Rapid7¤Ï¤³¤Î¤Û¤É¡¢¡ÖThe Updated APT Playbook: Tales from the Kimsuky threat actor group ¡ÃRapid7 Blog¡×¤Ë¤ª¤¤¤Æ¡¢ËÌÄ«Á¯¤¬´ØÍ¿¤·¤Æ¤¤¤ë¤È¤ß¤é¤ì¤ë¶¼°Ò¥°¥ë¡¼¥×¡ÖKimsuky(ÊÌ̾¡§Black Banshee¡¢Thalium)¡×¤Î³èÆ°¤ò´Ñ»¡¤·¤¿¤È¤·¤Æ¡¢¤½¤Î¿·¤¿¤Ê¹¶·â¼êË¡¤ò²òÀ⤷¤¿¡£

The Updated APT Playbook: Tales from the Kimsuky threat actor group ¡ÃRapid7 Blog

¡û¡ÖKimsuky¡×¤Î¿·¤¿¤Ê¹¶·â¼êË¡¤Î³µÍ×

Kimsuky¤ÎɸŪ¤Ï¼ç¤Ë´Ú¹ñÀ¯ÉÜ¡¢Ä«Á¯È¾ÅçÅý°ì¤Ë´Ø¤ï¤ë¸Ä¿Í¡¢´Ú¹ñÀ¯ÉܤÎÍø±×¤Ë´ØÏ¢¤¹¤ëÀìÌç²È¤È¤µ¤ì¤ë¤¬¡¢¶áǯ¤ÏÆüËܤä¥Ù¥È¥Ê¥à¤Ê¤É¡¢¥¢¥¸¥¢ÂÀÊ¿ÍÎÃÏ°è¤Ë¤â¹¶·âÈϰϤò³ÈÂ礷¤Æ¤¤¤ë¤È¤ß¤é¤ì¤Æ¤¤¤ë¡£¤³¤Î¶¼°Ò¥°¥ë¡¼¥×¤Ï¤³¤ì¤Þ¤Ç¤ËOffice¥É¥­¥å¥á¥ó¥È¡¢ISO¥Õ¥¡¥¤¥ë¡¢¥·¥ç¡¼¥È¥«¥Ã¥È¥Õ¥¡¥¤¥ë(LNK¥Õ¥¡¥¤¥ë)¤ò°­ÍѤ·¤¿¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£

º£²ó³Îǧ¤µ¤ì¤¿¥µ¥¤¥Ð¡¼¹¶·â¤Ç¤Ï¡¢ISO¡¢VHD¡¢ZIP¡¢RAR¤Ê¤É¤Î¥Õ¥¡¥¤¥ë·Á¼°¤Ë´Þ¤Þ¤ì¤ë¥³¥ó¥Ñ¥¤¥ëºÑ¤ßHTML¥Ø¥ë¥×¥Õ¥¡¥¤¥ë(Microsoft Compiled HTML Help)¤Î°­ÍѤ¬´Ñ»¡¤µ¤ì¤¿¡£¥³¥ó¥Ñ¥¤¥ëºÑ¤ßHTML¥Ø¥ë¥×¥Õ¥¡¥¤¥ë(°Ê²¼¡¢CHM¥Õ¥¡¥¤¥ë¤È¸Æ¾Î)¤Ï³ÈÄ¥»Ò¡ÖCHM¡×¤Î¥Õ¥¡¥¤¥ë¤Ç¡¢¸Å¤¯¤«¤éWindows¤Î¥Ø¥ë¥×¥Õ¥¡¥¤¥ë¤Ë»ÈÍѤµ¤ì¤Æ¤¤¤ë¡£¤³¤Î¹¶·â¼êË¡¤ÎÊѹ¹¤Ï¥»¥­¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤Î¸¡½Ð¤ò²óÈò¤¹¤ëÌÜŪ¤¬¤¢¤ë¤È¿ä¬¤µ¤ì¤Æ¤¤¤ë¡£

CHM¥Õ¥¡¥¤¥ë¤ÏJavaScript¤òÆâÊñ¤Ç¤­¤ë¤¿¤á¡¢¥Þ¥ë¥¦¥§¥¢¤ÎÇÛÉۤʤɤ˰­ÍѤµ¤ì¤ë¤³¤È¤¬¤¢¤ë¡£º£²ó³Îǧ¤µ¤ì¤¿CHM¥Õ¥¡¥¤¥ë¤«¤é¤â°­°Õ¤Î¤¢¤ëJavaScript¤¬³Îǧ¤µ¤ì¤Æ¤ª¤ê¡¢¥Õ¥¡¥¤¥ë¤ò³«¤¯¤ÈÆñÆɲ½¤µ¤ì¤¿VB¥¹¥¯¥ê¥×¥È¤òŸ³«¡¢Êݸ¤·¡¢VB¥¹¥¯¥ê¥×¥È¤ò¥í¥°¥¤¥ó»þ¤Î¼«Æ°µ¯Æ°¥³¥Þ¥ó¥É¤È¤·¤ÆÅÐÏ¿¤¹¤ë¡£VB¥¹¥¯¥ê¥×¥È¤Ï¥·¥¹¥Æ¥à¾ðÊó¡¢Word¥Õ¥¡¥¤¥ë¡¢ÆÃÄê¥Õ¥©¥ë¥À¤Î¥Õ¥¡¥¤¥ë°ìÍ÷¤òÀà¼è¤¹¤ëµ¡Ç½¤ò»ý¤Ä¡£

Kimsuky¤Î¿·¤·¤¤¹¶·â¼êË¡¤ÎÎã¡¡°úÍÑ¡§Rapid7

¡ûÂкö

Rapid7¤ÏÄ´ººÃæ¤ËÊ£¿ô¤ÎCHM¥Õ¥¡¥¤¥ë¤òȯ¸«¤·¡¢¾åµ­°Ê³°¤Î¹¶·â¤â³Îǧ¤·¤Æ¤¤¤ë¡£¤³¤ì¤éCHM¥Õ¥¡¥¤¥ë¤Ï2023ǯ¤«¤é2024ǯ¸½ºß¤Ë»ê¤ë¤Þ¤Ç²þÎɤ¬Â³¤±¤é¤ì¤Æ¤ª¤ê¡¢¸½ºß¤â¹¶·â¤¬¿Ê¹ÔÃæ¤È¿ä¬¤µ¤ì¤Æ¤¤¤ë¡£

Rapid7¤Ï¤³¤Î¤è¤¦¤Ê¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤Ë¡¢¸¡ÃΤÈÂбþ¤Î¥Þ¥Í¡¼¥¸¥É¥µ¡¼¥Ó¥¹(MDR: Managed Detection and Response)¤Ê¤É¤Î¹âÅ٤ʥ»¥­¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤ÎƳÆþ¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Ä´ºº¤Î²áÄø¤ÇȽÌÀ¤·¤¿¥»¥­¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿¡¼(IoC: Indicator of Compromise)¤ò¡ÖRapid7-Labs/IOCs/Kimsuky_IOCs.txt at main · rapid7/Rapid7-Labs · GitHub¡×¤Ë¤Æ¸ø³«¤·¤Æ¤ª¤ê¡¢É¬Íפ˱þ¤¸¤Æ³èÍѤ¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£