PHP¤Î¶ÛµÞÀȼåÀ¤¬ÁÀ¤ï¤ì¤ë¡¢Âç³Ø¤Ë̤ÃΤΥХ寥ɥ¢
Symantec¤Ï8·î20Æü(Êƹñ»þ´Ö)¡¢¡ÖNew Backdoor Targeting Taiwan Employs Stealthy Communications¡ÃSymantec Enterprise Blogs¡×¤Ë¤ª¤¤¤Æ¡¢6·î¤Ëȯ¸«¤µ¤ì¤¿PHP¤Î¶ÛµÞ¤ÎÀȼåÀ¤¬°ÍѤµ¤ì¡¢ÂæÏѤÎÂç³Ø¤Ë¿·¤·¤¤¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿¤ÈÊ󤸤¿¡£°ÍѤµ¤ì¤¿ÀȼåÀ¤Ï¡ÖCVE-2024-4577¡×¤È¤·¤ÆÄÉÀפµ¤ì¤Æ¤¤¤ë¤â¤Î¤Ç¡¢¾ÜºÙ¤Ï¡ÖWindows¤ÎPHP¥µ¡¼¥Ð¡¼¤Ë¶ÛµÞ¤ÎÀȼåÀ¡¢³Îǧ¤È¥¢¥Ã¥×¥Ç¡¼¥È¤ò | TECH+¡Ê¥Æ¥Ã¥¯¥×¥é¥¹¡Ë¡×¤Ë¤ÆÊ󤸤Ƥ¤¤ë¡£
New Backdoor Targeting Taiwan Employs Stealthy Communications¡ÃSymantec Enterprise Blogs
¡û¿¯³²·ÐÏ©
Symantec¤ÎÄ´ºº¤Ë¤è¤ë¤È¡¢½é´ü¤Î´¶À÷·ÐÏ©¤ÏÀȼåÀ¡ÖCVE-2024-4577¡×¤ò°ÍѤ·¤¿¥ê¥â¡¼¥È¥³¡¼¥É¼Â¹Ô(RCE: Remote Code Execution)¤Î²ÄǽÀ¤¬¹â¤¤¤È¤¤¤¦¡£ÀȼåÀ¤Î°ÍѤòÆÃÄê¤Ç¤¤ë¾Úµò¤Ï³Îǧ¤Ç¤¤Æ¤¤¤Ê¤¤¤¬¡¢Ê£¿ô¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤¬¤³¤³¿ô½µ´Ö¡¢Àȼå¤Ê¥·¥¹¥Æ¥à¤ò¥¹¥¥ã¥ó¤·¤Æ¤¤¤¿¤³¤È¤ò³Îǧ¤·¤¿¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£
¡û¿·¤·¤¤¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×
ȯ¸«¤µ¤ì¤¿¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×¤Ï¿·¤·¤¤¥Þ¥ë¥¦¥§¥¢¤È¤µ¤ì¤ë¡£¤³¤Î¥Ð¥Ã¥¯¥É¥¢¤«¤é¤Ï¥³¥Þ¥ó¥É¡õ¥³¥ó¥È¥í¡¼¥ë(C2: Command and Control)¥µ¡¼¥Ð¤È¤ÎÄÌ¿®¤ËDNS¥È¥é¥Õ¥£¥Ã¥¯¤ò»ÈÍѤ¹¤ëÄÁ¤·¤¤µ¡Ç½¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£
Symantec¤ÎÄ´ºº¤Ë¤è¤ë¤È¡¢¿¯³²¤µ¤ì¤¿Windows´Ä¶¤Ë¤Ï¼¡¤Î¥Õ¥¡¥¤¥ë¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤È¤¤¤¦¡£
csidl_drive_fixed\xampp\wuplog.dll
csidl_system\wbem\wmiclnt.dll
¤¤¤º¤ì¤âMsupedgeËÜÂΤȤµ¤ì¡¢¤¤¤º¤ì¤«¤¬¥í¡¼¥É¤µ¤ì¤ë¤³¤È¤Çµ¡Ç½¤¹¤ë¡£wuplog.dll¤ÏApache¤Ë¤è¤ê¥í¡¼¥É¤µ¤ì¤ë¤¬¡¢wmiclnt.dll¤ò¥í¡¼¥É¤¹¤ë¥×¥í¥»¥¹¤ÏÌÀ¤é¤«¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£
Symantec¤ÎʬÀϤˤè¤êȽÌÀ¤·¤¿¥Ð¥Ã¥¯¥É¥¢¤Îµ¡Ç½¤Ï¼¡¤Î¤È¤ª¤ê¡£
Ǥ°Õ¥³¥Þ¥ó¥É¤Î¼Â¹Ô
¥Õ¥¡¥¤¥ë¤Î¥À¥¦¥ó¥í¡¼¥É
¥Õ¥¡¥¤¥ë¡Ö%temp%\1e5bf625-1678-zzcv-90b1-199aa47c345.tmp¡×¤ÎºîÀ®¤ª¤è¤Óºï½ü
¡ûÂкö
PHP¤ÎÀȼåÀ¤Ï¤¹¤Ç¤Ë½¤Àµ¤µ¤ì¤Æ¤¤¤ë¡£±Æ¶Á¤ò¼õ¤±¤ë¥Ð¡¼¥¸¥ç¥ó¤ÎPHP¤ª¤è¤ÓWindows¥·¥¹¥Æ¥à¤ò±¿ÍѤ·¤Æ¤¤¤ë´ÉÍý¼Ô¤Ï¡¢Â®¤ä¤«¤Ê¥¢¥Ã¥×¥Ç¡¼¥È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¥¢¥Ã¥×¥Ç¡¼¥È¤¬º¤Æñ¤Ê¾ì¹ç¤ÏApache¤ÎÀßÄê¤òÊѹ¹¤¹¤ë¤³¤È¤Ç±Æ¶Á¤ò°ì»þŪ¤Ë·Ú¸º¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
¡û¿¯³²·ÐÏ©
Symantec¤ÎÄ´ºº¤Ë¤è¤ë¤È¡¢½é´ü¤Î´¶À÷·ÐÏ©¤ÏÀȼåÀ¡ÖCVE-2024-4577¡×¤ò°ÍѤ·¤¿¥ê¥â¡¼¥È¥³¡¼¥É¼Â¹Ô(RCE: Remote Code Execution)¤Î²ÄǽÀ¤¬¹â¤¤¤È¤¤¤¦¡£ÀȼåÀ¤Î°ÍѤòÆÃÄê¤Ç¤¤ë¾Úµò¤Ï³Îǧ¤Ç¤¤Æ¤¤¤Ê¤¤¤¬¡¢Ê£¿ô¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤¬¤³¤³¿ô½µ´Ö¡¢Àȼå¤Ê¥·¥¹¥Æ¥à¤ò¥¹¥¥ã¥ó¤·¤Æ¤¤¤¿¤³¤È¤ò³Îǧ¤·¤¿¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£
¡û¿·¤·¤¤¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×
ȯ¸«¤µ¤ì¤¿¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×¤Ï¿·¤·¤¤¥Þ¥ë¥¦¥§¥¢¤È¤µ¤ì¤ë¡£¤³¤Î¥Ð¥Ã¥¯¥É¥¢¤«¤é¤Ï¥³¥Þ¥ó¥É¡õ¥³¥ó¥È¥í¡¼¥ë(C2: Command and Control)¥µ¡¼¥Ð¤È¤ÎÄÌ¿®¤ËDNS¥È¥é¥Õ¥£¥Ã¥¯¤ò»ÈÍѤ¹¤ëÄÁ¤·¤¤µ¡Ç½¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£
Symantec¤ÎÄ´ºº¤Ë¤è¤ë¤È¡¢¿¯³²¤µ¤ì¤¿Windows´Ä¶¤Ë¤Ï¼¡¤Î¥Õ¥¡¥¤¥ë¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤È¤¤¤¦¡£
csidl_drive_fixed\xampp\wuplog.dll
csidl_system\wbem\wmiclnt.dll
¤¤¤º¤ì¤âMsupedgeËÜÂΤȤµ¤ì¡¢¤¤¤º¤ì¤«¤¬¥í¡¼¥É¤µ¤ì¤ë¤³¤È¤Çµ¡Ç½¤¹¤ë¡£wuplog.dll¤ÏApache¤Ë¤è¤ê¥í¡¼¥É¤µ¤ì¤ë¤¬¡¢wmiclnt.dll¤ò¥í¡¼¥É¤¹¤ë¥×¥í¥»¥¹¤ÏÌÀ¤é¤«¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£
Symantec¤ÎʬÀϤˤè¤êȽÌÀ¤·¤¿¥Ð¥Ã¥¯¥É¥¢¤Îµ¡Ç½¤Ï¼¡¤Î¤È¤ª¤ê¡£
Ǥ°Õ¥³¥Þ¥ó¥É¤Î¼Â¹Ô
¥Õ¥¡¥¤¥ë¤Î¥À¥¦¥ó¥í¡¼¥É
¥Õ¥¡¥¤¥ë¡Ö%temp%\1e5bf625-1678-zzcv-90b1-199aa47c345.tmp¡×¤ÎºîÀ®¤ª¤è¤Óºï½ü
¡ûÂкö
PHP¤ÎÀȼåÀ¤Ï¤¹¤Ç¤Ë½¤Àµ¤µ¤ì¤Æ¤¤¤ë¡£±Æ¶Á¤ò¼õ¤±¤ë¥Ð¡¼¥¸¥ç¥ó¤ÎPHP¤ª¤è¤ÓWindows¥·¥¹¥Æ¥à¤ò±¿ÍѤ·¤Æ¤¤¤ë´ÉÍý¼Ô¤Ï¡¢Â®¤ä¤«¤Ê¥¢¥Ã¥×¥Ç¡¼¥È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¥¢¥Ã¥×¥Ç¡¼¥È¤¬º¤Æñ¤Ê¾ì¹ç¤ÏApache¤ÎÀßÄê¤òÊѹ¹¤¹¤ë¤³¤È¤Ç±Æ¶Á¤ò°ì»þŪ¤Ë·Ú¸º¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£