¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖBlackCat/ALPHV¡×¤Ë¤Ä¤¤¤Æ·Ù¹ð¡¢FBI
¥¢¥á¥ê¥«Ï¢Ë®Ä´ºº¶É(FBI: Federal Bureau of Investigation)¤Ï4·î19Æü(Êƹñ»þ´Ö)¡¢¡ÖFBI FLASH - BlackCat/ALPHV Ransomware Indicators of Compromise¡×¤Ë¤ª¤¤¤Æ¡¢¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖBlackCat/ALPHV¡×¤Ë´Ø¤¹¤ëÃí°Õ´µ¯¤ò¹Ô¤Ã¤¿¡£¥µ¥¤¥Ð¡¼¹¶·â¼Ô¤Î°°Õ¤¢¤ë¶¼°Ò¹ÔÆ°¤«¤é¥æ¡¼¥¶¡¼¤òÊݸ¤ë¤¿¤á¤È¤·¤Æ¡¢¤³¤Î¶¼°Ò¤Ë´Ø¤¹¤ë¥»¥¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿(IoC: Indicator of Compromise)¤¬¸ø³«¤µ¤ì¤Æ¤¤¤ë¡£
FBI FLASH - BlackCat/ALPHV Ransomware Indicators of Compromise
¤³¤ÎFBI FLASH¤Ë¤ª¤¤¤Æ¡¢³ºÅö¤¹¤ë¶¼°Ò¤È´ØÏ¢¤·¤Æ¤¤¤ëµ¿¤¤¤¬¤¢¤ë¤È¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Ï¼¡¤Î¤È¤ª¤ê¡£
amd - Copy.ps1
ipscan.ps1
Run1.ps1
[###].ps1
[##].ps1
[#].ps1
CME.ps1
Run1.ps1
mim.ps1
psexec.ps1
Systems.ps1
System.ps1
CheckVuln.bat
Create-share-RunAsAdmin.bat
LPE-Exploit-RunAsUser.bat
RCE-Exploit-RunAsUser.bat
est.bat
runav.bat
http_x64.exe
spider.dll
spider_32.dll
powershell.dll
rpcdump.exe
mimikatz.exe
run.exe
zakrep_plink.exe
beacon.exe
win1999.exe
[compromised company].exe
test.exe
xxx.exe
xxxw.exe
Mim.exe
crackmapexec.exe
plink.exe
Services.exe
Systems.exe
PsExec64.exe
¤Þ¤¿¡¢FBI FLASH¤Ë¤ª¤¤¤Æ³ºÅö¤¹¤ë¶¼°Ò¤È´ØÏ¢¤·¤Æ¤¤¤ëµ¿¤¤¤¬¤¢¤ë¤È¤µ¤ì¤ëIP¥¢¥É¥ì¥¹¤Ï¼¡¤Î¤È¤ª¤ê¡£
89.44.9.243
142.234.157.246
45.134.20.66
185.220.102.253
37.120.238.58
152.89.247.207
198.144.121.93
89.163.252.230
45.153.160.140
23.106.223.97
139.60.161.161
146.0.77.15
94.232.41.155
FBI¤Ï¡¢´ë¶È¤¬Áà¶ÈÄä»ß¤Î´íµ¡¤ËľÌ̤·¤¿¾ì¹ç¤Ë³ô¼ç¤ä½¾¶È°÷¡¢¸ÜµÒ¤òÊݸ¤ë¤¿¤á¤Ë¤¢¤é¤æ¤ëÁªÂò»è¤ò¸¡Æ¤¤¹¤ë¤³¤È¤òÍý²ò¤·¤Æ¤¤¤ë¤È¤·¤Ä¤Ä¤â¡¢¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤ËÂФ·¤Æ¿ÈÂå¶â¤ò»Ùʧ¤¦¤³¤È¤Ë´Ø¤·¤Æ¤Ï¿ä¾©¤Ç¤¤Ê¤¤¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£¿ÈÂå¶â¤Î»Ùʧ¤¤¤Ï¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤¬¤µ¤é¤ËÊ̤ÎÈȺá¤òÈȤ¹¤³¤È¤ò½õŤ¹¤ë²ÄǽÀ¤¬¤¢¤ë¤È»ØŦ¤¹¤ë¤È¤È¤â¤Ë¡¢¿ÈÂå¶â¤ò»Ùʧ¤Ã¤¿¤È¤·¤Æ¤â°Å¹æ²½¤µ¤ì¤Æ¤·¤Þ¤Ã¤¿¥Õ¥¡¥¤¥ë¤¬Éü¸µ¤µ¤ì¤ë¤È¤Ï¸Â¤é¤Ê¤¤¤ÈÀâÌÀ¤µ¤ì¤Æ¤¤¤ë¡£
FBI¤Ï¡¢¿ÈÂå¶â¤Î»Ùʧ¤¤¤Ë±þ¤¸¤ë¤«¤É¤¦¤«¤Ë¤«¤«¤ï¤é¤º¡¢¥é¥ó¥µ¥à¥¦¥§¥¢¥¤¥ó¥·¥Ç¥ó¥È¤Ë¤Ä¤¤¤ÆºÇ´ó¤ê¤Î»Ù¶É¤ØÊó¹ð¤¹¤ë¤è¤¦¤Ë¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£Êó¹ð¤¹¤ë¤³¤È¤ÇÁܺº´±¤ä¥¢¥Ê¥ê¥¹¥È¤Ë¤è¤ëÄÉÀפ¬²Äǽ¤È¤Ê¤ê¡¢º£¸å¤Î¥µ¥¤¥Ð¡¼¹¶·â¤ÎËɻߤؤĤʤ²¤ë¤³¤È¤¬¤Ç¤¤ë¤È¤·¤Æ¤¤¤ë¡£
¤³¤ÎFBI FLASH¤Ë¤ª¤¤¤Æ¡¢³ºÅö¤¹¤ë¶¼°Ò¤È´ØÏ¢¤·¤Æ¤¤¤ëµ¿¤¤¤¬¤¢¤ë¤È¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Ï¼¡¤Î¤È¤ª¤ê¡£
amd - Copy.ps1
ipscan.ps1
Run1.ps1
[###].ps1
[##].ps1
[#].ps1
CME.ps1
Run1.ps1
mim.ps1
psexec.ps1
Systems.ps1
System.ps1
CheckVuln.bat
Create-share-RunAsAdmin.bat
LPE-Exploit-RunAsUser.bat
RCE-Exploit-RunAsUser.bat
est.bat
runav.bat
http_x64.exe
spider.dll
spider_32.dll
powershell.dll
rpcdump.exe
mimikatz.exe
run.exe
zakrep_plink.exe
beacon.exe
win1999.exe
[compromised company].exe
test.exe
xxx.exe
xxxw.exe
Mim.exe
crackmapexec.exe
plink.exe
Services.exe
Systems.exe
PsExec64.exe
¤Þ¤¿¡¢FBI FLASH¤Ë¤ª¤¤¤Æ³ºÅö¤¹¤ë¶¼°Ò¤È´ØÏ¢¤·¤Æ¤¤¤ëµ¿¤¤¤¬¤¢¤ë¤È¤µ¤ì¤ëIP¥¢¥É¥ì¥¹¤Ï¼¡¤Î¤È¤ª¤ê¡£
89.44.9.243
142.234.157.246
45.134.20.66
185.220.102.253
37.120.238.58
152.89.247.207
198.144.121.93
89.163.252.230
45.153.160.140
23.106.223.97
139.60.161.161
146.0.77.15
94.232.41.155
FBI¤Ï¡¢´ë¶È¤¬Áà¶ÈÄä»ß¤Î´íµ¡¤ËľÌ̤·¤¿¾ì¹ç¤Ë³ô¼ç¤ä½¾¶È°÷¡¢¸ÜµÒ¤òÊݸ¤ë¤¿¤á¤Ë¤¢¤é¤æ¤ëÁªÂò»è¤ò¸¡Æ¤¤¹¤ë¤³¤È¤òÍý²ò¤·¤Æ¤¤¤ë¤È¤·¤Ä¤Ä¤â¡¢¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤ËÂФ·¤Æ¿ÈÂå¶â¤ò»Ùʧ¤¦¤³¤È¤Ë´Ø¤·¤Æ¤Ï¿ä¾©¤Ç¤¤Ê¤¤¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£¿ÈÂå¶â¤Î»Ùʧ¤¤¤Ï¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤¬¤µ¤é¤ËÊ̤ÎÈȺá¤òÈȤ¹¤³¤È¤ò½õŤ¹¤ë²ÄǽÀ¤¬¤¢¤ë¤È»ØŦ¤¹¤ë¤È¤È¤â¤Ë¡¢¿ÈÂå¶â¤ò»Ùʧ¤Ã¤¿¤È¤·¤Æ¤â°Å¹æ²½¤µ¤ì¤Æ¤·¤Þ¤Ã¤¿¥Õ¥¡¥¤¥ë¤¬Éü¸µ¤µ¤ì¤ë¤È¤Ï¸Â¤é¤Ê¤¤¤ÈÀâÌÀ¤µ¤ì¤Æ¤¤¤ë¡£
FBI¤Ï¡¢¿ÈÂå¶â¤Î»Ùʧ¤¤¤Ë±þ¤¸¤ë¤«¤É¤¦¤«¤Ë¤«¤«¤ï¤é¤º¡¢¥é¥ó¥µ¥à¥¦¥§¥¢¥¤¥ó¥·¥Ç¥ó¥È¤Ë¤Ä¤¤¤ÆºÇ´ó¤ê¤Î»Ù¶É¤ØÊó¹ð¤¹¤ë¤è¤¦¤Ë¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£Êó¹ð¤¹¤ë¤³¤È¤ÇÁܺº´±¤ä¥¢¥Ê¥ê¥¹¥È¤Ë¤è¤ëÄÉÀפ¬²Äǽ¤È¤Ê¤ê¡¢º£¸å¤Î¥µ¥¤¥Ð¡¼¹¶·â¤ÎËɻߤؤĤʤ²¤ë¤³¤È¤¬¤Ç¤¤ë¤È¤·¤Æ¤¤¤ë¡£