{"id":2533,"date":"2023-03-08T11:32:23","date_gmt":"2023-03-08T02:32:23","guid":{"rendered":"https:\/\/techtalk.pcmatic.jp\/?p=2533"},"modified":"2023-03-08T11:35:32","modified_gmt":"2023-03-08T02:35:32","slug":"emotet%e3%81%ae%e6%96%b0%e3%81%97%e3%81%84%e4%ba%9c%e7%a8%ae%e3%82%92%e5%ae%88%e3%82%8c%e3%81%a6%e3%81%84%e3%82%8b%e5%be%93%e6%9d%a5%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%82%bd","status":"publish","type":"post","link":"https:\/\/techtalk.pcmatic.jp\/?p=2533","title":{"rendered":"EMOTET\u306e\u65b0\u3057\u3044\u4e9c\u7a2e\u3092\u5b88\u308c\u3066\u3044\u308b\u5f93\u6765\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30bd\u30d5\u30c8\u306f\u3001\u307b\u307c\u306a\u3044"},"content":{"rendered":"\n

EMOTET\u306e\u65b0\u3057\u3044\u4e9c\u7a2e\u304c2023\u5e743\u67087\u65e5\u306b\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002\u6614\u304b\u3089\u3088\u304f\u3042\u308bWord\u3084Excel\u5f62\u5f0f\u306e\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u3092\u542b\u3080\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u4ecb\u3057\u3066\u914d\u5e03\u3055\u308c\u308b\u60aa\u540d\u9ad8\u3044\u30de\u30eb\u30a6\u30a7\u30a2\u3067\u3059\u3002<\/p>\n\n\n\n

\u5229\u7528\u8005\u304c\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u304f\u3068\u30de\u30af\u30ed\u306b\u3088\u3063\u3066\u6587\u66f8\u30d5\u30a1\u30a4\u30eb\u5185\u306b\u542b\u307e\u308c\u308b\u60aa\u610f\u3042\u308bEmotet\u306edll\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3055\u308c\u5b9f\u884c\u3055\u308c\u308b\u4ed5\u7d44\u307f\u3067\u3059\u3002
EMOTET\u306f\u5b9f\u884c\u3055\u308c\u308b\u3068\u7aef\u672b\u5185\u306e\u30e1\u30fc\u30e9\u30fc\u304b\u3089\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u53ce\u96c6\u3084\u3001\u60aa\u540d\u9ad8\u3044 Cobalt Strike \u306a\u3069\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3001\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306a\u3069\u3082\u542b\u3080\u4eca\u5f8c\u306e\u69d8\u3005\u306a\u88ab\u5bb3\u3092\u611f\u67d3\u7aef\u672b\u306b\u3082\u305f\u3089\u3057\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n

\u30de\u30af\u30ed\u304c\u5b9f\u884c\u3055\u308c\u308b\u3068\u3001 EMOTET\u306edll\u3067\u3042\u308bbznqoUd.dll\u3092Windows\u5185\u90e8\u30b3\u30de\u30f3\u30c9\u3067\u3042\u308b\u300cregsvr32.exe\u300d\u3092\u7528\u3044\u3066\u300cregsvr32.exe \/s bznqoUd.dll\u300d\u7b49\u306e\u5f62\u3067\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9\u5b9f\u884c\u3057\u307e\u3059\u3002rundll32.exe\u3092\u7528\u3044\u308b\u3053\u3068\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n

\u73fe\u5728\u3001Microsoft 365\u306a\u3069\u30b5\u30dd\u30fc\u30c8\u5bfe\u8c61Microsoft Office\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3088\u308a\u3001\u30de\u30af\u30ed\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u7121\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u305f\u3081\u8b66\u544a\u304c\u8868\u793a\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u958b\u3044\u305f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u306f\u300c\u30de\u30af\u30ed\u3092\u6709\u52b9\u5316\u3059\u308b\u3088\u3046\u306b\u4fc3\u3059\u6587\u66f8\u300d\u306a\u3069\u304c\u8868\u793a\u3055\u308c\u308b\u305f\u3081\u3001\u305d\u306e\u307e\u307e\u6709\u52b9\u5316\u3057\u3066\u3057\u307e\u3046\u4eba\u3082\u3044\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002<\/p>\n\n\n\n

\u73fe\u6642\u70b9\u3067VirusTotal<\/a>\u3067\u3072\u3068\u3064\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a8\u30f3\u30b8\u30f3\u3067\u3057\u304bEMOTET\u3092\u30de\u30eb\u30a6\u30a7\u30a2\u3068\u3057\u3066\u691c\u77e5\u3067\u304d\u3066\u3044\u306a\u3044\u3068 bleepingComputer \u3067\u306f\u8a18\u4e8b\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n

\u3057\u304b\u3057\u3001EMOTET\u306fMITRE ATT&CK\u3067\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u653b\u6483\u624b\u6cd5\u3092\u8907\u6570\u7d44\u307f\u5408\u308f\u305b\u3066\u9ad8\u5ea6\u306b\u4f5c\u6210\u3055\u308c\u305f\u9ad8\u5ea6\u306a\u30de\u30eb\u30a6\u30a7\u30a2\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u30de\u30eb\u30a6\u30a7\u30a2\u3068\u3057\u3066\u306f\u4e2d\u7a0b\u5ea6\u306a\u30c6\u30af\u30cb\u30c3\u30af\u3067\u4f5c\u6210\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u6628\u4eca\u3067\u306f\u3001\u8c4a\u5bcc\u306a\u8cc7\u91d1\u529b\u3092\u3082\u3064\u7d44\u7e54\u304c\u8907\u6570\u306e\u653b\u6483\u624b\u6cd5\u3092\u7d44\u307f\u5408\u308f\u305b\u3066\u691c\u51fa\u304a\u3088\u3073\u5bfe\u5fdc\u3057\u3065\u3089\u3044\u3082\u306e\u3092\u9ad8\u901f\u306bPDCA\u3092\u884c\u3044\u306a\u304c\u3089\u4f5c\u6210\u3057\u3066\u304a\u308a\u3001\u5175\u5668\u5316\u3057\u305f\u9ad8\u5ea6\u306a\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u7528\u30de\u30eb\u30a6\u30a7\u30a2\u304c\u4eca\u5f8c\u5897\u52a0\u3057\u3066\u304f\u308b\u3082\u306e\u3068\u63a8\u6e2c\u3055\u308c\u307e\u3059\u3002AI\u30ec\u30d4\u30e5\u30c6\u30fc\u30b7\u30e7\u30f3\u65b9\u5f0f\u3092\u542b\u3080\u5f93\u6765\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u4fdd\u8b77\u88fd\u54c1\u304c\u5b88\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u306e\u3067\u3057\u3087\u3046\u304b\u3002<\/p>\n\n\n\n

PC Matic\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4fdd\u8b77\u65b9\u5f0f\u304c\u7570\u306a\u308b\u305f\u3081VirusTotal\u306b\u306f\u53c2\u52a0\u3057\u3066\u3044\u307e\u305b\u3093\u304c\u3001\u30d0\u30a4\u30ca\u30ea\u30fc\u5f62\u5f0f\u3068\u30b9\u30af\u30ea\u30d7\u30c8\u5f62\u5f0f\u306e\u4e21\u65b9\u3092AI\u76e3\u67fb\u5f8c\u306b\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u5206\u6790\u5b98\u306b\u3088\u3063\u3066\u6700\u7d42\u7684\u306b\u5b89\u5168\u3067\u3042\u308b\u3068\u78ba\u8a8d\u3055\u308c\u308b\u307e\u3067\u5b9f\u884c\u304c\u4fdd\u7559\u3055\u308c\u308bNIST SP800-167\u3067\u898f\u5b9a\u3055\u308c\u305f\u300c\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30fb\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u65b9\u5f0f\u300d\u3092\u63a1\u7528\u3057\u3066\u304a\u308a\u3001\u300cregsvr32.exe \/s bznqoUd.dll\u300d\u3068\u3044\u305f\u5b9f\u884c\u306f\u30b9\u30af\u30ea\u30d7\u30c8\u5f62\u5f0f\u306b\u3088\u3063\u3066\u30c7\u30d5\u30a9\u30eb\u30c8\u62d2\u5426\u3067\u5b9f\u884c\u304c\u62d2\u7d76\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n

\u3055\u3089\u306bPC Matic\u3067\u306f\u3001Office\u5c02\u7528\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u30a8\u30f3\u30b8\u30f3\u3092\u5225\u9014\u88c5\u5099\u3057\u3066\u304a\u308a\u3001\u3053\u306e\u30a8\u30f3\u30b8\u30f3\u304c\u6587\u66f8\u5185\u306b\u542b\u307e\u308c\u308b\u30de\u30af\u30ed\u3092\u30c7\u30d5\u30a9\u30eb\u30c8\u62d2\u5426\u3067\u5b9f\u884c\u963b\u6b62\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

\u65b0\u3057\u3044\u4e9c\u7a2e\u306eEMOTET\u3082\u591a\u91cd\u306b\u9632\u5fa1\u3067\uff11\u4ef6\u3082\u611f\u67d3\u7aef\u672b\u3092\u51fa\u3055\u306a\u3044\u3001\u30a2\u30e1\u30ea\u30ab\u653f\u5e9c\u304c\u653f\u5e9c\u6a5f\u95a2\u3067\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u57fa\u6e96\u3068\u3057\u3066\u5b9a\u3081\u305f\u30bc\u30ed\u30c8\u30e9\u30b9\u30c8\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30e2\u30c7\u30eb\u306b\u6e96\u62e0\u3057\u305fPC Matic\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4fdd\u8b77\u306e\u30b2\u30fc\u30e0\u30c1\u30a7\u30f3\u30b8\u30e3\u30fc\u3067\u3059\u3002<\/p>\n\n\n\n

\u53c2\u8003\u6587\u732e:[bleepingcomputer.com]Emotet \u30de\u30eb\u30a6\u30a7\u30a2\u653b\u6483\u304c 3 \u304b\u6708\u306e\u4f11\u6b62\u671f\u9593\u3092\u7d4c\u3066\u5fa9\u6d3b(2023\/3\/7)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

EMOTET\u306e\u65b0\u3057\u3044\u4e9c\u7a2e\u304c2023\u5e743\u67087\u65e5\u306b\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002\u6614\u304b\u3089\u3088\u304f\u3042\u308bWord\u3084Excel\u5f62\u5f0f\u306e\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u3092\u542b\u3080\u96fb\u5b50\u30e1\u30fc\u30eb\u3092\u4ecb\u3057\u3066\u914d\u5e03\u3055\u308c\u308b\u60aa\u540d\u9ad8\u3044\u30de\u30eb\u30a6\u30a7\u30a2\u3067\u3059\u3002 \u5229\u7528\u8005\u304c\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u304f\u3068\u30de\u30af\u30ed\u306b\u3088\u3063\u3066\u6587\u66f8 […]<\/p>\n","protected":false},"author":1,"featured_media":831,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2533","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=\/wp\/v2\/posts\/2533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2533"}],"version-history":[{"count":6,"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=\/wp\/v2\/posts\/2533\/revisions"}],"predecessor-version":[{"id":2539,"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=\/wp\/v2\/posts\/2533\/revisions\/2539"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=\/wp\/v2\/media\/831"}],"wp:attachment":[{"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtalk.pcmatic.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}