1\u306b\u91cd\u5927\u306a\u8ee2\u6a5f\u3092\u3082\u305f\u3089\u3059\u3082\u306e\u3068\u306a\u308a\u307e\u3057\u305f\u3002\u5f7c\u3089\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u3001\u30b7\u30b9\u30c6\u30e0\u306e\u8106\u5f31\u6027\u3001\u521d\u671f\u30a2\u30af\u30bb\u30b9\u30d6\u30ed\u30fc\u30ab\u30fc\u306e\u4e21\u65b9\u3092\u6d3b\u7528\u3057\u3064\u3064\u3001\u74b0\u5883\u5bc4\u751f\u6280\u8853\u306b\u3088\u308a\u5de7\u307f\u306b\u691c\u51fa\u56de\u907f\u3092\u56f3\u308b\u3001\u305d\u306e\u8907\u96d1\u306a\u4f1d\u64ad\u624b\u6cd5\u3092\u793a\u3057\u305f\u3082\u306e\u3068\u3044\u3048\u307e\u3059\u3002<\/p>\n<p>Medusa Blog \u306f\u3001\u30aa\u30f3\u30e9\u30a4\u30f3\u306b\u516c\u8868\u3057\u305f\u8eab\u4ee3\u91d1\u8981\u6c42\u3092\u901a\u3058\u3001\u88ab\u5bb3\u8005\u306b\u9732\u9aa8\u306a\u5727\u529b\u3092\u304b\u3051\u308b\u6226\u8853\u3092\u4f7f\u7528\u3059\u308b\u3001\u591a\u91cd\u6050\u559d\u6226\u8853\u306e\u9032\u5316\u3092\u8868\u3059\u3082\u306e\u3067\u3059\u3002\u3053\u308c\u307e\u3067\u306b\u3055\u307e\u3056\u307e\u306a\u30bb\u30af\u30bf\u30fc\u306b\u307e\u305f\u304c\u308b 74 \u306e\u7d44\u7e54\u304c\u88ab\u5bb3\u3092\u53d7\u3051\u3066\u304a\u308a\u3001\u3053\u3046\u3057\u305f Medusa \u306b\u3088\u308b\u7121\u5dee\u5225\u306a\u6a19\u7684\u8a2d\u5b9a\u306f\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30a2\u30af\u30bf\u30fc\u306e\u3082\u305f\u3089\u3059\u666e\u904d\u7684\u8105\u5a01\u3092\u5f37\u8abf\u3059\u308b\u3082\u306e\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>Unit 42 \u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306b\u3088\u308b\u6280\u8853\u7684\u5206\u6790\u3067\u306f\u3001\u4fb5\u5bb3\u3055\u308c\u305f\u30b5\u30fc\u30d0\u30fc\u3078\u306e Web \u30b7\u30a7\u30eb\u8a2d\u7f6e\u304b\u3089\u6697\u53f7\u5316\u3055\u308c\u305f\u30ab\u30fc\u30cd\u30eb \u30c9\u30e9\u30a4\u30d0\u30fc\u306e\u914d\u5099\u306b\u3044\u305f\u308b\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u304c\u63a1\u7528\u3057\u305f\u5de7\u5999\u306a\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u6226\u7565\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u3053\u306e\u6226\u7565\u306f\u305d\u306e\u5f8c\u3001\u65ac\u65b0\u306a netscan \u30c4\u30fc\u30eb\u306e\u5fdc\u7528\u3084 Medusa \u306e\u30d0\u30a4\u30ca\u30ea\u30fc gaze \u3078\u3068\u3064\u306a\u304c\u308a\u3001\u6700\u7d42\u7684\u306b\u306f\u4e0d\u5409\u306a <span style=\"font-family: 'courier new', courier, monospace;\">.medusa<\/span> \u30d5\u30a1\u30a4\u30eb\u62e1\u5f35\u5b50\u3092\u4f34\u3046\u30d5\u30a1\u30a4\u30eb\u6697\u53f7\u5316\u3078\u3068\u81f3\u308a\u307e\u3059\u3002\u3053\u306e\u3088\u3046\u306b Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306f\u7d44\u7e54\u306b\u3068\u3063\u3066\u91cd\u5927\u306a\u8105\u5a01\u3067\u3042\u308b\u3053\u3068\u304b\u3089\u3001\u7d44\u7e54\u306b\u306f\u3088\u308a\u7a4d\u6975\u7684\u304b\u3064\u5f37\u529b\u306a\u9632\u5fa1\u6226\u7565\u3092\u53d6\u308b\u3053\u3068\u304c\u6c42\u3081\u3089\u308c\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-131947-_jt3yi5rhpmao\"><\/a>\u4fdd\u8b77\u3068\u7de9\u548c\u7b56<\/h2>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u88fd\u54c1\u3092\u901a\u3058\u3066\u3001\u4e0a\u8a18\u306e\u8105\u5a01\u304b\u3089\u3055\u3089\u306b\u5f37\u529b\u306b\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/wildfire\" target=\"_blank\" rel=\"noopener\">Advanced WildFire<\/a>: \u672c\u7a3f\u3067\u89e3\u8aac\u3057\u305f IoC \u306b\u9451\u307f\u3001Advanced WildFire \u306e\u6a5f\u68b0\u5b66\u7fd2\u30e2\u30c7\u30eb\u3068\u5206\u6790\u6280\u8853\u306e\u898b\u76f4\u3057\u3068\u66f4\u65b0\u3092\u884c\u3044\u307e\u3057\u305f\u3002<\/li>\n<li><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XDR\" target=\"_blank\" rel=\"noopener\">Cortex XDR<\/a>: \u3068\u304f\u306b\u8a2d\u5b9a\u7b49\u3092\u5909\u66f4\u3059\u308b\u5fc5\u8981\u306a\u304f\u3001\u65e2\u77e5\u306e\u3059\u3079\u3066\u306e Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b5\u30f3\u30d7\u30eb\u306f XDR \u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u306b\u3088\u3063\u3066\u9632\u6b62\u3055\u308c\u307e\u3059\u3002\u3053\u308c\u306b\u306f\u4ee5\u4e0b\u306e\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u4f7f\u308f\u308c\u307e\u3059\u3002\n<ul>\n<li>Windows \u4e0a\u3067\u306e Medusa \u306b\u3088\u308b\u6697\u53f7\u5316\u306e\u52d5\u4f5c\u3092\u9632\u5fa1\u3059\u308b Anti-Ransomware \u30e2\u30b8\u30e5\u30fc\u30eb<\/li>\n<li>Windows \u4e0a\u306e Medusa \u30d0\u30a4\u30ca\u30ea\u30fc\u3092\u9632\u6b62\u3059\u308b Local Analysis \u9632\u5fa1<\/li>\n<li>Windows \u4e0a\u304a\u3088\u3073 Linux \u4e0a\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306b\u3088\u308b\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092\u9632\u5fa1\u3059\u308b Behavioral Threat Protection (BTP) \u30eb\u30fc\u30eb<\/li>\n<li>Medusa \u7528\u306e\u6307\u6a19\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3055\u3089\u306b\u4fdd\u8b77\u3092\u5f37\u5316\u53ef\u80fd<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb (NGFW)<\/a>:\n<ul>\n<li>DNS \u30b7\u30b0\u30cd\u30c1\u30e3\u30fc\u304c\u65e2\u77e5\u306e\u30b3\u30de\u30f3\u30c9\uff06\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb (C2) \u30c9\u30e1\u30a4\u30f3\u3092\u691c\u51fa\u3057\u307e\u3059\u3002\u540c\u69d8\u306b\u3001URL \u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3082\u305d\u308c\u3089\u3092\u30de\u30eb\u30a6\u30a7\u30a2\u3068\u3057\u3066\u5206\u985e\u3057\u307e\u3059\u3002<\/li>\n<li>Advanced Threat Prevention \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u3092\u6709\u52b9\u306b\u3057\u305f \u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306f\u3001Threat Prevention \u30b7\u30b0\u30cd\u30c1\u30e3\u30fc <a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=80744\" target=\"_blank\" rel=\"noopener\">80744<\/a>\u3001<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=86828\" target=\"_blank\" rel=\"noopener\">86828<\/a> \u3092\u30d9\u30b9\u30c8 \u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3068\u3068\u3082\u306b\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001Web \u30b7\u30a7\u30eb \u30d5\u30a1\u30a4\u30eb\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u9632\u6b62\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/prisma\/prisma-cloud\" target=\"_blank\" rel=\"noopener\">Prisma Cloud<\/a>:\n<ul>\n<li>\u73fe\u6642\u70b9\u3067 Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u5f71\u97ff\u3092\u53d7\u3051\u305f\u30af\u30e9\u30a6\u30c9 \u30a4\u30f3\u30d5\u30e9\u306f\u77e5\u3089\u308c\u3066\u3044\u307e\u305b\u3093\u304c\u3001Windows \u4eee\u60f3\u30de\u30b7\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u30af\u30e9\u30a6\u30c9 \u30a4\u30f3\u30d5\u30e9\u306f\u3001Cortex XDR Cloud Agents \u306a\u3044\u3057 Prisma Cloud Defender Agents \u3092\u4f7f\u3063\u3066 Windows \u30d9\u30fc\u30b9\u306e VM \u3092\u76e3\u8996\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3069\u3061\u3089\u306e\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3082\u3001\u5f0a\u793e\u306e WildFire \u304b\u3089\u53d6\u5f97\u3057\u305f\u30b7\u30b0\u30cd\u30c1\u30e3\u30fc\u3092\u4f7f\u3044\u3001\u65e2\u77e5\u306e Medusa \u30de\u30eb\u30a6\u30a7\u30a2\u304c Windows VM \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u306a\u3044\u304b\u3069\u3046\u304b\u76e3\u8996\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.jp\/cortex\/cortex-xpanse\" target=\"_blank\" rel=\"noopener\">Cortex Xpanse<\/a>:\n<ul>\n<li>Cortex Xpanse \u306f\u3001Medusa \u306a\u3069\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3055\u308c\u3001\u611f\u67d3\u3059\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u76f4\u63a5\u63a5\u7d9a\u3055\u308c\u305f\u8106\u5f31\u306a\u30b5\u30fc\u30d3\u30b9\u3092\u691c\u51fa\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u4fb5\u5bb3\u306e\u61f8\u5ff5\u304c\u3042\u308a\u5f0a\u793e\u306b\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u30ec\u30b9\u30dd\u30f3\u30b9\u306b\u95a2\u3059\u308b\u3054\u76f8\u8ac7\u3092\u306a\u3055\u308a\u305f\u3044\u5834\u5408\u306f\u3001<a href=\"https:\/\/start.paloaltonetworks.jp\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">infojapan@paloaltonetworks.com<\/a> \u307e\u3067\u30e1\u30fc\u30eb\u306b\u3066\u3054\u9023\u7d61\u3044\u305f\u3060\u304f\u304b\u3001\u4e0b\u8a18\u306e\u96fb\u8a71\u756a\u53f7\u307e\u3067\u304a\u554f\u3044\u5408\u308f\u305b\u304f\u3060\u3055\u3044(\u3054\u76f8\u8ac7\u306f\u5f0a\u793e\u88fd\u54c1\u306e\u304a\u5ba2\u69d8\u306b\u306f\u9650\u5b9a\u3055\u308c\u307e\u305b\u3093)\u3002<\/p>\n<ul>\n<li>\u5317\u7c73\u30d5\u30ea\u30fc\u30c0\u30a4\u30e4\u30eb: 866.486.4842 (866.4.UNIT42)<\/li>\n<li>EMEA: +31.20.299.3130<\/li>\n<li>APAC: +65.6983.8730<\/li>\n<li>\u65e5\u672c: (+81) 50-1790-0200<\/li>\n<\/ul>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u3001\u3053\u308c\u3089\u306e\u8abf\u67fb\u7d50\u679c\u3092 Cyber Threat Alliance (CTA: \u30b5\u30a4\u30d0\u30fc\u8105\u5a01\u30a2\u30e9\u30a4\u30a2\u30f3\u30b9) \u306e\u30e1\u30f3\u30d0\u30fc\u3068\u5171\u6709\u3057\u307e\u3057\u305f\u3002CTA \u306e\u30e1\u30f3\u30d0\u30fc\u306f\u3053\u306e\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u3092\u4f7f\u3063\u3066\u3001\u304a\u5ba2\u69d8\u306b\u4fdd\u8b77\u3092\u8fc5\u901f\u306b\u63d0\u4f9b\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u8005\u3092\u4f53\u7cfb\u7684\u306b\u963b\u5bb3\u3067\u304d\u307e\u3059\u3002\u8a73\u7d30\u306f <a href=\"https:\/\/www.cyberthreatalliance.org\" target=\"_blank\" rel=\"noopener\">Cyber Threat Alliance<\/a> \u306b\u3066\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\uff61<\/p>\n<h2><a id=\"post-131947-_pqnjg4atedn4\"><\/a><strong>IoC (\u4fb5\u5bb3\u6307\u6a19)<\/strong><\/h2>\n<h3>\u30cf\u30c3\u30b7\u30e5\u5024<\/h3>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">657c0cce98d6e73e53b4001eeea51ed91fdcf3d47a18712b6ba9c66d59677980<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">7d68da8aa78929bb467682ddb080e750ed07cd21b1ee7a9f38cf2810eeb9cb95<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">9144a60ac86d4c91f7553768d9bef848acd3bd9fe3e599b7ea2024a8a3115669<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">736de79e0a2d08156bae608b2a3e63336829d59d38d61907642149a566ebd270<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u30a4\u30f3\u30d5\u30e9<\/h3>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">Medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd[.]onion<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd[.]onion<\/span><\/li>\n<\/ul>\n<h2><a id=\"post-131947-_iy0yww15ybg2\"><\/a><strong>\u4ed8\u9332<\/strong><\/h2>\n<p>Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306b\u3088\u308a\u505c\u6b62\u3055\u308c\u308b\u30b5\u30fc\u30d3\u30b9<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Acronis VSS Provider\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Sophos Agent\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Sophos Clean Service\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Sophos Health Service\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Sophos MCS Agent\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Sophos MCS Client\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Sophos Message Router\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"AcronisAgent\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"AcrSch2Svc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Antivirus\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ARSM\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"BackupExecJobEngine\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"BackupExecRPCService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"BackupExecVSSProvider\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"bedbg\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"DCAgent\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"EPSecurityService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"EPUpdateService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"EraserSvc11710\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"EsgShKernel\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"FA_Scheduler\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"IISAdmin\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"IMAP4Svc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"macmnsvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"masvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MBAMService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MBEndpointAgent\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"McAfeeEngineService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"McAfeeFramework\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"McShield\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"McTaskManager\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"mfemms\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"mfevtp\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MMS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"mozyprobackup\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MsDtsServer\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MsDtsServer100\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MsDtsServer110\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSExchangeES\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSExchangeIS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSExchangeMGMT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSExchangeMTA\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSExchangeSA\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSExchangeSRS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSOLAP$SQL_2008\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSOLAP$SYSTEM_BGC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSOLAP$TPS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSOLAP$TPSAMA\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$BKUPEXEC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$ECWDB2\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$PRACTICEMGT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$PRACTTICEBGC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$PROFXENGAGEMENT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$SBSMONITORING\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$SHAREPOINT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$SQL_2008\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$SYSTEM_BGC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$TPS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$TPSAMA\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$VEEAMSQL2008R2\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$VEEAMSQL2012\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQLFDLauncher\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQLFDLauncher$TPS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQLSERVER\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MySQL80\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MySQL57\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ntrtscan\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"OracleClientCache80\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"PDVFSService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"POP3Svc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ReportServer\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ReportServer$SQL_2008\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ReportServer$TPS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ReportServer$TPSAMA\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"RESvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"sacsvr\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SamSs\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SAVAdminService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SAVService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SDRSVC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SepMasterService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ShMonitor\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Smcinst\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SmcService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SMTPSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SNAC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SntpService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"sophossps\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$BKUPEXEC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$ECWDB2\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$PRACTTICEBGC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$PRACTTICEMGT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$SHAREPOINT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$SQL_2008\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$SYSTEM_BGC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$TPS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$TPSAMA\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$VEEAMSQL2012\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLBrowser\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLSafeOLRService\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLSERVERAGENT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLTELEMETRY\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLTELEMETRY$ECWDB2\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLWriter\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SstpSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"svcGenericHost\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"swi_filter\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"swi_service\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"swi_update_64\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"TmCCSF\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"tmlisten\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"TrueKey\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"TrueKeyScheduler\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"TrueKeyServiceHelper\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"UI0Detect\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamBackupSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamBrokerSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamCatalogSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamCloudSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamDeploySvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamMountSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamNFSSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamRESTSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamTransportSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"W3Svc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"wbengine\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"WRSVC\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"VeeamHvIntegrationSvc\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"swi_update\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$CXDB\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQL Backups\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$PROD\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"Zoolz 2 Service\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQLServerADHelper\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$PROD\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"msftesql$PROD\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"NetMsmqActivator\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"EhttpSrv\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ekrn\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"ESHASRV\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$SOPHOS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$SOPHOS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"AVP\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"klnagent\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"MSSQL$SQLEXPRESS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"SQLAgent$SQLEXPRESS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"kavfsslp\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"KAVFSGT\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"KAVFS\"<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">net stop \"mfefire\"<\/span><\/li>\n<\/ul>\n<p>\u30d7\u30ed\u30bb\u30b9:<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM zoolz.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM agntsvc.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM dbeng50.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM dbsnmp.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM encsvc.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM excel.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM firefoxconfig.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM infopath.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM isqlplussvc.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM msaccess.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM msftesql.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM mspub.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM mydesktopqos.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM mydesktopservice.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM mysqld.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM mysqld-nt.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM mysqld-opt.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM ocautoupds.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM ocomm.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM ocssd.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM onenote.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM oracle.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM outlook.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM powerpnt.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM sqbcoreservice.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM sqlagent.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM sqlbrowser.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM sqlservr.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM sqlwriter.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM steam.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM synctime.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM tbirdconfig.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM thebat.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM thebat64.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM thunderbird.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM visio.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM winword.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM wordpad.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM xfssvccon.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM tmlisten.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM PccNTMon.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM CNTAoSMgr.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM Ntrtscan.exe \/T<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">taskkill \/F \/IM mbamtray.exe \/T<\/span><\/li>\n<\/ul>\n<h2><a id=\"post-131947-_570cbe1pdhwx\"><\/a><strong>\u8ffd\u52a0\u30ea\u30bd\u30fc\u30b9<\/strong><\/h2>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide\/\" target=\"_blank\" rel=\"noopener\">Medusa ransomware gang picks up steam as it targets companies worldwide<\/a> \u2013 Bleeping Computer<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/toyota-confirms-breach-after-medusa-ransomware-threatens-to-leak-data\/\" target=\"_blank\" rel=\"noopener\">Toyota confirms breach after Medusa ransomware threatens to leak data<\/a> \u2013 Bleeping Computer<\/li>\n<li><a href=\"https:\/\/securityscorecard.com\/research\/a-deep-dive-into-medusa-ransomware\/\" target=\"_blank\" rel=\"noopener\">A Deep Dive Into Medusa Ransomware<\/a> \u2013 Whitepaper, SecurityScorecard<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 Unit 42 \u8105\u5a01\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9 \u30c1\u30fc\u30e0\u306e\u30a2\u30ca\u30ea\u30b9\u30c8\u306f\u3001Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u6d3b\u767a\u5316\u3057\u3001\u6050\u559d\u3078\u3068\u6226\u8853\u304c\u30b7\u30d5\u30c8\u3057\u3066\u304d\u305f\u3053\u3068\u306b\u6c17\u3065\u304d\u307e\u3057\u305f\u3002\u305f\u3068\u3048\u3070 2023 \u5e74\u521d\u982d\u3001Medusa Blog<\/p>\n","protected":false},"author":343,"featured_media":134362,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3057,4428],"tags":[4761,4763,4595,4765,4637],"product_categories":[4444,4446,4448,4449,4456,4458],"coauthors":[3562,2370],"class_list":["post-131947","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ransomware-ja","category-threat-research-ja","tag-medusa-ja","tag-medusa-ransomware-ja","tag-raas-ja","tag-transforming-scorpius-ja","tag-windows-ja","product_categories-advanced-wildfire-ja","product_categories-cloud-delivered-security-services-ja","product_categories-cortex-xdr-ja","product_categories-cortex-xpanse-ja","product_categories-next-generation-firewall-ja","product_categories-prisma-cloud-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2<\/title>\n<meta name=\"description\" content=\"Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u6d3b\u767a\u5316\u3057\u3066\u304a\u308a\u30012023 \u5e74\u521d\u3081\u306b\u306f\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u3082\u5237\u65b0\u3055\u308c\u307e\u3057\u305f\u3002\u88ab\u5bb3\u306f\u4e16\u754c\u5404\u56fd\u306e\u3055\u307e\u3056\u307e\u306a\u30bb\u30af\u30bf\u30fc\u306e\u7d44\u7e54\u3078\u5e83\u304c\u3063\u3066\u3044\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u540c\u30b0\u30eb\u30fc\u30d7\u306e TTP\u3001\u88ab\u5bb3\u30bb\u30af\u30bf\u30fc\u3084\u6240\u5728\u56fd\u3001\u7d44\u7e54\u306e\u53d6\u308b\u3079\u304d\u5bfe\u7b56\u3092\u307e\u3068\u3081\u307e\u3059\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\" \/>\n<meta property=\"og:description\" content=\"Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u6d3b\u767a\u5316\u3057\u3066\u304a\u308a\u30012023 \u5e74\u521d\u3081\u306b\u306f\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u3082\u5237\u65b0\u3055\u308c\u307e\u3057\u305f\u3002\u88ab\u5bb3\u306f\u4e16\u754c\u5404\u56fd\u306e\u3055\u307e\u3056\u307e\u306a\u30bb\u30af\u30bf\u30fc\u306e\u7d44\u7e54\u3078\u5e83\u304c\u3063\u3066\u3044\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u540c\u30b0\u30eb\u30fc\u30d7\u306e TTP\u3001\u88ab\u5bb3\u30bb\u30af\u30bf\u30fc\u3084\u6240\u5728\u56fd\u3001\u7d44\u7e54\u306e\u53d6\u308b\u3079\u304d\u5bfe\u7b56\u3092\u307e\u3068\u3081\u307e\u3059\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-12T01:09:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-17T08:03:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/03_Ransomware_Category_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Anthony Galiette, Doel Santos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2","description":"Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u6d3b\u767a\u5316\u3057\u3066\u304a\u308a\u30012023 \u5e74\u521d\u3081\u306b\u306f\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u3082\u5237\u65b0\u3055\u308c\u307e\u3057\u305f\u3002\u88ab\u5bb3\u306f\u4e16\u754c\u5404\u56fd\u306e\u3055\u307e\u3056\u307e\u306a\u30bb\u30af\u30bf\u30fc\u306e\u7d44\u7e54\u3078\u5e83\u304c\u3063\u3066\u3044\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u540c\u30b0\u30eb\u30fc\u30d7\u306e TTP\u3001\u88ab\u5bb3\u30bb\u30af\u30bf\u30fc\u3084\u6240\u5728\u56fd\u3001\u7d44\u7e54\u306e\u53d6\u308b\u3079\u304d\u5bfe\u7b56\u3092\u307e\u3068\u3081\u307e\u3059\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/","og_locale":"ja_JP","og_type":"article","og_title":"\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2","og_description":"Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u6d3b\u767a\u5316\u3057\u3066\u304a\u308a\u30012023 \u5e74\u521d\u3081\u306b\u306f\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u3082\u5237\u65b0\u3055\u308c\u307e\u3057\u305f\u3002\u88ab\u5bb3\u306f\u4e16\u754c\u5404\u56fd\u306e\u3055\u307e\u3056\u307e\u306a\u30bb\u30af\u30bf\u30fc\u306e\u7d44\u7e54\u3078\u5e83\u304c\u3063\u3066\u3044\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u540c\u30b0\u30eb\u30fc\u30d7\u306e TTP\u3001\u88ab\u5bb3\u30bb\u30af\u30bf\u30fc\u3084\u6240\u5728\u56fd\u3001\u7d44\u7e54\u306e\u53d6\u308b\u3079\u304d\u5bfe\u7b56\u3092\u307e\u3068\u3081\u307e\u3059\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/","og_site_name":"Unit 42","article_published_time":"2024-01-12T01:09:50+00:00","article_modified_time":"2024-06-17T08:03:05+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/03_Ransomware_Category_1920x900.jpg","type":"image\/jpeg"}],"author":"Anthony Galiette, Doel Santos","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/"},"author":{"name":"Doel Santos","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef34f17a15575a4a58a57503c03dcc00"},"headline":"\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2","datePublished":"2024-01-12T01:09:50+00:00","dateModified":"2024-06-17T08:03:05+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/"},"wordCount":1547,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/03_Ransomware_Category_1920x900.jpg","keywords":["Medusa","Medusa ransomware","RaaS","Transforming Scorpius","Windows"],"articleSection":["\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/","name":"\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/03_Ransomware_Category_1920x900.jpg","datePublished":"2024-01-12T01:09:50+00:00","dateModified":"2024-06-17T08:03:05+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef34f17a15575a4a58a57503c03dcc00"},"description":"Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30b0\u30eb\u30fc\u30d7\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u304c\u6d3b\u767a\u5316\u3057\u3066\u304a\u308a\u30012023 \u5e74\u521d\u3081\u306b\u306f\u30ea\u30fc\u30af \u30b5\u30a4\u30c8\u3082\u5237\u65b0\u3055\u308c\u307e\u3057\u305f\u3002\u88ab\u5bb3\u306f\u4e16\u754c\u5404\u56fd\u306e\u3055\u307e\u3056\u307e\u306a\u30bb\u30af\u30bf\u30fc\u306e\u7d44\u7e54\u3078\u5e83\u304c\u3063\u3066\u3044\u307e\u3059\u3002\u672c\u7a3f\u3067\u306f\u540c\u30b0\u30eb\u30fc\u30d7\u306e TTP\u3001\u88ab\u5bb3\u30bb\u30af\u30bf\u30fc\u3084\u6240\u5728\u56fd\u3001\u7d44\u7e54\u306e\u53d6\u308b\u3079\u304d\u5bfe\u7b56\u3092\u307e\u3068\u3081\u307e\u3059\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/03_Ransomware_Category_1920x900.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/03_Ransomware_Category_1920x900.jpg","width":1920,"height":900,"caption":"A digital illustration of a glowing red padlock symbol superimposed over a detailed circuit board background, emphasizing themes of cybersecurity and data protection. The image features vibrant red and blue lights to highlight the technological context."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/medusa-ransomware-escalation-new-leak-site\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"\u898b\u305f\u8005\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u77f3\u306b\u5909\u3048\u308b: Medusa \u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef34f17a15575a4a58a57503c03dcc00","name":"Doel Santos","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/4ffb3c2d260a0150fb91b3715442f8b3","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Doel Santos"},"url":"https:\/\/unit42.paloaltonetworks.com\/ja\/author\/doel-santos\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/131947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/343"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=131947"}],"version-history":[{"count":15,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/131947\/revisions"}],"predecessor-version":[{"id":135028,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/131947\/revisions\/135028"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/134362"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=131947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=131947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=131947"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=131947"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=131947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}