{"id":104576,"date":"2018-10-25T06:00:11","date_gmt":"2018-10-25T13:00:11","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=104576"},"modified":"2020-02-17T21:40:37","modified_gmt":"2020-02-18T05:40:37","slug":"unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/","title":{"rendered":"Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5"},"content":{"rendered":"<h2><a id=\"post-104576-\u6982\u8981\"><\/a>\u6982\u8981<\/h2>\n<p>\u6628\u4eca\u306e\u719f\u7df4\u3057\u305f\u653b\u6483\u8005\u306f\uff64\u5546\u7528\u30c4\u30fc\u30eb\u3084\u5546\u7528\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u3064\u304b\u3044\uff64\u521d\u56de\u914d\u4fe1\u306e\u624b\u6bb5\u3082\u30b7\u30f3\u30d7\u30eb\u306a\u3082\u306e\u3092\u5229\u7528\u3057\u307e\u3059\uff61\u305d\u306e\u76ee\u7684\u306f\uff64\u81ea\u8eab\u306e\u884c\u52d5\u3092\u76ee\u7acb\u305f\u305b\u305a\uff64\u72af\u884c\u3068\u7d50\u3073\u4ed8\u3051\u3089\u308c\u308b\u30ea\u30b9\u30af(\u5e30\u5c5e\u30ea\u30b9\u30af)\u3092\u5bb9\u6613\u306b\u56de\u907f\u3059\u308b\u3053\u3068\u3067\u3059\uff61<\/p>\n<p>\u3068\u304f\u306b\u3088\u304f\u898b\u3089\u308c\u308b\u624b\u53e3\u306e1\u3064\u304cSNS\u3084\u4e00\u822c\u7684\u306a\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8(<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-0199\">CVE-2017-0199<\/a>\u3084<a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/unraveling-ThreadKit-new-document-exploit-builder-distribute-The-Trick-Formbook-Loki-Bot-malware\">ThreadKit\u30d3\u30eb\u30c0\u30fc<\/a>\u306a\u3069)\u3092\u60aa\u7528\u3057\u305f\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u30e1\u30fc\u30eb\u3092\u76ee\u7684\u306e\u7d44\u7e54\u306e\u5f93\u696d\u54e1\u306b\u9001\u308b\u65b9\u6cd5\u3067\u3059\uff61\u3053\u3046\u3057\u305f\u521d\u671f\u6bb5\u968e\u306e\u611f\u67d3\u306b\u6210\u529f\u3057\u3066\u306f\u3058\u3081\u3066\uff64\u9ad8\u5ea6\u306a\u30ab\u30b9\u30bf\u30e0\u30de\u30eb\u30a6\u30a7\u30a2\uff64\u30ab\u30b9\u30bf\u30e0\u30c4\u30fc\u30eb\uff64\u4fb5\u5bb3\u74b0\u5883\u306b\u3082\u3068\u304b\u3089\u5b58\u5728\u3059\u308b\u30c4\u30fc\u30eb (PowerShell\u3084<a href=\"https:\/\/attack.mitre.org\/wiki\/Technique\/T1191\">CMSTP<\/a>\u3001<a href=\"https:\/\/attack.mitre.org\/wiki\/Technique\/T1117\">Regsvr32<\/a>\u306a\u3069)\u3092\u5229\u7528\u3057\u305f\u653b\u6483\u3092\u306f\u3058\u3081\u308b\u306e\u3067\u3059\u3002\u304a\u304b\u3052\u3067\u8105\u5a01\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u3084\u9632\u5fa1\u62c5\u5f53\u8005\u306f\u81a8\u5927\u306a\u60c5\u5831\u3092\u3088\u308a\u5206\u3051\u3066\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3068\u305d\u306e\u76ee\u7684\u3092\u7279\u5b9a\u305b\u306d\u3070\u306a\u3089\u305a\uff64\u8abf\u67fb\u306f\u3088\u308a\u3044\u3063\u305d\u3046\u56f0\u96e3\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u305f\u3060\u3057\uff64\u5546\u7528\u30d3\u30eb\u30c0\u30fc\u3084\u30c4\u30fc\u30eb\u304c\u4f7f\u308f\u308c\u3066\u3082\uff64\u653b\u6483\u8005\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u7279\u5b9a\u3084\u8ffd\u8de1\u306b\u5f79\u7acb\u3064\u30b7\u30b0\u30ca\u30eb\u3084\u7279\u5fb4\u3092\u898b\u3064\u3051\u308b\u30c1\u30e3\u30f3\u30b9\u306f\u6b8b\u3063\u3066\u3044\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<p>\u524d\u8ff0\u306e\u6226\u7565\u3092\u4f7f\u3046\u3053\u3068\u3067\u6709\u540d\u306a\u30b0\u30eb\u30fc\u30d7\u306e1\u3064\u304c\u300cCobalt Gang\u300d\u3067\u3059\u3002Cobalt Gang\u306f\u3001\u4eca\u5e74\u30b9\u30da\u30a4\u30f3\u3067\u30ea\u30fc\u30c0\u30fc\u3068\u76ee\u3055\u308c\u308b\u4eba\u7269\u304c<a href=\"https:\/\/www.europol.europa.eu\/newsroom\/news\/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain\">\u902e\u6355\u3055\u308c\u305f<\/a>\u5f8c\u3082\uff64\u3044\u305c\u3093\u3068\u3057\u3066\u76db\u3093\u306b\u6d3b\u52d5\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>2018\u5e7410\u6708\u3001\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u8105\u5a01\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u8abf\u67fb\u30c1\u30fc\u30e0Unit 42\u306f\u3001Cobalt Gang\u306b\u3088\u308b\u73fe\u884c\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u8abf\u67fb\u3092\u9032\u3081\u308b\u3068\u540c\u6642\u306b\u3001<a href=\"https:\/\/blog.talosintelligence.com\/2018\/07\/multiple-cobalt-personality-disorder.html\">Talos<\/a>\u3084<a href=\"https:\/\/blog.morphisec.com\/cobalt-gang-2.0\">Morphisec<\/a>\u306b\u3088\u308b\u30ec\u30dd\u30fc\u30c8\u3067\u5831\u544a\u3055\u308c\u3066\u3044\u308b\u3082\u306e\u3092\u306f\u3058\u3081\u3001\u3055\u307e\u3056\u307e\u306a\u8abf\u67fb\u30ec\u30dd\u30fc\u30c8\u3067\u516c\u8868\u3055\u308c\u3066\u3044\u308b\u6700\u65b0\u306e\u60c5\u5831\u3092\u5229\u7528\u3057\u3064\u3064\u3001\u65b0\u305f\u306a\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\uff64\u540c\u653b\u6483\u30b0\u30eb\u30fc\u30d7\u306b\u7d50\u3073\u4ed8\u3051\u308b\u3068\u3044\u3046\u53d6\u308a\u7d44\u307f\u3092\u7d9a\u3051\u3066\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u305d\u306e\u7d50\u679c\u3001\u540c\u653b\u6483\u30b0\u30eb\u30fc\u30d7\u306b\u3088\u3063\u3066\u5171\u901a\u3057\u3066\u4f7f\u308f\u308c\u3066\u3044\u308b\u3042\u308b\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u3068\uff64\u7279\u5b9a\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8 \u30e1\u30bf\u30c7\u30fc\u30bf\u306e\u4e21\u65b9\u3092\u7279\u5b9a\u3057\uff64Cobalt Gang\u306b\u95a2\u9023\u3059\u308b\u65b0\u305f\u306a\u6d3b\u52d5\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u8ffd\u8de1\u30fb\u30af\u30e9\u30b9\u30bf\u5316\u3059\u308b\u3053\u3068\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002<\/p>\n<h3><a id=\"post-104576-\u6700\u8fd1\u306e\u52b9\u679c\u7684\u306a\u914d\u4fe1\u4f8b\"><\/a>\u6700\u8fd1\u306e\u52b9\u679c\u7684\u306a\u914d\u4fe1\u4f8b<\/h3>\n<p>\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u306e\u6570\u65e5\u524d\u306b\u3082\u3053\u3053\u3067\u5206\u6790\u3057\u305f\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u3059\u308b\u653b\u6483\u304c\u884c\u308f\u308c\u307e\u3057\u305f\u304c\uff64\u3084\u306f\u308a\u540c\u3058\u6226\u7565\u304c\u53d6\u3089\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u653b\u6483\u304b\u3089\u306f\uff64\u5f7c\u3089\u306e\u914d\u4fe1\u624b\u6cd5\u304c\u3068\u3066\u3082\u30b7\u30f3\u30d7\u30eb\u3067\u3042\u308b\u3053\u3068\u3084\uff64\u96fb\u5b50\u30e1\u30fc\u30eb\u304c\u672a\u3060\u306b\u4e3b\u8981\u306a\u653b\u6483\u30d9\u30af\u30c8\u30eb\u306e1\u3064\u3067\u3042\u308b\u3068\u3044\u3046\u3053\u3068\u304c\u3088\u304f\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<p>\u653b\u6483\u306f\u307e\u305a\u3001\u4e16\u754c\u4e2d\u306e\u8907\u6570\u306e\u91d1\u878d\u6a5f\u95a2\u5f93\u696d\u54e1\u3092\u6a19\u7684\u3068\u3057\u3066\u300cConfirmations on October 16, 2018\u300d\u3068\u3044\u3046\u4ef6\u540d\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u304b\u3089\u59cb\u307e\u308a\u307e\u3059\u3002<\/p>\n<p>\u56f31\u306b\u793a\u3059\u30b5\u30f3\u30d7\u30eb\u306f\uff64\u8457\u540d\u306a\u516c\u958b\u30aa\u30f3\u30e9\u30a4\u30f3 \u30de\u30eb\u30a6\u30a7\u30a2 \u30ea\u30dd\u30b8\u30c8\u30ea\u304b\u3089\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>(SHA256:\u00a0 5765ecb239833e5a4b2441e3a2daf3513356d45e1d5c311baeb31f4d503703e)<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"768\" height=\"631\"  class=\"wp-image-104579 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-199.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f31.\u96fb\u5b50\u30e1\u30fc\u30eb\u306b\u3088\u308b\u914d\u4fe1\u4f8b<\/em><\/span><\/p>\n<p>\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u81ea\u4f53\u306f\u5358\u306a\u308bPDF\u3067\uff64\u30b3\u30fc\u30c9\u3084\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u542b\u307e\u308c\u3066\u3044\u305b\u3093\u3002\u304b\u308f\u308a\u306b\u3001\u30bd\u30fc\u30b7\u30e3\u30eb \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u306b\u3088\u308a\uff64\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u60aa\u610f\u306e\u3042\u308b\u30de\u30af\u30ed\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u3088\u3046\u306b\u3057\u3080\u3051\u307e\u3059\u3002Cobalt Gang\u304c\u524d\u306b\u3082\u4f7f\u7528\u3057\u3066\u3044\u305f\u624b\u53e3\u3067\u3001 <a href=\"https:\/\/blog.talosintelligence.com\/2018\/07\/multiple-cobalt-personality-disorder.html\">Talos<\/a>\u3067\u3082\u4ee5\u524d\u306e\u8abf\u67fb\u3067\u30b5\u30f3\u30d7\u30eb\u3068\u3057\u3066\u53d6\u308a\u4e0a\u3052\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"225\"  class=\"wp-image-104581 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-200.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f32.\u30ea\u30f3\u30af\u304c\u57cb\u3081\u8fbc\u307e\u308c\u305fPDF\u306e\u4f8b<\/em><\/span><\/p>\n<p>\u3053\u306ePDF\u306f\u5358\u7d14\u3067\u3001 \u6b63\u898f\u306eGoogle\u30b5\u30a4\u30c8\u3092\u958b\u304f\u305f\u3081\u306e\u30ea\u30f3\u30af\u304c\u57cb\u3081\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u305d\u3053\u304b\u3089\u60aa\u610f\u306e\u3042\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3078\u3068\u30d6\u30e9\u30a6\u30b6\u304c\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"119\"  class=\"wp-image-104583 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-201.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f33.\u60aa\u610f\u306e\u3042\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3078\u306e\u30d6\u30e9\u30a6\u30b6\u306e\u30ea\u30c0\u30a4\u30ec\u30af\u30c8<\/em><\/span><\/p>\n<p>\u9759\u7684\u89e3\u6790\u30c4\u30fc\u30eb\u306b\u3088\u308b\u691c\u51fa\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306b\u3001\u653b\u6483\u8005\u306fPDF\u3092\u3088\u308a\u672c\u7269\u3089\u3057\u304f\u4f5c\u6210\u3057\u307e\u3059\u3002\u82e5\u5e72\u306e\u30c6\u30ad\u30b9\u30c8 \u30da\u30fc\u30b8\u306b\u304f\u308f\u3048\u3066\u7a7a\u30da\u30fc\u30b8\u3082\u542b\u3081\u308b\u3053\u3068\u3067\u3001\u89e3\u6790\u30c4\u30fc\u30eb\u306e\u8b66\u544a\u30d5\u30e9\u30b0\u304c\u305f\u305f\u306a\u3044\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059(\u56f34\u3068\u56f35\u3092\u53c2\u7167)\u3002\u3068\u3044\u3046\u306e\u3082\uff64\u30da\u30fc\u30b8\u6570\u304c\u5c11\u306a\u3044PDF\u3084\u5185\u5bb9\u304c\u7121\u79e9\u5e8f\u3059\u304e\u308bPDF\u306b\u306f\u8b66\u544a\u30d5\u30e9\u30b0\u304c\u7acb\u3061\u3084\u3059\u3044\u304b\u3089\u3067\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"220\"  class=\"wp-image-104585 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-202.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f34. PDF\u306e\u9759\u7684\u89e3\u6790<\/em><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><img width=\"750\" height=\"727\"  class=\"wp-image-104587 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-203.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f35. PDF\u306e\u30da\u30fc\u30b8\u3092\u57cb\u3081\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30c6\u30ad\u30b9\u30c8<\/em><\/span><\/p>\n<p>\u3053\u308c\u30892\u3064\u306e\u624b\u6cd5\u3092\u53d6\u308a\u5165\u308c\u305fPDF\u306f\u3001\u307b\u307c\u3059\u3079\u3066\u306e\u5f93\u6765\u578b\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9\u88fd\u54c1\u306b\u3088\u308b\u691c\u51fa\u3092\u56de\u907f\u3067\u304d\u308b\u305f\u3081\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u306b\u3088\u308b\u653b\u6483\u306e\u7b2c\u4e00\u6bb5\u968e\u3092\u975e\u5e38\u306b\u52b9\u679c\u7684\u306b\u6b21\u306e\u6bb5\u968e\u3078\u3068\u9032\u3081\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u653b\u6483\u304c\u6b21\u306e\u6bb5\u968e\u306b\u9032\u3080\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u306f\u60aa\u610f\u306e\u3042\u308b\u30de\u30af\u30ed\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305fMS Word\u6587\u66f8\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u3088\u3046\u306b\u8a98\u5c0e\u3055\u308c\u307e\u3059\u304c\u3001\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u914d\u4fe1\u6642\u306e\u691c\u51fa\u7387\u306f\u975e\u5e38\u306b\u4f4e\u3044\u306e\u304c\u73fe\u72b6\u3067\u3059\u3002\u30e1\u30bf\u30c7\u30fc\u30bf\u3092\u307f\u3066\u3082\u3001\u3053\u306eWord\u6587\u66f8\u306b\u306f\u540c\u3058\u4f5c\u6210\u8005\u304c\u767a\u884c\u3057\u305f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u8ffd\u8de1\u3059\u308b\u624b\u639b\u304b\u308a\u3068\u306a\u308a\u305d\u3046\u306a\u7279\u5fb4\u306f\u542b\u307e\u308c\u3066\u3044\u307e\u305b\u3093(\u56f36\u53c2\u7167)\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"647\" height=\"656\"  class=\"wp-image-104589 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-204.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f36.Doc102018.doc\u306e\u30e1\u30bf\u30c7\u30fc\u30bf<\/em><\/span><\/p>\n<p>\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30de\u30af\u30ed\u306f\u3001cmstp.exe\u3092\u4f7f\u7528\u3057\u3066\u300c\u30b9\u30af\u30ea\u30d7\u30c8\u30ec\u30c3\u30c8\u300d\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u30b9\u30af\u30ea\u30d7\u30c8\u30ec\u30c3\u30c8\u3068\u306f\u3001<a href=\"https:\/\/attack.mitre.org\/wiki\/Technique\/T1191\">AppLocker\u3092\u30d0\u30a4\u30d1\u30b9<\/a>\u3057\u3066\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u914d\u4fe1\u306e\u6b21\u306e\u6bb5\u968e\u306b\u9032\u3080\u305f\u3081\u306e\u3088\u304f\u77e5\u3089\u308c\u305f\u624b\u6cd5\u3067\u3059\u3002<\/p>\n<p>\u305f\u3060\u3057\uff64\u3053\u306e\u8abf\u67fb\u306e\u4e3b\u76ee\u7684\u306f\u30da\u30a4\u30ed\u30fc\u30c9\u5206\u6790\u3067\u306f\u306a\u304f\u3001\u653b\u6483\u914d\u4fe1\u306e\u3042\u3089\u3086\u308b\u5074\u9762\u306b\u6ce8\u76ee\u3057\u3066\u3001\u653b\u6483\u8005\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3068\u305d\u306e\u95a2\u9023\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u3055\u3089\u306b\u8ffd\u8de1\u3059\u308b\u3053\u3068\u306b\u3042\u308a\u307e\u3059\u3002\u305d\u306e\u305f\u3081\u3053\u3053\u3067\u306f\uff64\uff64\u300c\u3053\u306e\u5358\u7d14\u306a\u914d\u4fe1\u624b\u53e3\u304b\u3089\u3044\u304b\u306b\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3068\u305d\u306e\u76ee\u7684\u3092\u7279\u5b9a\u3067\u304d\u308b\u304b\u300d\u3092\u8ab2\u984c\u3068\u3057\u3066\u53d6\u308a\u4e0a\u3052\u3066\u3044\u304d\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-104576-\u30de\u30af\u30ed-\u30d3\u30eb\u30c0\u30fc\u306e\u7279\u5b9a\"><\/a>\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u306e\u7279\u5b9a<\/h3>\n<p>\u5f7c\u3089\u306e\u653b\u6483\u306f\u914d\u4fe1\u306e\u691c\u51fa\u7387\u306e\u4f4e\u3055\u306b\u52a0\u3048\uff64\u30de\u30af\u30ed \u30b3\u30fc\u30c9\u691c\u51fa\u7387\u3082\u304b\u306a\u308a\u4f4e\u3044\u305f\u3081\uff64\u8abf\u67fb\u4e2d\u6700\u521d\u306b\u7740\u76ee\u3057\u305f\u306e\u304c\u88cf\u306b\u6f5c\u3080\u30d3\u30eb\u30c0\u30fc\u306e\u5019\u88dc\u3092\u7d5e\u308a\u8fbc\u3080\u3053\u3068\u3067\u3057\u305f\u3002\u305d\u3053\u3067\u300cDoc102018.doc\u300d\u306e\u30de\u30af\u30ed \u30b3\u30fc\u30c9\u3092\u8abf\u3079\uff64\u8907\u6570\u306e\u4eee\u5b9a\u7406\u8ad6\u3092\u7acb\u3066\u307e\u3059\u3002<\/p>\n<p>\u30de\u30af\u30ed \u30b3\u30fc\u30c9\u306e\u9577\u3055\u306f1,500\u884c\u3092\u8d85\u3048\u3001\u975e\u5e38\u306b\u7279\u5fb4\u7684\u306a\u547d\u540d\u6cd5\u3067\u4e00\u9023\u306e\u5909\u6570\u3092\u5ba3\u8a00\u3059\u308b\u3053\u3068\u304b\u3089\u59cb\u307e\u3063\u3066\u3044\u307e\u3059(\u3053\u306e\u4f8b\u3067\u306f\u3001\u300cletXX(\u6570\u5024)\u300d)\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"43\"  class=\"wp-image-104591 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-205.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f37.\u30de\u30af\u30ed\u306e\u5909\u6570\u306e\u5f62\u5f0f\u4f8b<\/em><\/span><\/p>\n<p>\u5909\u6570\u306e\u4e00\u90e8\u306f\u3001\u500b\u3005\u306e\u6587\u5b57\u306e\u5272\u308a\u5f53\u3066\u306b\u57fa\u3065\u304f\u9577\u3044\u30a8\u30f3\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\/\u30c7\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0 \u30eb\u30fc\u30c1\u30f3\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"314\" height=\"343\"  class=\"wp-image-104593 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-206.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f38.\u30c7\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0 \u30eb\u30fc\u30c1\u30f3\u3067\u306e\u7279\u5fb4\u7684\u306a\u5909\u6570\u5f62\u5f0f\u306e\u4f7f\u7528<\/em><\/span><\/p>\n<p>\u30d7\u30ed\u30b7\u30fc\u30b8\u30e3\u3068\u95a2\u6570\u3082\u540c\u3058\u547d\u540d\u6cd5\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059(\u3053\u306e\u4f8b\u3067\u306f\u3001\u300cletXX()\u300d)\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"750\" height=\"400\"  class=\"wp-image-104595 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-207.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f39. VBA\u30b3\u30fc\u30c9\u5185\u306e\u30d7\u30ed\u30b7\u30fc\u30b8\u30e3\u3068\u95a2\u6570<\/em><\/span><\/p>\n<p>\u305d\u3057\u3066\u3001API\u547c\u3073\u51fa\u3057\u306eCallByName()\u3092\u4f7f\u7528\u3057\u3066\u3001\u5b9f\u884c\u6642\u306b\u30e1\u30bd\u30c3\u30c9\u3092\u547c\u3073\u51fa\u3057\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"84\"  class=\"wp-image-104597 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-208.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f310. VBA\u30b3\u30fc\u30c9\u3067\u306eCallByName\u306e\u4f7f\u7528<\/em><\/span><\/p>\n<p>Cobalt Gang\u306b\u95a2\u9023\u3059\u308b\u4ee5\u524d\u306e\u4f8b (<a href=\"https:\/\/blog.morphisec.com\/cobalt-gang-2.0\">Morphisec<\/a>\u3067\u8aac\u660e\u3055\u308c\u3066\u3044\u308b\u3082\u306e\u306a\u3069)\u3092\u5206\u6790\u3057\u3066\u3082\u3001\u304a\u306a\u3058\u30d1\u30bf\u30fc\u30f3\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059(\u3053\u306e\u4f8b\u3067\u306f\u3001\u300cletXX\u300d\u3067\u306f\u306a\u304f\u300cPkXX\u300d\u306e\u5f62\u5f0f)\u3002<span style=\"font-size: 10pt;\"><img width=\"750\" height=\"393\"  class=\"wp-image-104599 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-209.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f311.\u4ed6\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u5185\u306eVBA\u30d1\u30bf\u30fc\u30f3<\/em><\/span><\/p>\n<p>\u3053\u3053\u304b\u3089\uff64\u30d1\u30bf\u30fc\u30f3\u63a2\u7d22\u306e\u6700\u521d\u306e\u30a2\u30d7\u30ed\u30fc\u30c1\u3068\u3057\u3066\uff64\u6b21\u306e\u3088\u3046\u306a\u6b63\u898f\u8868\u73fe\u3092\u305d\u308c\u305e\u308c\u306b\u3064\u3044\u3066\u4f7f\u3046\u3053\u3068\u304c\u8003\u3048\u3089\u308c\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td>\u5909\u6570\u306e\u5b9a\u7fa9 <strong>\/[A-Za-z]k[0-9]{2}([0-9]{1})\/<\/strong><\/p>\n<p>\u95a2\u6570\u306e\u5b9a\u7fa9 <strong>\/Private Function [A-Za-z]{2,5}[0-9]{2,3}\\(\/<\/strong><\/p>\n<p>\u30d7\u30ed\u30b7\u30fc\u30b8\u30e3\u306e\u5b9a\u7fa9 <strong>\/Sub [A-Za-z]{2,5}[0-9]{2,5}\\(\/<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u30d3\u30eb\u30c0\u30fc\u306b\u95a2\u3059\u308b\u4eee\u8aac\u3092\u691c\u8a3c\u3059\u308b\u305f\u3081\u3001\u5f0a\u793e\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306aYara\u30eb\u30fc\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002<\/p>\n<pre class=\"\">rule cmstp_macro_builder_rev_a\r\n{\r\n    meta:\r\n        description=\"CMSTP macro builder based on variable names and runtime invoke\"\r\n        author=\"Palo Alto Networks Unit42\"\r\n    strings:\r\n        $method=\"CallByName\"\r\n        $varexp=\/[A-Za-z]k[0-9]{2}([0-9]{1})\/\r\n    condition:\r\n        $method and\r\n        #method == 2 and\r\n        #varexp &gt; 10\r\n \r\n}\r\n \r\nrule cmstp_macro_builder_rev_b {\r\n    meta:\r\n        description=\"CMSTP macro builder based on routines and functions names and runtime invoke\"\r\n        author=\"Palo Alto Networks Unit42\"\r\n    strings:\r\n        $func=\/Private Function [A-Za-z]{1,5}[0-9]{2,3}\\(\/\r\n        $sub=\/Sub [A-Za-z]{1,5}[0-9]{2,5}\\(\/\r\n        $call=\"CallByName\"\r\n    condition:\r\n        $call and\r\n        #func &gt; 1 and\r\n        #sub &gt; 1\r\n}\r\n<\/pre>\n<p>\u63a2\u7d22\u306b\u3053\u3046\u3057\u305fYara\u30eb\u30fc\u30eb\u3092\u4f7f\u3046\u3068\u3001\u30d3\u30eb\u30c0\u30fc\u7279\u5b9a\u3084\u30d3\u30eb\u30c0\u30fc\u3092\u4f7f\u7528\u3059\u308b\u4e00\u9023\u306e\u60aa\u610f\u306e\u3042\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u7279\u5b9a\u3067\u975e\u5e38\u306b\u826f\u3044\u7d50\u679c\u304c\u5f97\u3089\u308c\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u7279\u5b9a\u3057\u305f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306f\u5fc5\u305a\u3057\u3082\u91d1\u878d\u696d\u754c\u3084\u9280\u884c\u696d\u754c\u3092\u6a19\u7684\u3068\u3057\u305f\u3082\u306e\u3068\u306f\u9650\u308a\u307e\u305b\u3093\uff61\u3057\u305f\u304c\u3063\u3066\uff64\u3053\u306eCobalt Gang\u3068\u3044\u3046\u7279\u5b9a\u30b0\u30eb\u30fc\u30d7\u3068\u5f7c\u3089\u304c\u884c\u3063\u3066\u3044\u308b\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u304c\uff64\u91d1\u878d\u696d\u754c\u3084\u9280\u884c\u696d\u754c\u306b\u5bfe\u3057\u3066\u306e\u307f\u3053\u306e\u30d3\u30eb\u30c0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u306f\u4fdd\u8a3c\u3055\u308c\u307e\u305b\u3093\uff61<\/p>\n<p>\u305f\u3060\u3057\u3001\u4ee5\u964d\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u8aac\u660e\u3059\u308b\u3088\u3046\u306b\u3001\u30d3\u30eb\u30c0\u30fc\u3092\u6a19\u7684\u3084\u30da\u30a4\u30ed\u30fc\u30c9\u3001\u30c9\u30ed\u30c3\u30d1\u30fc\u306e\u7279\u5fb4\u306a\u3069\u306e\u4ed6\u306e\u8981\u7d20\u3068\u7d44\u307f\u5408\u308f\u305b\u3066\u4f7f\u7528\u3059\u308b\u3068\u3001\u305d\u306e\u30b0\u30eb\u30fc\u30d7\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u8ffd\u8de1\u3059\u308b\u969b\u306b\u5927\u3044\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<p>\u305d\u308c\u3067\u306f\u3001\u914d\u4fe1\u306e\u6700\u521d\u306e\u6bb5\u968e\u3067\u3042\u308bPDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u3064\u3044\u3066\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<h3><a id=\"post-104576-pdf\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u5185\u3067\u3088\u304f\u898b\u3089\u308c\u308b\u5146\u5019\"><\/a>PDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u5185\u3067\u3088\u304f\u898b\u3089\u308c\u308b\u5146\u5019<\/h3>\n<p>\u524d\u8ff0\u306e\u3068\u304a\u308a\u3001Google\u30ea\u30c0\u30a4\u30ec\u30af\u30c8 \u30ea\u30f3\u30af\u304c\u57cb\u3081\u8fbc\u307e\u308c\u305f\u5546\u7528\u306ePDF\u30d5\u30a1\u30a4\u30eb\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u975e\u5e38\u306b\u52b9\u679c\u7684\u306a\u30bd\u30fc\u30b7\u30e3\u30eb \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u7528\u306e\u30a2\u30fc\u30c6\u30a3\u30d5\u30a1\u30af\u30c8\u304c\u5f97\u3089\u308c\u307e\u3059\u3002\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3084\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u308f\u3051\u3067\u306f\u306a\u3044\u306e\u3067\u3001\u3053\u306e\u8abf\u67fb\u3067\u306f\u5206\u6790\u306e\u6b21\u306e\u6bb5\u968e\u3068\u3057\u3066\u3001\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u30e1\u30bf\u30c7\u30fc\u30bf\u60c5\u5831\u306b\u6ce8\u76ee\u3057\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"750\" height=\"512\"  class=\"wp-image-104603 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-211.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f312. PDF\u306eExiftool\u306e\u30e1\u30bf\u30c7\u30fc\u30bf<\/em><\/span><\/p>\n<p>\u6b21\u306e\u4eee\u5b9a\u3067\u306f\u3001PDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u304c\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8 \u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u57fa\u3065\u3044\u3066\u4f5c\u6210\u3055\u308c\u305f\u53ef\u80fd\u6027\u304c\u3042\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3057\u3066\u3044\u304d\u307e\u3059\u3002\u3064\u307e\u308a\u3001\u4f5c\u6210\u8005\u304cPDF\u3092\u4f7f\u3044\u56de\u3057\u3064\u3064\uff64\u57cb\u3081\u8fbc\u307f\u30ea\u30f3\u30af\u3092\u5909\u66f4\u3057\u305f\u308a\u3001\u7570\u306a\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8 \u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u4fdd\u5b58\u3057\u305f\u5f62\u8de1\u304c\u3042\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<p><a href=\"https:\/\/wwwimages2.adobe.com\/content\/dam\/acom\/en\/devnet\/xmp\/pdfs\/XMP%20SDK%20Release%20cc-2016-08\/XMPSpecificationPart1.pdf\">XMP\u306e\u4ed5\u69d8<\/a>\u306b\u57fa\u3065\u304d\u3001\u30e1\u30c7\u30a3\u30a2\u7ba1\u7406\u30d7\u30ed\u30d1\u30c6\u30a3\u306e\u300cDocumentID\u300d\u3068\u300cInstanceID\u300d\u306e\u5024\u306b\u6ce8\u76ee\u3057\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"268\"  class=\"wp-image-104605 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-212.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f313. XMP\u306e\u30e1\u30c7\u30a3\u30a2\u7ba1\u7406\u30d7\u30ed\u30d1\u30c6\u30a3<\/em><\/span><\/p>\n<p>\u3053\u306e\u4eee\u5b9a\u3092\u88cf\u4ed8\u3051\u308b\u305f\u3081\uff64\u307e\u305a\u306f DocumentID\u30e1\u30bf\u30c7\u30fc\u30bf \u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u6ce8\u76ee\u3057\u307e\u3059\u30022\u3064\u306e\u7570\u306a\u308b\u30ea\u30f3\u30af\u3092\u8a2d\u5b9a\u3057\u305f\u540c\u3058\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30922\u56de\u4fdd\u5b58\u3057\u305f\u5834\u5408\u3001DocumentID\u306f\u540c\u3058\u306b\u306a\u308a\u307e\u3059\u304cInstanceID\u306e\u5024\u306f\u7570\u306a\u308b\u304b\u3089\u3067\u3059(InstanceID\u306f\u4fdd\u5b58\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3054\u3068\u306b1\u3064\u4ed8\u4e0e\u3055\u308c\u308b)\u3002<\/p>\n<p>\u30c6\u30ec\u30e1\u30c8\u30ea \u30c7\u30fc\u30bf\u5185\u3067\u3053\u306e\u30e1\u30bf\u30c7\u30fc\u30bf \u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u691c\u7d22\u3059\u308b\u3068\uff64\u8208\u5473\u6df1\u3044\u7d50\u679c\u304c\u5f97\u3089\u308c\u307e\u3057\u305f\u3002<\/p>\n<p>\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u63a2\u7d22\u3059\u308b\u306b\u3042\u305f\u3063\u3066\u306f\uff64\u6b21\u306eYara\u30eb\u30fc\u30eb\u3082\u4f75\u7528\u3057\u307e\u3057\u305f\u3002<\/p>\n<pre class=\"\">rule cobaltgang_pdf_metadata_rev_a{\r\n    meta:\r\n        description=\"Find documents saved from the same potential Cobalt Gang PDF template\"\r\n        author=\"Palo Alto Networks Unit 42\"\r\n    strings:\r\n             $ = \"uuid:31ac3688-619c-4fd4-8e3f-e59d0354a338\" ascii wide\r\n    condition:\r\n             any of them\r\n}\r\n<\/pre>\n<p>\u5f97\u3089\u308c\u305f\u7d50\u679c\u306f\u5f0a\u793e\u306e\u4eee\u5b9a\u3092\u88cf\u4ed8\u3051\u308b\u3082\u306e\u3067\u3057\u305f(<a href=\"#post-104576-IOC\">\u4ed8\u9332\u306eIOC<\/a>\u3092\u53c2\u7167)\u3002\u653b\u6483\u8005\u304c\u540c\u3058\u300c\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u300d\u3092\u4f7f\u3044\u307e\u308f\u3057\u3064\u3064\uff64\u3064\u3069\u7570\u306a\u308b\u30b3\u30f3\u30c6\u30f3\u30c4\u3067\u4f5c\u6210\u30fb\u4fdd\u5b58\u3057\u305f\u8907\u6570\u306ePDF\u30d5\u30a1\u30a4\u30eb\u304c\u898b\u3064\u304b\u3063\u305f\u306e\u3067\u3059\uff61\u305d\u308c\u3089\u306f\u3059\u3079\u3066\u540c\u3058\u7279\u5fb4\u3092\u5171\u6709\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u56f314\u306f\u6700\u521d\u306b\u63b2\u8f09\u3057\u305fPDF\u3068\u306f\u5225\u306e\u30b5\u30f3\u30d7\u30eb\u3067\u3059\uff61<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"204\"  class=\"wp-image-104609 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-214.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f314. \u5225\u306ePDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u30b5\u30f3\u30d7\u30eb<\/em><\/span><\/p>\n<p>\u3053\u308c\u4ee5\u964d\u306e\u653b\u6483\u6bb5\u968e\u3092\u3055\u3089\u306b\u5206\u6790\u3059\u308b\u3053\u3068\u3067\u3001\u3053\u308c\u3089\u306e\u30b5\u30f3\u30d7\u30eb\u304cCobalt Gang\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3067\u304d\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n<p>\u3053\u3053\u3067\u306f\u4ee5\u4e0b\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u5206\u6790\u3057\u3066\u307f\u308b\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>\u78ba\u8a8d\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u540d<\/strong><\/td>\n<td><strong>SHA256<\/strong><\/td>\n<\/tr>\n<tr>\n<td>REMITTER REFERENCE PMT.pdf<\/td>\n<td>1d0aae6cff1f7a772fac67b74a39904b8b9da46484b4ae8b621a6566f7761d16<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u3053\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306f\u3001\u9280\u884c\u306e\u9867\u5ba2\u5b9b\u3066\u306b\u300cFund Transfer 08-October-2018\u300d\u3068\u3044\u3046\u4ef6\u540d\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u3068\u3057\u3066\u914d\u4fe1\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"225\"  class=\"wp-image-104611 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-215.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f315. REMITTER REFERENCE PMT.pdf\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f\u96fb\u5b50\u30e1\u30fc\u30eb \u30c7\u30fc\u30bf<\/em><\/span><\/p>\n<p>\u57cb\u3081\u8fbc\u307e\u308c\u305f\u30ea\u30f3\u30af\u306b\u3088\u3063\u3066\u4ee5\u4e0b\u306eURL\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td>hxxps:\/\/fundswp[.]com\/Document082018.doc<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u3053\u308c\u306b\u3088\u308a\u3001\u4ee5\u4e0b\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>\u78ba\u8a8d\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u540d<\/strong><\/td>\n<td><strong>SHA256<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Document082018.doc<\/td>\n<td>020ba5a273c0992d62faa05144aed7f174af64c836bf82009ada46f1ce3b6eee<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u30de\u30af\u30ed \u30b3\u30fc\u30c9\u3092\u62bd\u51fa\u3059\u308b\u3068\uff64\u524d\u7bc0\u3067\u8aac\u660e\u3057\u305f\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u3068\u3069\u306e\u7a0b\u5ea6\u4e00\u81f4\u3059\u308b\u304b\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u4ee5\u4e0b\u306e\u30b3\u30fc\u30c9\u306f\uff64\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u304b\u3089\u62bd\u51fa\u3057\u305fVBA\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u691c\u7d22\u7528\u306eYara\u30eb\u30fc\u30eb\u3092\u5b9f\u884c\u3057\u305f\u51fa\u529b\u7d50\u679c\u3067\u3059\uff61\u4e8b\u524d\u306e\u4e88\u60f3\u901a\u308a\uff64Yara\u30eb\u30fc\u30eb\u304c\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u5408\u81f4\u3057\u305f\u69d8\u5b50\u3092\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"\">\u276f yara cmstp_macro_builder.yar 020ba5a273c0992d62faa05144aed7f174af64c836bf82009ada46f1ce3b6eee_subfiles\r\n\r\ncmstp_macro_builder_2 \r\n020ba5a273c0992d62faa05144aed7f174af64c836bf82009ada46f1ce3b6eee_subfiles\/e657fe761effbe7e11e3cc343ba6845c2c9a6c989e7b805717d2e1417387528f.vba.decoded\r\n\r\ncmstp_macro_builder_2 \r\n020ba5a273c0992d62faa05144aed7f174af64c836bf82009ada46f1ce3b6eee_subfiles\/8a6d2cccb6f2007cb7fa29d3f009f9fbe305bffc45dc35d3828f2dc3c41b3cb7.vba.raw<\/pre>\n<p>\u3053\u3046\u3057\u3066\u5f97\u3089\u308c\u305f\u60c5\u5831\u3092\u6574\u7406\u3059\u308b\u3068\uff64\u500b\u3005\u306e\u30d1\u30ba\u30eb\u306e\u30d4\u30fc\u30b9\u304c\u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u5f53\u3066\u306f\u307e\u3063\u3066\u3044\u304f\u69d8\u5b50\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>\u540c\u3058\u300cDocumentID\u300d\u7ba1\u7406\u30e1\u30bf\u30c7\u30fc\u30bf \u30d5\u30a3\u30fc\u30eb\u30c9\u3092\u3082\u3064PDF\u30d5\u30a1\u30a4\u30eb\u3092\u63a2\u7d22\u3059\u308c\u3070\u3001\u91d1\u878d\u6a5f\u95a2\u306b\u96fb\u5b50\u30e1\u30fc\u30eb\u3067\u914d\u4fe1\u3067\u4f7f\u7528\u3055\u308c\u305f\u4e00\u9023\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u898b\u3064\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/li>\n<li>\u3069\u306ePDF\u30d5\u30a1\u30a4\u30eb\u306b\u3082Google\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3092\u4f7f\u3063\u305f\u30ea\u30f3\u30af\u304c\u57cb\u3081\u8fbc\u307e\u308c\u3066\u3044\u3066\uff64Microsoft Office\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u305b\u3088\u3046\u3068\u3059\u308b<\/li>\n<li>Microsoft Office\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u306f \u30b3\u30fc\u30c9\u5b9f\u884c\u7528\u306e\u30de\u30af\u30ed\u304c\u542b\u307e\u308c\u3066\u3044\u3066\uff64\u305d\u308c\u304c\u5f0a\u793e\u304c\u7279\u5b9a\u3057\u305f\u30d3\u30eb\u30c0\u30fc\u306e\u7279\u5fb4\u306b\u4e00\u81f4\u3059\u308b<\/li>\n<\/ol>\n<h2><a id=\"post-104576-\u653b\u6483\u8005\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u767a\u898b\"><\/a>\u653b\u6483\u8005\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u767a\u898b<\/h2>\n<p>\u3053\u3053\u304b\u3089\u306f\uff64\u524d\u7bc0\u3067\u5b9a\u7fa9\u3057\u305fYara\u63a2\u7d22\u30eb\u30fc\u30eb\u3001\u30c6\u30ec\u30e1\u30c8\u30ea\u304b\u3089\u5f97\u305f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u3001\u516c\u958b\u3055\u308c\u3066\u3044\u308bWHOIS\u767b\u9332\u8005\u60c5\u5831\u306a\u3069\u306e\u8981\u7d20\u306b\u57fa\u3065\u3044\u3066\u3001\u653b\u6483\u8005\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u793a\u3059\u30d1\u30ba\u30eb\u306e\u30d4\u30fc\u30b9\u3092\u898b\u3064\u3051\u308b\u624b\u9806\u306b\u9032\u307f\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-104576-\u63a2\u7d22\u30eb\u30fc\u30eb\u306e\u4f7f\u7528\"><\/a>\u300c\u63a2\u7d22\u30eb\u30fc\u30eb\u300d\u306e\u4f7f\u7528<\/h3>\n<p>\u30e1\u30bf\u30c7\u30fc\u30bf\u3068\u30d3\u30eb\u30c0\u30fc\u306e\u7279\u5fb4\u306b\u57fa\u3065\u3044\u3066\u3001\u4e00\u9023\u306e\u60aa\u610f\u306e\u3042\u308bPDF\u30d5\u30a1\u30a4\u30eb\u3068Office\u30d5\u30a1\u30a4\u30eb\u3092\u8ffd\u8de1\u3057\u305f\u3068\u3053\u308d(<a href=\"#post-104576-IOC\">\u4ed8\u9332<\/a>\u3092\u53c2\u7167)\u3001\u653b\u6483\u8005\u304c\u4f7f\u7528\u3057\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u3068Office\u30d5\u30a1\u30a4\u30eb\u304c\u5224\u660e\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u4ee5\u4e0b\u306e\u88681\u306b\u3001PDF\u3068\u57cb\u3081\u8fbc\u307e\u308c\u305fC2\u30ea\u30f3\u30af\u3001\u304a\u3088\u3073\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u540d\u306e\u4f8b\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>SHA256<\/strong><\/td>\n<td><strong>\u57cb\u3081\u8fbc\u307e\u308c\u305f\u30ea\u30f3\u30af<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1fd9ba8eb97bf03cd4d3cbaac867595c920f1f36ebfbe9c1fc76558ea5e0ece5<\/td>\n<td>hxxp:\/\/www[.]pedidoslalacteo[.]com[.]ar\/Proof-of-payment-19.09.2018.doc<\/td>\n<\/tr>\n<tr>\n<td>5ac1612535b6981259cfac95efe84c5608cf51e3a49b9c1e00c5d374f90d10b2<\/td>\n<td>hxxps:\/\/s3[.]sovereigncars[.]org[.]uk\/inv005189.pdf<\/td>\n<\/tr>\n<tr>\n<td>07f60611836c0a679c0fb2e25f5caeb4d29cd970919d47f715666b80be46f45c<\/td>\n<td>hxxps:\/\/alotile[.]biz\/Document092018.doc<\/td>\n<\/tr>\n<tr>\n<td>9d6fd7239e1baac696c001cabedfeb72cf0c26991831819c3124a0a726e8fe23<\/td>\n<td>hxxps:\/\/goo[.]gl\/mn7iGj<\/p>\n<p>Which redirects to: hxxps:\/\/document[.]cdn-one[.]biz\/doc000512.pdf<\/td>\n<\/tr>\n<tr>\n<td>444c63bb794abe3d2b524e0cb2c8dcc174279b23b1bce949a7125df9fab25c1c<\/td>\n<td>hxxps:\/\/safesecurefiles[.]com\/doc041791.pdf<\/td>\n<\/tr>\n<tr>\n<td>a5f2ad08b5afdbd5317b51d0d2dd8f781903522844c786a11a0957a81abfd29e<\/p>\n<p>&nbsp;<\/td>\n<td>hxxp:\/\/www[.]mky[.]com\/Proof-of-payment-19.09.2018.doc<\/td>\n<\/tr>\n<tr>\n<td>df18e997a2f755159f0753c4e69a45764f746657b782f6d3c878afb8befe2b69<\/td>\n<td>hxxps:\/\/mail[.]halcyonih[.]com\/uploads\/doc004718538.pdf<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em><span style=\"font-size: 10pt;\">\u88681. PDF\u3068\u57cb\u3081\u8fbc\u307e\u308c\u305f\u30ea\u30f3\u30af\u306e\u4f8b<\/span><\/em><\/p>\n<p>\u3053\u308c\u3089\u306ePDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3068URL\u304b\u3089\u3001\u3053\u306e\u65b0\u305f\u306a\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3068\uff64\u3053\u308c\u307e\u3067\u306e\u8abf\u67fb\u304b\u3089Cobalt Gang\u306b\u5e30\u5c5e\u3059\u308b\u3068\u5224\u5b9a\u3055\u308c\u305f\u6d3b\u52d5\u306b\u95a2\u3059\u308b\u65e2\u77e5\u306e\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u3068\u306e\u9593\u306b\u306f\uff64\u8907\u6570\u306e\u91cd\u8907\u304c\u898b\u3089\u308c\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>\u4e0a\u8a18\u306e\u4e00\u89a7\u304b\u3089\uff64\u540c\u3058DocumentID\u3092\u3082\u3064PDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u30b5\u30f3\u30d7\u30eb\u30922\u3064\u898b\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>\u78ba\u8a8d\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u540d<\/strong><\/td>\n<td><strong>SHA256<\/strong><\/td>\n<\/tr>\n<tr>\n<td>inv005189.pdf<\/td>\n<td>5ac1612535b6981259cfac95efe84c5608cf51e3a49b9c1e00c5d374f90d10b2<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u3053\u3061\u3089\u306f\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u78ba\u8a8d\u3055\u308c\u305f s3[.]sovereigncars[.]org[.]uk\u30c9\u30e1\u30a4\u30f3\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f\u30b5\u30f3\u30d7\u30eb\u3067\u3059\u3002\u8a73\u3057\u304f\u306f\u3001<a href=\"https:\/\/blog.talosintelligence.com\/2018\/07\/multiple-cobalt-personality-disorder.html\">Talos\u306e\u30d6\u30ed\u30b0<\/a>\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>\u78ba\u8a8d\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u540d<\/strong><\/td>\n<td><strong>SHA256<\/strong><\/td>\n<\/tr>\n<tr>\n<td>doc000512.pdf<\/td>\n<td>9d6fd7239e1baac696c001cabedfeb72cf0c26991831819c3124a0a726e8fe23<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u3053\u306e\u30b5\u30f3\u30d7\u30eb\u306b\u306fURL(hxxps:\/\/goo[.]gl\/mn7iGj)\u304c\u57cb\u3081\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u308c\u306f\u5b9f\u969b\u306b\u306f hxxps:\/\/document[.]cdn-one[.]biz\/doc000512.pdf\u306b\u89e3\u6c7a\u3055\u308c\u308bURL\u306e\u77ed\u7e2e\u5f62\u3067\u3059\u3002<\/p>\n<p>cdn-one[.]biz\u30c9\u30e1\u30a4\u30f3\u306f\u3001\u4ee5\u524d\u306e\u5206\u6790\u306b\u304a\u3044\u3066Cobalt Gang\u306b\u5e30\u5c5e\u3059\u308b\u3068\u5224\u65ad\u3055\u308c\u305f\u65e2\u77e5\u306e\u30c9\u30e1\u30a4\u30f3\u3067\u3059\u3002<\/p>\n<p>\u767a\u898b\u3055\u308c\u305fPDF\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u305f\u30c9\u30e1\u30a4\u30f3\u306e\u4e00\u89a7\u306f\u3001\u300c<a href=\"#post-104576-IOC\">\u4ed8\u9332<\/a>\u300d\u30bb\u30af\u30b7\u30e7\u30f3\u306b\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-104576-\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u9001\u4fe1\u8005\u30c6\u30ec\u30e1\u30c8\u30ea\u3092\u3082\u3068\u306b\u30d4\u30dc\u30c3\u30c8\u691c\u7d22\u3059\u308b\"><\/a>\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u9001\u4fe1\u8005\u30c6\u30ec\u30e1\u30c8\u30ea\u3092\u3082\u3068\u306b\u30d4\u30dc\u30c3\u30c8\u691c\u7d22\u3059\u308b<\/h3>\n<p>\u96fb\u5b50\u30e1\u30fc\u30eb\u914d\u4fe1\u30c7\u30fc\u30bf\u306b\u57fa\u3065\u304f\u30c6\u30ec\u30e1\u30c8\u30ea\u306f\u3001\u5bfe\u8c61\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u9023\u3059\u308b\u30b5\u30f3\u30d7\u30eb\u3068\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u30fc\u3092\u53ce\u96c6\u3059\u308b\u3046\u3048\u3067\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<p>\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u3092\u8ffd\u8de1\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3069\u306e\u3088\u3046\u306b\u65b0\u3057\u3044\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u7279\u5b9a\u3059\u308b\u304b\u306b\u3064\u3044\u3066\uff64\u308f\u304b\u308a\u3084\u3059\u3044\u30b5\u30f3\u30d7\u30eb\u3067\u898b\u3066\u884c\u304d\u307e\u3059\u3002\u3053\u3053\u3067\u306f\u3001PDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u9001\u4fe1\u3059\u308b\u60aa\u610f\u306e\u3042\u308b\u96fb\u5b50\u30e1\u30fc\u30eb \u30bb\u30c3\u30b7\u30e7\u30f3\u5185\u306b\u898b\u3089\u308c\u308b\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u9001\u4fe1\u8005\u306e\u30c7\u30fc\u30bf\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n<p>\u305f\u3068\u3048\u3070\u3001\u4ee5\u4e0b\u306e\u9001\u4fe1\u8005\u306f\u6700\u8fd1\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u3082\u306e\u3067\u3001\u6b63\u898f\u306e\u96fb\u5b50\u30e1\u30fc\u30eb \u30c9\u30e1\u30a4\u30f3\u3068\u9001\u4fe1\u8005\u306e\u4e21\u65b9\u306b\u306a\u308a\u3059\u307e\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>dominique.denis-berube.1@ulaval[.]ca<\/li>\n<li>billb@verticalwebmedia[.]com<\/li>\n<li>benoit.filion.2@ulaval[.]ca<\/li>\n<li>dominique.denis-berube.1@ulaval[.]ca<\/li>\n<\/ul>\n<p>\u30b5\u30f3\u30d7\u30eb\u306e\u4e00\u90e8\u306f\u3053\u308c\u3089\u306e\u9001\u4fe1\u8005\u304b\u3089\u914d\u4fe1\u3055\u308c\u305f\u3082\u306e\u3067\u3059\uff61\u57cb\u3081\u8fbc\u307e\u308c\u305f\u30ea\u30f3\u30af\u3092\u4ee5\u4e0b\u306e\u88682\u306b\u793a\u3057\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>SHA256<\/strong><\/td>\n<td><strong>\u57cb\u3081\u8fbc\u307e\u308c\u305f\u30ea\u30f3\u30af<\/strong><\/td>\n<\/tr>\n<tr>\n<td>1c1a6bb0937c454eb397495eea034e00d1f7cf4e77481a04439afbc5b3503396<\/td>\n<td>hxxps:\/\/alotile.biz\/Document092018.doc<\/p>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>187e0d911cd0393caad1364ded1c394257cd149898b31f9718c7c6319af79818<\/p>\n<p>&nbsp;<\/td>\n<td>hxxps:\/\/alotile.biz\/Document042018.doc<\/p>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>988d430ce0e9f19634cf7955eac6eb03e3b7774b788010c2a9742b38016d1ebf<\/td>\n<td>hxxps:\/\/fundsxe.com\/Document09202018.doc<\/p>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>852f11e5131d3dab9812fd8ce3cd94c1333904f38713ff959f980a168ef0d4ce<\/td>\n<td>hxxps:\/\/fundsxe.com\/Document09222018.doc<\/p>\n<p>&nbsp;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em><span style=\"font-size: 10pt;\">\u88682. PDF\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u9001\u4fe1\u8005\u3068\u57cb\u3081\u8fbc\u307e\u308c\u305f\u30ea\u30f3\u30af<\/span><\/em><\/p>\n<p>\u3053\u308c\u3089\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u3001\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u3067\u9001\u4fe1\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li>REMITTER REFERENCE PMT.pdf<\/li>\n<li>Aml_S0680260A79301.pdf<\/li>\n<li>CIT180126-000768.pdf<\/li>\n<li>AMENDMENT.pdf<\/li>\n<li>Citi720TEME171440008_Query.pdf<\/li>\n<li>Query _S-170526-005399.pdf<\/li>\n<\/ul>\n<p>\u3053\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u3068\u30d5\u30a1\u30a4\u30eb\u540d\u306f\u3044\u305a\u308c\u3082PDF\u30e1\u30bf\u30c7\u30fc\u30bf\u3068\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u69cb\u9020\u306e\u63a2\u7d22\u304b\u3089\u5f97\u3089\u308c\u305f\u7d50\u679c\u3068\u306e\u76f8\u95a2\u304c\u898b\u3089\u308c\u307e\u3059\uff61\u3064\u307e\u308a\uff64\u3053\u306e\u60c5\u5831\u3092\u3082\u3068\u306b\u3057\u3066\uff64\u7d99\u7d9a\u7684\u306b\u65b0\u3057\u3044\u6d3b\u52d5\u3092\u8ffd\u8de1\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002<\/p>\n<h2><a id=\"post-104576-whois\u767b\u9332\u8005\u60c5\u5831\u306e\u91cd\u8907\"><\/a>WHOIS\u767b\u9332\u8005\u60c5\u5831\u306e\u91cd\u8907<\/h2>\n<p>\u53ce\u96c6\u3055\u308c\u305fPDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3067\u5229\u7528\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u306e\u3046\u3061\uff64\u65b0\u898f\u306b\u767a\u898b\u3055\u308c\u305f2\u3064\u3067\u306f\u3001\u516c\u958b\u6e08\u307f\u767b\u9332\u8005\u540d\u304c\u300cgrigoredanbadescu\u300d\u3068\u3044\u3046\u975e\u5e38\u306b\u8208\u5473\u6df1\u3044\u767b\u9332\u8005\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"287\"  class=\"wp-image-104615 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-217.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f316. safesecurefiles[.]com\u306e\u904e\u53bb\u306eDNS\u30c7\u30fc\u30bf<\/em><\/span><\/p>\n<h3><a id=\"post-104576-\u30c9\u30e1\u30a4\u30f3\"><\/a>\u30c9\u30e1\u30a4\u30f3:<\/h3>\n<ul>\n<li>safesecurefiles[.]com<\/li>\n<li>document[.]cdn-one[.]biz<\/li>\n<\/ul>\n<h3><a id=\"post-104576-whois\u767b\u9332\u8005\u60c5\u5831\"><\/a>WHOIS\u767b\u9332\u8005\u60c5\u5831<\/h3>\n<table>\n<tbody>\n<tr>\n<td>grigoredan@centrum[.]cz<\/p>\n<p>Grigoredanbadescu<\/p>\n<p>+4001289858474 (\u30eb\u30fc\u30de\u30cb\u30a2)<\/p>\n<p>\u30d6\u30e9\u30b7\u30e7\u30f4<\/p>\n<p>\u30eb\u30fc\u30de\u30cb\u30a2<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u540c\u3058\u767b\u9332\u8005\u60c5\u5831\u306b\u95a2\u9023\u3059\u308b\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u4e2d\u5fc3\u306b\u898b\u308b\u3068\u3001\u4e00\u9023\u306e\u975e\u5e38\u306b\u8208\u5473\u6df1\u3044\u30c9\u30e1\u30a4\u30f3\u304c\u5f97\u3089\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li>arubrabank[.]com<\/li>\n<li>outlook-368[.]com<\/li>\n<li>usasecurefiles[.]com<\/li>\n<li>safesecurefiles[.]com<\/li>\n<li>ms-server838[.]com<\/li>\n<li>msoffice-365[.]com<\/li>\n<li>total-share[.]biz<\/li>\n<li>bank-net[.]biz<\/li>\n<li>cdn-one[.]biz<\/li>\n<li>total-cloud[.]biz<\/li>\n<li>web-share[.]biz<\/li>\n<li>cloud-direct[.]biz<\/li>\n<li>n-document[.]biz<\/li>\n<li>my-documents[.]biz<\/li>\n<li>firstcloud[.]biz<\/li>\n<li>yourdocument[.]biz<\/li>\n<li>xstorage[.]biz<\/li>\n<li>safe-cloud[.]biz<\/li>\n<li>via24[.]biz<\/li>\n<li>zstorage[.]biz<\/li>\n<li>webclient1[.]biz<\/li>\n<li>bnet1[.]biz<\/li>\n<li>firstcloud[.]biz<\/li>\n<li>mycontent[.]biz<\/li>\n<li>total7[.]biz<\/li>\n<li>freecloud[.]biz<\/li>\n<li>contents[.]bz<\/li>\n<li>judgebin[.]bz<\/li>\n<\/ul>\n<p>\u4e0a\u8a18\u306e\u30c9\u30e1\u30a4\u30f3\u306e\u591a\u304f\u306f\u3001\u4ed6\u306eCobalt Gang\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u5e30\u5c5e\u3059\u308b\u60aa\u610f\u306e\u3042\u308b\u30c9\u30e1\u30a4\u30f3\u3068\u3057\u3066\u65e2\u306b\u77e5\u3089\u308c\u3066\u3044\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<p>\u91cd\u8981\u306a\u306e\u306f\u3001\u300carubrabank[.]com\u300d\u304c2018\u5e749\u670818\u65e5\u306b\u767b\u9332\u3055\u308c\u305f\u65b0\u3057\u3044\u30c9\u30e1\u30a4\u30f3\u3067\u3001\u73fe\u884c\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u306f\u307e\u3060\u78ba\u8a8d\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u3044\u3046\u70b9\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u30c9\u30e1\u30a4\u30f3\u306f\u3001Arubabank\u306e\u6b63\u898f\u306eWeb\u30b5\u30a4\u30c8\u306b\u898b\u305b\u304b\u3051\u3066\u3001\u3055\u3089\u306b\u653b\u6483\u3092\u4ed5\u639b\u3051\u308b\u3053\u3068\u3092\u76ee\u7684\u3068\u3057\u305f\u3082\u306e\u3060\u3068\u601d\u308f\u308c\u307e\u3059\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"650\" height=\"234\"  class=\"wp-image-104617 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-218.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f317. Arubabank\u306e\u6b63\u898f\u306e\u30b5\u30a4\u30c8<\/em><\/span><\/p>\n<h2><a id=\"post-104576-\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u95a2\u4fc2\u6027\"><\/a>\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u95a2\u4fc2\u6027<\/h2>\n<p>\u305d\u308c\u3067\u306f\u30d1\u30ba\u30eb\u306e\u30d4\u30fc\u30b9\u3092\u3059\u3079\u3066\u306f\u3081\u3053\u3093\u3067\uff64\u78ba\u8a8d\u3055\u308c\u305f\u95a2\u4fc2\u6027\u3092\u30af\u30e9\u30b9\u30bf\u306b\u307e\u3068\u3081\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><span style=\"font-size: 10pt;\"><img width=\"750\" height=\"454\"  class=\"wp-image-104619 aligncenter lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/\/2020\/02\/word-image-219.png\" \/><\/span><\/p>\n<p style=\"text-align: center;\"><span style=\"font-size: 10pt;\"><em>\u56f318. Maltego\u306e\u30b0\u30e9\u30d5 - \u95a2\u4fc2\u6027\u3068\u91cd\u8907\u306e\u307e\u3068\u3081<\/em><\/span><\/p>\n<p>\u4ee5\u4e0b\u306e\u7279\u5fb4\u304c\u304c\u6d3b\u52d5\u30af\u30e9\u30b9\u30bf\u3092\u307e\u305f\u3044\u3067\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n<ol>\n<li>\u653b\u6483\u306e\u521d\u671f\u6bb5\u968e\u3067\u5229\u7528\u3055\u308c\u308bPDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u30af\u30e9\u30b9\u30bf(\u5de6\u7aef)\u306f\u3001\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u306e\u69cb\u9020\u3092\u5229\u7528\u3057\u3066Microsoft Office\u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u305b\u308b\u7279\u5b9a\u30c9\u30e1\u30a4\u30f3\u306b\u30ea\u30f3\u30af\u3057\u3066\u3044\u308b<\/li>\n<li>\u4f7f\u7528\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u306e\u4e00\u90e8\u306f\u300cgrigoredanbanescu\u300d\u3068\u3044\u3046\u540d\u524d\u3067\u767b\u9332\u304c\u516c\u958b\u3055\u308c\u3066\u304a\u308a\uff64\u3053\u3053\u304b\u3089\u65e2\u306b\u4ee5\u524d\u306eCobalt Gang\u306b\u3088\u308b\u6d3b\u52d5\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f\u307b\u304b\u306e\u95a2\u9023\u30c9\u30e1\u30a4\u30f3\u3092\u305f\u3069\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/li>\n<li>\u653b\u6483\u306e\u521d\u671f\u6bb5\u968e\u3067\u5229\u7528\u3055\u308c\u308bPDF\u306e\u4e00\u90e8\u306f\u3001\u300cgrigoredanbanescu\u300d\u306e\u6d3b\u52d5\u306b\u7d10\u3065\u3051\u3089\u308c\u305fMicrosoft Office\u30d5\u30a1\u30a4\u30eb\u3068\u95a2\u9023\u3057\u3066\u304a\u308a\u3001\u3053\u3053\u304b\u3089\u3082\u305d\u306e\u95a2\u4fc2\u6027\u304c\u78ba\u8a8d\u3067\u304d\u308b<\/li>\n<\/ol>\n<h2><a id=\"post-104576-\u7d50\u8ad6\"><\/a>\u7d50\u8ad6<\/h2>\n<p>\u5546\u7528\u30c4\u30fc\u30eb\u306f\uff64\u30b5\u30a4\u30d0\u30fc\u72af\u7f6a\u30fb\u6a19\u7684\u578b\u653b\u6483\u306e\u4e21\u65b9\u3067\u3088\u308a\u5e83\u304f\u4f7f\u308f\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u304d\u307e\u3057\u305f\uff61\u3053\u306e\u7d50\u679c\uff64\u8105\u5a01\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u3084\u9632\u5fa1\u62c5\u5f53\u8005\u306e\u8abf\u67fb\u306f\u3088\u308a\u3044\u3063\u305d\u3046\u56f0\u96e3\u306a\u3082\u306e\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u4fb5\u5bb3\u306e\u521d\u671f\u6bb5\u968e\u3067\u3053\u3046\u3057\u305f\u5546\u7528\u30c4\u30fc\u30eb\u3092\u983b\u7e41\u306b\u5229\u7528\u3059\u308b\u653b\u6483\u8005\u306e\u4e00\u4f8b\u304c Cobalt Gang\u3067\u3059\u3002<\/p>\n<p>\u653b\u6483\u8005\u304c\u6b8b\u3057\u305f\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\uff64\u30e1\u30bf\u30c7\u30fc\u30bf\u306e\u7279\u5b9a\u8981\u7d20\u306b\u6ce8\u76ee\u3059\u308b\u3053\u3068\u3067\u3001\u5f0a\u793e\u306fCobalt Gang\u306e\u6d3b\u52d5\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u8ffd\u8de1\u3057\u3066\u63a2\u7d22\u3059\u308b\u305f\u3081\u306e\u65b0\u305f\u306a\u4ed5\u7d44\u307f\u3092\u958b\u767a\u3059\u308b\u3053\u3068\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u4ee5\u4e0b\u306b\u793a\u3059\u65b9\u6cd5\u3067\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>WildFire\u306f\uff64\u672c\u7a3f\u3067\u5206\u6790\u3057\u305f\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u7528\u3055\u308c\u308b\u30de\u30eb\u30a6\u30a7\u30a2 \u30b5\u30f3\u30d7\u30eb\u3092\u60aa\u610f\u304c\u3042\u308b\u3082\u306e\u3068\u3057\u3066\u691c\u51fa\u3057\u307e\u3059\u3002<\/li>\n<li>Traps\u306f\uff64\u540c\u653b\u6483\u3092\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3067\u9632\u6b62\u3057\u307e\u3059\u3002<\/li>\n<li>\u672c\u7a3f\u3067\u8ff0\u3079\u305f\u60aa\u610f\u306e\u3042\u308b\u30c9\u30e1\u30a4\u30f3\u306f\u3059\u3079\u3066\uff64PAN-DB URL\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u306b\u3088\u308a\u691c\u51fa\u3055\u308c\u307e\u3059\u3002<\/li>\n<li>Autofocus\u3092\u304a\u4f7f\u3044\u306e\u304a\u5ba2\u69d8\u306f<a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Unit42.CobaltGang\">CobaltGang<\/a>\u30bf\u30b0\u3067\u540c\u653b\u6483\u8005\u30b0\u30eb\u30fc\u30d7\u3092\u8ffd\u8de1\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ul>\n<h2><a id=\"post-104576-\u4ed8\u9332---ioc\"><\/a>\u4ed8\u9332 - IOC<\/h2>\n<h3><a id=\"post-104576-\u653b\u6483\u521d\u671f\u6bb5\u968e\u306e\u30b5\u30f3\u30d7\u30eb\"><\/a>\u653b\u6483\u521d\u671f\u6bb5\u968e\u306e\u30b5\u30f3\u30d7\u30eb<\/h3>\n<table>\n<tbody>\n<tr>\n<td><strong>\u30bf\u30a4\u30d7<\/strong><\/td>\n<td><strong>SHA256<\/strong><\/td>\n<\/tr>\n<tr>\n<td>\u96fb\u5b50\u30e1\u30fc\u30eb<\/td>\n<td>2f74c8b55292d59ab66960f21a4413d4d54f8b7500bb385954e7ffe68d775443<\/td>\n<\/tr>\n<tr>\n<td>PDF<\/td>\n<td>57f65ecb239833e5a4b2441e3a2daf3513356d45e1d5c311baeb31f4d503703e<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/td>\n<td>07a3355f81ff69a197c792847d0783bfc336181d66d3a36e6b548d0dbd9f5a9a<\/td>\n<\/tr>\n<tr>\n<td>\u30c9\u30e1\u30a4\u30f3<\/td>\n<td>transef[.]biz<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><a id=\"post-104576-outlook\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\"><\/a>Outlook\u306e\u30e1\u30c3\u30bb\u30fc\u30b8<\/h3>\n<ul>\n<li>477c432382c97648767ee45c264f0f2aaf8d3d9f9ed547d8418db12b7c140760<\/li>\n<li>e0f1dbc10088b68f772ee73b0785c3d67b8e5f147b687911613d163ad5ebda6d<\/li>\n<li>e6a17617eaa98c49bfb2c9d3d090ffea69bb0c1864c43861bdf8d027339ea847<\/li>\n<\/ul>\n<h3><a id=\"post-104576-microsoft-office\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30de\u30af\u30ed-\u30d3\u30eb\u30c0\u30fc\"><\/a>Microsoft Office\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8(\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc)<\/h3>\n<ul>\n<li>020ba5a273c0992d62faa05144aed7f174af64c836bf82009ada46f1ce3b6eee<\/li>\n<li>8004601c08983420408d2784e2a4aa79de426d41a09726a884edcb21f83ee7f8<\/li>\n<li>d8a2384a51cd59f6390e6a4fcb04b51358cdbd5e04cae5be23daae548c306a73<\/li>\n<li>161ba501b4ea6f7c2c8d224e55e566fef95064e1ed059d8287bc07e790f740e8<\/li>\n<li>62a278119d732e4c839ee074553f087588a9040be027bdf9e617413c6fd2e9af<\/li>\n<li>641d692386dab5ca60f4c6b1da0edecc5c3473c9a7d187dad6098786404780a3<\/li>\n<li>07a3355f81ff69a197c792847d0783bfc336181d66d3a36e6b548d0dbd9f5a9a<\/li>\n<li>161ba501b4ea6f7c2c8d224e55e566fef95064e1ed059d8287bc07e790f740e8<\/li>\n<li>12ecb6b3780cd19ea84f6e84e816a701e8231441bf90145481baa0648139e001<\/li>\n<li>a6f941fcec01fb006fc51df96396aeeb826cdf3864756669e19cb145fe41692f<\/li>\n<li>19dc9b93870ddc3beb7fdeea2980c95edc489040e39381d89d0dfe0a825a1570<\/li>\n<li>cb5644bd670dcd9caf5185ebe396996e514ed1d93982157186611135aea79bd3<\/li>\n<li>a0111977c79f4eb30511f22055b54e4e973c0501240f3ba462691b1b4999d561<\/li>\n<\/ul>\n<h3><a id=\"post-104576-pdf\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\"><\/a>PDF\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/h3>\n<ul>\n<li>3a7525ffa571775aca45551ebd2c192d9b8ed45db1a61bdd8398d91db885d7a2<\/li>\n<li>1d0aae6cff1f7a772fac67b74a39904b8b9da46484b4ae8b621a6566f7761d16<\/li>\n<li>1c1a6bb0937c454eb397495eea034e00d1f7cf4e77481a04439afbc5b3503396<\/li>\n<li>187e0d911cd0393caad1364ded1c394257cd149898b31f9718c7c6319af79818<\/li>\n<li>988d430ce0e9f19634cf7955eac6eb03e3b7774b788010c2a9742b38016d1ebf<\/li>\n<li>852f11e5131d3dab9812fd8ce3cd94c1333904f38713ff959f980a168ef0d4ce<\/li>\n<li>9d6fd7239e1baac696c001cabedfeb72cf0c26991831819c3124a0a726e8fe23<\/li>\n<li>5ac1612535b6981259cfac95efe84c5608cf51e3a49b9c1e00c5d374f90d10b2<\/li>\n<li>df18e997a2f755159f0753c4e69a45764f746657b782f6d3c878afb8befe2b69<\/li>\n<li>a5f2ad08b5afdbd5317b51d0d2dd8f781903522844c786a11a0957a81abfd29e<\/li>\n<li>66bd5e492531adf675897de5de8aee427b896c9b2c406daff006ce6a4e8aa810<\/li>\n<li>1fd9ba8eb97bf03cd4d3cbaac867595c920f1f36ebfbe9c1fc76558ea5e0ece5<\/li>\n<li>d5328e519daadaf1520619da1f24f6d81d23c84222640058bbb366752be93537<\/li>\n<li>94c9fa812cebb733eda3a4eed33a0a49b60c207bb0f9153c0d08724c8b30f578<\/li>\n<li>07f60611836c0a679c0fb2e25f5caeb4d29cd970919d47f715666b80be46f45c<\/li>\n<li>7b9c183dc40c8d765e98024f8fb6565c69dee2bb97957c5ba754a23d2698bf7a<\/li>\n<li>195580b78e144f66ac1f9be2b927d7828ed1dc3974dc1897e0ed59a96ac8f4e1<\/li>\n<li>444c63bb794abe3d2b524e0cb2c8dcc174279b23b1bce949a7125df9fab25c1c<\/li>\n<li>07f60611836c0a679c0fb2e25f5caeb4d29cd970919d47f715666b80be46f45c<\/li>\n<li>7629dfcc9345578626a250afb67027955c6f78dd80b771c2968c5be0d4b11c59<\/li>\n<li>195580b78e144f66ac1f9be2b927d7828ed1dc3974dc1897e0ed59a96ac8f4e1<\/li>\n<li>b92707ebfaa15225064ff3a1a7d279b3dde1e70200e37d0074e9acc160cb16a7<\/li>\n<li>ebf309ecd6c7a0911e1252d9e90fd302bfbd3e1d2679772025bdb9cc38bca141<\/li>\n<li>57f65ecb239833e5a4b2441e3a2daf3513356d45e1d5c311baeb31f4d503703e<\/li>\n<\/ul>\n<h3><a id=\"post-104576-\u30c9\u30e1\u30a4\u30f3-1\"><\/a>\u30c9\u30e1\u30a4\u30f3<\/h3>\n<ul>\n<li>alotile[.]biz<\/li>\n<li>fundsxe[.]com<\/li>\n<li>s3[.]sovereigncars[.]org[.]uk<\/li>\n<li>safesecurefiles[.]com<\/li>\n<li>document[.]cdn-one[.]biz<\/li>\n<li>mail[.]halcyonih[.]com<\/li>\n<li>transef[.]biz<\/li>\n<\/ul>\n<h3><a id=\"post-104576-grigoredanbanescu\u306b\u3088\u3063\u3066\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\"><\/a>\u300cgrigoredanbanescu\u300d\u306b\u3088\u3063\u3066\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3<\/h3>\n<ul>\n<li>arubrabank[.]com<\/li>\n<li>outlook-368[.]com<\/li>\n<li>usasecurefiles[.]com<\/li>\n<li>safesecurefiles[.]com<\/li>\n<li>ms-server838[.]com<\/li>\n<li>msoffice-365[.]com<\/li>\n<li>total-share[.]biz<\/li>\n<li>bank-net[.]biz<\/li>\n<li>cdn-one[.]biz<\/li>\n<li>total-cloud[.]biz<\/li>\n<li>web-share[.]biz<\/li>\n<li>cloud-direct[.]biz<\/li>\n<li>n-document[.]biz<\/li>\n<li>my-documents[.]biz<\/li>\n<li>firstcloud[.]biz<\/li>\n<li>yourdocument[.]biz<\/li>\n<li>xstorage[.]biz<\/li>\n<li>safe-cloud[.]biz<\/li>\n<li>via24[.]biz<\/li>\n<li>zstorage[.]biz<\/li>\n<li>webclient1[.]biz<\/li>\n<li>bnet1[.]biz<\/li>\n<li>firstcloud[.]biz<\/li>\n<li>mycontent[.]biz<\/li>\n<li>total7[.]biz<\/li>\n<li>freecloud[.]biz<\/li>\n<li>contents[.]bz<\/li>\n<li>judgebin[.]bz<\/li>\n<\/ul>\n<h3><a id=\"post-104576-url\"><\/a>URL<\/h3>\n<ul>\n<li>hxxp:\/\/www[.]pedidoslalacteo[.]com[.]ar\/Proof-of-payment-19.09.2018.doc<\/li>\n<li>hxxps:\/\/s3[.]sovereigncars[.]org[.]uk\/inv005189.pdf<\/li>\n<li>hxxps:\/\/alotile[.]biz\/Document092018.doc<\/li>\n<li>hxxps:\/\/goo[.]gl\/mn7iGj<\/li>\n<li>hxxps:\/\/document[.]cdn-one[.]biz\/doc000512.pdf<\/li>\n<li>hxxps:\/\/safesecurefiles[.]com\/doc041791.pdf<\/li>\n<li>hxxp:\/\/www[.]mky[.]com\/Proof-of-payment-19.09.2018.doc<\/li>\n<li>hxxps:\/\/mail[.]halcyonih[.]com\/uploads\/doc004718538.pdf<\/li>\n<li>hxxps:\/\/e-dropbox[.]biz\/doc058915654e.pdf<\/li>\n<li>hxxp:\/\/www[.]bit[.]do\/etaYk<\/li>\n<li>hxxps:\/\/cloud-direct[.]biz\/doc0047581678.pdf<\/li>\n<li>hxxps:\/\/transef[.]biz\/Doc102018.doc<\/li>\n<\/ul>\n<h3><a id=\"post-104576-\u78ba\u8a8d\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u540d\"><\/a>\u78ba\u8a8d\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u540d<\/h3>\n<ul>\n<li>Document082018.doc<\/li>\n<li>REMITTER REFERENCE PMT.pdf<\/li>\n<li>Aml_S0680260A79301.pdf<\/li>\n<li>CIT180126-000768.pdf<\/li>\n<li>AMENDMENT.pdf<\/li>\n<li>Citi720TEME171440008_Query.pdf<\/li>\n<li>Query _S-170526-005399.pdf<\/li>\n<li>Document092018.doc<\/li>\n<li>Proof of payment 19.09.2018.doc<\/li>\n<li>Document092018.doc<\/li>\n<li>doc005681.doc<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 \u6628\u4eca\u306e\u719f\u7df4\u3057\u305f\u653b\u6483\u8005\u306f\uff64\u5546\u7528\u30c4\u30fc\u30eb\u3084\u5546\u7528\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u3064\u304b\u3044\uff64\u521d\u56de\u914d\u4fe1\u306e\u624b\u6bb5\u3082\u30b7\u30f3\u30d7\u30eb\u306a\u3082\u306e\u3092\u5229\u7528\u3057\u307e\u3059\uff61\u305d\u306e\u76ee\u7684\u306f\uff64\u81ea\u8eab\u306e\u884c\u52d5\u3092\u76ee\u7acb\u305f\u305b\u305a\uff64\u72af\u884c\u3068\u7d50\u3073\u4ed8\u3051\u3089\u308c\u308b\u30ea\u30b9\u30af(\u5e30\u5c5e\u30ea\u30b9\u30af)\u3092\u5bb9\u6613\u306b\u56de\u907f\u3059\u308b\u3053\u3068\u3067\u3059\uff61 \u3068\u304f\u306b<\/p>\n","protected":false},"author":23,"featured_media":103976,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4324,4434,1974,4428],"tags":[6878],"product_categories":[4443,4444,4343,4448],"coauthors":[1025],"class_list":["post-104576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybercrime","category-cybercrime-ja","category-malware-ja","category-threat-research-ja","tag-cobalt-gang","product_categories-advanced-url-filtering-ja","product_categories-advanced-wildfire-ja","product_categories-cortex-xdr","product_categories-cortex-xdr-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5<\/title>\n<meta name=\"description\" content=\"Unit 42\u306f\u3001Cobalt Gang\u306b\u3088\u308b\u73fe\u884c\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u8abf\u67fb\u3068\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u5e30\u5c5e\u3078\u306e\u53d6\u308a\u7d44\u307f\u3092\u7d9a\u3051\u3066\u304d\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u3042\u308b\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u3068\u7279\u5b9a\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30e1\u30bf\u30c7\u30fc\u30bf\u306e\u4e21\u65b9\u3092\u7279\u5b9a\u3001\u65b0\u305f\u306aCobalt Gang\u95a2\u9023\u6d3b\u52d5\u306e\u8ffd\u8de1\u3068\u30af\u30e9\u30b9\u30bf\u5316\u306b\u3064\u306a\u3052\u307e\u3057\u305f\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5\" \/>\n<meta property=\"og:description\" content=\"Unit 42\u306f\u3001Cobalt Gang\u306b\u3088\u308b\u73fe\u884c\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u8abf\u67fb\u3068\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u5e30\u5c5e\u3078\u306e\u53d6\u308a\u7d44\u307f\u3092\u7d9a\u3051\u3066\u304d\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u3042\u308b\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u3068\u7279\u5b9a\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30e1\u30bf\u30c7\u30fc\u30bf\u306e\u4e21\u65b9\u3092\u7279\u5b9a\u3001\u65b0\u305f\u306aCobalt Gang\u95a2\u9023\u6d3b\u52d5\u306e\u8ffd\u8de1\u3068\u30af\u30e9\u30b9\u30bf\u5316\u306b\u3064\u306a\u3052\u307e\u3057\u305f\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-25T13:00:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-18T05:40:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Unit 42\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5","description":"Unit 42\u306f\u3001Cobalt Gang\u306b\u3088\u308b\u73fe\u884c\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u8abf\u67fb\u3068\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u5e30\u5c5e\u3078\u306e\u53d6\u308a\u7d44\u307f\u3092\u7d9a\u3051\u3066\u304d\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u3042\u308b\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u3068\u7279\u5b9a\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30e1\u30bf\u30c7\u30fc\u30bf\u306e\u4e21\u65b9\u3092\u7279\u5b9a\u3001\u65b0\u305f\u306aCobalt Gang\u95a2\u9023\u6d3b\u52d5\u306e\u8ffd\u8de1\u3068\u30af\u30e9\u30b9\u30bf\u5316\u306b\u3064\u306a\u3052\u307e\u3057\u305f\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/","og_locale":"ja_JP","og_type":"article","og_title":"Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5","og_description":"Unit 42\u306f\u3001Cobalt Gang\u306b\u3088\u308b\u73fe\u884c\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u8abf\u67fb\u3068\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u5e30\u5c5e\u3078\u306e\u53d6\u308a\u7d44\u307f\u3092\u7d9a\u3051\u3066\u304d\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u3042\u308b\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u3068\u7279\u5b9a\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30e1\u30bf\u30c7\u30fc\u30bf\u306e\u4e21\u65b9\u3092\u7279\u5b9a\u3001\u65b0\u305f\u306aCobalt Gang\u95a2\u9023\u6d3b\u52d5\u306e\u8ffd\u8de1\u3068\u30af\u30e9\u30b9\u30bf\u5316\u306b\u3064\u306a\u3052\u307e\u3057\u305f\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/","og_site_name":"Unit 42","article_published_time":"2018-10-25T13:00:11+00:00","article_modified_time":"2020-02-18T05:40:37+00:00","og_image":[{"width":600,"height":300,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","type":"image\/jpeg"}],"author":"Unit 42","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/"},"author":{"name":"Unit 42","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63"},"headline":"Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5","datePublished":"2018-10-25T13:00:11+00:00","dateModified":"2020-02-18T05:40:37+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/"},"wordCount":1469,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","keywords":["Cobalt Gang"],"articleSection":["Cybercrime","\u30b5\u30a4\u30d0\u30fc\u72af\u7f6a","\u30de\u30eb\u30a6\u30a7\u30a2","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/","name":"Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","datePublished":"2018-10-25T13:00:11+00:00","dateModified":"2020-02-18T05:40:37+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63"},"description":"Unit 42\u306f\u3001Cobalt Gang\u306b\u3088\u308b\u73fe\u884c\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u8abf\u67fb\u3068\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u5e30\u5c5e\u3078\u306e\u53d6\u308a\u7d44\u307f\u3092\u7d9a\u3051\u3066\u304d\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u3042\u308b\u30de\u30af\u30ed \u30d3\u30eb\u30c0\u30fc\u3068\u7279\u5b9a\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u30e1\u30bf\u30c7\u30fc\u30bf\u306e\u4e21\u65b9\u3092\u7279\u5b9a\u3001\u65b0\u305f\u306aCobalt Gang\u95a2\u9023\u6d3b\u52d5\u306e\u8ffd\u8de1\u3068\u30af\u30e9\u30b9\u30bf\u5316\u306b\u3064\u306a\u3052\u307e\u3057\u305f\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit42-blog-600x300-1.jpg","width":600,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"Cobalt Gang\u304c\u5229\u7528\u3059\u308b\u5546\u7528\u30de\u30af\u30ed\u30d3\u30eb\u30c0\u30fc\u3068\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u767a\u898b\u3057\u72af\u884c\u3092\u88cf\u4ed8\u3051\u308b\u65b0\u305f\u306a\u624b\u6cd5"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63","name":"Unit 42","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/9213e49ea48b7676660bac40d05c9e3e","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Unit 42"},"url":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/author\/unit42\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/104576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=104576"}],"version-history":[{"count":2,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/104576\/revisions"}],"predecessor-version":[{"id":104622,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/104576\/revisions\/104622"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/103976"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=104576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=104576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=104576"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=104576"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=104576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}