{"id":117146,"date":"2021-02-17T13:45:01","date_gmt":"2021-02-17T21:45:01","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=117146"},"modified":"2021-02-21T16:56:23","modified_gmt":"2021-02-22T00:56:23","slug":"watchdog-cryptojacking","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/","title":{"rendered":"WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f"},"content":{"rendered":"<h2>\u6982\u8981<\/h2>\n<p>\u672c\u7a3f\u3067\u306f\u3001Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306b\u3088\u3063\u3066\u66b4\u304b\u308c\u305f\u3001\u3053\u308c\u307e\u3067\u77e5\u3089\u308c\u3066\u3044\u308b\u3082\u306e\u306e\u306a\u304b\u3067\u3082\u6700\u5927\u304b\u3064\u6700\u9577\u306eMonero\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002\u3053\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u3001Linux\u30c7\u30fc\u30e2\u30f3\u540d<a href=\"https:\/\/linux.die.net\/man\/8\/watchdog\">watchdogd<\/a>\u306b\u306a\u3089\u3063\u3066\u300cWatchDog\u300d\u3068\u547c\u3070\u308c\u3066\u3044\u307e\u3059\u3002WatchDog\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f2019\u5e741\u670827\u65e5\u304b\u3089\u5b9f\u884c\u3055\u308c\u3066\u304a\u308a\u3001\u5c11\u306a\u304f\u3068\u3082209 Monero\uff08XMR\uff09\u3001\u7c73\u30c9\u30eb\u63db\u7b97\u3067\u7d0432,056\u30c9\u30eb\uff08\u65e5\u672c\u5186\u3067\u304a\u3088\u305d340\u4e07\u5186\uff09\u3092\u96c6\u3081\u3066\u3044\u307e\u3057\u305f\u3002\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001\u5c11\u306a\u304f\u3068\u3082\u540c\u6642\u306b476\u53f0\u306e\u4fb5\u5bb3\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\uff08\u4e3b\u306bWindows\u3001*NIX\u306e\u30af\u30e9\u30a6\u30c9\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\uff09\u304c\u30012\u5e74\u4ee5\u4e0a\u306b\u308f\u305f\u308a\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u305f\u3082\u306e\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u3068\u306f\u3001\u81ea\u8eab\u306e\u6240\u6709\u30fb\u4fdd\u5b88\u4e0b\u306b\u306a\u3044\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u304c\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u884c\u3046\u884c\u70ba\u3092\u6307\u3057\u307e\u3059\u3002\u60aa\u610f\u306e\u3042\u308b\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u73fe\u5728<a href=\"https:\/\/unit42.paloaltonetworks.jp\/highlight-cloud-threat-report-iam\/\">\u30af\u30e9\u30a6\u30c9\u74b0\u5883\u306e23\uff05<\/a>\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u3066\u3044\u308b\u3068\u63a8\u5b9a\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u308c\u306f<a href=\"https:\/\/securelist.com\/ransomware-and-malicious-crypto-miners-in-2016-2018\/86238\/\">2018\u5e74\u6642\u70b9\u306e8%\u3068\u6bd4\u307915\uff05<\/a>\u306e\u5897\u52a0\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u5897\u52a0\u306f\u4e3b\u306b\u6697\u53f7\u901a\u8ca8\uff08\u4eee\u60f3\u901a\u8ca8\uff09\u4fa1\u5024\u306e\u6025\u6fc0\u306a\u4e0a\u6607\u306b\u3088\u3063\u3066\u5f15\u304d\u8d77\u3053\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u6697\u53f7\u901a\u8ca8\u306e\u80cc\u5f8c\u306b\u3042\u308b\u6280\u8853\u3001\u30d6\u30ed\u30c3\u30af\u30c1\u30a7\u30fc\u30f3\u306e\u4e16\u754c\u5e02\u5834\u306f<a href=\"https:\/\/www.prnewswire.com\/news-releases\/worldwide-blockchain-report-market-shares-strategies-and-forecasts-2018-2024-market-is-anticipated-to-reach-607-billion-with-ibm-microsft--accenture-driving-blockchain-300581333.html\">2024\u5e74\u307e\u3067\u306b607\u5104\u30c9\u30eb\u306b\u9054\u3059\u308b\u3068\u4e88\u60f3\u3055\u308c\u3066\u304a\u308a<\/a>\u3001\u72af\u7f6a\u7d44\u7e54\u3084\u30a2\u30af\u30bf\u30fc\u30b0\u30eb\u30fc\u30d7\u306f\u3053\u3053\u304b\u3089\u5229\u76ca\u3092\u5f97\u3088\u3046\u3068\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u672c\u7a3f\u3067\u306f\u3001Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u304cWatchDog\u306b\u3088\u308b\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306e\u6982\u8981\u3092\u8aac\u660e\u3057\u307e\u3059\u3002WatchDog\u30de\u30a4\u30ca\u30fc\u306f\u30013\u90e8\u69cb\u6210\u306eGo\u8a00\u8a9e\u30d0\u30a4\u30ca\u30ea\u30bb\u30c3\u30c8\u3068bash\u307e\u305f\u306fPowerShell\u30b9\u30af\u30ea\u30d7\u30c8\u30d5\u30a1\u30a4\u30eb\u3067\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30d0\u30a4\u30ca\u30ea\u306b\u306f\u7279\u5b9a\u306e\u6a5f\u80fd\u304c\u3042\u308a\u3001\u305d\u306e1\u3064\u304cLinux\u306ewatchdogd\u6a5f\u80fd\u3092\u30a8\u30df\u30e5\u30ec\u30fc\u30c8\u3057\u3066\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u304c\u30cf\u30f3\u30b0\u3001\u30aa\u30fc\u30d0\u30fc\u30ed\u30fc\u30c9\u3001\u307e\u305f\u306f\u4e88\u671f\u305b\u305a\u7d42\u4e86\u3057\u306a\u3044\u3088\u3046\u306b\u3059\u308b\u3053\u3068\u3067\u3059\u30022\u756a\u76ee\u306eGo\u30d0\u30a4\u30ca\u30ea\u306f\u3001IP\u30a2\u30c9\u30ec\u30b9\u30cd\u30c3\u30c8\u7bc4\u56f2\u306e\u69cb\u6210\u53ef\u80fd\u30ea\u30b9\u30c8\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3001\u305d\u306e\u5f8c\u30b9\u30ad\u30e3\u30f3\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u4e2d\u306b\u691c\u51fa\u3057\u305f\u8b58\u5225\u6e08\u307f*NIX\u3001Windows\u30b7\u30b9\u30c6\u30e0\u3092\u6a19\u7684\u3068\u3057\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u6a5f\u80fd\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002\u6700\u5f8c\u306b3\u756a\u76ee\u306eGo\u30d0\u30a4\u30ca\u30ea\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u958b\u59cb\u3055\u308c\u305fbash\u307e\u305f\u306fPowerShell\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30ab\u30b9\u30bf\u30e0\u69cb\u6210\u3092\u4f7f\u7528\u3057\u3001Windows\u307e\u305f\u306f*NIX\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\uff08OS\uff09\u4e0a\u3067\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u958b\u59cb\u3057\u307e\u3059\u3002WatchDog\u306f\u3001Go\u30d0\u30a4\u30ca\u30ea\u3092\u4f7f\u3046\u3053\u3068\u306b\u3088\u308a\u3001\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u304c\u9055\u3063\u3066\u3082Go\u8a00\u8a9e\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u304c\u6a19\u7684\u30b7\u30b9\u30c6\u30e0\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3055\u3048\u3044\u308c\u3070\u3001\u540c\u3058\u30d0\u30a4\u30ca\u30ea\uff08Windows\u3068NIX\uff09\u3092\u4f7f\u3063\u3066\u6307\u5b9a\u3057\u305f\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u80cc\u5f8c\u306b\u3042\u308b\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u5168\u4f53\u56f3\u3092\u4f5c\u6210\u3057\u3001\u30eb\u30fc\u30c8IP\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c818\u4ef6\u3068\u60aa\u610f\u306e\u3042\u308b\u30c9\u30e1\u30a4\u30f37\u4ef6\u3092\u7279\u5b9a\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u306f\u3001\u30c4\u30fc\u30eb\u30bb\u30c3\u30c8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306b\u4f7f\u7528\u3055\u308c\u308b\u5c11\u306a\u304f\u3068\u3082125\u4ef6\u306e\u60aa\u610f\u306e\u3042\u308bURL\u30a2\u30c9\u30ec\u30b9\u3092\u63d0\u4f9b\u3057\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>Unit 42\u306f2019\u5e7410\u6708\u306bDockerHub\u4e0a\u3067\u30ef\u30fc\u30e0\u5316\u53ef\u80fd\u306aMonero\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3<a href=\"https:\/\/unit42.paloaltonetworks.jp\/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub\/\">Graboid<\/a>\u306b\u3064\u3044\u3066\u5831\u544a\u3057\u305f\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002Graboid\u306f\u3001\u30a2\u30af\u30c6\u30a3\u30d6\u306a\u30b7\u30b9\u30c6\u30e0\u306e\u7dcf\u6570\u3068\u3044\u3046\u70b9\u3067\u305d\u308c\u307e\u3067\u306b\u77e5\u3089\u308c\u3066\u3044\u305f\u6700\u5927\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3067\u3057\u305f\u3002\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u6642\u70b9\u3067Graboid\u306f\u5c11\u306a\u304f\u3068\u30822,000\u53f0\u306e\u4fb5\u5bb3\u3055\u308c\u305f\u516c\u958b\u6e08\u307fDocker Daemon API\u30b7\u30b9\u30c6\u30e0\u3067\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u5404Graboid\u30de\u30a4\u30ca\u30fc\u306f\u3001\u4e00\u5ea6\u306b\u5168\u4f53\u306e65%\u3092\u7a3c\u50cd\u3055\u305b\u3066\u3044\u307e\u3057\u305f\u3002\u3064\u307e\u308a\u3001\u540c\u6642\u306b\u306f\u7d041,300\u53f0\uff082000 * 0.65 = 1300\uff09\u306e\u4fb5\u5bb3\u3055\u308c\u305fDocker\u30b3\u30f3\u30c6\u30ca\u304c\u30de\u30a4\u30cb\u30f3\u30b0\u3057\u3066\u3044\u305f\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002\u3055\u3089\u306bGraboid\u306f\u3001\u4f7f\u7528\u53ef\u80fd\u306a\u3059\u3079\u3066\u306e\u30b3\u30f3\u30c6\u30ca\u4e2d\u592e\u51e6\u7406\u88c5\u7f6e\uff08CPU\uff09\u3092\u5229\u7528\u3059\u308b\u69cb\u6210\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u3088\u308a\u3001\u3088\u308a\u9ad8\u3044\u51e6\u7406\u901f\u5ea6\u3092\u9054\u6210\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3057\u305f\u3002\u305f\u3060\u3057Graboid\u306fDockerHub\u30a4\u30e1\u30fc\u30b8\u304c\u524a\u9664\u3055\u308c\u308b\u307e\u3067\u306e\u6700\u59273\u304b\u6708\u9593\u3057\u304b\u52d5\u4f5c\u3057\u306a\u3044\u3053\u3068\u304c\u308f\u304b\u3063\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>\u3053\u308c\u3068\u6bd4\u3079\u3001WatchDog\u306f\u60aa\u610f\u306e\u3042\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u306e\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u3092\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u30b5\u30a4\u30c8\u306b\u4f9d\u5b58\u3057\u306a\u3044\u3053\u3068\u304b\u3089\u3001\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u30672\u5e74\u4ee5\u4e0a\u3082\u30a2\u30af\u30c6\u30a3\u30d6\u306a\u72b6\u614b\u3092\u4fdd\u3063\u3066\u3053\u3089\u308c\u307e\u3057\u305f\u3002<\/p>\n<p>WatchDog\u306e\u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u304c\u719f\u7df4\u3057\u305f\u30b3\u30fc\u30c0\u30fc\u3067\u3042\u308b\u3053\u3068\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3053\u308c\u307e\u3067\u3055\u307b\u3069\u6ce8\u76ee\u3092\u96c6\u3081\u305a\u306b\u304d\u305f\u3053\u3068\u306f\u660e\u3089\u304b\u3067\u3059\u3002\u73fe\u6642\u70b9\u3067\u8ffd\u52a0\u306e\u30af\u30e9\u30a6\u30c9\u4fb5\u5bb3\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\uff08\u3064\u307e\u308a\u3001\u30af\u30e9\u30a6\u30c9\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306eID\u304a\u3088\u3073\u30a2\u30af\u30bb\u30b9\u7ba1\u7406\uff08IAM\uff09\u8cc7\u683c\u60c5\u5831\u3001\u30a2\u30af\u30bb\u30b9ID\u3001\u307e\u305f\u306f\u30ad\u30fc\u306e\u7a83\u53d6\uff09\u306e\u5146\u5019\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u30af\u30e9\u30a6\u30c9\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u3055\u3089\u306a\u308b\u4fb5\u5bb3\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u306f\u3042\u308a\u307e\u3059\u3002\u3068\u3044\u3046\u306e\u3082\u3001\u3053\u308c\u3089\u306e\u653b\u6483\u8005\u306b\u306f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u690d\u3048\u4ed8\u3051\u306e\u6bb5\u968e\u3067\u7a83\u53d6\u6e08\u307f\u306e\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3084\u7ba1\u7406\u8005\u30a2\u30af\u30bb\u30b9\u304c\u3042\u308b\u306e\u3067\u3001\u305d\u3046\u3057\u305f\u4fb5\u5bb3\u6e08\u307f\u30af\u30e9\u30a6\u30c9\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067IAM\u95a2\u9023\u60c5\u5831\u3082\u898b\u3064\u3051\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u304b\u3089\u3067\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e<a href=\"https:\/\/www.paloaltonetworks.jp\/prisma\/access\">Prisma Access<\/a>\u306f\u3001PAN-OS\u7d4c\u7531\u3067\u3001WatchDog\u306e18\u500b\u306eIP\u30a2\u30c9\u30ec\u30b9\u30017\u500b\u306e\u30c9\u30e1\u30a4\u30f3\u3001\u95a2\u9023URL\u30a2\u30c9\u30ec\u30b9\u3092\u305d\u308c\u305e\u308c\u691c\u51fa\u3059\u308b\u3088\u3046\u306b\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\u3002<a href=\"https:\/\/www.paloaltonetworks.jp\/prisma\/cloud\">Prisma Cloud<\/a>\u3082\u307e\u305f\u3001Prisma Cloud Compute Defender\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u30af\u30e9\u30a6\u30c9\u74b0\u5883\u3067\u3001WatchDog\u30de\u30a4\u30ca\u30fc\u306b\u3088\u308b\u60aa\u610f\u306e\u3042\u308bXMRig\u30d7\u30ed\u30bb\u30b9\u304c\u5229\u7528\u3055\u308c\u305f\u5834\u5408\u3001\u305d\u308c\u3092\u691c\u51fa\u3057\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-117083-_1qyeiyqk2kex\"><\/a>\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb<\/h2>\n<p>Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001WatchDog\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u5185\u306e3\u3064\u306eXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u3092\u7279\u5b9a\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u306fWatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30d0\u30a4\u30ca\u30ea\u3068\u4e00\u7dd2\u306b\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u3001\u3053\u3053\u306b\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u4e2d\u306b\u4f7f\u7528\u3059\u308bXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u3068\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u69cb\u6210\u30d5\u30a1\u30a4\u30eb<span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span>\u306e\u4f8b\u306b\u3064\u3044\u3066\u306f\u56f31\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<figure id=\"attachment_117086\" aria-describedby=\"caption-attachment-117086\" style=\"width: 840px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117087 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-53.png\" alt=\"WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30d0\u30a4\u30ca\u30ea\u3068\u4e00\u7dd2\u306b\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u305f\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u306e\u4f8b\u3002\u3053\u308c\u3089\u306b\u306f\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u4e2d\u306b\u4f7f\u7528\u3055\u308c\u308bXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u3068\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002 \" width=\"840\" height=\"246\" \/><figcaption id=\"caption-attachment-117086\" class=\"wp-caption-text\">\u56f31 XMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u306e\u8a73\u7d30\u3092\u793a\u3059config.json\u30d5\u30a1\u30a4\u30eb<\/figcaption><\/figure>\n<p>WatchDog\u3067\u4f7f\u7528\u3055\u308c\u308b\u3059\u3079\u3066\u306e\u65e2\u77e5\u306econfig.json\u30d5\u30a1\u30a4\u30eb\u3092\u8abf\u3079\u3001\u79c1\u305f\u3061\u306f3\u3064\u306eXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u3092\u6b21\u306e\u3088\u3046\u306b\u7279\u5b9a\u3057\u307e\u3057\u305f\u3002<\/p>\n<p style=\"padding-left: 80px;\"><span style=\"font-family: 'courier new', courier, monospace;\">43zqYTWj1JG1H1idZFQWwJZLTos3hbJ5iR3tJpEtwEi43UBbzPeaQxCRysdjYTtdc8aHao7csiWa5BTP9PfNYzyfSbbrwoR<\/span><\/p>\n<p style=\"padding-left: 80px;\"><span style=\"font-family: 'courier new', courier, monospace;\">82etS8QzVhqdiL6LMbb85BdEC3KgJeRGT3X1F3DQBnJa2tzgBJ54bn4aNDjuWDtpygBsRqcfGRK4gbbw3xUy3oJv7TwpUG4<\/span><\/p>\n<p style=\"padding-left: 80px;\"><span style=\"font-family: 'courier new', courier, monospace;\">87q6aU1M9xmQ5p3wh8Jzst5mcFfDzKEuuDjV6u7Q7UDnAXJR7FLeQH2UYFzhQatde2WHuZ9LbxRsf3PGA8gpnGXL3G7iWMv<\/span><\/p>\n<p>\u3053\u308c\u3089\u306e3\u3064\u306eXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u306f\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3001\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u3001\u6a5f\u80fd\u3001\u652f\u6255\u3044\u51e6\u7406\u306e\u305f\u3081\u3001\u5c11\u306a\u304f\u3068\u30823\u3064\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u30681\u3064\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb:<\/strong><\/td>\n<td><strong>\u30dd\u30fc\u30c8<\/strong><\/td>\n<td><strong>\u30d1\u30d6\u30ea\u30c3\u30af\u307e\u305f\u306f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8<\/strong><\/td>\n<\/tr>\n<tr>\n<td>xmr.f2pool[.]com<\/td>\n<td>13531<\/td>\n<td>\u30d1\u30d6\u30ea\u30c3\u30af<\/td>\n<\/tr>\n<tr>\n<td>xmr-eu2.nanopool[.]org<\/td>\n<td>14444<\/td>\n<td>\u30d1\u30d6\u30ea\u30c3\u30af<\/td>\n<\/tr>\n<tr>\n<td>xmr.pool.gntl[.]co.uk<\/td>\n<td>40009<\/td>\n<td>\u30d1\u30d6\u30ea\u30c3\u30af<\/td>\n<\/tr>\n<tr>\n<td>80[.]211[.]206[.]105<\/td>\n<td>6666<\/td>\n<td>\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"font-size: 12pt;\"><sup><span style=\"color: #999999;\"><em>\u88681 WatchDog\u30de\u30a4\u30ca\u30fc\u304c\u4f7f\u7528\u3059\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u3068\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb<\/em><\/span><\/sup><\/span><\/p>\n<p>\u6b21\u306e8\u3064\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u306f\u3001\u7279\u5b9a\u3055\u308c\u305f3\u3064\u306eXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u306e\u305d\u308c\u305e\u308c\u306b\u3064\u3044\u3066\u3001f2pool\u3001nanopool\u3001\u304a\u3088\u3073GNTL\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u304b\u3089\u53ce\u96c6\u3055\u308c\u305f\u8abf\u67fb\u7d50\u679c\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-117083-_lchrkte1rbvz\"><\/a><strong>f2pool\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb<\/strong><\/h4>\n<p>\u56f32\u3068\u56f33\u306f\u3001f2pool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5185\u3067\u983b\u7e41\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u300c43zq\u300d\u3067\u59cb\u307e\u308bXMR\u30a2\u30c9\u30ec\u30b9\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30a2\u30c9\u30ec\u30b9\u306f\u304a\u3088\u305d200 XMR\u306eMonero\u3092\u96c6\u3081\u3066\u3044\u307e\u3059\u3002\u4e00\u65b9\u3001\u300c82et\u300d\u3067\u59cb\u307e\u308bXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u306f\u306f\u308b\u304b\u306b\u4f4e\u3044\u983b\u5ea6\u3067\u52d5\u4f5c\u3057\u3066\u304a\u308a\u3001\u3053\u3061\u3089\u306f 2.3 XMR\u3057\u304b\u96c6\u3081\u3066\u3044\u307e\u305b\u3093\uff08\u56f34\u304a\u3088\u30735\u3092\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117088\" aria-describedby=\"caption-attachment-117088\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117089 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-54.png\" alt=\"\u3053\u308c\u306f\u3001f2pool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u306e\u30a6\u30a9\u30ec\u30c3\u30c843zq\u306eXMR\u5408\u8a08\u3092\u793a\u3057\u3066\u3044\u3066\u3001\u3053\u308c\u306f\u7d04200XMR\u306eMonero\u3092\u96c6\u3081\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"149\" \/><figcaption id=\"caption-attachment-117088\" class=\"wp-caption-text\">\u56f32 XMR\u30a6\u30a9\u30ec\u30c3\u30c843zq\u3068\u305d\u306eXMR\u306e\u5408\u8a08<\/figcaption><\/figure>\n<figure id=\"attachment_117090\" aria-describedby=\"caption-attachment-117090\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117091 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-55.png\" alt=\"XMR\u30a6\u30a9\u30ec\u30c3\u30c843zq\u306f\u3001f2pool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5185\u306eWatchDog\u306b\u983b\u7e41\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u753b\u50cf\u306f\u300130\u65e5\u9593\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"258\" \/><figcaption id=\"caption-attachment-117090\" class=\"wp-caption-text\">\u56f33 XMR\u30a6\u30a9\u30ec\u30c3\u30c843zq\u3068\u305d\u306e30\u65e5\u9593\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8<\/figcaption><\/figure>\n<figure id=\"attachment_117092\" aria-describedby=\"caption-attachment-117092\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117093 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-56.png\" alt=\"\u3053\u308c\u306f\u3001f2pool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u306e\u30a6\u30a9\u30ec\u30c3\u30c882et\u306eXMR\u5408\u8a08\u3092\u793a\u3057\u3066\u3044\u3066\u3001\u3053\u3061\u3089\u306f2.3XMR\u3057\u304b\u96c6\u3081\u3066\u3044\u307e\u305b\u3093\u3002 \" width=\"900\" height=\"150\" \/><figcaption id=\"caption-attachment-117092\" class=\"wp-caption-text\">\u56f34 XMR\u30a6\u30a9\u30ec\u30c3\u30c882et\u3068\u305d\u306eXMR\u5408\u8a08<\/figcaption><\/figure>\n<figure id=\"attachment_117094\" aria-describedby=\"caption-attachment-117094\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117095 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-57.png\" alt=\"XMR\u30a6\u30a9\u30ec\u30c3\u30c882et\u306f\u3001f2pool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5185\u306eWatchDog\u3067\u306f\u3042\u307e\u308a\u4f7f\u7528\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u3053\u306e\u753b\u50cf\u306f\u300130\u65e5\u9593\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"244\" \/><figcaption id=\"caption-attachment-117094\" class=\"wp-caption-text\">\u56f35 XMR\u30a6\u30a9\u30ec\u30c3\u30c882et\u3068\u305d\u306e30\u65e5\u9593\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8<\/figcaption><\/figure>\n<h4><a id=\"post-117083-_wm8k2xlyrgfe\"><\/a><strong>nanopool\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb<\/strong><\/h4>\n<p>\u300c82et\u300d\u3067\u59cb\u307e\u308bXMR\u30a2\u30c9\u30ec\u30b9\u306f\u3001f2pool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5185\u3067\u306f\u3055\u307b\u3069\u30a2\u30af\u30c6\u30a3\u30d6\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u304c\u3001nanopool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\uff08\u56f36\u3001\u56f37\u3092\u53c2\u7167\uff09\u3067\u306f\u3001\u300c43zq\u300d\u3067\u59cb\u307e\u308bXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\uff08\u56f38\u3001\u56f39\u3092\u53c2\u7167\uff09\u3088\u308a\u3082\u5927\u304d\u306a\u95a2\u4e0e\u304c\u898b\u3089\u308c\u307e\u3057\u305f\u3002\u305f\u3060\u3057\u3001nanopool\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u5168\u4f53\u3067\u30de\u30a4\u30cb\u30f3\u30b0\u3055\u308c\u305fXMR\u5168\u4f53\u306e\u307b\u3093\u306e\u4e00\u90e8\u3067\u3057\u304b\u306a\u304f\u3001\u73fe\u5728\u307e\u3067\u3067\u306b\u30de\u30a4\u30cb\u30f3\u30b0\u3055\u308c\u305f\u306e\u306f6.8XMR\u30b3\u30a4\u30f3\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_117096\" aria-describedby=\"caption-attachment-117096\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117097 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-58.png\" alt=\"XMR\u30a6\u30a9\u30ec\u30c3\u30c882et\u306f\u3001nanopool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u3067\u306f\u3088\u308a\u5927\u304d\u306a\u95a2\u4e0e\u304c\u898b\u3089\u308c\u307e\u3057\u305f\u3002\u3053\u3053\u306b\u793a\u3055\u308c\u3066\u3044\u308b\u30e9\u30a4\u30d5\u30bf\u30a4\u30e0\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3068\u30d0\u30e9\u30f3\u30b9\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002 \" width=\"900\" height=\"427\" \/><figcaption id=\"caption-attachment-117096\" class=\"wp-caption-text\">\u56f36 XMR\u30a6\u30a9\u30ec\u30c3\u30c882et\u3068\u305d\u306e\u5168\u671f\u9593\u3067\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8<\/figcaption><\/figure>\n<figure id=\"attachment_117098\" aria-describedby=\"caption-attachment-117098\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117099 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-59.png\" alt=\"XMR\u30a6\u30a9\u30ec\u30c3\u30c882et\u306f\u3001XMR\u30da\u30a4\u30a2\u30a6\u30c8\u3068\u3068\u3082\u306b\u3053\u3053\u306b\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002nanopool\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5185\u3067\u3001\u3053\u306e\u30a6\u30a9\u30ec\u30c3\u30c8\u306f\u3053\u308c\u307e\u3067\u306b\u30de\u30a4\u30cb\u30f3\u30b0\u3055\u308c\u305f6.8\u306eXMR\u30b3\u30a4\u30f3\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"334\" \/><figcaption id=\"caption-attachment-117098\" class=\"wp-caption-text\">\u56f37\u3002XMR\u30a6\u30a9\u30ec\u30c3\u30c882et\u3068\u305d\u306eXMR\u30da\u30a4\u30a2\u30a6\u30c8<\/figcaption><\/figure>\n<figure id=\"attachment_117100\" aria-describedby=\"caption-attachment-117100\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117101 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-60.png\" alt=\"\u3053\u306e\u753b\u50cf\u306f\u3001\u6bd4\u8f03\u306e\u305f\u3081\u306b\u3001XMR\u30a6\u30a9\u30ec\u30c3\u30c843zq\u3068nanopool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5185\u306e\u305d\u306e\u30e9\u30a4\u30d5\u30bf\u30a4\u30e0\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"418\" \/><figcaption id=\"caption-attachment-117100\" class=\"wp-caption-text\">\u56f38 XMR\u30a6\u30a9\u30ec\u30c3\u30c843zq\u3068\u305d\u306e\u5168\u671f\u9593\u3067\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8<\/figcaption><\/figure>\n<figure id=\"attachment_117102\" aria-describedby=\"caption-attachment-117102\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117103 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-61.png\" alt=\"nanopool\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5185\u306eXMR\u30a6\u30a9\u30ec\u30c3\u30c843zq\u306eXMR\u5408\u8a08\u652f\u6255\u3044\u984d\u306f\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u5168\u4f53\u306e\u307b\u3093\u306e\u4e00\u90e8\u306b\u3059\u304e\u307e\u305b\u3093\u3002 \" width=\"900\" height=\"172\" \/><figcaption id=\"caption-attachment-117102\" class=\"wp-caption-text\">\u56f39 XMR\u30a6\u30a9\u30ec\u30c3\u30c843zq\u3068\u305d\u306eXMR\u30da\u30a4\u30a2\u30a6\u30c8\u7dcf\u984d<\/figcaption><\/figure>\n<h4><a id=\"post-117083-_s8w5j222d3f\"><\/a><strong>GNTL XMR\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb<\/strong><\/h4>\n<p>\u300c87qa\u300d\u3067\u59cb\u307e\u308b\u30a6\u30a9\u30ec\u30c3\u30c8\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u80fd\u529b\u3092\u3053\u3053\u306b\u30ea\u30b9\u30c8\u3057\u305f3\u3064\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u3059\u3079\u3066\u306b\u7d50\u3073\u3064\u3051\u308b\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u304c1\u70b9\u7279\u5b9a\u3055\u308c\u307e\u3057\u305f\u304c\u3001\u305d\u306e\u306a\u304b\u3067\u306fGNTL\u306e\u307f\u306b\u300c87qa\u300dXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u3068\u95a2\u9023\u3059\u308b\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u304c\u898b\u3089\u308c\u307e\u3057\u305f\uff08\u56f310\u53c2\u7167\uff09\u3002\u305f\u3060\u3057\u3001\u3053\u306eXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u30a2\u30c9\u30ec\u30b9\u306f\u3001WatchDog\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u5185\u3067\u306f\u3042\u307e\u308a\u4f7f\u7528\u3055\u308c\u3066\u3044\u306a\u3044\u3088\u3046\u3067\u3001\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067\u306f\u300c87qa\u300dXMR\u30a2\u30c9\u30ec\u30b9\u3067GNTL\u304b\u3089\u30de\u30a4\u30cb\u30f3\u30b0\u3055\u308c\u305f\u306e\u306f0.59 XMR\u306e\u307f\u3067\u3059\uff08\u56f310\u304a\u3088\u307311\u3092\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117104\" aria-describedby=\"caption-attachment-117104\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117105 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-62.png\" alt=\"GNTL XMR\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u306f\u3001\u3053\u3053\u306b\u30ea\u30b9\u30c8\u3055\u308c\u3066\u3044\u308b3\u3064\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u306e\u3046\u3061\u300187qa\u306eXMR\u30a6\u30a9\u30ec\u30c3\u30c8\u306b\u95a2\u9023\u3059\u308b\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u304c\u793a\u3055\u308c\u305f\u552f\u4e00\u306e\u30d7\u30fc\u30eb\u3067\u3059\u3002\u3053\u306e\u753b\u50cf\u306f\u3001XMR\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"405\" \/><figcaption id=\"caption-attachment-117104\" class=\"wp-caption-text\">\u56f310 XMR\u30a6\u30a9\u30ec\u30c3\u30c887qa\u304a\u3088\u3073XMR\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8<\/figcaption><\/figure>\n<figure id=\"attachment_117106\" aria-describedby=\"caption-attachment-117106\" style=\"width: 879px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117107 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-63.png\" alt=\"\u672c\u7a3f\u57f7\u7b46\u6642\u70b9\u3067\u306f87qa\u306eXMR\u30a2\u30c9\u30ec\u30b9\u3067GNTL\u304b\u3089\u30de\u30a4\u30cb\u30f3\u30b0\u3055\u308c\u305f\u306e\u306f0.59 XMR\u306e\u307f\u3067\u3059\u3002 \" width=\"879\" height=\"778\" \/><figcaption id=\"caption-attachment-117106\" class=\"wp-caption-text\">\u56f311 XMR\u30a6\u30a9\u30ec\u30c3\u30c887qa\u3068XMR\u30da\u30a4\u30a2\u30a6\u30c8\u7dcf\u984d<\/figcaption><\/figure>\n<p>\u79c1\u305f\u3061\u306f3\u3064\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u3059\u3079\u3066\u304b\u3089\u53ce\u96c6\u3057\u305f\u30c7\u30fc\u30bf\u3092\u4f7f\u3063\u3066\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u5168\u4f53\u3067XMR\u30a6\u30a9\u30ec\u30c3\u30c8\u306f\u5e73\u57471,037KH\/s\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3092\u6301\u3064\u3082\u306e\u3068\u7b97\u5b9a\u3057\u307e\u3057\u305f\u3002\u6b21\u306b\u79c1\u305f\u3061\u306f\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u7a4d\u6975\u7684\u306b\u53c2\u52a0\u3057\u3066\u3044\u308b\u30b7\u30b9\u30c6\u30e0\u306e\u73fe\u5728\u306e\u6570\u3092\u898b\u7a4d\u308a\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u63a7\u3048\u3081\u306b\u898b\u7a4d\u3082\u3063\u3066\u3001\u3069\u306e\u6642\u70b9\u3092\u3068\u3063\u3066\u3082\u5e73\u5747\u3067476\u53f0\u306e\u30b7\u30b9\u30c6\u30e0\u304cWatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u7a4d\u6975\u7684\u306b\u95a2\u4e0e\u3057\u3066\u3044\u308b\u3082\u306e\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u898b\u7a4d\u3082\u308a\u306f\u8907\u6570\u306e\u30af\u30e9\u30a6\u30c9\u30d7\u30ed\u30d0\u30a4\u30c0\u6700\u5927\u624b\u306eCPU\u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\u95a2\u9023\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u30d9\u30fc\u30b9\u306b\u8a08\u7b97\u3057\u3066\u3044\u307e\u3059\u3002\u3059\u3079\u3066\u306e\u30af\u30e9\u30a6\u30c9\u30d7\u30ed\u30d0\u30a4\u30c0\u306f\u30af\u30e9\u30a6\u30c9VM\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u5927\u534a\u3067Intel XeonE5\u304a\u3088\u3073AMDEPYCCPU\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u8b33\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u4eba\u6c17XMR\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2<a href=\"https:\/\/github.com\/xmrig\/xmrig\">XMRig<\/a>\u306e\u30d9\u30f3\u30c1\u30de\u30fc\u30af\u30cf\u30c3\u30b7\u30e5\u8a08\u7b97\u6a5f\u3092\u4f7f\u3046\u3068\u30df\u30c3\u30c9\u30ec\u30f3\u30b8\u306e<a href=\"https:\/\/xmrig.com\/benchmark?cpu=Intel%28R%29+Xeon%28R%29+CPU+E5-2620+v3+%40+2.40GHz\">Intel Xeon E5<\/a>\u3084<a href=\"https:\/\/xmrig.com\/benchmark?cpu=AMD+EPYC+7601+32-Core+Processor\">AMD EPYC\u30b7\u30ea\u30fc\u30ba7<\/a>\u306a\u3069\u306e\u30d7\u30ed\u30bb\u30c3\u30b5\u306e\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3092\u8a08\u7b97\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u5404\u30d7\u30ed\u30bb\u30c3\u30b5\u306e\u5358\u4e00\u30b9\u30ec\u30c3\u30c9\u306f\u3001AMD EPYC\u30b7\u30ea\u30fc\u30ba7\u3067\u306f543H\/s\uff081\u79d2\u3042\u305f\u308a\u306e\u30cf\u30c3\u30b7\u30e5\u6570\uff09\u3001Intel XeonE5\u3067\u306f544H\/s\u306e\u63a8\u5b9a\u30cf\u30c3\u30b7\u30e5\u30ec\u30fc\u30c8\u3092\u751f\u6210\u3067\u304d\u307e\u3059\u3002WatchDog\u30de\u30a4\u30ca\u30fc\u306e\u69cb\u6210\u30d5\u30a1\u30a4\u30ebconfig.json\u3092\u898b\u308b\u3068\u3001\u30de\u30a4\u30ca\u30fc\u306f\u4fb5\u5bb3\u30b7\u30b9\u30c6\u30e0\u3067\u6700\u59274\u30b9\u30ec\u30c3\u30c9\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\uff08\u56f312\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117108\" aria-describedby=\"caption-attachment-117108\" style=\"width: 213px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117109 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-64.png\" alt=\"WatchDog\u30de\u30a4\u30ca\u30fc\u306e\u69cb\u6210\u30d5\u30a1\u30a4\u30ebconfig.json\u3092\u898b\u308b\u3068\u3001\u30de\u30a4\u30ca\u30fc\u306f\u4fb5\u5bb3\u30b7\u30b9\u30c6\u30e0\u3067\u6700\u59274\u30b9\u30ec\u30c3\u30c9\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u308f\u304b\u308a\u307e\u3059\u3002\" width=\"213\" height=\"617\" \/><figcaption id=\"caption-attachment-117108\" class=\"wp-caption-text\">\u56f312 WatchDog\u30de\u30a4\u30ca\u30fc\u306eCPU\u69cb\u6210<\/figcaption><\/figure>\n<p>\u3053\u308c\u306b\u3088\u308a\u3001\u69cb\u6210\u30ac\u30a4\u30c9\u306b\u5f93\u3063\u3066\u6700\u59274\u672c\u306e\u30b9\u30ec\u30c3\u30c9\u3092\u4f7f\u3044\u3001\u4fb5\u5bb3\u30b7\u30b9\u30c6\u30e0\u306f\u5408\u8a08\u3067\u5e73\u57472,172\u301c2,176 H\/s\u3092\u51e6\u7406\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002WatchDog\u306e\u30de\u30a4\u30ca\u30fc\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u5168\u4f53\u306e\u51e6\u7406\u306e\u5e73\u5747\u5408\u8a08\u306f1,037KH\/s\uff081000\u30cf\u30c3\u30b7\u30e5\/\u79d2\uff09\u3067\u3001\u3053\u3053\u304b\u3089\u8003\u3048\u308b\u3068\u540c\u6642\u306b\u8a08476\u53f0\u306e\u30b7\u30b9\u30c6\u30e0\u304c\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u53c2\u52a0\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u30b7\u30b9\u30c6\u30e0\u306e\u6570\u306f\u3001\u4fb5\u5bb3\u3092\u53d7\u3051\u3066\u4f7f\u7528\u3055\u308c\u305fVM\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u7a2e\u985e\u306b\u3088\u3063\u3066\u7570\u306a\u308a\u307e\u3059\u3002\u4fb5\u5bb3\u3055\u308c\u305f\u3059\u3079\u3066\u306e\u30b7\u30b9\u30c6\u30e0\u304cXMRig\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u540c\u3058\u898f\u6a21\u3067\u51e6\u7406\u3067\u304d\u308b\u308f\u3051\u3067\u306f\u306a\u3044\u70b9\u306b\u306f\u7559\u610f\u3059\u3079\u304d\u3067\u3057\u3087\u3046\u3002\u3053\u3053\u3067\u63a8\u5b9a\u3057\u305f\u6570\u306e2\u500d\u306e\u7d04900\u30b7\u30b9\u30c6\u30e0\u304c\u3001\u4e00\u5ea6\u306b\u7a3c\u50cd\u3057\u3066\u3044\u308b\u53ef\u80fd\u6027\u3082\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u30b5\u30a4\u30ba\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u3001\u6bd4\u8f03\u7684\u5c0f\u3055\u3081\u3067\u5805\u7262\u6027\u306e\u4f4e\u3044\u30af\u30e9\u30a6\u30c9VM\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u304c\u4fb5\u5bb3\u3055\u308c\u3001XMR\u30cf\u30c3\u30b7\u30e5\u51e6\u7406\u306b\u4f7f\u7528\u3055\u308c\u305f\u5834\u5408\u306b\u9054\u6210\u3067\u304d\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<h2><a id=\"post-117083-_to85wachjnrq\"><\/a><strong>WatchDog\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3<\/strong><\/h2>\n<p>WatchDog\u30de\u30a4\u30ca\u30fc\u306f\u3001\u5c11\u306a\u304f\u3068\u30822019\u5e741\u670827\u65e5\u304b\u3089\u30a2\u30af\u30c6\u30a3\u30d6\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u3053\u3068\u306f\u30d1\u30d6\u30ea\u30c3\u30af\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u306e\u30c7\u30fc\u30bf\u304b\u3089\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u4ee5\u964d\u3001WatchDog\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306b\u5411\u3051\u3089\u308c\u305f\u30de\u30eb\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u3001\u3068\u304f\u306b\u30b7\u30b9\u30c6\u30e0\u3092\u958b\u59cb\u3059\u308b\u521d\u671f\u5316bash\u30b9\u30af\u30ea\u30d7\u30c8\u3084\u3001\u65b0\u305f\u306b\u4fb5\u5bb3\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u69cb\u6210\u30d7\u30ed\u30bb\u30b9\u304c\u591a\u6570\u7279\u5b9a\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u521d\u671f\u5316bash\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5206\u6790\u3092\u901a\u3058\u3001WatchDog\u306e\u30a2\u30af\u30bf\u30fc\u304c\u4fb5\u5bb3\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u3069\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u305f\u304b\u3092\u8ffd\u8de1\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u30b9\u30af\u30ea\u30d7\u30c8\u4f5c\u6210\u8005\u306f\u3001\u610f\u56f3\u305b\u305a\u30de\u30a4\u30cb\u30f3\u30b0\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3084\u69cb\u6210\u65b9\u6cd5\u306e\u624b\u304c\u304b\u308a\u3092\u6b8b\u3057\u3066\u3044\u307e\u3057\u305f\u3002\u65e2\u77e5\u306e\u3059\u3079\u3066\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3067\u3001\u521d\u671f\u5316bash\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u4fb5\u5165\u5148\u30b7\u30b9\u30c6\u30e0\u306b\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u4e00\u9023\u306e\u6a5f\u80fd\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u6a5f\u80fd\u306e\u4e00\u90e8\u306f\u307b\u3068\u3093\u3069\u306e\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3068\u5171\u901a\u3057\u3066\u3044\u3066\u3001\u305f\u3068\u3048\u3070\u30af\u30e9\u30a6\u30c9\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c4\u30fc\u30eb\u306e\u524a\u9664\u3001\u4ee5\u524d\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u65e2\u77e5\u306e\u60aa\u610f\u306e\u3042\u308b\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u524a\u9664\u3001\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3068\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u306a\u3069\u3092\u884c\u3044\u307e\u3059\u3002\u305f\u3060\u3057WatchDog\u306ebash\u30b9\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30ca\u30fc\u306f\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306b\u4f7f\u7528\u3059\u308b\u30d7\u30e9\u30a4\u30de\u30ea\/\u30bb\u30ab\u30f3\u30c0\u30eaURL\u30a2\u30c9\u30ec\u30b9\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3082\u3057\u3066\u3044\u307e\u3059\uff08\u56f313\u3092\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117110\" aria-describedby=\"caption-attachment-117110\" style=\"width: 538px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117111 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-65.png\" alt=\"WatchDog\u306ebash\u30b9\u30af\u30ea\u30d7\u30c8\u30de\u30a4\u30ca\u30fc\u306f\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306b\u4f7f\u7528\u3059\u308b\u30d7\u30e9\u30a4\u30de\u30ea\/\u30bb\u30ab\u30f3\u30c0\u30eaURL\u30a2\u30c9\u30ec\u30b9\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3092\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"538\" height=\"216\" \/><figcaption id=\"caption-attachment-117110\" class=\"wp-caption-text\">\u56f313 \u30b3\u30de\u30f3\u30c9&amp;\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u306e\u78ba\u7acb\uff08C2\uff09<\/figcaption><\/figure>\n<p>\u3053\u308c\u3089\u306e\u30d7\u30e9\u30a4\u30de\u30ea\/\u30bb\u30ab\u30f3\u30c0\u30eaURL\u30a2\u30c9\u30ec\u30b9\u3092\u4f7f\u3044\u3001WatchDog\u30de\u30a4\u30ca\u30fc\u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u304c\u5229\u7528\u3057\u3066\u3044\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u304a\u304a\u3088\u305d\u3067\u30de\u30c3\u30d4\u30f3\u30b0\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u6b21\u306eMaltego\u30c1\u30e3\u30fc\u30c8\u306f\u3001WatchDog\u304c\u5229\u7528\u3057\u3066\u3044\u308b\u65e2\u77e5\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u5168\u4f53\u7684\u30b5\u30a4\u30ba\u3092\u793a\u3057\u3066\u3044\u307e\u3059\uff08\u56f314\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117112\" aria-describedby=\"caption-attachment-117112\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117113 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-66.png\" alt=\"\u3053\u306eMaltego\u30c1\u30e3\u30fc\u30c8\u306f\u3001WatchDog\u304c\u5229\u7528\u3057\u3066\u3044\u308b\u65e2\u77e5\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u5168\u4f53\u7684\u30b5\u30a4\u30ba\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"900\" height=\"807\" \/><figcaption id=\"caption-attachment-117112\" class=\"wp-caption-text\">\u56f314 WatchDog\u30de\u30a4\u30ca\u30fc\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306eMaltego\u30c1\u30e3\u30fc\u30c8<\/figcaption><\/figure>\n<p>\u73fe\u5728\u307e\u3067\u3067\u300118\u500b\u306e\u65e2\u77e5IP\u30a2\u30c9\u30ec\u30b9\u30017\u3064\u306e\u65e2\u77e5\u30c9\u30e1\u30a4\u30f3\u304c\u5c11\u306a\u304f\u3068\u3082125\u4ef6\u306eURL\u3092\u30db\u30b9\u30c8\u3057\u3066\u304a\u308a\u3001\u3053\u308c\u3089\u304cWatchDog\u30de\u30a4\u30ca\u30fc\u30de\u30eb\u30a6\u30a7\u30a2\u3068\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u3092\u63d0\u4f9b\u3057\u3066\u304d\u305f\u304b\u3001\u73fe\u5728\u3082\u63d0\u4f9b\u3092\u7d9a\u3051\u3066\u3044\u307e\u3059\u3002\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u5927\u534a\u306f *NIX \u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u306b\u7684\u3092\u7d5e\u3063\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u304c\u3001\u65e2\u77e5\u306e\u8907\u6570\u306e\u30db\u30b9\u30c8\u30b7\u30b9\u30c6\u30e0\u306b\u30db\u30b9\u30c8\u3055\u308c\u3066\u3044\u308bWindows OS\u7528\u30d0\u30a4\u30ca\u30ea\u3082\u898b\u3064\u304b\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">39.100.33[.]209<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">45.153.240[.]58<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">45.9.148[.]37<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">93.115.23[.]117<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">95.182.122[.]199<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">106.15.74[.]113<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">107.173.159[.]206<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">146.71.79[.]230<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.181.10[.]234<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.232.65[.]124<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.232.65[.]191<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.232.65[.]192<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.247.117[.]64<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">198.98.57[.]187<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">199.19.226[.]117<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">204.44.105[.]168<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">205.209.152[.]78<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">208.109.11[.]21<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"font-size: 12pt;\"><sup><span style=\"color: #999999;\"><em>\u88682 WatchDog\u30de\u30a4\u30ca\u30fc\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f18\u500b\u306e\u65e2\u77e5IP\u30a2\u30c9\u30ec\u30b9<\/em><\/span><\/sup><\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">de.gengine[.]com.de<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">de.gsearch[.]com.de<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">global.bitmex[.]com.de<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">ipzse[.]com<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">py2web[.]store<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">sjjjv[.]xyz<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">us.gsearch[.]com.de<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: center;\"><span style=\"font-size: 12pt;\"><sup><span style=\"color: #999999;\"><em>\u88683 WatchDog\u30de\u30a4\u30ca\u30fc\u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u305f7\u3064\u306e\u65e2\u77e5\u306e\u30c9\u30e1\u30a4\u30f3<\/em><\/span><\/sup><\/span><\/p>\n<p>WatchDog\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u95a2\u9023\u306e\u65e2\u77e5URL\u30a2\u30c9\u30ec\u30b9\u306e\u5168\u30ea\u30b9\u30c8\u306f\u672c\u7a3f\u672b\u5c3e\u306e\u300cIOC\u300d\u30bb\u30af\u30b7\u30e7\u30f3\u304b\u3089\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>\u79c1\u305f\u3061\u306f\u672c\u7a3f\u306e\u8abf\u67fb\u6642\u70b9\u3067\u3053\u308c\u3089\u30db\u30b9\u30c8\u30b7\u30b9\u30c6\u30e0\u306e\u4e00\u90e8\u304c\u307e\u3060\u6a5f\u80fd\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u3046\u3057\u305f\u7a3c\u50cd\u4e2d\u306e\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u3001\u3055\u3089\u306a\u308b\u5206\u6790\u306e\u305f\u3081\u306b\u60aa\u610f\u306e\u3042\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u8907\u6570\u53d6\u5f97\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u30d5\u30a1\u30a4\u30eb\u3068\u305d\u306eSHA-256\u30cf\u30c3\u30b7\u30e5\u5024\u306e\u5168\u5185\u8a33\u306f\u5dfb\u672b\u306eIOC\u30bb\u30af\u30b7\u30e7\u30f3\u306b\u8a18\u8f09\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-117083-_b8ab0ulinlw2\"><\/a>WatchDog\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u5185\u8a33<\/h2>\n<p>\u3053\u3053\u3067\u306f\u76f8\u95a2\u3059\u308b5\u3064\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u30b5\u30f3\u30d7\u30eb\u3092\u9078\u3073\u3001\u305d\u306e\u6a5f\u80fd\u3092\u8aac\u660e\u3057\u307e\u3059\u3002\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306fbash\u30b9\u30af\u30ea\u30d7\u30c8<span style=\"font-family: 'courier new', courier, monospace;\">newdat.sh<\/span>\u304b\u3089\u59cb\u307e\u308b\u3088\u3046\u3067\u3059\u3002\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u30013\u3064\u306e\u72ec\u7acb\u3057\u305fGo\u30d0\u30a4\u30ca\u30ea\u30d5\u30a1\u30a4\u30eb\u30681\u3064\u306eJSON\u69cb\u6210\u30d5\u30a1\u30a4\u30eb<span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span>\u7528\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u53ef\u80fd\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u5b9a\u7fa9\u3057\u3066\u3044\u307e\u3059\u3002\u672c\u7a3f\u3067\u8a73\u8aac\u3059\u308bGo\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u30ad\u30e3\u30ca\u3067\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u30d0\u30a4\u30ca\u30ea\u306e<span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span>\u3001\u30d7\u30ed\u30bb\u30b9\u76e3\u8996\u30d0\u30a4\u30ca\u30ea\u306e<span style=\"font-family: 'courier new', courier, monospace;\">phpguard<\/span>\u3001\u60aa\u610f\u306e\u3042\u308bXMRig\u6697\u53f7\u5316\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e1\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3042\u308b<span style=\"font-family: 'courier new', courier, monospace;\">phpupdate<\/span>\u3067\u3059\u3002<\/p>\n<h4><a id=\"post-117083-_cbvnedtoslxa\"><\/a><strong>newdat.sh<\/strong><\/h4>\n<p>\u79c1\u305f\u3061\u306f4\u3064\u306e\u7570\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u3082\u3064bash\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u7279\u5b9a\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306f\u540c\u4e00\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u4f7f\u3044\u3001\u540c\u3058\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u30ad\u30e3\u30f3\u3001\u30b7\u30b9\u30c6\u30e0\u69cb\u6210\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u540d\u306f\u305d\u308c\u305e\u308c<span style=\"font-family: 'courier new', courier, monospace;\">init.sh<span style=\"font-family: georgia, palatino, serif;\">\u3001<\/span> newinit.sh<span style=\"font-family: georgia, palatino, serif;\">\u3001<\/span> newdat.sh<\/span>\u3001<span style=\"font-family: 'courier new', courier, monospace;\">update.sh<\/span>\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u521d\u671f\u5316\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u306f\u6b21\u306e8\u3064\u306e\u30e6\u30cb\u30fc\u30af\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u74b0\u5883\u8a2d\u5b9a\n<ul>\n<li>\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u8aad\u307f\u53d6\u308a\/\u66f8\u304d\u8fbc\u307f\u6a29\u9650\u306e\u69cb\u6210\u3092\u884c\u3044\u3001\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u4e8b\u524d\u306b\u69cb\u6210\u3057\u305f\u5834\u6240\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\u30af\u30e9\u30a6\u30c9\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c4\u30fc\u30eb\u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\n<ul>\n<li>\u3053\u308c\u306b\u306f<a href=\"https:\/\/www.alibabacloud.com\/help\/doc-detail\/42302.htm?spm=a2c63.l28256.a3.7.28a97cceyxtiqE\">Alibaba Cloud Security Center<\/a>\u3068<a href=\"https:\/\/intl.cloud.tencent.com\/product\/soc\">Tencent Cloud Security Operations Center<\/a>\u304c\u8a72\u5f53\u3057\u307e\u3059\u3002<\/li>\n<li>\u3053\u3046\u3057\u305f\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f<a href=\"https:\/\/unit42.paloaltonetworks.jp\/rockein-the-netflow\/\">Rocke<\/a>\u3084<a href=\"https:\/\/sensorstechforum.com\/teamtnt-cryptomining-operation-steals-aws-credentials\/\">TeamTnT<\/a>\u306a\u3069\u306e\u30b0\u30eb\u30fc\u30d7\u3092\u542b\u3081\u3001\u8907\u6570\u306e\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3067\u3088\u304f\u898b\u3089\u308c\u308b\u3082\u306e\u3067\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\n<ul>\n<li>3\u3064\u306eGo\u30d0\u30a4\u30ca\u30ea\u3068\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>kill_miner_proc\n<ul>\n<li>\u65e2\u77e5\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u3092\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>kill_sus_proc\n<ul>\n<li>\u3059\u3067\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308bWatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u3092\u5f37\u5236\u7d42\u4e86\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\n<ul>\n<li>\u30b9\u30ad\u30e3\u30f3\u306b\u4f7f\u7528\u3059\u308bIP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>unlock_cron\n<ul>\n<li>\/etc\/crontab\u30d5\u30a1\u30a4\u30eb\u3092\u30a2\u30f3\u30ed\u30c3\u30af\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>lock_cron\n<ul>\n<li>\/etc\/crontab\u30d5\u30a1\u30a4\u30eb\u3092\u30ed\u30c3\u30af\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u304c\u7279\u5b9a\u3057\u305f\u306a\u304b\u3067\u3082\u3082\u3063\u3068\u3082\u6709\u7528\u306a\u30b9\u30af\u30ea\u30d7\u30c8\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u306f\u304a\u305d\u3089\u304fWatchDog\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u5834\u6240\u306b\u95a2\u3059\u308b\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u3057\u3087\u3046\u3002\u524d\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u8aac\u660e\u3057\u305f\u3068\u304a\u308a\u3001\u3053\u308c\u3089\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u60aa\u610f\u306e\u3042\u308b\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u304c\u73fe\u5728\u3069\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3067\u30db\u30b9\u30c8\u3055\u308c\u3066\u3044\u308b\u304b\u306b\u3064\u3044\u3066\u306e\u8a73\u7d30\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_117114\" aria-describedby=\"caption-attachment-117114\" style=\"width: 538px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117115 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-67.png\" alt=\"\u3053\u306e\u56f3\u306fnewdat.sh\u30b9\u30af\u30ea\u30d7\u30c8\u5185\u306e\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30ea\u30f3\u30af\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u304cURL\u30a2\u30c9\u30ec\u30b9\u3092\u6307\u5b9a\u3057\u305f\u308a\u3001\u30de\u30a4\u30ca\u30fc\u306e\u30d0\u30a4\u30ca\u30ea\u3084\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u3001\u30b9\u30ad\u30e3\u30f3\u7528\u30d0\u30a4\u30ca\u30ea\u3001WatchDog\u30d7\u30ed\u30bb\u30b9\u3001\u3055\u3089\u306b\u306f\u5225\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u521d\u671f\u30b9\u30af\u30ea\u30d7\u30c8\u307e\u3067\u3082\u8b58\u5225\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"538\" height=\"216\" \/><figcaption id=\"caption-attachment-117114\" class=\"wp-caption-text\">\u56f315 \u30b3\u30de\u30f3\u30c9&amp;\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u306e\u78ba\u7acb\uff08C2\uff09<\/figcaption><\/figure>\n<p>\u56f315\u304c\u793a\u3059\u3088\u3046\u306b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">newdat.sh<\/span> \u30b9\u30af\u30ea\u30d7\u30c8\u5185\u306b\u306f\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30ea\u30f3\u30af\u304c\u3042\u308a\u3001\u3053\u308c\u3089\u304cURL\u30a2\u30c9\u30ec\u30b9\u3092\u6307\u5b9a\u3057\u305f\u308a\u3001\u30de\u30a4\u30ca\u30fc\u306e\u30d0\u30a4\u30ca\u30ea\u3084\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u3001\u30b9\u30ad\u30e3\u30f3\u7528\u30d0\u30a4\u30ca\u30ea\u3001WatchDog\u30d7\u30ed\u30bb\u30b9\u3001\u3055\u3089\u306b\u306f\u5225\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u521d\u671f\u30b9\u30af\u30ea\u30d7\u30c8\u307e\u3067\u3082\u8b58\u5225\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u30a2\u30af\u30bf\u30fc\u306f\u30a2\u30af\u30c6\u30a3\u30d6\u306a\u30de\u30a4\u30ca\u30fc\u3092\u307b\u307c\u30ea\u30a2\u30eb\u30bf\u30a4\u30e0\u3067\u66f4\u65b0\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u5404\u30d0\u30a4\u30ca\u30ea\u306b\u3064\u3044\u3066\u306f\u3001\u6b21\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u8abf\u67fb\u3057\u307e\u3059\u3002\u6700\u521d\u306b\u89e3\u8aac\u3059\u308b\u306e\u306fGo\u8a00\u8a9e\u30b9\u30ad\u30e3\u30f3\u30d0\u30a4\u30ca\u30ea<span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span>\u3067\u3059\u3002<\/p>\n<h4><a id=\"post-117083-_3aoc1y4xk4pu\"><\/a><strong>networkmanager<\/strong><\/h4>\n<p>\u3053\u306e<span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span>\u306fUPX\u5727\u7e2e\u3055\u308c\u305fGo\u8a00\u8a9e\u30d0\u30a4\u30ca\u30ea\u3067\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u30ad\u30e3\u30f3\u5411\u3051\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u8106\u5f31\u6027\u306e\u3042\u308b\u6a19\u7684\u304c\u7279\u5b9a\u3055\u308c\u308b\u3068\u3001\u5f37\u56fa\u306a\u7d44\u307f\u8fbc\u307f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u30bb\u30c3\u30c8\u3092\u4f7f\u3044\u3001\u7279\u5b9a\u6e08\u307f\u306e\u30b7\u30b9\u30c6\u30e0\u3092\u4fb5\u5bb3\u3057\u3088\u3046\u3068\u3057\u307e\u3059\u3002\u79c1\u305f\u3061\u306f\u3001\u3053\u306e\u30a2\u30af\u30bf\u30fc\u304c\u3001\u540c\u4e00\u306e\u30b9\u30ad\u30e3\u30f3\/\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u6a5f\u80fd\u3092\u5b9f\u884c\u3059\u308b\u3055\u3044\u306b\u30012\u3064\u306e\u7570\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u4f7f\u3046\u3053\u3068\u3092\u7279\u5b9a\u3057\u307e\u3057\u305f\u3002\u305d\u308c\u304c<span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span>\u3068<span style=\"font-family: 'courier new', courier, monospace;\">networkservice<\/span>\u3067\u3059\u3002<\/p>\n<p>\u30b9\u30ad\u30e3\u30f3\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u5148\u306b\u8aac\u660e\u3057\u305fbash\u30b9\u30af\u30ea\u30d7\u30c8<span style=\"font-family: 'courier new', courier, monospace;\">newdat.sh<\/span>\u304c\u958b\u59cb\u3057\u307e\u3059\u304c\u3001\u5b9f\u969b\u306e\u30b9\u30ad\u30e3\u30f3\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3084\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u5b9f\u884c\u3092\u62c5\u3046\u306e\u306f\u30b9\u30ad\u30e3\u30ca\u30d0\u30a4\u30ca\u30ea\u3067\u3059\u3002WatchDog\u306e\u30b9\u30ad\u30e3\u30f3\u7528\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u500b\u5225\u306e\u4e2d\u56fd\u306eIP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f260,634\u500b\u3067\u69cb\u6210\u3055\u308c\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u4f7f\u7528\u3057\u307e\u3059\u304c\u3001\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span>\u30d0\u30a4\u30ca\u30ea\u306b\u3088\u308b\u30b7\u30b9\u30c6\u30e0\u691c\u51fa\u306e\u6bb5\u968e\u3067\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u307e\u3059\u3002Go\u30d0\u30a4\u30ca\u30ea\u306e\u30e1\u30a4\u30f3\u306e\u521d\u671f\u5316\u95a2\u6570<span style=\"font-family: 'courier new', courier, monospace;\">sym.go.main.ipc.download_ipdb<\/span>\u5185\u3067\u3001<span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span>\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u4ee5\u4e0b\u306e2\u3064\u306eIP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u30d5\u30a1\u30a4\u30eb\u306e\u3044\u305a\u308c\u304b1\u3064\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/p>\n<p style=\"padding-left: 80px;\"><span style=\"font-family: 'courier new', courier, monospace;\">http:\/\/83.97.20[.]90\/cccf67356\/ip_cn.txt<\/span><\/p>\n<p style=\"padding-left: 80px;\"><span style=\"font-family: 'courier new', courier, monospace;\">http:\/\/83.97.20[.]90\/cccf67356\/ips_cn.txt<\/span><\/p>\n<p>IP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u306f\u30d0\u30a4\u30ca\u30ea\u5f62\u5f0f\u3067\u4fdd\u5b58\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001ASCII\u306b\u5909\u63db\u3057\u3066\u5bfe\u8c61IP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\uff08\u56f316\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117116\" aria-describedby=\"caption-attachment-117116\" style=\"width: 360px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117117 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-68.png\" alt=\"IP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u306f\u30d0\u30a4\u30ca\u30ea\u5f62\u5f0f\u3067\u4fdd\u5b58\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001ASCII\u306b\u5909\u63db\u3057\u3066\u5bfe\u8c61IP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002 \" width=\"360\" height=\"151\" \/><figcaption id=\"caption-attachment-117116\" class=\"wp-caption-text\">\u56f316 \u4e2d\u56fd\u306eIP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u306e\u4f8b\uff08ip_cn.txt\uff09<\/figcaption><\/figure>\n<p>\u79c1\u305f\u3061\u304c\u3053\u308c\u3089\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u3068\u3053\u308d\u3001\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u6642\u70b9\u3067\u306f\u4e21\u30d5\u30a1\u30a4\u30eb\u306eSHA-256\u30cf\u30c3\u30b7\u30e5\u5024\u306f\u540c\u3058\u3060\u3063\u305f\u306e\u3067\u3001\u30d5\u30a1\u30a4\u30eb\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u306f\u540c\u3058\u3082\u306e\u304c\u542b\u307e\u308c\u3066\u3044\u305f\u3088\u3046\u306b\u898b\u3048\u307e\u3059\uff08<span style=\"font-family: 'courier new', courier, monospace;\">ad3efb9bfd49c379a002532f43cc4867a4f0b1cd52b6f438bb7a8feb8833b8f8<\/span>\uff09\u3002pnscan\u3001masscan\u30d7\u30ed\u30bb\u30b9\u304c\u3053\u308c\u3089\u306e2\u3064\u306e\u540c\u4e00\u30d5\u30a1\u30a4\u30eb\u3092\u4f7f\u3044\u3001\u6f5c\u5728\u7684\u88ab\u5bb3\u8005\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7bc4\u56f2\u3092\u30b9\u30ad\u30e3\u30f3\u3057\u307e\u3059\u3002<\/p>\n<p>\u672c\u7a3f\u3067\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u6642\u70b9\u3067\u306f\u3001\u3053\u308c\u30892\u3064\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u306f\u4e2d\u56fd\u306b\u95a2\u9023\u3059\u308bIP\u30a2\u30c9\u30ec\u30b9\u306e\u307f\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002WatchDog\u306e\u80cc\u5f8c\u306b\u3044\u308b\u30a2\u30af\u30bf\u30fc\u306f\u3001\u30d0\u30a4\u30ca\u30ea\u3092\u66f4\u65b0\u3057\u3001\u6a19\u7684\u306b\u3057\u305f\u3044IP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u3044\u304f\u3064\u3067\u3082\u542b\u3081\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u307e\u305f\u3001\u5b9f\u969b\u306b\u305d\u3046\u306a\u3063\u3066\u3044\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u79c1\u305f\u3061\u306f\u4e2d\u56fd\u306eIP\u30a2\u30c9\u30ec\u30b9\u7a7a\u9593\u5916\u3001\u5177\u4f53\u7684\u306b\u306f\u7c73\u56fd\u304a\u3088\u3073\u30e8\u30fc\u30ed\u30c3\u30d1\u306b\u304a\u3044\u3066\u3001WatchDog\u30de\u30a4\u30ca\u30fc\u306b\u4fb5\u5bb3\u3055\u308c\u305f\u30db\u30b9\u30c8\u3092\u7279\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3064\u3065\u3044\u3066 <span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span>\u306eGo\u30d0\u30a4\u30ca\u30ea\u306b\u30ed\u30fc\u30c9\u3055\u308c\u308b\u306e\u304c33\u500b\u306e\u500b\u5225\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u95a2\u6570\u300132\u306e\u500b\u5225RCE\u95a2\u6570\u3001\u8907\u6570\u306e\u30b7\u30a7\u30eb\u30b0\u30e9\u30d0\u30fc\u95a2\u6570\u3067\u3059\uff08\u56f317\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117118\" aria-describedby=\"caption-attachment-117118\" style=\"width: 525px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117119 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-69.png\" alt=\"networkmanager\u306eGo\u30d0\u30a4\u30ca\u30ea\u306b\u30ed\u30fc\u30c9\u3055\u308c\u308b\u306e\u304c33\u500b\u306e\u500b\u5225\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u95a2\u6570\u300132\u306e\u500b\u5225RCE\u95a2\u6570\u3001\u8907\u6570\u306e\u30b7\u30a7\u30eb\u30b0\u30e9\u30d0\u30fc\u95a2\u6570\u3067\u3059\u3002 \" width=\"525\" height=\"853\" \/><figcaption id=\"caption-attachment-117118\" class=\"wp-caption-text\">\u56f317 networkmanager\u30d0\u30a4\u30ca\u30ea\u306b\u30ed\u30fc\u30c9\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8<\/figcaption><\/figure>\n<p>\u5177\u4f53\u7684\u306b\u306f\u6b21\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30b9\u30ad\u30e3\u30f3\u30d0\u30a4\u30ca\u30ea\u5185\u3067\u6a19\u7684\u3068\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>CCTV\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\n<ul>\n<li>\u5bfe\u8c61\u304cCCTV\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306a\u306e\u304b\u3042\u308b\u3044\u306f\u300ccctv\u300d\u304c\u8868\u3059\u5225\u306e\u547c\u79f0\u304c\u5b58\u5728\u3059\u308b\u306e\u304b\u306f\u3044\u307e\u306e\u3068\u3053\u308d\u4e0d\u660e<\/li>\n<\/ul>\n<\/li>\n<li>Drupal\n<ul>\n<li>\u30d0\u30fc\u30b8\u30e7\u30f37\u304a\u3088\u30738<\/li>\n<\/ul>\n<\/li>\n<li>Elasticsearch\n<ul>\n<li>CVE-2015-1427\uff08Elasticsearch\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u56de\u907f \u2013 1.3.8\u3088\u308a\u524d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30681.4.3\u3088\u308a\u524d\u306e1.4.x\uff09<\/li>\n<li>CVE-2014-3120\uff081.2\u3088\u308a\u524d\u306eElasticsearch\uff09<\/li>\n<\/ul>\n<\/li>\n<li>Apache Hadoop<\/li>\n<li>PowerShell\n<ul>\n<li>\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u305f\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3<\/li>\n<\/ul>\n<\/li>\n<li>Redis<\/li>\n<li>Spring Data Commons\n<ul>\n<li>CVE-2018-1273\u306e\u8106\u5f31\u6027\u306e\u3042\u308b1.13-1.13.10\u30012.0-2.0.5\u3088\u308a\u524d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3<\/li>\n<\/ul>\n<\/li>\n<li>SQL Server<\/li>\n<li>ThinkPHP\n<ul>\n<li>\u30d0\u30fc\u30b8\u30e7\u30f35.x\u30015.10\u30015.0.23<\/li>\n<\/ul>\n<\/li>\n<li>Oracle WebLogic Server\n<ul>\n<li>CVE-2017-10271 \u2013 \u30d0\u30fc\u30b8\u30e7\u30f310.3.6.0.0\u300112.1.3.0.0\u300112.2.1.1.0\u300112.2.1.2.0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u300ctmp_0324_scan\u300d\u3078\u306e\u53c2\u7167\u306f2019\u5e745\u670819\u65e5\u306b\u4e2d\u56fd\u8a9e\u306e\u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7<a href=\"https:\/\/forum.90sec.com\/t\/topic\/155\">forum.90sec.com\u306e\u30d6\u30ed\u30b0\u6295\u7a3f<\/a>\u3067\u3059\u3067\u306b\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u540c\u30b0\u30eb\u30fc\u30d7\u306e\u30d6\u30ed\u30b0\u3067\u306f\u3001Apache Hadoop\u3001Redis\u3001ThinkPHP\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u5bfe\u8c61\u3068\u3057\u305f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u30a4\u30d9\u30f3\u30c8\u306e\u8a73\u7d30\u3092\u53d6\u308a\u4e0a\u3052\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u6ce8\u76ee\u3059\u3079\u304d\u306f\u30d6\u30ed\u30b0\u5185\u3067\u5f37\u8abf\u8868\u793a\u3055\u308c\u3066\u3044\u305fbash\u30b9\u30af\u30ea\u30d7\u30c8\u304cWatchDog\u30de\u30a4\u30ca\u30fc\u304c\u4f7f\u7528\u3059\u308b\u30b7\u30a7\u30eb\u30b9\u30af\u30ea\u30d7\u30c8\uff08\u56f318\u3092\u53c2\u7167\uff09<span style=\"font-family: 'courier new', courier, monospace;\">newinit.sh<\/span> \u3068\u540c\u3058\u5f62\u5f0f\u3092\u8e0f\u8972\u3057\u3066\u3044\u308b\u3068\u3044\u3046\u70b9\u3067\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u540d\u3068IP\u30a2\u30c9\u30ec\u30b9\u304c\u7570\u306a\u308b\u3053\u3068\u3092\u9664\u3051\u30702\u3064\u306e\u5f62\u5f0f\u306f\u4e8b\u5b9f\u4e0a\u540c\u3058\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_117120\" aria-describedby=\"caption-attachment-117120\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117121 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-70.png\" alt=\"\u540c\u30b0\u30eb\u30fc\u30d7\u306e\u30d6\u30ed\u30b0\u3068newInit.sh\u3068\u306e\u9593\u306e\u985e\u4f3c\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u5f62\u5f0f\u3092\u30012\u3064\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u9593\u306e\u4f3c\u305f\u30bb\u30af\u30b7\u30e7\u30f3\u3092\u3064\u306a\u3044\u3060\u8d64\u3044\u77e2\u5370\u3067\u793a\u3057\u307e\u3059\u3002 \" width=\"900\" height=\"446\" \/><figcaption id=\"caption-attachment-117120\" class=\"wp-caption-text\">\u56f318 \u540c\u30b0\u30eb\u30fc\u30d7\u306e\u30d6\u30ed\u30b0\u3068newInit.sh\u306e\u985e\u4f3c\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u5f62\u5f0f<\/figcaption><\/figure>\n<p>\u3055\u3089\u306b\u3001\u540c\u6295\u7a3f\u5185\u306e\u300ctmp\/0324\/scan\u300d\u3078\u306e\u53c2\u7167\u306f\u3001networkmanager\u30d0\u30a4\u30ca\u30ea\u95a2\u6570\u5185\u3067\u898b\u3089\u308c\u308b\u3082\u306e\u3068\u540c\u3058\u5f62\u5f0f\u3067\u30ea\u30b9\u30c8\u5316\u3055\u308c\u3066\u3044\u307e\u3059\uff08\u56f317\u304a\u3088\u307319\u3092\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117122\" aria-describedby=\"caption-attachment-117122\" style=\"width: 681px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117123 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-71.png\" alt=\"\u3053\u306e\u753b\u50cf\u306f\u3001\u540c\u30b0\u30eb\u30fc\u30d7\u306e\u30d5\u30a9\u30fc\u30e9\u30e0\u3067\u898b\u3064\u304b\u3063\u305fnetworkservices\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u8a73\u7d30\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \" width=\"681\" height=\"488\" \/><figcaption id=\"caption-attachment-117122\" class=\"wp-caption-text\">\u56f319 \u540c\u30b0\u30eb\u30fc\u30d7\u306e\u30d5\u30a9\u30fc\u30e9\u30e0\u3067\u898b\u3064\u304b\u3063\u305fnetworkservices\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u753b\u50cf<\/figcaption><\/figure>\n<p>2019\u5e745\u670819\u65e5\u306b90sec\u304c\u89b3\u6e2c\u3057\u305f\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306f\u3001\u4eca\u56de\u79c1\u305f\u3061\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u304cWatchDog\u30de\u30a4\u30ca\u30fc\u306e\u5f62\u3067\u78ba\u8a8d\u3057\u305f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30de\u30eb\u30a6\u30a7\u30a2\u30d5\u30a1\u30df\u30ea\u3068\u540c\u3058\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u306f\u660e\u3089\u304b\u3067\u3059\u3002\u540c\u3058\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u3059\u304c\u3042\u308b\u306a\u3069\u3001\u3053\u308c\u3089\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u904e\u53bb\u30fb\u73fe\u5728\u306e\u5f62\u5f0f\u306b\u306f\u3001\u985e\u4f3c\u70b9\u304c\u8907\u6570\u898b\u3089\u308c\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u65b0\u305f\u306a\u624b\u6cd5\u304c\u958b\u767a\u3055\u308c\u3001WatchDog\u306e\u3088\u308a\u65b0\u3057\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u5b9f\u88c5\u3055\u308c\u3066\u3082\u3044\u307e\u3059\u3002\u5177\u4f53\u7684\u306b\u306fphpguard\u30d0\u30a4\u30ca\u30ea\u306b\u3064\u3044\u3066\u305d\u3046\u3057\u305f\u624b\u6cd5\u304c\u898b\u3089\u308c\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u307b\u304b\u3001<a href=\"https:\/\/github.com\/denisenkom\/go-mssqldb\">denisenkom\/go-mssqldb<\/a>\u30e9\u30a4\u30d6\u30e9\u30ea\u304cGo\u30d0\u30a4\u30ca\u30ea\u306b\u8ffd\u52a0\u3055\u308c\u3001Go\u8a00\u8a9e\u7d4c\u7531\u3067SQL DB\u95a2\u6570\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\uff08\u56f320\u3092\u53c2\u7167\uff09\u3002\u3053\u308c\u306b\u306f\u3001\u30ea\u30e2\u30fc\u30c8\u63a5\u7d9a\u3001\u30a8\u30e9\u30fc\u51e6\u7406\u3001\u30d0\u30eb\u30af\u64cd\u4f5c\u3001\u30ed\u30ae\u30f3\u30b0\u3001\u30c7\u30fc\u30bf\u64cd\u4f5c\u306a\u3069\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_117124\" aria-describedby=\"caption-attachment-117124\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117125 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-72.png\" alt=\"\u3053\u306e\u753b\u50cf\u306f\u3001Go\u30d0\u30a4\u30ca\u30ea\u306b\u8ffd\u52a0\u3055\u308c\u305f\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002Go\u8a00\u8a9e\u7d4c\u7531\u3067SQL DB\u95a2\u6570\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3001\u30ea\u30e2\u30fc\u30c8\u63a5\u7d9a\u3001\u30a8\u30e9\u30fc\u51e6\u7406\u3001\u30d0\u30eb\u30af\u64cd\u4f5c\u3001\u30ed\u30ae\u30f3\u30b0\u3001\u30c7\u30fc\u30bf\u64cd\u4f5c\u306a\u3069\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 \" width=\"720\" height=\"633\" \/><figcaption id=\"caption-attachment-117124\" class=\"wp-caption-text\">\u56f320 \u30ed\u30fc\u30c9\u3055\u308c\u305f\u30e9\u30a4\u30d6\u30e9\u30ea \u2013 Denisenkom mssql-db\u3001Go-Civil\u3001Redis<\/figcaption><\/figure>\n<p>\u307e\u305f\u3053\u306eGo\u30d0\u30a4\u30ca\u30ea\u306b\u306f<a href=\"https:\/\/godoc.org\/cloud.google.com\/go\/civil\">Google Cloud library Go Civil<\/a>\u3082\u30ed\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u6b63\u78ba\u306a24\u6642\u9593\u300160\u5206\u300160\u79d2\u306e\u30b0\u30ec\u30b4\u30ea\u30aa\u66a6\u306e\u4f7f\u7528\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u306e\u307b\u304b<a href=\"https:\/\/github.com\/go-redis\/redis\">Github Redis Go\u30e9\u30a4\u30d6\u30e9\u30ea<\/a>\u3082\u30ed\u30fc\u30c9\u3055\u308c\u3066\u304a\u308a\u3001\u3053\u308c\u3067\u30d0\u30a4\u30ca\u30ea\u306b\u3088\u308bRedis\u30b5\u30fc\u30d3\u30b9\u306e\u5236\u5fa1\u3092\u53ef\u80fd\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-117083-_4of4ub31c69w\"><\/a><strong>phpguard<\/strong><\/h4>\n<p>phpguard\u306fUPX\u5727\u7e2e\u3055\u308c\u305fGo\u8a00\u8a9e\u30d0\u30a4\u30ca\u30ea\u3067\u3001\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u4e2d\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u4fdd\u8b77\u3059\u308b\u3088\u3046\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002phpgurad\u306f\u3001\u30b7\u30b9\u30c6\u30e0\u30d7\u30ed\u30bb\u30b9\u3068\u30bf\u30b9\u30af\u30b9\u30b1\u30b8\u30e5\u30fc\u30e9\u3001\u307e\u305f\u306fcron\u30b8\u30e7\u30d6\u3092\u76e3\u8996\u3059\u308b\u6a5f\u80fd\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u78ba\u5b9f\u306b\u5b9f\u884c\u3055\u308c\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u79c1\u305f\u3061\u306f\u540c\u4e00\u306e\u4fdd\u8b77\u6a5f\u80fd\u3092\u5b9f\u884c\u3059\u308b\u30d0\u30a4\u30ca\u30ea2\u3064\u3092<span style=\"font-family: 'courier new', courier, monospace;\">phpguard<\/span>\u3001<span style=\"font-family: 'courier new', courier, monospace;\">sysguard<\/span>\u3068\u3044\u3046\u7570\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u3067\u7279\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306eGo\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u30ab\u30b9\u30bf\u30e0Go\u30e9\u30a4\u30d6\u30e9\u30ea\u300ctmp_0324_dog_platform\u300d\uff08\u56f321\u3092\u53c2\u7167\uff09\u3092\u4f7f\u3044\u3001Windows\u307e\u305f\u306f*NIX\u30b7\u30b9\u30c6\u30e0\u306eXMRig\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u5236\u5fa1\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_117126\" aria-describedby=\"caption-attachment-117126\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117127 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-73.png\" alt=\"\u30ab\u30b9\u30bf\u30e0Go\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u3044\u3001\u3053\u306eGo\u30d0\u30a4\u30ca\u30ea\u306fWindows\u307e\u305f\u306f*NIX\u30b7\u30b9\u30c6\u30e0\u306eXMRig\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u5236\u5fa1\u3067\u304d\u307e\u3059\u3002 \" width=\"900\" height=\"415\" \/><figcaption id=\"caption-attachment-117126\" class=\"wp-caption-text\">\u56f321 Windows\u304a\u3088\u3073*NIX\u306e\u30de\u30a4\u30ca\u30fc\u3092\u5236\u5fa1\u3059\u308bphpguard\u306e\u30ab\u30b9\u30bf\u30e0Go\u95a2\u6570<\/figcaption><\/figure>\n<p>\u3055\u3089\u306b\u3053\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u5bfe\u8c61OS\u5185\u306b\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u57cb\u3081\u8fbc\u307f\u307e\u3059\uff08\u56f322\u3092\u53c2\u7167\uff09\u3002Windows\u30b7\u30b9\u30c6\u30e0\u306e\u5834\u5408\u306f\u3001\u30bf\u30b9\u30af\u3092\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u5316\u3059\u308b\u3053\u3068\u3067\u3053\u308c\u3092\u5b9f\u73fe\u3057\u3001*NIX\u30b7\u30b9\u30c6\u30e0\u306e\u5834\u5408\u306f\u3001cron\u30b8\u30e7\u30d6\u7d4c\u7531\u3067\u57cb\u3081\u8fbc\u307f\u307e\u3059\uff08\u56f323\u3092\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117128\" aria-describedby=\"caption-attachment-117128\" style=\"width: 820px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117129 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-74.png\" alt=\"\u3053\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u5bfe\u8c61OS\u5185\u306b\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u57cb\u3081\u8fbc\u307f\u307e\u3059\u3002Windows\u30b7\u30b9\u30c6\u30e0\u306e\u5834\u5408\u306f\u3001\u30bf\u30b9\u30af\u3092\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u5316\u3059\u308b\u3053\u3068\u3067\u3053\u308c\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002phpguard\u306e\u95a2\u9023\u3059\u308b\u30bb\u30af\u30b7\u30e7\u30f3\u3092\u3053\u3053\u306b\u793a\u3057\u307e\u3059\u3002 \" width=\"820\" height=\"144\" \/><figcaption id=\"caption-attachment-117128\" class=\"wp-caption-text\">\u56f322 phpguard\u304cWindows\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3055\u308c\u305f\u30bf\u30b9\u30af\u3092\u4f5c\u6210\u3057\u3066\u3044\u308b\u3068\u3053\u308d<\/figcaption><\/figure>\n<figure id=\"attachment_117130\" aria-describedby=\"caption-attachment-117130\" style=\"width: 811px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117131 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-75.png\" alt=\"*NIX\u30b7\u30b9\u30c6\u30e0\u306e\u5834\u5408\u306f\u3001cron\u30b8\u30e7\u30d6\u7d4c\u7531\u3067\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u57cb\u3081\u8fbc\u307f\u307e\u3059\u3002phpguard\u306e\u95a2\u9023\u3059\u308b\u30bb\u30af\u30b7\u30e7\u30f3\u3092\u3053\u3053\u306b\u793a\u3057\u307e\u3059\u3002 \" width=\"811\" height=\"145\" \/><figcaption id=\"caption-attachment-117130\" class=\"wp-caption-text\">\u56f323 phpguard\u304c*NIX\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067cron\u30b8\u30e7\u30d6\u3092\u4f5c\u6210\u3057\u3066\u3044\u308b\u3068\u3053\u308d<\/figcaption><\/figure>\n<p>\u3053\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u3001OS\u304c\u5b9f\u884c\u4e2d\u306e\u5404\u30d7\u30ed\u30bb\u30b9\u3092\u7d99\u7d9a\u7684\u306b\u30af\u30ed\u30fc\u30eb\u3059\u308b\u3053\u3068\u3067\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u304c\u5b9f\u884c\u4e2d\u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\uff08\u56f324\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117132\" aria-describedby=\"caption-attachment-117132\" style=\"width: 713px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117133 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-76.png\" alt=\"\u3053\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u307e\u305f\u3001OS\u304c\u5b9f\u884c\u4e2d\u306e\u5404\u30d7\u30ed\u30bb\u30b9\u3092\u7d99\u7d9a\u7684\u306b\u30af\u30ed\u30fc\u30eb\u3059\u308b\u3053\u3068\u3067\u3082\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u304c\u5b9f\u884c\u4e2d\u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002 \" width=\"713\" height=\"519\" \/><figcaption id=\"caption-attachment-117132\" class=\"wp-caption-text\">\u56f324 phpguard\u30d7\u30ed\u30bb\u30b9\u306b\u3088\u308b\u30af\u30ed\u30fc\u30ea\u30f3\u30b0\u30b5\u30a4\u30af\u30eb<\/figcaption><\/figure>\n<p>\u3053\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u3092\u78ba\u5b9f\u306b\u4fdd\u8b77\u3059\u308b\u305f\u3081\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30d0\u30a4\u30ca\u30ea\u306e\u521d\u56de\u5b9f\u884c\u6642\u306b\u306f\u4fdd\u8b77\u306e\u305f\u3081\u306e\u65b0\u3057\u3044\u30d7\u30ed\u30bb\u30b9\u3092\u8a2d\u5b9a\u3057\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u8d77\u52d5\u3057\u3066\u3044\u306a\u3051\u308c\u3070\u8d77\u52d5\u3055\u305b\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u307e\u3060\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u3066\u3044\u306a\u3051\u308c\u3070\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u30d7\u30ed\u30bb\u30b9\u3092\u958b\u59cb\u3057\u307e\u3059\uff08\u56f325\u53c2\u7167\uff09\u3002<\/p>\n<figure id=\"attachment_117134\" aria-describedby=\"caption-attachment-117134\" style=\"width: 568px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117135 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-77.png\" alt=\"\u3053\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u3092\u78ba\u5b9f\u306b\u4fdd\u8b77\u3059\u308b\u305f\u3081\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u95a2\u9023\u3059\u308b\u4fdd\u8b77\u306e\u3044\u304f\u3064\u304b\u3092\u3053\u3053\u306b\u793a\u3057\u307e\u3059\u3002 \" width=\"568\" height=\"225\" \/><figcaption id=\"caption-attachment-117134\" class=\"wp-caption-text\">\u56f325 \u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30ed\u30bb\u30b9\u306e\u4fdd\u8b77\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u3068\u3053\u308d<\/figcaption><\/figure>\n<h4><a id=\"post-117083-_hl459emx1yxc\"><\/a><strong>phpupdate<\/strong><\/h4>\n<p>phpupdate\u30d7\u30ed\u30bb\u30b9\u306f\u3001WatchDog\u30de\u30a4\u30ca\u30fc\u304c\u4f7f\u7528\u3059\u308bXMRig\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u3059\u3002Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306f\u3001\u540c\u3058\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3059\u308b\u30d0\u30a4\u30ca\u30ea\u306b\u3064\u3044\u3066<span style=\"font-family: 'courier new', courier, monospace;\">phpupdate<\/span>\u3001<span style=\"font-family: 'courier new', courier, monospace;\">zzh<\/span>\u3001<span style=\"font-family: 'courier new', courier, monospace;\">trace<\/span>\u3068\u3044\u30463\u3064\u306e\u7570\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u7279\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>WatchDog\u30de\u30a4\u30ca\u30fc\u7248\u306eXMRig\u3084\u305d\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u306f\u3001\u3059\u3067\u306b\u77e5\u3089\u308c\u3066\u3044\u308b\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u304b\u3089\u5916\u308c\u308b\u3088\u3046\u306a\u3082\u306e\u306f\u3068\u304f\u306b\u306a\u3044\u306e\u3067\u3001\u3053\u3053\u3067\u8aac\u660e\u3059\u3079\u304d\u3053\u3068\u306f\u307b\u3068\u3093\u3069\u3042\u308a\u307e\u305b\u3093\u3002\u3053\u306e\u30d0\u30a4\u30ca\u30ea\u306f\u3055\u307e\u3056\u307e\u306b\u69cb\u6210\u53ef\u80fd\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u30e1\u30cb\u30e5\u30fc\u3092\u63d0\u4f9b\u3057\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u30de\u30a4\u30cb\u30f3\u30b0\u4e0a\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u30e6\u30fc\u30b6\u30fc\u304c\u6307\u5b9a\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\uff08\u56f326\u53c2\u7167\uff09\u3002<\/p>\n<ul>\n<li>\u30de\u30a4\u30cb\u30f3\u30b0\u30d7\u30fc\u30eb\u306eURL\u3002<\/li>\n<li>\u30de\u30a4\u30cb\u30f3\u30b0\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\uff08\u307e\u305f\u306f\u76ee\u7684\u306e\u30b3\u30a4\u30f3\uff09\u3002<\/li>\n<li>\u30e6\u30fc\u30b6\u30fc\u540d\u3002<\/li>\n<li>\u30d1\u30b9\u30ef\u30fc\u30c9\u3002<\/li>\n<li>\u30d7\u30ed\u30ad\u30b7\u60c5\u5831\u3002<\/li>\n<li>\u30ad\u30fc\u30d7\u30a2\u30e9\u30a4\u30d6\u30d1\u30b1\u30c3\u30c8\u306e\u9001\u4fe1<\/li>\n<li>\u30d1\u30b1\u30c3\u30c8\u306e\u30b5\u30a4\u30ba\uff08\u4ed6\u591a\u6570\uff09\u3002<\/li>\n<\/ul>\n<figure id=\"attachment_117136\" aria-describedby=\"caption-attachment-117136\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img  class=\"wp-image-117137 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2021\/02\/word-image-78.png\" alt=\"WatchDog\u30de\u30a4\u30ca\u30fc\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306eXMRig\u306f\u3001\u3053\u3053\u306b\u793a\u3059\u3088\u3046\u306a\u5b8c\u5168\u306b\u69cb\u6210\u53ef\u80fd\u306a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u30e1\u30cb\u30e5\u30fc\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002 \" width=\"900\" height=\"685\" \/><figcaption id=\"caption-attachment-117136\" class=\"wp-caption-text\">\u56f326 WatchDog\u30de\u30a4\u30ca\u30fc\u306e\u69cb\u6210\u30aa\u30d7\u30b7\u30e7\u30f3<\/figcaption><\/figure>\n<p>\u76f4\u524d\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u8aac\u660e\u3057\u305f\u3088\u3046\u306b\u3053\u30de\u30a4\u30cb\u30f3\u30b0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306fGo\u30e9\u30a4\u30d6\u30e9\u30ea<span style=\"font-family: 'courier new', courier, monospace;\">phpguard<\/span>\u304b\u3089\u3082\u5236\u5fa1\u53ef\u80fd\u3067\u3059\u304c\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u76f4\u63a5\u5bfe\u8a71\u7684\u306b\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-117083-_6j87pghz9uxo\"><\/a>\u7d50\u8ad6<\/h2>\n<p>WatchDog\u306e\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u65e9\u3051\u308c\u30702019\u5e741\u670827\u65e5\u306b\u306f\u5b9f\u884c\u3055\u308c\u3066\u304a\u308a\u3001\u5c11\u306a\u304f\u3068\u3082209 Monero\uff08XMR\uff09\u3001\u7c73\u30c9\u30eb\u63db\u7b97\u3067\u7d0432,056\u30c9\u30eb\uff08\u65e5\u672c\u5186\u3067\u304a\u3088\u305d340\u4e07\u5186\uff09\u3092\u96c6\u3081\u3066\u3044\u307e\u3057\u305f\u3002WatchDog\u306e\u30a2\u30af\u30bf\u30fc\u306fUPX\u5727\u7e2e\u3055\u308c\u305fGo\u8a00\u8a9e\u30d0\u30a4\u30ca\u30ea\u306b\u3088\u308b\u30af\u30e9\u30a6\u30c9\u3067\u306e\u52b9\u7387\u304c\u9ad8\u3044\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u4f7f\u3044\u307e\u3059\u3002\u305d\u308c\u306b\u3088\u308a\u3001Windows\/Linux\u306e\u4e21\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u306bGo\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308c\u3070\u3069\u3061\u3089\u306e\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u3067\u3082\u4fb5\u5bb3\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u308b\u306e\u3067\u3059\u3002\u73fe\u6642\u70b9\u3067\u306f\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306b\u306f18\u500b\u306eIP\u30a2\u30c9\u30ec\u30b9\u30687\u500b\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u308f\u304b\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u60aa\u610f\u306e\u3042\u308b\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306f\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\u30ad\u30c3\u30c8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u306b\u4f7f\u7528\u3055\u308c\u308b\u5c11\u306a\u304f\u3068\u3082125\u306eURL\u30a2\u30c9\u30ec\u30b9\u3092\u3044\u305a\u308c\u304b\u306e\u6642\u70b9\u3067\u30db\u30b9\u30c8\u3057\u3066\u3044\u305f\u304b\u73fe\u5728\u3082\u30db\u30b9\u30c8\u3057\u3066\u3044\u307e\u3059\u3002\u3055\u3089\u306b\u3001\u30b9\u30ad\u30e3\u30f3\u3068\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u884c\u3046\u30d0\u30a4\u30ca\u30ea\u306enetworkmanager\u306b\u306f\u300132\u500b\u306eRCE\u95a2\u6570\u3092\u542b\u308033\u306e\u56fa\u6709\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u30ed\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u3059\u3002WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u975e\u5e38\u306b\u5927\u898f\u6a21\u3067\u3001\u5c11\u306a\u304f\u3068\u3082476\u53f0\u306e\u4fb5\u5bb3\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u304c\u5e38\u306b\u30de\u30a4\u30cb\u30f3\u30b0\u3057\u3066\u3044\u308b\u3068\u63a8\u5b9a\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>WatchDog\u306e\u30aa\u30da\u30ec\u30fc\u30bf\u30fc\u304c\u719f\u7df4\u3057\u305f\u30b3\u30fc\u30c0\u30fc\u3067\u3042\u308b\u3053\u3068\u3001\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3053\u308c\u307e\u3067\u3055\u307b\u3069\u6ce8\u76ee\u3092\u96c6\u3081\u305a\u306b\u304d\u305f\u3053\u3068\u306f\u660e\u3089\u304b\u3067\u3059\u3002\u73fe\u6642\u70b9\u3067\u8ffd\u52a0\u306e\u30af\u30e9\u30a6\u30c9\u4fb5\u5bb3\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\uff08\u3064\u307e\u308a\u3001\u30af\u30e9\u30a6\u30c9\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306eIAM\u8cc7\u683c\u60c5\u5831\u3001\u30a2\u30af\u30bb\u30b9ID\u3001\u307e\u305f\u306f\u30ad\u30fc\u306e\u7a83\u53d6\uff09\u306e\u5146\u5019\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u30af\u30e9\u30a6\u30c9\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u3055\u3089\u306a\u308b\u4fb5\u5bb3\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u306f\u3042\u308a\u307e\u3059\u3002\u3068\u3044\u3046\u306e\u3082\u3001\u3053\u308c\u3089\u306e\u653b\u6483\u8005\u306b\u306f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u690d\u3048\u4ed8\u3051\u306e\u6bb5\u968e\u3067\u7a83\u53d6\u6e08\u307f\u306e\u30eb\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u3084\u7ba1\u7406\u8005\u30a2\u30af\u30bb\u30b9\u304c\u3042\u308b\u306e\u3067\u3001\u305d\u3046\u3057\u305f\u4fb5\u5bb3\u6e08\u307f\u30af\u30e9\u30a6\u30c9\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067IAM\u95a2\u9023\u60c5\u5831\u3082\u898b\u3064\u3051\u308b\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u304b\u3089\u3067\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e<a href=\"https:\/\/www.paloaltonetworks.jp\/prisma\/access\">Prisma Access<\/a>\u306f\u3001PAN-OS\u7d4c\u7531\u3067\u3001WatchDog\u306e18\u500b\u306eIP\u30a2\u30c9\u30ec\u30b9\u30017\u500b\u306e\u30c9\u30e1\u30a4\u30f3\u3001\u95a2\u9023URL\u30a2\u30c9\u30ec\u30b9\u3092\u305d\u308c\u305e\u308c\u691c\u51fa\u3059\u308b\u3088\u3046\u306b\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\u3002<a href=\"https:\/\/www.paloaltonetworks.jp\/prisma\/cloud\">Prisma Cloud<\/a>\u3082\u307e\u305f\u3001Prisma Cloud Compute Defender\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u30af\u30e9\u30a6\u30c9\u74b0\u5883\u3067\u3001WatchDog\u30de\u30a4\u30ca\u30fc\u306b\u3088\u308b\u60aa\u610f\u306e\u3042\u308bXMRig\u30d7\u30ed\u30bb\u30b9\u304c\u5229\u7528\u3055\u308c\u305f\u5834\u5408\u3001\u305d\u308c\u3092\u691c\u51fa\u3057\u307e\u3059\u3002<\/p>\n<h2><strong>IoC<\/strong><\/h2>\n<h6><strong>IP\u30a2\u30c9\u30ec\u30b9<\/strong><\/h6>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">39.100.33[.]209<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">45.153.240[.]58<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">45.9.148[.]37<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">93.115.23[.]117<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">95.182.122[.]199<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">106.15.74[.]113<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">107.173.159[.]206<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">146.71.79[.]230<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.181.10[.]234<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.232.65[.]124<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.232.65[.]191<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.232.65[.]192<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">185.247.117[.]64<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">198.98.57[.]187<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">199.19.226[.]117<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">204.44.105[.]168<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">205.209.152[.]78<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">208.109.11[.]21<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h6><strong>\u30c9\u30e1\u30a4\u30f3<\/strong><\/h6>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">de.gengine[.]com.de<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">de.gsearch[.]com.de<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">global.bitmex[.]com.de<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">ipzse[.]com<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">py2web[.]store<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">sjjjv[.]xyz<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">us.gsearch[.]com.de<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h6><strong>URL\u30a2\u30c9\u30ec\u30b9<\/strong><\/h6>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/107.173.159[.]206:8880\/tatavx1hym9z928m\/bsh.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/107.173.159[.]206:8880\/tatavx1hym9z928m\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/107.173.159[.]206:8880\/tatavx1hym9z928m\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/107.173.159[.]206:8880\/tatavx1hym9z928m\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/146.71.79[.]230\/363A3EDC10A2930DVNICE\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/146.71.79[.]230\/363A3EDC10A2930DVNICE\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/146.71.79[.]230\/363A3EDC10A2930DVNICE\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/146.71.79[.]230\/363A3EDC10A2930DVNICE\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/146.71.79[.]230\/363A3EDC10A2930DVNICE\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/176.123.10[.]57\/cf67356\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/176.123.10[.]57\/cf67356\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/176.123.10[.]57\/cf67356\/newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/176.123.10[.]57\/cf67356\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/176.123.10[.]57\/cf67356\/zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.181.10[.]234\/E5DB0E07C3D7BE80V520\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.181.10[.]234\/E5DB0E07C3D7BE80V520\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.181.10[.]234\/E5DB0E07C3D7BE80V520\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.181.10[.]234\/E5DB0E07C3D7BE80V520\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.181.10[.]234\/E5DB0E07C3D7BE80V520\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]124\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]191\/cf67356\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]191\/cf67356\/newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]191\/cf67356\/zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]191\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]191\/trace<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]191\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]192\/cf67356\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]192\/cf67356\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]192\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.232.65[.]192\/trace<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.247.117[.]64\/cf67356\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.247.117[.]64\/cf67356\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.247.117[.]64\/cf67356\/newdat.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.247.117[.]64\/cf67356\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/185.247.117[.]64\/cf67356\/phpupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/198.98.57[.]187\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/198.98.57[.]187\/trace<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/198.98.57[.]187\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/204.44.105[.]168:66\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/204.44.105[.]168:66\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/204.44.105[.]168:66\/newdat.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/204.44.105[.]168:66\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/204.44.105[.]168:66\/phpupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/205.209.152[.]78:8000\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/205.209.152[.]78:8000\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/209.182.218[.]161:80\/363A3EDC10A2930D\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/209.182.218[.]161:80\/363A3EDC10A2930D\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/209.182.218[.]161:80\/363A3EDC10A2930D\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/209.182.218[.]161:80\/363A3EDC10A2930D\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/209.182.218[.]161:80\/363A3EDC10A2930D\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/39.100.33[.]209\/b2f628\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/39.100.33[.]209\/b2f628\/newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/39.100.33[.]209\/b2f628\/zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/39.100.33[.]209\/b2f628fff19fda999999999\/is.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.153.240[.]58\/N3DN0E09C5D9BU70V1720\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.153.240[.]58\/N3DN0E09C5D9BU70V1720\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.153.240[.]58\/N3DN0E09C5D9BU70V1720\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.153.240[.]58\/N3DN0E09C5D9BU70V1720\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.153.240[.]58\/N3DN0E09C5D9BU70V1720\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.9.148[.]37\/cf67356a3333e6999999999\/1.0.4.tar.gz<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.9.148[.]37\/cf67356a3333e6999999999\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.9.148[.]37\/cf67356a3333e6999999999\/is.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.9.148[.]37\/cf67356a3333e6999999999\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.9.148[.]37\/cf67356a3333e6999999999\/newdat.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.9.148[.]37\/cf67356a3333e6999999999\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/45.9.148[.]37\/cf67356a3333e6999999999\/phpupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/47.253.42[.]213\/b2f628\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/47.253.42[.]213\/b2f628\/newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/47.253.42[.]213\/b2f628\/zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/82.202.66[.]50\/cf67356\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/82.202.66[.]50\/cf67356\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/82.202.66[.]50\/cf67356\/newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/82.202.66[.]50\/cf67356\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/82.202.66[.]50\/cf67356\/zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/83.97.20[.]90\/cf67356\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/83.97.20[.]90\/cf67356\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/83.97.20[.]90\/cf67356\/newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/83.97.20[.]90\/cf67356\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/83.97.20[.]90\/cf67356\/zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/93.115.23[.]117\/N3DN0E09C5D9BU70V1720\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/93.115.23[.]117\/N3DN0E09C5D9BU70V1720\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/93.115.23[.]117\/N3DN0E09C5D9BU70V1720\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/93.115.23[.]117\/N3DN0E09C5D9BU70V1720\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/93.115.23[.]117\/N3DN0E09C5D9BU70V1720\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/95.182.122[.]199\/E5DB0E07C3D7BE80V52\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/95.182.122[.]199\/E5DB0E07C3D7BE80V52\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/95.182.122[.]199\/E5DB0E07C3D7BE80V52\/Saltmin.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/95.182.122[.]199\/E5DB0E07C3D7BE80V52\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/95.182.122[.]199\/init.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/global.bitmex[.]com[.]de\/cf67355a3333e6\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/global.bitmex[.]com[.]de\/cf67355a3333e6\/is.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/global.bitmex[.]com[.]de\/cf67355a3333e6\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/global.bitmex[.]com[.]de\/cf67355a3333e6\/newdat.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/global.bitmex[.]com[.]de\/cf67355a3333e6\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/global.bitmex[.]com[.]de\/cf67355a3333e6\/phpupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/py2web[.]store\/7356a3333e6999999999\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/py2web[.]store\/7356a3333e6999999999\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/py2web[.]store\/cf67356\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/py2web[.]store\/cf67356\/newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/py2web[.]store\/cf67356\/zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/bd.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/is.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/newdat.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/phpupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxp:\/\/xmr.ipzse[.]com:66\/rs.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gengine[.]com[.]de\/api\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gengine[.]com[.]de\/api\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gengine[.]com[.]de\/api\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gengine[.]com[.]de\/api\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gengine[.]com[.]de\/api\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gsearch[.]com[.]de\/api\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gsearch[.]com[.]de\/api\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gsearch[.]com[.]de\/api\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gsearch[.]com[.]de\/api\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/de.gsearch[.]com[.]de\/api\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/sjjjv[.]xyz\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/sjjjv[.]xyz\/update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/us.gsearch[.]com[.]de\/api\/config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/us.gsearch[.]com[.]de\/api\/networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/us.gsearch[.]com[.]de\/api\/sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/us.gsearch[.]com[.]de\/api\/sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/us.gsearch[.]com[.]de\/api\/update.sh<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h6><strong>\u30d5\u30a1\u30a4\u30eb<\/strong><\/h6>\n<table>\n<tbody>\n<tr>\n<td><strong>SHA-256\u5024<\/strong><\/td>\n<td><strong>\u30d5\u30a1\u30a4\u30eb\u540d<\/strong><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">0a48bd0d41052c1e3138d558fc06ebde8d6f15b8d866200b8f00b214a73eb5b9<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">0c4aa6afd2a81fd15f3bd65adcbd4f649fbc58ef12dd2d528125435169555901<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">1f65569b77f21f47256db339700b4ff33b7570e44e1981b5c213b7b2e65b0f6c<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">2b52288383588f65803a5dc9583171103be79f0b196d01241b5cd3a8cf69b190<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">2eeac2b9577047a9eef2d164c13ace5e826ac85990a3a915871d6b0c2fc8fe67<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">2f642efdf56b30c1909c44a65ec559e1643858aaea9d5f18926ee208ec6625ed<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">37492d1897f77371f2eb431b9be7c861b81e97f04a091d8c6d63719171eda2ac<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">rs.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">3ab7cf786eeb23ebd11e86e0fc48b0a9b37a427d5d730d774c9ed8d98a925c6f<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">43d7b29668786731f1bbbb3ae860487e84604195b186c1b7b253f99156d7f57a<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">49366ae4766492d94136ca1f715a37554aa6243686c66bf3c6fbb9da9cb2793d<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">51de345f677f46595fc3bd747bfb61bc9ff130adcbec48f3401f8057c8702af9<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">tar.gz<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">55c92d64ffa9d170e340e0528dc8ea1fa9be98f91db891869947c5b168a728c8<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">55dd539d8fe94648294e91df89b005f1dba330b432ceda25775963485bae7def<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">67d0f77adf98ac34a6db78110c78652a9b7f63e22ae5ab7df4f57d3413e48822<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">68cedf2a018c0830655dc9bb94aadf6492ab31196cbc83ceb44defae0a02d3dc<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">6a7109481e113fd92ff98534e780f47a32b64bfa5692f7bd7da33c84033a9028<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">sysguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">758dbfda2b7d2e97caba294089c4c836ab447d7c9ceef510c667526fd873e161<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">80b1a70d7ec5d1944787afff3c2feac3aa40ec8c64177886481d96623bc786bf<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">818c16d1921572ffee6853c16c5c9158d2f217b6adbb5154cbb7daf945db493c<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">update.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">82815c61402cfc0edd6ce3be37848259711ef07e3391e74c85fbdaa676d95c0c<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">is.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">849f86a8fd06057eeb1ae388789881516239282dd4cb079b8281f995035874e1<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">895e994dafaa00009a46f3b56ca0d563e066a14e77f5030b1331fc9b3f9f6478<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">networkservice<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">96fe63c25e7551a90051431aeddb962f05d82b7dd2940c0e8e1282273ba81e22<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">a322dc6af6fed1326b04ec966e66b68dd8ef22374edd286569710afc65ccc741<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">newinit.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">ac719447894b2f5029f493c7395d128f710a3ba7b31c199558f3ee00fb90ea12<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">ad05d09e6ed4bd09fe1469e49885c5169458635a1a33f2579cb7caa221b43fce<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">newdat.sh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">b6a5790a9bfaf159af68c4dbb09de9c2c0c2371c886fdb28223d40e6984b1dd7<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">bd3506b86452d46d395b38aa807805097da1291c706318b5fe970fe4b20f5406<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">config.json<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">c67881c1f05477939b8964ad26f1a467762a19c2c7d1a1656b338d8113ca1ac1<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">c8ca3ab0ae00a1bf197086370ab5994264ac5bc1fcf52b2ddf8c9fcacc4402ff<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">1.0.4.tar<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">d54157bb703b360bb911363d9bb483a2ee00ee619d566d033a8c316f06cf26cc<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">zzh<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">d6cf2d54e3bb564cb15638b58d2dd124ae7acd40e05af42d1bdc0588a8d5211d<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">networkmanager<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">e3cbb08913493e54d74081349972423444cbc0f4853707b84409131d19cad15b<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">phpguard<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">e7446d595854b6bac01420378176d1193070ef776788af12300eb77e0a397bf7<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">sysupdate<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">ed1e49cb05c375cc1149c349880ed077b6ee75cb7e5c6cae9cbd4bd086950c93<\/span><\/td>\n<td><span style=\"font-family: 'courier new', courier, monospace;\">zzh<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 \u672c\u7a3f\u3067\u306f\u3001Unit 42\u306e\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306b\u3088\u3063\u3066\u66b4\u304b\u308c\u305f\u3001\u3053\u308c\u307e\u3067\u77e5\u3089\u308c\u3066\u3044\u308b\u3082\u306e\u306e\u306a\u304b\u3067\u3082\u6700\u5927\u304b\u3064\u6700\u9577\u306eMonero\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002\u3053\u306e\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306f\u3001Linux\u30c7\u30fc\u30e2\u30f3\u540d<\/p>\n","protected":false},"author":317,"featured_media":134274,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4326,4436,1974,4428],"tags":[4889,5233,5857,6016],"product_categories":[4457,4345,4458],"coauthors":[1394],"class_list":["post-117146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-cybersecurity-research","category-cloud-cybersecurity-research-ja","category-malware-ja","category-threat-research-ja","tag-cryptojacking-ja","tag-golang-ja","tag-monero-ja","tag-xmrig","product_categories-prisma-access-ja","product_categories-prisma-cloud","product_categories-prisma-cloud-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f<\/title>\n<meta name=\"description\" content=\"\u3053\u308c\u307e\u3067\u77e5\u3089\u308c\u3066\u3044\u308b\u306a\u304b\u3067\u3082\u6700\u5927\u304b\u3064\u6700\u9577\u306eMonero\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002https:\/\/unit42.paloaltonetworks.jp\/watchdog-cryptojacking\/\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f\" \/>\n<meta property=\"og:description\" content=\"\u3053\u308c\u307e\u3067\u77e5\u3089\u308c\u3066\u3044\u308b\u306a\u304b\u3067\u3082\u6700\u5927\u304b\u3064\u6700\u9577\u306eMonero\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002https:\/\/unit42.paloaltonetworks.jp\/watchdog-cryptojacking\/\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-17T21:45:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-22T00:56:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/07_Cybercrime_Category_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Nathaniel Quist\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f","description":"\u3053\u308c\u307e\u3067\u77e5\u3089\u308c\u3066\u3044\u308b\u306a\u304b\u3067\u3082\u6700\u5927\u304b\u3064\u6700\u9577\u306eMonero\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002https:\/\/unit42.paloaltonetworks.jp\/watchdog-cryptojacking\/","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/","og_locale":"ja_JP","og_type":"article","og_title":"WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f","og_description":"\u3053\u308c\u307e\u3067\u77e5\u3089\u308c\u3066\u3044\u308b\u306a\u304b\u3067\u3082\u6700\u5927\u304b\u3064\u6700\u9577\u306eMonero\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002https:\/\/unit42.paloaltonetworks.jp\/watchdog-cryptojacking\/","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/","og_site_name":"Unit 42","article_published_time":"2021-02-17T21:45:01+00:00","article_modified_time":"2021-02-22T00:56:23+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/07_Cybercrime_Category_1920x900.jpg","type":"image\/jpeg"}],"author":"Nathaniel Quist","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/"},"author":{"name":"Nathaniel Quist","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/6f4153adb969c91f103a21af22c5d1de"},"headline":"WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f","datePublished":"2021-02-17T21:45:01+00:00","dateModified":"2021-02-22T00:56:23+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/"},"wordCount":2091,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/07_Cybercrime_Category_1920x900.jpg","keywords":["cryptojacking","GoLang","Monero","XMRig"],"articleSection":["Cloud Cybersecurity Research","\u30af\u30e9\u30a6\u30c9 \u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b5\u30fc\u30c1","\u30de\u30eb\u30a6\u30a7\u30a2","\u8105\u5a01\u30ea\u30b5\u30fc\u30c1"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/","name":"WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/07_Cybercrime_Category_1920x900.jpg","datePublished":"2021-02-17T21:45:01+00:00","dateModified":"2021-02-22T00:56:23+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/6f4153adb969c91f103a21af22c5d1de"},"description":"\u3053\u308c\u307e\u3067\u77e5\u3089\u308c\u3066\u3044\u308b\u306a\u304b\u3067\u3082\u6700\u5927\u304b\u3064\u6700\u9577\u306eMonero\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e1\u3064\u3001WatchDog\u30de\u30a4\u30cb\u30f3\u30b0\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002https:\/\/unit42.paloaltonetworks.jp\/watchdog-cryptojacking\/","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/07_Cybercrime_Category_1920x900.jpg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/06\/07_Cybercrime_Category_1920x900.jpg","width":1920,"height":900,"caption":"Glowing red skull and crossbones symbol on a highly detailed, illuminated circuit board background, suggesting a concept of cyber threat or computer virus."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/watchdog-cryptojacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"WatchDog: 2\u5e74\u306b\u308f\u305f\u308a\u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u7d9a\u304f\u30af\u30ea\u30d7\u30c8\u30b8\u30e3\u30c3\u30af\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u66b4\u304f"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/6f4153adb969c91f103a21af22c5d1de","name":"Nathaniel Quist","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/947819d65069de51e7512d05c4607081","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/Nathaniel-Quist_Headshot-Insights-300x300.png","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/Nathaniel-Quist_Headshot-Insights-300x300.png","caption":"Nathaniel Quist"},"description":"Nathaniel Quist is the Manager of the Cloud Threat Intelligence Team for Cortex Cloud, where he collaborates with the Cortex and Unit 42 researchers to track threat actors targeting cloud platforms and services. He holds a Master of Science in Information Security Engineering from The SANS Institute and has authored several publications for Palo Alto Networks' Unit 42, Prisma Cloud, and the SANS InfoSec Reading Room. Outside of cloud threats, he enjoys puzzles, blockchain, and ranching.","url":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/author\/nathaniel-quist\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/117146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/317"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=117146"}],"version-history":[{"count":6,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/117146\/revisions"}],"predecessor-version":[{"id":117180,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/117146\/revisions\/117180"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/134274"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=117146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=117146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=117146"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=117146"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=117146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}