Symantec¤Ï8·î20Æü(Êƹñ»þ´Ö)¡¢¡ÖNew Backdoor Targeting Taiwan Employs Stealthy Communications¡ÃSymantec Enterprise Blogs¡×¤Ë¤ª¤¤¤Æ¡¢6·î¤Ëȯ¸«¤µ¤ì¤¿PHP¤Î¶ÛµÞ¤ÎÀȼåÀ­¤¬°­ÍѤµ¤ì¡¢ÂæÏѤÎÂç³Ø¤Ë¿·¤·¤¤¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿¤ÈÊ󤸤¿¡£°­ÍѤµ¤ì¤¿ÀȼåÀ­¤Ï¡ÖCVE-2024-4577¡×¤È¤·¤ÆÄÉÀפµ¤ì¤Æ¤¤¤ë¤â¤Î¤Ç¡¢¾ÜºÙ¤Ï¡ÖWindows¤ÎPHP¥µ¡¼¥Ð¡¼¤Ë¶ÛµÞ¤ÎÀȼåÀ­¡¢³Îǧ¤È¥¢¥Ã¥×¥Ç¡¼¥È¤ò | TECH+¡Ê¥Æ¥Ã¥¯¥×¥é¥¹¡Ë¡×¤Ë¤ÆÊ󤸤Ƥ¤¤ë¡£

New Backdoor Targeting Taiwan Employs Stealthy Communications¡ÃSymantec Enterprise Blogs

¡û¿¯³²·ÐÏ©

Symantec¤ÎÄ´ºº¤Ë¤è¤ë¤È¡¢½é´ü¤Î´¶À÷·ÐÏ©¤ÏÀȼåÀ­¡ÖCVE-2024-4577¡×¤ò°­ÍѤ·¤¿¥ê¥â¡¼¥È¥³¡¼¥É¼Â¹Ô(RCE: Remote Code Execution)¤Î²ÄǽÀ­¤¬¹â¤¤¤È¤¤¤¦¡£ÀȼåÀ­¤Î°­ÍѤòÆÃÄê¤Ç¤­¤ë¾Úµò¤Ï³Îǧ¤Ç¤­¤Æ¤¤¤Ê¤¤¤¬¡¢Ê£¿ô¤Î¶¼°Ò¥¢¥¯¥¿¡¼¤¬¤³¤³¿ô½µ´Ö¡¢Àȼå¤Ê¥·¥¹¥Æ¥à¤ò¥¹¥­¥ã¥ó¤·¤Æ¤¤¤¿¤³¤È¤ò³Îǧ¤·¤¿¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£

¡û¿·¤·¤¤¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×

ȯ¸«¤µ¤ì¤¿¥Ð¥Ã¥¯¥É¥¢¡ÖMsupedge¡×¤Ï¿·¤·¤¤¥Þ¥ë¥¦¥§¥¢¤È¤µ¤ì¤ë¡£¤³¤Î¥Ð¥Ã¥¯¥É¥¢¤«¤é¤Ï¥³¥Þ¥ó¥É¡õ¥³¥ó¥È¥í¡¼¥ë(C2: Command and Control)¥µ¡¼¥Ð¤È¤ÎÄÌ¿®¤ËDNS¥È¥é¥Õ¥£¥Ã¥¯¤ò»ÈÍѤ¹¤ëÄÁ¤·¤¤µ¡Ç½¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£

Symantec¤ÎÄ´ºº¤Ë¤è¤ë¤È¡¢¿¯³²¤µ¤ì¤¿Windows´Ä¶­¤Ë¤Ï¼¡¤Î¥Õ¥¡¥¤¥ë¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤È¤¤¤¦¡£

csidl_drive_fixed\xampp\wuplog.dll

csidl_system\wbem\wmiclnt.dll

¤¤¤º¤ì¤âMsupedgeËÜÂΤȤµ¤ì¡¢¤¤¤º¤ì¤«¤¬¥í¡¼¥É¤µ¤ì¤ë¤³¤È¤Çµ¡Ç½¤¹¤ë¡£wuplog.dll¤ÏApache¤Ë¤è¤ê¥í¡¼¥É¤µ¤ì¤ë¤¬¡¢wmiclnt.dll¤ò¥í¡¼¥É¤¹¤ë¥×¥í¥»¥¹¤ÏÌÀ¤é¤«¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£

Symantec¤ÎʬÀϤˤè¤êȽÌÀ¤·¤¿¥Ð¥Ã¥¯¥É¥¢¤Îµ¡Ç½¤Ï¼¡¤Î¤È¤ª¤ê¡£

Ǥ°Õ¥³¥Þ¥ó¥É¤Î¼Â¹Ô

¥Õ¥¡¥¤¥ë¤Î¥À¥¦¥ó¥í¡¼¥É

¥Õ¥¡¥¤¥ë¡Ö%temp%\1e5bf625-1678-zzcv-90b1-199aa47c345.tmp¡×¤ÎºîÀ®¤ª¤è¤Óºï½ü

¡ûÂкö

PHP¤ÎÀȼåÀ­¤Ï¤¹¤Ç¤Ë½¤Àµ¤µ¤ì¤Æ¤¤¤ë¡£±Æ¶Á¤ò¼õ¤±¤ë¥Ð¡¼¥¸¥ç¥ó¤ÎPHP¤ª¤è¤ÓWindows¥·¥¹¥Æ¥à¤ò±¿ÍѤ·¤Æ¤¤¤ë´ÉÍý¼Ô¤Ï¡¢Â®¤ä¤«¤Ê¥¢¥Ã¥×¥Ç¡¼¥È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¥¢¥Ã¥×¥Ç¡¼¥È¤¬º¤Æñ¤Ê¾ì¹ç¤ÏApache¤ÎÀßÄê¤òÊѹ¹¤¹¤ë¤³¤È¤Ç±Æ¶Á¤ò°ì»þŪ¤Ë·Ú¸º¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¡£