{"id":106073,"date":"2016-07-12T15:00:45","date_gmt":"2016-07-12T22:00:45","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=106073"},"modified":"2020-04-07T22:08:06","modified_gmt":"2020-04-08T05:08:06","slug":"unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/","title":{"rendered":"\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5"},"content":{"rendered":"<h4>\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u5897\u3048\u308c\u3070\u554f\u984c\u3082\u5897\u3048\u308b<\/h4>\n<p>\u4eca\u5e74Unit 42\u306f\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u5fa9\u6d3b\u3092\u76ee\u6483\u3057\u3066\u304d\u3066\u304a\u308a\u3001\u666e\u53ca\u5ea6\u306e\u9ad8\u30444\u3064\u306e\u30d5\u30a1\u30df\u30ea\u306e\u3069\u308c\u304b\u306b\u3064\u3044\u3066\u30ea\u30b5\u30fc\u30c1 \u30d6\u30ed\u30b0\u304c\u6bce\u9031\u65b0\u305f\u306b\u51fa\u3066\u3044\u308b\u3088\u3046\u306a\u69d8\u76f8\u3092\u5448\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u305d\u306e\u30d5\u30a1\u30df\u30ea\u3068\u306f<a href=\"https:\/\/blog.paloaltonetworks.com\/2015\/06\/keybase-keylogger-malware-family-exposed\/\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">KeyBase<\/a>\u3001<a href=\"https:\/\/www.proofpoint.com\/tw\/threat-insight\/post\/two-threats-for-price-of-one-credential-phishing-leads-to-ispy-keylogger\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">iSpy<\/a>\u3001<a href=\"https:\/\/www.isightpartners.com\/2015\/06\/hawkeye-keylogger-campaigns-affect-multiple-industries\/\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">HawkEye<\/a>\u307e\u305f\u306f<a href=\"https:\/\/blog.paloaltonetworks.com\/2015\/10\/surveillance-malware-trends-tracking-predator-pain-and-hawkeye\/\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">PredatorPain<\/a>\u306e\u3053\u3068\u3067\u3059\u3002\u901a\u5e38\u3001\u3053\u3046\u3057\u305f\u30d6\u30ed\u30b0\u3067\u306f\u8105\u5a01\u306e\u6280\u8853\u7684\u306a\u6a5f\u80fd\u306b\u3064\u3044\u3066\u6398\u308a\u4e0b\u3052\u3066\u8abf\u3079\u3001\u30d5\u30a1\u30df\u30ea\u9593\u306e\u95a2\u4fc2\u306b\u3064\u3044\u3066\u691c\u8a0e\u3057\u3001\u30d5\u30a1\u30df\u30ea\u304c\u3053\u306e\u30c4\u30fc\u30eb\u306b\u95a2\u3059\u308b\u6240\u6709\u8005\u3084\u30d6\u30e9\u30f3\u30c9\u5316\u3092\u901a\u3057\u3066\u76f8\u4e92\u9593\u3067\u3069\u306e\u3088\u3046\u306b\u9032\u5316\u3057\u305f\u306e\u304b\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u307e\u3059\u3002\u3057\u304b\u3057\u3053\u306e\u30d6\u30ed\u30b0\u3067\u306f\u3059\u3067\u306b\u691c\u8a0e\u3057\u305f\u3053\u3068\u3092\u540c\u3058\u8abf\u5b50\u3067\u53d6\u308a\u4e0a\u3052\u308b\u306e\u3067\u306f\u306a\u304f\u3001\u7126\u70b9\u3092\u3053\u306e\u30ad\u30fc\u30ed\u30ac\u30fc\u8105\u5a01\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u306b\u79fb\u3057\u3001\u305d\u306e\u7279\u5b9a\u3092\u76ee\u7684\u3068\u3059\u308b\u5b9f\u8df5\u7684\u306a\u6280\u6cd5\u306b\u3064\u3044\u3066\u3054\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n<p>\u3069\u3093\u306a\u4fa1\u5024\u306e\u3082\u306e\u3067\u3042\u308c\u3001\u30ad\u30fc\u30ed\u30ac\u30fc\u306f\u30c7\u30fc\u30bf\u3092\u653b\u6483\u8005\u306b\u8ee2\u9001\u3057\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002\u305d\u3046\u3059\u308b\u305f\u3081\u306e\u65e2\u77e5\u306e\u65b9\u6cd5\u3068\u3057\u3066HTTP\u3001SMTP\u304a\u3088\u3073FTP\u306e3\u3064\u304c\u3042\u308a\u307e\u3059\u3002HTTP\u306b\u3088\u308b\u8ee2\u9001\u3067\u306f\u3001\u901a\u5e38\u3001\u76d7\u307f\u51fa\u3057\u305f\u30c7\u30fc\u30bf\u3092\u542b\u3093\u3060\u30dc\u30c7\u30a3\u3092\u4f34\u3046\u30b7\u30f3\u30d7\u30eb\u306aPOST\u30ea\u30af\u30a8\u30b9\u30c8\u304c\u95a2\u4fc2\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u5bfe\u3057SMTP\u3068FTP\u3068\u3044\u3046\u30d7\u30ed\u30c8\u30b3\u30eb\u3067\u306f\u3001\u4fb5\u5bb3\u3092\u53d7\u3051\u305f\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u30c7\u30fc\u30bf\u3092\u8ee2\u9001\u3059\u308b\u524d\u306b\u30b5\u30fc\u30d3\u30b9\u306b\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u305f\u3081\u306e\u8a8d\u8a3c\u304c\u5fc5\u8981\u306b\u306a\u308b\u306e\u304c\u304a\u304a\u304b\u305f\u3067\u3059\u3002\u3053\u308c\u306f\u5927\u3044\u306b\u5f79\u7acb\u3064\u30c7\u30fc\u30bf \u30dd\u30a4\u30f3\u30c8\u3092\u63d0\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u3068\u3044\u3046\u306e\u3082\u30014\u5927\u30ad\u30fc\u30ed\u30ac\u30fc \u30d5\u30a1\u30df\u30ea\u304c\u3044\u305a\u308c\u3082\u305d\u306e\u30d0\u30a4\u30ca\u30ea\u5185\u90e8\u306b\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u3092\u57cb\u3081\u8fbc\u3093\u3067\u3044\u305f\u304b\u3089\u3067\u3059\u3002\u3053\u306e\u60c5\u5831\u304c\u3042\u308c\u3070\u30a2\u30ca\u30ea\u30b9\u30c8\u306f\u89e3\u6790\u5bfe\u8c61\u306e\u5404\u30b5\u30f3\u30d7\u30eb\u306b\u95a2\u3057\u3066\u30ea\u30e2\u30fc\u30c8 \u30b5\u30fc\u30d0\u306e\u30a2\u30c9\u30ec\u30b9\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u304a\u3088\u3073\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5f97\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u3053\u306e\u3053\u3068\u3068<a href=\"https:\/\/blog.paloaltonetworks.com\/2016\/02\/keybase-threat-grows-despite-public-takedown-a-picture-is-worth-a-thousand-words\/\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">\u30cd\u30c3\u30c8\u4e0a\u3067\u767a\u898b\u3055\u308c\u3066\u3044\u308b<\/a>\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u5897\u52a0\u3092\u3064\u306a\u304e\u5408\u308f\u305b\u3066\u307f\u308b\u3068\u3001\u79c1\u305f\u3061\u306f\u95a2\u9023\u4ed8\u3051\u306b\u4f7f\u3046\u3053\u3068\u304c\u3067\u304d\u308b\u6975\u3081\u3066\u5927\u304d\u306a\u30c7\u30fc\u30bf \u30bb\u30c3\u30c8\u3092\u624b\u306b\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u5206\u304b\u308a\u307e\u3059\u3002<\/p>\n<p>Palo Alto Networks AutoFocus\u3092\u4f7f\u3046\u3053\u3068\u3067\u3001\u79c1\u306fHawkEye\u304a\u3088\u3073iSpy\u306e500\u500b\u306e\u6700\u65b0\u30b5\u30f3\u30d7\u30eb\u3092\u8fc5\u901f\u306b\u8b58\u5225\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u52d5\u7684\u89e3\u6790\u4e2d\u306bFTP\u307e\u305f\u306fSMTP\u3044\u305a\u308c\u304b\u306b\u3088\u308b\u6d3b\u52d5\u3092\u898b\u305b\u3066\u304f\u308c\u307e\u3057\u305f\u3002\u30b5\u30f3\u30d7\u30eb\u304a\u3088\u3073\u30b5\u30f3\u30d7\u30eb\u500b\u3005\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6d3b\u52d5\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u5f8c\u3001\u79c1\u306fFTP\u304a\u3088\u3073SMTP\u306e\u6d3b\u52d5\u3092\u3059\u3079\u3066\u5b8c\u5168\u306b\u69cb\u6587\u89e3\u6790\u3057\u3066Maltego\u7528\u306b\u30c7\u30fc\u30bf \u30bb\u30c3\u30c8\u3092\u69cb\u7bc9\u3059\u308b\u3053\u3068\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002\u305d\u308c\u3067\u306f\u3001\u3053\u306e\u57cb\u3081\u8fbc\u307f\u5f0f\u306e\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u3092\u4f7f\u3044\u3001\u79c1\u305f\u3061\u306e\u30ea\u30b5\u30fc\u30c1\u3092\u901a\u3058\u3066\u3001\u30d1\u30bf\u30fc\u30f3\u3092\u89e3\u660e\u3057\u653b\u6483\u8005\u306e\u8b58\u5225\u304c\u53ef\u80fd\u306a\u30c7\u30fc\u30bf\u3092\u767a\u898b\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>\u76f8\u95a2\u95a2\u4fc2\u306b\u53d6\u308a\u639b\u304b\u308b\u524d\u306b\u3001\u30c7\u30fc\u30bf\u306b\u95a2\u3059\u308b\u4e00\u822c\u7684\u306a\u7d71\u8a08\u60c5\u5831\u306e\u4e00\u90e8\u3092\u7d39\u4ecb\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<ul>\n<li>207\u500b\u306eFTP\u63a5\u7d9a\u304c\u3001\u671f\u9650\u306e\u5207\u308c\u3066\u3044\u306a\u3044\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u3068\u5171\u306b\u6355\u6349\u3055\u308c\u307e\u3057\u305f\u3002\u4f8b\u3048\u3070\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u304cFTP\u30b5\u30fc\u30d0\u3078\u306e\u30ed\u30b0\u30a4\u30f3\u306b\u6210\u529f\u3057\u3066\u79c1\u305f\u3061\u306e\u30c6\u30b9\u30c8\u7528\u4eee\u60f3\u30de\u30b7\u30f3\u304b\u3089\u30c7\u30fc\u30bf\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u3057\u307e\u3057\u305f<\/li>\n<li>53\u500b\u306eSMTP\u63a5\u7d9a\u304c\u3001\u671f\u9650\u306e\u5207\u308c\u3066\u3044\u306a\u3044\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u3092\u4f7f\u3063\u3066\u78ba\u7acb\u3057\u307e\u3057\u305f<\/li>\n<li>37\u500b\u306e\u4e00\u610f\u7684\u306a\u30c9\u30ed\u30c3\u30d7\u5148\u304c\u3001\u76d7\u307e\u308c\u305f\u30c7\u30fc\u30bf\u306b\u95a2\u3057\u3066\u7279\u5b9a\u3055\u308c\u307e\u3057\u305f<\/li>\n<li>96\u500b\u306e\u4e00\u610f\u7684\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u3001\u305d\u3046\u3057\u305f\u30c9\u30ed\u30c3\u30d7\u7528\u30b5\u30a4\u30c8\u3078\u306e\u30ed\u30b0\u30a4\u30f3\u306b\u4f7f\u7528\u3055\u308c\u307e\u3057\u305f<\/li>\n<\/ul>\n<p>PCAP\u304b\u3089\u30c7\u30fc\u30bf\u3092\u5168\u3066\u53ce\u96c6\u3057\u3066Maltego\u306b\u30ed\u30fc\u30c9\u3057\u3066\u307f\u308b\u3068\u3001\u8907\u6570\u306e\u6709\u6a5f\u7684\u306a\u30af\u30e9\u30b9\u30bf\u30fc\u304c\u4e0a\u306e\u65b9\u306b\u305a\u3089\u308a\u3068\u4e26\u3093\u3067\u3044\u308b\u69d8\u5b50\u304c\u76ee\u7acb\u3061\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u3092\u8a71\u984c\u306b\u8003\u5bdf\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n<div>\n<figure style=\"width: 432px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-1.jpg\" alt=\"\u56f31: \u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u30af\u30e9\u30b9\u30bf\u30fc\" width=\"432\" height=\"225\" \/><figcaption class=\"wp-caption-text\">\u56f31: \u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u30af\u30e9\u30b9\u30bf\u30fc<\/figcaption><\/figure>\n<\/div>\n<h3><b>\u653b\u6483\u800501 (\u201cKramer\u201d)<\/b><\/h3>\n<p>\u53f3\u304b\u3089\u5de6\u306b\u898b\u3066\u3044\u304f\u3068\u3001\u6700\u521d\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u306fIP\u30a2\u30c9\u30ec\u30b9<b>108.179.196[.]24<\/b>\u3068\u901a\u4fe1\u3057\u3066\u3044\u308b\u30b5\u30f3\u30d7\u30eb\u3078\u306e\u8457\u3057\u3044\u96c6\u4e2d\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306eFTP\u30c9\u30ed\u30c3\u30d7\u7528\u30b5\u30a4\u30c8\u306f\u79c1\u305f\u3061\u306e\u30b5\u30f3\u30d7\u30eb \u30bb\u30c3\u30c8\u5168\u822c\u306b\u308f\u305f\u3063\u3066\u6700\u3082\u591a\u304f\u5229\u7528\u3055\u308c\u305f\u3082\u306e\u3067\u3042\u308a\u300171\u500b\u306e\u4e00\u610f\u7684\u306a\u30b5\u30f3\u30d7\u30eb\u304a\u3088\u307318\u500b\u306e\u4e00\u610f\u7684\u306aFTP\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u30c7\u30fc\u30bf\u306e\u30c9\u30ed\u30c3\u30d7\u306b\u4f7f\u308f\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<div>\n<figure style=\"width: 432px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-2.jpg\" alt=\"\u56f32: \u201cKramer\u201d\u30af\u30e9\u30b9\u30bf\u30fc\" width=\"432\" height=\"251\" \/><figcaption class=\"wp-caption-text\">\u56f32: \u201cKramer\u201d\u30af\u30e9\u30b9\u30bf\u30fc<\/figcaption><\/figure>\n<\/div>\n<p>\u5c11\u3057\u8fd1\u5bc4\u3063\u3066\u307f\u308b\u3068\u30b0\u30e9\u30d5\u5de6\u5074\u306b\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u5c0f\u3055\u306a\u30af\u30e9\u30b9\u30bf\u30fc\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u3053\u308c\u306f\u3055\u3089\u306b\u8abf\u67fb\u3092\u9032\u3081\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<div>\n<figure style=\"width: 316px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-3.jpg\" alt=\"\u56f33: \u201cKramer\u201d\u30af\u30e9\u30b9\u30bf\u30fc\u306b\u304a\u3051\u308b\u4e00\u610f\u7684\u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u518d\u4f7f\u7528\" width=\"316\" height=\"182\" \/><figcaption class=\"wp-caption-text\">\u56f33: \u201cKramer\u201d\u30af\u30e9\u30b9\u30bf\u30fc\u306b\u304a\u3051\u308b\u4e00\u610f\u7684\u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u518d\u4f7f\u7528<\/figcaption><\/figure>\n<\/div>\n<p>1\u53f0\u306eFTP\u30b5\u30fc\u30d0\u306b\u30c9\u30ed\u30c3\u30d7\u3055\u308c\u3066\u3044\u308b\u3059\u3079\u3066\u306e\u76d7\u307e\u308c\u305f\u30c7\u30fc\u30bf\u304c1\u3064\u306e\u56fa\u5b9a\u306e\u95a2\u4fc2\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3067\u3059\u304c\u3001\u3055\u3089\u306b\u5f37\u5316\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u306f\u300114\u306e\u30e6\u30fc\u30b6\u30fc\u540d\u304c\u3059\u3079\u3066\u540c\u4e00\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u201c<b>joinkrama2<\/b>\u201d\u3092\u4f7f\u7528\u3057\u3066\u3044\u305f\u70b9\u3067\u3059\u3002\u5b9f\u969b\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u898b\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u306f\u96fb\u5b50\u30e1\u30fc\u30eb \u30a2\u30c9\u30ec\u30b9\u306e\u3088\u3046\u306b\u5f62\u5f0f\u5316\u3055\u308c\u3001\u3044\u304f\u3064\u304b\u306e\u30a2\u30c9\u30ec\u30b9\u306e\u30ed\u30fc\u30ab\u30eb\u90e8\u5206\u306f\u30c9\u30e1\u30a4\u30f3\u9593\u3067\u5171\u6709\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u30ea\u30b9\u30c8\u3067\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u306b\u304a\u3044\u3066\u3001\u30c9\u30e1\u30a4\u30f3\u9593\u3067\u5171\u6709\u3055\u308c\u3066\u3044\u308b\u3053\u308c\u3089\u306e\u30ed\u30fc\u30ab\u30eb\u90e8\u5206\u3092\u5f37\u8abf\u3057\u3066\u3044\u307e\u3059\u3002\u30c9\u30e1\u30a4\u30f3\u305d\u306e\u3082\u306e\u304c\u7701\u7565\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>chekube@her<\/li>\n<li>chima@min<\/li>\n<li><strong>daniel@her<\/strong><\/li>\n<li><strong>daniel@oma<\/strong><\/li>\n<li>dubem@sam<\/li>\n<li>golden@sam<\/li>\n<li>okumen@oma<\/li>\n<li><strong>oni@pea<\/strong><\/li>\n<li><strong>oni@sas<\/strong><\/li>\n<li>udobata@sam<\/li>\n<li>victor@sam<\/li>\n<li><strong>wizzy@pea<\/strong><\/li>\n<li><strong>wizzy@sas<\/strong><\/li>\n<\/ul>\n<p>\u3053\u306e\u76f8\u95a2\u306f\u3001\u3053\u308c\u3089\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u304c\u540c\u4e00\u3067\u3042\u308b\u3068\u3044\u3046\u5f37\u529b\u306a\u8a3c\u62e0\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002\u307e\u305f\u3001\u4e00\u610f\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u304b\u3089\u3001\u6700\u521d\u306e\u753b\u50cf\u306e\u4e0b\u90e8\u306b\u3076\u3089\u4e0b\u304c\u3063\u3066\u3044\u308b\u5225\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u30d4\u30dc\u30c3\u30c8\u691c\u7d22\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002\u305d\u308c\u3089\u306f\u3001\u4e0a\u8a18\u306e\u30ed\u30fc\u30ab\u30eb\u201c<b>dubem<\/b>\u201d\u3068\u30ed\u30fc\u30ab\u30eb\u540d\u3092\u5171\u6709\u3057\u3066\u3044\u307e\u3059\u3002\u5bfe\u8c61\u306e\u30b5\u30f3\u30d7\u30eb\u306f\u3001\u30ad\u30fc\u30ed\u30ac\u30fc\u3057\u305f\u30c7\u30fc\u30bf\u3092<b>68.171.217[.]250<\/b>\u306b\u3042\u308b\u500b\u5225\u306e\u30b5\u30fc\u30d0\u306b\u30c0\u30f3\u30d4\u30f3\u30b0\u3057\u3066\u3044\u308b\u3053\u3068\u3082\u308f\u304b\u308a\u307e\u3057\u305f\u3002\u6700\u5f8c\u306b\u3001\u4e0a\u8a18\u30ea\u30b9\u30c8\u306e\u201c<b>oni<\/b>\u201d\u30a2\u30ab\u30a6\u30f3\u30c8\u306e1\u3064\u304c\u30d1\u30b9\u30ef\u30fc\u30c9\u201c<b>pereyikelamo2<\/b>\u201d\u3092\u4f7f\u7528\u3057\u3066\u304a\u308a\u3001\u540c\u3058\u30c9\u30e1\u30a4\u30f3\u201c<b>atus@sas<\/b>\u201d\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3082\u30461\u3064\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3068\u95a2\u4fc2\u3057\u3066\u3044\u305f\u3053\u3068\u3082\u5224\u660e\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u6b21\u306e\u3053\u308c\u3089\u306e\u30ea\u30f3\u30af\u306b\u3088\u3063\u3066\u3001\u3086\u3063\u304f\u308a\u3060\u304c\u3001\u3053\u306e\u653b\u6483\u8005\u304c\u5229\u7528\u3057\u305f\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u4e00\u90e8\u306e\u89e3\u660e\u306b\u7740\u624b\u3057\u3001\u305d\u308c\u3089\u3092\u793a\u3059\u8907\u6570\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3092\u53ce\u96c6\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u653b\u6483\u800501 \u201cKramer\u201d\u306e\u4e0a\u4f4d\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf:<\/p>\n<ul>\n<li>108.179.196[.]24<\/li>\n<li>68.171.217[.]250<\/li>\n<li>Chimaeze12<\/li>\n<li>LAURINA12<\/li>\n<li>chimaeze12<\/li>\n<li>joinkrama2<\/li>\n<li>pereyikelamo2<\/li>\n<li>pokerdick123<\/li>\n<li>dubem<\/li>\n<li>oni<\/li>\n<li>wizzy<\/li>\n<li>atus<\/li>\n<li>uzochi<\/li>\n<\/ul>\n<h3><b>\u653b\u6483\u800502(\u201cOpSec\u201d)<\/b><\/h3>\n<p>\u3055\u3089\u306b\u79c1\u305f\u3061\u304c\u76ee\u306b\u3057\u305f\u6b21\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u306f\u3001\u524d\u51fa\u306e\u653b\u6483\u8005\u3068\u540c\u69d8\u306b1\u53f0\u306e\u30b5\u30fc\u30d0\u3092\u4f7f\u7528\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u306f\u96fb\u5b50\u30e1\u30fc\u30eb \u30a2\u30c9\u30ec\u30b9\u306e\u5f62\u5f0f\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<div>\n<figure style=\"width: 381px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-4.jpg\" alt=\"\u56f34.\u201cOpsec\u201d\u30af\u30e9\u30b9\u30bf\u30fc\" width=\"381\" height=\"214\" \/><figcaption class=\"wp-caption-text\">\u56f34.\u201cOpsec\u201d\u30af\u30e9\u30b9\u30bf\u30fc<\/figcaption><\/figure>\n<\/div>\n<p>\u4e0a\u306e\u753b\u50cf\u304c\u793a\u3059\u3068\u304a\u308a\u30011\u3064\u306e\u30c9\u30e1\u30a4\u30f3<b>nayyabgroup[.]com<\/b>\u306e\u307f\u304c\u4f7f\u7528\u3055\u308c\u3001\u5404\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u4e00\u610f\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u7279\u5b9a\u306e\u653b\u6483\u8005\u306e\u5834\u5408\u3001FTP\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8907\u96d1\u6027\u304c\u30ea\u30f3\u30af\u3092\u793a\u3059\u826f\u3044\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3068\u306a\u308a\u307e\u3057\u305f\u3002\u305d\u308c\u306f\u3001\u3053\u306e\u5206\u6790\u3067\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u305f\u5927\u534a\u306e\u57cb\u3081\u8fbc\u307f\u5f0f\u8cc7\u683c\u60c5\u5831\u3092\u901a\u3058\u3066\u307f\u305f\u3082\u306e\u3068\u306f\u9038\u8131\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>P!{Xwn{eEV$T<\/li>\n<li>?G34p}b);w<\/li>\n<li>k*wsOH*P]!up<\/li>\n<li>C7,5#dg4X1b?<\/li>\n<li>QsvGK8H9XGJ8<\/li>\n<li>0gZ3I%dmpXi5<\/li>\n<\/ul>\n<p>\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u3001\u30c4\u30fc\u30eb\u306b\u3088\u3063\u3066\u81ea\u52d5\u751f\u6210\u3055\u308c\u3001\u7dcf\u3042\u305f\u308a\u8a66\u884c\u3084\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u304b\u3089\u6b63\u5e38\u306b\u4fdd\u8b77\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306b\u898b\u3048\u307e\u3059\u3002\u4e00\u898b\u3001\u653b\u6483\u8005\u306e\u30d1\u30b9\u30ef\u30fc\u30c9 \u30dd\u30ea\u30b7\u30fc\u306f\u5f37\u529b\u3067\u3059\u304c\u3001\u3053\u306e\u653b\u6483\u8005\u306f\u3001\u8cc7\u683c\u60c5\u5831\u304c\u30d7\u30ec\u30fc\u30f3\u30c6\u30ad\u30b9\u30c8\u8ee2\u9001\u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u63a1\u7528\u3057\u3066\u3044\u308b\u30de\u30eb\u30a6\u30a7\u30a2\u306b\u57cb\u3081\u8fbc\u307e\u308c\u3066\u3044\u308b\u3068\u3044\u3046\u4e8b\u5b9f\u3092\u5ea6\u5916\u8996\u3057\u305f\u3088\u3046\u3067\u3059\u3002<\/p>\n<p>\u3053\u306e\u653b\u6483\u8005\u306e\u7279\u6027\u3092\u793a\u3059\u6700\u7d42\u7684\u306a\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u306f\u3001\u30ed\u30fc\u30ab\u30eb\u540d\u201c<b>sirvor<\/b>\u201d\u306b\u7d9a\u3051\u30663\u3064\u306e\u6570\u5b57\u3001\u305f\u3068\u3048\u3070\u3001\u201c<b>sirvor123<\/b>\u201d\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u70b9\u3067\u3059\u3002\u3053\u308c\u306b\u306f\u3001FTP\u30b5\u30fc\u30d0\u3092\u4f7f\u7528\u3059\u308b11\u306e\u30b5\u30f3\u30d7\u30eb\u4e2d\u30014\u7a2e\u985e\u306e\u4e9c\u7a2e\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h4>\u653b\u6483\u800502 \u201cOpsec\u201d\u306e\u4e0a\u4f4d\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf:<\/h4>\n<ul>\n<li>243.113[.]211<\/li>\n<li>sirvor<\/li>\n<li>nayyabgroup[.]com<\/li>\n<li>P!{Xwn{eEV$T<\/li>\n<li>?G34p}b);w<\/li>\n<li>k*wsOH*P]!up<\/li>\n<li>C7,5#dg4X1b?<\/li>\n<li>QsvGK8H9XGJ8<\/li>\n<li>0gZ3I%dmpXi5<\/li>\n<\/ul>\n<h3><b>\u653b\u6483\u800503 (\u201cLogAllTheThings\u201d)<\/b><\/h3>\n<p>3\u756a\u76ee\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u3067\u3082\u3001\u653b\u6483\u8005\u306f\u30c7\u30fc\u30bf\u3092\u30c9\u30ed\u30c3\u30d7\u3059\u308b\u305f\u3081\u306b1\u53f0\u306eFTP\u30b5\u30fc\u30d0\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u3053\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u306e1\u3064\u306e\u72ec\u7279\u306a\u7279\u6027\u306f\u3001\u653b\u6483\u8005\u304c\u3001\u30c7\u30fc\u30bf\u3092FTP\u30b5\u30fc\u30d0\u306b\u30c0\u30f3\u30d7\u3059\u308b\u305f\u3081\u306b\u300146\u306e\u30b5\u30f3\u30d7\u30eb\u306e\u4e2d\u30673\u3064\u306e\u7570\u306a\u308b\u30ad\u30fc \u30ed\u30ac\u30fc\u3001\u3064\u307e\u308a\u3001HawkEye\u3001iSpy (Galaxy Botkiller\u3068\u7d44\u307f\u5408\u308f\u305b\u3066)\u3001PredatorPain\uff57\uff50\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u70b9\u3067\u3059\u3002<\/p>\n<div>\n<figure style=\"width: 432px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-5.jpg\" alt=\"\u56f35.\u201cLogAllTheThings\u201d\u30af\u30e9\u30b9\u30bf\u30fc\" width=\"432\" height=\"350\" \/><figcaption class=\"wp-caption-text\">\u56f35.\u201cLogAllTheThings\u201d\u30af\u30e9\u30b9\u30bf\u30fc<\/figcaption><\/figure>\n<\/div>\n<div>\u3053\u306e\u3088\u3046\u306b\u7570\u306a\u308b\u30ad\u30fc \u30ed\u30ac\u30fc\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u306f\u3001FTP\u30b5\u30fc\u30d0\u4e0a\u306b\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u8abf\u3079\u308b\u3053\u3068\u3067\u5224\u5225\u3067\u304d\u307e\u3057\u305f\u3002<\/div>\n<div>\n<p><img  class=\"aligncenter lozad\"  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-11.jpg\" \/><\/p>\n<\/div>\n<div style=\"text-align: center;\">(HawkEye log \u2013 23.229.206[.]201)<\/div>\n<div style=\"text-align: center;\"><\/div>\n<div style=\"text-align: center;\">\n<p><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-12.jpg\" \/><\/p>\n<\/div>\n<div style=\"text-align: center;\">(iSpy log \u2013 23.229.206[.]201)<\/div>\n<div style=\"text-align: center;\"><\/div>\n<div style=\"text-align: center;\">\n<p><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-13.jpg\" \/><\/p>\n<\/div>\n<div style=\"text-align: center;\">(PredatorPain log \u2013 23.229.206[.]201)<\/div>\n<div><\/div>\n<p>\u5404\u30d5\u30a1\u30df\u30ea\u306f\u3001\u305d\u308c\u305e\u308c\u72ec\u81ea\u306e\u6a5f\u80fd\u3092\u6301\u3061\u3001\u3055\u3089\u306b\u91cd\u8981\u306a\u3053\u3068\u306b\u3001\u691c\u51fa\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306b\u81ea\u8eab\u3092\u30e2\u30fc\u30d5\u30a3\u30f3\u30b0\u3059\u308b\u65b9\u6cd5\u304c\u7570\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u653b\u6483\u8005\u306b\u3088\u3063\u3066\u8907\u6570\u30bf\u30a4\u30d7\u306e\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u3066\u3082\u9a5a\u304f\u306b\u306f\u5f53\u305f\u308a\u307e\u305b\u3093\u3002\u653b\u6483\u8005\u306f\u3001\u5e38\u306b\u9632\u5fa1\u8005\u3088\u308a\u5148\u3093\u3058\u308b\u305f\u3081\u306b\u3001\u7d76\u3048\u305a\u30c4\u30fc\u30eb\u3092\u66f4\u65b0\u3057\u5909\u66f4\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u306e\u53f3\u4e0a\u3067\u306f\u30018\u7a2e\u985e\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u3059\u3079\u3066\u5171\u901a\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u201c<b>pentium12345<\/b>\u201d\u3092\u5171\u6709\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002<\/p>\n<div>\n<figure style=\"width: 241px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-6.jpg\" alt=\"\u56f36.\u8907\u6570\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u3088\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u518d\u5229\u7528\" width=\"241\" height=\"221\" \/><figcaption class=\"wp-caption-text\">\u56f36.\u8907\u6570\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u3088\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u518d\u5229\u7528<\/figcaption><\/figure>\n<\/div>\n<p>\u4e00\u610f\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u307b\u3068\u3093\u3069\u3042\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u304c\u3001\u3053\u306e\u653b\u6483\u8005\u306b\u8b58\u5225\u3055\u308c\u305f\u8a8d\u8a3c\u60c5\u5831\u306e\u3059\u3079\u3066\u304c\u6570\u5024\u30b5\u30d5\u30a3\u30c3\u30af\u30b9\u201c<b>12345<\/b>\u201d\u3001\u201c<b>1234<\/b>\u201d\u3001\u201c<b>123<\/b>\u201d\u307e\u305f\u306f\u201c<b>@@123123<\/b>\u201d\u306e\u3044\u305a\u308c\u304b\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u540c\u69d8\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u306f\u3053\u3053\u3067\u3082\u96fb\u5b50\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306e\u5f62\u5f0f\u306b\u306a\u3063\u3066\u3044\u3066\u3001\u30c9\u30e1\u30a4\u30f3\u90e8\u5206\u306f\u3059\u3079\u3066<b>\u201c@bigcountrywater[.]com<\/b>\u201d\u3068\u3057\u3066\u30ea\u30b9\u30c8\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u307e\u305f\u3001\u5408\u8a0813\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u3046\u30617\u3064\u304c\u30ed\u30fc\u30ab\u30eb\u90e8\u5206\u306e\u3069\u3053\u304b\u306b\u201c<b>office<\/b>\u201d\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u3059\u3079\u3066\u3092\u7d50\u3073\u4ed8\u3051\u308b\u3068\u3001\u3053\u306e\u653b\u6483\u8005\u3092\u8b58\u5225\u3059\u308b\u5f37\u529b\u306a\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<h4>\u653b\u6483\u800503\u201cLogAllTheThings\u201d\u306e\u4e0a\u4f4d\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\uff1a<\/h4>\n<ul>\n<li>229.206[.]201<\/li>\n<li>pentium12345<\/li>\n<li>bigcountrywater[.]com<\/li>\n<li>@@123123<\/li>\n<\/ul>\n<h3><b>\u653b\u6483\u800504\uff08\u201cMailMan\u201d\uff09<\/b><\/h3>\n<p>\u5de6\u4e0a\u306e\u6700\u5f8c\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u306f\u3001\u201c<b>web.arch[.]ai<\/b>\u201d\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u3078\u306e\u7d14\u7c8b\u306aSMTP\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3067\u3001HawkEye\u30ed\u30b0\u30c7\u30fc\u30bf\u306e\u8ee2\u9001\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<div>\n<figure style=\"width: 432px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-7.jpg\" alt=\"\u56f37\uff1a\u201cMailMan\u201d\u30af\u30e9\u30b9\u30bf\u30fc\" width=\"432\" height=\"315\" \/><figcaption class=\"wp-caption-text\">\u56f37\uff1a\u201cMailMan\u201d\u30af\u30e9\u30b9\u30bf\u30fc<\/figcaption><\/figure>\n<\/div>\n<p>\u4e0a\u56f3\u304b\u3089\u660e\u3089\u304b\u306a\u3088\u3046\u306b\u3001\u307b\u307c\u3059\u3079\u3066\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u4e00\u610f\u306e\u30e6\u30fc\u30b6\u30fc\u540d\u304a\u3088\u3073\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u6301\u3063\u3066\u3044\u307e\u3057\u305f\u3002\u7279\u5b9a\u3055\u308c\u305f\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u5927\u90e8\u5206\u3067\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u540d\uff08\u96fb\u5b50\u30e1\u30fc\u30eb\u5f62\u5f0f\uff09\u306e\u4e00\u90e8\u3092\u53d6\u308a\u3001\u305d\u306e\u5f8c\u308d\u306b5\u3064\u306e\u6570\u5b57\uff08\u305f\u3044\u3066\u3044\u201c<b>12345<\/b>\u201d\u307e\u305f\u306f\u201c<b>54321<\/b>\u201d\uff09\u3092\u4ed8\u3051\u305f\u69cb\u6210\u3067\u3057\u305f\u3002\u305f\u3068\u3048\u3070\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u304c\u201c<b>username@email.com<\/b>\u201d\u306e\u5834\u5408\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u201c<b>user54321<\/b>\u201d\u306b\u306a\u308b\u3053\u3068\u304c\u3042\u308a\u3001\u7279\u5b9a\u3057\u305f45\u500b\u306e\u30b5\u30f3\u30d7\u30eb\u3067\u4e00\u8cab\u3057\u305f\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u306b\u306a\u3063\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u307e\u305f\u3001\u3053\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u306b\u30c7\u30fc\u30bf\u3092\u9001\u4fe1\u3057\u3066\u3044\u305f\u3001\u7279\u5b9a\u6e08\u307f\u306e20\u306e\u4e00\u610f\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u3046\u3061\u3001\u3053\u306e\u5206\u6790\u4e2d\u306b\u30e6\u30fc\u30b6\u30fc\u540d\u30d5\u30a3\u30fc\u30eb\u30c9\u3067\u89b3\u5bdf\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u306f\u3001\u201c<b>shamaraholdinq[.]com<\/b>\u201d\u3068\u201c<b>pmtlogisticsinc.co[.]uk<\/b>\u201d\u306e2\u3064\u306e\u307f\u3067\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u3092\u30af\u30a4\u30c3\u30afWHOIS\u691c\u7d22\u3059\u308b\u3068\u3001\u30ca\u30a4\u30b8\u30a7\u30ea\u30a2\u3092\u62e0\u70b9\u3068\u3059\u308b\u540c\u3058\u767b\u9332\u8005\u3068\u3068\u3082\u306b\u305d\u306e\u4ed6\u591a\u6570\u306e\u767b\u9332\u6e08\u307f\u30c9\u30e1\u30a4\u30f3\u304c\u793a\u3055\u308c\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u306f\u3055\u3089\u306a\u308b\u30d4\u30dc\u30c3\u30c8\u691c\u7d22\u304a\u3088\u3073\u5206\u6790\u306b\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n<div>\n<figure style=\"width: 424px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-8.jpg\" alt=\"\u56f38\uff1a\u30e1\u30fc\u30eb\u306e\u80cc\u5f8c\u306b\u3044\u308b\u4eba\u7269\" width=\"424\" height=\"179\" \/><figcaption class=\"wp-caption-text\">\u56f38\uff1a\u30e1\u30fc\u30eb\u306e\u80cc\u5f8c\u306b\u3044\u308b\u4eba\u7269<\/figcaption><\/figure>\n<\/div>\n<p>\u3053\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u3092\u89b3\u5bdf\u3059\u308b\u3068\u3001\u3053\u306e\u653b\u6483\u8005\u304c\u884c\u3046\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u6d3b\u52d5\u306e\u30bf\u30a4\u30d7\u3092\u63a8\u6e2c\u3067\u304d\u307e\u3059\u3002<\/p>\n<div>\n<figure style=\"width: 435px\" class=\"wp-caption aligncenter\"><img  data-src=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-9.jpg\" alt=\"\u56f39\uff1a\u7c73\u56fd\u653f\u5e9c\u30b5\u30a4\u30c8\u306e\u306a\u308a\u3059\u307e\u3057\" width=\"435\" height=\"255\" \/><figcaption class=\"wp-caption-text\">\u56f39\uff1a\u7c73\u56fd\u653f\u5e9c\u30b5\u30a4\u30c8\u306e\u306a\u308a\u3059\u307e\u3057<\/figcaption><\/figure>\n<\/div>\n<div><\/div>\n<h4>\u653b\u6483\u800504\u201cMailMan\u201d\u306e\u4e0a\u4f4d\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\uff1a<\/h4>\n<ul>\n<li>web.arch[.]ai<\/li>\n<li>shamaraholdinq[.]com<\/li>\n<li>pmtlogisticsinc.co[.]uk<\/li>\n<li>Nelson12345<\/li>\n<li>abacom12345<\/li>\n<li>abuchi12345<\/li>\n<li>abuchi54321<\/li>\n<li>alfred54321<\/li>\n<li>bethel54321<\/li>\n<li>bro54321<\/li>\n<li>compu54321<\/li>\n<li>ebuka12345<\/li>\n<li>humble12345<\/li>\n<li>immortal12345<\/li>\n<li>kaycelaz5<\/li>\n<li>kelechi12345<\/li>\n<li>kunde54321<\/li>\n<li>miraclebaby16<\/li>\n<li>obi12345<\/li>\n<li>opera54321<\/li>\n<li>philip54321<\/li>\n<li>shoki54321<\/li>\n<li>spencer098765<\/li>\n<li>sular54321<\/li>\n<li>sular@54321<\/li>\n<\/ul>\n<h2><b>\u7d50\u8ad6<\/b><\/h2>\n<p>\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u58ee\u5927\u306a\u8a08\u753b\u306b\u304a\u3044\u3066\u3001\u3053\u308c\u306f\u5c0f\u3055\u306a\u30b5\u30f3\u30d7\u30eb\u30bb\u30c3\u30c8\u3067\u3057\u305f\u3002\u3057\u304b\u3057\u306a\u304c\u3089\u3001\u898f\u6a21\u3092\u62e1\u5927\u3057\u3066\u57cb\u3081\u8fbc\u307f\u5f0f\u8cc7\u683c\u60c5\u5831\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u306e\u884c\u52d5\u304a\u3088\u3073\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u7406\u89e3\u3092\u6df1\u3081\u308b\u305f\u3081\u306b\u5229\u7528\u3067\u304d\u308b\u3068\u3044\u3046\u3053\u3068\u3092\u5f37\u8abf\u3059\u308b\u306e\u306b\u5341\u5206\u306a\u3082\u306e\u3067\u3057\u305f\u3002\u3053\u308c\u306f\u5b9f\u7528\u7684\u306a\u30c6\u30af\u30cb\u30c3\u30af\u3067\u3042\u308a\u3001\u30ad\u30fc\u30ed\u30ac\u30fc\u3092\u7a4d\u6975\u7684\u306b\u5229\u7528\u3057\u3066\u3001\u4fb5\u5bb3\u3057\u305f\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u30c7\u30fc\u30bf\u3092\u76d7\u3080\u5c11\u306a\u304f\u3068\u30824\u4eba\u306e\u7570\u306a\u308b\u653b\u6483\u8005\u3092\u7d20\u65e9\u304f\u7279\u5b9a\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u6b21\u306e\u3053\u3068\u306f\u660e\u3089\u304b\u3067\u3059\u304c\u3001\u306f\u3063\u304d\u308a\u3068\u8ff0\u3079\u308b\u306b\u5024\u3057\u307e\u3059\u3002\u30ad\u30fc\u30ed\u30ac\u30fc\u306f\u3042\u3089\u3086\u308b\u5834\u6240\u306b\u9032\u51fa\u3059\u308b\u308f\u3051\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u9593\u9055\u3044\u306a\u304f\u305d\u306e\u4ed6\u3059\u3079\u3066\u306e\u30bf\u30a4\u30d7\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u3068\u540c\u69d8\u306b\u9032\u5316\u3092\u7d9a\u3051\u308b\u3060\u3051\u3067\u3059\u3002\u3053\u306e\u9032\u5316\u304c\u7d9a\u304d\u3001\u7d44\u7e54\u306e\u9632\u5fa1\u306b\u8ffd\u308f\u308c\u308b\u3068\u3001\u3044\u3064\u304b\u79c1\u305f\u3061\u306f\u3055\u307e\u3056\u307e\u306a\u30de\u30eb\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u9593\u306e\u4e9b\u7d30\u306a\u8a73\u7d30\u306e\u5206\u6790\u3067\u9053\u306b\u8ff7\u3046\u3053\u3068\u306b\u306a\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u3068\u304d\u3069\u304d\u8996\u70b9\u3092\u5909\u3048\u3066\u76ee\u306e\u524d\u306e\u72b6\u6cc1\u3092\u3088\u308a\u30de\u30af\u30ed\u7684\u306b\u898b\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u8105\u5a01\u306b\u306f\u5e38\u306b\u4eba\u9593\u306e\u8981\u7d20\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u30d6\u30ed\u30b0\u5168\u4f53\u304a\u3088\u3073\u305d\u306e\u4ed6\u591a\u6570\u306e\u30d6\u30ed\u30b0\u304b\u3089\u660e\u3089\u304b\u306a\u3088\u3046\u306b\u3001\u3053\u308c\u3089\u306e\u8105\u5a01\u306e\u80cc\u5f8c\u306b\u3044\u308b\u4eba\u306f\u3001\u7d44\u7e54\u304c\u9665\u308b\u306e\u3068\u540c\u3058\u554f\u984c\u3001\u3064\u307e\u308a\u305c\u3044\u5f31\u306a\u904b\u7528\u4e0a\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u3048\u3058\u304d\u306b\u306a\u308a\u5f97\u308b\u306e\u3067\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001WildFire AV\u30b7\u30b0\u30cb\u30c1\u30e3\u306b\u3088\u3063\u3066\u3053\u308c\u3089\u3055\u307e\u3056\u307e\u306a\u8105\u5a01\u304b\u3089\u4fdd\u8b77\u3055\u308c\u307e\u3059\u3002AutoFocus\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u30bf\u30b0\u3092\u4f7f\u7528\u3057\u3066\u3053\u308c\u3089\u306e\u8105\u5a01\u3092\u3055\u3089\u306b\u8abf\u67fb\u3067\u304d\u307e\u3059\u3002<\/p>\n<p><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Commodity.ISpySoftware\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">AutoFocus\u30bf\u30b0 \u2013 iSpy Software<br \/>\n<\/a><a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Commodity.PredatorPain\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">AutoFocus\u30bf\u30b0 \u2013 PredatorPain\/HawkEye<\/a><br \/>\n<a href=\"https:\/\/autofocus.paloaltonetworks.com\/#\/tag\/Commodity.KeyBase\" data-page-track=\"true\" data-page-track-value=\"company:160714_unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials: section: \">AutoFocus\u30bf\u30b0 \u2013 KeyBase<\/a><\/p>\n<p>\u4ee5\u4e0b\u306f\u3001\u8aac\u660e\u3057\u305f\u30b5\u30f3\u30d7\u30eb\u30bb\u30c3\u30c8\u306e\u305d\u306e\u4ed6\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3067\u3059\u3002\u3053\u308c\u306b\u306f\u30de\u30eb\u30a6\u30a7\u30a2\u3067\u89b3\u5bdf\u3055\u308c\u305f\u4e0a\u8a18\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u306f\u5584\u60aa\u3092\u5224\u65ad\u3059\u308b\u4e0a\u3067\u5341\u5206\u3067\u306f\u306a\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u304c\u3001\u8907\u6570\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3092\u7d44\u307f\u5408\u308f\u305b\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u5b9f\u7528\u7684\u306a\u60c5\u5831\u3092\u5f97\u3089\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u8cc7\u683c\u60c5\u5831\u306e\u30da\u30a2\u306e\u6f5c\u5728\u7684\u306a\u60aa\u7528\u3092\u907f\u3051\u308b\u305f\u3081\u306b\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u540d\u306f\u542b\u307e\u308c\u3066\u3044\u307e\u305b\u3093\u3002<\/p>\n<h4>IP\/\u30c9\u30e1\u30a4\u30f3\uff1a<\/h4>\n<ul>\n<li>107.180.44[.]128<\/li>\n<li>107.180.57[.]26<\/li>\n<li>108.179.196[.]24<\/li>\n<li>109.234.36[.]216<\/li>\n<li>134.255.221[.]14<\/li>\n<li>136.243.113[.]211<\/li>\n<li>142.54.182[.]66<\/li>\n<li>144.76.222[.]41<\/li>\n<li>176.9.193[.]213<\/li>\n<li>185.26.122[.]38<\/li>\n<li>185.28.20[.]80<\/li>\n<li>188.40.207[.]191<\/li>\n<li>192.138.189[.]30<\/li>\n<li>192.185.143[.]215<\/li>\n<li>198.58.93[.]56<\/li>\n<li>204.236.238[.]164<\/li>\n<li>208.86.156[.]40<\/li>\n<li>217.149.52[.]111<\/li>\n<li>23.229.206[.]201<\/li>\n<li>31.170.165[.]170<\/li>\n<li>31.177.95[.]21<\/li>\n<li>5.153.10[.]228<\/li>\n<li>50.87.151[.]103<\/li>\n<li>54.228.213[.]93<\/li>\n<li>64.20.39[.]210<\/li>\n<li>66.7.201[.]36<\/li>\n<li>68.171.217[.]250<\/li>\n<li>69.27.174[.]4<\/li>\n<li>69.30.206[.]114<\/li>\n<li>75.101.155[.]12<\/li>\n<li>81.95.158[.]149<\/li>\n<li>93.189.45[.]35<\/li>\n<li>dallas125.mysitehosted[.]com<\/li>\n<li>md-in-15.webhostbox[.]net<\/li>\n<li>s2.dedicatedpanel[.]net<\/li>\n<li>web.arch[.]ai<\/li>\n<li>shamaraholdinq[.]com<\/li>\n<li>pmtlogisticsinc.co[.]uk<\/li>\n<li>adaata[.]com<\/li>\n<li>affilor[.]org<\/li>\n<li>al-nebaa[.]net<\/li>\n<li>alexendriaairlines[.]com<\/li>\n<li>american-petroleum[.]us<\/li>\n<li>americanmilitary[.]co<\/li>\n<li>armydepartment[.]us<\/li>\n<li>armydept[.]us<\/li>\n<li>atozcourierservices[.]com<\/li>\n<li>aviatoncapital[.]com<\/li>\n<li>ciafleasinq[.]com<\/li>\n<li>conoilng[.]com<\/li>\n<li>defencecourierservice[.]com<\/li>\n<li>defensecourierdelivery[.]org<\/li>\n<li>defensecourierservice[.]com<\/li>\n<li>duluxsecuritiesinc[.]com<\/li>\n<li>edfenergy[.]us<\/li>\n<li>fasttrackexpressdelivery[.]us<\/li>\n<li>fbideptinvestigate[.]us<\/li>\n<li>fcmbservices[.]com<\/li>\n<li>felixairvvays[.]com<\/li>\n<li>fifaregionalprojects[.]org<\/li>\n<li>firstrepublicbkc[.]org<\/li>\n<li>g-t-b-online[.]com<\/li>\n<li>gaffrey-kroese[.]com<\/li>\n<li>gcb-gh[.]com<\/li>\n<li>gcb-gh[.]net<\/li>\n<li>gcb-ghana[.]com<\/li>\n<li>gcb-info[.]com<\/li>\n<li>gh-consultant[.]com<\/li>\n<li>ghobashco[.]com<\/li>\n<li>horizons-us[.]com<\/li>\n<li>hsbc-onlineservices[.]com<\/li>\n<li>information-ny[.]com<\/li>\n<li>investigateinterpol[.]net<\/li>\n<li>librarytech[.]net<\/li>\n<li>maincentralbnk[.]com<\/li>\n<li>memconpjo[.]com<\/li>\n<li>nawesservices[.]com<\/li>\n<li>nicemachs[.]com<\/li>\n<li>nigeria-custom[.]com<\/li>\n<li>otizjo[.]com<\/li>\n<li>pacificliife[.]com<\/li>\n<li>pannoceanic[.]com<\/li>\n<li>petronas-malaysia[.]com<\/li>\n<li>qirnemhemrinco[.]com<\/li>\n<li>qtps-inc[.]com<\/li>\n<li>satanderonlineservices[.]com<\/li>\n<li>sonozcape[.]net<\/li>\n<li>standardbnkforex-za[.]com<\/li>\n<li>techenica[.]com<\/li>\n<li>tsa-bwi[.]com<\/li>\n<li>ubacare[.]com<\/li>\n<li>unfraudunit[.]com<\/li>\n<li>unpf[.]us<\/li>\n<li>usamilitarydept[.]us<\/li>\n<li>usaphysicist[.]us<\/li>\n<li>ushomeland-security[.]us<\/li>\n<li>zs-dds[.]com<\/li>\n<\/ul>\n<h4>\u30d1\u30b9\u30ef\u30fc\u30c9\uff1a<\/h4>\n<ul>\n<li>0Withgod1<\/li>\n<li>0gZ3I%dmpXi5<\/li>\n<li>238Wmi9cnJ<\/li>\n<li>4Z*~uigF{mKD<\/li>\n<li>92z7nyy6CU<\/li>\n<li>A.?G34p}b);w<\/li>\n<li>ADmin7455&amp;<\/li>\n<li>ATIba2001!<\/li>\n<li>C7,5#dg4X1b?<\/li>\n<li>Chimaeze12<\/li>\n<li>Confirmed1<\/li>\n<li>F:SBrjW1<\/li>\n<li>General123#<\/li>\n<li>H;cLNBkHKO&amp;g<\/li>\n<li>Kunde54321<\/li>\n<li>LAURINA12<\/li>\n<li>Nelson12345<\/li>\n<li>P!{Xwn{eEV$T<\/li>\n<li>Pwd123456@@123<\/li>\n<li>QsvGK8H9XGJ8<\/li>\n<li>Team2318@<\/li>\n<li>Unbekannt88_$(98)<\/li>\n<li>Waly1981<\/li>\n<li>ZzZ_#C0FA)^#<\/li>\n<li>^al3M@1cr.eW<\/li>\n<li>a4def60f<\/li>\n<li>abacom12345<\/li>\n<li>abuchi12345<\/li>\n<li>abuchi54321<\/li>\n<li>accounts1961<\/li>\n<li>alfred54321<\/li>\n<li>bathram0123<\/li>\n<li>bethel54321<\/li>\n<li>bro54321<\/li>\n<li>chibueze54321<\/li>\n<li>chimaeze12<\/li>\n<li>codin1234<\/li>\n<li>compu54321<\/li>\n<li>dogood11<\/li>\n<li>duracellgrief<\/li>\n<li>ebuka12345<\/li>\n<li>humble12345<\/li>\n<li>immortal12345<\/li>\n<li>joinkrama2<\/li>\n<li>js123!<\/li>\n<li>k*wsOH*P]!up<\/li>\n<li>kaluojuotta1234<\/li>\n<li>kaycelaz5<\/li>\n<li>kelechi12345<\/li>\n<li>kunde54321<\/li>\n<li>loco1234<\/li>\n<li>miraclebaby16<\/li>\n<li>nathaniel<\/li>\n<li>nathaniel45<\/li>\n<li>nde10wp10<\/li>\n<li>nineslips09<\/li>\n<li>obi12345<\/li>\n<li>odichigo54321<\/li>\n<li>opera54321<\/li>\n<li>owerrisouth<\/li>\n<li>pentium12345<\/li>\n<li>pereyikelamo2<\/li>\n<li>philip54321<\/li>\n<li>pokerdick123<\/li>\n<li>pwd12345<\/li>\n<li>shoki54321<\/li>\n<li>spencer098765<\/li>\n<li>sular54321<\/li>\n<li>sular@54321<\/li>\n<li>team2318<\/li>\n<li>victory45<\/li>\n<li>wp@@123123<\/li>\n<li>xpen2000<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u5897\u3048\u308c\u3070\u554f\u984c\u3082\u5897\u3048\u308b \u4eca\u5e74Unit 42\u306f\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u5fa9\u6d3b\u3092\u76ee\u6483\u3057\u3066\u304d\u3066\u304a\u308a\u3001\u666e\u53ca\u5ea6\u306e\u9ad8\u30444\u3064\u306e\u30d5\u30a1\u30df\u30ea\u306e\u3069\u308c\u304b\u306b\u3064\u3044\u3066\u30ea\u30b5\u30fc\u30c1 \u30d6\u30ed\u30b0\u304c\u6bce\u9031\u65b0\u305f\u306b\u51fa\u3066\u3044\u308b\u3088\u3046\u306a\u69d8\u76f8\u3092\u5448\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u305d\u306e\u30d5\u30a1\u30df\u30ea\u3068\u306fKe<\/p>\n","protected":false},"author":135,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4321,1974,4428],"tags":[7629,7631,7617,7633,6369,5447,7634],"product_categories":[],"coauthors":[422],"class_list":["post-106073","post","type-post","status-publish","format-standard","hentry","category-threat-research","category-malware-ja","category-threat-research-ja","tag-ftp-ja","tag-hawkeye-ja","tag-http-ja","tag-ispy-ja","tag-keybase-ja","tag-keylogger-ja","tag-predatorpain"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5<\/title>\n<meta name=\"description\" content=\"\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u5897\u3048\u308c\u3070\u554f\u984c\u3082\u5897\u3048\u308b \u4eca\u5e74Unit 42\u306f\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u5fa9\u6d3b\u3092\u76ee\u6483\u3057\u3066\u304d\u3066\u304a\u308a\u3001\u666e\u53ca\u5ea6\u306e\u9ad8\u30444\u3064\u306e\u30d5\u30a1\u30df\u30ea\u306e\u3069\u308c\u304b\u306b\u3064\u3044\u3066\u30ea\u30b5\u30fc\u30c1\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5\" \/>\n<meta property=\"og:description\" content=\"\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u5897\u3048\u308c\u3070\u554f\u984c\u3082\u5897\u3048\u308b \u4eca\u5e74Unit 42\u306f\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u5fa9\u6d3b\u3092\u76ee\u6483\u3057\u3066\u304d\u3066\u304a\u308a\u3001\u666e\u53ca\u5ea6\u306e\u9ad8\u30444\u3064\u306e\u30d5\u30a1\u30df\u30ea\u306e\u3069\u308c\u304b\u306b\u3064\u3044\u3066\u30ea\u30b5\u30fc\u30c1\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-12T22:00:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-08T05:08:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-1.jpg\" \/>\n<meta name=\"author\" content=\"Jeff White\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5","description":"\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u5897\u3048\u308c\u3070\u554f\u984c\u3082\u5897\u3048\u308b \u4eca\u5e74Unit 42\u306f\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u5fa9\u6d3b\u3092\u76ee\u6483\u3057\u3066\u304d\u3066\u304a\u308a\u3001\u666e\u53ca\u5ea6\u306e\u9ad8\u30444\u3064\u306e\u30d5\u30a1\u30df\u30ea\u306e\u3069\u308c\u304b\u306b\u3064\u3044\u3066\u30ea\u30b5\u30fc\u30c1","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/","og_locale":"ja_JP","og_type":"article","og_title":"\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5","og_description":"\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u5897\u3048\u308c\u3070\u554f\u984c\u3082\u5897\u3048\u308b \u4eca\u5e74Unit 42\u306f\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u5fa9\u6d3b\u3092\u76ee\u6483\u3057\u3066\u304d\u3066\u304a\u308a\u3001\u666e\u53ca\u5ea6\u306e\u9ad8\u30444\u3064\u306e\u30d5\u30a1\u30df\u30ea\u306e\u3069\u308c\u304b\u306b\u3064\u3044\u3066\u30ea\u30b5\u30fc\u30c1","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/","og_site_name":"Unit 42","article_published_time":"2016-07-12T22:00:45+00:00","article_modified_time":"2020-04-08T05:08:06+00:00","og_image":[{"url":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-1.jpg","type":"","width":"","height":""}],"author":"Jeff White","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/"},"author":{"name":"Jeff White","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/32ecb81b6d2fc5ba9e630880df6a8184"},"headline":"\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5","datePublished":"2016-07-12T22:00:45+00:00","dateModified":"2020-04-08T05:08:06+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/"},"wordCount":516,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-1.jpg","keywords":["FTP","HawkEye","HTTP","iSpy","KeyBase","Keylogger","PredatorPain"],"articleSection":["Threat Research","\u30de\u30eb\u30a6\u30a7\u30a2","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/","name":"\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#primaryimage"},"thumbnailUrl":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-1.jpg","datePublished":"2016-07-12T22:00:45+00:00","dateModified":"2020-04-08T05:08:06+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/32ecb81b6d2fc5ba9e630880df6a8184"},"description":"\u30ad\u30fc\u30ed\u30ac\u30fc\u304c\u5897\u3048\u308c\u3070\u554f\u984c\u3082\u5897\u3048\u308b \u4eca\u5e74Unit 42\u306f\u30ad\u30fc\u30ed\u30ac\u30fc\u6d3b\u52d5\u306e\u5fa9\u6d3b\u3092\u76ee\u6483\u3057\u3066\u304d\u3066\u304a\u308a\u3001\u666e\u53ca\u5ea6\u306e\u9ad8\u30444\u3064\u306e\u30d5\u30a1\u30df\u30ea\u306e\u3069\u308c\u304b\u306b\u3064\u3044\u3066\u30ea\u30b5\u30fc\u30c1","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#primaryimage","url":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-1.jpg","contentUrl":"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/0713-1.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"\u57cb\u3081\u8fbc\u307e\u308c\u305f\u8a8d\u8a3c\u8cc7\u683c\u60c5\u5831\u304b\u3089\u30ad\u30fc\u30ed\u30ac\u30fc\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u3092\u8ffd\u8de1\u3059\u308b\u65b9\u6cd5"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/32ecb81b6d2fc5ba9e630880df6a8184","name":"Jeff White","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/9213e49ea48b7676660bac40d05c9e3e","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Jeff White"},"description":"Principal threat researcher, enterprise R&amp;D, FWaaP, Palo Alto Networks","url":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/author\/jeff-white\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106073","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/135"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=106073"}],"version-history":[{"count":6,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106073\/revisions"}],"predecessor-version":[{"id":106079,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106073\/revisions\/106079"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=106073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=106073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=106073"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=106073"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=106073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}