Microsoft¡¢Web¥¤¥ó¥¹¥È¡¼¥ëµ¡Ç½¡Öms-appinstaller¡×¤ò¥Ç¥Õ¥©¥ë¥È¤Ç̵¸ú¤Ë
Malwarebytes¤Ï1·î3Æü(Êƹñ»þ´Ö)¡¢¡ÖMicrosoft disables ms-appinstaller after malicious use¡ÃMalwarebytes¡×¤Ë¤ª¤¤¤Æ¡¢Microsoft¤¬¡Öms-appinstaller¡×¤ò¥Ç¥Õ¥©¥ë¥È¤Ç̵¸ú¤Ë¤·¤¿¤ÈÅÁ¤¨¤¿¡£ms-appinstaller¤ÏWeb¥µ¡¼¥Ð¤«¤éľÀÜ¥¢¥×¥ê¤Î¥¤¥ó¥¹¥È¡¼¥ë¤ò²Äǽ¤Ë¤¹¤ëµ¡Ç½¡£
Microsoft¤Ï¡ÖApp Installer¥Ð¡¼¥¸¥ç¥ó1.21.3421.0¡×°Ê¹ß¤Ë¤Æms-appinstaller¤ò¥Ç¥Õ¥©¥ë¥È¤Ç̵¸ú¤Ë¤·¤¿¡£¥°¥ë¡¼¥×¥Ý¥ê¥·¡¼¤Î¡ÖEnableMSAppInstallerProtocol¡×¤òÆÃÊ̤Ë͸ú²½¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢Ìµ¸ú¤Ë¤¹¤ë¤¿¤á¤ÎÄɲäÎÁàºî¤ÏɬÍפʤ¤¡£¸½ºß¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëApp Installer¤Î¥Ð¡¼¥¸¥ç¥ó¤Ï¡¢¡ÖMicrosoft addresses App Installer abuse | MSRC Blog | Microsoft Security Response Center¡×¤Î¡ÖTo address this issue¡×¤Ë¤ª¤¤¤Æ²òÀ⤷¤Æ¤¤¤ëÊýË¡¤«¤é³Îǧ¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
¡ûWeb¥¤¥ó¥¹¥È¡¼¥ëµ¡Ç½¡Öms-appinstaller¡×¤¬Ìµ¸ú¤Ë¤µ¤ì¤¿Íýͳ
½¾Íè¤Î¥¢¥×¥ê¤Ï¥¤¥ó¥¹¥È¡¼¥é¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¤«¤é¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤¿¤¬¡¢ms-appinstaller¤ò»ÈÍѤ¹¤ë¤È¥À¥¦¥ó¥í¡¼¥É¤¹¤ë¼ê½ç¤ò¾Êά¤¹¤ë¤³¤È¤¬²Äǽ¤Ë¤Ê¤ë¡£¤·¤«¤·¤Ê¤¬¤é¡¢¥À¥¦¥ó¥í¡¼¥É¤ò¾Êά¤¹¤ë¤ÈSmartScreen¤ä¥Ö¥é¥¦¥¶¤ÎÊݸµ¡Ç½¤·¤Ê¤¤¡£¤³¤ì¤ò¶¼°Ò¥¢¥¯¥¿¡¼
¤¬¥Þ¥ë¥¦¥§¥¢¤ÎÇÛÉۤ˰ÍѤ·¤¿¤È¤·¤Æ¡¢Microsoft¤Ïµ¡Ç½¤ò¥Ç¥Õ¥©¥ë¥È¤Ç̵¸ú¤Ë¤·¤¿(»²¹Í¡§¡ÖFinancially motivated threat actors misusing App Installer | Microsoft Security Blog¡×)¡£
¡ûWeb¥¤¥ó¥¹¥È¡¼¥ëµ¡Ç½¡Öms-appinstaller¡×¤ò°ÍѤ·¤Æ¤¤¤¿¶¼°Ò¥¢¥¯¥¿¡¼
Microsoft¤Ë¤è¤ë¤È2023ǯ11·î°Ê¹ß¡¢¡ÖStorm-0569¡×¡ÖStorm-1113¡×¡ÖSangria Tempest¡×¡ÖStorm-1674¡×¤Ê¤É¡¢Ê£¿ô¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤¬ms-appinstaller¤ò¥é¥ó¥µ¥à¥¦¥§¥¢³èÆ°¤Î½é´ü¥¢¥¯¥»¥¹¤Ë°ÍѤ·¤¿¤È¤¤¤¦¡£¶¼°Ò¥¢¥¯¥¿¡¼¤ÏÀµµ¬¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¤Ê¤ê¤¹¤Þ¤·¤¿°°Õ¤Î¤¢¤ëMSIX¥Ñ¥Ã¥±¡¼¥¸¤òms-appinstaller¥×¥í¥È¥³¥ë¤ò²ð¤·¤ÆÇÛÉÛ¤·¤¿¤È¤µ¤ì¤ë¡£
Malwarebytes¤Ë¤è¤ë¤È¡¢¤³¤Î¼êË¡¤òÍѤ¤¤Æ¥Þ¥ë¥¦¥§¥¢¤òÇÛÉÛ¤·¤¿¶¼°Ò¥°¥ë¡¼¥×¤Ï¤¹¤Ù¤Æ½é´ü¥¢¥¯¥»¥¹¥Ö¥í¡¼¥«¡¼(IAB: Initial Access Brokers)¤À¤Ã¤¿¤È¤¤¤¦¡£½é´ü¥¢¥¯¥»¥¹¥Ö¥í¡¼¥«¡¼¤Ï¥é¥ó¥µ¥à¥¦¥§¥¢³èÆ°¤ò¹Ô¤¦¶¼°Ò¥¢¥¯¥¿¤Ë´ë¶È¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î½é´ü¥¢¥¯¥»¥¹¤òÄ󶡤¹¤ëÀìÌç¤Î¥µ¥¤¥Ð¡¼ÈȺá¼Ô¡£¤Ê¤ª¡¢¤³¤ì¤é¥Þ¥ë¥¦¥§¥¢¤Ï¥¤¥ó¥¹¥È¡¼¥ë²èÌ̤Ëɽ¼¨¤µ¤ì¤ëȯ¹Ô¸µ(Publisher)¤¬Àµµ¬¤Î´ë¶È̾¤È°Û¤Ê¤ë¤¿¤á¡¢È¯¹Ô¸µ¤ò³Îǧ¤¹¤ë¤³¤È¤Ç¥Þ¥ë¥¦¥§¥¢¤«Èݤ«È½Ê̲Äǽ¤È¤µ¤ì¤ë¡£
¡û¥é¥ó¥µ¥à¥¦¥§¥¢¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤ÎÂкö
Malwarebytes¤Ï¤³¤Î¤è¤¦¤Ê¥é¥ó¥µ¥à¥¦¥§¥¢¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤Ë¡¢¼¡¤Î¤è¤¦¤ÊÂкö¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£
¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ËÀܤ·¤¿¥·¥¹¥Æ¥à¤òºÇ¿·¤Î¾õÂ֤˰ݻý¤¹¤ë·×²è¤òºîÀ®¤¹¤ë¡£¤Þ¤¿¡¢¥ê¥â¡¼¥È¥Ç¥¹¥¯¥È¥Ã¥×¥×¥í¥È¥³¥ë(RDP: Remote Desktop Protocol)¡¢²¾Áۥץ饤¥Ù¡¼¥È¥Í¥Ã¥È¥ï¡¼¥¯(VPN: Virtual Private Network)¤Ê¤É¤Î¥ê¥â¡¼¥È¥¢¥¯¥»¥¹¤ò̵¸ú¤Ë¤¹¤ë¤«¡¢¥»¥¥å¥ê¥Æ¥£¤ò¶¯²½¤¹¤ë
¥¨¥ó¥É¥Ý¥¤¥ó¥È¥»¥¥å¥ê¥Æ¥£¤ò¶¯²½¤¹¤ë¥»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤òƳÆþ¤¹¤ë
¥Í¥Ã¥È¥ï¡¼¥¯¤ò¥»¥°¥á¥ó¥È²½¤·¡¢ºÇ¾®¸¢¸Â¤Î¸¶Â§¤ò¼ÂÁ©¤¹¤ë¡£¤Þ¤¿¡¢¥¨¥ó¥É¥Ý¥¤¥ó¥È¸¡½Ð±þÅú(EDR: Endpoint Detection and Response)¡¢¸¡ÃΤÈÂбþ¤Î¥Þ¥Í¡¼¥¸¥É¥µ¡¼¥Ó¥¹(MDR: Managed Detection and Response)¤òƳÆþ¤·¤Æ°Û¾ï¤Ê³èÆ°¤ò¸¡½Ð¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë
¥¤¥ß¥å¡¼¥¿¥Ö¥ë¥Ð¥Ã¥¯¥¢¥Ã¥×¤òºîÀ®¤·¡¢Äê´üŪ¤ËÉü¸µ¤Ç¤¤ë¤«¤ò¥Æ¥¹¥È¤¹¤ë
¹¶·â¤ò³Îǧ¤·¤¿¾ì¹ç¤Ï±Æ¶Á¤ò¼õ¤±¤¿¥·¥¹¥Æ¥à¤ò³ÖÎ¥¤·¡¢ºÆÅ٤ι¶·â¤ò²óÈò¤¹¤ë¤¿¤á¡¢¥Þ¥ë¥¦¥§¥¢¡¢¥Ä¡¼¥ë¡¢¿¯Æþ·ÐÏ©¤ò¤¹¤Ù¤Æºï½ü¤Ç¤¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯
¡ûWeb¥¤¥ó¥¹¥È¡¼¥ëµ¡Ç½¡Öms-appinstaller¡×¤¬Ìµ¸ú¤Ë¤µ¤ì¤¿Íýͳ
½¾Íè¤Î¥¢¥×¥ê¤Ï¥¤¥ó¥¹¥È¡¼¥é¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¤«¤é¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤¿¤¬¡¢ms-appinstaller¤ò»ÈÍѤ¹¤ë¤È¥À¥¦¥ó¥í¡¼¥É¤¹¤ë¼ê½ç¤ò¾Êά¤¹¤ë¤³¤È¤¬²Äǽ¤Ë¤Ê¤ë¡£¤·¤«¤·¤Ê¤¬¤é¡¢¥À¥¦¥ó¥í¡¼¥É¤ò¾Êά¤¹¤ë¤ÈSmartScreen¤ä¥Ö¥é¥¦¥¶¤ÎÊݸµ¡Ç½¤·¤Ê¤¤¡£¤³¤ì¤ò¶¼°Ò¥¢¥¯¥¿¡¼
¤¬¥Þ¥ë¥¦¥§¥¢¤ÎÇÛÉۤ˰ÍѤ·¤¿¤È¤·¤Æ¡¢Microsoft¤Ïµ¡Ç½¤ò¥Ç¥Õ¥©¥ë¥È¤Ç̵¸ú¤Ë¤·¤¿(»²¹Í¡§¡ÖFinancially motivated threat actors misusing App Installer | Microsoft Security Blog¡×)¡£
¡ûWeb¥¤¥ó¥¹¥È¡¼¥ëµ¡Ç½¡Öms-appinstaller¡×¤ò°ÍѤ·¤Æ¤¤¤¿¶¼°Ò¥¢¥¯¥¿¡¼
Microsoft¤Ë¤è¤ë¤È2023ǯ11·î°Ê¹ß¡¢¡ÖStorm-0569¡×¡ÖStorm-1113¡×¡ÖSangria Tempest¡×¡ÖStorm-1674¡×¤Ê¤É¡¢Ê£¿ô¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤¬ms-appinstaller¤ò¥é¥ó¥µ¥à¥¦¥§¥¢³èÆ°¤Î½é´ü¥¢¥¯¥»¥¹¤Ë°ÍѤ·¤¿¤È¤¤¤¦¡£¶¼°Ò¥¢¥¯¥¿¡¼¤ÏÀµµ¬¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¤Ê¤ê¤¹¤Þ¤·¤¿°°Õ¤Î¤¢¤ëMSIX¥Ñ¥Ã¥±¡¼¥¸¤òms-appinstaller¥×¥í¥È¥³¥ë¤ò²ð¤·¤ÆÇÛÉÛ¤·¤¿¤È¤µ¤ì¤ë¡£
Malwarebytes¤Ë¤è¤ë¤È¡¢¤³¤Î¼êË¡¤òÍѤ¤¤Æ¥Þ¥ë¥¦¥§¥¢¤òÇÛÉÛ¤·¤¿¶¼°Ò¥°¥ë¡¼¥×¤Ï¤¹¤Ù¤Æ½é´ü¥¢¥¯¥»¥¹¥Ö¥í¡¼¥«¡¼(IAB: Initial Access Brokers)¤À¤Ã¤¿¤È¤¤¤¦¡£½é´ü¥¢¥¯¥»¥¹¥Ö¥í¡¼¥«¡¼¤Ï¥é¥ó¥µ¥à¥¦¥§¥¢³èÆ°¤ò¹Ô¤¦¶¼°Ò¥¢¥¯¥¿¤Ë´ë¶È¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î½é´ü¥¢¥¯¥»¥¹¤òÄ󶡤¹¤ëÀìÌç¤Î¥µ¥¤¥Ð¡¼ÈȺá¼Ô¡£¤Ê¤ª¡¢¤³¤ì¤é¥Þ¥ë¥¦¥§¥¢¤Ï¥¤¥ó¥¹¥È¡¼¥ë²èÌ̤Ëɽ¼¨¤µ¤ì¤ëȯ¹Ô¸µ(Publisher)¤¬Àµµ¬¤Î´ë¶È̾¤È°Û¤Ê¤ë¤¿¤á¡¢È¯¹Ô¸µ¤ò³Îǧ¤¹¤ë¤³¤È¤Ç¥Þ¥ë¥¦¥§¥¢¤«Èݤ«È½Ê̲Äǽ¤È¤µ¤ì¤ë¡£
¡û¥é¥ó¥µ¥à¥¦¥§¥¢¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤ÎÂкö
Malwarebytes¤Ï¤³¤Î¤è¤¦¤Ê¥é¥ó¥µ¥à¥¦¥§¥¢¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤Ë¡¢¼¡¤Î¤è¤¦¤ÊÂкö¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£
¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ËÀܤ·¤¿¥·¥¹¥Æ¥à¤òºÇ¿·¤Î¾õÂ֤˰ݻý¤¹¤ë·×²è¤òºîÀ®¤¹¤ë¡£¤Þ¤¿¡¢¥ê¥â¡¼¥È¥Ç¥¹¥¯¥È¥Ã¥×¥×¥í¥È¥³¥ë(RDP: Remote Desktop Protocol)¡¢²¾Áۥץ饤¥Ù¡¼¥È¥Í¥Ã¥È¥ï¡¼¥¯(VPN: Virtual Private Network)¤Ê¤É¤Î¥ê¥â¡¼¥È¥¢¥¯¥»¥¹¤ò̵¸ú¤Ë¤¹¤ë¤«¡¢¥»¥¥å¥ê¥Æ¥£¤ò¶¯²½¤¹¤ë
¥¨¥ó¥É¥Ý¥¤¥ó¥È¥»¥¥å¥ê¥Æ¥£¤ò¶¯²½¤¹¤ë¥»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤òƳÆþ¤¹¤ë
¥Í¥Ã¥È¥ï¡¼¥¯¤ò¥»¥°¥á¥ó¥È²½¤·¡¢ºÇ¾®¸¢¸Â¤Î¸¶Â§¤ò¼ÂÁ©¤¹¤ë¡£¤Þ¤¿¡¢¥¨¥ó¥É¥Ý¥¤¥ó¥È¸¡½Ð±þÅú(EDR: Endpoint Detection and Response)¡¢¸¡ÃΤÈÂбþ¤Î¥Þ¥Í¡¼¥¸¥É¥µ¡¼¥Ó¥¹(MDR: Managed Detection and Response)¤òƳÆþ¤·¤Æ°Û¾ï¤Ê³èÆ°¤ò¸¡½Ð¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë
¥¤¥ß¥å¡¼¥¿¥Ö¥ë¥Ð¥Ã¥¯¥¢¥Ã¥×¤òºîÀ®¤·¡¢Äê´üŪ¤ËÉü¸µ¤Ç¤¤ë¤«¤ò¥Æ¥¹¥È¤¹¤ë
¹¶·â¤ò³Îǧ¤·¤¿¾ì¹ç¤Ï±Æ¶Á¤ò¼õ¤±¤¿¥·¥¹¥Æ¥à¤ò³ÖÎ¥¤·¡¢ºÆÅ٤ι¶·â¤ò²óÈò¤¹¤ë¤¿¤á¡¢¥Þ¥ë¥¦¥§¥¢¡¢¥Ä¡¼¥ë¡¢¿¯Æþ·ÐÏ©¤ò¤¹¤Ù¤Æºï½ü¤Ç¤¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯
