{"height":"190","description":"\u3010\u56f3\u8868\u3011 \u653b\u6483\u3068\u95a2\u9023\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u306e\u30bf\u30a4\u30e0\u30e9\u30a4\u30f3 \u56f32. \u4fb5\u5bb3\u306e\u9023\u9396\u306e\u56f3\u89e3 \u56f33. Q-Dir\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8 \u56f34. \u30a2\u30bb\u30f3\u30d6\u30ea\u30b3\u30fc\u30c9\u306b\u306f\u3001\u5b9f\u884c\u30d5\u30ed\u30fc\u3092\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306b\u8fc2\u56de\u3055\u305b\u308bJMP\u547d\u4ee4\u304c\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u300216\u9032\u30c0\u30f3\u30d7\u306f\u3001PE\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u30d8\u30c3\u30c0\u306e\u672b\u5c3e\u306b\u3042\u308b\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3092\u793a\u3057\u3066\u3044\u307e\u3059\u3002 \u56f35. \u30d0\u30a4\u30ca\u30ea\u30d5\u30a1\u30a4\u30eb\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3068\u30c7\u30a3\u30b9\u30af\u3078\u306e\u66f8\u304d\u8fbc\u307f\u3092\u5236\u5fa1\u3059\u308b\u95a2\u6570\u306e\u9006\u30b3\u30f3\u30d1\u30a4\u30eb\u30b3\u30fc\u30c9 \u56f36. Tick\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u30ed\u30fc\u30c9\u30d7\u30ed\u30bb\u30b9\u306e\u30cf\u30a4\u30ec\u30d9\u30eb\u306a\u6982\u8981 \u56f37. PYC\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306b\u53d6\u3089\u308c\u308b\u30b9\u30c6\u30c3\u30d7\u306e\u30cf\u30a4\u30ec\u30d9\u30eb\u306a\u6982\u8981 \u56f38. \u96e3\u8aad\u5316\u3055\u308c\u305f\u30e6\u30cb\u30fc\u30af\u306a\u30e6\u30fc\u30b6\u30fcID\u3092\u4ed8\u52a0\u3057\u3066URL\u3092\u4f5c\u2026","categories":["\u653b\u6483\u7d44\u7e54: Tick / Bronze Butler / NCPH / RedBaldKnight / The Bald Knight Rises","Malware: ShadowPy","Malware: Netboy (\u30d0\u30c3\u30af\u30c9\u30a2)"],"type":"rich","author_name":"tanigawa","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/t/tt_ctf/20230317/20230317083449.png","provider_url":"https://hatena.blog","published":"2023-03-14 00:00:00","width":"100%","blog_url":"https://malware-log.hatenablog.com/","title":"The slow Tick\u2011ing time bomb: Tick APT group compromise of a DLP software developer in East Asia","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fmalware-log.hatenablog.com%2Fentry%2F2023%2F03%2F14%2F000000_3\" title=\"The slow Tick\u2011ing time bomb: Tick APT group compromise of a DLP software developer in East Asia - TT Malware Log\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","blog_title":"TT Malware Log","version":"1.0","author_url":"https://blog.hatena.ne.jp/tanigawa/","provider_name":"Hatena Blog","url":"https://malware-log.hatenablog.com/entry/2023/03/14/000000_3"}