【図表】

Figure 1. Initial suspicious reconnaissance commands identified by OverWatch

Figure 2. Failed attempts to execute Linux commands on a Windows host

Figure 3. Suspected Log4j exploits found in AQUATIC PANDA’s possession

Figure 4. GitHub project with Log4j exploit — hxxps[:]//github[.]com/dbgee/log4j2_rce (Click to enlarge)

Figure 5. Example command line used in attempted memory dump

Figure 6. Falcon platform telemetry capturing threat actor actions
出典: https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/

【ブログ】

◆OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt (Crowdstrike, 2021/12/29)
[OverWatch、ハンズオンで侵入を試みたAQUATIC PANDAがLog4Shellのエクスプロイトツールを所持していることを暴露]
https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/

【関連まとめ記事】

◆全体まとめ
　◆攻撃組織 / Actor (まとめ)
　　◆標的型攻撃組織 / APT (まとめ)

◆Aquatic Panda (まとめ)
https://malware-log.hatenablog.com/entry/Aquatic_Panda