ËÌÄ«Á¯¤Î¥Ï¥Ã¥«¡¼¤¬¡ÖInternet Explorer¡×¤Î¥¼¥í¥Ç¥¤ÀȼåÀ¤ò°ÍѤ·¤Æ¥Þ¥ë¥¦¥§¥¢¹¶·â¤ò»Å³Ý¤±¤ë
Internet Explorer(IE)¤Ï2022ǯ¤Ë¥µ¥Ý¡¼¥È¤¬½ªÎ»¤·¤Þ¤·¤¿¤¬¡¢¸ß´¹À¤Î¤¿¤á¤ËWindows 10¤Þ¤Ç¤ÎOS¤Ëɸ½àÅëºÜ¤µ¤ì¤Æ¤¤¤ë¤Û¤«¡¢Windows 11¤Ë¤âMicrosoft Edge¤ÎIE¥â¡¼¥É¤È¤·¤Æ¸ºß¤·Â³¤±¤Æ¤¤¤Þ¤¹¡£¤½¤ó¤ÊIE¤Î¥¼¥í¥Ç¥¤Àȼå(¤¼¤¤¤¸¤ã¤¯)À¤òÆͤ¤¤¿¹¶·â¤ò¡¢ËÌÄ«Á¯¤Î¥Ï¥Ã¥«¡¼½¸ÃĤ¬¹Ô¤Ã¤¿¤³¤È¤¬¿·¤·¤¯³Îǧ¤µ¤ì¤¿¤È¡¢´Ú¹ñ¤Î¥µ¥¤¥Ð¡¼¥»¥¥å¥ê¥Æ¥£Åö¶É¤¬È¯É½¤·¤Þ¤·¤¿¡£
https://asec.ahnlab.com/en/83877/
Malicious ads exploited Internet Explorer zero day to drop malware
https://www.bleepingcomputer.com/news/security/malicious-ads-exploited-internet-explorer-zero-day-to-drop-malware/
´Ú¹ñ¤Î¹ñ²È¥µ¥¤¥Ð¡¼°ÂÁ´¥»¥ó¥¿¡¼(NCSC)¤ÈƱ¹ñ¤Î¥»¥¥å¥ê¥Æ¥£´ë¶È¤ÎAhnLab¤Ï2024ǯ10·î16Æü¤Ë¡¢IE¤Î¥¼¥í¥Ç¥¤ÀȼåÀ¡ÖCVE-2024-38178¡×¤Ë´Ø¤¹¤ë¶¦Æ±¥ì¥Ý¡¼¥È¤òȯɽ¤·¤Þ¤·¤¿¡£
¤³¤ÎÀȼåÀ¤ò°ÍѤ·¤¿¹¶·â¤ò¹Ô¤Ã¤¿¤Î¤Ï¡¢¡ÖScarCruft¡×¡ÖRedEyes¡×¡ÖTA-RedAnt¡×¤Ê¤É¤Î̾¾Î¤Ç¤âÃΤé¤ì¤Æ¤¤¤ëËÌÄ«Á¯¤Î¥Ï¥Ã¥«¡¼½¸ÃÄ¡ÖAPT37¡×¤Ç¤¹¡£¶¦Æ±¥ì¥Ý¡¼¥È¤Ë¤è¤ë¤È¡¢APT37¤Ï¤³¤ì¤Þ¤Ç¤Ë¤â¡¢¥Ï¥Ã¥¥ó¥°Íѥ᡼¥ë¤äAndroid¥¢¥×¥êÍѤΥե¡¥¤¥ë(APK¥Õ¥¡¥¤¥ë)¤ÎÀȼåÀ¤Ê¤É¤òÍøÍѤ·¤Æ¡¢Ã¦Ë̼ԤäËÌÄ«Á¯ÌäÂê¤òÁʤ¨¤ë¿Í¸¢³èÆ°²È¤òɸŪ¤È¤·¤¿¹¶·â¤ò¹Ô¤Ã¤Æ¤¤¿¤È¤Î¤³¤È¡£
2022ǯ¤Ë¤â¡¢APT37¤¬IE¤ÎÀȼåÀ¡ÖCVE-2022-41128¡×¤ò°ÍѤ·¤¿¹¶·â¤ò¹Ô¤Ã¤Æ¤¤¤¿¤³¤È¤¬¡¢Google¤Î¶¼°ÒʬÀÏ¥°¥ë¡¼¥×(TAG)¤Ë¤è¤Ã¤ÆÆͤ»ß¤á¤é¤ì¤Æ¤¤¤Þ¤¹¡£
ËÌÄ«Á¯¤Î¥µ¥¤¥Ð¡¼ÈȺᥰ¥ë¡¼¥×¡ÖAPT37¡×¤¬Internet Explorer¤Î¥¼¥í¥Ç¥¤ÀȼåÀ¤òÆͤ¯¹¶·â¤ò¹Ô¤Ã¤Æ¤¤¤¿¤ÈȽÌÀ - GIGAZINE
º£²ó¤Î¹¶·â¤Ç¤Ï¡¢¥Õ¥ê¡¼¥½¥Õ¥È¥¦¥§¥¢¤È¤È¤â¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¡Ö¥È¡¼¥¹¥È¹¹ð¡×ÍÑ¤Î¥×¥í¥°¥é¥à¤òÂоݤȤ·¤¿¥Þ¥ë¥¦¥§¥¢¤Î¡ÖRokRAT¡×¤¬»ÈÍѤµ¤ì¤Þ¤·¤¿¡£¥È¡¼¥¹¥È¹¹ð¤È¤Ï¡¢²èÌ̤β¼Éô¤ä±¦²¼¤Ê¤É¤Ëɽ¼¨¤µ¤ì¤ë¥Ý¥Ã¥×¥¢¥Ã¥×·Á¼°¤Î¹¹ð¤Î¤³¤È¡£¥¯¥ê¥Ã¥¯¤·¤Ê¤¯¤Æ¤â¡¢¹¹ð¤¬É½¼¨¤µ¤ì¤ë¤³¤È¤Ç¥Þ¥ë¥¦¥§¥¢¤Ë´¶À÷¤·¤Æ¤·¤Þ¤¦¤¿¤á¡¢¤³¤Î¹¶·â¤Ï¥¼¥í¥¯¥ê¥Ã¥¯¹¶·â¤ËʬÎव¤ì¤Þ¤¹¡£
¼ç¤Ê¼ê¸ý¤Ï¼¡¤ÎÄ̤ꡣAPT37¤Ï¤Þ¤º´Ú¹ñ¹ñÆâ¤Î¹¹ðÂåÍýŹ¤Î¥µ¡¼¥Ð¡¼¤Ë¿¯Æþ¤·¡¢´Ú¹ñ¿Í¤¬¹¤¯ÍøÍѤ·¤Æ¤¤¤ë¥Õ¥ê¡¼¥½¥Õ¥È¤Î¥È¡¼¥¹¥È¹¹ð¥×¥í¥°¥é¥à¤ËºÙ¹©¤ò¹Ô¤¤¤Þ¤·¤¿¡£
ÌäÂê¤Î¹¹ð¤Ë¤Ï¡¢°°Õ¤¢¤ëiframeÍ×ÁǤ¬´Þ¤Þ¤ì¤Æ¤ª¤ê¡¢¤½¤ì¤¬IE¤Ë¤è¤Ã¤Æ¥ì¥ó¥À¥ê¥ó¥°¤µ¤ì¤ë¤È¡¢¡Öad_toast¡×¤È¤¤¤¦JavaScript¥Õ¥¡¥¤¥ë¤¬IE¤ÎJavaScript¥¨¥ó¥¸¥ó¤Ç¤¢¤ë¡ÖJScript9.dll¡×¤ÎÀȼåÀ¤ò²ð¤·¤Æ¥ê¥â¡¼¥È¥³¡¼¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£
¤½¤Î¸åRokRAT¤Ï¡¢´¶À÷¤·¤¿Ã¼Ëö¤Ë¤¢¤ë¡Ö.xls¡×¤ä¡Ö.doc¡×¤ä¡Ö.txt¡×¤Ê¤É20¼ïÎà¤Î³ÈÄ¥»Ò¤Î¥Õ¥¡¥¤¥ë¤òYandex¥¯¥é¥¦¥É¥¤¥ó¥¹¥¿¥ó¥¹¤Ëή½Ð¤µ¤»¤¿¤ê¡¢¥¡¼¥í¥®¥ó¥°¤ä¥¯¥ê¥Ã¥×¥Ü¡¼¥É¤Î´Æ»ë¡¢¥¹¥¯¥ê¡¼¥ó¥·¥ç¥Ã¥È¤Î¥¥ã¥×¥Á¥ã¤Ê¤É¤ò¹Ô¤Ã¤¿¤ê¤·¤Æ¥Ç¡¼¥¿¤òÅð¤ß¼è¤ê¤Þ¤¹¡£
NCSC¤ÈAhnLab¤ÎÄÌÊó¤ò¼õ¤±¤Æ¡¢Microsoft¤Ï2024ǯ8·î¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤ÇCVE-2024-38178¤ò½¤Àµ¤·¤Æ¤¤¤Þ¤¹¡£¤¿¤À¤·¡¢Microsoft¤¬Windows¤Î½¤Àµ¤ò¹Ô¤Ã¤Æ¤â¡¢¥Þ¥ë¥¦¥§¥¢¤ÎľÀÜŪ¤Ê´¶À÷·ÐÏ©¤È¤Ê¤Ã¤¿¥Õ¥ê¡¼¥½¥Õ¥È¤Ï¤Þ¤À½¤Àµ¤µ¤ì¤Æ¤¤¤Ê¤¤²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
¤³¤Î°ì·ï¤ò¼è¤ê¾å¤²¤¿IT·Ï¥Ë¥å¡¼¥¹¥µ¥¤¥È¤ÎBleepingComputer¤Ï¡ÖMicrosoft¤Ï8·î¤ËIE¤Î·ç´Ù¤ò½¤Àµ¤·¤Þ¤·¤¿¤¬¡¢¸Å¤¤IE¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ò»È¤Ã¤Æ¤¤¤ë¥Ä¡¼¥ë¤Ë¤¿¤À¤Á¤ËŬÍѤµ¤ì¤ëÊݾڤϤ¢¤ê¤Þ¤»¤ó¡£¤½¤Î¤¿¤á¡¢¸Å¤¤IE¥³¥ó¥Ý¡¼¥Í¥ó¥È¤ò»È¤Ã¤Æ¤¤¤ë¥Õ¥ê¡¼¥½¥Õ¥È¤Ï¡¢°ú¤Â³¤¥æ¡¼¥¶¡¼¤ò´í¸±¤Ë¤µ¤é¤·¤Æ¤·¤Þ¤¤¤Þ¤¹¡×¤È»ØŦ¤·¤Þ¤·¤¿¡£
BleepingComputer¤Ï¡¢ÌäÂê¤Î¥Õ¥ê¡¼¥½¥Õ¥È¤Î¶ñÂÎŪ¤Ê̾¾Î¤Ë¤Ä¤¤¤ÆAhnLab¤ËÌ䤤¹ç¤ï¤»¤ò¹Ô¤Ã¤Æ¤ª¤ê¡¢¾ÜºÙ¤¬È½ÌÀ¤·¼¡Âè³Êó¤òÊ󤸤ëͽÄê¤È¤·¤Æ¤¤¤Þ¤¹¡£