ã³ãããŠã€ã«ã¹ãããŒãã«ããããŸããŸãªè åšããªã³ã©ã€ã³ã§åŒãç¶ãåºçŸããŠããŸãã ãããŠä»æ¥ã¯ãå©çãæ倧åããããšããæ»æè ã®æå³ãæ確ã«ç€ºã 2 ã€ã®èå³æ·±ãäºäŸã«é¢ããæ å ±ãå ±æããããšæããŸãã ã1-in-XNUMXãã«ããŽãªã®è åšã¯ãèªããã³ãããŠã€ã«ã¹ãšåŒã³ãŸãã ãããŠããã«ãŠã§ã¢ã«é¢ãã詳现æ å ±ã¯å ¬éãããŠããŸããã
ã³ãããŠã€ã«ã¹ãããŒãã«ããæªçšã¯ XNUMX ãæ以äžåã«å§ãŸããŸããã æ»æè
ã¯ããã³ãããã¯ã®è延ãšè¬ãããã察çã«é¢ããæ
å ±ã«å¯Ÿããåœæ°ã®é¢å¿ãå©çšããŸããã èšå€§ãªæ°ã®ããŸããŸãªæ
å ±æäŸè
ãç¹å¥ãªã¢ããªã±ãŒã·ã§ã³ãåœãµã€ããã€ã³ã¿ãŒãããäžã«åºçŸãããŠãŒã¶ãŒã䟵害ããããŒã¿ãçã¿ãå Žåã«ãã£ãŠã¯ããã€ã¹ã®ã³ã³ãã³ããæå·åããŠèº«ä»£éãèŠæ±ããŠããŸãã ããã¯ãŸãã«ãCoronavirus Tracker ã¢ãã€ã« ã¢ããªã®åäœã§ãããããã€ã¹ãžã®ã¢ã¯ã»ã¹ããããã¯ãã身代éãèŠæ±ããŸãã
ãã«ãŠã§ã¢ã®è延ã®å¥ã®åé¡ãšããŠã財æ¿æ¯æŽçãšã®æ··ä¹±ããã£ãã å€ãã®åœã§ãæ¿åºã¯ãã³ãããã¯ã®éãäžè¬åœæ°ãäŒæ¥ä»£è¡šè ãžã®æ¯æŽãšæ¯æŽãçŽæããŠããã ãããŠããã®æ¯æŽãç°¡åãã€éææ§ããã£ãŠåããŠãããšããã¯ã»ãšãã©ãããŸããã ããã«ãå€ãã®äººã¯çµæžçãªæŽå©ãæåŸ ããŠããããæ¿åºã®è£å©éãåãåã察象è ã®ãªã¹ãã«èªåãã¡ãå«ãŸããŠãããã©ããã¯åãããªãã ãããŠããã§ã«åœããäœããåããŠãã人ã¯ãè¿œå ã®æŽå©ãæåŠããå¯èœæ§ã¯äœãã§ãã
ããã¯ãŸãã«æ»æè ãå©çšãããã®ã§ãã 圌ãã¯éè¡ãéèèŠå¶åœå±ã瀟äŒä¿éåœå±ã«ä»£ãã£ãŠæçŽãéããæ¯æŽãç³ãåºãŠããŸãã ãªã³ã¯ããã©ãã ãã§...
çãããã¢ãã¬ã¹ãã¯ãªãã¯ããåŸããã£ãã·ã³ã° ãµã€ãã«èªå°ãããããã§è²¡åæ å ±ã®å ¥åãæ±ããããããšã¯æ³åã«é£ããããŸããã ã»ãšãã©ã®å Žåãæ»æè 㯠Web ãµã€ããéããšåæã«ãå人ããŒã¿ãç¹ã«éèæ å ±ãçãããšãç®çãšããããã€ã®æšéŠ¬ããã°ã©ã ãã³ã³ãã¥ãŒã¿ã«ææãããããšããŸãã é»åã¡ãŒã«ã®æ·»ä»ãã¡ã€ã«ã«ã¯ãã¹ãã€ãŠã§ã¢ãã©ã³ãµã ãŠã§ã¢ã®åœ¢åŒã§ãæ¿åºã®ãµããŒããåããæ¹æ³ã«é¢ããéèŠãªæ å ±ããå«ãŸããããã¹ã¯ãŒãã§ä¿è·ããããã¡ã€ã«ãå«ãŸããå ŽåããããŸãã
ããã«ãæè¿ã§ã¯ãInfostealer ã«ããŽãªã®ããã°ã©ã ããœãŒã·ã£ã« ãããã¯ãŒã¯äžã§æ¡æ£ãå§ããŠããŸãã ããšãã°ãwisecleaner[.]best ãªã©ã®æ£èŠã® Windows ãŠãŒãã£ãªãã£ãããŠã³ããŒããããå ŽåãInfostealer ããã³ãã«ãããŠããå¯èœæ§ããããŸãã ãªã³ã¯ãã¯ãªãã¯ãããšããŠãŒã¶ãŒã¯ãŠãŒãã£ãªãã£ãšãšãã«ãã«ãŠã§ã¢ãããŠã³ããŒãããããŠã³ããŒããŒãåãåããŸããããŠã³ããŒã ãœãŒã¹ã¯è¢«å®³è ã®ã³ã³ãã¥ãŒã¿ã®æ§æã«å¿ããŠéžæãããŸãã
ã³ãããŠã€ã«ã¹2022
ãªãç§ãã¡ã¯ãã®ãã¢ãŒå šäœãè¡ã£ãã®ã§ãããã? å®éã®ãšãããäœæè ãååã«ã€ããŠããŸãæ·±ãèããªãã£ããã®æ°ãããã«ãŠã§ã¢ã¯ããã¹ãŠã®å©ç¹ãåžåããäžåºŠã« XNUMX çš®é¡ã®æ»æã§è¢«å®³è ãåã°ããŠããŸãã äžæ¹ã§ã¯æå·åããã°ã©ã (CoronaVirus) ãããŒããããããäžæ¹ã§ã¯ KPOT infostealer ãããŒããããŸãã
CoronaVirusã©ã³ãµã ãŠã§ã¢
ã©ã³ãµã ãŠã§ã¢èªäœã¯ 44KB ã®å°ããªãã¡ã€ã«ã§ãã è
åšã¯åçŽã§ããå¹æçã§ãã å®è¡å¯èœãã¡ã€ã«ã¯ãã©ã³ãã ãªååã§èªåèªèº«ãã³ããŒããŸãã %AppData%LocalTempvprdh.exe
ããŸãã¬ãžã¹ããªã«ããŒãèšå®ããŸã WindowsCurrentVersionRun
ã ã³ããŒãé
眮ããããšããªãªãžãã«ã¯åé€ãããŸãã
ã»ãšãã©ã®ã©ã³ãµã ãŠã§ã¢ãšåæ§ã«ãCoronaVirus ã¯æ¬¡ã®ã·ã¹ãã ã³ãã³ããå®è¡ããŠãããŒã«ã« ããã¯ã¢ãããåé€ãããã¡ã€ã« ã·ã£ããŠã€ã³ã°ãç¡å¹ã«ããããšããŸãã
C:Windowssystem32VSSADMIN.EXE Delete Shadows /All /Quiet
C:Windowssystem32wbadmin.exe delete systemstatebackup -keepVersions:0 -quiet
C:Windowssystem32wbadmin.exe delete backup -keepVersions:0 -quiet
次ã«ããœãããŠã§ã¢ã¯ãã¡ã€ã«ã®æå·åãéå§ããŸãã åæå·åãã¡ã€ã«ã®ååã«ã¯æ¬¡ã®ãã®ãå«ãŸããŸãã [email protected]__
æåã¯ãã®ãŸãŸã§ãä»ã¯ãã¹ãŠåããŸãŸã§ãã
ããã«ãã©ã³ãµã ãŠã§ã¢ã¯ C ãã©ã€ãã®ååãCoronaVirus ã«å€æŽããŸãã
ãã®ãŠã€ã«ã¹ãææããåãã£ã¬ã¯ããªã«ã¯ãæ¯æãæ瀺ãå«ãŸããCoronaVirus.txtãã¡ã€ã«ã衚瀺ãããŸãã 身代éã¯ããã 0,008 ãããã³ã€ã³ãã€ãŸãçŽ 60 ãã«ã§ãã ããã¯éåžžã«æ§ãããªæ°åã§ãããšèšããããåŸãŸããã ãããŠããã§éèŠãªã®ã¯ãèè
ã倧éæã¡ã«ãªããšããç®æšãèªåèªèº«ã«èšå®ããŠããªãã£ããšããããšã§ã...ãããã¯éã«ãããã¯èªå·±éé¢äžã§èªå®
ã«åº§ã£ãŠãããã¹ãŠã®ãŠãŒã¶ãŒãæ¯æãããšãã§ããçŽ æŽãããéé¡ã§ãããšåœŒãå€æãããšããããšã§ãã åæããŸããå€åºã§ããªãå Žåãã³ã³ãã¥ãŒã¿ãŒãåã³åäœãããã®ã« 60 ãã«ã¯ããã»ã©é«ããããŸããã
ããã«ãæ°ããã©ã³ãµã ãŠã§ã¢ã¯ãäžæãã¡ã€ã« ãã©ã«ããŒã«å°ã㪠DOS å®è¡å¯èœãã¡ã€ã«ãæžã蟌ã¿ããããã¬ãžã¹ããªã® BootExecute ããŒã®äžã«ç»é²ããŠã次åã³ã³ãã¥ãŒã¿ãŒãåèµ·åãããšãã«æ¯æãæ瀺ã衚瀺ãããããã«ããŸãã ã·ã¹ãã ã®èšå®ã«ãã£ãŠã¯ããã®ã¡ãã»ãŒãžã衚瀺ãããªãå ŽåããããŸãã ãã ãããã¹ãŠã®ãã¡ã€ã«ã®æå·åãå®äºãããšãã³ã³ãã¥ãŒã¿ãŒã¯èªåçã«åèµ·åããŸãã
KPOT ã€ã³ãã©ã¹ãã£ãŒã©ãŒ
ãã®ã©ã³ãµã ãŠã§ã¢ã«ã¯ãKPOT ã¹ãã€ãŠã§ã¢ãä»å±ããŠããŸãã ãã®ã€ã³ãã©ã¹ãã£ãŒã©ãŒã¯ãããŸããŸãªãã©ãŠã¶ã ãã§ãªããPC ã«ã€ã³ã¹ããŒã«ãããŠããã²ãŒã (Steam ãå«ã)ãJabberãSkype ã€ã³ã¹ã¿ã³ã ã¡ãã»ã³ãžã£ãŒãã Cookie ãä¿åããããã¹ã¯ãŒããçãããšãã§ããŸãã 圌ã®èå³ã®ããåéã«ã¯ãFTP ãš VPN ã®ã¢ã¯ã»ã¹ã®è©³çŽ°ãå«ãŸããŸãã ä»»åãéè¡ããçãããã®ã¯ãã¹ãŠçãã åŸãã¹ãã€ã¯æ¬¡ã®ã³ãã³ãã§èªåèªèº«ãåé€ããŸãã
cmd.exe /c ping 127.0.0.1 && del C:tempkpot.exe
ãã¯ãã©ã³ãµã ãŠã§ã¢ã ãã§ã¯ãªã
ãã®æ»æã¯ãåã³ã³ãããŠã€ã«ã¹ã®ãã³ãããã¯ãšããããŒãã«çµã³ã€ããŠãããçŸä»£ã®ã©ã³ãµã ãŠã§ã¢ããã¡ã€ã«ãæå·åããã ãã§ã¯ãªãããšãæ¹ããŠèšŒæããŠããŸãã ãã®å Žåã被害è ã¯ããŸããŸãªãµã€ããããŒã¿ã«ã®ãã¹ã¯ãŒããçãŸããå±éºããããŸãã Maze ã DoppelPaymer ãªã©ã®é«åºŠã«çµç¹åããããµã€ããŒç¯çœªã°ã«ãŒãã¯ããã¡ã€ã«å埩ã®è²»çšãæããããªããŠãŒã¶ãŒãè è¿«ããããã«ãçãã å人ããŒã¿ã䜿çšããããšã«çéããŠããŸãã å®éããããã¯çªç¶ããã»ã©éèŠã§ãªããªãããŠãŒã¶ãŒãã©ã³ãµã ãŠã§ã¢æ»æãåãã«ããããã¯ã¢ãã ã·ã¹ãã ãæã£ãŠããå ŽåããããŸãã
ãã®åçŽãã«ãããããããæ°åã³ãããŠã€ã«ã¹ã¯ããµã€ããŒç¯çœªè ãåå ¥ãå¢ããããšããè¿œå ã®åçåæ段ãæ¢ããŠããããšãæ確ã«ç€ºããŠããŸãã ãã®æŠç¥èªäœã¯æ°ãããã®ã§ã¯ãããŸãããã¢ã¯ããã¹ã®ã¢ããªã¹ãã¯æ°å¹Žåããã被害è ã®ã³ã³ãã¥ãŒã¿ã«éèç³»ããã€ã®æšéŠ¬ãä»æããã©ã³ãµã ãŠã§ã¢æ»æã芳å¯ããŠããŸããã ããã«ãçŸä»£ã®ç¶æ³ã§ã¯ãã©ã³ãµã ãŠã§ã¢æ»æã¯äžè¬ã«ãæ»æè ã®äž»ãªç®çã§ããããŒã¿æŒæŽ©ãã泚æããããããã®åŠšå®³è¡çºãšããŠæ©èœããå¯èœæ§ããããŸãã
ãããã«ããããã®ãããªè åšã«å¯Ÿããä¿è·ã¯ããµã€ããŒé²åŸ¡ãžã®çµ±åã¢ãããŒãã䜿çšããããšã«ãã£ãŠã®ã¿éæã§ããŸãã ãããŠãçŸä»£ã®ã»ãã¥ãªã㣠ã·ã¹ãã ã¯ãæ©æ¢°åŠç¿ãã¯ãããžãŒã䜿çšãããã¥ãŒãªã¹ãã£ã㯠ã¢ã«ãŽãªãºã ã䜿çšãå§ããåã§ãã£ãŠãããã®ãããªè åš (ããã³ãã®äž¡æ¹ã®ã³ã³ããŒãã³ã) ãç°¡åã«ãããã¯ããŸãã ããã¯ã¢ãã/çœå®³åŸ©æ§ã·ã¹ãã ãšçµ±åãããŠããå Žåãæåã«ç Žæãããã¡ã€ã«ã¯ããã«åŸ©å ãããŸãã
èå³ã®ããæ¹ã®ããã«ãIoC ãã¡ã€ã«ã®ããã·ã¥åã瀺ããŸãã
CoronaVirus Ransomware: 3299f07bc0711b3587fe8a1c6bf3ee6bcbc14cb775f64b28a61d72ebcb8968d3
Kpot infostealer: a08db3b44c713a96fe07e0bfc440ca9cf2e3d152a5d13a70d6102c15004c4240
ç»é²ãŠãŒã¶ãŒã®ã¿ãã¢ã³ã±ãŒãã«åå ã§ããŸãã
æå·åãšããŒã¿çé£ãåæã«çµéšããããšããããŸãã?
-
èŠèŽè ã®ïŒïŒ%ãã¯ã4
-
èŠèŽè ã®ïŒïŒ%ãNo9
-
èŠèŽè ã®ïŒïŒ%ãç§ãã¡ã¯ããã«èŠæããå¿ èŠããããŸã6
-
èŠèŽè ã®ïŒïŒ%ãèããããªãã£ã2
21 人ã®ãŠãŒã¶ãŒãæ祚ããŸããã 5åã®ãŠãŒã¶ãŒãæ£æš©ããã
åºæïŒ habr.com