{"id":104549,"date":"2018-09-09T18:27:21","date_gmt":"2018-09-10T01:27:21","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=104549"},"modified":"2020-05-21T18:38:57","modified_gmt":"2020-05-22T01:38:57","slug":"unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/","title":{"rendered":"\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046"},"content":{"rendered":"<h2><a id=\"post-104549-\u6982\u8981\"><\/a>\u6982\u8981<\/h2>\n<p>Unit 42\u306f\u3001\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u306e\u4e9c\u7a2e\u3092\u65b0\u305f\u306b\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u30012016\u5e7411\u6708\u4ee5\u964d\u306e\u524d\u4f8b\u306e\u306a\u3044Distributed Denial of Service (DDoS)\u653b\u6483\u306b\u95a2\u308f\u308a\u306e\u3042\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u3067\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u4e9c\u7a2e\u306f\u3001\u6b21\u306e2\u3064\u306e\u7406\u7531\u304b\u3089\u6ce8\u76ee\u306b\u5024\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>\u65b0\u3057\u3044Mirai\u306f\u30012017\u5e74\u306bEquifax\u306e\u30c7\u30fc\u30bf\u6f0f\u6d29\u3092\u5f15\u304d\u8d77\u3053\u3057\u305f\u3082\u306e\u3068\u540c\u3058Apache Struts\u306e\u8106\u5f31\u6027\u3092\u6a19\u7684\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/li>\n<li>\u65b0\u3057\u3044Gafgyt\u306f\u3001SonicWall\u306e<a href=\"https:\/\/www.sonicwall.com\/en-us\/support\/product-lifecycle-tables?product=sonicwall-gms&amp;type=software\">\u30b5\u30dd\u30fc\u30c8\u671f\u9650\u304c\u5207\u308c\u305f<\/a>\u65e7\u30d0\u30fc\u30b8\u30e7\u30f3\u306eGlobal Management System (GMS)\u306b\u4f5c\u7528\u3059\u308b\u3001\u65b0\u305f\u306b\u767a\u898b\u3055\u308c\u305f\u8106\u5f31\u6027\u3092\u6a19\u7684\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u3053\u306e\u3088\u3046\u306a\u51fa\u6765\u4e8b\u306f\u3001\u53e4\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u4f7f\u7528\u3059\u308b\u4f01\u696d\u5411\u3051\u30c7\u30d0\u30a4\u30b9\u3092\u6a19\u7684\u306b\u3057\u305fIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u304c\u5897\u3048\u3066\u3044\u308b\u3053\u3068\u793a\u5506\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3059\u3079\u3066\u306e\u7d44\u7e54\u306f\u3001\u30b7\u30b9\u30c6\u30e0\u3060\u3051\u3067\u306a\u304fIoT\u30c7\u30d0\u30a4\u30b9\u3082\u6700\u65b0\u306e\u72b6\u614b\u306b\u3057\u3001\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3059\u308b\u3088\u3046\u306b\u52aa\u3081\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306b\u3064\u3044\u3066\u306f\u3001WidlFire\u304c\u3001\u60aa\u610f\u304c\u3042\u308b\u3068\u5224\u65ad\u3057\u305f\u3059\u3079\u3066\u306e\u95a2\u9023\u30b5\u30f3\u30d7\u30eb\u3092\u691c\u51fa\u3057\u307e\u3059\u3002\u305d\u306e\u4ed6\u306e\u4fdd\u8b77\u306b\u3064\u3044\u3066\u306f\u3001\u4ee5\u4e0b\u306e\u7d50\u8ad6\u3067\u8a00\u53ca\u3057\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-104549-\u8abf\u67fb\"><\/a>\u8abf\u67fb<\/h2>\n<p>2018\u5e749\u67087\u65e5\u3001Unit 42\u306fMirai\u4e9c\u7a2e\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u8abf\u3079\u300116\u7a2e\u985e\u306e\u500b\u3005\u306e\u8106\u5f31\u6027\u3092\u6a19\u7684\u3068\u3059\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002<a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u904e\u53bb\u306b\u306f<\/a>\u3001Mirai\u306e1\u3064\u306e\u30b5\u30f3\u30d7\u30eb\u306b\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u304c\u3042\u308a\u307e\u3057\u305f\u304c\u3001\u3053\u308c\u306fMirai\u304cApache Struts\u306e\u8106\u5f31\u6027\u3092\u6a19\u7684\u3068\u3059\u308b\u521d\u3081\u3066\u306e\u4e8b\u4f8b\u3067\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u3001Unit 42\u306f8\u6708\u4e2d\u306b\u3001\u3059\u3067\u306b\u5225\u306eIP\u30a2\u30c9\u30ec\u30b9\u306b\u89e3\u6c7a\u3055\u308c\u305f\u3053\u308c\u3089\u306eMirai\u30b5\u30f3\u30d7\u30eb\u3092\u30db\u30b9\u30c8\u3057\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u3092\u898b\u3064\u3051\u307e\u3057\u305f\u3002\u305d\u306e\u9593\u3001\u3053\u306eIP\u306f\u3001\u65e7\u30d0\u30fc\u30b8\u30e7\u30f3\u306eSonicWall Global Management System (GMS)\u306b\u4f5c\u7528\u3059\u308bSonicWall\u306e\u8106\u5f31\u6027(CVE-2018-9866)\u3092\u72d9\u3063\u3066\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u7d44\u307f\u8fbc\u3093\u3060Gafgyt\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u65ad\u7d9a\u7684\u306b\u30db\u30b9\u30c8\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u51fa\u6765\u4e8b\u306f\u3001SonciWall\u306b\u3059\u3067\u306b\u901a\u77e5\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306eIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u306b\u3088\u308bApache Struts\u304a\u3088\u3073SonicWall\u3092\u6a19\u7684\u3068\u3057\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u7d44\u307f\u8fbc\u307f\u306f\u3001\u6a19\u7684\u304c\u5bb6\u5ead\u5411\u3051\u30c7\u30d0\u30a4\u30b9\u304b\u3089\u4f01\u696d\u5411\u3051\u30c7\u30d0\u30a4\u30b9\u3078\u3068\u5927\u304d\u304f\u79fb\u884c\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-104549-X0448a4959782662d19952fead18a20c751f77ba\"><\/a>\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fMirai\u4e9c\u7a2e\u306eApache Struts\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8<\/h3>\n<p>\u4eca\u56de\u767a\u898b\u3057\u305f\u65b0\u3057\u3044\u4e9c\u7a2e\u306b\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u308bApache Struts\u3092\u6a19\u7684\u3068\u3059\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u3001\u5de7\u307f\u306b\u4f5c\u3089\u308c\u305fContent-Type\u3001Content-Disposition\u3001\u307e\u305f\u306fContent-Length HTTP\u30d8\u30c3\u30c0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u3001\u4efb\u610f\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027(<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5638\">CVE-2017-5638<\/a>)\u3092\u653b\u6483\u3057\u307e\u3059\u3002\u56f31\u306b\u305d\u306e\u5f62\u5f0f\u3092\u793a\u3057\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u5f37\u8abf\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><em><span style=\"font-size: 10pt;\"><img width=\"974\" height=\"402\"  class=\"wp-image-104550 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-189.png\" \/><\/span><\/em><\/p>\n<p style=\"text-align: center;\"><em><span style=\"font-size: 10pt;\">\u56f31 CVE-2017-5638\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u5f62\u5f0f<\/span><\/em><\/p>\n<p>\u3053\u306eMirai\u4e9c\u7a2e\u306b\u7d44\u307f\u8fbc\u307e\u308c\u305f\u4ed6\u306e15\u7a2e\u985e\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306b\u3064\u3044\u3066\u306f\u3001\u4ee5\u4e0b\u306e<a href=\"#post-104549-table2\">\u4ed8\u9332\u306e\u88682<\/a>\u3067\u8a73\u3057\u304f\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u30b5\u30f3\u30d7\u30eb\u306fMirai\u306e\u4e9c\u7a2e\u3067\u3059\u304c\u3001Mirai\u304c\u901a\u5e38\u4f7f\u7528\u3059\u308b\u7dcf\u5f53\u305f\u308a\u653b\u6483\u6a5f\u80fd\u3092\u5099\u3048\u3066\u304a\u3089\u305a\u3001C2\u3068\u3057\u3066l[.]ocalhost[.]host:47883\u3092\u4f7f\u7528\u3057\u3001Mirai\u3068\u540c\u3058\u6697\u53f7\u30b9\u30ad\u30fc\u30e0\u3067\u30ad\u30fc0xdeadf00d\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-104549-gafgyt\u4e9c\u7a2e\u306esonicwall-gms\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\"><\/a>Gafgyt\u4e9c\u7a2e\u306eSonicWall GMS\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8<\/h3>\n<p>2016\u5e7411\u6708\u307e\u3067<a href=\"https:\/\/securelist.com\/new-wave-of-mirai-attacking-home-routers\/76791\/\">\u904e\u53bb\u306b<\/a>\u9061\u308b\u3068\u3001\u4e0a\u8a18\u306eMirai\u4e9c\u7a2e\u3067C2\u3068\u3057\u3066\u6a5f\u80fd\u3057\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u63d0\u4f9b\u3059\u308b\u30c9\u30e1\u30a4\u30f3l[.]ocalhost[.]host\u304c\u3001\u4ed6\u306eMirai\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306b\u3082\u95a2\u4e0e\u3057\u3066\u3044\u305f\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>2018\u5e748\u6708\u306e\u3042\u308b\u6642\u671f\u306b\u3001\u540c\u3058\u30c9\u30e1\u30a4\u30f3\u304c\u5225\u306eIP\u30a2\u30c9\u30ec\u30b9185[.]10[.]68[.]127\u306b\u89e3\u6c7a\u3055\u308c\u307e\u3057\u305f\u3002\u305d\u306e\u6642\u3001\u79c1\u305f\u3061\u306f\u3001\u305d\u306eIP\u304c\u6700\u8fd1\u767a\u898b\u3055\u308c\u305fSonicWall\u306e\u8106\u5f31\u6027(<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-9866\">CVE-2018-9866<\/a>)\u3092\u72d9\u3046\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305f\u3001Gafgyt\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u30db\u30b9\u30c8\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u3001<a href=\"https:\/\/software.sonicwall.com\/GMSViewPointVA\/Documentation\/232-003379-00_RevB_GMS_8.2_ReleaseNotes.pdf\">\u73fe\u5728\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b\u30d0\u30fc\u30b8\u30e7\u30f3<\/a>\u306b\u542b\u307e\u308c\u306a\u3044\u53e4\u3044\u30b5\u30dd\u30fc\u30c8\u5bfe\u8c61\u5916\u306eSonicWall Global Management System (GMS) (8.1\u4ee5\u524d)\u306b\u5f71\u97ff\u3057\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u6a19\u7684\u3068\u3059\u308b\u8106\u5f31\u6027CVE-2018-9866\u306f\u3001set_time_config\u30e1\u30bd\u30c3\u30c9\u306b\u5bfe\u3059\u308bXML-RPC\u30ea\u30af\u30a8\u30b9\u30c8\u304c\u30b5\u30cb\u30bf\u30e9\u30a4\u30ba\u3055\u308c\u3066\u3044\u306a\u3044\u305f\u3081\u306b\u751f\u3058\u307e\u3059\u3002\u56f32\u306b\u3001\u30b5\u30f3\u30d7\u30eb\u3067\u4f7f\u7528\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u793a\u3057\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u5f37\u8abf\u8868\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"897\" height=\"243\"  class=\"wp-image-104552 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-190.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><em><span style=\"font-size: 10pt;\">\u56f32 SonicWall\u306eset_time_config RCE\u306e\u5f62\u5f0f<\/span><\/em><\/p>\n<p>\u3053\u308c\u3089\u306e\u30b5\u30f3\u30d7\u30eb\u304c\u521d\u3081\u3066\u660e\u3089\u304b\u306b\u306a\u3063\u305f\u306e\u306f8\u67085\u65e5\u3067\u3001\u3053\u306e\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3059\u308b<a href=\"https:\/\/www.exploit-db.com\/exploits\/45124\/\">Metasploit\u30e2\u30b8\u30e5\u30fc\u30eb<\/a>\u304c\u516c\u958b\u3055\u308c\u3066\u304b\u3089\u4e00\u9031\u9593\u3082\u7d4c\u3063\u3066\u3044\u306a\u3044\u3068\u304d\u3067\u3057\u305f\u30022018\u5e747\u670817\u65e5\u306b\u516c\u958b\u3055\u308c\u305f\u3053\u306e\u4ef6\u306b\u95a2\u3059\u308bSonicWall\u306e\u516c\u5f0f\u306a\u5831\u544a\u306f\u3001<a href=\"https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2018-0007\">\u3053\u3053<\/a>\u3067\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u79c1\u305f\u3061\u304c\u767a\u898b\u3057\u305f\u30b5\u30f3\u30d7\u30eb\u306f\u3001Mirai\u3067\u306f\u306a\u304fGafgyt\u306e\u30b3\u30fc\u30c9\u30d9\u30fc\u30b9\u3092\u4f7f\u7528\u3057\u3066\u69cb\u7bc9\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u8868\u3067\u3001\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30b3\u30de\u30f3\u30c9\u306e\u4e00\u90e8\u3092\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td>\u30b3\u30de\u30f3\u30c9<\/td>\n<td>\u8aac\u660e<\/td>\n<\/tr>\n<tr>\n<td>!* SCANNER &lt;HUAWEI\/GPON\/DLINK\/SONICWALL\/OFF&gt;<\/td>\n<td>\u30dc\u30c3\u30c8\u306f\u3001\u6e21\u3055\u308c\u305f\u5f15\u6570\u306b\u57fa\u3065\u3044\u3066\u3001\u30c7\u30d0\u30a4\u30b9\u3078\u306e\u95a2\u9023\u3059\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u9001\u4fe1\u3092\u958b\u59cb\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>HUAWEI: CVE-2017-17215\u3092\u9001\u4fe1\u3057\u307e\u3059(<a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3092\u53c2\u7167)<\/li>\n<li>GPON: \u4e0a\u8a18\u3068\u540c\u3058<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>DLINK: D-Link DSL 2750B OS\u30b3\u30de\u30f3\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u9001\u4fe1\u3057\u307e\u3059(<a href=\"#post-104549-table2\">\u88682<\/a>\u3092\u53c2\u7167)<\/li>\n<li>SONICWALL: \u56f32\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u9001\u4fe1\u3057\u307e\u3059<\/li>\n<li>OFF: \u30dc\u30c3\u30c8\u306b\u95a2\u9023\u3059\u308b\u30d7\u30ed\u30bb\u30b9\u306e\u5b9f\u884c\u3092\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td>!* BIN_UPDATE &lt;HTTP SERVER&gt; &lt;FILE LOCATION&gt;<\/td>\n<td>&lt;HTTP_SERVER&gt;\u304b\u3089\u66f4\u65b0\u3092\u53d6\u5f97\u3057\u3001\u305d\u308c\u3092&lt;FILE_LOCATION&gt;\u306b\u4fdd\u5b58\u3057\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059<\/td>\n<\/tr>\n<tr>\n<td>!* BN &lt;IP&gt; &lt;PORT&gt; &lt;TIME&gt;<\/td>\n<td>&lt;TIME&gt;\u79d2\u306e\u9593\u3001&lt;IP&gt;:&lt;PORT&gt;\u306b\u5bfe\u3059\u308bBlacknurse DDoS\u653b\u6483\u3092\u958b\u59cb\u3057\u307e\u3059<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-size: 10pt;\"><em>\u88681 \u4e9c\u7a2e\u304cSonicWall\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3067\u4f7f\u7528\u3059\u308b\u30b3\u30de\u30f3\u30c9\u306e\u4e00\u90e8<\/em><\/span><\/p>\n<p><a href=\"https:\/\/www.blacknurse.dk\/\">Blacknurse<\/a>\u306f\u3001CPU\u3092\u9ad8\u8ca0\u8377\u306b\u3059\u308b\u3001ICMP\u30bf\u30a4\u30d73\u30b3\u30fc\u30c93\u306e\u30d1\u30b1\u30c3\u30c8\u3092\u4f34\u3046\u4f4e\u5e2f\u57df\u5e45DDoS\u653b\u6483\u3067\u30012016\u5e7411\u6708\u306b\u521d\u3081\u3066\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306eDDoS\u624b\u6cd5\u3092\u4f7f\u7528\u3059\u308b\u30b5\u30f3\u30d7\u30eb\u3092\u521d\u3081\u3066\u898b\u305f\u306e\u306f\u30012017\u5e749\u6708\u306e\u3053\u3068\u3067\u3059\u3002<\/p>\n<h2><a id=\"post-104549-\u7d50\u8ad6\"><\/a>\u7d50\u8ad6<\/h2>\n<p>\u3053\u308c\u3089\u306eIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u306b\u3088\u308bApache Struts\u304a\u3088\u3073SonicWall\u3092\u6a19\u7684\u3068\u3057\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u7d44\u307f\u8fbc\u307f\u306f\u3001\u6a19\u7684\u304c\u5bb6\u5ead\u5411\u3051\u30c7\u30d0\u30a4\u30b9\u304b\u3089\u4f01\u696d\u5411\u3051\u30c7\u30d0\u30a4\u30b9\u3078\u3068\u5927\u304d\u304f\u79fb\u884c\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306eAutoFocus\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u304a\u5ba2\u69d8\u306f\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u500b\u3005\u306e\u30bf\u30b0\u3092\u4f7f\u7528\u3057\u3066\u3053\u308c\u3089\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092\u8ffd\u8de1\u3067\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.CVE-2017-5638\">CVE-2017-5638<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.CVE-2018-9866\">CVE-2018-9866<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.EnGeniusRCE\">EnGeniusRCE<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.CVE-2017-6884\">CVE-2017-6884<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.DLinkDSL2750BOSCmdInjection\">DLinkDSL2750BOSCmdInjection<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.GPONExploits\">GPONExploits<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.CVE-2017-17215\">CVE-2017-17215<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.DLinkcommandphpRCE\">DLinkcommandphpRCE<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.DLinkOSInjection\">DLinkOSInjection<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.NetgearRCE\">NetgearRCE<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.VacronNVRRCE\">VacronNVRRCE<\/a><\/li>\n<\/ul>\n<p>AutoFocus\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u30de\u30eb\u30a6\u30a7\u30a2 \u30d5\u30a1\u30df\u30ea\u306e\u30bf\u30b0\u3082\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.Gafgyt\">Gafygt<\/a><\/li>\n<li><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.ELFMirai\">ELFMirai<\/a><\/li>\n<\/ul>\n<p>WildFire\u306f\u3001\u3059\u3079\u3066\u306e\u95a2\u9023\u30b5\u30f3\u30d7\u30eb\u3092\u60aa\u610f\u304c\u3042\u308b\u3082\u306e\u3068\u3057\u3066\u691c\u51fa\u3057\u307e\u3059\u3002<\/p>\n<p>\u4ee5\u4e0b\u306b\u3001Apache Struts\u3092\u653b\u6483\u3059\u308bMirai\u4e9c\u7a2e\u3067\u6a19\u7684\u3068\u3055\u308c\u308b\u4ed6\u306e\u8106\u5f31\u6027\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n<p>\u88682 \u540c\u3058\u30b5\u30f3\u30d7\u30eb\u3067\u4f7f\u7528\u3055\u308c\u305f\u4ed6\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8<\/p>\n<p>&nbsp;<\/p>\n<table>\n<tbody>\n<tr>\n<td>\u8106\u5f31\u6027<\/td>\n<td>\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30c7\u30d0\u30a4\u30b9<\/td>\n<td>\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u5f62\u5f0f<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5638\">CVE-2017-5638<\/a><\/td>\n<td>Apache Struts\u306e\u30d1\u30c3\u30c1\u672a\u9069\u7528\u306e\u30c7\u30d0\u30a4\u30b9<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/31683\/\">Linksys RCE<\/a><\/td>\n<td>Linksys E\u30b7\u30ea\u30fc\u30ba \u30c7\u30d0\u30a4\u30b9<\/td>\n<td><img width=\"604\" height=\"214\"  class=\"wp-image-104554 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-191.png\" \/><\/p>\n<p>\u30b5\u30f3\u30d7\u30eb\u306b\u306f\u3001\u4ee5\u4e0b\u3092\u5bfe\u8c61\u3068\u3059\u308b\u3001GET\u304a\u3088\u3073POST\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u4f7f\u7528\u3057\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u4ed6\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><img width=\"606\" height=\"29\"  class=\"wp-image-104556 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-192.png\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3445\">Vacron NVR RCE<\/a><\/td>\n<td>Vacron NVR \u30c7\u30d0\u30a4\u30b9<\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3068\u540c\u69d8<\/p>\n<p>\u3053\u306e\u4e9c\u7a2e\u306b\u306f\u3001\u540c\u3058\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306ePOST\u30ea\u30af\u30a8\u30b9\u30c8\u7248\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><img width=\"604\" height=\"166\"  class=\"wp-image-104558 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-193.png\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/27528\/\">D-Link command.php RCE<\/a><\/td>\n<td>\u4e00\u90e8\u306eD-Link\u30c7\u30d0\u30a4\u30b9<\/td>\n<td><img width=\"601\" height=\"167\"  class=\"wp-image-104560 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-194.png\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/39596\/\">CCTV\/DVR RCE<\/a><\/td>\n<td>CCTV\/DVR 70\u4ee5\u4e0a\u306e\u30d9\u30f3\u30c0\u30fc\u304b\u3089\u306eRCE CCTV\u3001DVR<\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3068\u540c\u69d8<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/42114\/\">EnGenius RCE<\/a><\/td>\n<td>EnGenius EnShare IoT Gigabit Cloud Service 1.4.11<\/td>\n<td><img width=\"602\" height=\"167\"  class=\"wp-image-104562 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-195.png\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/40500\/\">AVTECH \u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u30b3\u30de\u30f3\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/a><\/td>\n<td>AVTECH IP Camera\/NVR\/DVR \u30c7\u30d0\u30a4\u30b9<\/td>\n<td><img width=\"604\" height=\"103\"  class=\"wp-image-104564 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-196.png\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/41782\/\">CVE-2017-6884<\/a><\/td>\n<td>Zyxel\u30eb\u30fc\u30bf\u30fc<\/td>\n<td><img width=\"603\" height=\"255\"  class=\"wp-image-104566 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-197.png\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/41499\/\">NetGain 'ping'\u30b3\u30de\u30f3\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/a><\/td>\n<td>NetGain Enterprise Manager 7.2.562<\/td>\n<td><img width=\"603\" height=\"424\"  class=\"wp-image-104568 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-57.jpeg\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/40212\/\">NUUO OS \u30b3\u30de\u30f3\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/a><\/td>\n<td>NUUO NVRmini 2 3.0.8<\/td>\n<td><img width=\"603\" height=\"361\"  class=\"wp-image-104570 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-58.jpeg\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/40212\/\">NUUOS OS \u30b3\u30de\u30f3\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/a><\/td>\n<td>NUUO NVRmini 2 3.0.8<\/td>\n<td><img width=\"603\" height=\"334\"  class=\"wp-image-104572 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-59.jpeg\" \/><\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/43055\/\">Netgear setup.cgi unauthenticated RCE<\/a><\/td>\n<td>DGN1000 Netgear \u30eb\u30fc\u30bf\u30fc<\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3068\u540c\u69d8<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/37171\/\">HNAP SoapAction-Header\u30b3\u30de\u30f3\u30c9\u5b9f\u884c<\/a><\/td>\n<td>D-Link\u30c7\u30d0\u30a4\u30b9<\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3068\u540c\u69d8<\/p>\n<p>\u3053\u306e\u4e9c\u7a2e\u306f\u3001\u4e0a\u8a18\u30ea\u30f3\u30af\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u7528\u3055\u308c\u305f\u4e0d\u5b8c\u5168\u306a\u3082\u306e\u3068\u306f\u9055\u3044\u3001\u6709\u52b9\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001SOAPAction\u3092\u30bf\u30fc\u30b2\u30c3\u30c8\u306b\u3057\u307e\u3059\u3002 http:\/\/purenetworks[.]com\/HNAP1\/GetDeviceSettings\/<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/44760\/\">D-Link OS\u30b3\u30de\u30f3\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/a><\/td>\n<td>D-Link DSL-2750B<\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3068\u540c\u69d8<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/41471\/\">JAWS Web\u30b5\u30fc\u30d0\u30fc\u8a8d\u8a3c\u30b7\u30a7\u30eb \u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c<\/a><\/td>\n<td>MVPower DVR\u306a\u3069<\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3068\u540c\u69d8<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.exploit-db.com\/exploits\/44576\/\">CVE-2018-10561, CVE-2018-10562<\/a><\/td>\n<td>Dasan GPON<\/p>\n<p>\u30eb\u30fc\u30bf\u30fc<\/td>\n<td><a href=\"https:\/\/unit42.paloaltonetworks.jp\/unit42-finds-new-mirai-gafgyt-iotlinux-botnet-campaigns\/\">\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3068\u540c\u69d8<\/p>\n<p>\u3053\u306e\u4e9c\u7a2e\u306b\u306f\u3001\u540c\u3058\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306ePOST\u30ea\u30af\u30a8\u30b9\u30c8\u7248\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><a id=\"post-104549-ioc\"><\/a>IOC<\/h2>\n<h3><a id=\"post-104549-Xb420b362c83c3676370c4a1611c073ce240b03b\"><\/a>Apache Struts\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8CVE-2017-5638\u3092\u4f7f\u7528\u3057\u305f\u30b5\u30f3\u30d7\u30eb<\/h3>\n<ul>\n<li>d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397<\/li>\n<li>710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255<\/li>\n<li>52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2<\/li>\n<li>078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb<\/li>\n<li>ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79<\/li>\n<li>49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f<\/li>\n<li>99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348<\/li>\n<li>ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e<\/li>\n<li>1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669<\/li>\n<\/ul>\n<h3><a id=\"post-104549-X8823f066f770e9529d14ac69c225af7c0649172\"><\/a>Sonicwall GMS\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8CVE-2018-9866\u3092\u4f7f\u7528\u3057\u305f\u30b5\u30f3\u30d7\u30eb<\/h3>\n<ul>\n<li>1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208<\/li>\n<li>29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb<\/li>\n<li>39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6<\/li>\n<li>596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99<\/li>\n<li>68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35<\/li>\n<li>92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1<\/li>\n<li>aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6<\/li>\n<li>d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb<\/li>\n<li>dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18<\/li>\n<li>f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136<\/li>\n<li>fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3<\/li>\n<\/ul>\n<h3><a id=\"post-104549-\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\"><\/a>\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3<\/h3>\n<ul>\n<li>l[.]ocalhost[.]host<\/li>\n<li>185[.]10[.]68[.]213<\/li>\n<li>185[.]10[.]68[.]127<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 Unit 42\u306f\u3001\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u306e\u4e9c\u7a2e\u3092\u65b0\u305f\u306b\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u30012016\u5e7411\u6708\u4ee5\u964d\u306e\u524d\u4f8b\u306e\u306a\u3044Distributed Denial of Service (DDoS<\/p>\n","protected":false},"author":63,"featured_media":103976,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4469,1974,4428,4470],"tags":[6915,6917,4689,5561,6918,6119,6323,4679,4553,4547,5551],"product_categories":[4340,4444],"coauthors":[887],"class_list":["post-104549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities","category-malware-ja","category-threat-research-ja","category-vulnerabilities-ja","tag-apache-struts-ja","tag-blacknurse-ja","tag-botnet-ja","tag-cve-2017-5638-ja","tag-cve-2018-9866","tag-exploits-ja","tag-gafgyt-ja","tag-iot-ja","tag-linux-ja","tag-mirai-ja","tag-sonicwall-rce-ja","product_categories-advanced-wildfire","product_categories-advanced-wildfire-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046<\/title>\n<meta name=\"description\" content=\"Unit 42\u306f\u3001\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u306e\u4e9c\u7a2e\u3092\u65b0\u305f\u306b\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u30012016\u5e7411\u6708\u4ee5\u964d\u306e\u524d\u4f8b\u306e\u306a\u3044Distributed Denial of Service (DDoS)\u653b\u6483\u306b\u95a2\u308f\u308a\u306e\u3042\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u3067\u3059\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046\" \/>\n<meta property=\"og:description\" content=\"Unit 42\u306f\u3001\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u306e\u4e9c\u7a2e\u3092\u65b0\u305f\u306b\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u30012016\u5e7411\u6708\u4ee5\u964d\u306e\u524d\u4f8b\u306e\u306a\u3044Distributed Denial of Service (DDoS)\u653b\u6483\u306b\u95a2\u308f\u308a\u306e\u3042\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u3067\u3059\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-10T01:27:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-22T01:38:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ruchna Nigam\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046","description":"Unit 42\u306f\u3001\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u306e\u4e9c\u7a2e\u3092\u65b0\u305f\u306b\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u30012016\u5e7411\u6708\u4ee5\u964d\u306e\u524d\u4f8b\u306e\u306a\u3044Distributed Denial of Service (DDoS)\u653b\u6483\u306b\u95a2\u308f\u308a\u306e\u3042\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u3067\u3059\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/","og_locale":"ja_JP","og_type":"article","og_title":"\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046","og_description":"Unit 42\u306f\u3001\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u306e\u4e9c\u7a2e\u3092\u65b0\u305f\u306b\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u30012016\u5e7411\u6708\u4ee5\u964d\u306e\u524d\u4f8b\u306e\u306a\u3044Distributed Denial of Service (DDoS)\u653b\u6483\u306b\u95a2\u308f\u308a\u306e\u3042\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u3067\u3059\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/","og_site_name":"Unit 42","article_published_time":"2018-09-10T01:27:21+00:00","article_modified_time":"2020-05-22T01:38:57+00:00","og_image":[{"width":600,"height":300,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","type":"image\/jpeg"}],"author":"Ruchna Nigam","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/"},"author":{"name":"Ruchna Nigam","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/d0358d0f988418aaaa78b113b11dcc64"},"headline":"\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046","datePublished":"2018-09-10T01:27:21+00:00","dateModified":"2020-05-22T01:38:57+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/"},"wordCount":597,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","keywords":["Apache Struts","BlackNurse","botnet","CVE-2017-5638","CVE-2018-9866","exploits","Gafgyt","IoT","Linux","Mirai","SonicWall RCE"],"articleSection":["Vulnerabilities","\u30de\u30eb\u30a6\u30a7\u30a2","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1","\u8106\u5f31\u6027"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/","name":"\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","datePublished":"2018-09-10T01:27:21+00:00","dateModified":"2020-05-22T01:38:57+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/d0358d0f988418aaaa78b113b11dcc64"},"description":"Unit 42\u306f\u3001\u3088\u304f\u77e5\u3089\u308c\u3066\u3044\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u306e\u4e9c\u7a2e\u3092\u65b0\u305f\u306b\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u30012016\u5e7411\u6708\u4ee5\u964d\u306e\u524d\u4f8b\u306e\u306a\u3044Distributed Denial of Service (DDoS)\u653b\u6483\u306b\u95a2\u308f\u308a\u306e\u3042\u308bIoT\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u3067\u3059\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","width":600,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"\u8907\u6570\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fIoT\/Linux\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8Mirai\u3001Gafgyt\u304cApache Struts\u3001SonicWall\u3092\u72d9\u3046"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/d0358d0f988418aaaa78b113b11dcc64","name":"Ruchna Nigam","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/9213e49ea48b7676660bac40d05c9e3e","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Ruchna Nigam"},"url":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/author\/ruchna-nigam\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/104549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=104549"}],"version-history":[{"count":3,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/104549\/revisions"}],"predecessor-version":[{"id":107317,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/104549\/revisions\/107317"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/103976"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=104549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=104549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=104549"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=104549"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=104549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}