【図表】
Figure 1. Initial suspicious reconnaissance commands identified by OverWatch
Figure 2. Failed attempts to execute Linux commands on a Windows host
Figure 3. Suspected Log4j exploits found in AQUATIC PANDA’s possession
Figure 4. GitHub project with Log4j exploit — hxxps[:]//github[.]com/dbgee/log4j2_rce (Click to enlarge)
Figure 5. Example command line used in attempted memory dump
Figure 6. Falcon platform telemetry capturing threat actor actions
出典: https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/
【ブログ】
◆OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt (Crowdstrike, 2021/12/29)
[OverWatch、ハンズオンで侵入を試みたAQUATIC PANDAがLog4Shellのエクスプロイトツールを所持していることを暴露]
https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/
【関連まとめ記事】
◆全体まとめ
◆攻撃組織 / Actor (まとめ)
◆標的型攻撃組織 / APT (まとめ)
◆Aquatic Panda (まとめ)
https://malware-log.hatenablog.com/entry/Aquatic_Panda