Definitive GuideTM

Ιфࡄ٩

ᖏᄅীኪጻሁސᚰ

StevePiperCISSP ીΚ

Ȉࠉ

DavidDeWalt

ᜰFireEyeFireEye༼ࠎᄐᏆ٣ऱᇞூΔ౨ሗᅝվᄅীኪऱጻሁ

ᚰސሿழΰzeroͲdayαڕᚰЁސᚰΖᄅীኪጻሁސ APT

ᗧຌΔॿԵᚰЁ౨ᝩႚอސ ՂऱጻሁΔFireEyeא95

౨ᚦᇖאᐛᒘഗऱ־ᛥΕIPSΕሴሐऱլ

ጻሁݼᥨΔ٤ԫऱሀᄐΕᐛᒘࠎ༽Δߩ

ሽၡౡࠐᄭΔڕΚᕋش٥ᚾூխऱრڤΖ

ຍਢᄐԫऱᖞڤٽΔ౨ॴᖒސᚰࡎسၜཚհٺၸ

ᚰЁൕऱዥԵॿ৵ऱᇷறዶዥΖFireEyeຝސ

ᆟറםܓऱဠᚵചΰVirtualExecutionαݾᚯΔਢ

ԫ౨ॴᅝվᄅীጻሁސᚰऱᇞூࠎᚨΖؾছ

FireEye ᇞூբᛧ 40 Δխشഏᄐආڍ Ղא25

ತਣ 100ՕᄐΖ

bull ψ2012 ९ګΕݾભઝקᐚႧڣ 500 ൎω

ΰ Deloitte 2012 Technology Fast 500trade NorthAmericaαխඈټร

bull ዊᛧဎዿဩ 2012 ᄅᑻΰWallݾઝڣ StreetJournal2012TechnologyInnovationAwardα

bull ԵᙇᐰՕຏֆᄅᄐΰJPMorganChaseHallofInnovationα

Definitive GuideTM

Ιфࡄ٩

ᖏᄅীኪጻሁސᚰ

StevePiperCISSPছߢΚDavidDeWalt

ತࠒȞDefinitive GuidetradeȟϞΙфࡄ٩ ठΚנCyberEdge Group LLC 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401 (800) 327-8711 wwwcyber-edgecom Copyright copy 2013 CyberEdge Group LLC ठᦞڶࢬΔߒٱΖDefinitive Guidetradeא

CyberEdge Press ᑑ CyberEdge Group LLC הڶࢬഏ୮հᑑΖהભഏ

ᑑםᑑઃڶࢬٺհತขΖ

ೈॺભഏ 1976 հउױठנ٣ᆖመࠃآڇঞᣤᆃܡᦞऄւΔቇհထࢬڣ

ՀΔኙנءठढ۶փ୲ᓤ፹ΕലᚏژᛀߓอࢨຘመሽΕᖲඳΕᐙٱΕᙕᐙΕ

ൿጒڤࢨڤݮ۶הࢨႚᙁΖڕנٻठ༼נعױᓮΔᓮࠐॾ Permissions Department CyberEdge Group 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401ΔࢨຘመሽၡΚinfocyber-edgecom ᓮΖعנ༽

ຂЯຂᜢΚנठஏլঅᢞࢨᖜঅءփ୲ᄷᒔݙࢤᖞࢤΔࠀڼᜢೈࢬ

ठנጟउΖٺشᔞآհ৬ᤜฃࢬءᖜঅΖشຜհᔞشլਔץຂΔڶ

հ༽ࢬᄭࠐᇷಛەࢨ૪ЯࢬڶփءЯჾ୭ΔᄗլຂΖ؈հჾګທࢬڼኙ

៣ࢨጻΔኙᇠ៣ࢨጻױ౨༼ࠎհᇷಛנ༽ࢨհ৬ᤜΔנءठஏլ༼ࠎᖜঅΖڼ

؆Δᦰᚨᛵᇞ٨ࢬءհጻءᒳᐷᦰᔹᦰཚΔױ౨բࢨޓࢬڶᔡฝೈΖ

Ꮑڕ CyberEdge Group ઔߒፖᔭᘬᇬ೭հԫᇷಛΔࢨ፹၆ֆറشհᄕਐতᤄΔᓮࠐሽ 800-327-8711 ႚಬሽၡΚinfocyber-edgecomࢨ ፖݺଚऱᔭഇ

ຝ൷Ζ

ISBNΚ978-0-9888233-0-3ΰᇘءαΙISBNΚ978-0-9888233-1-0ΰሽα ፹Ζٱભഏ

10 9 8 7 6 5 4 3 2 1

юޱގमᗂຠġ

CyberEdge Group ტאՀԳՓհಥΚ

ጡᒮȈSusan Shuttleworth ҁ७೩ॎȈDebbi StoccoΕChristian Brennan ᇧհڞȈValerie Lowery FireEye ੫ڞօȈPhil LinΕLisa MatichakΕBrent RemaiΕDavid DeWalt

ᜰFireEyeFireEye༼ࠎᄐᏆ٣ऱᇞூΔ౨ሗᅝվᄅীኪऱጻሁ

ᚰސሿழΰzeroͲdayαڕᚰЁސᚰΖᄅীኪጻሁސ APT

ᗧຌΔॿԵᚰЁ౨ᝩႚอސ ՂऱጻሁΔFireEyeא95

౨ᚦᇖאᐛᒘഗऱ־ᛥΕIPSΕሴሐऱլ

ጻሁݼᥨΔ٤ԫऱሀᄐΕᐛᒘࠎ༽Δߩ

ሽၡౡࠐᄭΔڕΚᕋش٥ᚾூխऱრڤΖ

ຍਢᄐԫऱᖞڤٽΔ౨ॴᖒސᚰࡎسၜཚհٺၸ

ᚰЁൕऱዥԵॿ৵ऱᇷறዶዥΖFireEyeຝސ

ᆟറםܓऱဠᚵചΰVirtualExecutionαݾᚯΔਢ

ԫ౨ॴᅝվᄅীጻሁސᚰऱᇞூࠎᚨΖؾছ

FireEye ᇞூբᛧ 40 Δխشഏᄐආڍ Ղא25

ತਣ 100ՕᄐΖ

bull ψ2012 ९ګΕݾભઝקᐚႧڣ 500 ൎω

ΰ Deloitte 2012 Technology Fast 500trade NorthAmericaαխඈټร

bull ዊᛧဎዿဩ 2012 ᄅᑻΰWallݾઝڣ StreetJournal2012TechnologyInnovationAwardα

bull ԵᙇᐰՕຏֆᄅᄐΰJPMorganChaseHallofInnovationα

Definitive GuideTM

Ιфࡄ٩

ᖏᄅীኪጻሁސᚰ

StevePiperCISSPছߢΚDavidDeWalt

ತࠒȞDefinitive GuidetradeȟϞΙфࡄ٩ ठΚנCyberEdge Group LLC 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401 (800) 327-8711 wwwcyber-edgecom Copyright copy 2013 CyberEdge Group LLC ठᦞڶࢬΔߒٱΖDefinitive Guidetradeא

CyberEdge Press ᑑ CyberEdge Group LLC הڶࢬഏ୮հᑑΖהભഏ

ᑑםᑑઃڶࢬٺհತขΖ

ೈॺભഏ 1976 հउױठנ٣ᆖመࠃآڇঞᣤᆃܡᦞऄւΔቇհထࢬڣ

ՀΔኙנءठढ۶փ୲ᓤ፹ΕലᚏژᛀߓอࢨຘመሽΕᖲඳΕᐙٱΕᙕᐙΕ

ൿጒڤࢨڤݮ۶הࢨႚᙁΖڕנٻठ༼נعױᓮΔᓮࠐॾ Permissions Department CyberEdge Group 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401ΔࢨຘመሽၡΚinfocyber-edgecom ᓮΖعנ༽

ຂЯຂᜢΚנठஏլঅᢞࢨᖜঅءփ୲ᄷᒔݙࢤᖞࢤΔࠀڼᜢೈࢬ

ठנጟउΖٺشᔞآհ৬ᤜฃࢬءᖜঅΖشຜհᔞشլਔץຂΔڶ

հ༽ࢬᄭࠐᇷಛەࢨ૪ЯࢬڶփءЯჾ୭ΔᄗլຂΖ؈հჾګທࢬڼኙ

៣ࢨጻΔኙᇠ៣ࢨጻױ౨༼ࠎհᇷಛנ༽ࢨհ৬ᤜΔנءठஏլ༼ࠎᖜঅΖڼ

؆Δᦰᚨᛵᇞ٨ࢬءհጻءᒳᐷᦰᔹᦰཚΔױ౨բࢨޓࢬڶᔡฝೈΖ

Ꮑڕ CyberEdge Group ઔߒፖᔭᘬᇬ೭հԫᇷಛΔࢨ፹၆ֆറشհᄕਐতᤄΔᓮࠐሽ 800-327-8711 ႚಬሽၡΚinfocyber-edgecomࢨ ፖݺଚऱᔭഇ

ຝ൷Ζ

ISBNΚ978-0-9888233-0-3ΰᇘءαΙISBNΚ978-0-9888233-1-0ΰሽα ፹Ζٱભഏ

10 9 8 7 6 5 4 3 2 1

юޱގमᗂຠġ

CyberEdge Group ტאՀԳՓհಥΚ

ጡᒮȈSusan Shuttleworth ҁ७೩ॎȈDebbi StoccoΕChristian Brennan ᇧհڞȈValerie Lowery FireEye ੫ڞօȈPhil LinΕLisa MatichakΕBrent RemaiΕDavid DeWalt

Definitive GuideTM

Ιфࡄ٩

ᖏᄅীኪጻሁސᚰ

StevePiperCISSPছߢΚDavidDeWalt

ತࠒȞDefinitive GuidetradeȟϞΙфࡄ٩ ठΚנCyberEdge Group LLC 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401 (800) 327-8711 wwwcyber-edgecom Copyright copy 2013 CyberEdge Group LLC ठᦞڶࢬΔߒٱΖDefinitive Guidetradeא

CyberEdge Press ᑑ CyberEdge Group LLC הڶࢬഏ୮հᑑΖהભഏ

ᑑםᑑઃڶࢬٺհತขΖ

ೈॺભഏ 1976 հउױठנ٣ᆖመࠃآڇঞᣤᆃܡᦞऄւΔቇհထࢬڣ

ՀΔኙנءठढ۶փ୲ᓤ፹ΕലᚏژᛀߓอࢨຘመሽΕᖲඳΕᐙٱΕᙕᐙΕ

ൿጒڤࢨڤݮ۶הࢨႚᙁΖڕנٻठ༼נعױᓮΔᓮࠐॾ Permissions Department CyberEdge Group 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401ΔࢨຘመሽၡΚinfocyber-edgecom ᓮΖعנ༽

ຂЯຂᜢΚנठஏլঅᢞࢨᖜঅءփ୲ᄷᒔݙࢤᖞࢤΔࠀڼᜢೈࢬ

ठנጟउΖٺشᔞآհ৬ᤜฃࢬءᖜঅΖشຜհᔞشլਔץຂΔڶ

հ༽ࢬᄭࠐᇷಛەࢨ૪ЯࢬڶփءЯჾ୭ΔᄗլຂΖ؈հჾګທࢬڼኙ

៣ࢨጻΔኙᇠ៣ࢨጻױ౨༼ࠎհᇷಛנ༽ࢨհ৬ᤜΔנءठஏլ༼ࠎᖜঅΖڼ

؆Δᦰᚨᛵᇞ٨ࢬءհጻءᒳᐷᦰᔹᦰཚΔױ౨բࢨޓࢬڶᔡฝೈΖ

Ꮑڕ CyberEdge Group ઔߒፖᔭᘬᇬ೭հԫᇷಛΔࢨ፹၆ֆറشհᄕਐতᤄΔᓮࠐሽ 800-327-8711 ႚಬሽၡΚinfocyber-edgecomࢨ ፖݺଚऱᔭഇ

ຝ൷Ζ

ISBNΚ978-0-9888233-0-3ΰᇘءαΙISBNΚ978-0-9888233-1-0ΰሽα ፹Ζٱભഏ

10 9 8 7 6 5 4 3 2 1

юޱގमᗂຠġ

CyberEdge Group ტאՀԳՓհಥΚ

ጡᒮȈSusan Shuttleworth ҁ७೩ॎȈDebbi StoccoΕChristian Brennan ᇧհڞȈValerie Lowery FireEye ੫ڞօȈPhil LinΕLisa MatichakΕBrent RemaiΕDavid DeWalt

ತࠒȞDefinitive GuidetradeȟϞΙфࡄ٩ ठΚנCyberEdge Group LLC 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401 (800) 327-8711 wwwcyber-edgecom Copyright copy 2013 CyberEdge Group LLC ठᦞڶࢬΔߒٱΖDefinitive Guidetradeא

CyberEdge Press ᑑ CyberEdge Group LLC הڶࢬഏ୮հᑑΖהભഏ

ᑑםᑑઃڶࢬٺհತขΖ

ೈॺભഏ 1976 հउױठנ٣ᆖመࠃآڇঞᣤᆃܡᦞऄւΔቇհထࢬڣ

ՀΔኙנءठढ۶փ୲ᓤ፹ΕലᚏژᛀߓอࢨຘመሽΕᖲඳΕᐙٱΕᙕᐙΕ

ൿጒڤࢨڤݮ۶הࢨႚᙁΖڕנٻठ༼נعױᓮΔᓮࠐॾ Permissions Department CyberEdge Group 1997 Annapolis Exchange Parkway Suite 300 Annapolis MD 21401ΔࢨຘመሽၡΚinfocyber-edgecom ᓮΖعנ༽

ຂЯຂᜢΚנठஏլঅᢞࢨᖜঅءփ୲ᄷᒔݙࢤᖞࢤΔࠀڼᜢೈࢬ

ठנጟउΖٺشᔞآհ৬ᤜฃࢬءᖜঅΖشຜհᔞشլਔץຂΔڶ

հ༽ࢬᄭࠐᇷಛەࢨ૪ЯࢬڶփءЯჾ୭ΔᄗլຂΖ؈հჾګທࢬڼኙ

៣ࢨጻΔኙᇠ៣ࢨጻױ౨༼ࠎհᇷಛנ༽ࢨհ৬ᤜΔנءठஏլ༼ࠎᖜঅΖڼ

؆Δᦰᚨᛵᇞ٨ࢬءհጻءᒳᐷᦰᔹᦰཚΔױ౨բࢨޓࢬڶᔡฝೈΖ

Ꮑڕ CyberEdge Group ઔߒፖᔭᘬᇬ೭հԫᇷಛΔࢨ፹၆ֆറشհᄕਐতᤄΔᓮࠐሽ 800-327-8711 ႚಬሽၡΚinfocyber-edgecomࢨ ፖݺଚऱᔭഇ

ຝ൷Ζ

ISBNΚ978-0-9888233-0-3ΰᇘءαΙISBNΚ978-0-9888233-1-0ΰሽα ፹Ζٱભഏ

10 9 8 7 6 5 4 3 2 1

юޱގमᗂຠġ

CyberEdge Group ტאՀԳՓհಥΚ

ጡᒮȈSusan Shuttleworth ҁ७೩ॎȈDebbi StoccoΕChristian Brennan ᇧհڞȈValerie Lowery FireEye ੫ڞօȈPhil LinΕLisa MatichakΕBrent RemaiΕDavid DeWalt

Ҭᓃġࠉ v ו vii

ᆏᥦ vii ኔشቹق viii

Ιфࡄဎ1 Գऱอૠᑇᖕ 2 २ཚ୭ 3

ᄐސᚰ 3 ਙސᚰ 3

Ꮭזඓऱ؈ᗧ 4 ᅝছᄅڤݮౡᄗउ 5

ႚอౡ 5 ᄅԫזౡ 7

ᕣኳΡ 11 ᓴਢݺଚऱᑅԳΛ 11

ጻሁᆞح 12 ഏ୮ᇷܗऱౡ12 ᙹড়೯ᆠ13

ᑅԳऱפګհሐ 15 ᝩאᐛᒘഗऱᗧᖲ 15 ᝩאฆೠഗऱᗧᖲ 15

ᆩၯᔞডݙ 17 APT Եଳ 17

ᖄإԫኙ APT ऱᎄᇞ 18 APT ᄅፊࠃ 19

Flame ᘪސڤᚰΰ2012 αڣ 20 RSA SecurlD ΰ2011ࠃᚰސ αڣ 20 Stuxnetΰ2010 αڣ 21 ᄕ٠೯ΰ2009 αڣ 22

ഏ୮ APT شᚰऱዮዳސ 22 APT ၜཚࡎسᚰऱސ 23

ၸ 1ΚຘመߓอዥޡԵॿ 24 ၸ 2ΚڇᔡԵॿऱߓอՂڜᇘრຌ 25 ၸ 3Κඔ೯ኙ؆ຑᒵ 25 ၸ 4Κސᚰᖩٻᓍ 25 ၸ 5ΚឯᔡԵॿऱᇷற 26 ᚰൽ堸Δൕಳᄩސ 27

APT ᚰऱᤞಛސ 29

iv | ತࠒϞΙфࡄ٩

ᏲΣΙфࡄ٩ऋ 31 ᗧԺᏁऱࢬإట 32

ᐛᒘᗧ 32 ೈԱೠΔᝫᏁᥨ౨Ժ 32 ᥨਮዌڤڍ 33 ৫ᄷᒔೠᚯ 33 ٤ౡᇷག 33

ᥨౡזᆠᄅԫ 34 ፖႚอאᐛᒘഗऱᗧᖲለ 35 ፖޥฏ٤ڜݾለ 36

ց 38 რຌᥨߓอ 39 ဠᚵചᚯ 39 խ؇ጥߓอ 40 ጤౡᇷጻሁ 40

Ιфࡄ٩ـ 41 ሎ41ڤ

փڤΰInlineαலሁೡ൷ΰOut-of-bandαຝᆟ 43 ۥ 44

ဠᚵചױጊढ 45 ຒሁஉ᠙ݶ 45 რᚾூሶᠦ 46 ႃխጥ 47 რຌᇷࠆ 47 ૡঞག 48 ٽᖞ 48 ൳ژቤۥߡא 49 Ꮪ 49 ܫ 50 ᤞ 51

ല NGTP ᖞٽڶऱ IT ഗዌ51 SIEM 52 ٤ᇷፖਜڜ 52 ጥࠃ 53

ᒵᐅғጂޟ NGTPПਰ 55 ᚨᝩऱळរ 55 ૹආᄷঞ 56

ጻΕሽၡᚾூᛀऱᖞڤٽ NGTP 57 ൳ԵՑፖנՑᇷறၦ 57 ᛀՕᒤᚾூᣊী 57 ೯რຌᇞூ 58 ᎄࢨᎄܡ 59 ૡঞག 59 ऴᤚشࠌڤտ 59 ᚨড়གڂ 60

ຠཊߒ 61

ġࠉ

ᇿഏ୮Ꮖᖄ٤ড়൷ᤛ৵Δݺഏ୮ፖᄐጻ

ሁࢬᏁऱ٤ڜႚอ٤ڜՠࢬ౨༼ࠎऱ٤ڜ

հڶᄕՕᆵΖᄅԫזऱጻሁސᚰբګຍࠄড়

ڜऱႚอࠎ༽ࢬໂݾ៱ຫشࠌڇଚᝫהऱԫຝΔس

٤ՠፖհኙݼΖ

ڇຍડᖞଡ٤ڜขᄐᏁޏᨠΔڂዬߜޏڤլՂվ

ཕᐝীጻሁᆞࢬحขسऱౡᆵΖݺམֆؾقছऱጻሁڜ

٤ᑓীឩך౨ԺլߩΔᏁൕഗءᐋආ٤ᄅऱ٤ڜऄΖ

ՈڼڂΔᅝݺᦰݙຍءᄕਐত৵ՕቔፘΔൕףޓڼഒॾݺଚ

ᏁඒߛՕฒΔࠀᖕᅝվऱጻሁސᚰउආ೯Ζݺଚإ

ᜯᆞحፖഏ୮៣ऱጻሁψ૨ໂᤁωΔխ௫ᛩᛩઌڬऱܓ

墿೯ᖲፖچਙएᤜᠲΖڇຍᤁխΔࠃኪࠐᣤૹΖ

ᄎԫࡡ٤ሽॾຏಛᘬᇬڜᑛอփഏ୮ګዊڶݺ

ΔࠀԵᙇሒભΕMandiant ᇷಛ٤ڜֆ Polycom ऱᇀࠃ

ᄎګΖڼطࠐΔݺଚᖑڶԱؾٵ٥ᑑᖞٽֆ٥ፖߏԳຝ

ຍଡᗑদऱՕړᖲᄎΖݺઌॾΔݺଚലٵױԺנބঅᥨ

ᣂഗዌऱᄅᇞऄΖش٥

ڇ٤ڣװ IT Եދբݾ٤ઝڜ 200 حጻሁᆞᏙભցΔڍ

APT ᙹড়থᝫਢ౨ᖩॴऱॿԵ۶ጻሁ᧗ᇷறΔᖄી

ᄐ೭ሎխឰΙኙݺڼტլױ৸ᤜΖ

ݼᗧ౨ԺऱᆵΔኙ۶ᚦᇖጻሁڕᎅڇܛਐতء Steve խ

૪ऱψᅝվᄅীኪጻሁސᚰωΖ٤ጻሁࠃऱഹದړإᎅ

ౡऱ৫Δאጻሁސᚰऱ壄യᓤᠧ৫ΖڼڇݺԺᣠۯٺ

ᇡᦰءਐতΔࠀፖٵࠃٵᕦጻሁቸࠆ൞ൕխࢬᖂऱव

ᢝΖݺଚႊ٣ޓڶऱઝݾΕޓጹയऱሀขᄐٽֆ٥ፖ

ᚰΖސऱጻሁזൎՕऱຑΔթ౨ॴຍጟᄅԫޓԳຝߏ

vi | ತࠒϞΙфࡄ٩

ᣂݺաऱຝΔףڇݺԵ FireEye ৵ലڼᅝݺګᎃߢሒګ

ऱᄅؾᑑЁ༼٣ࠎऱΔאᇞᅝվཟऱጻሁ٤ڜം

ᠲΖൕ೭ McAfee ڣڍᚷച९ऱᖲᄎΙڻڍڶݺΔࠐא

ᨠኘڇՈԫऴࠐ FireEyeΖኙ౨ףԵຍᖑޏڶᄐሏᚭঞ

ءܗᇷנඨຘመݦՈݺΔ؆ڼტॺᕿΖݺΔऱֆݾ

ਐতנठΔࠎ༽ۯٺԫଡਮᄗΔ৬ޓم౨Ժऱዶ

ຘጻሁഗΔڼࠉࠀຝᆟᄅԫזౡᗧΖ

David DeWalt

FireEye ച९

ġו

Εߠآࢬጟ壄യ৫ছٺګᖲዌբਙࡉΔᄐࠐ

ᤛࢬߡլԵऱጻሁސᚰ୭Ζᕣጥދڣޢᇷመ

200 Ꮩભցආႚอᇷಛ٤ڜᗧᇞூΔ៣ս

աإፖᄅԫזጻሁސᚰᕿᖏΔڕၸऱრڤၸᥛ

ຟ౨ᚰ೯ઌᅝᥬΕऄቃސࠄᚰΰAPTαΙຍސዶຘࢤ

อΖߓছऱጻሁؾॿԵפګ

२

ᇷறΕధᡏૹอΕ᧗ߓᚰސრቹլ૩ऱᑅԳࠄຍუڕ

ഗዌΔݺଚႊشլߡٵ৫৸ەΖݺଚႊᛵᇞאᐛᒘ

ഗऱႚอᗧΔሎشᄅઝݾࠀॴᅝվऱᄅীጻሁ

ᚰΖސ

ᗧՠΰNGTPαਢౡזᇞऄΖᄅԫބଚբݺΔړ

ᄅऱᄅڤጻሁ٤ڜΔᆖᢞኔ౨פګᗧᄅԫזऱౡΖڕ

൞ຂᒔঅ၆ֆऱጻሁࢤ٤ڜΔ൞Տᆄլ౨ᙑመءΖ

ണᖂġร 1 ψᗧᄅԫזౡωڃૹՕᇷற؆ਜ਼ऱԳอૠᑇᖕΕ

ᎅ२ࠐڣᄐፖਙࢬسऱૹՕጻሁސᚰࠃΕᇞᤩᇷற

ᔡ᧗հઌᣂࠀءګለႚอፖᄅԫזጻሁސᚰऱฆΖ

ร 2 ψᛵᇞᑅԳωঞᣊנԿጟᣊীऱጻሁᑅԳЁጻሁᆞحΕ

ഏ୮ᇷܗऱౡᙹড়೯ᆠЁࠀᎅຍࠄᑅԳ۶ڕ

ᗧᖲΖ٤ڜᝩႚอᇷಛפګ

ร 3 ψၸጻሁސᚰଳωᆠ APT २ՂഏᎾᄅፊڃࠀ

ᙰයऱૹՕ APT פګᚰΙ൷ထঞᇡาᎅސ APT ᚰኙᣂഗސ

ዌױࢬ౨ขسऱψዮዳشωΕດԫ൶ APT ၜཚնၸࡎس

ᔡܡೠ៣ਢࠎ༽ࠀ APT ᚰऱᤞಛΖސ

ร 4 ψᖄԵᄅԫזౡᗧᖲω֊ԵംᠲுΔᆠ NGTPΕ૪უऱ NGTP ᇞூᚨໂհࢤΔࠀለ NGTP ፖႚอ

ΰsandboxݾ٤ڜฏޥᗧᖲᐛᒘഗऱאtechnologyαΖ

viii | ತࠒϞΙфࡄ٩

ร 5 ψ൶ᄅԫזౡᗧωᥛร 4 փ୲Δᒔ֊ᎅ NGTPᚰኙሽၡಛஒΕጻຏಛᙩኪᚾூސᄅীኪጻሁ۶ڕ

൶Ꮖ٣ऱࠀऱჾ୭Ζխګທࢬ NGTP ᇞூհ

Ζڤߠጻሁഗዌऱጟڶٽ૪ലᖞࠀΔۥ

ร 6 ψᙇᖗإᒔऱ NGTP ᇞூωᒔኔᎅආ NGTP ᇞ

ூរЁޓૹऱਢ༼ᙌ൞ආழᚨᝩऱळរΖ

ნ༼ءࠎૹհ១ەᆠΰאڗقαΖ

ᄂҢყҰġ

ġ ඪᒺௌġ

ġ ġ

৬ᤜΖشଡԳ៣հኔشᚨױࠎ༽ق༽

ġ ϸġ

ġ ġ

ڼߠቹقழᓮಖΔڂઌᣂփ୲ץ൞լ୲ݱಖऱૹ ᇷಛΖ

ġ ཎġݧ

ġ ġ

შΔڂڕڶง൞၆ֆױ౨Ꮑנב၆זᏝΖ

ġ ᄇፙġ

ġ ġ

ፖڼቹقઌᣂփ୲ለݾٻᐋΔਢಾኙ IT ԳࢬૠΖ

ġ ᆩၯၥਟġ

ġ ġ

უᛵᇞڍޓᇷಛΛᇿထઌᚨऱ URL ᛵᇞጻሁՂהઌᣂփ୲Ζ

1 ണ

Ιфࡄဎġ

ҏണ१ᘈ

ӱശߖၥਟѴಛॎኵᐃ

ષಛᆩၯᔞ

ᕣඌཎแԒȃႭਢ৯Ȟzero-dayȟЅܒ

ᅤആࡄ

ऱጻሁސᚰޓא壄യΖመװԫࠐאڣΔݺଚբ

ᚰբሒސࠄΔຍࠃऱᇷற؆ਜ਼شᢝᤞ൩ߠ

ছߠآࢬऱᓤᠧ৫ፖᑓΔᖄીޢԫټᇷಛ٤ڜ

ΰCISOαլլૹᄅᛀ៣ऱጻሁᇷಛ٤ڜणኪΖ

վᚰীސᔆऱᙹড়ࢤق٤ীЁൕݙᆞขᄐՈբحழΔጻሁٵ

ᛧࢤܓᔆऱጻሁސᚰΔڶԱਙएܓ墿೯ऱጻሁސ

ᚰΖᅝվጻሁᆞح൷መ৫ಝᒭΔଫᑵᒭऱސᚰݾΔᔾ

ᚰΖސࠄਮຍᗧᖲբԺᐛᒘഗऱאছؾ

៣ڇᜯᄅীኪऱጻሁސᚰΖຍڍۯڍࠄڤౡ౨

อߓᗧᛥΕԵॿ־ڕࠏᗧᖲΔ٤ڜᝩႚอऱᇷಛ

ΰIPSαΕ٤ڜጻሁፖሽၡሴሐΖ

ᅝվەࠀᣤૹΛ२ऱอૠᑇᖕΔڍڶΔംᠲאࢬ

ᣤૹऱጻሁސᚰூࠏױᗭवԫԲΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

iv | ತࠒϞΙфࡄ٩

ᏲΣΙфࡄ٩ऋ 31 ᗧԺᏁऱࢬإట 32

ᐛᒘᗧ 32 ೈԱೠΔᝫᏁᥨ౨Ժ 32 ᥨਮዌڤڍ 33 ৫ᄷᒔೠᚯ 33 ٤ౡᇷག 33

ᥨౡזᆠᄅԫ 34 ፖႚอאᐛᒘഗऱᗧᖲለ 35 ፖޥฏ٤ڜݾለ 36

ց 38 რຌᥨߓอ 39 ဠᚵചᚯ 39 խ؇ጥߓอ 40 ጤౡᇷጻሁ 40

Ιфࡄ٩ـ 41 ሎ41ڤ

փڤΰInlineαலሁೡ൷ΰOut-of-bandαຝᆟ 43 ۥ 44

ဠᚵചױጊढ 45 ຒሁஉ᠙ݶ 45 რᚾூሶᠦ 46 ႃխጥ 47 რຌᇷࠆ 47 ૡঞག 48 ٽᖞ 48 ൳ژቤۥߡא 49 Ꮪ 49 ܫ 50 ᤞ 51

ല NGTP ᖞٽڶऱ IT ഗዌ51 SIEM 52 ٤ᇷፖਜڜ 52 ጥࠃ 53

ᒵᐅғጂޟ NGTPПਰ 55 ᚨᝩऱळរ 55 ૹආᄷঞ 56

ጻΕሽၡᚾூᛀऱᖞڤٽ NGTP 57 ൳ԵՑፖנՑᇷறၦ 57 ᛀՕᒤᚾூᣊী 57 ೯რຌᇞூ 58 ᎄࢨᎄܡ 59 ૡঞག 59 ऴᤚشࠌڤտ 59 ᚨড়གڂ 60

ຠཊߒ 61

ġࠉ

ᇿഏ୮Ꮖᖄ٤ড়൷ᤛ৵Δݺഏ୮ፖᄐጻ

ሁࢬᏁऱ٤ڜႚอ٤ڜՠࢬ౨༼ࠎऱ٤ڜ

հڶᄕՕᆵΖᄅԫזऱጻሁސᚰբګຍࠄড়

ڜऱႚอࠎ༽ࢬໂݾ៱ຫشࠌڇଚᝫהऱԫຝΔس

٤ՠፖհኙݼΖ

ڇຍડᖞଡ٤ڜขᄐᏁޏᨠΔڂዬߜޏڤլՂվ

ཕᐝীጻሁᆞࢬحขسऱౡᆵΖݺམֆؾقছऱጻሁڜ

٤ᑓীឩך౨ԺլߩΔᏁൕഗءᐋආ٤ᄅऱ٤ڜऄΖ

ՈڼڂΔᅝݺᦰݙຍءᄕਐত৵ՕቔፘΔൕףޓڼഒॾݺଚ

ᏁඒߛՕฒΔࠀᖕᅝվऱጻሁސᚰउආ೯Ζݺଚإ

ᜯᆞحፖഏ୮៣ऱጻሁψ૨ໂᤁωΔխ௫ᛩᛩઌڬऱܓ

墿೯ᖲፖچਙएᤜᠲΖڇຍᤁխΔࠃኪࠐᣤૹΖ

ᄎԫࡡ٤ሽॾຏಛᘬᇬڜᑛอփഏ୮ګዊڶݺ

ΔࠀԵᙇሒભΕMandiant ᇷಛ٤ڜֆ Polycom ऱᇀࠃ

ᄎګΖڼطࠐΔݺଚᖑڶԱؾٵ٥ᑑᖞٽֆ٥ፖߏԳຝ

ຍଡᗑদऱՕړᖲᄎΖݺઌॾΔݺଚലٵױԺנބঅᥨ

ᣂഗዌऱᄅᇞऄΖش٥

ڇ٤ڣװ IT Եދբݾ٤ઝڜ 200 حጻሁᆞᏙભցΔڍ

APT ᙹড়থᝫਢ౨ᖩॴऱॿԵ۶ጻሁ᧗ᇷறΔᖄી

ᄐ೭ሎխឰΙኙݺڼტլױ৸ᤜΖ

ݼᗧ౨ԺऱᆵΔኙ۶ᚦᇖጻሁڕᎅڇܛਐতء Steve խ

૪ऱψᅝվᄅীኪጻሁސᚰωΖ٤ጻሁࠃऱഹದړإᎅ

ౡऱ৫Δאጻሁސᚰऱ壄യᓤᠧ৫ΖڼڇݺԺᣠۯٺ

ᇡᦰءਐতΔࠀፖٵࠃٵᕦጻሁቸࠆ൞ൕխࢬᖂऱव

ᢝΖݺଚႊ٣ޓڶऱઝݾΕޓጹയऱሀขᄐٽֆ٥ፖ

ᚰΖސऱጻሁזൎՕऱຑΔթ౨ॴຍጟᄅԫޓԳຝߏ

vi | ತࠒϞΙфࡄ٩

ᣂݺաऱຝΔףڇݺԵ FireEye ৵ലڼᅝݺګᎃߢሒګ

ऱᄅؾᑑЁ༼٣ࠎऱΔאᇞᅝվཟऱጻሁ٤ڜം

ᠲΖൕ೭ McAfee ڣڍᚷച९ऱᖲᄎΙڻڍڶݺΔࠐא

ᨠኘڇՈԫऴࠐ FireEyeΖኙ౨ףԵຍᖑޏڶᄐሏᚭঞ

ءܗᇷנඨຘመݦՈݺΔ؆ڼტॺᕿΖݺΔऱֆݾ

ਐতנठΔࠎ༽ۯٺԫଡਮᄗΔ৬ޓم౨Ժऱዶ

ຘጻሁഗΔڼࠉࠀຝᆟᄅԫזౡᗧΖ

David DeWalt

FireEye ച९

ġו

Εߠآࢬጟ壄യ৫ছٺګᖲዌբਙࡉΔᄐࠐ

ᤛࢬߡլԵऱጻሁސᚰ୭Ζᕣጥދڣޢᇷመ

200 Ꮩભցආႚอᇷಛ٤ڜᗧᇞூΔ៣ս

աإፖᄅԫזጻሁސᚰᕿᖏΔڕၸऱრڤၸᥛ

ຟ౨ᚰ೯ઌᅝᥬΕऄቃސࠄᚰΰAPTαΙຍސዶຘࢤ

อΖߓছऱጻሁؾॿԵפګ

२

ᇷறΕధᡏૹอΕ᧗ߓᚰސრቹլ૩ऱᑅԳࠄຍუڕ

ഗዌΔݺଚႊشլߡٵ৫৸ەΖݺଚႊᛵᇞאᐛᒘ

ഗऱႚอᗧΔሎشᄅઝݾࠀॴᅝվऱᄅীጻሁ

ᚰΖސ

ᗧՠΰNGTPαਢౡזᇞऄΖᄅԫބଚբݺΔړ

ᄅऱᄅڤጻሁ٤ڜΔᆖᢞኔ౨פګᗧᄅԫזऱౡΖڕ

൞ຂᒔঅ၆ֆऱጻሁࢤ٤ڜΔ൞Տᆄլ౨ᙑመءΖ

ണᖂġร 1 ψᗧᄅԫזౡωڃૹՕᇷற؆ਜ਼ऱԳอૠᑇᖕΕ

ᎅ२ࠐڣᄐፖਙࢬسऱૹՕጻሁސᚰࠃΕᇞᤩᇷற

ᔡ᧗հઌᣂࠀءګለႚอፖᄅԫזጻሁސᚰऱฆΖ

ร 2 ψᛵᇞᑅԳωঞᣊנԿጟᣊীऱጻሁᑅԳЁጻሁᆞحΕ

ഏ୮ᇷܗऱౡᙹড়೯ᆠЁࠀᎅຍࠄᑅԳ۶ڕ

ᗧᖲΖ٤ڜᝩႚอᇷಛפګ

ร 3 ψၸጻሁސᚰଳωᆠ APT २ՂഏᎾᄅፊڃࠀ

ᙰයऱૹՕ APT פګᚰΙ൷ထঞᇡาᎅސ APT ᚰኙᣂഗސ

ዌױࢬ౨ขسऱψዮዳشωΕດԫ൶ APT ၜཚնၸࡎس

ᔡܡೠ៣ਢࠎ༽ࠀ APT ᚰऱᤞಛΖސ

ร 4 ψᖄԵᄅԫזౡᗧᖲω֊ԵംᠲுΔᆠ NGTPΕ૪უऱ NGTP ᇞூᚨໂհࢤΔࠀለ NGTP ፖႚอ

ΰsandboxݾ٤ڜฏޥᗧᖲᐛᒘഗऱאtechnologyαΖ

viii | ತࠒϞΙфࡄ٩

ร 5 ψ൶ᄅԫזౡᗧωᥛร 4 փ୲Δᒔ֊ᎅ NGTPᚰኙሽၡಛஒΕጻຏಛᙩኪᚾூސᄅীኪጻሁ۶ڕ

൶Ꮖ٣ऱࠀऱჾ୭Ζխګທࢬ NGTP ᇞூհ

Ζڤߠጻሁഗዌऱጟڶٽ૪ലᖞࠀΔۥ

ร 6 ψᙇᖗإᒔऱ NGTP ᇞூωᒔኔᎅආ NGTP ᇞ

ூរЁޓૹऱਢ༼ᙌ൞ආழᚨᝩऱळរΖ

ნ༼ءࠎૹհ១ەᆠΰאڗقαΖ

ᄂҢყҰġ

ġ ඪᒺௌġ

ġ ġ

৬ᤜΖشଡԳ៣հኔشᚨױࠎ༽ق༽

ġ ϸġ

ġ ġ

ڼߠቹقழᓮಖΔڂઌᣂփ୲ץ൞լ୲ݱಖऱૹ ᇷಛΖ

ġ ཎġݧ

ġ ġ

შΔڂڕڶง൞၆ֆױ౨Ꮑנב၆זᏝΖ

ġ ᄇፙġ

ġ ġ

ፖڼቹقઌᣂփ୲ለݾٻᐋΔਢಾኙ IT ԳࢬૠΖ

ġ ᆩၯၥਟġ

ġ ġ

უᛵᇞڍޓᇷಛΛᇿထઌᚨऱ URL ᛵᇞጻሁՂהઌᣂփ୲Ζ

1 ണ

Ιфࡄဎġ

ҏണ१ᘈ

ӱശߖၥਟѴಛॎኵᐃ

ષಛᆩၯᔞ

ᕣඌཎแԒȃႭਢ৯Ȟzero-dayȟЅܒ

ᅤആࡄ

ऱጻሁސᚰޓא壄യΖመװԫࠐאڣΔݺଚբ

ᚰբሒސࠄΔຍࠃऱᇷற؆ਜ਼شᢝᤞ൩ߠ

ছߠآࢬऱᓤᠧ৫ፖᑓΔᖄીޢԫټᇷಛ٤ڜ

ΰCISOαլլૹᄅᛀ៣ऱጻሁᇷಛ٤ڜणኪΖ

վᚰীސᔆऱᙹড়ࢤق٤ীЁൕݙᆞขᄐՈբحழΔጻሁٵ

ᛧࢤܓᔆऱጻሁސᚰΔڶԱਙएܓ墿೯ऱጻሁސ

ᚰΖᅝվጻሁᆞح൷መ৫ಝᒭΔଫᑵᒭऱސᚰݾΔᔾ

ᚰΖސࠄਮຍᗧᖲբԺᐛᒘഗऱאছؾ

៣ڇᜯᄅীኪऱጻሁސᚰΖຍڍۯڍࠄڤౡ౨

อߓᗧᛥΕԵॿ־ڕࠏᗧᖲΔ٤ڜᝩႚอऱᇷಛ

ΰIPSαΕ٤ڜጻሁፖሽၡሴሐΖ

ᅝվەࠀᣤૹΛ२ऱอૠᑇᖕΔڍڶΔംᠲאࢬ

ᣤૹऱጻሁސᚰூࠏױᗭवԫԲΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

ġࠉ

ᇿഏ୮Ꮖᖄ٤ড়൷ᤛ৵Δݺഏ୮ፖᄐጻ

ሁࢬᏁऱ٤ڜႚอ٤ڜՠࢬ౨༼ࠎऱ٤ڜ

հڶᄕՕᆵΖᄅԫזऱጻሁސᚰբګຍࠄড়

ڜऱႚอࠎ༽ࢬໂݾ៱ຫشࠌڇଚᝫהऱԫຝΔس

٤ՠፖհኙݼΖ

ڇຍડᖞଡ٤ڜขᄐᏁޏᨠΔڂዬߜޏڤլՂվ

ཕᐝীጻሁᆞࢬحขسऱౡᆵΖݺམֆؾقছऱጻሁڜ

٤ᑓীឩך౨ԺլߩΔᏁൕഗءᐋආ٤ᄅऱ٤ڜऄΖ

ՈڼڂΔᅝݺᦰݙຍءᄕਐত৵ՕቔፘΔൕףޓڼഒॾݺଚ

ᏁඒߛՕฒΔࠀᖕᅝվऱጻሁސᚰउආ೯Ζݺଚإ

ᜯᆞحፖഏ୮៣ऱጻሁψ૨ໂᤁωΔխ௫ᛩᛩઌڬऱܓ

墿೯ᖲፖچਙएᤜᠲΖڇຍᤁխΔࠃኪࠐᣤૹΖ

ᄎԫࡡ٤ሽॾຏಛᘬᇬڜᑛอփഏ୮ګዊڶݺ

ΔࠀԵᙇሒભΕMandiant ᇷಛ٤ڜֆ Polycom ऱᇀࠃ

ᄎګΖڼطࠐΔݺଚᖑڶԱؾٵ٥ᑑᖞٽֆ٥ፖߏԳຝ

ຍଡᗑদऱՕړᖲᄎΖݺઌॾΔݺଚലٵױԺנބঅᥨ

ᣂഗዌऱᄅᇞऄΖش٥

ڇ٤ڣװ IT Եދբݾ٤ઝڜ 200 حጻሁᆞᏙભցΔڍ

APT ᙹড়থᝫਢ౨ᖩॴऱॿԵ۶ጻሁ᧗ᇷறΔᖄી

ᄐ೭ሎխឰΙኙݺڼტլױ৸ᤜΖ

ݼᗧ౨ԺऱᆵΔኙ۶ᚦᇖጻሁڕᎅڇܛਐতء Steve խ

૪ऱψᅝվᄅীኪጻሁސᚰωΖ٤ጻሁࠃऱഹದړإᎅ

ౡऱ৫Δאጻሁސᚰऱ壄യᓤᠧ৫ΖڼڇݺԺᣠۯٺ

ᇡᦰءਐতΔࠀፖٵࠃٵᕦጻሁቸࠆ൞ൕխࢬᖂऱव

ᢝΖݺଚႊ٣ޓڶऱઝݾΕޓጹയऱሀขᄐٽֆ٥ፖ

ᚰΖސऱጻሁזൎՕऱຑΔթ౨ॴຍጟᄅԫޓԳຝߏ

vi | ತࠒϞΙфࡄ٩

ᣂݺաऱຝΔףڇݺԵ FireEye ৵ലڼᅝݺګᎃߢሒګ

ऱᄅؾᑑЁ༼٣ࠎऱΔאᇞᅝվཟऱጻሁ٤ڜം

ᠲΖൕ೭ McAfee ڣڍᚷച९ऱᖲᄎΙڻڍڶݺΔࠐא

ᨠኘڇՈԫऴࠐ FireEyeΖኙ౨ףԵຍᖑޏڶᄐሏᚭঞ

ءܗᇷנඨຘመݦՈݺΔ؆ڼტॺᕿΖݺΔऱֆݾ

ਐতנठΔࠎ༽ۯٺԫଡਮᄗΔ৬ޓم౨Ժऱዶ

ຘጻሁഗΔڼࠉࠀຝᆟᄅԫזౡᗧΖ

David DeWalt

FireEye ച९

ġו

Εߠآࢬጟ壄യ৫ছٺګᖲዌբਙࡉΔᄐࠐ

ᤛࢬߡլԵऱጻሁސᚰ୭Ζᕣጥދڣޢᇷመ

200 Ꮩભցආႚอᇷಛ٤ڜᗧᇞூΔ៣ս

աإፖᄅԫזጻሁސᚰᕿᖏΔڕၸऱრڤၸᥛ

ຟ౨ᚰ೯ઌᅝᥬΕऄቃސࠄᚰΰAPTαΙຍސዶຘࢤ

อΖߓছऱጻሁؾॿԵפګ

२

ᇷறΕధᡏૹอΕ᧗ߓᚰސრቹլ૩ऱᑅԳࠄຍუڕ

ഗዌΔݺଚႊشլߡٵ৫৸ەΖݺଚႊᛵᇞאᐛᒘ

ഗऱႚอᗧΔሎشᄅઝݾࠀॴᅝվऱᄅীጻሁ

ᚰΖސ

ᗧՠΰNGTPαਢౡזᇞऄΖᄅԫބଚբݺΔړ

ᄅऱᄅڤጻሁ٤ڜΔᆖᢞኔ౨פګᗧᄅԫזऱౡΖڕ

൞ຂᒔঅ၆ֆऱጻሁࢤ٤ڜΔ൞Տᆄլ౨ᙑመءΖ

ണᖂġร 1 ψᗧᄅԫזౡωڃૹՕᇷற؆ਜ਼ऱԳอૠᑇᖕΕ

ᎅ२ࠐڣᄐፖਙࢬسऱૹՕጻሁސᚰࠃΕᇞᤩᇷற

ᔡ᧗հઌᣂࠀءګለႚอፖᄅԫזጻሁސᚰऱฆΖ

ร 2 ψᛵᇞᑅԳωঞᣊנԿጟᣊীऱጻሁᑅԳЁጻሁᆞحΕ

ഏ୮ᇷܗऱౡᙹড়೯ᆠЁࠀᎅຍࠄᑅԳ۶ڕ

ᗧᖲΖ٤ڜᝩႚอᇷಛפګ

ร 3 ψၸጻሁސᚰଳωᆠ APT २ՂഏᎾᄅፊڃࠀ

ᙰයऱૹՕ APT פګᚰΙ൷ထঞᇡาᎅސ APT ᚰኙᣂഗސ

ዌױࢬ౨ขسऱψዮዳشωΕດԫ൶ APT ၜཚնၸࡎس

ᔡܡೠ៣ਢࠎ༽ࠀ APT ᚰऱᤞಛΖސ

ร 4 ψᖄԵᄅԫזౡᗧᖲω֊ԵംᠲுΔᆠ NGTPΕ૪უऱ NGTP ᇞூᚨໂհࢤΔࠀለ NGTP ፖႚอ

ΰsandboxݾ٤ڜฏޥᗧᖲᐛᒘഗऱאtechnologyαΖ

viii | ತࠒϞΙфࡄ٩

ร 5 ψ൶ᄅԫזౡᗧωᥛร 4 փ୲Δᒔ֊ᎅ NGTPᚰኙሽၡಛஒΕጻຏಛᙩኪᚾூސᄅীኪጻሁ۶ڕ

൶Ꮖ٣ऱࠀऱჾ୭Ζխګທࢬ NGTP ᇞூհ

Ζڤߠጻሁഗዌऱጟڶٽ૪ലᖞࠀΔۥ

ร 6 ψᙇᖗإᒔऱ NGTP ᇞூωᒔኔᎅආ NGTP ᇞ

ூរЁޓૹऱਢ༼ᙌ൞ආழᚨᝩऱळរΖ

ნ༼ءࠎૹհ១ەᆠΰאڗقαΖ

ᄂҢყҰġ

ġ ඪᒺௌġ

ġ ġ

৬ᤜΖشଡԳ៣հኔشᚨױࠎ༽ق༽

ġ ϸġ

ġ ġ

ڼߠቹقழᓮಖΔڂઌᣂփ୲ץ൞լ୲ݱಖऱૹ ᇷಛΖ

ġ ཎġݧ

ġ ġ

შΔڂڕڶง൞၆ֆױ౨Ꮑנב၆זᏝΖ

ġ ᄇፙġ

ġ ġ

ፖڼቹقઌᣂփ୲ለݾٻᐋΔਢಾኙ IT ԳࢬૠΖ

ġ ᆩၯၥਟġ

ġ ġ

უᛵᇞڍޓᇷಛΛᇿထઌᚨऱ URL ᛵᇞጻሁՂהઌᣂփ୲Ζ

1 ണ

Ιфࡄဎġ

ҏണ१ᘈ

ӱശߖၥਟѴಛॎኵᐃ

ષಛᆩၯᔞ

ᕣඌཎแԒȃႭਢ৯Ȟzero-dayȟЅܒ

ᅤആࡄ

ऱጻሁސᚰޓא壄യΖመװԫࠐאڣΔݺଚբ

ᚰբሒސࠄΔຍࠃऱᇷற؆ਜ਼شᢝᤞ൩ߠ

ছߠآࢬऱᓤᠧ৫ፖᑓΔᖄીޢԫټᇷಛ٤ڜ

ΰCISOαլլૹᄅᛀ៣ऱጻሁᇷಛ٤ڜणኪΖ

վᚰীސᔆऱᙹড়ࢤق٤ীЁൕݙᆞขᄐՈբحழΔጻሁٵ

ᛧࢤܓᔆऱጻሁސᚰΔڶԱਙएܓ墿೯ऱጻሁސ

ᚰΖᅝվጻሁᆞح൷መ৫ಝᒭΔଫᑵᒭऱސᚰݾΔᔾ

ᚰΖސࠄਮຍᗧᖲբԺᐛᒘഗऱאছؾ

៣ڇᜯᄅীኪऱጻሁސᚰΖຍڍۯڍࠄڤౡ౨

อߓᗧᛥΕԵॿ־ڕࠏᗧᖲΔ٤ڜᝩႚอऱᇷಛ

ΰIPSαΕ٤ڜጻሁፖሽၡሴሐΖ

ᅝվەࠀᣤૹΛ२ऱอૠᑇᖕΔڍڶΔംᠲאࢬ

ᣤૹऱጻሁސᚰூࠏױᗭवԫԲΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

vi | ತࠒϞΙфࡄ٩

ᣂݺաऱຝΔףڇݺԵ FireEye ৵ലڼᅝݺګᎃߢሒګ

ऱᄅؾᑑЁ༼٣ࠎऱΔאᇞᅝվཟऱጻሁ٤ڜം

ᠲΖൕ೭ McAfee ڣڍᚷച९ऱᖲᄎΙڻڍڶݺΔࠐא

ᨠኘڇՈԫऴࠐ FireEyeΖኙ౨ףԵຍᖑޏڶᄐሏᚭঞ

ءܗᇷנඨຘመݦՈݺΔ؆ڼტॺᕿΖݺΔऱֆݾ

ਐতנठΔࠎ༽ۯٺԫଡਮᄗΔ৬ޓم౨Ժऱዶ

ຘጻሁഗΔڼࠉࠀຝᆟᄅԫזౡᗧΖ

David DeWalt

FireEye ച९

ġו

Εߠآࢬጟ壄യ৫ছٺګᖲዌբਙࡉΔᄐࠐ

ᤛࢬߡլԵऱጻሁސᚰ୭Ζᕣጥދڣޢᇷመ

200 Ꮩભցආႚอᇷಛ٤ڜᗧᇞூΔ៣ս

աإፖᄅԫזጻሁސᚰᕿᖏΔڕၸऱრڤၸᥛ

ຟ౨ᚰ೯ઌᅝᥬΕऄቃސࠄᚰΰAPTαΙຍސዶຘࢤ

อΖߓছऱጻሁؾॿԵפګ

२

ᇷறΕధᡏૹอΕ᧗ߓᚰސრቹլ૩ऱᑅԳࠄຍუڕ

ഗዌΔݺଚႊشլߡٵ৫৸ەΖݺଚႊᛵᇞאᐛᒘ

ഗऱႚอᗧΔሎشᄅઝݾࠀॴᅝվऱᄅীጻሁ

ᚰΖސ

ᗧՠΰNGTPαਢౡזᇞऄΖᄅԫބଚբݺΔړ

ᄅऱᄅڤጻሁ٤ڜΔᆖᢞኔ౨פګᗧᄅԫזऱౡΖڕ

൞ຂᒔঅ၆ֆऱጻሁࢤ٤ڜΔ൞Տᆄլ౨ᙑመءΖ

ണᖂġร 1 ψᗧᄅԫזౡωڃૹՕᇷற؆ਜ਼ऱԳอૠᑇᖕΕ

ᎅ२ࠐڣᄐፖਙࢬسऱૹՕጻሁސᚰࠃΕᇞᤩᇷற

ᔡ᧗հઌᣂࠀءګለႚอፖᄅԫזጻሁސᚰऱฆΖ

ร 2 ψᛵᇞᑅԳωঞᣊנԿጟᣊীऱጻሁᑅԳЁጻሁᆞحΕ

ഏ୮ᇷܗऱౡᙹড়೯ᆠЁࠀᎅຍࠄᑅԳ۶ڕ

ᗧᖲΖ٤ڜᝩႚอᇷಛפګ

ร 3 ψၸጻሁސᚰଳωᆠ APT २ՂഏᎾᄅፊڃࠀ

ᙰයऱૹՕ APT פګᚰΙ൷ထঞᇡาᎅސ APT ᚰኙᣂഗސ

ዌױࢬ౨ขسऱψዮዳشωΕດԫ൶ APT ၜཚնၸࡎس

ᔡܡೠ៣ਢࠎ༽ࠀ APT ᚰऱᤞಛΖސ

ร 4 ψᖄԵᄅԫזౡᗧᖲω֊ԵംᠲுΔᆠ NGTPΕ૪უऱ NGTP ᇞூᚨໂհࢤΔࠀለ NGTP ፖႚอ

ΰsandboxݾ٤ڜฏޥᗧᖲᐛᒘഗऱאtechnologyαΖ

viii | ತࠒϞΙфࡄ٩

ร 5 ψ൶ᄅԫזౡᗧωᥛร 4 փ୲Δᒔ֊ᎅ NGTPᚰኙሽၡಛஒΕጻຏಛᙩኪᚾூސᄅীኪጻሁ۶ڕ

൶Ꮖ٣ऱࠀऱჾ୭Ζխګທࢬ NGTP ᇞூհ

Ζڤߠጻሁഗዌऱጟڶٽ૪ലᖞࠀΔۥ

ร 6 ψᙇᖗإᒔऱ NGTP ᇞூωᒔኔᎅආ NGTP ᇞ

ூរЁޓૹऱਢ༼ᙌ൞ආழᚨᝩऱळរΖ

ნ༼ءࠎૹհ១ەᆠΰאڗقαΖ

ᄂҢყҰġ

ġ ඪᒺௌġ

ġ ġ

৬ᤜΖشଡԳ៣հኔشᚨױࠎ༽ق༽

ġ ϸġ

ġ ġ

ڼߠቹقழᓮಖΔڂઌᣂփ୲ץ൞լ୲ݱಖऱૹ ᇷಛΖ

ġ ཎġݧ

ġ ġ

შΔڂڕڶง൞၆ֆױ౨Ꮑנב၆זᏝΖ

ġ ᄇፙġ

ġ ġ

ፖڼቹقઌᣂփ୲ለݾٻᐋΔਢಾኙ IT ԳࢬૠΖ

ġ ᆩၯၥਟġ

ġ ġ

უᛵᇞڍޓᇷಛΛᇿထઌᚨऱ URL ᛵᇞጻሁՂהઌᣂփ୲Ζ

1 ണ

Ιфࡄဎġ

ҏണ१ᘈ

ӱശߖၥਟѴಛॎኵᐃ

ષಛᆩၯᔞ

ᕣඌཎแԒȃႭਢ৯Ȟzero-dayȟЅܒ

ᅤആࡄ

ऱጻሁސᚰޓא壄യΖመװԫࠐאڣΔݺଚբ

ᚰբሒސࠄΔຍࠃऱᇷற؆ਜ਼شᢝᤞ൩ߠ

ছߠآࢬऱᓤᠧ৫ፖᑓΔᖄીޢԫټᇷಛ٤ڜ

ΰCISOαլլૹᄅᛀ៣ऱጻሁᇷಛ٤ڜणኪΖ

վᚰীސᔆऱᙹড়ࢤق٤ীЁൕݙᆞขᄐՈբحழΔጻሁٵ

ᛧࢤܓᔆऱጻሁސᚰΔڶԱਙएܓ墿೯ऱጻሁސ

ᚰΖᅝվጻሁᆞح൷መ৫ಝᒭΔଫᑵᒭऱސᚰݾΔᔾ

ᚰΖސࠄਮຍᗧᖲբԺᐛᒘഗऱאছؾ

៣ڇᜯᄅীኪऱጻሁސᚰΖຍڍۯڍࠄڤౡ౨

อߓᗧᛥΕԵॿ־ڕࠏᗧᖲΔ٤ڜᝩႚอऱᇷಛ

ΰIPSαΕ٤ڜጻሁፖሽၡሴሐΖ

ᅝվەࠀᣤૹΛ२ऱอૠᑇᖕΔڍڶΔംᠲאࢬ

ᣤૹऱጻሁސᚰூࠏױᗭवԫԲΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

ġו

Εߠآࢬጟ壄യ৫ছٺګᖲዌբਙࡉΔᄐࠐ

ᤛࢬߡլԵऱጻሁސᚰ୭Ζᕣጥދڣޢᇷመ

200 Ꮩભցආႚอᇷಛ٤ڜᗧᇞூΔ៣ս

աإፖᄅԫזጻሁސᚰᕿᖏΔڕၸऱრڤၸᥛ

ຟ౨ᚰ೯ઌᅝᥬΕऄቃސࠄᚰΰAPTαΙຍސዶຘࢤ

อΖߓছऱጻሁؾॿԵפګ

२

ᇷறΕధᡏૹอΕ᧗ߓᚰސრቹլ૩ऱᑅԳࠄຍუڕ

ഗዌΔݺଚႊشլߡٵ৫৸ەΖݺଚႊᛵᇞאᐛᒘ

ഗऱႚอᗧΔሎشᄅઝݾࠀॴᅝվऱᄅীጻሁ

ᚰΖސ

ᗧՠΰNGTPαਢౡזᇞऄΖᄅԫބଚբݺΔړ

ᄅऱᄅڤጻሁ٤ڜΔᆖᢞኔ౨פګᗧᄅԫזऱౡΖڕ

൞ຂᒔঅ၆ֆऱጻሁࢤ٤ڜΔ൞Տᆄլ౨ᙑመءΖ

ണᖂġร 1 ψᗧᄅԫזౡωڃૹՕᇷற؆ਜ਼ऱԳอૠᑇᖕΕ

ᎅ२ࠐڣᄐፖਙࢬسऱૹՕጻሁސᚰࠃΕᇞᤩᇷற

ᔡ᧗հઌᣂࠀءګለႚอፖᄅԫזጻሁސᚰऱฆΖ

ร 2 ψᛵᇞᑅԳωঞᣊנԿጟᣊীऱጻሁᑅԳЁጻሁᆞحΕ

ഏ୮ᇷܗऱౡᙹড়೯ᆠЁࠀᎅຍࠄᑅԳ۶ڕ

ᗧᖲΖ٤ڜᝩႚอᇷಛפګ

ร 3 ψၸጻሁސᚰଳωᆠ APT २ՂഏᎾᄅፊڃࠀ

ᙰයऱૹՕ APT פګᚰΙ൷ထঞᇡาᎅސ APT ᚰኙᣂഗސ

ዌױࢬ౨ขسऱψዮዳشωΕດԫ൶ APT ၜཚնၸࡎس

ᔡܡೠ៣ਢࠎ༽ࠀ APT ᚰऱᤞಛΖސ

ร 4 ψᖄԵᄅԫזౡᗧᖲω֊ԵംᠲுΔᆠ NGTPΕ૪უऱ NGTP ᇞூᚨໂհࢤΔࠀለ NGTP ፖႚอ

ΰsandboxݾ٤ڜฏޥᗧᖲᐛᒘഗऱאtechnologyαΖ

viii | ತࠒϞΙфࡄ٩

ร 5 ψ൶ᄅԫזౡᗧωᥛร 4 փ୲Δᒔ֊ᎅ NGTPᚰኙሽၡಛஒΕጻຏಛᙩኪᚾூސᄅীኪጻሁ۶ڕ

൶Ꮖ٣ऱࠀऱჾ୭Ζխګທࢬ NGTP ᇞூհ

Ζڤߠጻሁഗዌऱጟڶٽ૪ലᖞࠀΔۥ

ร 6 ψᙇᖗإᒔऱ NGTP ᇞூωᒔኔᎅආ NGTP ᇞ

ூរЁޓૹऱਢ༼ᙌ൞ආழᚨᝩऱळរΖ

ნ༼ءࠎૹհ១ەᆠΰאڗقαΖ

ᄂҢყҰġ

ġ ඪᒺௌġ

ġ ġ

৬ᤜΖشଡԳ៣հኔشᚨױࠎ༽ق༽

ġ ϸġ

ġ ġ

ڼߠቹقழᓮಖΔڂઌᣂփ୲ץ൞լ୲ݱಖऱૹ ᇷಛΖ

ġ ཎġݧ

ġ ġ

შΔڂڕڶง൞၆ֆױ౨Ꮑנב၆זᏝΖ

ġ ᄇፙġ

ġ ġ

ፖڼቹقઌᣂփ୲ለݾٻᐋΔਢಾኙ IT ԳࢬૠΖ

ġ ᆩၯၥਟġ

ġ ġ

უᛵᇞڍޓᇷಛΛᇿထઌᚨऱ URL ᛵᇞጻሁՂהઌᣂփ୲Ζ

1 ണ

Ιфࡄဎġ

ҏണ१ᘈ

ӱശߖၥਟѴಛॎኵᐃ

ષಛᆩၯᔞ

ᕣඌཎแԒȃႭਢ৯Ȟzero-dayȟЅܒ

ᅤആࡄ

ऱጻሁސᚰޓא壄യΖመװԫࠐאڣΔݺଚբ

ᚰբሒސࠄΔຍࠃऱᇷற؆ਜ਼شᢝᤞ൩ߠ

ছߠآࢬऱᓤᠧ৫ፖᑓΔᖄીޢԫټᇷಛ٤ڜ

ΰCISOαլլૹᄅᛀ៣ऱጻሁᇷಛ٤ڜणኪΖ

վᚰীސᔆऱᙹড়ࢤق٤ীЁൕݙᆞขᄐՈբحழΔጻሁٵ

ᛧࢤܓᔆऱጻሁސᚰΔڶԱਙएܓ墿೯ऱጻሁސ

ᚰΖᅝվጻሁᆞح൷መ৫ಝᒭΔଫᑵᒭऱސᚰݾΔᔾ

ᚰΖސࠄਮຍᗧᖲբԺᐛᒘഗऱאছؾ

៣ڇᜯᄅীኪऱጻሁސᚰΖຍڍۯڍࠄڤౡ౨

อߓᗧᛥΕԵॿ־ڕࠏᗧᖲΔ٤ڜᝩႚอऱᇷಛ

ΰIPSαΕ٤ڜጻሁፖሽၡሴሐΖ

ᅝվەࠀᣤૹΛ२ऱอૠᑇᖕΔڍڶΔംᠲאࢬ

ᣤૹऱጻሁސᚰூࠏױᗭवԫԲΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

viii | ತࠒϞΙфࡄ٩

ร 5 ψ൶ᄅԫזౡᗧωᥛร 4 փ୲Δᒔ֊ᎅ NGTPᚰኙሽၡಛஒΕጻຏಛᙩኪᚾூސᄅীኪጻሁ۶ڕ

൶Ꮖ٣ऱࠀऱჾ୭Ζխګທࢬ NGTP ᇞூհ

Ζڤߠጻሁഗዌऱጟڶٽ૪ലᖞࠀΔۥ

ร 6 ψᙇᖗإᒔऱ NGTP ᇞூωᒔኔᎅආ NGTP ᇞ

ூរЁޓૹऱਢ༼ᙌ൞ආழᚨᝩऱळរΖ

ნ༼ءࠎૹհ១ەᆠΰאڗقαΖ

ᄂҢყҰġ

ġ ඪᒺௌġ

ġ ġ

৬ᤜΖشଡԳ៣հኔشᚨױࠎ༽ق༽

ġ ϸġ

ġ ġ

ڼߠቹقழᓮಖΔڂઌᣂփ୲ץ൞լ୲ݱಖऱૹ ᇷಛΖ

ġ ཎġݧ

ġ ġ

შΔڂڕڶง൞၆ֆױ౨Ꮑנב၆זᏝΖ

ġ ᄇፙġ

ġ ġ

ፖڼቹقઌᣂփ୲ለݾٻᐋΔਢಾኙ IT ԳࢬૠΖ

ġ ᆩၯၥਟġ

ġ ġ

უᛵᇞڍޓᇷಛΛᇿထઌᚨऱ URL ᛵᇞጻሁՂהઌᣂփ୲Ζ

1 ണ

Ιфࡄဎġ

ҏണ१ᘈ

ӱശߖၥਟѴಛॎኵᐃ

ષಛᆩၯᔞ

ᕣඌཎแԒȃႭਢ৯Ȟzero-dayȟЅܒ

ᅤആࡄ

ऱጻሁސᚰޓא壄യΖመװԫࠐאڣΔݺଚբ

ᚰբሒސࠄΔຍࠃऱᇷற؆ਜ਼شᢝᤞ൩ߠ

ছߠآࢬऱᓤᠧ৫ፖᑓΔᖄીޢԫټᇷಛ٤ڜ

ΰCISOαլլૹᄅᛀ៣ऱጻሁᇷಛ٤ڜणኪΖ

վᚰীސᔆऱᙹড়ࢤق٤ীЁൕݙᆞขᄐՈբحழΔጻሁٵ

ᛧࢤܓᔆऱጻሁސᚰΔڶԱਙएܓ墿೯ऱጻሁސ

ᚰΖᅝվጻሁᆞح൷መ৫ಝᒭΔଫᑵᒭऱސᚰݾΔᔾ

ᚰΖސࠄਮຍᗧᖲբԺᐛᒘഗऱאছؾ

៣ڇᜯᄅীኪऱጻሁސᚰΖຍڍۯڍࠄڤౡ౨

อߓᗧᛥΕԵॿ־ڕࠏᗧᖲΔ٤ڜᝩႚอऱᇷಛ

ΰIPSαΕ٤ڜጻሁፖሽၡሴሐΖ

ᅝվەࠀᣤૹΛ२ऱอૠᑇᖕΔڍڶΔംᠲאࢬ

ᣤૹऱጻሁސᚰூࠏױᗭवԫԲΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

1 ണ

Ιфࡄဎġ

ҏണ१ᘈ

ӱശߖၥਟѴಛॎኵᐃ

ષಛᆩၯᔞ

ᕣඌཎแԒȃႭਢ৯Ȟzero-dayȟЅܒ

ᅤആࡄ

ऱጻሁސᚰޓא壄യΖመװԫࠐאڣΔݺଚբ

ᚰբሒސࠄΔຍࠃऱᇷற؆ਜ਼شᢝᤞ൩ߠ

ছߠآࢬऱᓤᠧ৫ፖᑓΔᖄીޢԫټᇷಛ٤ڜ

ΰCISOαլլૹᄅᛀ៣ऱጻሁᇷಛ٤ڜणኪΖ

վᚰীސᔆऱᙹড়ࢤق٤ীЁൕݙᆞขᄐՈբحழΔጻሁٵ

ᛧࢤܓᔆऱጻሁސᚰΔڶԱਙएܓ墿೯ऱጻሁސ

ᚰΖᅝվጻሁᆞح൷መ৫ಝᒭΔଫᑵᒭऱސᚰݾΔᔾ

ᚰΖސࠄਮຍᗧᖲբԺᐛᒘഗऱאছؾ

៣ڇᜯᄅীኪऱጻሁސᚰΖຍڍۯڍࠄڤౡ౨

อߓᗧᛥΕԵॿ־ڕࠏᗧᖲΔ٤ڜᝩႚอऱᇷಛ

ΰIPSαΕ٤ڜጻሁፖሽၡሴሐΖ

ᅝվەࠀᣤૹΛ२ऱอૠᑇᖕΔڍڶΔംᠲאࢬ

ᣤૹऱጻሁސᚰூࠏױᗭवԫԲΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

2 | ತࠒϞΙфࡄ٩

ᡙΡޟಛॎኵᐃġ٤ړڶ୮वټጻሁᇷಛ٤ڜઔߒ៣ڇᅮᄐऱጻሁސᚰ

ႨΔխԫ୮ Verizon RISK (Response Intelligence Solutions and Knowledge) TeamΖᇠ៣Աԫᐖૹ

ऱڣ৫ᇷற؆ਜ਼ᓳܫΰData Breach Investigations ReportαΖ

Verizon ڇ 2012 ΰ2011ڣՂԫڣ ऱسࢬαڣ 855 ᇷற؆

ਜ਼ࠃΔᔡԵॿऱᇷறಖᙕሒ 174 ᏙΙVerizon ऱ

ՈᖞאנՀԳऱอૠᑇᖕΚ

5 98ऱࠃਢࠐ؆ຝԳΰઌኙছԫګڣ९ 6α

5 85Ꮑړၜऱழթᄎΰګ९ 6α

5 81௫ૉեڤݮऱᙹড়ސᚰΰګ९ 31α

5 69ᄐრڤΰګ९ 20α

ᆩၯၥਟġ

၄Հሉڕ Verizon ܫΔᓮທΚ

wwwverizonbusinesscom Ζ

ᄅԫזౡᗧऱᏆᖄЁFireEye Ոڇ 2012 ၸౡڣ

փ୲ΔܫΰAdvanced Threat Reportαΰ1H 2012αΖᖕܫ

ᄐޢଡਈᄎ 643 ᚰސࠄᚰΔຍސࠃڤጻሁრڻ

ઃפګዶຘႚอᇷಛ٤ڜᗧᖲΔڕΚ־ᛥΕԵॿᗧߓอ

ຌΖઌለ 2011 ףტऱᑇၦᏺֆޢཚΔٵڣ

Ա 225Ζ

ᆩၯၥਟġ

၄Հሉڕ FireEye ܫΔᓮທΚ

wwwfireeyecominfo-center Ζ

ᕣጥ٤ٺբᏺףᇷಛ٤ڜऱދᇷΰؾছڣޢᇷಛ٤ڜข

ፖ೭נբሒ 200 ᏙભցαΔࠐ؆ຝᙹড়ސᚰࢬᖄીऱ

ᇷற؆ਜ਼ࠏսլឰՂΕᄐრސڤᚰࠉࠃ៱ᥛᏺ

ଡਈऱழթᄎૹՕऱᇷற؆ਜ਼Μړᝫक़Δף

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

1 ണȈΙфࡄဎ | 3

ġޱڧߖೈॺᄐࡉਙᖲዌආޓش壄യऱ٤ᄅऄאᄅԫސזᚰΔ

२ཚփࠎ༽ՀאຍጟፊᥬՂᄅፊᙰයΖڂঞ៣ലᄎᤉᥛܡ

ٽၸᙹড়ݾऱૹՕᄐፖਙጻሁސᚰࠃᒤࠏΚ

୦ᔞ

5 ᛩႪΰ2012 ڣ 3 αΚސᚰࠃಳᄩڃ 2011 ڣ 1 Δ

ᅝழᙹড়᧗ 7 شᇷறΔᖄીຍ୮ॾشᆄॾڍۍ

ሒ؈ᄐჾ 8500 ᆄભցΔࠀᑉழᔡ Visa ࡉ

MasterCard ೈټΖ

5 क़ႃቸΰ2011 ڣ 6 αΚᇠֆᜢطጻሁ

ᚰΔᖄીސ 36 ᆄॾشᇆᒘᔡ᧗Δխ 3400 բ

ᔡΔ८ᠰመ 270 ᆄભցΖ

5 RSA Securityΰ2011 ڣ 3 αΚጻሁސᚰ᧗

SecurID ೯ኪയᒘขسᕴઌᣂᇷறΔװ؈ࠌᇷಛڜ

Ζࢤ٤

ඪᒺௌġ

ᣂސڻڼᚰᇡΔᓮᔹร 3 ψRSA Security ᔡࢭࡖ APT ᚰωೡᖄΖސ

ᔞġۺ

5 তڠף೭ᆟΰ2012 ڣ 10 αΚԫټᙹড়ຘመ؆ຝ

ጻሁސᚰΔ᧗પ 360 ᆄषᄎ٤ڜᒘ 387 ᆄॾ

ᇆᒘΖെش

5 ભഏᛩቼঅᥨᆟΰEPAαΰ2012 ڣ 8 αΚ5000 ټڍ

EPA ՠऱषᄎ٤ڜᒘΕᎬᎁᢞെᇆᒘ۰୮چ

ՠਊՀრሽၡॵ৵؆ਜ਼Ζټԫڇ

5 ிΰ2012 ڣ 5 αΚிᖕጠᔡભഏ٨ۥאຝ

ᆟ Flame ᘪڤΔאᒷᇠഏऱுૠΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

4 | ತࠒϞΙфࡄ٩

٩ᑕѶఁޟфቋġ ϸġ

ԱᒷႚอᄅԫזౡࢬທګऱᓢᚰΔIT ᇷಛ٤ڜ៣ႊ

ᆵኔ৫ᗧฃΰጻሁጤរࢤ٤ڜᗧᐋαΔܡঞױ౨נב

ኰזᏝΙࠃኔՂΔຍױ౨ᄎᖄીֆଙຨΜ

2012 ڣ ឆ ߏ ዄ ᇷ ಛ ጥ ઔ ߒ ᖲ ዌ Ponemon Institute (wwwponemonorg) אψ2012 ભഏאΚߒᏝઔזᆞحጻሁڣ

ᑑᠲΔωΰ2012 Cost of Cyber Crime Study United Statesαࠏ

รԿڣ৫ܫΖPonemonڇ 56 ୮ભഏᄐڂᇷற

؆ਜ਼ࢬנבऱזᏝ৵Δޢԫ୮ֆڂڣޢጻሁحᆞࢬ

Ꮭזऱנב 890 ᆄભցΔխ୭৫ঞ 140 ᆄભցΔ

ૹױሒ 4600 ᆄભցΖದ 2011 อૠऱڣ 840 ᆄભցଖΔ

2012 ףᑇଖԾᏺڣ 6ΙPonemonՈૠጩޢԫ୮ֆޢၜᔡ

102 ᚰΔದސऱጻሁפګڻ 2011 ၜޢڣ 72 ސऱጻሁڻ

ᚰᏺף 42Ζ

ᆩၯၥਟġ

၄Հሉڕ Ponemon Institute ܫΔᓮທΚ

wwwponemonorglibrary Ζ

ֆᇷறᔡՕᑓ؆ਜ਼ࢬᏁኙऱᡓՕ၄ץشਔΚ

5 ᓳፖᦸᢝ၄ش

5 ড়ፖٽኃ۴ᄮຏ၄ش

5 ֆ٥ᣂএנ

؈ჾگჾᖄીऱᛜᥩڂ 5

5 ፆ८

شᓽᚍऄ৳၄ࠃا 5

Εߪءᅝֆໂ൛ΖֆڶಝЁڶײᚰސᒤጻሁڇ

ড়ܓ墿ထუΔڇ৫ᗧਮዌխᖞٽᄅԫזౡᗧ

ᖲΔ٣ࠃॴؾছऱᄅীኪጻሁސᚰΖ

1 ണȈΙфࡄဎ | 5

ࠉശלԒࡄݷġᅝվᄐਙᖲዌᜯٺڤٺᑌऱጻሁސᚰΖءലጻሁސᚰ

១ቤଡᐖᆠᣊЁႚอౡፖᄅԫזౡΖ

ಛࡄġ

ଚΙױڼڂᅝ墿ωΔᘯψױᚰސᣊխऱႚอጻሁڼ

ឈຏױຘመ IPS ᇘᆜΕᄅԫ־זᛥΰNGFWαຌ

ೠࠐנΔڶழՈᄎዝנᄅऱౡठءΔᎼԵΖ

ឆᙫȃ੫Ӏڷࢳġ

ሽᆰᤘਢԱཋᐾڇጻሁՂᓤ፹ऱᗑრڤЁຏ

ਢຘመᄐߓอዥॿԵΖᤘຏຘመشᐈऱڤధᡏጻ

ሁߓอΔՈᄎψᖩٻωސᚰΔᖄીءᚨঅᥨऱփຝߓ

อტࢨ᧗ᇷறΙڶሽᆰఐΔᤘࠀլᄎॵף

ᚾூՂΖࢨڤה

ΰࢨጠαຏᄎೕᇘګኔشऱຌᚨشڤΔ

ტڇױᦞΖژऱሽᆰشࠌऱਢᣑؾ

ऱߓอփᓤ፹Δऄཋᐾ٤ڜڶהዥऱሽ

ᆰΙڼڂຏᄎףԵהტऱሽᆰګݮጻሁΰጠໄᚎጻሁΙ

ᓮᔹՀᆏᎅαထ൷گԫޡਐقΔ৵៶طຍࠄጻሁ᧗

ႚᎠΔՈڤषࢨၡࡑຘመױᏁऱᇷಛΖࢬ

Ζڤᇘڜऱठڤشᚨࢨሏᚭټवګೕᇘױ

ሽᆰఐঞਢԫጟრڤᒘΔఐࢬທګऱధᡏאױৰპΔ

Ոױ౨߀ᣄࢤ৵ΖఐᄎॵڇףࢨڤᚾூՂڇאሽᆰ

հႚᐾΔᙟထႚᐾሁஉტהሽᆰΙఐፖᤘऱڇ

ႨΖސ೯ఐႊຘመԳᖙ

6 | ತࠒϞΙфࡄ٩

ᒘᡝᇄലᓼᆩၯġ

ᘪຌਢຘመጻᎾጻሁຑᒵΔآشࠌڇኘᤚऱउՀ

ႃشࠌᇷಛऱຌΔຏਢಾኙᐖشܫຜࢬૠΰጠᐖܫຌΔאᐘሂᐖܧڤݮܫαΔڶழՈᄎ᧗ᖲയᇷಛΔڕΚ

ຏᄎڤشᇆᒘΖᘪຌᚨشጠΕയᒘॾټشࠌ

ॵشࠌڇףൕጻᎾጻሁՀሉऱش٥ຌࢨ၄ຌڤխΖԫ

ڇ೯Δ৵شࠌᣊຌ৵Δᘪຌᄎ൳ڼᇘڜ

હནᑓڤՀലᇠᇷறႚᙁਬԳΖ

ᄇፙġ

ໄᚎጻሁਢਐრڤԵॿऱጻሁຑᒵሽᆰګݮࢬऱᆢΖ

つৡαΔ൳ໄᚎጻሁࢨጠໄᚎΰܛԫຝᔡԵॿऱᇘᆜޢ

ऱԳঞጠໄᚎڤडԳΰࢨໄᚎᖙ൳αΖໄᚎጻሁऱਐཀ

ፖ൳ຏፖറ൳ໄᚎشຜࢬሎऱጻۻᕴڶᣂ

ΰጠחࡎፖ൳ࢨ១ጠ CnC ለ៱ऱໄᚎጻࠄڶᕴαΔլመۻ

ሁਢطໄᚎڤडԳشࠌጻሁเΰIRCαऴ൷ՀਐחΖໄᚎ

ຏشചॴឰ೭ސᚰΕཋᐾࡑၡΕᚏژ᧗ऱᇷற

ЯࢨՀሉהრຌტऱᖲሽᆰΖ

ᔞġҺώแޥ

षՠސᚰņڕጻሁፖᎈ塆ņਢᄕߠऱސᚰᣊীΖڕ

ร 3 壄യऱޓᐖऑΕޓ౨ᄎᖄીױ৵פګᚰԫސࠄ૪Δຍࢬ

ጻሁސᚰΖ

ጻሁਢ៶ڇطሽၡຏಛխೕᇘګॾऱኔΔ៶ڼ

ټشࠌڕጠΕയᒘΕॾشᇷಛषᄎ٤ڜᒘᇷಛΰࠀ

൷ᣑ८ᙒαऱސᚰڤΖشࠌរᙇΰۿ୭αऱຑ৵Δ

ᄎԵದࠐፖٽءऄጻԫᑓԫᑌऱጻΔࠀ

ᙁԵଡԳᇡาᇷறΖޣ

ጻሁױาڕՀΚ

5 Րڤጻሁএ᠙៣փԳՓࢨගᆢΖސᚰຏ

ᄎ٣ࠃႃސᚰؾᑑऱଡԳᇷಛא༼פګᖲΖ

5 ᣓঞਢಾኙ៣փᇷጥהૹՕؾᑑࢬૠΖ

1 ണȈΙфࡄဎ | 7

ᎈ塆ঞਢᆞڇحೖࢨጻሁᨚრൾᆵ USBᙟߪ٠ࢨ

ऱᣑڤΖຍଡᙟߪ٠ࢨՂᄎڶψጥᇷωࢨψֆ

ᇠտழΔژ୭ದሁመრΖᅝࠐᖲയωᑑ᧘

ᄎڇաऱሽᆰՂڜᇘრຌΖ

ጥፐڷSQLၥਟᗴጆᔞġ

ጟ٤ڜشܓዥऱސߠᚰକܛᒷᓢᄨࡉۯ SQL ᇷறឆᒘ

ᚰΖސ

ᒷᓢᄨۯਢԫጟጻሁސᚰΔܛᙹড়ڇಖᖋᒷᓢᐊԵנᒷ

ᓢࢭױءሉऱᇷறၦΖຍࠄመၦᇷறऱխԫຝᄎᄨۯ

ᔣ२ऱಖᖋΔທګோࢨጻሁᚨشޓאڤᦞചრ

ڤᒘᅝᖲΖᒷᓢᄨۯຏطᙹড়ᙁԵᇷறࢨറച

ऱრᚾூЯጻሁढᤛΖڤሎڤޏࢨᒘڤ

SQL ᇷறឆᒘސᚰঞᄎຘመጻࢨጻሁᚨشސڤᚰᇷறΖސ

ᚰ༼ SQL ૪ጻሁڤڤΔࠌጻሁᚨشڤຘመທऱ

SQL ऱפګႚᇷறΖחࡎ SQL ᇷறឆᒘސᚰױᖄીᇷறփ

୲ΰڕॾشषᄎ٤ڜᒘΕയᒘα؆ਜ਼ސᚰጤΖ

Ιфࡄġ

ႚอאᐛᒘഗऱ٤ڜᗧņץਔ IPSΕNGFW ขņ वऱౡթਢរΖآΔڇೠբवऱౡΙش

ඪᒺௌġ

ᚰΖސᙠጻሁٲᜯऱࢬᖲዌᆏᇡาᎅᅝվᄐፖਙء

ร 2 բᎅႚอ٤ڜᗧᖲլאߩೠቃᄅԫזౡऱ

ڂΖ

8 | ತࠒϞΙфࡄ٩

Ⴍਢ৯ࡄġ

ሿழౡਢڇֆ٥ऱآवᄐߓอࢨᚨش٤ڜڤዥՂ೯

ऱጻሁސᚰΔټጠࠐطਢڂڼᣊސᚰਢڇՕฒኘᤚ٤ڜዥ

ழΰࢨհছαऱψሿωΰday zeroαࢬ೯Ёڶڍउਢ

ᚨբवࠎउՀࠄਬڇᚰΖΰឈސᚨছ೯ऱࠎڇ

ሐᇠ٤ڜዥΔګݙآطଥᇖڼڂլᄎܛمֆΖα

ϸġ

ሿழސᚰயॺထΔڂຍސࠄᚰױ९ழሎشլ

ΰຏ९ሒړଡΔڶழ९ሒᑇڣαΔᅝຍސࠄᚰ

৵ೠࠀࠐנᎁldquoᓍխrdquo৵ΔՈक़ړړ

ၜऱழࠐଥᇖᇠ٤ڜዥΖ

ܒᅤആࡄġ

ၸᥛࢤዶຘౡΰAPTαΰԾጠၸؾᑑސڤᚰࢨ១ጠ ATAαਢઌᅝ壄യऱጻሁސᚰΔխآᆖᦞጻሁژᦞΔ

౨९ழլΖAPT ᇷறΔլਢᖄીጻሁ᧗ڇრش

ჾᡏΖAPT ᠙ڶ༼Ꮭଖᇷಛऱຝ៣Δڕࠏॾشֆ

ᖲዌ८ᘜ೭ขᄐΖΕਙ

APT ຏشࠌՐڤጻሁΰᓮᔹՂԫᆏψጻሁፖᎈ塆

ᖲ৵ΔAPTࡨధސऱጻሁԵរΖԫᚰωᎅαސᤉᥛشࠌᓳސᚰΰslow-and-lowαฃᝩೠΖ

ඪᒺௌġ

ร 3 റ൶ಘ APT ؆ՕᑓऱᇷறࠐאڶૉեאࠀᠲΔ

ਜ਼ூࠏࠏΔᎅૠࡌऱጻሁᆞشܓ۶ڕحຒސᚰᖏฃΖ

ឈءբᎅ APT ऱᆠΔᇷಛٺ٤ڜขᄐኙڼԫټհ

ᆠٺլઌٵΖࠄڶขᄐᎁ APT ႛנਙए೯ᖲऱഏ୮

ጻሁސᚰΰڕխഏፖཎαΔ ATA ঞਐಾኙ८ᘜؾऱऱސᚰΖ

א۶Δԫᄗڤᚰސऱشขᄐঞլᓵආהڶ APT อጠڶࢬ

ψૠᗾയωऱጻሁސᚰΖΔݺᎁଡԳࢬڼڇऱᆠז

Օڍᑇᇷಛ٤ڜറ୮ኙڼറټڶհऄΖ

1 ണȈΙфࡄဎ | 9

ᡐࡄלġ

ΚఐΕᤘΕڕࠏᚰņސኪαऱጻሁݮΰޏౡਢԫጟᆖݮ

ᘪຌࢨΔڼڂऄאشࠌᐛᒘഗऱᗧᖲ

ೠࠐנΖݮౡऱዝٺאױጟڤسΔڕᚾூټጠ

ᚘΰᚾூՕαΖޓ

ឈݮౡխऱڤᒘ؆ᨠᄎᙟထڻޢψݮωޏΔഗء

ΰಖᙕਊ೯ڤᒌೡᙕΔڕࠏ౨ຏፂլΖפ

ऱآᆖᦞრຌαऱᘪڤᄎᤉᥛചפڼ౨Δܛ

ᐛᒘբޏΖ

ࠌౡऱዝݮ IT ᐛᒘאᣄΖ፹ທףޓ٤റ୮ऱՠڜ

ഗऱᇷಛ٤ڜขࠎᚨႊլឰທࠀᄅऱౡᐛᒘ

ΰଡԳᎁڼᜰઌᅝ၄ءګፖழαΔٵழᄐࡉਙᖲዌņຏڶՂՏຝᖲΰਢ Mircosoft Windows অᖲᏁ

ᥨΙᓮߠψWindows ᚰՕᇞയωೡᖄαņՈᏁސጻሁ

լឰຝᆟᇷಛࠎ٤ڜᚨขسऱᐛᒘ ņ ຍਢԫଡ৻Ꮦຟ

լՂጻሁᆞح୶ऱࢤᛩΔةጐΖ

ӫԒࡄġ

ڤٽౡਢڍٽૹᣊীრຌऱጻሁސᚰΔຏ

ආڍشૹސᚰտΰլٵሁஉፖސᚰؾᑑαΔאᏺףჾ୭ऱᣤૹ

ტຒ৫ΖNimdaΕCodeRedࢤ ࡉ Conficker ਢଡለᐖԳ

वऱڤٽౡΖ

ڤٽౡຏאץՀࢤΚ

ૹཋᐾሁஉڍ 5

٤ዥڜڤشᚨࢨอЯߓᄐشܓ 5

ჾ୭ګᖲທኙጻሁڇऱؾ 5

10 | ತࠒϞΙфࡄ٩

ཎġݧ

ᇷಛ٤ڜറ୮ཏሙᎁൕఐംࠐאΔڤٽౡਢጻሁ

ܛౡլᏁԳեቃڤٽᑇڍՕڂऱଅᙠΔߠ٤լᑗڜ

ཋᐾΖױ

Windows ᔞσᆩၯڧ

ᅝ൞ᦰᄐᖄૹՕᇷ

ற؆ਜ਼ࠃழņࠄຘመጻሁ

ႚᐾऱౡΔլਢಖীሽᆰࢨ

USBᙟߪኔᇘᆜᔡ᧗ऱࠃ

ņຍࠄጻሁސᚰ٤ຝຟᓢထ

MicrosoftWindows Ζࠐᖲ

Δຍਢլਢრאࢬ Windows

ᖲለ୲ጻሁސᚰΛIT ٤ڜ

റ୮ᎁᒔኔڼڕΔࠀຏ༼נ

ጟᇞᤩЁݺᎁຍጟᎅऄݙ

ॾΖױ٤

รԫጟᇞᤩਐٻ Microsoft २ᡐ

ឰோՂীሽᆰऱᄐߓอΔ

ᄐᛩቼΖឈஃऱڇ

ቃ۷ଖڂԳฆΔՕڍᑇᑇᖕઃ

ڇנق 10 ຝጤشࠌऱሽᆰ

ᇘᆜխΔڶ 9 ຝਢආش WindowsΔᅝૠᗾയऱᙹڼڂอΖߓᄐ

ড়ᓤᠧऱᤘΕΕໄᚎ

Ր ڤ ጻ ሁ ސ ᚰ ழ Δ

Windows ଈᅝᓢګؾᑑΖ

รԲጟᇞᤩঞለٻψݾωᨠ

រ Ζ Windows ڇ ڼ հ ছ ऱ

Microsoft DOS ࠌอਢറԫߓ

ᎅػࡖอЁߓᄐૠऱش

ᇷಛࢤ٤ڜਢ৵ࠐթᏺףΖངᇩ

ᎅΔWindows ء

ਢԱᨃشࠌ౨რᖙᖞଡ

ᄐߓอૠΖլवڣ৵

mdash ൕWindowsNT ࡨ

mdash Windows ࠌૹڍགޏଥࡨ

อΔߓԵऱش Microsoft ࠀ

ൕอऱߓᄐشࠌૹڍאڶ

ᙰૹᄅૠWindows ऱਮዌΔ ਢᥛ

റ៱ठش Windows ૠऱઌ୲ࢬ

ڤΖ

ຍᏖԫࠐ Microsoft Ո Windows ఎՀԫഔࠎױᙹড়شܓऱዥΰ٤ڜஇ

រαΖຍ٤ڜࠄዥհڍΔࠃኔՂΔ

ጠאࢬଡऱรԲଡਣཚԲհޢ

ψଥᇖڤਣཚԲωΔਢڂ

Microsoft ຍᄎಾኙڇ Windows

ᄐߓอऱ٤ڜዥᄅऱଥᇖ

ΰຘመڤ Microsoft ᥏αΖܫ٤ڜ

ଥᇖڤਣཚԲࡨ 2004 ڣ

ᥛվΖ

ຍਢլਢזॺ Windows ߓᄐ

อ٤ݙլᄎఐΕრຌ

ڂᚰΛᅝլਢΔސጻሁה

MacOSX ࡉ Linux ਢאᇷಛ٤ڜᤞ

൩ࢬૠऱᄐߓอΔڼڂለլ୲

ᚰΖސ

2 ണ

ᕣኳΡġ

ҏണ१ᘈ

έᆍᆩၯኳΡ

ᕣᔞޱԃդᗗಛԊӒ٩ᑕᐠڙ

ψवաवΔۍᖏլΖլववաΔԫԫΖω

୪Ёπ୪ऄρ

ᇞᑅԳωਢ୪୪ऄऱԫՕᠲΔړإᇿݺଚؾ

ছࢬᜯऱጻሁސᚰΰጻሁஎࢠᆠαৈٽΖڇ

รߠዶຘౡΰᓮࢤၸᥛࡨଚݺ 3 ᎅ

α۶ڕᗧΰร 4 αছΔଈ٣٣क़ԫរழᛵᇞᑅԳΔ

Ζڂऱפګਔᛵᇞ೯ᖲץ

ψᛵ

רঈޟኳΡȉ ጻሁސᚰऱᑌᎎᙟထזᔢՈנৰՕऱޏΖ1970 1980شᆖᦞᖙሽᇩངໂΔآሽᇩᒵሁΰشฐזڣ

ᐸ၄९ຜሽᇩαΖԱ 1983 ऱڣΔሽᐙπᖏञሏᚭρխڣ

ߡ Matthew Broderick ᨃՕฒवሐױຘመᑇᖕᖲᙹԵሽᆰΔൕ

ཙᙹড়ጻሁႚԱ٣ሁΖڼ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

6 | ತࠒϞΙфࡄ٩

ᒘᡝᇄലᓼᆩၯġ

ᘪຌਢຘመጻᎾጻሁຑᒵΔآشࠌڇኘᤚऱउՀ

ႃشࠌᇷಛऱຌΔຏਢಾኙᐖشܫຜࢬૠΰጠᐖܫຌΔאᐘሂᐖܧڤݮܫαΔڶழՈᄎ᧗ᖲയᇷಛΔڕΚ

ຏᄎڤشᇆᒘΖᘪຌᚨشጠΕയᒘॾټشࠌ

ॵشࠌڇףൕጻᎾጻሁՀሉऱش٥ຌࢨ၄ຌڤխΖԫ

ڇ೯Δ৵شࠌᣊຌ৵Δᘪຌᄎ൳ڼᇘڜ

હནᑓڤՀലᇠᇷறႚᙁਬԳΖ

ᄇፙġ

ໄᚎጻሁਢਐრڤԵॿऱጻሁຑᒵሽᆰګݮࢬऱᆢΖ

つৡαΔ൳ໄᚎጻሁࢨጠໄᚎΰܛԫຝᔡԵॿऱᇘᆜޢ

ऱԳঞጠໄᚎڤडԳΰࢨໄᚎᖙ൳αΖໄᚎጻሁऱਐཀ

ፖ൳ຏፖറ൳ໄᚎشຜࢬሎऱጻۻᕴڶᣂ

ΰጠחࡎፖ൳ࢨ១ጠ CnC ለ៱ऱໄᚎጻࠄڶᕴαΔլመۻ

ሁਢطໄᚎڤडԳشࠌጻሁเΰIRCαऴ൷ՀਐחΖໄᚎ

ຏشചॴឰ೭ސᚰΕཋᐾࡑၡΕᚏژ᧗ऱᇷற

ЯࢨՀሉהრຌტऱᖲሽᆰΖ

ᔞġҺώแޥ

षՠސᚰņڕጻሁፖᎈ塆ņਢᄕߠऱސᚰᣊীΖڕ

ร 3 壄യऱޓᐖऑΕޓ౨ᄎᖄીױ৵פګᚰԫސࠄ૪Δຍࢬ

ጻሁސᚰΖ

ጻሁਢ៶ڇطሽၡຏಛխೕᇘګॾऱኔΔ៶ڼ

ټشࠌڕጠΕയᒘΕॾشᇷಛषᄎ٤ڜᒘᇷಛΰࠀ

൷ᣑ८ᙒαऱސᚰڤΖشࠌរᙇΰۿ୭αऱຑ৵Δ

ᄎԵದࠐፖٽءऄጻԫᑓԫᑌऱጻΔࠀ

ᙁԵଡԳᇡาᇷறΖޣ

ጻሁױาڕՀΚ

5 Րڤጻሁএ᠙៣փԳՓࢨගᆢΖސᚰຏ

ᄎ٣ࠃႃސᚰؾᑑऱଡԳᇷಛא༼פګᖲΖ

5 ᣓঞਢಾኙ៣փᇷጥהૹՕؾᑑࢬૠΖ

1 ണȈΙфࡄဎ | 7

ᎈ塆ঞਢᆞڇحೖࢨጻሁᨚრൾᆵ USBᙟߪ٠ࢨ

ऱᣑڤΖຍଡᙟߪ٠ࢨՂᄎڶψጥᇷωࢨψֆ

ᇠտழΔژ୭ದሁመრΖᅝࠐᖲയωᑑ᧘

ᄎڇաऱሽᆰՂڜᇘრຌΖ

ጥፐڷSQLၥਟᗴጆᔞġ

ጟ٤ڜشܓዥऱސߠᚰକܛᒷᓢᄨࡉۯ SQL ᇷறឆᒘ

ᚰΖސ

ᒷᓢᄨۯਢԫጟጻሁސᚰΔܛᙹড়ڇಖᖋᒷᓢᐊԵנᒷ

ᓢࢭױءሉऱᇷறၦΖຍࠄመၦᇷறऱխԫຝᄎᄨۯ

ᔣ२ऱಖᖋΔທګோࢨጻሁᚨشޓאڤᦞചრ

ڤᒘᅝᖲΖᒷᓢᄨۯຏطᙹড়ᙁԵᇷறࢨറച

ऱრᚾூЯጻሁढᤛΖڤሎڤޏࢨᒘڤ

SQL ᇷறឆᒘސᚰঞᄎຘመጻࢨጻሁᚨشސڤᚰᇷறΖސ

ᚰ༼ SQL ૪ጻሁڤڤΔࠌጻሁᚨشڤຘመທऱ

SQL ऱפګႚᇷறΖחࡎ SQL ᇷறឆᒘސᚰױᖄીᇷறփ

୲ΰڕॾشषᄎ٤ڜᒘΕയᒘα؆ਜ਼ސᚰጤΖ

Ιфࡄġ

ႚอאᐛᒘഗऱ٤ڜᗧņץਔ IPSΕNGFW ขņ वऱౡթਢរΖآΔڇೠբवऱౡΙش

ඪᒺௌġ

ᚰΖސᙠጻሁٲᜯऱࢬᖲዌᆏᇡาᎅᅝվᄐፖਙء

ร 2 բᎅႚอ٤ڜᗧᖲլאߩೠቃᄅԫזౡऱ

ڂΖ

8 | ತࠒϞΙфࡄ٩

Ⴍਢ৯ࡄġ

ሿழౡਢڇֆ٥ऱآवᄐߓอࢨᚨش٤ڜڤዥՂ೯

ऱጻሁސᚰΔټጠࠐطਢڂڼᣊސᚰਢڇՕฒኘᤚ٤ڜዥ

ழΰࢨհছαऱψሿωΰday zeroαࢬ೯Ёڶڍउਢ

ᚨբवࠎउՀࠄਬڇᚰΖΰឈސᚨছ೯ऱࠎڇ

ሐᇠ٤ڜዥΔګݙآطଥᇖڼڂլᄎܛمֆΖα

ϸġ

ሿழސᚰயॺထΔڂຍސࠄᚰױ९ழሎشլ

ΰຏ९ሒړଡΔڶழ९ሒᑇڣαΔᅝຍސࠄᚰ

৵ೠࠀࠐנᎁldquoᓍխrdquo৵ΔՈक़ړړ

ၜऱழࠐଥᇖᇠ٤ڜዥΖ

ܒᅤആࡄġ

ၸᥛࢤዶຘౡΰAPTαΰԾጠၸؾᑑސڤᚰࢨ១ጠ ATAαਢઌᅝ壄യऱጻሁސᚰΔխآᆖᦞጻሁژᦞΔ

౨९ழլΖAPT ᇷறΔլਢᖄીጻሁ᧗ڇრش

ჾᡏΖAPT ᠙ڶ༼Ꮭଖᇷಛऱຝ៣Δڕࠏॾشֆ

ᖲዌ८ᘜ೭ขᄐΖΕਙ

APT ຏشࠌՐڤጻሁΰᓮᔹՂԫᆏψጻሁፖᎈ塆

ᖲ৵ΔAPTࡨధސऱጻሁԵរΖԫᚰωᎅαސᤉᥛشࠌᓳސᚰΰslow-and-lowαฃᝩೠΖ

ඪᒺௌġ

ร 3 റ൶ಘ APT ؆ՕᑓऱᇷறࠐאڶૉեאࠀᠲΔ

ਜ਼ூࠏࠏΔᎅૠࡌऱጻሁᆞشܓ۶ڕحຒސᚰᖏฃΖ

ឈءբᎅ APT ऱᆠΔᇷಛٺ٤ڜขᄐኙڼԫټհ

ᆠٺլઌٵΖࠄڶขᄐᎁ APT ႛנਙए೯ᖲऱഏ୮

ጻሁސᚰΰڕխഏፖཎαΔ ATA ঞਐಾኙ८ᘜؾऱऱސᚰΖ

א۶Δԫᄗڤᚰސऱشขᄐঞլᓵආהڶ APT อጠڶࢬ

ψૠᗾയωऱጻሁސᚰΖΔݺᎁଡԳࢬڼڇऱᆠז

Օڍᑇᇷಛ٤ڜറ୮ኙڼറټڶհऄΖ

1 ണȈΙфࡄဎ | 9

ᡐࡄלġ

ΚఐΕᤘΕڕࠏᚰņސኪαऱጻሁݮΰޏౡਢԫጟᆖݮ

ᘪຌࢨΔڼڂऄאشࠌᐛᒘഗऱᗧᖲ

ೠࠐנΖݮౡऱዝٺאױጟڤسΔڕᚾூټጠ

ᚘΰᚾூՕαΖޓ

ឈݮౡխऱڤᒘ؆ᨠᄎᙟထڻޢψݮωޏΔഗء

ΰಖᙕਊ೯ڤᒌೡᙕΔڕࠏ౨ຏፂլΖפ

ऱآᆖᦞრຌαऱᘪڤᄎᤉᥛചפڼ౨Δܛ

ᐛᒘբޏΖ

ࠌౡऱዝݮ IT ᐛᒘאᣄΖ፹ທףޓ٤റ୮ऱՠڜ

ഗऱᇷಛ٤ڜขࠎᚨႊլឰທࠀᄅऱౡᐛᒘ

ΰଡԳᎁڼᜰઌᅝ၄ءګፖழαΔٵழᄐࡉਙᖲዌņຏڶՂՏຝᖲΰਢ Mircosoft Windows অᖲᏁ

ᥨΙᓮߠψWindows ᚰՕᇞയωೡᖄαņՈᏁސጻሁ

լឰຝᆟᇷಛࠎ٤ڜᚨขسऱᐛᒘ ņ ຍਢԫଡ৻Ꮦຟ

լՂጻሁᆞح୶ऱࢤᛩΔةጐΖ

ӫԒࡄġ

ڤٽౡਢڍٽૹᣊীრຌऱጻሁސᚰΔຏ

ආڍشૹސᚰտΰլٵሁஉፖސᚰؾᑑαΔאᏺףჾ୭ऱᣤૹ

ტຒ৫ΖNimdaΕCodeRedࢤ ࡉ Conficker ਢଡለᐖԳ

वऱڤٽౡΖ

ڤٽౡຏאץՀࢤΚ

ૹཋᐾሁஉڍ 5

٤ዥڜڤشᚨࢨอЯߓᄐشܓ 5

ჾ୭ګᖲທኙጻሁڇऱؾ 5

10 | ತࠒϞΙфࡄ٩

ཎġݧ

ᇷಛ٤ڜറ୮ཏሙᎁൕఐംࠐאΔڤٽౡਢጻሁ

ܛౡլᏁԳեቃڤٽᑇڍՕڂऱଅᙠΔߠ٤լᑗڜ

ཋᐾΖױ

Windows ᔞσᆩၯڧ

ᅝ൞ᦰᄐᖄૹՕᇷ

ற؆ਜ਼ࠃழņࠄຘመጻሁ

ႚᐾऱౡΔլਢಖীሽᆰࢨ

USBᙟߪኔᇘᆜᔡ᧗ऱࠃ

ņຍࠄጻሁސᚰ٤ຝຟᓢထ

MicrosoftWindows Ζࠐᖲ

Δຍਢլਢრאࢬ Windows

ᖲለ୲ጻሁސᚰΛIT ٤ڜ

റ୮ᎁᒔኔڼڕΔࠀຏ༼נ

ጟᇞᤩЁݺᎁຍጟᎅऄݙ

ॾΖױ٤

รԫጟᇞᤩਐٻ Microsoft २ᡐ

ឰோՂীሽᆰऱᄐߓอΔ

ᄐᛩቼΖឈஃऱڇ

ቃ۷ଖڂԳฆΔՕڍᑇᑇᖕઃ

ڇנق 10 ຝጤشࠌऱሽᆰ

ᇘᆜխΔڶ 9 ຝਢආش WindowsΔᅝૠᗾയऱᙹڼڂอΖߓᄐ

ড়ᓤᠧऱᤘΕΕໄᚎ

Ր ڤ ጻ ሁ ސ ᚰ ழ Δ

Windows ଈᅝᓢګؾᑑΖ

รԲጟᇞᤩঞለٻψݾωᨠ

រ Ζ Windows ڇ ڼ հ ছ ऱ

Microsoft DOS ࠌอਢറԫߓ

ᎅػࡖอЁߓᄐૠऱش

ᇷಛࢤ٤ڜਢ৵ࠐթᏺףΖངᇩ

ᎅΔWindows ء

ਢԱᨃشࠌ౨რᖙᖞଡ

ᄐߓอૠΖլवڣ৵

mdash ൕWindowsNT ࡨ

mdash Windows ࠌૹڍགޏଥࡨ

อΔߓԵऱش Microsoft ࠀ

ൕอऱߓᄐشࠌૹڍאڶ

ᙰૹᄅૠWindows ऱਮዌΔ ਢᥛ

റ៱ठش Windows ૠऱઌ୲ࢬ

ڤΖ

ຍᏖԫࠐ Microsoft Ո Windows ఎՀԫഔࠎױᙹড়شܓऱዥΰ٤ڜஇ

រαΖຍ٤ڜࠄዥհڍΔࠃኔՂΔ

ጠאࢬଡऱรԲଡਣཚԲհޢ

ψଥᇖڤਣཚԲωΔਢڂ

Microsoft ຍᄎಾኙڇ Windows

ᄐߓอऱ٤ڜዥᄅऱଥᇖ

ΰຘመڤ Microsoft ᥏αΖܫ٤ڜ

ଥᇖڤਣཚԲࡨ 2004 ڣ

ᥛվΖ

ຍਢլਢזॺ Windows ߓᄐ

อ٤ݙլᄎఐΕრຌ

ڂᚰΛᅝլਢΔސጻሁה

MacOSX ࡉ Linux ਢאᇷಛ٤ڜᤞ

൩ࢬૠऱᄐߓอΔڼڂለլ୲

ᚰΖސ

2 ണ

ᕣኳΡġ

ҏണ१ᘈ

έᆍᆩၯኳΡ

ᕣᔞޱԃդᗗಛԊӒ٩ᑕᐠڙ

ψवաवΔۍᖏլΖլववաΔԫԫΖω

୪Ёπ୪ऄρ

ᇞᑅԳωਢ୪୪ऄऱԫՕᠲΔړإᇿݺଚؾ

ছࢬᜯऱጻሁސᚰΰጻሁஎࢠᆠαৈٽΖڇ

รߠዶຘౡΰᓮࢤၸᥛࡨଚݺ 3 ᎅ

α۶ڕᗧΰร 4 αছΔଈ٣٣क़ԫរழᛵᇞᑅԳΔ

Ζڂऱפګਔᛵᇞ೯ᖲץ

ψᛵ

רঈޟኳΡȉ ጻሁސᚰऱᑌᎎᙟထזᔢՈנৰՕऱޏΖ1970 1980شᆖᦞᖙሽᇩངໂΔآሽᇩᒵሁΰشฐזڣ

ᐸ၄९ຜሽᇩαΖԱ 1983 ऱڣΔሽᐙπᖏञሏᚭρխڣ

ߡ Matthew Broderick ᨃՕฒवሐױຘመᑇᖕᖲᙹԵሽᆰΔൕ

ཙᙹড়ጻሁႚԱ٣ሁΖڼ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

1 ണȈΙфࡄဎ | 7

ᎈ塆ঞਢᆞڇحೖࢨጻሁᨚრൾᆵ USBᙟߪ٠ࢨ

ऱᣑڤΖຍଡᙟߪ٠ࢨՂᄎڶψጥᇷωࢨψֆ

ᇠտழΔژ୭ದሁመრΖᅝࠐᖲയωᑑ᧘

ᄎڇաऱሽᆰՂڜᇘრຌΖ

ጥፐڷSQLၥਟᗴጆᔞġ

ጟ٤ڜشܓዥऱސߠᚰକܛᒷᓢᄨࡉۯ SQL ᇷறឆᒘ

ᚰΖސ

ᒷᓢᄨۯਢԫጟጻሁސᚰΔܛᙹড়ڇಖᖋᒷᓢᐊԵנᒷ

ᓢࢭױءሉऱᇷறၦΖຍࠄመၦᇷறऱխԫຝᄎᄨۯ

ᔣ२ऱಖᖋΔທګோࢨጻሁᚨشޓאڤᦞചრ

ڤᒘᅝᖲΖᒷᓢᄨۯຏطᙹড়ᙁԵᇷறࢨറച

ऱრᚾூЯጻሁढᤛΖڤሎڤޏࢨᒘڤ

SQL ᇷறឆᒘސᚰঞᄎຘመጻࢨጻሁᚨشސڤᚰᇷறΖސ

ᚰ༼ SQL ૪ጻሁڤڤΔࠌጻሁᚨشڤຘመທऱ

SQL ऱפګႚᇷறΖחࡎ SQL ᇷறឆᒘސᚰױᖄીᇷறփ

୲ΰڕॾشषᄎ٤ڜᒘΕയᒘα؆ਜ਼ސᚰጤΖ

Ιфࡄġ

ႚอאᐛᒘഗऱ٤ڜᗧņץਔ IPSΕNGFW ขņ वऱౡթਢរΖآΔڇೠբवऱౡΙش

ඪᒺௌġ

ᚰΖސᙠጻሁٲᜯऱࢬᖲዌᆏᇡาᎅᅝվᄐፖਙء

ร 2 բᎅႚอ٤ڜᗧᖲլאߩೠቃᄅԫזౡऱ

ڂΖ

8 | ತࠒϞΙфࡄ٩

Ⴍਢ৯ࡄġ

ሿழౡਢڇֆ٥ऱآवᄐߓอࢨᚨش٤ڜڤዥՂ೯

ऱጻሁސᚰΔټጠࠐطਢڂڼᣊސᚰਢڇՕฒኘᤚ٤ڜዥ

ழΰࢨհছαऱψሿωΰday zeroαࢬ೯Ёڶڍउਢ

ᚨբवࠎउՀࠄਬڇᚰΖΰឈސᚨছ೯ऱࠎڇ

ሐᇠ٤ڜዥΔګݙآطଥᇖڼڂլᄎܛمֆΖα

ϸġ

ሿழސᚰயॺထΔڂຍސࠄᚰױ९ழሎشլ

ΰຏ९ሒړଡΔڶழ९ሒᑇڣαΔᅝຍސࠄᚰ

৵ೠࠀࠐנᎁldquoᓍխrdquo৵ΔՈक़ړړ

ၜऱழࠐଥᇖᇠ٤ڜዥΖ

ܒᅤആࡄġ

ၸᥛࢤዶຘౡΰAPTαΰԾጠၸؾᑑސڤᚰࢨ១ጠ ATAαਢઌᅝ壄യऱጻሁސᚰΔխآᆖᦞጻሁژᦞΔ

౨९ழլΖAPT ᇷறΔլਢᖄીጻሁ᧗ڇრش

ჾᡏΖAPT ᠙ڶ༼Ꮭଖᇷಛऱຝ៣Δڕࠏॾشֆ

ᖲዌ८ᘜ೭ขᄐΖΕਙ

APT ຏشࠌՐڤጻሁΰᓮᔹՂԫᆏψጻሁፖᎈ塆

ᖲ৵ΔAPTࡨధސऱጻሁԵរΖԫᚰωᎅαސᤉᥛشࠌᓳސᚰΰslow-and-lowαฃᝩೠΖ

ඪᒺௌġ

ร 3 റ൶ಘ APT ؆ՕᑓऱᇷறࠐאڶૉեאࠀᠲΔ

ਜ਼ூࠏࠏΔᎅૠࡌऱጻሁᆞشܓ۶ڕحຒސᚰᖏฃΖ

ឈءբᎅ APT ऱᆠΔᇷಛٺ٤ڜขᄐኙڼԫټհ

ᆠٺլઌٵΖࠄڶขᄐᎁ APT ႛנਙए೯ᖲऱഏ୮

ጻሁސᚰΰڕխഏፖཎαΔ ATA ঞਐಾኙ८ᘜؾऱऱސᚰΖ

א۶Δԫᄗڤᚰސऱشขᄐঞլᓵආהڶ APT อጠڶࢬ

ψૠᗾയωऱጻሁސᚰΖΔݺᎁଡԳࢬڼڇऱᆠז

Օڍᑇᇷಛ٤ڜറ୮ኙڼറټڶհऄΖ

1 ണȈΙфࡄဎ | 9

ᡐࡄלġ

ΚఐΕᤘΕڕࠏᚰņސኪαऱጻሁݮΰޏౡਢԫጟᆖݮ

ᘪຌࢨΔڼڂऄאشࠌᐛᒘഗऱᗧᖲ

ೠࠐנΖݮౡऱዝٺאױጟڤسΔڕᚾூټጠ

ᚘΰᚾூՕαΖޓ

ឈݮౡխऱڤᒘ؆ᨠᄎᙟထڻޢψݮωޏΔഗء

ΰಖᙕਊ೯ڤᒌೡᙕΔڕࠏ౨ຏፂլΖפ

ऱآᆖᦞრຌαऱᘪڤᄎᤉᥛചפڼ౨Δܛ

ᐛᒘբޏΖ

ࠌౡऱዝݮ IT ᐛᒘאᣄΖ፹ທףޓ٤റ୮ऱՠڜ

ഗऱᇷಛ٤ڜขࠎᚨႊլឰທࠀᄅऱౡᐛᒘ

ΰଡԳᎁڼᜰઌᅝ၄ءګፖழαΔٵழᄐࡉਙᖲዌņຏڶՂՏຝᖲΰਢ Mircosoft Windows অᖲᏁ

ᥨΙᓮߠψWindows ᚰՕᇞയωೡᖄαņՈᏁސጻሁ

լឰຝᆟᇷಛࠎ٤ڜᚨขسऱᐛᒘ ņ ຍਢԫଡ৻Ꮦຟ

լՂጻሁᆞح୶ऱࢤᛩΔةጐΖ

ӫԒࡄġ

ڤٽౡਢڍٽૹᣊীრຌऱጻሁސᚰΔຏ

ආڍشૹސᚰտΰլٵሁஉፖސᚰؾᑑαΔאᏺףჾ୭ऱᣤૹ

ტຒ৫ΖNimdaΕCodeRedࢤ ࡉ Conficker ਢଡለᐖԳ

वऱڤٽౡΖ

ڤٽౡຏאץՀࢤΚ

ૹཋᐾሁஉڍ 5

٤ዥڜڤشᚨࢨอЯߓᄐشܓ 5

ჾ୭ګᖲທኙጻሁڇऱؾ 5

10 | ತࠒϞΙфࡄ٩

ཎġݧ

ᇷಛ٤ڜറ୮ཏሙᎁൕఐംࠐאΔڤٽౡਢጻሁ

ܛౡլᏁԳեቃڤٽᑇڍՕڂऱଅᙠΔߠ٤լᑗڜ

ཋᐾΖױ

Windows ᔞσᆩၯڧ

ᅝ൞ᦰᄐᖄૹՕᇷ

ற؆ਜ਼ࠃழņࠄຘመጻሁ

ႚᐾऱౡΔլਢಖীሽᆰࢨ

USBᙟߪኔᇘᆜᔡ᧗ऱࠃ

ņຍࠄጻሁސᚰ٤ຝຟᓢထ

MicrosoftWindows Ζࠐᖲ

Δຍਢլਢრאࢬ Windows

ᖲለ୲ጻሁސᚰΛIT ٤ڜ

റ୮ᎁᒔኔڼڕΔࠀຏ༼נ

ጟᇞᤩЁݺᎁຍጟᎅऄݙ

ॾΖױ٤

รԫጟᇞᤩਐٻ Microsoft २ᡐ

ឰோՂীሽᆰऱᄐߓอΔ

ᄐᛩቼΖឈஃऱڇ

ቃ۷ଖڂԳฆΔՕڍᑇᑇᖕઃ

ڇנق 10 ຝጤشࠌऱሽᆰ

ᇘᆜխΔڶ 9 ຝਢආش WindowsΔᅝૠᗾയऱᙹڼڂอΖߓᄐ

ড়ᓤᠧऱᤘΕΕໄᚎ

Ր ڤ ጻ ሁ ސ ᚰ ழ Δ

Windows ଈᅝᓢګؾᑑΖ

รԲጟᇞᤩঞለٻψݾωᨠ

រ Ζ Windows ڇ ڼ հ ছ ऱ

Microsoft DOS ࠌอਢറԫߓ

ᎅػࡖอЁߓᄐૠऱش

ᇷಛࢤ٤ڜਢ৵ࠐթᏺףΖངᇩ

ᎅΔWindows ء

ਢԱᨃشࠌ౨რᖙᖞଡ

ᄐߓอૠΖլवڣ৵

mdash ൕWindowsNT ࡨ

mdash Windows ࠌૹڍགޏଥࡨ

อΔߓԵऱش Microsoft ࠀ

ൕอऱߓᄐشࠌૹڍאڶ

ᙰૹᄅૠWindows ऱਮዌΔ ਢᥛ

റ៱ठش Windows ૠऱઌ୲ࢬ

ڤΖ

ຍᏖԫࠐ Microsoft Ո Windows ఎՀԫഔࠎױᙹড়شܓऱዥΰ٤ڜஇ

រαΖຍ٤ڜࠄዥհڍΔࠃኔՂΔ

ጠאࢬଡऱรԲଡਣཚԲհޢ

ψଥᇖڤਣཚԲωΔਢڂ

Microsoft ຍᄎಾኙڇ Windows

ᄐߓอऱ٤ڜዥᄅऱଥᇖ

ΰຘመڤ Microsoft ᥏αΖܫ٤ڜ

ଥᇖڤਣཚԲࡨ 2004 ڣ

ᥛվΖ

ຍਢլਢזॺ Windows ߓᄐ

อ٤ݙլᄎఐΕრຌ

ڂᚰΛᅝլਢΔސጻሁה

MacOSX ࡉ Linux ਢאᇷಛ٤ڜᤞ

൩ࢬૠऱᄐߓอΔڼڂለլ୲

ᚰΖސ

2 ണ

ᕣኳΡġ

ҏണ१ᘈ

έᆍᆩၯኳΡ

ᕣᔞޱԃդᗗಛԊӒ٩ᑕᐠڙ

ψवաवΔۍᖏլΖլववաΔԫԫΖω

୪Ёπ୪ऄρ

ᇞᑅԳωਢ୪୪ऄऱԫՕᠲΔړإᇿݺଚؾ

ছࢬᜯऱጻሁސᚰΰጻሁஎࢠᆠαৈٽΖڇ

รߠዶຘౡΰᓮࢤၸᥛࡨଚݺ 3 ᎅ

α۶ڕᗧΰร 4 αছΔଈ٣٣क़ԫរழᛵᇞᑅԳΔ

Ζڂऱפګਔᛵᇞ೯ᖲץ

ψᛵ

רঈޟኳΡȉ ጻሁސᚰऱᑌᎎᙟထזᔢՈנৰՕऱޏΖ1970 1980شᆖᦞᖙሽᇩངໂΔآሽᇩᒵሁΰشฐזڣ

ᐸ၄९ຜሽᇩαΖԱ 1983 ऱڣΔሽᐙπᖏञሏᚭρխڣ

ߡ Matthew Broderick ᨃՕฒवሐױຘመᑇᖕᖲᙹԵሽᆰΔൕ

ཙᙹড়ጻሁႚԱ٣ሁΖڼ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

8 | ತࠒϞΙфࡄ٩

Ⴍਢ৯ࡄġ

ሿழౡਢڇֆ٥ऱآवᄐߓอࢨᚨش٤ڜڤዥՂ೯

ऱጻሁސᚰΔټጠࠐطਢڂڼᣊސᚰਢڇՕฒኘᤚ٤ڜዥ

ழΰࢨհছαऱψሿωΰday zeroαࢬ೯Ёڶڍउਢ

ᚨբवࠎउՀࠄਬڇᚰΖΰឈސᚨছ೯ऱࠎڇ

ሐᇠ٤ڜዥΔګݙآطଥᇖڼڂլᄎܛمֆΖα

ϸġ

ሿழސᚰயॺထΔڂຍސࠄᚰױ९ழሎشլ

ΰຏ९ሒړଡΔڶழ९ሒᑇڣαΔᅝຍސࠄᚰ

৵ೠࠀࠐנᎁldquoᓍխrdquo৵ΔՈक़ړړ

ၜऱழࠐଥᇖᇠ٤ڜዥΖ

ܒᅤആࡄġ

ၸᥛࢤዶຘౡΰAPTαΰԾጠၸؾᑑސڤᚰࢨ១ጠ ATAαਢઌᅝ壄യऱጻሁސᚰΔխآᆖᦞጻሁژᦞΔ

౨९ழլΖAPT ᇷறΔլਢᖄીጻሁ᧗ڇრش

ჾᡏΖAPT ᠙ڶ༼Ꮭଖᇷಛऱຝ៣Δڕࠏॾشֆ

ᖲዌ८ᘜ೭ขᄐΖΕਙ

APT ຏشࠌՐڤጻሁΰᓮᔹՂԫᆏψጻሁፖᎈ塆

ᖲ৵ΔAPTࡨధސऱጻሁԵរΖԫᚰωᎅαސᤉᥛشࠌᓳސᚰΰslow-and-lowαฃᝩೠΖ

ඪᒺௌġ

ร 3 റ൶ಘ APT ؆ՕᑓऱᇷறࠐאڶૉեאࠀᠲΔ

ਜ਼ூࠏࠏΔᎅૠࡌऱጻሁᆞشܓ۶ڕحຒސᚰᖏฃΖ

ឈءբᎅ APT ऱᆠΔᇷಛٺ٤ڜขᄐኙڼԫټհ

ᆠٺլઌٵΖࠄڶขᄐᎁ APT ႛנਙए೯ᖲऱഏ୮

ጻሁސᚰΰڕխഏፖཎαΔ ATA ঞਐಾኙ८ᘜؾऱऱސᚰΖ

א۶Δԫᄗڤᚰސऱشขᄐঞլᓵආהڶ APT อጠڶࢬ

ψૠᗾയωऱጻሁސᚰΖΔݺᎁଡԳࢬڼڇऱᆠז

Օڍᑇᇷಛ٤ڜറ୮ኙڼറټڶհऄΖ

1 ണȈΙфࡄဎ | 9

ᡐࡄלġ

ΚఐΕᤘΕڕࠏᚰņސኪαऱጻሁݮΰޏౡਢԫጟᆖݮ

ᘪຌࢨΔڼڂऄאشࠌᐛᒘഗऱᗧᖲ

ೠࠐנΖݮౡऱዝٺאױጟڤسΔڕᚾூټጠ

ᚘΰᚾூՕαΖޓ

ឈݮౡխऱڤᒘ؆ᨠᄎᙟထڻޢψݮωޏΔഗء

ΰಖᙕਊ೯ڤᒌೡᙕΔڕࠏ౨ຏፂլΖפ

ऱآᆖᦞრຌαऱᘪڤᄎᤉᥛചפڼ౨Δܛ

ᐛᒘբޏΖ

ࠌౡऱዝݮ IT ᐛᒘאᣄΖ፹ທףޓ٤റ୮ऱՠڜ

ഗऱᇷಛ٤ڜขࠎᚨႊլឰທࠀᄅऱౡᐛᒘ

ΰଡԳᎁڼᜰઌᅝ၄ءګፖழαΔٵழᄐࡉਙᖲዌņຏڶՂՏຝᖲΰਢ Mircosoft Windows অᖲᏁ

ᥨΙᓮߠψWindows ᚰՕᇞയωೡᖄαņՈᏁސጻሁ

լឰຝᆟᇷಛࠎ٤ڜᚨขسऱᐛᒘ ņ ຍਢԫଡ৻Ꮦຟ

լՂጻሁᆞح୶ऱࢤᛩΔةጐΖ

ӫԒࡄġ

ڤٽౡਢڍٽૹᣊীრຌऱጻሁސᚰΔຏ

ආڍشૹސᚰտΰլٵሁஉፖސᚰؾᑑαΔאᏺףჾ୭ऱᣤૹ

ტຒ৫ΖNimdaΕCodeRedࢤ ࡉ Conficker ਢଡለᐖԳ

वऱڤٽౡΖ

ڤٽౡຏאץՀࢤΚ

ૹཋᐾሁஉڍ 5

٤ዥڜڤشᚨࢨอЯߓᄐشܓ 5

ჾ୭ګᖲທኙጻሁڇऱؾ 5

10 | ತࠒϞΙфࡄ٩

ཎġݧ

ᇷಛ٤ڜറ୮ཏሙᎁൕఐംࠐאΔڤٽౡਢጻሁ

ܛౡլᏁԳեቃڤٽᑇڍՕڂऱଅᙠΔߠ٤լᑗڜ

ཋᐾΖױ

Windows ᔞσᆩၯڧ

ᅝ൞ᦰᄐᖄૹՕᇷ

ற؆ਜ਼ࠃழņࠄຘመጻሁ

ႚᐾऱౡΔլਢಖীሽᆰࢨ

USBᙟߪኔᇘᆜᔡ᧗ऱࠃ

ņຍࠄጻሁސᚰ٤ຝຟᓢထ

MicrosoftWindows Ζࠐᖲ

Δຍਢլਢრאࢬ Windows

ᖲለ୲ጻሁސᚰΛIT ٤ڜ

റ୮ᎁᒔኔڼڕΔࠀຏ༼נ

ጟᇞᤩЁݺᎁຍጟᎅऄݙ

ॾΖױ٤

รԫጟᇞᤩਐٻ Microsoft २ᡐ

ឰோՂীሽᆰऱᄐߓอΔ

ᄐᛩቼΖឈஃऱڇ

ቃ۷ଖڂԳฆΔՕڍᑇᑇᖕઃ

ڇנق 10 ຝጤشࠌऱሽᆰ

ᇘᆜխΔڶ 9 ຝਢආش WindowsΔᅝૠᗾയऱᙹڼڂอΖߓᄐ

ড়ᓤᠧऱᤘΕΕໄᚎ

Ր ڤ ጻ ሁ ސ ᚰ ழ Δ

Windows ଈᅝᓢګؾᑑΖ

รԲጟᇞᤩঞለٻψݾωᨠ

រ Ζ Windows ڇ ڼ հ ছ ऱ

Microsoft DOS ࠌอਢറԫߓ

ᎅػࡖอЁߓᄐૠऱش

ᇷಛࢤ٤ڜਢ৵ࠐթᏺףΖངᇩ

ᎅΔWindows ء

ਢԱᨃشࠌ౨რᖙᖞଡ

ᄐߓอૠΖլवڣ৵

mdash ൕWindowsNT ࡨ

mdash Windows ࠌૹڍགޏଥࡨ

อΔߓԵऱش Microsoft ࠀ

ൕอऱߓᄐشࠌૹڍאڶ

ᙰૹᄅૠWindows ऱਮዌΔ ਢᥛ

റ៱ठش Windows ૠऱઌ୲ࢬ

ڤΖ

ຍᏖԫࠐ Microsoft Ո Windows ఎՀԫഔࠎױᙹড়شܓऱዥΰ٤ڜஇ

រαΖຍ٤ڜࠄዥհڍΔࠃኔՂΔ

ጠאࢬଡऱรԲଡਣཚԲհޢ

ψଥᇖڤਣཚԲωΔਢڂ

Microsoft ຍᄎಾኙڇ Windows

ᄐߓอऱ٤ڜዥᄅऱଥᇖ

ΰຘመڤ Microsoft ᥏αΖܫ٤ڜ

ଥᇖڤਣཚԲࡨ 2004 ڣ

ᥛվΖ

ຍਢլਢזॺ Windows ߓᄐ

อ٤ݙլᄎఐΕრຌ

ڂᚰΛᅝլਢΔސጻሁה

MacOSX ࡉ Linux ਢאᇷಛ٤ڜᤞ

൩ࢬૠऱᄐߓอΔڼڂለլ୲

ᚰΖސ

2 ണ

ᕣኳΡġ

ҏണ१ᘈ

έᆍᆩၯኳΡ

ᕣᔞޱԃդᗗಛԊӒ٩ᑕᐠڙ

ψवաवΔۍᖏլΖլववաΔԫԫΖω

୪Ёπ୪ऄρ

ᇞᑅԳωਢ୪୪ऄऱԫՕᠲΔړإᇿݺଚؾ

ছࢬᜯऱጻሁސᚰΰጻሁஎࢠᆠαৈٽΖڇ

รߠዶຘౡΰᓮࢤၸᥛࡨଚݺ 3 ᎅ

α۶ڕᗧΰร 4 αছΔଈ٣٣क़ԫរழᛵᇞᑅԳΔ

Ζڂऱפګਔᛵᇞ೯ᖲץ

ψᛵ

רঈޟኳΡȉ ጻሁސᚰऱᑌᎎᙟထזᔢՈנৰՕऱޏΖ1970 1980شᆖᦞᖙሽᇩངໂΔآሽᇩᒵሁΰشฐזڣ

ᐸ၄९ຜሽᇩαΖԱ 1983 ऱڣΔሽᐙπᖏञሏᚭρխڣ

ߡ Matthew Broderick ᨃՕฒवሐױຘመᑇᖕᖲᙹԵሽᆰΔൕ

ཙᙹড়ጻሁႚԱ٣ሁΖڼ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

1 ണȈΙфࡄဎ | 9

ᡐࡄלġ

ΚఐΕᤘΕڕࠏᚰņސኪαऱጻሁݮΰޏౡਢԫጟᆖݮ

ᘪຌࢨΔڼڂऄאشࠌᐛᒘഗऱᗧᖲ

ೠࠐנΖݮౡऱዝٺאױጟڤسΔڕᚾூټጠ

ᚘΰᚾூՕαΖޓ

ឈݮౡխऱڤᒘ؆ᨠᄎᙟထڻޢψݮωޏΔഗء

ΰಖᙕਊ೯ڤᒌೡᙕΔڕࠏ౨ຏፂլΖפ

ऱآᆖᦞრຌαऱᘪڤᄎᤉᥛചפڼ౨Δܛ

ᐛᒘբޏΖ

ࠌౡऱዝݮ IT ᐛᒘאᣄΖ፹ທףޓ٤റ୮ऱՠڜ

ഗऱᇷಛ٤ڜขࠎᚨႊլឰທࠀᄅऱౡᐛᒘ

ΰଡԳᎁڼᜰઌᅝ၄ءګፖழαΔٵழᄐࡉਙᖲዌņຏڶՂՏຝᖲΰਢ Mircosoft Windows অᖲᏁ

ᥨΙᓮߠψWindows ᚰՕᇞയωೡᖄαņՈᏁސጻሁ

լឰຝᆟᇷಛࠎ٤ڜᚨขسऱᐛᒘ ņ ຍਢԫଡ৻Ꮦຟ

լՂጻሁᆞح୶ऱࢤᛩΔةጐΖ

ӫԒࡄġ

ڤٽౡਢڍٽૹᣊীრຌऱጻሁސᚰΔຏ

ආڍشૹސᚰտΰլٵሁஉፖސᚰؾᑑαΔאᏺףჾ୭ऱᣤૹ

ტຒ৫ΖNimdaΕCodeRedࢤ ࡉ Conficker ਢଡለᐖԳ

वऱڤٽౡΖ

ڤٽౡຏאץՀࢤΚ

ૹཋᐾሁஉڍ 5

٤ዥڜڤشᚨࢨอЯߓᄐشܓ 5

ჾ୭ګᖲທኙጻሁڇऱؾ 5

10 | ತࠒϞΙфࡄ٩

ཎġݧ

ᇷಛ٤ڜറ୮ཏሙᎁൕఐംࠐאΔڤٽౡਢጻሁ

ܛౡլᏁԳեቃڤٽᑇڍՕڂऱଅᙠΔߠ٤լᑗڜ

ཋᐾΖױ

Windows ᔞσᆩၯڧ

ᅝ൞ᦰᄐᖄૹՕᇷ

ற؆ਜ਼ࠃழņࠄຘመጻሁ

ႚᐾऱౡΔլਢಖীሽᆰࢨ

USBᙟߪኔᇘᆜᔡ᧗ऱࠃ

ņຍࠄጻሁސᚰ٤ຝຟᓢထ

MicrosoftWindows Ζࠐᖲ

Δຍਢլਢრאࢬ Windows

ᖲለ୲ጻሁސᚰΛIT ٤ڜ

റ୮ᎁᒔኔڼڕΔࠀຏ༼נ

ጟᇞᤩЁݺᎁຍጟᎅऄݙ

ॾΖױ٤

รԫጟᇞᤩਐٻ Microsoft २ᡐ

ឰோՂীሽᆰऱᄐߓอΔ

ᄐᛩቼΖឈஃऱڇ

ቃ۷ଖڂԳฆΔՕڍᑇᑇᖕઃ

ڇנق 10 ຝጤشࠌऱሽᆰ

ᇘᆜխΔڶ 9 ຝਢආش WindowsΔᅝૠᗾയऱᙹڼڂอΖߓᄐ

ড়ᓤᠧऱᤘΕΕໄᚎ

Ր ڤ ጻ ሁ ސ ᚰ ழ Δ

Windows ଈᅝᓢګؾᑑΖ

รԲጟᇞᤩঞለٻψݾωᨠ

រ Ζ Windows ڇ ڼ հ ছ ऱ

Microsoft DOS ࠌอਢറԫߓ

ᎅػࡖอЁߓᄐૠऱش

ᇷಛࢤ٤ڜਢ৵ࠐթᏺףΖངᇩ

ᎅΔWindows ء

ਢԱᨃشࠌ౨რᖙᖞଡ

ᄐߓอૠΖլवڣ৵

mdash ൕWindowsNT ࡨ

mdash Windows ࠌૹڍགޏଥࡨ

อΔߓԵऱش Microsoft ࠀ

ൕอऱߓᄐشࠌૹڍאڶ

ᙰૹᄅૠWindows ऱਮዌΔ ਢᥛ

റ៱ठش Windows ૠऱઌ୲ࢬ

ڤΖ

ຍᏖԫࠐ Microsoft Ո Windows ఎՀԫഔࠎױᙹড়شܓऱዥΰ٤ڜஇ

រαΖຍ٤ڜࠄዥհڍΔࠃኔՂΔ

ጠאࢬଡऱรԲଡਣཚԲհޢ

ψଥᇖڤਣཚԲωΔਢڂ

Microsoft ຍᄎಾኙڇ Windows

ᄐߓอऱ٤ڜዥᄅऱଥᇖ

ΰຘመڤ Microsoft ᥏αΖܫ٤ڜ

ଥᇖڤਣཚԲࡨ 2004 ڣ

ᥛվΖ

ຍਢլਢזॺ Windows ߓᄐ

อ٤ݙլᄎఐΕრຌ

ڂᚰΛᅝլਢΔސጻሁה

MacOSX ࡉ Linux ਢאᇷಛ٤ڜᤞ

൩ࢬૠऱᄐߓอΔڼڂለլ୲

ᚰΖސ

2 ണ

ᕣኳΡġ

ҏണ१ᘈ

έᆍᆩၯኳΡ

ᕣᔞޱԃդᗗಛԊӒ٩ᑕᐠڙ

ψवաवΔۍᖏլΖլववաΔԫԫΖω

୪Ёπ୪ऄρ

ᇞᑅԳωਢ୪୪ऄऱԫՕᠲΔړإᇿݺଚؾ

ছࢬᜯऱጻሁސᚰΰጻሁஎࢠᆠαৈٽΖڇ

รߠዶຘౡΰᓮࢤၸᥛࡨଚݺ 3 ᎅ

α۶ڕᗧΰร 4 αছΔଈ٣٣क़ԫរழᛵᇞᑅԳΔ

Ζڂऱפګਔᛵᇞ೯ᖲץ

ψᛵ

רঈޟኳΡȉ ጻሁސᚰऱᑌᎎᙟထזᔢՈנৰՕऱޏΖ1970 1980شᆖᦞᖙሽᇩངໂΔآሽᇩᒵሁΰشฐזڣ

ᐸ၄९ຜሽᇩαΖԱ 1983 ऱڣΔሽᐙπᖏञሏᚭρխڣ

ߡ Matthew Broderick ᨃՕฒवሐױຘመᑇᖕᖲᙹԵሽᆰΔൕ

ཙᙹড়ጻሁႚԱ٣ሁΖڼ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

10 | ತࠒϞΙфࡄ٩

ཎġݧ

ᇷಛ٤ڜറ୮ཏሙᎁൕఐംࠐאΔڤٽౡਢጻሁ

ܛౡլᏁԳեቃڤٽᑇڍՕڂऱଅᙠΔߠ٤լᑗڜ

ཋᐾΖױ

Windows ᔞσᆩၯڧ

ᅝ൞ᦰᄐᖄૹՕᇷ

ற؆ਜ਼ࠃழņࠄຘመጻሁ

ႚᐾऱౡΔլਢಖীሽᆰࢨ

USBᙟߪኔᇘᆜᔡ᧗ऱࠃ

ņຍࠄጻሁސᚰ٤ຝຟᓢထ

MicrosoftWindows Ζࠐᖲ

Δຍਢլਢრאࢬ Windows

ᖲለ୲ጻሁސᚰΛIT ٤ڜ

റ୮ᎁᒔኔڼڕΔࠀຏ༼נ

ጟᇞᤩЁݺᎁຍጟᎅऄݙ

ॾΖױ٤

รԫጟᇞᤩਐٻ Microsoft २ᡐ

ឰோՂীሽᆰऱᄐߓอΔ

ᄐᛩቼΖឈஃऱڇ

ቃ۷ଖڂԳฆΔՕڍᑇᑇᖕઃ

ڇנق 10 ຝጤشࠌऱሽᆰ

ᇘᆜխΔڶ 9 ຝਢආش WindowsΔᅝૠᗾയऱᙹڼڂอΖߓᄐ

ড়ᓤᠧऱᤘΕΕໄᚎ

Ր ڤ ጻ ሁ ސ ᚰ ழ Δ

Windows ଈᅝᓢګؾᑑΖ

รԲጟᇞᤩঞለٻψݾωᨠ

រ Ζ Windows ڇ ڼ հ ছ ऱ

Microsoft DOS ࠌอਢറԫߓ

ᎅػࡖอЁߓᄐૠऱش

ᇷಛࢤ٤ڜਢ৵ࠐթᏺףΖངᇩ

ᎅΔWindows ء

ਢԱᨃشࠌ౨რᖙᖞଡ

ᄐߓอૠΖլवڣ৵

mdash ൕWindowsNT ࡨ

mdash Windows ࠌૹڍགޏଥࡨ

อΔߓԵऱش Microsoft ࠀ

ൕอऱߓᄐشࠌૹڍאڶ

ᙰૹᄅૠWindows ऱਮዌΔ ਢᥛ

റ៱ठش Windows ૠऱઌ୲ࢬ

ڤΖ

ຍᏖԫࠐ Microsoft Ո Windows ఎՀԫഔࠎױᙹড়شܓऱዥΰ٤ڜஇ

រαΖຍ٤ڜࠄዥհڍΔࠃኔՂΔ

ጠאࢬଡऱรԲଡਣཚԲհޢ

ψଥᇖڤਣཚԲωΔਢڂ

Microsoft ຍᄎಾኙڇ Windows

ᄐߓอऱ٤ڜዥᄅऱଥᇖ

ΰຘመڤ Microsoft ᥏αΖܫ٤ڜ

ଥᇖڤਣཚԲࡨ 2004 ڣ

ᥛվΖ

ຍਢլਢזॺ Windows ߓᄐ

อ٤ݙլᄎఐΕრຌ

ڂᚰΛᅝլਢΔސጻሁה

MacOSX ࡉ Linux ਢאᇷಛ٤ڜᤞ

൩ࢬૠऱᄐߓอΔڼڂለլ୲

ᚰΖސ

2 ണ

ᕣኳΡġ

ҏണ१ᘈ

έᆍᆩၯኳΡ

ᕣᔞޱԃդᗗಛԊӒ٩ᑕᐠڙ

ψवաवΔۍᖏլΖլववաΔԫԫΖω

୪Ёπ୪ऄρ

ᇞᑅԳωਢ୪୪ऄऱԫՕᠲΔړإᇿݺଚؾ

ছࢬᜯऱጻሁސᚰΰጻሁஎࢠᆠαৈٽΖڇ

รߠዶຘౡΰᓮࢤၸᥛࡨଚݺ 3 ᎅ

α۶ڕᗧΰร 4 αছΔଈ٣٣क़ԫរழᛵᇞᑅԳΔ

Ζڂऱפګਔᛵᇞ೯ᖲץ

ψᛵ

רঈޟኳΡȉ ጻሁސᚰऱᑌᎎᙟထזᔢՈנৰՕऱޏΖ1970 1980شᆖᦞᖙሽᇩངໂΔآሽᇩᒵሁΰشฐזڣ

ᐸ၄९ຜሽᇩαΖԱ 1983 ऱڣΔሽᐙπᖏञሏᚭρխڣ

ߡ Matthew Broderick ᨃՕฒवሐױຘመᑇᖕᖲᙹԵሽᆰΔൕ

ཙᙹড়ጻሁႚԱ٣ሁΖڼ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

2 ണ

ᕣኳΡġ

ҏണ१ᘈ

έᆍᆩၯኳΡ

ᕣᔞޱԃդᗗಛԊӒ٩ᑕᐠڙ

ψवաवΔۍᖏլΖլववաΔԫԫΖω

୪Ёπ୪ऄρ

ᇞᑅԳωਢ୪୪ऄऱԫՕᠲΔړإᇿݺଚؾ

ছࢬᜯऱጻሁސᚰΰጻሁஎࢠᆠαৈٽΖڇ

รߠዶຘౡΰᓮࢤၸᥛࡨଚݺ 3 ᎅ

α۶ڕᗧΰร 4 αছΔଈ٣٣क़ԫរழᛵᇞᑅԳΔ

Ζڂऱפګਔᛵᇞ೯ᖲץ

ψᛵ

רঈޟኳΡȉ ጻሁސᚰऱᑌᎎᙟထזᔢՈנৰՕऱޏΖ1970 1980شᆖᦞᖙሽᇩངໂΔآሽᇩᒵሁΰشฐזڣ

ᐸ၄९ຜሽᇩαΖԱ 1983 ऱڣΔሽᐙπᖏञሏᚭρխڣ

ߡ Matthew Broderick ᨃՕฒवሐױຘመᑇᖕᖲᙹԵሽᆰΔൕ

ཙᙹড়ጻሁႚԱ٣ሁΖڼ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

12 | ತࠒϞΙфࡄ٩

1990 ਔ٤ᇷಛጻΰWorld WideץฐΔխࡨጻᎾጻሁזڣWebαऱംΖԫऴ 20 ધছΔᅝழऱᙹড়ధᡏֆ٥ጻऱᑌ

ᎎਢԱقΖ

ϸ

ᙹড়ڇբګᏙᆄߪᏝขᄐΖאছጰԱقࢬ೯

ऱᙹড়ސᚰբᘒژΖڇΔᄐࡉਙᖲዌႊኙԿጟ

ऱౡᙹܗΕഏ୮ᇷحᚰЁጻሁᆞސᣊীऱጻሁ

ড়೯ᆠΖ

ᆩၯဌқ

១ࠐᎅΔጻሁᆞحਢԱܓۋᙹড়ऱଡΖڇՕ

ຝउՀጻሁᆞحԵॿሽᆰጻሁΔ᧗ॾشᇆᒘΰঞᑇԼ

ΔױڍሒՂᆄαΔ ৵٦ᔄֆΖឈ FacebookΕTwitterሽၡെᇆᖇᢞऱܓᑮለΔࠉ៱ਢױܓڶቹΖ

հԫحਟኦऱጻሁᆞټՀᆞΕحࢭࡖ Albert GonzalezΖGonzalez ڇ 2010 ऱᇷறֆבشᙹԵԫॾࢭࡖڣ

Δڣڇփ᧗መ 1700 ᆄॾشᇆᒘΖה৵٩ܒ 20 Հૹऱ٩ຂΖܒࢬحছኙጻሁᆞؾņਢڣ

ড়ၥօࡄޟᡝ

ഏ୮ᇷܗऱౡנጠᙹড়षᆢڇመװԼࠐڣထऱ

ΖຍࠄԳਙΰլԫਢءഏਙαႄشΔዶຘהഏ

୮ऱᄐЯࢨਙሽᆰߓอΔჾᄤᇷறΕధᡏሽᆰߓอࢨ

ದጻሁᖏञΖ

ᜤუऱഏ୮ऱౡΔԫԳ୲ܗႥഏ୮ᇷ༽

ਢխഏፖᤕΙኔլႛڼΖאՀਢᖕጠطഏ୮ࢬದऱထ

ਔભഏΚץΔխࠃᚰސጻሁټ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

2 ണȈᕣኳΡ | 13

5 ி൳ኙભഏᎬޥچॳࡉࢮሒऱفईֆ

೯ጻሁސᚰΰ2012 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிΕඖהࠅܓഏ୮፹ທ

Flame რຌΰ2012 αΖڣ

5 խഏధᇞ RSA SecurID ೯ኪയᒘขسᕴΰ2011 αΖڣ

5 ભഏ٨ۥאࡉ൳ಾኙிԫ୮ረᖺᐗ೯ Stuxnetᤘސᚰΰ2010 αΖڣ

5 խഏސᚰ Googleΰټψᄕ٠೯ωαΔխഏԳᦞ

೯ऱ Gmail െΔࠀኙ AdobeΕJuniperΕDow ChemicalΕNorthrop Grumman ސᑌٵᄐה

ᚰΰ2009 αΖڣ

5 խഏ᧗ભഏᄅڤᜤސٽᚰᖏᖲ F-35 F-22 ऱૠ

៴ቹΰ2009 αΖڣ

5 ཎ႖ڇჃᤕ૨ՓધቝᔢࠃᡨழΔސᚰ

ფࠅޥᤜᄎΕٺຝᄎΕᎬषጻΰ2007 αΖڣ

ி२ᇷ 10 Ꮩભց೯ԫႈ௯ՕऱਙૠΔ༼ഏփऱጻ

ሁ౨ԺΖറ୮ᎁឈխഏፖཎऱጻሁᖏञ౨ԺՕ

ிΔൕਙएᨠរߢΔਊᅃிऱுૠڇഏᎾᥛᣂ

ࠐΔڼᜰᄕױ౨ਢᓢထભഏऱጻሁഗዌࠐΖ

ᓧࡊଢ଼кဎޱ

ᙹড়೯ᆠܛຘመᑇۯՠሒګਙएؾᑑΖլٵ८ᙒᦀ

ਙएრᢝীኪΖԫࠐᆠऱ೯ᖲΔᙹড়೯حऱጻሁᆞࠌ

ਔధᡏጻᑌᎎΕૹᄅᖄץᚰސ೯ऱጻሁࢬᆠᙹড়೯ط

ᚰΰຘመᑇฒސॴឰ೭ΰDDoSαڤᇷಛຘመཋΕ᧗ٻ

ऱΖؾᤜݼழૹᓤຑᒵጏጻαሒጻሁᙩٵऱڍ

୭Ζ2011ᆠᄎᜤႃಾኙᙹড়೯ࠄڶ Δᙹড়ቸڣ

LulzSec ጠᑇದૹՕጻሁސᚰࠃઃנᇠ៣հΔץਔڻڍ

ᚰސ Sony ጏભഏխ؇ݝΰCIAαጻΙ2012 ԫᙹΔڣ

ড়៣ЁټΰAnonymousαЁጠהଚ٨ۥאڇߨ៳ף

ΰGazaα৵Δጏ٨ۥאᑇଡਙጻΖ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

14 | ತࠒϞΙфࡄ٩

ᆩၯᓧࡊռܣ

ڇ 2012 ڣ 8 ऱψᗧᚾூω

ΰDefense DossierαխΔભഏ؆

ਙᄎΰ១ጠ AFPCΙwwwafpcorgαਐנཎᖕጠലഏ

୮ᇷܗऱጻሁސᚰ೯ץጻ

ሁᆞحΔխץਔམᆖ೯ԫழऱ

ཎᄐጻሁΰRussianBusinessNetworkRBNαΖRBN ڇ 2008 ᒔڣ

ᇞছΔ۶ԫ൞უऱጻر

ሁᆞحૠ RBN ຟڶፖЁ

ጻሁΕრຌΕDDoS ސ

ᚰΖ

ᖕ AFPC ܫΔཎലސᚰ

೯ץጻሁᆞحЁࢬݺࢨᘯ

ऱጻሁ႗ЁڶՕڂΖรԫΕ

ઊᙒΚຍࠄጻሁᙹড়႗آڇ

ഏ୮ႄشழאױݶ؆ΖรԲΕ

ࠄᆖመՕᒤऱጻሁᦸᢝΔຍࠌܛ

ץऱጻሁސᚰՈլᄎಳᄩڃਙ

حፖऄუቝਙሽᆰΖຍኙ

ᆞڼڕڶയ֊ᣂএ

ऱڍԳՓߢტլᇞΖ

ཎլਢԫԫଡፖጻሁᆞٽح

ழՈਢᄅٵ٤റ୮ڜऱഏ୮Ζጻሁ

ԫזౡᥨऱᏆᖄЁ FireEyeΰwwwfireeyecomαኙխഏፖጻሁ

ᆞٽحΔ၇ტᇘᆜऱژ

ᑑ៣ऱཏሙؾຒዶຘףאᦞ

ᜦΔբ༳༽ךᢞᖕΖ

2011 ΔFireEyeڣ ઔߒԳڇԫຝ௫

ጻሁحᆞ೯ࠀڶრຌ

ऱᖲᕴՂΔԫଡ APT ऱ

რຌΔڼრຌፖࡉחࡎ൳

ഗዌڇխഏΕറൕࠃՕ

ᑓጻሁᘪ೯ऱ GhostnetڶᣂຑΖ

᥆ٽΛױݺլຍᏖᎁΖ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

2 ണȈᕣኳΡ | 15

ኳΡޟԙђϞၾġኙԿՕᣊীጻሁސᚰņጻሁᆞحΕഏ୮ᇷܗऱౡᙹড়

೯ᆠņຘኧᛵᇞ৵Δ൷ထലಘᓵຍސࠄᚰڻޢຟ౨ګ

Ζڂച೭ऱפ

ᗗо੫ጆஅᙃ٩ޟᑕᐠڙ

ႚอጻሁጤរࢤ٤ڜขņڕԵॿᗧߓอΰIPSαΕᄅԫז

ኙऱڤᇞூņਢᔾᑓ٤ጻሁሴሐڜᛥΰNGFWαΕ־

ᐛᒘΰڶழԾጠঞࢨመៀᕴαࠐೠբवऱጻሁސᚰΙڇ

ਬࠄउՀױೠಾኙբवዥࢬ೯ऱآवސᚰΖ

ຍ٤ڜࠄᗧᖲ౨ॺڶயऱೠԫբवऱጻሁސᚰņڕሽᆰఐΔءΚᤘΕΕᘪຌΕໄᚎጻሁഗڕ

รٵ 1 ސᗧᖲኙᅝվᄅীኪऱጻሁ٤ڜႚอऱࠄ૪Δຍࢬ

ᚰņڕሿழऱؾᑑސڤᚰΕݮრຌΕސڤٽᚰ APTņՕຝउՀΔᅝվऱᄅীኪጻሁڇኔՂΔࠃਮհԺΖ٤ݙ

ڂԵԳհቼᠾΙڕڶᗧᖲழΔ٤ڜᚰኙႚอऱސ

ຍސࠄᚰڶᐛᒘΔਚႚอᗧᖲڼڂऄೠސᚰڇ

ސ٤ᚰऱรԫၸشࠌࢬऱၸฃΔીࠌጻሁސᚰ

რᖙጻሁΖױ

ཎġݧ

ᕣጥᄅীኪऱጻሁސᚰױႚอऱ٤ڜᗧᖲΔݺՈ

ᎅΔႚอאᐛᒘഗऱᗧᖲਢ٤ऱ৫ᗧฃ

լࢨױऱΙΔຍࠄႚอऱ٤ڜᗧᖲլݼאߩᅝ

վ౨ኲឰຏಛሐΰڕΚጻሁሽၡαࠀආސڤऱᄅ

ীኪጻሁސᚰΖ

ᗗоலกஅᙃ٩ޟᑕᐠڙġ

ய౨ለᚌฆऱ IPS ጻሁΰNBAαᇞூᄎٽฆ

ೠऄΔנބܗૠᗾയऱጻሁސᚰΖฆೠऄᄎᖞٽጻሁ

ሁطᕴࡉངᕴၦಖᙕΰڕΚNetFlowΕsFlowΕcFlowαΔૠ

ጩנᅝࢨړၜऱഗᒵψإωጻሁၦΖԫᒔഗᒵ

৵ױೠנጻሁฆΔڕࠏᖲ៣؆ຝႚಬመၦᇷறΔࢨ

ጤشࠌऱሽᆰሎጩᇘᆜנऴ൷ፖהጤشࠌሽᆰሎጩ

ᇘᆜຑᒵຏಛउΖ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

16 | ತࠒϞΙфࡄ٩

ឈאฆೠഗऱ٤ڜᗧױೠᄅԫזౡࢬದऱ

ၦᣊฆαإᎄΰᎄലᆖ୲طΔࠃ

ᐙΔڼڂᗧயլࠋΖڼ؆Δڼᣊী٤ڜᗧᖲط

ၸᥛࢤዶຘౡऱψᓳސᚰωΰslow and lowαءᔆᐙΔ

Ո୲נᎄܡΰᎄലฆၦᣊإαΖ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

3 ണ

ᆩၯᔞডݙġ

ҏണ१ᘈ

ಠဎܒᅤആࡄȞAPTȟ

ӱΰሬᓞనޟ१σ APT Ӈٱ

ᕣ APT ڼҡޟᔞ

1 ᎅႚอጻሁސᚰፖᅝվᄅীኪጻሁސᚰऱΖ

ร 2 ঞ൶ಘᄅԫזౡݎ۶ڕᝩႚอ٤ڜᗧ

ᖲΖڇΔܛءലಘᓵኲؾছΔڍ

ᖄऱၸጻሁސᚰᣊΙუᅝዿΔຍᇙࢬਐऱਢၸ

ᥛࢤዶຘౡΔࢨጠ APTΖ

รᎅรޡലԫء 1 ૪ऱࢬ APT ऱૹՕࠐڣᆠΕᇡ٨२

APT ᄅፊࠀࠃಘᓵຍࠃࠄኙ୭ऱᄐਙᖲዌࢬທګऱ

ჾ୭ᓢᚰΖ৵ঞലᎅ APT ᤞಛ堚Δנ٨ࠀၜཚࡎسᚰऱސ

ᔡܡ൞ᒔᎁጻሁਢܗ APT ᚰΖސ

APTΣডݙ รڇ 1 ᅝխΔݺല APT ژጻሁᆖᦞԳՓآطᆠψ

ᦞΔױࠀ९ழᑨլऱᗾയጻሁސᚰωΖឈຍᑌ

ऱᆠઌᅝᄷᒔΔսլאߩኧݮ୲ APTņ ڂ APT լאٵ

ᚰΖސऱ۶ԫጟጻሁߠࢬ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

18 | ತࠒϞΙфࡄ٩

ψၸᥛࢤዶຘౡωኔਢભഏ૨ऱᇷಛ٤ڜஃ

2006 ਔץΔٻᚰऱԿଡސ૪شທऱΔࢬڣ

ᐛΕؾऱፖዌΚ

5 ၸΚސᚰጻሁԵॿऄऱറ୮Δ౨୶ૡऱސᚰ

ፖސᚰՠΖ

5 ᥛࢤዶຘΚސᚰڶ९ཚؾᑑΔࠀᄎڇլऱउ

ՀᥛചΔऴפګΖ

5 ౡΚސᚰਢ៣ګΕᇷܗΕಝᒭڶڶઌᅝ

ऱ೯ᖲΖך

ϸġ

APT ਢᅝվֆᎁٲᙠऱጻሁސᚰᣊীΖച APT ᚰऱጻሁᆞސ

ଚਢψᝩሼሒೠωऱΔ౨ᝩೠהΖحਢᄅীኪऱᆞح

ᖲዌዶዥ৫ᖲയᇷறΖอΔൕᄐਙߓ

ᙊᖌऱਢՕڍᑇ៣ࠀլवሐաբ APT ᚰΔழސ

ຟբࠐլனඑΖᖕร 1 ԫٵऱەࢬ 2012 ڣ Verizon ᇷ

ற؆ਜ਼ᓳܫΔڇ 2011 ڶ៣խΔૹՕᇷற؆ਜ਼ऱسڣ

59ਢຘመചऄᖲᣂܫवթᖠ៣ᇷறᔡ؆ਜ਼Μ

ᏲғΙૡᄇAPTޟᇲ

ᛵᇞ APT ᛵᇞਐ۶ৰૹΔࢬ APT ᑌૹΚٵਐॺ۶Ոࢬ

APT լਢԫଡრຌࢨԫრຌΙլਢԫ೯Δ

ᚰΖސऱऱउՀթᄎ೯ؾࢨᑑؾڶڇᄎ

APT ਢᆖመגาऱ९ழ೯ЁլᓵਢܓᎈΕଡԳਙए

ᑑΖؾቃཚګᑑऱढሒಾኙڇऱؾ墿ႨΔܓഏ୮ࢨم

൞൷ထലৰݶᛵᇞΰءߠ৵ऱψAPT ၜཚωԫࡎسᚰऱސ

ᆏαΔAPT ਢڍٽጟጻሁސᚰࠀݾړګଡၸ೯Δ

৵թআګીࡎԫᚰΖ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

3 ണȈᆩၯᔞড19 | ݙ

APT ࡦέσଜޟᔞ

APTਢᅝվᇷಛ٤ڜᏆᑷऱ

ಘᓵᠲհԫΔᙊᖌऱਢ؆ኙ

APTऱᎄᇞᇿإᒔऱᎁवլګڍ

ଚ٣क़ԫរழ൶ಘᣂݺΖإ

ၸᥛࢤዶຘౡऱԿՕಮ৸Ζ

ଜࡦϞΙȈѫԤ੫ϗ APTҬȄޟ

ԫԳኙ APT ऱߠᎄᇞਢΚ

ګขᄐऱՕী៣թᄎڶ

APT ᠙ऱؾᑑΖൕᄅፊᖄױ

वሐຍᑌऱᨠᙑᎄΰᓮߠ

ψAPT ᄅፊࠃωԫᆏᎅαΖ

ขᄐઃམᔡٺ APT ਔਙץᚰΔސ

Ε८ᘜ೭ΕሽॾຏಛΕ౨ᄭΕ

ຏሎᙁΔץਔ 2011 ಾኙڣ

RSA Security ڼطᚰņސ೯ऱࢬ

٤ขᄐՈਢڜຑᇷಛߠױ APT ऱ

ᑑΖؾ

ଜࡦϞΠȈAPT ବᄇ१ौᆒᘈȄ

ᣂ APT ऱรԲଡಮ৸ਢዶຘ

ႛಾኙ

ထΕᣂ೭ऱጤរΔጤشࠌ

ᇘᆜΰಖীሽᆰࡉோՂীሽᆰα

ৰګؾᑑΖຍଡᨠ٤ݙᙑᎄΔ

ࢬڇፖኔᎾउઌΖړإ

ڶ APT խΔAPTࠃᚰސ ऱࡨԵ

រਢՐڤጻሁΕ

شࠌᚰऱጤސრຌהࢨ

ሽᆰሎጩᇘᆜΖ

ଜࡦϞέȈಛԊӒ٩ᑕᐠڙџ٩ጒ

APT

ޢԫ୮ᇷಛࠎ٤ڜᚨઃጠ

ขໂԫ৫ऱೠ౨

ԺΔڇਬࠄउՀױᒤ APT ސᚰΙࠃኔՂΔ౨టإऱհԾ

ΖආشౡೠᐛᒘΰڕΚIPSΕNGFWᇞூαऱԫ٤ڜ

ސሿழנऄೠᗧᖲ

ᚰݮౡΖ٠ᔾႚอ٤ڜᗧᖲ

ቝԫނᅗՓԸՂዓᐘॸऱ

ᖏԫᑌЁءශਮհԺΖ

łőŕ ᆸٱӇᛩ २ࠐֆΕՕᖂࢨਙᖲዌسૹՕᇷற؆ਜ਼ऱᄅፊᖄᐋנլ

ᒡΖאՀਢመࠐڣװᄅፊᖄᏝଖऱ APT Ζࠃᚰސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

20 | ತࠒϞΙфࡄ٩

ᆩၯၥਟġ

ԳᄕءΔࠃ៣ऱᄅૹՕᇷற؆ਜ਼༳༽ᐙᄐਙڕ

৫ංSC Magazineऱᇷற؆ਜ਼ຝᆵΚ

wwwscmagazinecomthe-data-breach-blogsection1263Ζ

FlameᒘแԒᔞȞ2012 ȟڣ

Flame Ծጠ FlamerΕsKyWiper SkywiperΔਢ 2012 ڣ 5 ط

ிഏ୮ CERTΕཎഗኔፖሒࠕཎઝݾᆖᛎՕᖂࢬ

ऱ APTΖཎഗኔᜤٽഏഏᎾሽॾຏಛᜤᅩհಜΔኙ

ிفईຝఐტሽᆰऱܫ୶ᓳΖ

ሽᆰറ୮ᎁ Flame ਢ 2012 ڣ 4 ᖄીிऄൕጻᎾጻ

ሁຑᒵفईጤᖲऱސᚰದڂΖڇཏሙᎁਢભഏ٨ۥאࡉ

ᜤ Flame რຌאႃᇷΔᄷໂጏிጻሁΔ៶ڼ

চிுऱ౨ԺΖ

Եॿ৵ޡ Flame ᄎ୶ԫຑᓤᠧ೯Δץਔຑᒵחࡎڃፖ൳

ຝᆟ৵ګݙრຌᑓΖהᕴΔՀሉۻ Flame Աګ 20ЁԫऱሽᆰఐՕڤցऱՕॺীრຌۯᆄۍ 20 30 Ζԫཏሙᎁຍਢࠐאڶ壄യऱრຌΖറ୮ᎁ

Flame റೕᇘګ Microsoft ऱრຌࢬᄅޓຌࠏ

Δشኙᚨࠀ൳ிऱሽᆰጻሁΔႚڃᇷא

ໂጻሁᖏञ೯հشΖ

RSA SecurlDᔞٱӇȞ2011 ȟڣ

2011 ڣ 3 ΔRSA SecurityΰEMC ຝαጠ APT ᚰΔސ

ႊຏڼڂ SecurID ᠨڂᎁᢞড়ࠀ৬ᤜড়ޓངΰ

ڂଡխΔࠐ൷ՀڇᕴᇘᆜΖسᚰऱα೯ኪയᒘขސ SecurID೯ኪയᒘขسᕴސᚰᖄીᇷற؆ਜ਼ऱದڂڶܫຝփ୲௬

ՂΖխټڶऱਢ Lockheed Martin ԫᜢΔࢭ

ᎁጻሁψૠࡌऱኙωԵॿΔֆقᇷขآჾ

୭ΖΔຝ٤ڜറ୮ᡖጊΔڇຍଡᖕጠطᑛอᘣᦫ

ᚰ೯ސપኙٽᇠഏՕऱഏנᑊܡխΔਢࠃऱܫ

ශਮհԺΖ

ᆩၯၥਟġ

ڇ RSA Security ֆސᚰ৵լՆԫټֆጥڇຝᆵՂ

Δᇡาᎅ APT ᛵᇞᇡΔᓮᔹᦰڕᄐΖᚰऱᄷໂސ

ψRSA Securityݠء ᔡࢭࡖ APT ᚰωೡᖄΖސ

3 ണȈᆩၯᔞড21 | ݙ

EMC ऱ 10-Q ᚾூঞ༿ RSA Security ᔡ APT ᚰ৵Δᇠֆސ

ᇷ 8130 ᆄભցޓང SecurID ೯ኪയᒘขسᕴΕ൳ড়Εൎ

֏փຝߓอড়ଡᇷ؆ਜ਼ऱ塒Ζ

StuxnetȞ2010 ԑȟ

Stuxnet ਢॺ壄യऱሽᆰᤘΔழ 2010 ڣ 6 Δᖕॾ

բڇژԫאڣՂشࠀፖ APT ٽΔސᚰிऱረᖺഗ৬

Ζڇรԫၸխ Stuxnet ଈ٣ຘመ Microsoft Windows ٤ዥڜ

ཋᐾΔ൷ထڇጻሁՂᖩٻཋᐾΔሒ᠙ऱՠᄐش

ຌፖໂΔᖄીຌໂਚᎽΖឈຍլਢᙹড়รԫڻ᠙

ᒳᙀ൳ᕴױٽՂรԫೋথਢᚰΔސอ೯ߓՠᄐ

ΰPLCαrootkit ऱრຌΖ

قᇠᤘآࠀኙড়ທ۶ګჾ؈Δிுໂ

থආᆃሎऱໂΔޓאᄅڇຍސڻᚰխ StuxnetధᡏऱໂΙڶᔊऱਢ Stuxnet ऱڍૹཋᐾᖲՈࠌא

ಲנிໂΔტ౨ᄭՕᐗ ChevronΖΔֆᐋق

Stuxnet Chevron ሗאڤᐊޏڼڂᑑΔؾᚰհސॺࠀ

ధᡏԺΔސޔᚰࡎسၜཚ ņ ڼڂ Chevron ऱߓอශ

ᕓΔֆՈא堚ೈڼԫრڤΖ

റ୮Ոڇ Stuxnet ऱࠐᄭᒘփᇠ APT ڶ٨ۥאᚰፖભഏސ

ᣂऱᢞᖕΔឈഏኙڼઃղܡאᎁΖ

22 | ತࠒϞΙфࡄ٩

ӎଢ଼Ȟ2009 ԑȟ

ᄕ٠೯ਢൕ ڣٵᥛࠀխ୶ڣڣ2009 12ऱवټ APTސ

ᚰࠃΔڰਢط Google ڇ 2010 ڣ 1 ֆຝᆵխΙ

ᇠփ୲ਐސנᚰ೯ᄭխഏΔࠀ᠙խഏԳᦞ೯ऱ

Gmail െᇆΖץႁॡΕᥳΕNorthrop GrummanΕᐰ

ᚰऱސڻڼ៣Ոਢڍຯ֏ᖂΰDow Chemicalαฒܓࡖ

ᑑΖؾ

৵ΔMcAfeeسᚰސ ਐސנᚰբشܓ Microsoft Internet Explorer ऱሿழ٤ڜዥ೯ސᚰΔࠀലސᚰټࡎψᄕ٠

೯ωΰOperation AuroraαΖԫ୭ऱߓอᔡధᡏΔՀԫၸ

ऱސᚰᄎאೕᇘګ SSL ຑᒵऱ৵ڤΔຑᒵܓᘭڠΕ

ᐚڠፕሎऱחࡎፖ൳ۻᕴΔץਔڇᔡ᧗ऱ Rackspaceড়െᇆՀചऱᖲᕴΙ୭ऱᖲᕴ൷ထᄎࡨᖩٻჼ

ཕᐝತขࠐᄭΔਢࠐᄭᒘᚏژխऱփ୲Ζ

ড় APTᔞޟᅜᅡհҢ รڇ 1 ΰψᗧ؈ඓऱזᏝωԫᆏαխΔءԳ٨ᜰֆᜯᇷ

றՕᑓ؆ਜ਼ழࢬႊנבऱזᏝΔץਔᦸᢝ၄شΕፆ८ᛜگ

ჾ؈Ιڕ APT ౡ᠙ᄐᇷறޓฃᏝ

ଖऱؾᑑࡋΛ

ᓮጐױ౨უቝΔڕݙऱ APT ભഏਬԫՕᚰਢ᠙ސ

ЁקڕຝЁऱሽԺֆΛ൷ထ٦უቝΔސڕᚰפګధᡏ൳

ሽጻऱٽᎾᜤڠ SCADAΰᅮ൳ፖᇷறឯαߓอΔᖄીᖞ

ଡឰሽ९ሒᑇࢨᑇၜΛ൞౨უቝຍጟސᚰױ౨ऱ

ψዮዳشωႯΛ

3 ണȈᆩၯᔞড23 | ݙ

5 ሽԺጻጏ

ई೭ףࠎ༽ईऄף 5

5 ೯༼ᖲऄᖙ

5 ᠧຄፍ౬ᥓ

5 ᠔ೃࡉሎೖឭ

൞אຍᑌऱސᚰةՈլױ౨سΛᓮᎁట٦უΖᖕഏ

୮ઔߒࠃᄎ 2012 อωߓᆠፖሽԺᙁಬࢠऱψஎڣ

ᝫ߀ណଅௌ૭ऱڣΔᇠפګᚰԫސΔሽԺጻऱጻሁܫ

ጻሁཋᐾऱط៶อૠߓΖԱధᡏ൳ݥՕߠݥጩਢ

რຌΔ౨ࠌભഏᐖՕឰሽ९ሒᑇၜࢨᑇΔᖄીا༬༬Ζ

ᖕᇠܫΔڼᣊސᚰࢬທګऱჾ؈Δ 2012 ऱណଅૹڣ

ௌ૭ທګऱ߀ᣄᝫڍՂړԼᏙભցΖ

ᆩၯၥਟġ

փ୲ΔᓮທΚܫᄎऱࠃߒഏ୮ઔڕ

wwwnapeducatalogphprecord_id=12050 Ζ

APTᔞޟҡڼ ၸᥛࢤዶຘౡऱଳΔᙟထ᠙ऱ୭լڶٵᄕՕ

ฆΖΔመװնࠐڣᥛઔߒ APT ऱጻሁ٤ڜറ୮ڼᣊސ

ᚰऱࡎسၜཚԫીΔઃໂնଡၸΚ

5 ၸ 1ǺຘመߓอዥޡԵॿ

5 ၸ 2ΚڇᔡԵॿऱߓอՂڜᇘრຌ

5 ၸ 3Κඔ೯ኙ؆ຑᒵ

5 ၸ 4Ǻސᚰᖩٻᓍ

5 ၸ 5ΚឯᔡԵॿऱᇷற

24 | ತࠒϞΙфࡄ٩

൷ՀࠐലດԫԵ൶ຍնՕ APT ၜཚၸΖࡎس

ࢲ 1ȈആفಛᅓߑΣ

อዥਢߓ APT ೠפګอรԫၸΖૉ౨ߓᑑ៣ؾᚰԵॿސ

ᒔᢝᇠޓױอዥΔߓᇢቹԵॿإԳڶ APT ࠀᚰސ

ᐙ৫Ζૉ൞ऱᗧᖲऄೠߓޡอԵॿΔঞ APTԵॿጤរΔפګᚰբސڂᓤᠧΔףޓऱ৵ࠐࢬᚰސ

شܓጻሁՂཋᐾრຌڇຘመױ٤ൻਜΔᝫڜధᡏጤរऱױ

ጻሁڃᐸឆ៲೯Ζ

ᖲዥαΔءሽၡΰࢨอዥຏਢຘመጻሁΰጤዥαߓ

ΚڕጻሁढΰڇᒘຏᄎփڤᚰސႚᐾΖڤॵऱא

JavaScriptΕJPGαࢨᚾூΰڕΚXLSΕPDFαΔ៶ڼॿԵ٤ڜڶ

ዥऱᄐߓอࢨᚨشڤΔސࠌᚰ౨ചސᚰڤᒘΔڕࠏ

ചڃᐸਐڃחᐸ CnC რຌΖڍޓᕴΔՀሉۻ

ڇ 2011 ಾኙڣ RSA Security ټᚰխΔԫސ೯ऱࢬ RSA ՠ

ᎈࠌԫڱψ2011 Recruitment planxlsωΰ2011 ᐛթڣ

ૠαऱሽၡΔᇠၡץԱრڤऱ Microsoft ExcelᇢጩॵΔސᚰشࠌפګڼڂሿழ Adobe Flash ዥॿԵ

ψRSA SecurityݠءᛵᇞᇡΔᓮᔹᦰڕอΖΰߓ ᔡࢭࡖ

APT ᚰωೡᖄΖαސ

ᄇፙġ

شᚨࢨอߓᄐ٤ዥऱڜڶᚰధᡏސᒘਢڤอዥߓ

ऱࢬᒘڤᖲചრ៶אۯᖄીᒷᓢᄨࢨಖᖋΔڤ

ڤᒘΖءڇᖲᔡԵॿऱउՀΔشࠌषՠඔ೯ګݙტ

ࢬᏁऱشࠌյ೯ΖૉጤߓอᔡԵॿЁڕោᥦܛՀ

ሉՀሉΰdrive-by downloadαΔঞೈԱທጻ؆ΔլᏁ۶ࠌ

յ೯Ζش

3 ണȈᆩၯᔞড25 | ݙ

ࢲ 2ȈӵᎏΣفޟಛΰԊ၆ඌཎᡝġ

ԫڶዥऱߓอᔡԵॿ৵ᄎചრڤᒘΔലრຌڜ

ᇘڇᔡԵॿऱߓอՂΖທጻࢨຑਊՀᄶቕរᙇΔױ

ᖄીߓشࠌอᔡԵॿࠀტऱრຌధᡏΖ

ኙᓫݾ

ڶጻሁሽၡઃڤAPTౡ೯ऱՐࠐڶࢬॺࠀ

ॵΙխڍਢץຑΔԫشࠌរᙇᇠຑࠀඔጻ

ោᥦᕴΰהࢨᚨشڤΔڕ Adobe ReaderΕMicrosoft Wordࢨ Microsoft Excelα৵Δޢଡຑᄎૹᄅᖄڶٻ base64ᒳᒘ८ᨤឆ៲ऱۯΖឆ៲ऱۯਢਐᆵរΰdropsiteαΔش

ေ۷ោᥦᕴբवऱ٤ڜዥࠀႚڃՀሉڤΖച৵Հሉ

ڤႚಬ base64 ᒳᒘऱਐהחᆵរΔאཋᐾ ΰრ

ຌαΖ

ࢲ 3Ȉంଢ଼ᄇѴጣġ

១ጠࢨጤጥՠΔץᇘऱრຌຏڜՂԫଡၸխڇ

RATΖԫඔ೯ࠀച৵ΔRAT ᄎඔ೯ኙ؆ຑᒵψሽᇩڃ୮ω

ЁຏਢຘመტሽᆰطAPTౡᖙ൳ऱCnCۻᕴ

ऱ SSL യሐΖAPTף ౡլᅀऱ৬مኙ؆ڃᐸຑ

ᒵΔאᝩႚอᄅԫ־זᛥೠΔڼڕԫࠐૉൕॾऱጻ

ሁփඔ೯ࠌױᄐၸၦᠨٻ೯Ζ

ԫ RAT ຑᒵפګ CnC ٤༳൳ᔡԵॿݙױᚰސᕴ৵Δۻ

ऱᖲΖސᚰऱ৵ᥛਐലຘመຑᒵ RAT ऱ CnC ຑࢨᕴۻ

ᒵ CnC ऱ RAT ԫڤႚᙁΖԫߢ৵ऱආش৫ለΔڂ

ൕጻሁփඔ೯؆ຝຑᒵऱᖲለլದრΖ

ࢲ 4Ȉᔞޱᐗөጻ

ᔡԵॿऱጤشࠌሽᆰሎጩᇘᆜլױ౨ץฃᇷறΔ

ڼڂ APT طཋᐾΔჼٻጻሁխᖩڇᚰႊސ IT ጥᖙ

ऱᖲΰא᧗ጥᖇᢞαץᖲയᇷறऱૹۻᕴࡉᇷ

றΔຍթਢ APT ᑑņ ຍਢؾᚰऱސ Flame რڤऱሎ

Ζڤ

26 | ತࠒϞΙфࡄ٩

ᄇፙġ

ᖩٻฝ೯լԫشᔡᙹᖲᄐߓอא؆ऱრຌࢨՠΔ

ڕࠏ command shellΕNetBIOS ΕVNCΕWindows TerminalחࡎServices ՠΖԫۿᖲऱᣊ೭ጤشጻሁጥהࢨ

ԺፖܘڶࢬᚰհছސऱԵᖇᢞ৵Δךڶᖑࠀᑑؾބ

ࡨګΖ

ࢲ 5ȈᘝڥᎏΣޟၥਟ

ຍଡၸऱጻሁԵॿխΔAPTڇ ԿଡᎽᡶΚଈ٣Δڶᚰސ

ૉലؾڶࢬᑑᇷறԫڻΰؾᑑᇷறऱՕຏאԼᏙۯցૠጩα

ႚಬΔױ౨ᄎڂؾᑑۻᕴࢨᇷறנլऱՕၦၦ

ᤛၦฆೠᤞΰૉشࠌ NBA ᇞூΙᓮᔹร 2 αΖ

รԲΔސᚰᏁᒔ൷گᇷறऱᖲլᄎຑڃաຍԫጤऱ

ᇘᆜΖรԿΔૉڤݮڗאႚಬᇷறΔױ౨ᄎᖄીᇷற؆ਜ਼

ᥨΰDLPαߓอᤛᤞΖ൷ထࠐ൶ಘᆖ᠆ऱ APT ౡ

ᄎ۶ڕԫԫຍԿଡᎽᡶΖ

รԫଡᎽᡶΔᜣऱڕ APT ᇷࢨᕴۻᑑؾᚰᄎ٣ൕސ

றψޅωዶዥᇷறЁױ౨אڻޢ 50-100 Ιۯցۯᆄۍ

യᒘঅᥨऱڶګಖᙕᖞࢨऄঞਢലᚾூԫጟ RAR ᚘᚾΖ

ᄇፙġ

ࠄڶ RAR ᚾூױڍ٨ݧऱԫຝΔސࠌᚰ౨ലՕၦ

ᇷற֊ګΖޢԫଡ RAR ᚾூຟᄎڶ૪ᒳᇆऱ೫

ᚾټΔڕࠏ part1rarΰรԫଡαΕpart2rarΕpart3rarΔ ᣊංΖڼא

รԲଡᎽᡶპڶរᣄ৫ΖސᚰუጐຒฆጤᇷறΔԾ

լ౨কᙠނᇷறႚಬױ౨ᄎಳڃաᇘᆜऱᖲΖԱᇞ

ຍଡംᠲΔސᚰױ౨ᄎᙇᖗطጤ೭ࠎᚨ൳ጥऱဠᚵ

ᖲᑉژΰstaging areaαΙڼڕԫڇױࠐᇷறឯ৵ܛمኻᄤ

ᖲΖ

ଡޢຘመኙױၸऱ৵ԫଡᎽᡶঞڼ RAR ᚾூףയΔ৵

ΰຏຘመ FTPαႚಬᑉژᖲࠐధᇞΖՕڍᑇ RAR ᚾூག

ൎՕऱ AES 128 ΖشയբᆖॺജףउՀຍᑌऱڼڇയΔףցۯ

3 ണȈᆩၯᔞড27 | ݙ

௫ႺᙹȂฒଡġޱᔞ ϸġ

ૉᄐࢨਙᖲዌუೠ APTΔސڇᚰսڇழਢլ

ᑇڍՕڂ౨ೠΙױ APT ൽ堸Ζᚰຟॺᖐސ

Հਢא APT ࢬೠ৵Δᝩګݙᚰސᚰཚፖސڇᚰސ

ክشऱऄΚ

5 ཬԵრຌΔཋ IT ᇷಛ٤ڜԳऱრԺΕฝ

រΖ

5 ཋᐾઌኙለլঅᥨΔ ࢳ٤ݙᄕጤउՀթᄎڇڶ

ೈऱጻሁش٥ᚾூΖ

5 ۻشᕴΰstaging serverαᚘᚾூ৵ല

ೈΖܔ

5 ૉۻشᕴطጤ൳ጥঞലᇠۻᕴܔೈΔૉސطᚰ

൳ঞലᠦᒵΖ

5 ᇞೈࡨԵរऱრຌΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

22 | ತࠒϞΙфࡄ٩

ӎଢ଼Ȟ2009 ԑȟ

ᄕ٠೯ਢൕ ڣٵᥛࠀխ୶ڣڣ2009 12ऱवټ APTސ

ᚰࠃΔڰਢط Google ڇ 2010 ڣ 1 ֆຝᆵխΙ

ᇠփ୲ਐސנᚰ೯ᄭխഏΔࠀ᠙խഏԳᦞ೯ऱ

Gmail െᇆΖץႁॡΕᥳΕNorthrop GrummanΕᐰ

ᚰऱސڻڼ៣Ոਢڍຯ֏ᖂΰDow Chemicalαฒܓࡖ

ᑑΖؾ

৵ΔMcAfeeسᚰސ ਐސנᚰբشܓ Microsoft Internet Explorer ऱሿழ٤ڜዥ೯ސᚰΔࠀലސᚰټࡎψᄕ٠

೯ωΰOperation AuroraαΖԫ୭ऱߓอᔡధᡏΔՀԫၸ

ऱސᚰᄎאೕᇘګ SSL ຑᒵऱ৵ڤΔຑᒵܓᘭڠΕ

ᐚڠፕሎऱחࡎፖ൳ۻᕴΔץਔڇᔡ᧗ऱ Rackspaceড়െᇆՀചऱᖲᕴΙ୭ऱᖲᕴ൷ထᄎࡨᖩٻჼ

ཕᐝತขࠐᄭΔਢࠐᄭᒘᚏژխऱփ୲Ζ

ড় APTᔞޟᅜᅡհҢ รڇ 1 ΰψᗧ؈ඓऱזᏝωԫᆏαխΔءԳ٨ᜰֆᜯᇷ

றՕᑓ؆ਜ਼ழࢬႊנבऱזᏝΔץਔᦸᢝ၄شΕፆ८ᛜگ

ჾ؈Ιڕ APT ౡ᠙ᄐᇷறޓฃᏝ

ଖऱؾᑑࡋΛ

ᓮጐױ౨უቝΔڕݙऱ APT ભഏਬԫՕᚰਢ᠙ސ

ЁקڕຝЁऱሽԺֆΛ൷ထ٦უቝΔސڕᚰפګధᡏ൳

ሽጻऱٽᎾᜤڠ SCADAΰᅮ൳ፖᇷறឯαߓอΔᖄીᖞ

ଡឰሽ९ሒᑇࢨᑇၜΛ൞౨უቝຍጟސᚰױ౨ऱ

ψዮዳشωႯΛ

3 ണȈᆩၯᔞড23 | ݙ

5 ሽԺጻጏ

ई೭ףࠎ༽ईऄף 5

5 ೯༼ᖲऄᖙ

5 ᠧຄፍ౬ᥓ

5 ᠔ೃࡉሎೖឭ

൞אຍᑌऱސᚰةՈլױ౨سΛᓮᎁట٦უΖᖕഏ

୮ઔߒࠃᄎ 2012 อωߓᆠፖሽԺᙁಬࢠऱψஎڣ

ᝫ߀ណଅௌ૭ऱڣΔᇠפګᚰԫސΔሽԺጻऱጻሁܫ

ጻሁཋᐾऱط៶อૠߓΖԱధᡏ൳ݥՕߠݥጩਢ

რຌΔ౨ࠌભഏᐖՕឰሽ९ሒᑇၜࢨᑇΔᖄીا༬༬Ζ

ᖕᇠܫΔڼᣊސᚰࢬທګऱჾ؈Δ 2012 ऱណଅૹڣ

ௌ૭ທګऱ߀ᣄᝫڍՂړԼᏙભցΖ

ᆩၯၥਟġ

փ୲ΔᓮທΚܫᄎऱࠃߒഏ୮ઔڕ

wwwnapeducatalogphprecord_id=12050 Ζ

APTᔞޟҡڼ ၸᥛࢤዶຘౡऱଳΔᙟထ᠙ऱ୭լڶٵᄕՕ

ฆΖΔመװնࠐڣᥛઔߒ APT ऱጻሁ٤ڜറ୮ڼᣊސ

ᚰऱࡎسၜཚԫીΔઃໂնଡၸΚ

5 ၸ 1ǺຘመߓอዥޡԵॿ

5 ၸ 2ΚڇᔡԵॿऱߓอՂڜᇘრຌ

5 ၸ 3Κඔ೯ኙ؆ຑᒵ

5 ၸ 4Ǻސᚰᖩٻᓍ

5 ၸ 5ΚឯᔡԵॿऱᇷற

24 | ತࠒϞΙфࡄ٩

൷ՀࠐലດԫԵ൶ຍնՕ APT ၜཚၸΖࡎس

ࢲ 1ȈആفಛᅓߑΣ

อዥਢߓ APT ೠפګอรԫၸΖૉ౨ߓᑑ៣ؾᚰԵॿސ

ᒔᢝᇠޓױอዥΔߓᇢቹԵॿإԳڶ APT ࠀᚰސ

ᐙ৫Ζૉ൞ऱᗧᖲऄೠߓޡอԵॿΔঞ APTԵॿጤរΔפګᚰբސڂᓤᠧΔףޓऱ৵ࠐࢬᚰސ

شܓጻሁՂཋᐾრຌڇຘመױ٤ൻਜΔᝫڜధᡏጤរऱױ

ጻሁڃᐸឆ៲೯Ζ

ᖲዥαΔءሽၡΰࢨอዥຏਢຘመጻሁΰጤዥαߓ

ΚڕጻሁढΰڇᒘຏᄎփڤᚰސႚᐾΖڤॵऱא

JavaScriptΕJPGαࢨᚾூΰڕΚXLSΕPDFαΔ៶ڼॿԵ٤ڜڶ

ዥऱᄐߓอࢨᚨشڤΔސࠌᚰ౨ചސᚰڤᒘΔڕࠏ

ചڃᐸਐڃחᐸ CnC რຌΖڍޓᕴΔՀሉۻ

ڇ 2011 ಾኙڣ RSA Security ټᚰխΔԫސ೯ऱࢬ RSA ՠ

ᎈࠌԫڱψ2011 Recruitment planxlsωΰ2011 ᐛթڣ

ૠαऱሽၡΔᇠၡץԱრڤऱ Microsoft ExcelᇢጩॵΔސᚰشࠌפګڼڂሿழ Adobe Flash ዥॿԵ

ψRSA SecurityݠءᛵᇞᇡΔᓮᔹᦰڕอΖΰߓ ᔡࢭࡖ

APT ᚰωೡᖄΖαސ

ᄇፙġ

شᚨࢨอߓᄐ٤ዥऱڜڶᚰధᡏސᒘਢڤอዥߓ

ऱࢬᒘڤᖲചრ៶אۯᖄીᒷᓢᄨࢨಖᖋΔڤ

ڤᒘΖءڇᖲᔡԵॿऱउՀΔشࠌषՠඔ೯ګݙტ

ࢬᏁऱشࠌյ೯ΖૉጤߓอᔡԵॿЁڕោᥦܛՀ

ሉՀሉΰdrive-by downloadαΔঞೈԱທጻ؆ΔլᏁ۶ࠌ

յ೯Ζش

3 ണȈᆩၯᔞড25 | ݙ

ࢲ 2ȈӵᎏΣفޟಛΰԊ၆ඌཎᡝġ

ԫڶዥऱߓอᔡԵॿ৵ᄎചრڤᒘΔലრຌڜ

ᇘڇᔡԵॿऱߓอՂΖທጻࢨຑਊՀᄶቕរᙇΔױ

ᖄીߓشࠌอᔡԵॿࠀტऱრຌధᡏΖ

ኙᓫݾ

ڶጻሁሽၡઃڤAPTౡ೯ऱՐࠐڶࢬॺࠀ

ॵΙխڍਢץຑΔԫشࠌរᙇᇠຑࠀඔጻ

ោᥦᕴΰהࢨᚨشڤΔڕ Adobe ReaderΕMicrosoft Wordࢨ Microsoft Excelα৵Δޢଡຑᄎૹᄅᖄڶٻ base64ᒳᒘ८ᨤឆ៲ऱۯΖឆ៲ऱۯਢਐᆵរΰdropsiteαΔش

ေ۷ោᥦᕴբवऱ٤ڜዥࠀႚڃՀሉڤΖച৵Հሉ

ڤႚಬ base64 ᒳᒘऱਐהחᆵរΔאཋᐾ ΰრ

ຌαΖ

ࢲ 3Ȉంଢ଼ᄇѴጣġ

១ጠࢨጤጥՠΔץᇘऱრຌຏڜՂԫଡၸխڇ

RATΖԫඔ೯ࠀച৵ΔRAT ᄎඔ೯ኙ؆ຑᒵψሽᇩڃ୮ω

ЁຏਢຘመტሽᆰطAPTౡᖙ൳ऱCnCۻᕴ

ऱ SSL യሐΖAPTף ౡլᅀऱ৬مኙ؆ڃᐸຑ

ᒵΔאᝩႚอᄅԫ־זᛥೠΔڼڕԫࠐૉൕॾऱጻ

ሁփඔ೯ࠌױᄐၸၦᠨٻ೯Ζ

ԫ RAT ຑᒵפګ CnC ٤༳൳ᔡԵॿݙױᚰސᕴ৵Δۻ

ऱᖲΖސᚰऱ৵ᥛਐലຘመຑᒵ RAT ऱ CnC ຑࢨᕴۻ

ᒵ CnC ऱ RAT ԫڤႚᙁΖԫߢ৵ऱආش৫ለΔڂ

ൕጻሁփඔ೯؆ຝຑᒵऱᖲለլದრΖ

ࢲ 4Ȉᔞޱᐗөጻ

ᔡԵॿऱጤشࠌሽᆰሎጩᇘᆜլױ౨ץฃᇷறΔ

ڼڂ APT طཋᐾΔჼٻጻሁխᖩڇᚰႊސ IT ጥᖙ

ऱᖲΰא᧗ጥᖇᢞαץᖲയᇷறऱૹۻᕴࡉᇷ

றΔຍթਢ APT ᑑņ ຍਢؾᚰऱސ Flame რڤऱሎ

Ζڤ

26 | ತࠒϞΙфࡄ٩

ᄇፙġ

ᖩٻฝ೯լԫشᔡᙹᖲᄐߓอא؆ऱრຌࢨՠΔ

ڕࠏ command shellΕNetBIOS ΕVNCΕWindows TerminalחࡎServices ՠΖԫۿᖲऱᣊ೭ጤشጻሁጥהࢨ

ԺፖܘڶࢬᚰհছސऱԵᖇᢞ৵Δךڶᖑࠀᑑؾބ

ࡨګΖ

ࢲ 5ȈᘝڥᎏΣޟၥਟ

ຍଡၸऱጻሁԵॿխΔAPTڇ ԿଡᎽᡶΚଈ٣Δڶᚰސ

ૉലؾڶࢬᑑᇷறԫڻΰؾᑑᇷறऱՕຏאԼᏙۯցૠጩα

ႚಬΔױ౨ᄎڂؾᑑۻᕴࢨᇷறנլऱՕၦၦ

ᤛၦฆೠᤞΰૉشࠌ NBA ᇞூΙᓮᔹร 2 αΖ

รԲΔސᚰᏁᒔ൷گᇷறऱᖲլᄎຑڃաຍԫጤऱ

ᇘᆜΖรԿΔૉڤݮڗאႚಬᇷறΔױ౨ᄎᖄીᇷற؆ਜ਼

ᥨΰDLPαߓอᤛᤞΖ൷ထࠐ൶ಘᆖ᠆ऱ APT ౡ

ᄎ۶ڕԫԫຍԿଡᎽᡶΖ

รԫଡᎽᡶΔᜣऱڕ APT ᇷࢨᕴۻᑑؾᚰᄎ٣ൕސ

றψޅωዶዥᇷறЁױ౨אڻޢ 50-100 Ιۯցۯᆄۍ

യᒘঅᥨऱڶګಖᙕᖞࢨऄঞਢലᚾூԫጟ RAR ᚘᚾΖ

ᄇፙġ

ࠄڶ RAR ᚾூױڍ٨ݧऱԫຝΔސࠌᚰ౨ലՕၦ

ᇷற֊ګΖޢԫଡ RAR ᚾூຟᄎڶ૪ᒳᇆऱ೫

ᚾټΔڕࠏ part1rarΰรԫଡαΕpart2rarΕpart3rarΔ ᣊංΖڼא

รԲଡᎽᡶპڶរᣄ৫ΖސᚰუጐຒฆጤᇷறΔԾ

լ౨কᙠނᇷறႚಬױ౨ᄎಳڃաᇘᆜऱᖲΖԱᇞ

ຍଡംᠲΔސᚰױ౨ᄎᙇᖗطጤ೭ࠎᚨ൳ጥऱဠᚵ

ᖲᑉژΰstaging areaαΙڼڕԫڇױࠐᇷறឯ৵ܛمኻᄤ

ᖲΖ

ଡޢຘመኙױၸऱ৵ԫଡᎽᡶঞڼ RAR ᚾூףയΔ৵

ΰຏຘመ FTPαႚಬᑉژᖲࠐధᇞΖՕڍᑇ RAR ᚾூག

ൎՕऱ AES 128 ΖشയբᆖॺജףउՀຍᑌऱڼڇയΔףցۯ

3 ണȈᆩၯᔞড27 | ݙ

௫ႺᙹȂฒଡġޱᔞ ϸġ

ૉᄐࢨਙᖲዌუೠ APTΔސڇᚰսڇழਢլ

ᑇڍՕڂ౨ೠΙױ APT ൽ堸Ζᚰຟॺᖐސ

Հਢא APT ࢬೠ৵Δᝩګݙᚰސᚰཚፖސڇᚰސ

ክشऱऄΚ

5 ཬԵრຌΔཋ IT ᇷಛ٤ڜԳऱრԺΕฝ

រΖ

5 ཋᐾઌኙለլঅᥨΔ ࢳ٤ݙᄕጤउՀթᄎڇڶ

ೈऱጻሁش٥ᚾூΖ

5 ۻشᕴΰstaging serverαᚘᚾூ৵ല

ೈΖܔ

5 ૉۻشᕴطጤ൳ጥঞലᇠۻᕴܔೈΔૉސطᚰ

൳ঞലᠦᒵΖ

5 ᇞೈࡨԵរऱრຌΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

3 ണȈᆩၯᔞড23 | ݙ

5 ሽԺጻጏ

ई೭ףࠎ༽ईऄף 5

5 ೯༼ᖲऄᖙ

5 ᠧຄፍ౬ᥓ

5 ᠔ೃࡉሎೖឭ

൞אຍᑌऱސᚰةՈլױ౨سΛᓮᎁట٦უΖᖕഏ

୮ઔߒࠃᄎ 2012 อωߓᆠፖሽԺᙁಬࢠऱψஎڣ

ᝫ߀ណଅௌ૭ऱڣΔᇠפګᚰԫސΔሽԺጻऱጻሁܫ

ጻሁཋᐾऱط៶อૠߓΖԱధᡏ൳ݥՕߠݥጩਢ

რຌΔ౨ࠌભഏᐖՕឰሽ९ሒᑇၜࢨᑇΔᖄીا༬༬Ζ

ᖕᇠܫΔڼᣊސᚰࢬທګऱჾ؈Δ 2012 ऱណଅૹڣ

ௌ૭ທګऱ߀ᣄᝫڍՂړԼᏙભցΖ

ᆩၯၥਟġ

փ୲ΔᓮທΚܫᄎऱࠃߒഏ୮ઔڕ

wwwnapeducatalogphprecord_id=12050 Ζ

APTᔞޟҡڼ ၸᥛࢤዶຘౡऱଳΔᙟထ᠙ऱ୭լڶٵᄕՕ

ฆΖΔመװնࠐڣᥛઔߒ APT ऱጻሁ٤ڜറ୮ڼᣊސ

ᚰऱࡎسၜཚԫીΔઃໂնଡၸΚ

5 ၸ 1ǺຘመߓอዥޡԵॿ

5 ၸ 2ΚڇᔡԵॿऱߓอՂڜᇘრຌ

5 ၸ 3Κඔ೯ኙ؆ຑᒵ

5 ၸ 4Ǻސᚰᖩٻᓍ

5 ၸ 5ΚឯᔡԵॿऱᇷற

24 | ತࠒϞΙфࡄ٩

൷ՀࠐലດԫԵ൶ຍնՕ APT ၜཚၸΖࡎس

ࢲ 1ȈആفಛᅓߑΣ

อዥਢߓ APT ೠפګอรԫၸΖૉ౨ߓᑑ៣ؾᚰԵॿސ

ᒔᢝᇠޓױอዥΔߓᇢቹԵॿإԳڶ APT ࠀᚰސ

ᐙ৫Ζૉ൞ऱᗧᖲऄೠߓޡอԵॿΔঞ APTԵॿጤរΔפګᚰբސڂᓤᠧΔףޓऱ৵ࠐࢬᚰސ

شܓጻሁՂཋᐾრຌڇຘመױ٤ൻਜΔᝫڜధᡏጤរऱױ

ጻሁڃᐸឆ៲೯Ζ

ᖲዥαΔءሽၡΰࢨอዥຏਢຘመጻሁΰጤዥαߓ

ΚڕጻሁढΰڇᒘຏᄎփڤᚰސႚᐾΖڤॵऱא

JavaScriptΕJPGαࢨᚾூΰڕΚXLSΕPDFαΔ៶ڼॿԵ٤ڜڶ

ዥऱᄐߓอࢨᚨشڤΔސࠌᚰ౨ചސᚰڤᒘΔڕࠏ

ചڃᐸਐڃחᐸ CnC რຌΖڍޓᕴΔՀሉۻ

ڇ 2011 ಾኙڣ RSA Security ټᚰխΔԫސ೯ऱࢬ RSA ՠ

ᎈࠌԫڱψ2011 Recruitment planxlsωΰ2011 ᐛթڣ

ૠαऱሽၡΔᇠၡץԱრڤऱ Microsoft ExcelᇢጩॵΔސᚰشࠌפګڼڂሿழ Adobe Flash ዥॿԵ

ψRSA SecurityݠءᛵᇞᇡΔᓮᔹᦰڕอΖΰߓ ᔡࢭࡖ

APT ᚰωೡᖄΖαސ

ᄇፙġ

شᚨࢨอߓᄐ٤ዥऱڜڶᚰధᡏސᒘਢڤอዥߓ

ऱࢬᒘڤᖲചრ៶אۯᖄીᒷᓢᄨࢨಖᖋΔڤ

ڤᒘΖءڇᖲᔡԵॿऱउՀΔشࠌषՠඔ೯ګݙტ

ࢬᏁऱشࠌյ೯ΖૉጤߓอᔡԵॿЁڕោᥦܛՀ

ሉՀሉΰdrive-by downloadαΔঞೈԱທጻ؆ΔլᏁ۶ࠌ

յ೯Ζش

3 ണȈᆩၯᔞড25 | ݙ

ࢲ 2ȈӵᎏΣفޟಛΰԊ၆ඌཎᡝġ

ԫڶዥऱߓอᔡԵॿ৵ᄎചრڤᒘΔലრຌڜ

ᇘڇᔡԵॿऱߓอՂΖທጻࢨຑਊՀᄶቕរᙇΔױ

ᖄીߓشࠌอᔡԵॿࠀტऱრຌధᡏΖ

ኙᓫݾ

ڶጻሁሽၡઃڤAPTౡ೯ऱՐࠐڶࢬॺࠀ

ॵΙխڍਢץຑΔԫشࠌរᙇᇠຑࠀඔጻ

ោᥦᕴΰהࢨᚨشڤΔڕ Adobe ReaderΕMicrosoft Wordࢨ Microsoft Excelα৵Δޢଡຑᄎૹᄅᖄڶٻ base64ᒳᒘ८ᨤឆ៲ऱۯΖឆ៲ऱۯਢਐᆵរΰdropsiteαΔش

ေ۷ោᥦᕴբवऱ٤ڜዥࠀႚڃՀሉڤΖച৵Հሉ

ڤႚಬ base64 ᒳᒘऱਐהחᆵរΔאཋᐾ ΰრ

ຌαΖ

ࢲ 3Ȉంଢ଼ᄇѴጣġ

១ጠࢨጤጥՠΔץᇘऱრຌຏڜՂԫଡၸխڇ

RATΖԫඔ೯ࠀച৵ΔRAT ᄎඔ೯ኙ؆ຑᒵψሽᇩڃ୮ω

ЁຏਢຘመტሽᆰطAPTౡᖙ൳ऱCnCۻᕴ

ऱ SSL യሐΖAPTף ౡլᅀऱ৬مኙ؆ڃᐸຑ

ᒵΔאᝩႚอᄅԫ־זᛥೠΔڼڕԫࠐૉൕॾऱጻ

ሁփඔ೯ࠌױᄐၸၦᠨٻ೯Ζ

ԫ RAT ຑᒵפګ CnC ٤༳൳ᔡԵॿݙױᚰސᕴ৵Δۻ

ऱᖲΖސᚰऱ৵ᥛਐലຘመຑᒵ RAT ऱ CnC ຑࢨᕴۻ

ᒵ CnC ऱ RAT ԫڤႚᙁΖԫߢ৵ऱආش৫ለΔڂ

ൕጻሁփඔ೯؆ຝຑᒵऱᖲለլದრΖ

ࢲ 4Ȉᔞޱᐗөጻ

ᔡԵॿऱጤشࠌሽᆰሎጩᇘᆜլױ౨ץฃᇷறΔ

ڼڂ APT طཋᐾΔჼٻጻሁխᖩڇᚰႊސ IT ጥᖙ

ऱᖲΰא᧗ጥᖇᢞαץᖲയᇷறऱૹۻᕴࡉᇷ

றΔຍթਢ APT ᑑņ ຍਢؾᚰऱސ Flame რڤऱሎ

Ζڤ

26 | ತࠒϞΙфࡄ٩

ᄇፙġ

ᖩٻฝ೯լԫشᔡᙹᖲᄐߓอא؆ऱრຌࢨՠΔ

ڕࠏ command shellΕNetBIOS ΕVNCΕWindows TerminalחࡎServices ՠΖԫۿᖲऱᣊ೭ጤشጻሁጥהࢨ

ԺፖܘڶࢬᚰհছސऱԵᖇᢞ৵Δךڶᖑࠀᑑؾބ

ࡨګΖ

ࢲ 5ȈᘝڥᎏΣޟၥਟ

ຍଡၸऱጻሁԵॿխΔAPTڇ ԿଡᎽᡶΚଈ٣Δڶᚰސ

ૉലؾڶࢬᑑᇷறԫڻΰؾᑑᇷறऱՕຏאԼᏙۯցૠጩα

ႚಬΔױ౨ᄎڂؾᑑۻᕴࢨᇷறנլऱՕၦၦ

ᤛၦฆೠᤞΰૉشࠌ NBA ᇞூΙᓮᔹร 2 αΖ

รԲΔސᚰᏁᒔ൷گᇷறऱᖲլᄎຑڃաຍԫጤऱ

ᇘᆜΖรԿΔૉڤݮڗאႚಬᇷறΔױ౨ᄎᖄીᇷற؆ਜ਼

ᥨΰDLPαߓอᤛᤞΖ൷ထࠐ൶ಘᆖ᠆ऱ APT ౡ

ᄎ۶ڕԫԫຍԿଡᎽᡶΖ

รԫଡᎽᡶΔᜣऱڕ APT ᇷࢨᕴۻᑑؾᚰᄎ٣ൕސ

றψޅωዶዥᇷறЁױ౨אڻޢ 50-100 Ιۯցۯᆄۍ

യᒘঅᥨऱڶګಖᙕᖞࢨऄঞਢലᚾூԫጟ RAR ᚘᚾΖ

ᄇፙġ

ࠄڶ RAR ᚾூױڍ٨ݧऱԫຝΔސࠌᚰ౨ലՕၦ

ᇷற֊ګΖޢԫଡ RAR ᚾூຟᄎڶ૪ᒳᇆऱ೫

ᚾټΔڕࠏ part1rarΰรԫଡαΕpart2rarΕpart3rarΔ ᣊංΖڼא

รԲଡᎽᡶპڶរᣄ৫ΖސᚰუጐຒฆጤᇷறΔԾ

լ౨কᙠނᇷறႚಬױ౨ᄎಳڃաᇘᆜऱᖲΖԱᇞ

ຍଡംᠲΔސᚰױ౨ᄎᙇᖗطጤ೭ࠎᚨ൳ጥऱဠᚵ

ᖲᑉژΰstaging areaαΙڼڕԫڇױࠐᇷறឯ৵ܛمኻᄤ

ᖲΖ

ଡޢຘመኙױၸऱ৵ԫଡᎽᡶঞڼ RAR ᚾூףയΔ৵

ΰຏຘመ FTPαႚಬᑉژᖲࠐధᇞΖՕڍᑇ RAR ᚾூག

ൎՕऱ AES 128 ΖشയբᆖॺജףउՀຍᑌऱڼڇയΔףցۯ

3 ണȈᆩၯᔞড27 | ݙ

௫ႺᙹȂฒଡġޱᔞ ϸġ

ૉᄐࢨਙᖲዌუೠ APTΔސڇᚰսڇழਢլ

ᑇڍՕڂ౨ೠΙױ APT ൽ堸Ζᚰຟॺᖐސ

Հਢא APT ࢬೠ৵Δᝩګݙᚰސᚰཚፖސڇᚰސ

ክشऱऄΚ

5 ཬԵრຌΔཋ IT ᇷಛ٤ڜԳऱრԺΕฝ

រΖ

5 ཋᐾઌኙለլঅᥨΔ ࢳ٤ݙᄕጤउՀթᄎڇڶ

ೈऱጻሁش٥ᚾூΖ

5 ۻشᕴΰstaging serverαᚘᚾூ৵ല

ೈΖܔ

5 ૉۻشᕴطጤ൳ጥঞലᇠۻᕴܔೈΔૉސطᚰ

൳ঞലᠦᒵΖ

5 ᇞೈࡨԵរऱრຌΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

24 | ತࠒϞΙфࡄ٩

൷ՀࠐലດԫԵ൶ຍնՕ APT ၜཚၸΖࡎس

ࢲ 1ȈആفಛᅓߑΣ

อዥਢߓ APT ೠפګอรԫၸΖૉ౨ߓᑑ៣ؾᚰԵॿސ

ᒔᢝᇠޓױอዥΔߓᇢቹԵॿإԳڶ APT ࠀᚰސ

ᐙ৫Ζૉ൞ऱᗧᖲऄೠߓޡอԵॿΔঞ APTԵॿጤរΔפګᚰբސڂᓤᠧΔףޓऱ৵ࠐࢬᚰސ

شܓጻሁՂཋᐾრຌڇຘመױ٤ൻਜΔᝫڜధᡏጤរऱױ

ጻሁڃᐸឆ៲೯Ζ

ᖲዥαΔءሽၡΰࢨอዥຏਢຘመጻሁΰጤዥαߓ

ΚڕጻሁढΰڇᒘຏᄎփڤᚰސႚᐾΖڤॵऱא

JavaScriptΕJPGαࢨᚾூΰڕΚXLSΕPDFαΔ៶ڼॿԵ٤ڜڶ

ዥऱᄐߓอࢨᚨشڤΔސࠌᚰ౨ചސᚰڤᒘΔڕࠏ

ചڃᐸਐڃחᐸ CnC რຌΖڍޓᕴΔՀሉۻ

ڇ 2011 ಾኙڣ RSA Security ټᚰխΔԫސ೯ऱࢬ RSA ՠ

ᎈࠌԫڱψ2011 Recruitment planxlsωΰ2011 ᐛթڣ

ૠαऱሽၡΔᇠၡץԱრڤऱ Microsoft ExcelᇢጩॵΔސᚰشࠌפګڼڂሿழ Adobe Flash ዥॿԵ

ψRSA SecurityݠءᛵᇞᇡΔᓮᔹᦰڕอΖΰߓ ᔡࢭࡖ

APT ᚰωೡᖄΖαސ

ᄇፙġ

شᚨࢨอߓᄐ٤ዥऱڜڶᚰధᡏސᒘਢڤอዥߓ

ऱࢬᒘڤᖲചრ៶אۯᖄીᒷᓢᄨࢨಖᖋΔڤ

ڤᒘΖءڇᖲᔡԵॿऱउՀΔشࠌषՠඔ೯ګݙტ

ࢬᏁऱشࠌյ೯ΖૉጤߓอᔡԵॿЁڕោᥦܛՀ

ሉՀሉΰdrive-by downloadαΔঞೈԱທጻ؆ΔլᏁ۶ࠌ

յ೯Ζش

3 ണȈᆩၯᔞড25 | ݙ

ࢲ 2ȈӵᎏΣفޟಛΰԊ၆ඌཎᡝġ

ԫڶዥऱߓอᔡԵॿ৵ᄎചრڤᒘΔലრຌڜ

ᇘڇᔡԵॿऱߓอՂΖທጻࢨຑਊՀᄶቕរᙇΔױ

ᖄીߓشࠌอᔡԵॿࠀტऱრຌధᡏΖ

ኙᓫݾ

ڶጻሁሽၡઃڤAPTౡ೯ऱՐࠐڶࢬॺࠀ

ॵΙխڍਢץຑΔԫشࠌរᙇᇠຑࠀඔጻ

ោᥦᕴΰהࢨᚨشڤΔڕ Adobe ReaderΕMicrosoft Wordࢨ Microsoft Excelα৵Δޢଡຑᄎૹᄅᖄڶٻ base64ᒳᒘ८ᨤឆ៲ऱۯΖឆ៲ऱۯਢਐᆵរΰdropsiteαΔش

ေ۷ោᥦᕴբवऱ٤ڜዥࠀႚڃՀሉڤΖച৵Հሉ

ڤႚಬ base64 ᒳᒘऱਐהחᆵរΔאཋᐾ ΰრ

ຌαΖ

ࢲ 3Ȉంଢ଼ᄇѴጣġ

១ጠࢨጤጥՠΔץᇘऱრຌຏڜՂԫଡၸխڇ

RATΖԫඔ೯ࠀച৵ΔRAT ᄎඔ೯ኙ؆ຑᒵψሽᇩڃ୮ω

ЁຏਢຘመტሽᆰطAPTౡᖙ൳ऱCnCۻᕴ

ऱ SSL യሐΖAPTף ౡլᅀऱ৬مኙ؆ڃᐸຑ

ᒵΔאᝩႚอᄅԫ־זᛥೠΔڼڕԫࠐૉൕॾऱጻ

ሁփඔ೯ࠌױᄐၸၦᠨٻ೯Ζ

ԫ RAT ຑᒵפګ CnC ٤༳൳ᔡԵॿݙױᚰސᕴ৵Δۻ

ऱᖲΖސᚰऱ৵ᥛਐലຘመຑᒵ RAT ऱ CnC ຑࢨᕴۻ

ᒵ CnC ऱ RAT ԫڤႚᙁΖԫߢ৵ऱආش৫ለΔڂ

ൕጻሁփඔ೯؆ຝຑᒵऱᖲለլದრΖ

ࢲ 4Ȉᔞޱᐗөጻ

ᔡԵॿऱጤشࠌሽᆰሎጩᇘᆜլױ౨ץฃᇷறΔ

ڼڂ APT طཋᐾΔჼٻጻሁխᖩڇᚰႊސ IT ጥᖙ

ऱᖲΰא᧗ጥᖇᢞαץᖲയᇷறऱૹۻᕴࡉᇷ

றΔຍթਢ APT ᑑņ ຍਢؾᚰऱސ Flame რڤऱሎ

Ζڤ

26 | ತࠒϞΙфࡄ٩

ᄇፙġ

ᖩٻฝ೯լԫشᔡᙹᖲᄐߓอא؆ऱრຌࢨՠΔ

ڕࠏ command shellΕNetBIOS ΕVNCΕWindows TerminalחࡎServices ՠΖԫۿᖲऱᣊ೭ጤشጻሁጥהࢨ

ԺፖܘڶࢬᚰհছސऱԵᖇᢞ৵Δךڶᖑࠀᑑؾބ

ࡨګΖ

ࢲ 5ȈᘝڥᎏΣޟၥਟ

ຍଡၸऱጻሁԵॿխΔAPTڇ ԿଡᎽᡶΚଈ٣Δڶᚰސ

ૉലؾڶࢬᑑᇷறԫڻΰؾᑑᇷறऱՕຏאԼᏙۯցૠጩα

ႚಬΔױ౨ᄎڂؾᑑۻᕴࢨᇷறנլऱՕၦၦ

ᤛၦฆೠᤞΰૉشࠌ NBA ᇞூΙᓮᔹร 2 αΖ

รԲΔސᚰᏁᒔ൷گᇷறऱᖲլᄎຑڃաຍԫጤऱ

ᇘᆜΖรԿΔૉڤݮڗאႚಬᇷறΔױ౨ᄎᖄીᇷற؆ਜ਼

ᥨΰDLPαߓอᤛᤞΖ൷ထࠐ൶ಘᆖ᠆ऱ APT ౡ

ᄎ۶ڕԫԫຍԿଡᎽᡶΖ

รԫଡᎽᡶΔᜣऱڕ APT ᇷࢨᕴۻᑑؾᚰᄎ٣ൕސ

றψޅωዶዥᇷறЁױ౨אڻޢ 50-100 Ιۯցۯᆄۍ

യᒘঅᥨऱڶګಖᙕᖞࢨऄঞਢലᚾூԫጟ RAR ᚘᚾΖ

ᄇፙġ

ࠄڶ RAR ᚾூױڍ٨ݧऱԫຝΔސࠌᚰ౨ലՕၦ

ᇷற֊ګΖޢԫଡ RAR ᚾூຟᄎڶ૪ᒳᇆऱ೫

ᚾټΔڕࠏ part1rarΰรԫଡαΕpart2rarΕpart3rarΔ ᣊංΖڼא

รԲଡᎽᡶპڶរᣄ৫ΖސᚰუጐຒฆጤᇷறΔԾ

լ౨কᙠނᇷறႚಬױ౨ᄎಳڃաᇘᆜऱᖲΖԱᇞ

ຍଡംᠲΔސᚰױ౨ᄎᙇᖗطጤ೭ࠎᚨ൳ጥऱဠᚵ

ᖲᑉژΰstaging areaαΙڼڕԫڇױࠐᇷறឯ৵ܛمኻᄤ

ᖲΖ

ଡޢຘመኙױၸऱ৵ԫଡᎽᡶঞڼ RAR ᚾூףയΔ৵

ΰຏຘመ FTPαႚಬᑉژᖲࠐధᇞΖՕڍᑇ RAR ᚾூག

ൎՕऱ AES 128 ΖشയբᆖॺജףउՀຍᑌऱڼڇയΔףցۯ

3 ണȈᆩၯᔞড27 | ݙ

௫ႺᙹȂฒଡġޱᔞ ϸġ

ૉᄐࢨਙᖲዌუೠ APTΔސڇᚰսڇழਢլ

ᑇڍՕڂ౨ೠΙױ APT ൽ堸Ζᚰຟॺᖐސ

Հਢא APT ࢬೠ৵Δᝩګݙᚰސᚰཚፖސڇᚰސ

ክشऱऄΚ

5 ཬԵრຌΔཋ IT ᇷಛ٤ڜԳऱრԺΕฝ

រΖ

5 ཋᐾઌኙለլঅᥨΔ ࢳ٤ݙᄕጤउՀթᄎڇڶ

ೈऱጻሁش٥ᚾூΖ

5 ۻشᕴΰstaging serverαᚘᚾூ৵ല

ೈΖܔ

5 ૉۻشᕴطጤ൳ጥঞലᇠۻᕴܔೈΔૉސطᚰ

൳ঞലᠦᒵΖ

5 ᇞೈࡨԵរऱრຌΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

3 ണȈᆩၯᔞড25 | ݙ

ࢲ 2ȈӵᎏΣفޟಛΰԊ၆ඌཎᡝġ

ԫڶዥऱߓอᔡԵॿ৵ᄎചრڤᒘΔലრຌڜ

ᇘڇᔡԵॿऱߓอՂΖທጻࢨຑਊՀᄶቕរᙇΔױ

ᖄીߓشࠌอᔡԵॿࠀტऱრຌధᡏΖ

ኙᓫݾ

ڶጻሁሽၡઃڤAPTౡ೯ऱՐࠐڶࢬॺࠀ

ॵΙխڍਢץຑΔԫشࠌរᙇᇠຑࠀඔጻ

ោᥦᕴΰהࢨᚨشڤΔڕ Adobe ReaderΕMicrosoft Wordࢨ Microsoft Excelα৵Δޢଡຑᄎૹᄅᖄڶٻ base64ᒳᒘ८ᨤឆ៲ऱۯΖឆ៲ऱۯਢਐᆵរΰdropsiteαΔش

ေ۷ោᥦᕴբवऱ٤ڜዥࠀႚڃՀሉڤΖച৵Հሉ

ڤႚಬ base64 ᒳᒘऱਐהחᆵរΔאཋᐾ ΰრ

ຌαΖ

ࢲ 3Ȉంଢ଼ᄇѴጣġ

១ጠࢨጤጥՠΔץᇘऱრຌຏڜՂԫଡၸխڇ

RATΖԫඔ೯ࠀച৵ΔRAT ᄎඔ೯ኙ؆ຑᒵψሽᇩڃ୮ω

ЁຏਢຘመტሽᆰطAPTౡᖙ൳ऱCnCۻᕴ

ऱ SSL യሐΖAPTף ౡլᅀऱ৬مኙ؆ڃᐸຑ

ᒵΔאᝩႚอᄅԫ־זᛥೠΔڼڕԫࠐૉൕॾऱጻ

ሁփඔ೯ࠌױᄐၸၦᠨٻ೯Ζ

ԫ RAT ຑᒵפګ CnC ٤༳൳ᔡԵॿݙױᚰސᕴ৵Δۻ

ऱᖲΖސᚰऱ৵ᥛਐലຘመຑᒵ RAT ऱ CnC ຑࢨᕴۻ

ᒵ CnC ऱ RAT ԫڤႚᙁΖԫߢ৵ऱආش৫ለΔڂ

ൕጻሁփඔ೯؆ຝຑᒵऱᖲለլದრΖ

ࢲ 4Ȉᔞޱᐗөጻ

ᔡԵॿऱጤشࠌሽᆰሎጩᇘᆜլױ౨ץฃᇷறΔ

ڼڂ APT طཋᐾΔჼٻጻሁխᖩڇᚰႊސ IT ጥᖙ

ऱᖲΰא᧗ጥᖇᢞαץᖲയᇷறऱૹۻᕴࡉᇷ

றΔຍթਢ APT ᑑņ ຍਢؾᚰऱސ Flame რڤऱሎ

Ζڤ

26 | ತࠒϞΙфࡄ٩

ᄇፙġ

ᖩٻฝ೯լԫشᔡᙹᖲᄐߓอא؆ऱრຌࢨՠΔ

ڕࠏ command shellΕNetBIOS ΕVNCΕWindows TerminalחࡎServices ՠΖԫۿᖲऱᣊ೭ጤشጻሁጥהࢨ

ԺፖܘڶࢬᚰհছސऱԵᖇᢞ৵Δךڶᖑࠀᑑؾބ

ࡨګΖ

ࢲ 5ȈᘝڥᎏΣޟၥਟ

ຍଡၸऱጻሁԵॿխΔAPTڇ ԿଡᎽᡶΚଈ٣Δڶᚰސ

ૉലؾڶࢬᑑᇷறԫڻΰؾᑑᇷறऱՕຏאԼᏙۯցૠጩα

ႚಬΔױ౨ᄎڂؾᑑۻᕴࢨᇷறנլऱՕၦၦ

ᤛၦฆೠᤞΰૉشࠌ NBA ᇞூΙᓮᔹร 2 αΖ

รԲΔސᚰᏁᒔ൷گᇷறऱᖲլᄎຑڃաຍԫጤऱ

ᇘᆜΖรԿΔૉڤݮڗאႚಬᇷறΔױ౨ᄎᖄીᇷற؆ਜ਼

ᥨΰDLPαߓอᤛᤞΖ൷ထࠐ൶ಘᆖ᠆ऱ APT ౡ

ᄎ۶ڕԫԫຍԿଡᎽᡶΖ

รԫଡᎽᡶΔᜣऱڕ APT ᇷࢨᕴۻᑑؾᚰᄎ٣ൕސ

றψޅωዶዥᇷறЁױ౨אڻޢ 50-100 Ιۯցۯᆄۍ

യᒘঅᥨऱڶګಖᙕᖞࢨऄঞਢലᚾூԫጟ RAR ᚘᚾΖ

ᄇፙġ

ࠄڶ RAR ᚾூױڍ٨ݧऱԫຝΔސࠌᚰ౨ലՕၦ

ᇷற֊ګΖޢԫଡ RAR ᚾூຟᄎڶ૪ᒳᇆऱ೫

ᚾټΔڕࠏ part1rarΰรԫଡαΕpart2rarΕpart3rarΔ ᣊංΖڼא

รԲଡᎽᡶპڶរᣄ৫ΖސᚰუጐຒฆጤᇷறΔԾ

լ౨কᙠނᇷறႚಬױ౨ᄎಳڃաᇘᆜऱᖲΖԱᇞ

ຍଡംᠲΔސᚰױ౨ᄎᙇᖗطጤ೭ࠎᚨ൳ጥऱဠᚵ

ᖲᑉژΰstaging areaαΙڼڕԫڇױࠐᇷறឯ৵ܛمኻᄤ

ᖲΖ

ଡޢຘመኙױၸऱ৵ԫଡᎽᡶঞڼ RAR ᚾூףയΔ৵

ΰຏຘመ FTPαႚಬᑉژᖲࠐధᇞΖՕڍᑇ RAR ᚾூག

ൎՕऱ AES 128 ΖشയբᆖॺജףउՀຍᑌऱڼڇയΔףցۯ

3 ണȈᆩၯᔞড27 | ݙ

௫ႺᙹȂฒଡġޱᔞ ϸġ

ૉᄐࢨਙᖲዌუೠ APTΔސڇᚰսڇழਢլ

ᑇڍՕڂ౨ೠΙױ APT ൽ堸Ζᚰຟॺᖐސ

Հਢא APT ࢬೠ৵Δᝩګݙᚰސᚰཚፖސڇᚰސ

ክشऱऄΚ

5 ཬԵრຌΔཋ IT ᇷಛ٤ڜԳऱრԺΕฝ

រΖ

5 ཋᐾઌኙለլঅᥨΔ ࢳ٤ݙᄕጤउՀթᄎڇڶ

ೈऱጻሁش٥ᚾூΖ

5 ۻشᕴΰstaging serverαᚘᚾூ৵ല

ೈΖܔ

5 ૉۻشᕴطጤ൳ጥঞലᇠۻᕴܔೈΔૉސطᚰ

൳ঞലᠦᒵΖ

5 ᇞೈࡨԵរऱრຌΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

26 | ತࠒϞΙфࡄ٩

ᄇፙġ

ᖩٻฝ೯լԫشᔡᙹᖲᄐߓอא؆ऱრຌࢨՠΔ

ڕࠏ command shellΕNetBIOS ΕVNCΕWindows TerminalחࡎServices ՠΖԫۿᖲऱᣊ೭ጤشጻሁጥהࢨ

ԺፖܘڶࢬᚰհছސऱԵᖇᢞ৵Δךڶᖑࠀᑑؾބ

ࡨګΖ

ࢲ 5ȈᘝڥᎏΣޟၥਟ

ຍଡၸऱጻሁԵॿխΔAPTڇ ԿଡᎽᡶΚଈ٣Δڶᚰސ

ૉലؾڶࢬᑑᇷறԫڻΰؾᑑᇷறऱՕຏאԼᏙۯցૠጩα

ႚಬΔױ౨ᄎڂؾᑑۻᕴࢨᇷறנլऱՕၦၦ

ᤛၦฆೠᤞΰૉشࠌ NBA ᇞூΙᓮᔹร 2 αΖ

รԲΔސᚰᏁᒔ൷گᇷறऱᖲլᄎຑڃաຍԫጤऱ

ᇘᆜΖรԿΔૉڤݮڗאႚಬᇷறΔױ౨ᄎᖄીᇷற؆ਜ਼

ᥨΰDLPαߓอᤛᤞΖ൷ထࠐ൶ಘᆖ᠆ऱ APT ౡ

ᄎ۶ڕԫԫຍԿଡᎽᡶΖ

รԫଡᎽᡶΔᜣऱڕ APT ᇷࢨᕴۻᑑؾᚰᄎ٣ൕސ

றψޅωዶዥᇷறЁױ౨אڻޢ 50-100 Ιۯցۯᆄۍ

യᒘঅᥨऱڶګಖᙕᖞࢨऄঞਢലᚾூԫጟ RAR ᚘᚾΖ

ᄇፙġ

ࠄڶ RAR ᚾூױڍ٨ݧऱԫຝΔސࠌᚰ౨ലՕၦ

ᇷற֊ګΖޢԫଡ RAR ᚾூຟᄎڶ૪ᒳᇆऱ೫

ᚾټΔڕࠏ part1rarΰรԫଡαΕpart2rarΕpart3rarΔ ᣊංΖڼא

รԲଡᎽᡶპڶរᣄ৫ΖސᚰუጐຒฆጤᇷறΔԾ

լ౨কᙠނᇷறႚಬױ౨ᄎಳڃաᇘᆜऱᖲΖԱᇞ

ຍଡംᠲΔސᚰױ౨ᄎᙇᖗطጤ೭ࠎᚨ൳ጥऱဠᚵ

ᖲᑉژΰstaging areaαΙڼڕԫڇױࠐᇷறឯ৵ܛمኻᄤ

ᖲΖ

ଡޢຘመኙױၸऱ৵ԫଡᎽᡶঞڼ RAR ᚾூףയΔ৵

ΰຏຘመ FTPαႚಬᑉژᖲࠐధᇞΖՕڍᑇ RAR ᚾூག

ൎՕऱ AES 128 ΖشയբᆖॺജףउՀຍᑌऱڼڇയΔףցۯ

3 ണȈᆩၯᔞড27 | ݙ

௫ႺᙹȂฒଡġޱᔞ ϸġ

ૉᄐࢨਙᖲዌუೠ APTΔސڇᚰսڇழਢլ

ᑇڍՕڂ౨ೠΙױ APT ൽ堸Ζᚰຟॺᖐސ

Հਢא APT ࢬೠ৵Δᝩګݙᚰސᚰཚፖސڇᚰސ

ክشऱऄΚ

5 ཬԵრຌΔཋ IT ᇷಛ٤ڜԳऱრԺΕฝ

រΖ

5 ཋᐾઌኙለլঅᥨΔ ࢳ٤ݙᄕጤउՀթᄎڇڶ

ೈऱጻሁش٥ᚾூΖ

5 ۻشᕴΰstaging serverαᚘᚾூ৵ല

ೈΖܔ

5 ૉۻشᕴطጤ൳ጥঞലᇠۻᕴܔೈΔૉސطᚰ

൳ঞലᠦᒵΖ

5 ᇞೈࡨԵរऱრຌΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

3 ണȈᆩၯᔞড27 | ݙ

௫ႺᙹȂฒଡġޱᔞ ϸġ

ૉᄐࢨਙᖲዌუೠ APTΔސڇᚰսڇழਢլ

ᑇڍՕڂ౨ೠΙױ APT ൽ堸Ζᚰຟॺᖐސ

Հਢא APT ࢬೠ৵Δᝩګݙᚰސᚰཚፖސڇᚰސ

ክشऱऄΚ

5 ཬԵრຌΔཋ IT ᇷಛ٤ڜԳऱრԺΕฝ

រΖ

5 ཋᐾઌኙለլঅᥨΔ ࢳ٤ݙᄕጤउՀթᄎڇڶ

ೈऱጻሁش٥ᚾூΖ

5 ۻشᕴΰstaging serverαᚘᚾூ৵ല

ೈΖܔ

5 ૉۻشᕴطጤ൳ጥঞലᇠۻᕴܔೈΔૉސطᚰ

൳ঞലᠦᒵΖ

5 ᇞೈࡨԵរऱრຌΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

28 | ತࠒϞΙфࡄ٩

RSASecurity ڧᎏܛۄ APT ᔞ

ڣ2011 3 RSASecurityسᇷற؆

ਜ਼ࠃ৵ΰᓮءߠψAPT ᄅፊࠃ

ωԫᆏᎅαΔᇠֆᇠᄐ

ຝᆵՂᇡาᎅࠃᆖመΖ

ᖕֆᐋقΔኙױ౨ຘመष

ጻ᠙ֆՠ୶

ՐڤጻሁΖڼڇउՀΔސᚰ

ڤऱՐٵփႚಬլڇ

ጻሁሽၡՠΔॾ

ᑑᠲψ2011Recruitmentplanxlsωΰ 2011 ॵՂࠀᐛթૠαΔڣ

MicrosoftExcelᇢጩॵΖ

ڂᇠሽၡೕທऱઌᅝሓటΔط

ၡΰSpamαࡑՠൕټڶڼ

ᇷறխലᇠሽၡඑڃΔࠀຑਊ

Հ Excel ᚾூඔΖլवᇠᇢጩ

ץሿழዥސᚰΔຘመ AdobeFlash ᇘڜ٤ዥڜ RATΖԫ RATᚰސኙ؆ຑᒵΔࡨګݙᇘڜ

ᖲᕴऱ൳ᦞΖشࠌڶ༼٤ݙڼڂ

รԫຝᔡԵॿऱط PC ॺฃᇷࠀ

ขΔސڼڂᚰऱՀԫଡޡᨏਢԵ

ॿהᖲΔڇאጻሁփᖩٻฝ

೯Ζސᚰଈ٣ൕรԫຝᔡԵॿऱ

PC ਔጻጥץᖇᢞΔژ

െᇆᖇᢞΙ൷ထኙߓהอऱॺጥ

شࠌ

ചᦞെᇆΖސᚰᄎԫऴૹᓤ

طᑑņؾᏝଖބΔऴݧڼ IT ۻᕴጥᖙऱሽᆰņΖ

ؾᑑ৵Δސᚰנބ৫ᖲയऱ

ᆜΰᖕጠᖲയऱۯᕴۻ SecurIDᠨڂᎁᢞዝጩऄαΕԵॿຍۻࠄ

ᕴΔ৵Ⴊႃរᑉۻژᕴऱ

ᚰ൷ՀސᇷறΖᦞΔᄷໂឯژ

ലᇷࠀᕴΕฝೈᇷறΔۻᑑؾԵࠐ

றฝᇷறႪႃऱᑉۻژᕴΕᚘᇷ

றףࠀയאឯΖ

৵Δސᚰشࠌ FTPΔല RSA ᚾூۻ

ᕴՂڍയᒘঅᥨऱ RARᚾூΔႚ

ᙁᖲಜጥࠎᚨԵॿऱ؆ຝᖲ

ᕴհ؆ຝۻشᕴΖސᚰᙟ৵ԫ

ԫՀሉᚾூΔࠀലᚾூൕᔡᙹऱ؆ຝ

ᖲՂฝೈΔྌᄰސᚰฉᇾΖ

ൕଡԳᨠរࠐΔኙ RSA Securityটᇡ૪ࠀࠃԫڼᎅנ APT ᚰސ

መΔݺղΖᛵᇞຍࠄૠ壄യ

ऱาᆏ৵Δ៣౨ൕ RSA ऱլխᛧ

ඔΔࢨڼڂޓኔᄅऱฃፖݾ

Ёץਔᄅԫזౡᥨΰᓮߠร 4αЁܗᒷ APT ᚰऱኔᔆଅᙠΖސ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

3 ണȈᆩၯᔞড29 | ݙ

APTᔞޟឌଉ ឈ APT ॺᣄאೠΔլመאՀսנ٨ق៣ױ౨բ APT ᤞಛΖߠᚰऱސ

5 ሽၡॵփߓڶอዥڤᒘΔࢨຘመጻႚ

ಬߓอዥڤᒘΖ

5 ऱᦞԵڻᑇᏺףΖ

5 ኙ؆ຑᒵբवऱ CnC ᕴΖۻ

5 ጤរཋᐾ৵ڤЯࢨጻሁᚾூش٥Ζ

5 ጻሁփຝנቃཚ؆ऱՕၦᇷற೯Ёൕۻᕴۻ

ᕴΕۻᕴشጤΕشጤۻᕴࢨጻሁጻሁΖ

5 ՕၦΰڼڇਐԼᏙۯցॺۍᆄۯցαᇷறנ

ᆜΖۯऱڇژլᇠڇ

ཎġݧ

Δᓮ༼ᤞᤚΖڤऱᚘᇷறشլנֆڕ

5 ฆऱ SSL യጻሁຏಛΖף

ᛥऱ־ፖ 5 Windows ᚨشࠃڤႈؾೖࠀ

ૹᄅඔ೯חࡎΖ ඪᒺௌġ

៣آ౨ኘᤚ APT ࢨ٤ᇘᆜႛΰڜᇷಛڇΔڂᚰऱސ

؆ᛀኙࢨၦΖආЯگᛀૠၦᕴऱ൷α

ၦऱᇷಛ٤ڜᇞூΔױՕ༼ೠנ APT ސጻሁה

ᚰऱᖲΖ

ਕگຟլኙةۯٺඨݦ APT ሖऱᅀΖૉլݝᚰސ

ՂΔຍലᄎਢ൞ڇᇷಛ٤ڜෑࢬᜯᣄऱՠΖຘመ

ᄅԫזౡᥨઝݾቃፖڰೠΔਢ APT ᚰऱސ

Δᓮݾ٤ઝڜᄅীኪऱጻሁڼᛵᇞޡԫڕΖڤࠋ

ᔹร 4 Ζ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

30 | ತࠒϞΙфࡄ٩

ᒵᐅߝᒊߜ FireEye ᔔ၄

ڏ IT ԊӒဣ৯

२ڶ୮Օীሀഏ८ᘜ೭ֆ

ņSampP 500 ՕᄐհԫΔՠԳᑇ

ല२ 10000 Գņऱฃ९ΰCSOαଶګݙ៣ऱጻሁ٤ڜᗧေ

۷ΔڶᏁጐຒᚦᇖऱᆵΖ

ຍټฃ९ऱᆵᇿݼᄅ

ԫז IT ᣂΔڶ٤ౡڜ אႚอ

ᐛᒘഗऱ٤ڜᗧᖲ

ऄೠڼנԫౡΖຍࠄౡץਔ

ሿழސᚰΕݮრຌΕٽ

ధᡏԺऱЁAPTΖࢴౡڤ

ฃ९ਐقቸၷေ۷Ղࢬ

ᥨᇞऱၸౡشױڶ

ூΔࠀᙇנ౨ೠࠀቃڼᄅী

ኪސᚰऱᇞூΖڇኙᑇ୮

ऱข೭ઔࠎ༽ࢬᚨࠎ

ټฃ९ቸၷലټ৵Δຍߒ

୮ࠎᚨΔխԫ୮ਢ

FireEyeΖ

ฃ९ٵழေ۷ຍᇞ

ூΚהऴ൷ஞ FireEye WebMalware Protection System (MPS)ໂፖᤁञࠎᚨऱٵໂ

ኙᇢΖຝᖲᕴ

ઃԵڤሎΔࠀ൳ઌٵऱ

ૠၦᕴၦΙᇞூޡٵᇢ

քၜΖ

ᠨૹေ۷مՀņ FireEye

ໂऱٽౡᤁञᇞூ

ᎄΖڶ٤ݙԲԿΔנڍ

ឈᤁञໂขسऱᤞ FireEyeMPS Δڍ IT ڂ٤ቸၷՈᢞኔຍਢڜ

ᤁञᖲᕴנՕၦᎄࢬીΖ

ΔᅝᙇᖗߠمՀࠐԫڼڕ

FireEyeΖFireEye լ౨ಾኙᛀ൷گ

ၦ༼ۥנࠎऱၸౡᥨΔ

รߠᐸመៀᕴΰڃ 4 αױޓೠ

ፖ CnC ຘመܡᖲऱኙ؆ຑᒵΔਢ

ಖীሽᆰהࢨ೯ᇘᆜ

რຌԵ៣Ζ

ଡ৵ֆޢઃױೠࠀ

ቃᅝվᄅীኪऱጻሁސᚰΔאᒔঅ

ᇷற٤ڜΖᕣጥࠐآսךየەΔ

ຍټฃ९ױڇለڜऱ

ԵጕΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

4 ണ

ᏲΣΙфࡄ٩ऋġ

ҏണ१ᘈ

ᔣџЍᄘᆩၯᔞޟ౩དПਰ

ဎΙфࡄ٩ٮቷຜڏкौϯӇ

Ιфࡄ٩ऋᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙȂоЅ

౽ԊӒ౩ϞШၶ

ऱᄐΕՕᖂਙᖲᣂإᜯᑇၦፖ壄യ৫ছآࢬ

ቕሏᚭጐऱᘷةຍڇᚰ೯Ζސऱጻሁߠ

խΔؾছࠐਢᘷՂଅΖೈॺ၆ֆբړᄷໂΔܡ

ঞৰױ౨ਢՀԫଡ୭Ζ

վאΔࢤऱᣤૹګທࢬౡזբൕছᛵᇞᅝվᄅԫۯٺඨݦ

ႚอ٤ڜᗧᖲऄሗຍࠄౡऱڂΖڇΔᇠਢ༿ছ

ਐऱਢᄅݺᗧᖲऱழଢΙᅝΔ٤ڜऱ٤ᄅᣊጻሁڶآࢬ

ԫזऱౡᥨᖲΖ

ऱጻࡌᅝվૠݼભऱΔ൶ಘኙݙԫጟ२אല٣ء

ሁސᚰటࢬإᏁऱԫ֊Ι൷ထൕᆠࡨᤉᥛಘᓵᄅԫזౡ

ᥨᖲΕ٦൷ထᇡาᎅցፖۥΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

32 | ತࠒϞΙфࡄ٩

إౡటז٣༳༽ᄅԫࠃՀ٣ൕא௫ऱᒤઌᅝᐖऑΖء

Ꮑ୶൶ಘΖࢬ

жઍғܚሯ٩ޟᑕΨġࢨᚰΖრຌΕސጻሁڶխլᄎભऱݙڇ APT Ոլ

ᄎڇژΖᄐΕՕᖂਙᖲᣂՈլᏁڣޢक़ 200 Ꮩભցሗ

ຍࠄጻሁސᚰΖ

ΔᙊᖌऱਢݺଚऱࠀլݙભΖ८ᙒऱᎈፖਙएمᎈ

شܓऱౡრܗᆠΕഏ୮ᇷΕᙹড়೯حጻሁᆞࠌ

ଚݺڼڂભΔݙլࠀଚऱݺطጟՠॿԵ៣ጻሁΖٺ

ႨԺΖߵࠄຍݼࠐՠࠄᏁୌಘᓵࠐ

ฒ੫ጆ٩ᑕġ

ᅝվ៣ᏁބᄅऱౡᥨᑓڤΔխ៣ऱ৫ᗧਮዌ

ႊٽറᅝվᄅীኪጻሁސᚰऱᐛᒘݾΖ

ឈႚอ٤ڜᗧᖲ౨᠙բवऱጻሁސᚰΔᆖآقव

ऱጻሁސᚰթࢢױΔڇإഹದխΖطຍࠄሿழΕݮ

APT ڼڂΔڤݮอऱᄅߓԵॿפګګᚰཏሙऄቃΔސ

Ꮑᐛᒘऱᇞூթ౨ሗຍސࠄᚰΖ

ଶΟกȂᗙሯौ٩Ψ

อߓᥨᖲԵॿೠऱشࠌࢬছנอΰIPSαߓᗧԵॿڇ

ΰIDSαΖIDS ऱૠ౨ೠբवౡΰࢨ᠙բव٤ڜዥऱ

ޣवౡαΖᙟထழዝΔ៣آ IDS լ౨ೠΔᝫ

౨᠙ጻሁސᚰņ ڼڂ IPS ംΖ

ౡΔנބ౨Օ௧ᐵಾऱᏁऱਢլຍᑌऱउՀڇ

ᝫ౨אף᠙ऱၸౡᥨΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

4 ണȈᏲΣΙфࡄ٩ऋ33 |

ӻࢲԒ٩ᄺġ

խΔITભऱݙڇ ౨٤༳༽ጻሁՂऱޢԫຝሽᆰሎጩᇘᆜΔ

ސᇢထຘመᢰᒴዶຘऱጻሁࠀጻሁ؆ຝࠐᏁᖜ൞ڼڂ

ᚰױܛΖ

ᅝΔᙟထ೯ሎጩऱฐΔIT Ոլլኔਜՠױ᥋ڤໂ

ΰBYODαਙΔڶڼڂழጻሁސᚰਢൕᙄֆՕഘհԵ

ॿΖຍଡழଢΔࢬᏁऱਢ౨ڇრຌᇢቹڃᐸ؆ຝጻ

ሁΔࢨຘመጻሁᖩٻཋᐾऱڶࢬၸխΔٵழ൳طփطփ

؆೯ጻሁސᚰऱၸౡᥨᇞூΖڕ൞ऄॴ

ౡຘመጻΕሽၡࢨᙄֆছԵΔᝩଚኙ

؆ຏಛຑᒵԫޡཋᐾΖ

ଽጂกЕᔝġ

ଚݺᗧᖲխΔೠᄷᒔ৫ਢᣂΖᐛᒘഗऱאႚอڇ

ऱᏁໂᄷᒔ৫լᄎขسᎄΰലإᚾூᣊ

რᚾூαࡉᎄܡΰലრᚾூᣊإᚾூαऱၸౡᥨ

ᇞூΔթ౨ᗧᄅԫזౡΖ

ཎġݧ

ᎄࡉᎄܡਢೠ౨Ժլࠋऱᇷಛ٤ڜᄎขسऱणउΖᎄ

ਢଡլऱᅀΔڂଚᄎࠌᇷڜԳಳထᤞၒΔ

ঞܡԫΔᎄ٤ઌᣂԳԺᇷᄭΙڜᣪ၆ऱᇷಛش

٤ݙܡᎄڂၸრຌᄎڂවωΔψֆګ౨ᄎױ

٤ᇘᆜΖڜຏመጻሁפګԵԳհቼΔڕڶ

Ӓ౨ࡄၥЛධġ

Ղรԫଡ᠙چរωЁࠃԫଡψڶᚰຟސԫଡጻሁޢ

ጻሁސᚰऱԫᖲΖᏁऱਢԫଡւၸౡᥨ

ᇷऱᖲΖش៣հ٥ٺ٤ڇאԫ៣փΔڇอ౨ߓ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

34 | ತࠒϞΙфࡄ٩

ސᅝվ壄യݼ౨ኙڶᝫਢຍଡભΔݙլࢨଚऱݺ

ᚰऱუᇞூΖ

ਢЁᄅԫזౡᥨઝݾΖ

ဎΙфࡄ٩ġᄅԫזౡᥨΰNGTPαਢԫႈറᢝᗧᅝվᄅীኪጻሁ

ΖNGTPݾ٤ઝڜૠऱ٤ᄅጻሁࢬᚰސ ņזൎ֏ņॺڇऱؾႚอᇷಛߓ٤ڜอΔڇ৫ᗧਮዌխ༼ࠎᄅऱᐋΔ৬مౡ

ऄኘᤚऱጻࢬᗧᖲᐛᒘഗऱאᖒԫᥨዌΔ

ሁސᚰΖ

NGTP ຏᄎᇘሉய౨ऱറشᖲਮڜڤᇘໂΖ

ऱ NGTP ౨ᛀሽၡၦΕጻၦᙩࠎ༽ᚨᄎࠎ

ኪᚾூऱᖞڤٽΔڇࠀຍސࠄᚰտխࠆౡᇷΖ

ཎġݧ

NGTP լٵՂ۶ԫጟጻሁᇷಛ٤ڜข೭ΖNGTPໂᄎᛀၦЯࢨᚾூΔބฒױڍጊࢤΔץਔڕ XOR ᒳ

ᒘהೕᇘऱڤឆݾΖᄐၸᄎڇΰ٤ڜऱα

ဠᚵചᛩቼΰᣊۿဠᚵᖲᕴΔشࠌറࢤ٤ڜૠऱ

ૡဠᚵ֏ᚯαխૹᄅചΔאᒔᎁױጊऱၦਢܡᒔኔץ

რຌΰڍޓᣂڼᠲհಘᓵΔᓮᔹء৵ຝψሎ

ωԫᆏαΖڤ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

4 ണȈᏲΣΙфࡄ٩ऋ35 |

ѩ٩ᛖωಢȊڳ

ऱᣊኔشࠌԫऴৰᦟݺ

ऄņڇਬࠄउՀԾጠຫᛒ

ᓳņᎅઝפݾ౨ऱሎڤ

ᄅڇऱய墿Ζլመࠎ༽ࢬ౨פᇠࢨ

ԫזౡᥨᖲΔݺუΔݺ

ԫଡլᙑऱᣊΖބ

უψՕ௧ᐵಾωऱᣊݺΔڰ

ऄΖຍઌᅝᔞڇشٽ NGTPᇞ

ூऱಘᓵΔ२ࠐՕীᄐࡉਙ

ᖲᣂޢᔡړڻၸጻሁސ

ᚰऱ᠙ΔNGTP ބऱլਢ௧

ᇙऱԫಾբΔਢړԼΖ

൷ထݺუԳᐳᚰᇢऱᣊ

ΔՈਢലױጊऱၦցΰױ

ጊऱრຌαᚵګԳΔڇ

ΰᓤ፹ؾᑑᛩቼऱαဠᚵചᚯ

Ղചऱ Microsoft Windows ᄐ

ၸঞਢᓢᐳऱᔖΖຍଡᣊՈ

լᘸΔᝫਢլജ၀֊Ιڂլᓵ

փໂ۶Δᔖڻޢຟᝫਢᄎ

ᐳᄤΖຏط NGTPໂᛀऱᚾ

ூຟਢإᚾூΖ

ᆖመ९ழܘԺ৵Δݺუބݺ

ԫଡޓ၀֊ऱᣊΖམڇᄅፊ

Ղመᤞࡅᡨᛀᙊᆵ

ᐖᕕऱזቝપழࢨᖲڇ

ᡨउՀΔࠄຍڇጊ༼Λױ

ᄎ൳ᖙԫຝᖲᕴԳאᛀױ

ጊऱ༼Δڶڕᝫᄎല༼

ᖚದࠀࠐ౨ࢭՕᡨ੦

ԺΔլᐙࡌᔡऱᡨ੦

ᔖΖ

شലຍଡᣊڕ NGTP ᇞ

ூΔࡅᡨऱԳਢ

რຌೠዝጩऄΙᖲᕴԳઌᅝ

ٻጊऱრຌૹᄅᖄױຂല

ᡨ੦ᔖऱߓอΙᡨ੦

ᔖঞઌᅝڶ٤ڜڇঅᎽ

ऱᛩቼխΔشψࠨ൶ωױጊრ

ຌΰױጊ༼αΔאᒔᎁਢ

౨ధᡏԺΰᡨ੦αऱױໂ۶ܡ

ဠᚵᄐၸΖ

൞ᛵᇞܗ౨ᚥڤඨຍᑌऱᣊݦ

NGTP ઝݾऱሎڤΔٵழՈ༼ࠎ

൞ٻॺݾറᄐԳٵոᇞᤩ NGTPሎڤऱ១ᎅऄΖ

ᇄಛо੫ጆஅᙃ٩ޟᑕᐠڙШၶġ

ร 2 ΰᓮߠψᑅԳפګհሐωԫᆏαᎅᅝվᄅীኪጻሁސ

ᚰհאࢬ౨ᝩႚอאᐛᒘഗऱ٤ڜᗧᖲЁ־ڕᛥ

ΰౡᐛᒘαΕIPS ᇘᆜΕ٤ڜሽၡጻሴሐࡉᇞ

ூЁऱڂፖऄΔխآࠀտฯ NGTP ઝݾΙڶݺऴ

൷ലຍࠄᗧᖲፖ NGTP ᇞூஞࠐለ ņ ڇࠐᚦᇖຍ

ଡ؈Ζ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

36 | ತࠒϞΙфࡄ٩

4-1 ១چለႚอאᐛᒘഗऱᗧᖲፖ NGTP ᇞ

ூΔᓮಖ۰ NGTP ᇞூਢԱൎ֏אᐛᒘഗऱ

ᗧᖲΔڜᇘڇᗧਮዌխऱᄅڤᐛᒘݾΖ

٩ऋШၶ NGTP

Пਰ ಛ

٩ᑕᐠڙ

شࠌ IPSڤݮᐛᒘೠբवऱრ

ຌ 3 3

ᢝԲᒳᒘխऱސᚰ 3 deg

ጊױ٤ऱဠᚵᛩቼխૹᄅചڜڇ

ऱၦ 3 deg

ᛀኙ؆ၦΔॴ೯ڃڤᐸሐ 3 deg

೯ขسౡᇷΔؾݼᑑސڤᚰ 3 deg

ߒ 4-1ȈNGTP ፖႚอᗧઝݾለΖ

ඪᒺௌġ

ωᆏലԵ൶ಘۥ৵ऱψء 4-1 խऱᥨઝݾΖ

ᇄ౽ԊӒ౩Шၶġ

ΰຏءໂऱሽᆰሎጩᛩቼठݙฏΰsandboxαኔਢԫଡޥ

Windows ฏޥាΖፖ೭ऱڤشᚨࠎ༽อαΔߓ

ءਢಾኙຌԳࠎ༽ࢬΔ٤ڜڇشऱسขᛩቼՀ

ᇢᄅऱᒳᒘΖޥฏ٤ڜݾᙟ৵ᇷಛ٤ڜറ୮ආشΔ

ฏΰဠޥΖڤอய౨ऱߓขسழଫٵጊԲױ೯ᛀ

ᚵᖲᕴαփࢬऱᄐߓอፖᚨشڤຏፖ៣ऱோՂীሽᆰ

ᑑᄷԫીΔױڼڂጊऱრຌشܓױઌٵऱ٤ڜڶࡐዥԵॿΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

4 ണȈᏲΣΙфࡄ٩ऋ37 |

ཎġݧ

ኙᖑڍڶૹோՂীሽᆰኪᑑᄷऱ៣ņڍᑇՕী៣ઃਢڕ

ᘯࢬऱݾฏઝޥཚٽᖞشЁૉආڼ NGTP ᇞூΔױ౨

ᔡԵॿΖૉآڇኙਠრຌؾᑑᛩቼऱᄐߓอЯࢨᚨش

ڤհဠᚵചᛩቼփრຌტऱᚾூΔঞᇠᚾூ

उΖܡ౨ᖄીᣤૹऱᎄױലڼڕΔإ౨ᄎᣊױ

ऱؾᛀࠀ౨ऱრຌױψᡨωฏਢޥवΔױጠټط

٤ڜᡨΜωೡᖄαऱࡅψתছءΰᓮᔹش

ᛩቼΔױጊढऱᑇၦፖᑓشឆ៲٤ڜዥڤᒘऱ

ᚾூᣊীߢΔޥฏࠀߪءլਢױឩךऱऄΖڼ؆Δᙊᖌ

ऱਢጻሁᆞࡉح APT ౡ೯ױೠრຌਢޥڇܡฏᛩ

ቼխചΔڕਢᄎధᡏԺΙഗאՂڂΔႚอޥฏ

ઝݾءऄڂᚨૠࡌऱౡΖ

ཎġݧ

ᣂޥฏઝݾΔࠎ༽؆ڼڇრរΖլᓵ NGTP شࠌᚨࠎ

ऱټጠ۶ΔૉޥฏցਢࠎطᚨψڇጤᛩቼωՀಜጥΔ

რᇷಛ٤ڜΕய౨ឆߏەၦΰᓮאߠՀψጤ

۰ԱωೡᖄαΖᚌᔆऱ NGTP ᇞூࠎ༽ױய౨ऱറ᥆

ໂΔ౨ڇઞփņլᏁᤪࢨᑇழņᇘᆜᇢਢܡ

ᦞΖߏழᙟழᒔঅ൞ऱᇷறឆٵጊऱრຌΔױڶ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

38 | ತࠒϞΙфࡄ٩

տᆒΟ

ࠄڶ NGTPࠎᚨጠᇞூ

౨ڇጤചဠᚵრຌ

ΔՕໂࢬᏁऱԺ

ΰCPUΕಖᖋΕαΖڇຍጟ

उՀΔࠎᚨऱໂኔ౨ೠ

ᑓऱၦႃΔࠀലױጊढ

ૹᄅᖄٻጤΔլਢڇኔᖲ

ဠᚵᇢᛩቼխᛀढΖ

ຍᄗᦫದړࠐቝլᙑΔڂጤ

ਮዌᄎሉΔਢᅝ൞ڃᙰา

ຍឍᓓऱᐋᡰழΔലᄎຍ

ጟૠڇژԿՕംᠲЁᇷಛ٤ڜ

Ε୶ࢤᇷறឆߏΖ

რڤᒘױփฒڍᚾூᣊ

ীࡉጻढΔጤऱဠᚵ

რຌຏ౨ԲԿ

ጟᚾூᣊীΖലრڤᒘ

փጤڤ NGTP ᇞூլ

ᄎऱᚾூڤΔ౨

ᝩೠΖ

ೈԱᇷಛ٤ڜොڶհ؆Δڇ

ᄷᒔऱዥސᚰೠ

ࢬቃ٣መៀඔ೯ᖲऱउՀΔലࢨ

ጤऱᛀנPDFᚾூႪࢨԲڶ

۱٨ΰהࡉฒڍژࠀޣαऱ

ऄڇឩࢤشױࢤךՂڶઌᅝऱጊ

ᐞΖຍጟլךऱᄎᙈᒔᎁਢ

ސრຌऱழΔᝫႉཙܡ

ᚰ༼ࠎᝩೠऱጥሐΖސᚰ

ऑՕၦ୭ऱԲᚾூࢨ PDFอΖߓԵॿܓრᚾூႉױ

৵ΔᅝԲᚾூࢨ PDF Ⴊנ

ጤᛀழΔ൞ऱ៣ࠀլवሐຍ

נႪࠓ౨ᄎലᖲയᚾூՈԫױ

ጤΙຍኙឆߏᦞऄᣤऱᑛ

ഏ୮ߢਢԫՕݲΖ

ഗאՂڂΔᏆ٣ऱ NGTP ࠎ

ᚨᄎ༼ࠎய౨ऱറشໂΔլႛ

൞റڇױ᠙ౡΔᝫࠀᛀၦױ

ऱᛩቼխചဠᚵრຌᇢΖش

кौϯӇġਝ൞բᛵᇞᄅԫזౡᥨᖲЁץਔፖႚอ٤ڜᗧᖲऱ

ለΔאፖԫޥฏઝݾऱլٵհЁ൷ထܛലԵ൶ಘڞ

NGTP ᇞூऱցΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

4 ണȈᏲΣΙфࡄ٩ऋ39 |

ඌཎᡝ٩فಛġ

რຌᥨߓอΰMPSαਢޢԫଡ NGTP ᇞூऱுΖڼ

ցጻၦΕሽၡಛஒࢨᙩኪᚾூխࢬऱױጊढ

ᣊীΙڼ؆ᝫشࠌױ MPS ขسऱౡᇷΕ᠙բवऱౡΕॴ

ౡԵॿآᆖᦞऱኙ؆ຑᒵຏಛΖ

ཎġݧ

ᙃጻၦࡉሽၡಛஒխᑨڇऱრຌشࠌऱऄլ

ऄᛀᙩኪڕԿጟຏಛጥሐՂΰڇױࠎ༽ᚨᄎࠎࠄڶΖٵ

ᚾூঞጟαೠౡऱԫᔞش MPSΙᓮᝩආشຍጟڻ

ऱᖲཏሙܡᎄᎄנଚڂऱᇞூΔ֏ࠋ

Ζڼ؆ΔՈᓮᝩආࢬشᘯٽ MPS ٤ցڜጻሁה౨ፖפ

Ё־ڕᛥΕIPS ᚨشڤ൳ႈऱ NGTP ᇞூΔڂຍ

exeΕpdfႛࠎ༽ᇞூຏࠄ Яࢨdll ᚾூऱψޡω

ᛀ౨ԺΖ

ຎᔣஈЕᔝġ

ऱݾฏઝޥፖԫאΔۥߡམಘᓵဠᚵചᚯऱڰءڇ

ฆΖڼցኙᄅԫזౡᥨߓอऱᗧயԺॺૹΔ

ᚰऱ౨ԺΖސᗧᅝվၸጻሁᣂ៣ޑ

ཎġݧ

ᚌฆऱဠᚵചᚯ౨ຘመᒳመៀױጊढΕ૪ؾᑑ୭

ᄗउΔ൷ထಾኙᔡ᠙ऱᄐߓอፖᚨشڤചױጊڤᒘΔ

ጐױ౨ᤛߓอዥᙟհࠐऱრڤధᡏԺΔٵழૠݙ

ऱဠᚵചᚯՈᚨᇠլᄎנᎄࢨᎄܡऱउΙױ

ඓΖګᚰऱސᅝվᄅীኪጻሁݼኙא ᄇፙġ

ய౨ۥנऱ NGTP ข೭ץ౨ᛀאՀٺጟᚾூᣊীΰॺ

ႛexe dllࡉ ᚾூαऱဠᚵചᚯΚasfΕcomΕdocΕdocxΕdllΕexeΕgifΕicoΕjpegΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕppsxΕpptΕpptxΕqtΕrtfΕswfΕtiffΕunkΕvcfΕxlsΕxlsxΕzip Ζ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

40 | ತࠒϞΙфࡄ٩

ԫױጊऱౡဠᚵചᚯᣊრຌΔᄎ೯ขس

ᄅऱౡᇷࠀ൞הऱ MPS ໂΰڕ൞ڶխ؇ጥߓ

อΔᇡᔹՀᆏᎅαΔ٤ה៣ΰᓮᔹᙟ

৵ऱψጤౡᇷጻሁωᎅαΖ

ϛѵᆓ౩فಛġ

ឈՕڍᑇ NGTP ໂઃ༼ࠎጻڤऱቹشࠌݮտΰGUIαऱߐᚌޓΔشᖲጥءࠎ NGTP ᖲءࠎ༽ᚨᄎࠎ GUI مᗑࡉ

խ؇ጥߓอໂЁشႃխጥΕᖞٽౡ൳ΕܫΕᤞ

რຌᇷΖ

ᆒࡄၥᆩၯġ

٤Εڜᇷಛψጤ۰ԱωೡᖄխբಘᓵመΔഗء

լਢৰࠀጤചრຌᛀڇΔڂߏᇷறឆࢤ୶

უऱऄΖլመጤথਢ൳ጥ NGTP ԫՕցЁጤౡᇷጻሁऱუᛩቼΖ

ጤౡᇷጻሁ౨ፖڶࢬ MPS ໂյઌຑņױຑ༼ࠎ

ࠆᚰސຝᆟऱໂņಾኙᄅऱጻሁࢬᚨࠎᣊ೭ऱڼ

ౡᇷΰრຌڤᚾڃᐸؾऱچαΖ

ጤౡᇷጻሁऱࠎ༽ NGTP ༽ॺ٤ຝαᄎࠀᚨຏΰࠎ

ౡگ൷ࠀࠆౡᇷऱ౨ԺΖ(2)گড়ጟᙇᖗЁ(1)൷ࠎ

ᇷऱ౨ԺΖՕڍᑇ៣ᄎᙇᖗ৵Δڂࠎᚨຏᄎಾኙࠆ

ᇷ༼މࠎᏝᚌ༡Ζ

ඪᒺௌġ

Ꮑტढऱ৵ᇷறΰmetadataαط ౡᇷΔم৬ױ

Ζچऱؾऱ؆א៣լᏁᖜඕტᇷறႚಬጻሁڼڂ

ڇ൞բᛵᇞ NGTP ᇞூऱഗءցΔࠀवሐፖႚอאᐛ

ᒘഗऱᗧᖲޥࡉฏઝݾऱฆΔ൷ထᓮᤉᥛᔹᦰร 5Δޓԫޡᛵᇞ NGTP ᇞூऱኔᎾሎڤΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

5 ണ

Ιфࡄ٩ـġ

ҏണ१ᘈ

ᕣ NGTP ԃդጥႫυӇଉȃᆩॲଉЅᓗᄘᔬ

ਰޟΙфࡄ

ષഥԌ NGTP Пਰޟкौ੫Փ

NGTP ᐌӫՍௌ౪Ԥޟᆩၯஅᙃ๖ᄺ

อאᐛᒘഗऱ٤ڜᗧբլਢሿழސᚰΕ

ౡՕ୮ૹऱڤٽრຌΕݮ APT ᅝվ

ᄅীኪጻሁސᚰऱኙΖኙᄅԫזऱጻሁސᚰΔ

ආ٤شᄅऱᚨᖏ৸ፂΖ

ႚኙᄅԫזౡᥨ٤ڶᒌᄗ৵ΰร 4 αΔ൷ထലኔᎾᛵᇞ

ሎڤΕૹ۶ڕۥല NGTP ᖞٽ൞ڶऱ IT ഗ

ዌΖ

ၼհПԒġଈ٣ᎅᆄԫ៣ᜯழΔᚨᇠല MPS ໂឭڇԫሐᒵՂΖ

ԫߢጥᄎല MPS ໂᅝګ৵ԫሐᒵΔᛀጻЯ

ᛥ־ᝩڶܡሽၡၦਢࢨ IPS ऱౡΖխጻ MPSໂਢ٤ڜڇऱጻሴሐ৵Δሽၡ MPS ໂᚨᆜڇ

ۻᄐሽၡڇ٤ऱሽၡሴሐ৵ΰڜၡࡑ

ᕴհছαΖᓮᔹቹ 5-1Δᛵᇞীऱጻࡉሽၡ MPS ຝᆟ

Ζڤ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

42 | ತࠒϞΙфࡄ٩

MPS ໂՈᚨຝᆟڇᇷறխאᛀᚾூش٥Δॴრຌऱ

ᖩٻཋᐾࠀঅᥨඕტᇷறΖ

ᆒȞႫυӇȟᆩሬᆩၯ

ӇႢၾڿ٩

ӇթᏢၯҥᏢ

٩Ьᕓ

ᆩॲ MPSΰᛀ

URL ਢܡ

რփ୲αCMS

ႫυӇ MPSΰൿጒሽၡ

ॵਢڶܡ APTαਯЖҺᏢ

ޱҢٺSIEM

ყ 5-1Ȉী NGTP ኔቹΖ

ϸġ

APT ਢආڍސڤᚰΖMPS ૠᚨױԫၸ༼ࠎᥨΔ

ൕࡨऱዥԵॿᇷறዶዥΔཀᇞೈސᚰࠀᇷற؆ਜ਼ऱ

Օ౨ԺΖ

ຝᆟ MPS ৵Δ൷ထലດޡᎅԫ NGTP Κڤอऱሎߓ

ᨏޡ 1ΚMPS ᛀ൷گፖႚಬၦΰᙩኪᚾூαΔބբव

ౡΕCnC ጊऱԲᚾூЯጻΖૉױጻሁڤᐸΕՐڃ

ೠբवౡࢨ CnC ᤛᤞΖࠀᐸΔᄎ᠙ຑᒵڃ

ᨏޡ 2ΚኙբवऱሿழސᚰೠΔMPS ጊऱԲױᢝױ

ᚾூΕॵࢨጻڇࠀဠᚵചᚯΰٵڇԫໂαՂૹᄅച

୭ऱᑑؾցΔૹᄅ৬ዌԵۯΙຍਢດԫਊᅃא

ઌױٵጊၦאףࠀऱመΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

5 ണȈΙфࡄ٩43 | ـ

ඪᒺௌġ

ေ۷ NGTP ᇞூழΔᓮᒔ MPS ց౨ᛀೈ HTTP

ၦא؆ऱהၦΔڂౡᄎٺڤٺشܓᑌऱຏಛڕΚ

HTTPΕFTPΕIRCΕૡຏಛΖ

ᨏޡ 3Κဠᚵചᚯᄎඔ೯ױጊౡ᠙ᖲऱΰᆖመଥ

ᇖآࢨᆖଥᇖαMicrosoft Windows ڤشอઌᣂᚨߓᄐ

ΰڕΚMicrosoft OfficeΕMicrosoft Internet ExplorerΕAdobe ReaderαΔ൷ထૹᄅചढࠀᨠኘਢڶܡრΔץਔჾᄤ

ᚾூߓอΕشࠌՕၦཋᐾऱސڤᚰᚨشڤΕםᄅऱ

Windows ೭ڃࢨᐸբवऱტ URLΖૉᒔᇠԲᚾூ

إ୭ΔᄎᙕᇠࠃૹᄅဠᚵᖲᕴΖ

ᨏޡ 4Κૉᒔᎁሿழრ೯Δঞဠᚵᖲᕴലຑٵᇠސᚰऱ

ࢬಖᙕࠀሉԵრຌԲᚾூΔܛ ၜཚԫጻጐЁࡎسה

ౡᇷΔسᖲ೯ጻሁၦΙ൷ထขऱسრຌขطڶ

ॴጻሁՂઌᣂऱڃᐸၦΕᙕᚌ٣ᦞᤞࠀಖᙕრຌ

ᦸᢝΔ৵৬مᄅऱრຌᥨᚾΔ᠙ᆖመຍڻᛀ৵

բवऱౡΖ

ϸġ

ᚰՈൕސڼڂᖲऱጻሁΔᐸၦኙլᄎᠦኔᎾڃط

वΔױאࢬሗސᚰࠀᒔঅ៣ऱඕტᇷற٤ڜᇄΖ

ᨏޡ 5Κᄅऱౡᇷխ؇ጥߓอΰCMSαໂΔط٦

CMS ៣փऱה MPS ໂΖૉ៣բૡᔹጤౡ

ᇷጻሁΰᓮߠร 4 ᎅαΔঞڶࢬፖऱ៣Ոຟᄎܛم

অᥨΖ

ϱ൸ԒȞInlineȟЅਠၯȞOut-of-bandȟഋဍ

៣ڇຝᆟሽၡጻ MPS ໂழڶጟᙇᖗΚױආ

ᒵՂΰ೯αࢨலሁೡ൷ΰ೯ڤαሎΰᚾூش٥ MPS ໂຟ

ਢආலሁೡ൷ሎאᛀᙩኪᚾூΔڶڕᝫױሶᠦრᚾ

ூش٥ढΖα

ᒵՂڤຝᆟঞױᨃ៣᠙ଶᢝऱၸጻሁސᚰΔॴڃᐸ

CnC ᚰΖຝᆟழऴ൷ސᑌऱբवٵנڻ৵٦אᕴΔۻ

ല MPS ٵڕጻሁऱၦխΰڇᆜڜ IPS ڤזሽၡႚᙁࢨ

ЁMTA ԫᑌαΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

44 | ತࠒϞΙфࡄ٩

MPS ໂՈױڇೠጻሁސᚰழΔMPS ᚯթנᤞ

ऱႛ൳ᑓڤலሁೡ൷ሎΰٵڕ IDS ԫᑌαΔطࢨ MPS༼ TCP RESET ٺץᄐၸኃ۴Δխឰრ TCP ᄐၸ

ऱ TCP RESET ᑓڤலሁೡ൷ሎΖ

ඪᒺௌġ

ሽၡࢨΔᓮലጻலሁೡ൷ሎشආڕ MPS ຑ൷ᢴቝऱ

ངᕴ SPAN ຑ൷കΖૉ SPAN ຑ൷കՈشࠌױጻሁ TAPΰGigamonΕVSS MonitoringΕNetOptics ᐗขαΔࢨ

Ղ MTA ႚಬയ೫ءሽၡ MPSΖ

ڍ៣ԫࡨᄎ٣ᙇᖗலሁೡ൷൳Δܒឰߓอऱᄷᒔ৫ፖ

៣ክΙԫࢤ NGTP อ৵Δᄎലߓ MPS ໂૹᄅ

փ᠙ᑓڤΖ

ཎġݧ

ലڕ MPS ໂփሎΔᓮ೭ᙇᖗག؈ய

ΰfail-openαຑᒵऱᖲীΖڇໂװ؈ሽᄭࢨऄشࠌΰױ౨

αऱउՀΔၦലᄎᤉᥛຏመᎭᒵտΔլᄎᖄીᄕࢤ

ጻሁխឰದஎჩΰլᓵໂणኪ۶Δ٠տຟലᥛ

ႚᎠၦΖα

кौ੫Փġᛵᇞ NGTP ሎڤ৵Δ൷ထ൶ಘؾছڞ NGTP ᇞ

ூໂୌࠄۥΔڂאᚨ APT ଡၸΖٺၜཚऱࡎسᚰސ

ඪᒺௌġ

NGTP ۥฆՕΖᛀຍࠄۥழᓮಖՀኙ൞ऱ៣

ᔞشऱۥΔ൷ထᓮᔹร 6 ᛵᇞה NGTP ආរΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

5 ണȈΙфࡄ٩45 | ـ

ຎᔣஈџᅸސӇġ

वऱౡਢԫՕૹរΖආآᐛᒘऱೠא NGTP ழᚨ

რਢܡ౨ڇဠᚵചᛩቼऱঅᎽՀΔૹᄅചױጊढऱ

ၦņڕጻΕԲᚾூהᣊীᚾூΙຍᇿബױጊऱᚾூࢨ

ဠᚵऱചᛩቼՀΔດڇฏլԫᑌΖૹᄅചਢޥڤചױ

طΔԫଡጻਢڕࠏૹᄅ৬ዌΖࠀၦցឯۯ 20 200 ڍ

ጟۻฒڍլٵጻۯᆜऱढګࢬΙૹᄅചਢᓤᠧ

ጻሁސڤᚰЁڕࠏោᥦܛՀሉΰdrive-by downloadαސᚰЁऱ

ԫऄΖ

ཎġݧ

լאᅝվऱᄅীኪጻሁސᚰ౨אexe dllࢨ ᚾூऱܧڤݮ

Ιٵڕร 4 ᚾூᣊڍጟฒٺጻփױڤ૪Δრࢬ

ীհխΖ

ဠᚵചᚯՈႊ౨ലᎄᎄܡऱױ౨ࢤΖᎄ

ΰലإᚾூᎄᣊრᚾூαױ౨ᄎࠌૹփ୲ऄႚᎠ

ᣄ߀ګᚾூαঞᄎᨈإΰലრᚾூᎄᣊܡΕᎄچऱؾ

ņڕᇠᚾூڶፖ APT ڼڂᚰઌᣂऱၸრຌސ

Ե៣Ζ

ᚇġࡌၯ৷פ

բवऱኙփౡΖڇᐸڃ؆ழ᠙ኙٵױᐛᒘشࠌ

ឈءኙႚอאᐛᒘഗऱᗧထᕠڍΔڼᣊ

ᗧᖲኙڇ৫ᗧฃխሗբवౡऱૹࢤՈլࠅᄅ

ԫזౡᥨߓอΖބ NGTP ᇞூழΔᚨრᇠᇞூ

ਢܡᖞאٽᐛᒘഗᐛᒘऱጟݾΔթ౨ڶய

ᗧբवآࡉवऱౡΖ

Δᆄԫ൞ऱ IPSΕNGFWΕ٤ڜጻሴሐΕࡑၡຌ

ᚰΔঞΰᒵՂސ٤ᇘᆜᙊዥԫբवრຌऱڜጻሁהࢨ

ᆟαMPSڤ ໂऱݶຒሁஉ᠙פ౨ܛمױ᠙ࢨሶᠦᇠ

ᚰΖސ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

46 | ತࠒϞΙфࡄ٩

ԫၸრຌפګዶຘ៣ΰಖ۰ΔՈױൕ೯ሎጩᇘᆜ

Եᙄֆαᄎᇢቹڃᐸ CnC ᖲΔՀሉ RAT ຌΰᓮߠร 3ᎅαࢨ൷ސࠐگᚰऱਐחΙMPS ໂਢشॴຑᒵ

რ URL բवრࡉ IP ૡრຌຏಛشܓࢨΔۯ

ऱᄐၸΖૉ MPS ໂऱڃᐸመៀᕴೠփຝᖲᇢቹຑᒵ

բवऱ؆ຝ CnC ᖲΔᄎ᠙ᇠຑᒵΰ MPS এආփ

ሎαࠀᤛᤞΰᓮߠቹ 5-2αΖ

ყ 5-2ȈFireEye ቹΖࠏᐸ೯ᒤڃ

ϸ

MPS ໂڶՕڍᑇႚอᇷڜᇘᆜΔਢറᛀኙփፖኙ؆ጻ

ᎾጻሁၦࢬૠΖ

ඌཎᔬਰႤᚔġ

ဠᚵചᚯࢬೠऱრᚾூΕሽၡઌᣂॵאףױ

ሶᠦࠀᚏڇژ MPS ໂՂΰࢨխ؇ጥ൳ΔᓮᔹՀᆏᎅ

αΔࠎאೈԱ MPS ᦸᢝΙᚾூޡऱԫ؆אႃᢞᖕࢬ

Ոطױ FBI ڤᢞᖕऱۯᑇאᆞᓳحऱሽᆰۯചऄהࢨ

ႃΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

5 ണȈΙфࡄ٩47 | ـ

ϛᆓ౩ġ

ኙڶԿຝאՂ MPS ໂऱ៣ߢΔءԳ৫৬ᤜආႃխ

ጥໂΰڶழԾጠխ؇ጥߓอαΔאຘመᖙشࠌ

ऱጻڤտႃխ൳ጥ NGTP ႃխጥ൳شࠌอΖߓ

ചऱԫՠץਔΚ

5

Ⴊႃڶࢬ MPS ໂऱࠃᇷறΔࠀലᇷறᖞګᏚ

ΕܫᤞΖ

5 ႃխႪႃሶᠦऱრڤऱრढΖ

5 Ⴊᖞࠀطփຝ MPS ໂขسΔࠐאრຌ

ᥨጤऱౡᇷΙڇࠀւऱउՀലౡᇷՂႚ

რຌᥨጤΖ

5 MPS ໂΔࠀലଖດԫאࢨᆢۯ

ԫຝޢش MPS ᇘᆜΖ

5 ՀሉຌޓᄅΔࠀൕԫխ؇ۯᆜڶࢬش MPSໂǶ

5 ൳ڶࢬ MPS ໂய౨Ζ

5 Ⴊࠃנᇷற SIEMΰ٤ڜᇷಛፖࠃጥαΕࠃጥ

ߓอהࢨ؆ຝᚨشڤΖ

5 ൳ژشࠌጥᦞΖ

ࠄڶ NGTP ᚨᄎጥऱࠎ MPS ໂᑇၦጻሁސᚰ೯ၦΔ

ড়ᙇΖࠎጟႃխጥໂᖲীڍࠎ༽

ඌཎᡝၥϷٴġ

NGTP ᇞூऱխԫႈᚌរΔਢڼᇞூᄎΰ೯αא

ԫڼᙇᖗലױ៣ᝫऱౡᇷঅᥨ៣ᇷறΔسᖲขء

ᇷࠆה៣Ζຘመጤౡᇷጻሁΰط NGTP ᚨᖑࠎ

រωαΔࠃᚰऱψސ៣ೠ٤ᄅౡΰڶᆖᛜαΔԫڶ

ঞڶࢬה៣ઃᄎܛمঅᥨΙڍԳጠڼႃΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

48 | ತࠒϞΙфࡄ٩

ឈ៣ױᔾᖲ MPS ధᇞ APT ຘመലႃᚰΔސ MPSᇷᄭႃխشటآإवऱጻሁސᚰΔ౨ࠌ MPS ڶޓ٤ڜ

யΙڼ؆Δຘመጤאլټऱڤࠆᄅ৬مऱౡᇷΔ

៣ૉᣋრࠆౡᇷΔࠎڶࠆٵ٥ױᚨऱڣ৫ጤౡ

ᇷጻሁૡᔹڬމΖ

ϸġ

ᓮ೭ᛵᇞΔլᓵ۶ڇउՀΔ൞ऱ۶ᚾூࢨຍࠄᚾூ

խץࢬऱփ୲ຟլᄎႚಬጤౡᇷጻሁΖאౡᥨᇷ

றᚾࠏΔᚾூխႛץټᇷறΔڕᚾூऱ MD5 ᠧଖΖ

ՌॏࠌЛධġ

ऱڞشܓױشࠌၸऱޓ NGTP شࠌอႪԵߓ YARA ঞ

ૡऱრຌೠঞΰYARAߢ ਢറܗრຌઔߒԳ

ᢝΔࠀᣊრຌᒤࢬࠏૠऱՠΖαMPS ᤛႪԵऱ

YARA ঞ৵ΔဠᚵചᚯᄎܛمᣂຑढΔᒔᎁਢܡ

ᚰ᠙ސᣊጻሁᆖ౨ኙפڼᚰΙސጻሁ౨ױ

ऱ៣ߢઌᅝኔشΖ

ġ ᆩၯၥਟġ

YARAऱᇷಛΔᓮທΚᣂڍޓᏁڕ

httpcodegooglecompyara-projectΖ

ৈӇᐌӫġࢳ٩

ለॹᅭऱ NGTP ᇞூױᖞٽՂߠऱΰAVαΰᓮᔹቹ 5-3αΔڕ McAfeeΕSymantecΕSophos Ζല

NGTP ᇞூፖ AV ᖞٽ৵Δ ԫଡრढޢޡԫױ

Δאᒔᎁ AV ਢܡ౨ೠط MPS ॴऱრຌΙױڼڕ

ᨃ៣ڶޓயࠃᚨ৵ᥛᄐऱᚌ٣ႉݧΖ

5 ണȈΙфࡄ٩49 | ـ

ყ 5-3ȈFireEye Ζࠏᒤٽᖞ

оՓგϷԆڥڙġ

Օڍᑇ NGTP ᏁऱՠڂڶΔᒔঅۥߡشࠌૹڍࠎ༽อߓ

IT ԳթᖑڶጥᦞΖߠऱ NGTP ՀΚڕۥߡشࠌ

ᖞଡڶอጥЁᖑߓ 5 NGTP อऱ٤ጥ൳ᦞΖߓ

5 ጥЁᖑڶԫຝڍࢨຝ MPS ໂऱጥ൳ᦞΖ

ᦞژհܫࡉ٤ஃЁႛໂᏚڜ 5 Δ ऄଥޏ

ଖΖอߓޏଥࢨᇷறࠃೈܔࢨ

ቈݖߒġ

NGTP Ꮪ ΰߠቹ 5-4αտ٤ڜطஃش൳ጻሁऱ

៣א٤णኪΔڜ MPS ໂऱՠሉΖᏚຏਢຘመጻ

ោᥦᕴژΔࠀᇞᦰΖפ౨ለᚌฆऱᏚױψٻՀ

ᨵωࠃᇷறΔנބጻሁސᚰऱᇡาᇷறΔ٤ڜܗஃᒔ

ᎁ൷ՀࢬࠐᚨආऱޡᨏΖ

50 | ತࠒϞΙфࡄ٩

ყ 5-4ȈFireEye ᏚᒤࠏΖ

ġ

ᅝվऱ NGTP ᇞூפ౨ൎՕΕᖙ൸Δױਊᅃټጠࢨᣊী

ჼࠀܫᣊীऱጻሁސᚰΖ៣ױᛀࠃኴΔױڕ

౨ტऱᖲૹՕრຌڃࡉᐸࠃΔץਔچۯᆜᇡ

าᇷಛΖࠄڶ NGTP ᇞூڇױ Google Earth ࠃ٤ڜق

ᇷறΜ

NGTP ऱழਐڇႃխጥ൳طࢨܫم৬ܛمױشࠌ

ሶΰޢΕޢၜΕޢଡα೯৬مܫΖ

ϸġ

խאႨܫ౨ܧᔡԵॿߓอᑇၦऱ৫Ζ

5 ണȈΙфࡄ٩51 | ـ

ឌġ

ᤞ٤ڜܗױஃᙟழ༳༽ױ౨ऱጻሁధᡏ೯Ζᤞຏ

वຏױຘመ SMTPΕSNMPΕߓอΰsyslogαࡉ HTTP POSTႚಬΙᤞՈᄎڇقႃխጥߓอໂऱጻڤտխΰߠ

ቹ 5-5αΖ

ყ 5-5ȈFireEye ᤞኴᒤࠏΖ

ඪᒺௌġ

ೠᣂຑڃᐸऱᄅጻሁސᚰ৵ΔMPS ᄎᙕԫଡڍࢨଡᣤ

ૹࢤᤞΖឈ MPS ໂΰૉփሎα౨֊ឰڃᐸຏಛ

ຑᒵאᇞೈސᚰΔսᏁආ৵ᥛࠀଥސᚰऱᖲΖ

NGTPᐌӫՍ౪Ԥޟ ITஅᙃ๖ᄺ ขᚨڜΖᇷउՀሎمڇอᚨᇠߓ٤ڜ۶ԫଡᇷಛڶ

յઌņࠀፖགऱጻሁഗዌņᓳᖞٽΔ IT অᥨᛩࠎ༽

ቼհޓᇡาહནउΔጻሁސᚰऱפګΖ

52 | ತࠒϞΙфࡄ٩

ᎅڇऱؾᆏء NGTP ऱԿՕߠ۶ፖڕ IT ᖞٽΔࠀല٣տ

ฯፖ SIEM ऱᖞٽΖ

SIEM SIEMΰ٤ڜᇷಛፖࠃጥαਢޣፖ NGTP ᖞٽऱ

հԫΔڇலሁೡ൷ຝᆟऱउՀΖຍኔৰإΔڂ SIEMऱᖞشຜਢႪႃᖞଡ៣ऱᇷࠃڜΔࠀΰٺشܓጟቃ৬

ૡऱᣂຑࢤঞα৬ࠃمऱઌյᣂຑࢤΔנބאឆ៲ऱጻ

ሁސᚰΖ

ΰCEFαΔڤࠃشอΕຏߓאழΔܛຘመױࠃ٤ڜ

נႪڤᚨറ᥆ࠎऱࠎאᚰᇡސڍޓࠎ༽ױא

SIEM Ζ

ඪᒺௌġ

៣Ոৰല NGTP Ζጥٽอขᖞߓอፖጥߓ

ڤᇿ SIEM ԫᑌΔႪႃࠃ٤ڜΰຘመߓอᇷறαΙ

լٵ SIEM ऱਢΰຏαऄ৬مᇷறऱઌյᣂຑࢤΖ

ጥڤຏشየߩऄઌ୲ࢤऱࢤΰڕΚPCI DSSαΔՈ༼ࠎႪႃᇷறऱ൸ڤΖ

ਔΚHP ArcSightΕIBM Ql LabsΕLogRhythmΕץᚨࠎᣊڼ

McAfeeΕRSA SplunkΖ

ԊӒၥᇄϷݙ೩ġ

ጻڇԫଡޢ٤ᇷፖਜΰSIAαԾጠጻሁᦸᢝΔᄎឯڜ

ሁՂฝ೯ऱٺࠎאץጟشຜشࠌΔխץਔΚ

ᚨΰᢞαࠃ٤ڜ 5

5 ೠጻሁސᚰ

5 ᇷறᙊ؈൳ፖ

ԫ NGTP ψ௧شࠌױऱრຌ৵Δஃڤݮᄅנอᣊߓ

ၦᇷறωΰbig dataαऄᇬ SIA ᇷறΔאᒔᎁᖲᔡԵॿ

ऱહནउΔױהנބࠀ౨ٵᑌސᚰԵॿऱᖲΖ

ਬࠄ SIA ຑ൷ᕴտΔشऴ൷༺Եጻោᥦᕴऱຏױࠎ༽ᚨࠎ

ऴ൷ൕխ؇ጥ൳រᙇױشࠌNGTPࠐԫڼڕ IPۯඔ

೯ SIA ᇷறᇬΔףຒࠃᚨመΖ

ਔΚNetWitness (RSA)ΕNiksunSolera NetworksΖץᚨࠎᣊڼ

5 ണȈΙфࡄ٩53 | ـ

Ӈᆓ౩ġٱ

طຏࠄΖຍݾլਢᄅऱઝࠀጥαܫعࢨጥΰࠃ

փຝ IT ᘬᇬ೭شಳጥ IT ঞᇞࠃΖࠃ

ᘬᇬ೭ຏᇩΔૹঞޑᣂ APT ᚰΖސ

៣ຏݦඨല NGTP ᤞႚಬڶऱࠃጥΖല

ᆖመڤऱ SMTP ᤞൕ NGTP խ؇ጥߓอࠃ

ጥߓอΔࢨኙ XML ڤᤞऄאฤٽࠃڶᤞ

ᒤױܛءΖ

ਔΚBMC RemedyΕNumara Softwareץᚨࠎᣊڼ RSA ArcherΖ

54 | ತࠒϞΙфࡄ٩

ড়ᄂᡛࡉၐᡛΙфࡄ٩ᐠڙ

壂ΖωኙԳᎅΚψवਢԫጟڶ

٤ڜআ౨ᄭΕᛩቼഏ୮ڇڱ

Ꮖઝᖂऱભഏഏ୮ኔ

ฃ९ߢΔኙլਢڼڕΖຍ

ኔޢຟՕၦऱഏ

୮మയඕტᇷறΔՈګڼڂ೯

ᖲൎΕࡌऱጻሁᆞحᙰᇆ

ᑑΖؾ

Աᒔঅᇷறլᔡ᧗؆ਜ਼Δኔ

ຝᆟۯ٤ऱᄐᇷಛ٤ڜᇘ

ᆜΔץਔ־ᛥΕIPS ΰAVαᇞூΖΔڶԫኔᆖ

᠆ऱฃ९ᦰԱԫᒧᇷಛڜ

٤ཚעխऱΔփ୲૪ԫ୮ᇿ

աࢬጥऱኔᑓઌᅝऱ

៣Δᔡ APT ՈᛵהᚰૹΙސ

ᇞ APT ऱሎڤႚอ٤ڜ

ᗧᖲऄፖհݼᘝऱڂΖ

ፖᆖ᠆ऱᇷಛ٤ڜቸၷᘬᇬ

መ৵ΔהवՂڶԫጟለᄅᣊ

ऱጻሁ٤ڜᗧᖲЁᄅԫז

ౡᥨΙהՈवሐڶԫ୮ࠎᚨ

הڶࢬ NGTP ીԺޓᚨࠎ

ড়ೠၸౡņਢܗ FireEyeΰwwwfireeyecomαΖ

ᅝඡΔቸၷխԫԳፖ FireEyeᜤᢀڜඈᄎழΔհ৵ৰݶ

ေ۷ΖFireEyeWebMPS ໂ

אᇢኔױԫऱழ

൳ጻሁၦΔཀܛழऱإயΖ

լشழऱழΔขسኔ

ऱנೠآ٤ݙᗧᖲ٤ڜڶ

რڤᒘᤞΖ

ᑇၜ৵ FireEye MPS ໂբ٤Ե

ᒵՂᥨᑓڤΖᇠໂऱݶຒሁஉ

᠙פ౨ױॴբवऱኙփސᚰ

რຌڃᐸΔٵழפ౨ൎՕऱဠᚵച

ᚯױᄷᒔೠآवऱጻሁސᚰΖ

ኔऱฃ९वה२ཚփլᄎ

ՂΔաע٤ཚڜფऱᇷಛڇ

ኔᔡސᚰऱᖄ৵Δאױ

პᠾԫՑΖ

6 ണ

ᒵᐅғጂޟ NGTPПਰġ

ҏണ१ᘈ

ᕣຟե NGTP Пਰਢᔖᗗջޡޟᘈ

ᐌ౩ௌޟ NGTP ᗊࠌ

Δڇ Ղڶڍጻሁࠎ٤ڜᚨઃᑑข೭౨

ೠࠀ᠙ၸጻሁސᚰΔץਔሿழސᚰΕݮౡ

APTΙࢨຍࠎࠄᚨຟ౨ೠࠀ᠙բवऱސᚰΔ

वऱآᚰਢ᠙ސࠄᚰЁᅝຍސवऱآᑇ౨᠙ڶ

ΰլԫՕฒࢬवαᄐߓอࢨᚨشڤዥΖ

Δආڼڂ NGTP ૹऱޓ౨ņפᏁऱࢬอழ೭ᛵᇞաߓ

ਢᝫᛵᇞᚨᝩୌࠄळរΖᏖΔ٣ൕ৵ᓫದΖ

ᔖᗗջޡޟᘈġေ۷נՀ٨א NGTP ᇞூழࢬᚨᝩऱउΚ

լᙇᖗႛໂೠ౨ԺऱᇞூΖᚌฆऱ NGTP ข೭

லሁೡش៣ᄎ٣ආڍΖڤᑓፖலሁೡ൷ऱሎڤགփױ

൷Δክ৵ᄎփڤ NGTP Δא᠙բवऱౡΕ

რຌڃᐸᄅრຌૹᓤސᚰΙڼ؆Δေ۷ආشᎭᒵ

տऱ MPS ໂழΔᓮᒔڼᣊໂགփڤຝᆟऱ؈ய

ΰfail-openαຑᒵ౨ԺΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

50 | ತࠒϞΙфࡄ٩

ყ 5-4ȈFireEye ᏚᒤࠏΖ

ġ

ᅝվऱ NGTP ᇞூפ౨ൎՕΕᖙ൸Δױਊᅃټጠࢨᣊী

ჼࠀܫᣊীऱጻሁސᚰΖ៣ױᛀࠃኴΔױڕ

౨ტऱᖲૹՕრຌڃࡉᐸࠃΔץਔچۯᆜᇡ

าᇷಛΖࠄڶ NGTP ᇞூڇױ Google Earth ࠃ٤ڜق

ᇷறΜ

NGTP ऱழਐڇႃխጥ൳طࢨܫم৬ܛمױشࠌ

ሶΰޢΕޢၜΕޢଡα೯৬مܫΖ

ϸġ

խאႨܫ౨ܧᔡԵॿߓอᑇၦऱ৫Ζ

5 ണȈΙфࡄ٩51 | ـ

ឌġ

ᤞ٤ڜܗױஃᙟழ༳༽ױ౨ऱጻሁధᡏ೯Ζᤞຏ

वຏױຘመ SMTPΕSNMPΕߓอΰsyslogαࡉ HTTP POSTႚಬΙᤞՈᄎڇقႃխጥߓอໂऱጻڤտխΰߠ

ቹ 5-5αΖ

ყ 5-5ȈFireEye ᤞኴᒤࠏΖ

ඪᒺௌġ

ೠᣂຑڃᐸऱᄅጻሁސᚰ৵ΔMPS ᄎᙕԫଡڍࢨଡᣤ

ૹࢤᤞΖឈ MPS ໂΰૉփሎα౨֊ឰڃᐸຏಛ

ຑᒵאᇞೈސᚰΔսᏁආ৵ᥛࠀଥސᚰऱᖲΖ

NGTPᐌӫՍ౪Ԥޟ ITஅᙃ๖ᄺ ขᚨڜΖᇷउՀሎمڇอᚨᇠߓ٤ڜ۶ԫଡᇷಛڶ

յઌņࠀፖགऱጻሁഗዌņᓳᖞٽΔ IT অᥨᛩࠎ༽

ቼհޓᇡาહནउΔጻሁސᚰऱפګΖ

52 | ತࠒϞΙфࡄ٩

ᎅڇऱؾᆏء NGTP ऱԿՕߠ۶ፖڕ IT ᖞٽΔࠀല٣տ

ฯፖ SIEM ऱᖞٽΖ

SIEM SIEMΰ٤ڜᇷಛፖࠃጥαਢޣፖ NGTP ᖞٽऱ

հԫΔڇலሁೡ൷ຝᆟऱउՀΖຍኔৰإΔڂ SIEMऱᖞشຜਢႪႃᖞଡ៣ऱᇷࠃڜΔࠀΰٺشܓጟቃ৬

ૡऱᣂຑࢤঞα৬ࠃمऱઌյᣂຑࢤΔנބאឆ៲ऱጻ

ሁސᚰΖ

ΰCEFαΔڤࠃشอΕຏߓאழΔܛຘመױࠃ٤ڜ

נႪڤᚨറ᥆ࠎऱࠎאᚰᇡސڍޓࠎ༽ױא

SIEM Ζ

ඪᒺௌġ

៣Ոৰല NGTP Ζጥٽอขᖞߓอፖጥߓ

ڤᇿ SIEM ԫᑌΔႪႃࠃ٤ڜΰຘመߓอᇷறαΙ

լٵ SIEM ऱਢΰຏαऄ৬مᇷறऱઌյᣂຑࢤΖ

ጥڤຏشየߩऄઌ୲ࢤऱࢤΰڕΚPCI DSSαΔՈ༼ࠎႪႃᇷறऱ൸ڤΖ

ਔΚHP ArcSightΕIBM Ql LabsΕLogRhythmΕץᚨࠎᣊڼ

McAfeeΕRSA SplunkΖ

ԊӒၥᇄϷݙ೩ġ

ጻڇԫଡޢ٤ᇷፖਜΰSIAαԾጠጻሁᦸᢝΔᄎឯڜ

ሁՂฝ೯ऱٺࠎאץጟشຜشࠌΔխץਔΚ

ᚨΰᢞαࠃ٤ڜ 5

5 ೠጻሁސᚰ

5 ᇷறᙊ؈൳ፖ

ԫ NGTP ψ௧شࠌױऱრຌ৵Δஃڤݮᄅנอᣊߓ

ၦᇷறωΰbig dataαऄᇬ SIA ᇷறΔאᒔᎁᖲᔡԵॿ

ऱહནउΔױהנބࠀ౨ٵᑌސᚰԵॿऱᖲΖ

ਬࠄ SIA ຑ൷ᕴտΔشऴ൷༺Եጻោᥦᕴऱຏױࠎ༽ᚨࠎ

ऴ൷ൕխ؇ጥ൳រᙇױشࠌNGTPࠐԫڼڕ IPۯඔ

೯ SIA ᇷறᇬΔףຒࠃᚨመΖ

ਔΚNetWitness (RSA)ΕNiksunSolera NetworksΖץᚨࠎᣊڼ

5 ണȈΙфࡄ٩53 | ـ

Ӈᆓ౩ġٱ

طຏࠄΖຍݾլਢᄅऱઝࠀጥαܫعࢨጥΰࠃ

փຝ IT ᘬᇬ೭شಳጥ IT ঞᇞࠃΖࠃ

ᘬᇬ೭ຏᇩΔૹঞޑᣂ APT ᚰΖސ

៣ຏݦඨല NGTP ᤞႚಬڶऱࠃጥΖല

ᆖመڤऱ SMTP ᤞൕ NGTP խ؇ጥߓอࠃ

ጥߓอΔࢨኙ XML ڤᤞऄאฤٽࠃڶᤞ

ᒤױܛءΖ

ਔΚBMC RemedyΕNumara Softwareץᚨࠎᣊڼ RSA ArcherΖ

54 | ತࠒϞΙфࡄ٩

ড়ᄂᡛࡉၐᡛΙфࡄ٩ᐠڙ

壂ΖωኙԳᎅΚψवਢԫጟڶ

٤ڜআ౨ᄭΕᛩቼഏ୮ڇڱ

Ꮖઝᖂऱભഏഏ୮ኔ

ฃ९ߢΔኙլਢڼڕΖຍ

ኔޢຟՕၦऱഏ

୮మയඕტᇷறΔՈګڼڂ೯

ᖲൎΕࡌऱጻሁᆞحᙰᇆ

ᑑΖؾ

Աᒔঅᇷறլᔡ᧗؆ਜ਼Δኔ

ຝᆟۯ٤ऱᄐᇷಛ٤ڜᇘ

ᆜΔץਔ־ᛥΕIPS ΰAVαᇞூΖΔڶԫኔᆖ

᠆ऱฃ९ᦰԱԫᒧᇷಛڜ

٤ཚעխऱΔփ୲૪ԫ୮ᇿ

աࢬጥऱኔᑓઌᅝऱ

៣Δᔡ APT ՈᛵהᚰૹΙސ

ᇞ APT ऱሎڤႚอ٤ڜ

ᗧᖲऄፖհݼᘝऱڂΖ

ፖᆖ᠆ऱᇷಛ٤ڜቸၷᘬᇬ

መ৵ΔהवՂڶԫጟለᄅᣊ

ऱጻሁ٤ڜᗧᖲЁᄅԫז

ౡᥨΙהՈवሐڶԫ୮ࠎᚨ

הڶࢬ NGTP ીԺޓᚨࠎ

ড়ೠၸౡņਢܗ FireEyeΰwwwfireeyecomαΖ

ᅝඡΔቸၷխԫԳፖ FireEyeᜤᢀڜඈᄎழΔհ৵ৰݶ

ေ۷ΖFireEyeWebMPS ໂ

אᇢኔױԫऱழ

൳ጻሁၦΔཀܛழऱإயΖ

լشழऱழΔขسኔ

ऱנೠآ٤ݙᗧᖲ٤ڜڶ

რڤᒘᤞΖ

ᑇၜ৵ FireEye MPS ໂբ٤Ե

ᒵՂᥨᑓڤΖᇠໂऱݶຒሁஉ

᠙פ౨ױॴբवऱኙփސᚰ

რຌڃᐸΔٵழפ౨ൎՕऱဠᚵച

ᚯױᄷᒔೠآवऱጻሁސᚰΖ

ኔऱฃ९वה२ཚփլᄎ

ՂΔաע٤ཚڜფऱᇷಛڇ

ኔᔡސᚰऱᖄ৵Δאױ

პᠾԫՑΖ

6 ണ

ᒵᐅғጂޟ NGTPПਰġ

ҏണ१ᘈ

ᕣຟե NGTP Пਰਢᔖᗗջޡޟᘈ

ᐌ౩ௌޟ NGTP ᗊࠌ

Δڇ Ղڶڍጻሁࠎ٤ڜᚨઃᑑข೭౨

ೠࠀ᠙ၸጻሁސᚰΔץਔሿழސᚰΕݮౡ

APTΙࢨຍࠎࠄᚨຟ౨ೠࠀ᠙բवऱސᚰΔ

वऱآᚰਢ᠙ސࠄᚰЁᅝຍސवऱآᑇ౨᠙ڶ

ΰլԫՕฒࢬवαᄐߓอࢨᚨشڤዥΖ

Δආڼڂ NGTP ૹऱޓ౨ņפᏁऱࢬอழ೭ᛵᇞաߓ

ਢᝫᛵᇞᚨᝩୌࠄळរΖᏖΔ٣ൕ৵ᓫದΖ

ᔖᗗջޡޟᘈġေ۷נՀ٨א NGTP ᇞூழࢬᚨᝩऱउΚ

լᙇᖗႛໂೠ౨ԺऱᇞூΖᚌฆऱ NGTP ข೭

லሁೡش៣ᄎ٣ආڍΖڤᑓፖலሁೡ൷ऱሎڤགփױ

൷Δክ৵ᄎփڤ NGTP Δא᠙բवऱౡΕ

რຌڃᐸᄅრຌૹᓤސᚰΙڼ؆Δေ۷ආشᎭᒵ

տऱ MPS ໂழΔᓮᒔڼᣊໂགփڤຝᆟऱ؈ய

ΰfail-openαຑᒵ౨ԺΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

5 ണȈΙфࡄ٩51 | ـ

ឌġ

ᤞ٤ڜܗױஃᙟழ༳༽ױ౨ऱጻሁధᡏ೯Ζᤞຏ

वຏױຘመ SMTPΕSNMPΕߓอΰsyslogαࡉ HTTP POSTႚಬΙᤞՈᄎڇقႃխጥߓอໂऱጻڤտխΰߠ

ቹ 5-5αΖ

ყ 5-5ȈFireEye ᤞኴᒤࠏΖ

ඪᒺௌġ

ೠᣂຑڃᐸऱᄅጻሁސᚰ৵ΔMPS ᄎᙕԫଡڍࢨଡᣤ

ૹࢤᤞΖឈ MPS ໂΰૉփሎα౨֊ឰڃᐸຏಛ

ຑᒵאᇞೈސᚰΔսᏁආ৵ᥛࠀଥސᚰऱᖲΖ

NGTPᐌӫՍ౪Ԥޟ ITஅᙃ๖ᄺ ขᚨڜΖᇷउՀሎمڇอᚨᇠߓ٤ڜ۶ԫଡᇷಛڶ

յઌņࠀፖགऱጻሁഗዌņᓳᖞٽΔ IT অᥨᛩࠎ༽

ቼհޓᇡาહནउΔጻሁސᚰऱפګΖ

52 | ತࠒϞΙфࡄ٩

ᎅڇऱؾᆏء NGTP ऱԿՕߠ۶ፖڕ IT ᖞٽΔࠀല٣տ

ฯፖ SIEM ऱᖞٽΖ

SIEM SIEMΰ٤ڜᇷಛፖࠃጥαਢޣፖ NGTP ᖞٽऱ

հԫΔڇலሁೡ൷ຝᆟऱउՀΖຍኔৰإΔڂ SIEMऱᖞشຜਢႪႃᖞଡ៣ऱᇷࠃڜΔࠀΰٺشܓጟቃ৬

ૡऱᣂຑࢤঞα৬ࠃمऱઌյᣂຑࢤΔנބאឆ៲ऱጻ

ሁސᚰΖ

ΰCEFαΔڤࠃشอΕຏߓאழΔܛຘመױࠃ٤ڜ

נႪڤᚨറ᥆ࠎऱࠎאᚰᇡސڍޓࠎ༽ױא

SIEM Ζ

ඪᒺௌġ

៣Ոৰല NGTP Ζጥٽอขᖞߓอፖጥߓ

ڤᇿ SIEM ԫᑌΔႪႃࠃ٤ڜΰຘመߓอᇷறαΙ

լٵ SIEM ऱਢΰຏαऄ৬مᇷறऱઌյᣂຑࢤΖ

ጥڤຏشየߩऄઌ୲ࢤऱࢤΰڕΚPCI DSSαΔՈ༼ࠎႪႃᇷறऱ൸ڤΖ

ਔΚHP ArcSightΕIBM Ql LabsΕLogRhythmΕץᚨࠎᣊڼ

McAfeeΕRSA SplunkΖ

ԊӒၥᇄϷݙ೩ġ

ጻڇԫଡޢ٤ᇷፖਜΰSIAαԾጠጻሁᦸᢝΔᄎឯڜ

ሁՂฝ೯ऱٺࠎאץጟشຜشࠌΔխץਔΚ

ᚨΰᢞαࠃ٤ڜ 5

5 ೠጻሁސᚰ

5 ᇷறᙊ؈൳ፖ

ԫ NGTP ψ௧شࠌױऱრຌ৵Δஃڤݮᄅנอᣊߓ

ၦᇷறωΰbig dataαऄᇬ SIA ᇷறΔאᒔᎁᖲᔡԵॿ

ऱહནउΔױהנބࠀ౨ٵᑌސᚰԵॿऱᖲΖ

ਬࠄ SIA ຑ൷ᕴտΔشऴ൷༺Եጻោᥦᕴऱຏױࠎ༽ᚨࠎ

ऴ൷ൕխ؇ጥ൳រᙇױشࠌNGTPࠐԫڼڕ IPۯඔ

೯ SIA ᇷறᇬΔףຒࠃᚨመΖ

ਔΚNetWitness (RSA)ΕNiksunSolera NetworksΖץᚨࠎᣊڼ

5 ണȈΙфࡄ٩53 | ـ

Ӈᆓ౩ġٱ

طຏࠄΖຍݾլਢᄅऱઝࠀጥαܫعࢨጥΰࠃ

փຝ IT ᘬᇬ೭شಳጥ IT ঞᇞࠃΖࠃ

ᘬᇬ೭ຏᇩΔૹঞޑᣂ APT ᚰΖސ

៣ຏݦඨല NGTP ᤞႚಬڶऱࠃጥΖല

ᆖመڤऱ SMTP ᤞൕ NGTP խ؇ጥߓอࠃ

ጥߓอΔࢨኙ XML ڤᤞऄאฤٽࠃڶᤞ

ᒤױܛءΖ

ਔΚBMC RemedyΕNumara Softwareץᚨࠎᣊڼ RSA ArcherΖ

54 | ತࠒϞΙфࡄ٩

ড়ᄂᡛࡉၐᡛΙфࡄ٩ᐠڙ

壂ΖωኙԳᎅΚψवਢԫጟڶ

٤ڜআ౨ᄭΕᛩቼഏ୮ڇڱ

Ꮖઝᖂऱભഏഏ୮ኔ

ฃ९ߢΔኙլਢڼڕΖຍ

ኔޢຟՕၦऱഏ

୮మയඕტᇷறΔՈګڼڂ೯

ᖲൎΕࡌऱጻሁᆞحᙰᇆ

ᑑΖؾ

Աᒔঅᇷறլᔡ᧗؆ਜ਼Δኔ

ຝᆟۯ٤ऱᄐᇷಛ٤ڜᇘ

ᆜΔץਔ־ᛥΕIPS ΰAVαᇞூΖΔڶԫኔᆖ

᠆ऱฃ९ᦰԱԫᒧᇷಛڜ

٤ཚעխऱΔփ୲૪ԫ୮ᇿ

աࢬጥऱኔᑓઌᅝऱ

៣Δᔡ APT ՈᛵהᚰૹΙސ

ᇞ APT ऱሎڤႚอ٤ڜ

ᗧᖲऄፖհݼᘝऱڂΖ

ፖᆖ᠆ऱᇷಛ٤ڜቸၷᘬᇬ

መ৵ΔהवՂڶԫጟለᄅᣊ

ऱጻሁ٤ڜᗧᖲЁᄅԫז

ౡᥨΙהՈवሐڶԫ୮ࠎᚨ

הڶࢬ NGTP ીԺޓᚨࠎ

ড়ೠၸౡņਢܗ FireEyeΰwwwfireeyecomαΖ

ᅝඡΔቸၷխԫԳፖ FireEyeᜤᢀڜඈᄎழΔհ৵ৰݶ

ေ۷ΖFireEyeWebMPS ໂ

אᇢኔױԫऱழ

൳ጻሁၦΔཀܛழऱإயΖ

լشழऱழΔขسኔ

ऱנೠآ٤ݙᗧᖲ٤ڜڶ

რڤᒘᤞΖ

ᑇၜ৵ FireEye MPS ໂբ٤Ե

ᒵՂᥨᑓڤΖᇠໂऱݶຒሁஉ

᠙פ౨ױॴբवऱኙփސᚰ

რຌڃᐸΔٵழפ౨ൎՕऱဠᚵച

ᚯױᄷᒔೠآवऱጻሁސᚰΖ

ኔऱฃ९वה२ཚփլᄎ

ՂΔաע٤ཚڜფऱᇷಛڇ

ኔᔡސᚰऱᖄ৵Δאױ

პᠾԫՑΖ

6 ണ

ᒵᐅғጂޟ NGTPПਰġ

ҏണ१ᘈ

ᕣຟե NGTP Пਰਢᔖᗗջޡޟᘈ

ᐌ౩ௌޟ NGTP ᗊࠌ

Δڇ Ղڶڍጻሁࠎ٤ڜᚨઃᑑข೭౨

ೠࠀ᠙ၸጻሁސᚰΔץਔሿழސᚰΕݮౡ

APTΙࢨຍࠎࠄᚨຟ౨ೠࠀ᠙բवऱސᚰΔ

वऱآᚰਢ᠙ސࠄᚰЁᅝຍސवऱآᑇ౨᠙ڶ

ΰլԫՕฒࢬवαᄐߓอࢨᚨشڤዥΖ

Δආڼڂ NGTP ૹऱޓ౨ņפᏁऱࢬอழ೭ᛵᇞաߓ

ਢᝫᛵᇞᚨᝩୌࠄळរΖᏖΔ٣ൕ৵ᓫದΖ

ᔖᗗջޡޟᘈġေ۷נՀ٨א NGTP ᇞூழࢬᚨᝩऱउΚ

լᙇᖗႛໂೠ౨ԺऱᇞூΖᚌฆऱ NGTP ข೭

லሁೡش៣ᄎ٣ආڍΖڤᑓፖலሁೡ൷ऱሎڤགփױ

൷Δክ৵ᄎփڤ NGTP Δא᠙բवऱౡΕ

რຌڃᐸᄅრຌૹᓤސᚰΙڼ؆Δေ۷ආشᎭᒵ

տऱ MPS ໂழΔᓮᒔڼᣊໂགփڤຝᆟऱ؈ய

ΰfail-openαຑᒵ౨ԺΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

52 | ತࠒϞΙфࡄ٩

ᎅڇऱؾᆏء NGTP ऱԿՕߠ۶ፖڕ IT ᖞٽΔࠀല٣տ

ฯፖ SIEM ऱᖞٽΖ

SIEM SIEMΰ٤ڜᇷಛፖࠃጥαਢޣፖ NGTP ᖞٽऱ

հԫΔڇலሁೡ൷ຝᆟऱउՀΖຍኔৰإΔڂ SIEMऱᖞشຜਢႪႃᖞଡ៣ऱᇷࠃڜΔࠀΰٺشܓጟቃ৬

ૡऱᣂຑࢤঞα৬ࠃمऱઌյᣂຑࢤΔנބאឆ៲ऱጻ

ሁސᚰΖ

ΰCEFαΔڤࠃشอΕຏߓאழΔܛຘመױࠃ٤ڜ

נႪڤᚨറ᥆ࠎऱࠎאᚰᇡސڍޓࠎ༽ױא

SIEM Ζ

ඪᒺௌġ

៣Ոৰല NGTP Ζጥٽอขᖞߓอፖጥߓ

ڤᇿ SIEM ԫᑌΔႪႃࠃ٤ڜΰຘመߓอᇷறαΙ

լٵ SIEM ऱਢΰຏαऄ৬مᇷறऱઌյᣂຑࢤΖ

ጥڤຏشየߩऄઌ୲ࢤऱࢤΰڕΚPCI DSSαΔՈ༼ࠎႪႃᇷறऱ൸ڤΖ

ਔΚHP ArcSightΕIBM Ql LabsΕLogRhythmΕץᚨࠎᣊڼ

McAfeeΕRSA SplunkΖ

ԊӒၥᇄϷݙ೩ġ

ጻڇԫଡޢ٤ᇷፖਜΰSIAαԾጠጻሁᦸᢝΔᄎឯڜ

ሁՂฝ೯ऱٺࠎאץጟشຜشࠌΔխץਔΚ

ᚨΰᢞαࠃ٤ڜ 5

5 ೠጻሁސᚰ

5 ᇷறᙊ؈൳ፖ

ԫ NGTP ψ௧شࠌױऱრຌ৵Δஃڤݮᄅנอᣊߓ

ၦᇷறωΰbig dataαऄᇬ SIA ᇷறΔאᒔᎁᖲᔡԵॿ

ऱહནउΔױהנބࠀ౨ٵᑌސᚰԵॿऱᖲΖ

ਬࠄ SIA ຑ൷ᕴտΔشऴ൷༺Եጻោᥦᕴऱຏױࠎ༽ᚨࠎ

ऴ൷ൕխ؇ጥ൳រᙇױشࠌNGTPࠐԫڼڕ IPۯඔ

೯ SIA ᇷறᇬΔףຒࠃᚨመΖ

ਔΚNetWitness (RSA)ΕNiksunSolera NetworksΖץᚨࠎᣊڼ

5 ണȈΙфࡄ٩53 | ـ

Ӈᆓ౩ġٱ

طຏࠄΖຍݾլਢᄅऱઝࠀጥαܫعࢨጥΰࠃ

փຝ IT ᘬᇬ೭شಳጥ IT ঞᇞࠃΖࠃ

ᘬᇬ೭ຏᇩΔૹঞޑᣂ APT ᚰΖސ

៣ຏݦඨല NGTP ᤞႚಬڶऱࠃጥΖല

ᆖመڤऱ SMTP ᤞൕ NGTP խ؇ጥߓอࠃ

ጥߓอΔࢨኙ XML ڤᤞऄאฤٽࠃڶᤞ

ᒤױܛءΖ

ਔΚBMC RemedyΕNumara Softwareץᚨࠎᣊڼ RSA ArcherΖ

54 | ತࠒϞΙфࡄ٩

ড়ᄂᡛࡉၐᡛΙфࡄ٩ᐠڙ

壂ΖωኙԳᎅΚψवਢԫጟڶ

٤ڜআ౨ᄭΕᛩቼഏ୮ڇڱ

Ꮖઝᖂऱભഏഏ୮ኔ

ฃ९ߢΔኙլਢڼڕΖຍ

ኔޢຟՕၦऱഏ

୮మയඕტᇷறΔՈګڼڂ೯

ᖲൎΕࡌऱጻሁᆞحᙰᇆ

ᑑΖؾ

Աᒔঅᇷறլᔡ᧗؆ਜ਼Δኔ

ຝᆟۯ٤ऱᄐᇷಛ٤ڜᇘ

ᆜΔץਔ־ᛥΕIPS ΰAVαᇞூΖΔڶԫኔᆖ

᠆ऱฃ९ᦰԱԫᒧᇷಛڜ

٤ཚעխऱΔփ୲૪ԫ୮ᇿ

աࢬጥऱኔᑓઌᅝऱ

៣Δᔡ APT ՈᛵהᚰૹΙސ

ᇞ APT ऱሎڤႚอ٤ڜ

ᗧᖲऄፖհݼᘝऱڂΖ

ፖᆖ᠆ऱᇷಛ٤ڜቸၷᘬᇬ

መ৵ΔהवՂڶԫጟለᄅᣊ

ऱጻሁ٤ڜᗧᖲЁᄅԫז

ౡᥨΙהՈवሐڶԫ୮ࠎᚨ

הڶࢬ NGTP ીԺޓᚨࠎ

ড়ೠၸౡņਢܗ FireEyeΰwwwfireeyecomαΖ

ᅝඡΔቸၷխԫԳፖ FireEyeᜤᢀڜඈᄎழΔհ৵ৰݶ

ေ۷ΖFireEyeWebMPS ໂ

אᇢኔױԫऱழ

൳ጻሁၦΔཀܛழऱإயΖ

լشழऱழΔขسኔ

ऱנೠآ٤ݙᗧᖲ٤ڜڶ

რڤᒘᤞΖ

ᑇၜ৵ FireEye MPS ໂբ٤Ե

ᒵՂᥨᑓڤΖᇠໂऱݶຒሁஉ

᠙פ౨ױॴբवऱኙփސᚰ

რຌڃᐸΔٵழפ౨ൎՕऱဠᚵച

ᚯױᄷᒔೠآवऱጻሁސᚰΖ

ኔऱฃ९वה२ཚփլᄎ

ՂΔաע٤ཚڜფऱᇷಛڇ

ኔᔡސᚰऱᖄ৵Δאױ

პᠾԫՑΖ

6 ണ

ᒵᐅғጂޟ NGTPПਰġ

ҏണ१ᘈ

ᕣຟե NGTP Пਰਢᔖᗗջޡޟᘈ

ᐌ౩ௌޟ NGTP ᗊࠌ

Δڇ Ղڶڍጻሁࠎ٤ڜᚨઃᑑข೭౨

ೠࠀ᠙ၸጻሁސᚰΔץਔሿழސᚰΕݮౡ

APTΙࢨຍࠎࠄᚨຟ౨ೠࠀ᠙բवऱސᚰΔ

वऱآᚰਢ᠙ސࠄᚰЁᅝຍސवऱآᑇ౨᠙ڶ

ΰլԫՕฒࢬवαᄐߓอࢨᚨشڤዥΖ

Δආڼڂ NGTP ૹऱޓ౨ņפᏁऱࢬอழ೭ᛵᇞաߓ

ਢᝫᛵᇞᚨᝩୌࠄळរΖᏖΔ٣ൕ৵ᓫದΖ

ᔖᗗջޡޟᘈġေ۷נՀ٨א NGTP ᇞூழࢬᚨᝩऱउΚ

լᙇᖗႛໂೠ౨ԺऱᇞூΖᚌฆऱ NGTP ข೭

லሁೡش៣ᄎ٣ආڍΖڤᑓፖலሁೡ൷ऱሎڤགփױ

൷Δክ৵ᄎփڤ NGTP Δא᠙բवऱౡΕ

რຌڃᐸᄅრຌૹᓤސᚰΙڼ؆Δေ۷ආشᎭᒵ

տऱ MPS ໂழΔᓮᒔڼᣊໂགփڤຝᆟऱ؈ய

ΰfail-openαຑᒵ౨ԺΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

5 ണȈΙфࡄ٩53 | ـ

Ӈᆓ౩ġٱ

طຏࠄΖຍݾլਢᄅऱઝࠀጥαܫعࢨጥΰࠃ

փຝ IT ᘬᇬ೭شಳጥ IT ঞᇞࠃΖࠃ

ᘬᇬ೭ຏᇩΔૹঞޑᣂ APT ᚰΖސ

៣ຏݦඨല NGTP ᤞႚಬڶऱࠃጥΖല

ᆖመڤऱ SMTP ᤞൕ NGTP խ؇ጥߓอࠃ

ጥߓอΔࢨኙ XML ڤᤞऄאฤٽࠃڶᤞ

ᒤױܛءΖ

ਔΚBMC RemedyΕNumara Softwareץᚨࠎᣊڼ RSA ArcherΖ

54 | ತࠒϞΙфࡄ٩

ড়ᄂᡛࡉၐᡛΙфࡄ٩ᐠڙ

壂ΖωኙԳᎅΚψवਢԫጟڶ

٤ڜআ౨ᄭΕᛩቼഏ୮ڇڱ

Ꮖઝᖂऱભഏഏ୮ኔ

ฃ९ߢΔኙլਢڼڕΖຍ

ኔޢຟՕၦऱഏ

୮మയඕტᇷறΔՈګڼڂ೯

ᖲൎΕࡌऱጻሁᆞحᙰᇆ

ᑑΖؾ

Աᒔঅᇷறլᔡ᧗؆ਜ਼Δኔ

ຝᆟۯ٤ऱᄐᇷಛ٤ڜᇘ

ᆜΔץਔ־ᛥΕIPS ΰAVαᇞூΖΔڶԫኔᆖ

᠆ऱฃ९ᦰԱԫᒧᇷಛڜ

٤ཚעխऱΔփ୲૪ԫ୮ᇿ

աࢬጥऱኔᑓઌᅝऱ

៣Δᔡ APT ՈᛵהᚰૹΙސ

ᇞ APT ऱሎڤႚอ٤ڜ

ᗧᖲऄፖհݼᘝऱڂΖ

ፖᆖ᠆ऱᇷಛ٤ڜቸၷᘬᇬ

መ৵ΔהवՂڶԫጟለᄅᣊ

ऱጻሁ٤ڜᗧᖲЁᄅԫז

ౡᥨΙהՈवሐڶԫ୮ࠎᚨ

הڶࢬ NGTP ીԺޓᚨࠎ

ড়ೠၸౡņਢܗ FireEyeΰwwwfireeyecomαΖ

ᅝඡΔቸၷխԫԳፖ FireEyeᜤᢀڜඈᄎழΔհ৵ৰݶ

ေ۷ΖFireEyeWebMPS ໂ

אᇢኔױԫऱழ

൳ጻሁၦΔཀܛழऱإயΖ

լشழऱழΔขسኔ

ऱנೠآ٤ݙᗧᖲ٤ڜڶ

რڤᒘᤞΖ

ᑇၜ৵ FireEye MPS ໂբ٤Ե

ᒵՂᥨᑓڤΖᇠໂऱݶຒሁஉ

᠙פ౨ױॴբवऱኙփސᚰ

რຌڃᐸΔٵழפ౨ൎՕऱဠᚵച

ᚯױᄷᒔೠآवऱጻሁސᚰΖ

ኔऱฃ९वה२ཚփլᄎ

ՂΔաע٤ཚڜფऱᇷಛڇ

ኔᔡސᚰऱᖄ৵Δאױ

პᠾԫՑΖ

6 ണ

ᒵᐅғጂޟ NGTPПਰġ

ҏണ१ᘈ

ᕣຟե NGTP Пਰਢᔖᗗջޡޟᘈ

ᐌ౩ௌޟ NGTP ᗊࠌ

Δڇ Ղڶڍጻሁࠎ٤ڜᚨઃᑑข೭౨

ೠࠀ᠙ၸጻሁސᚰΔץਔሿழސᚰΕݮౡ

APTΙࢨຍࠎࠄᚨຟ౨ೠࠀ᠙բवऱސᚰΔ

वऱآᚰਢ᠙ސࠄᚰЁᅝຍސवऱآᑇ౨᠙ڶ

ΰլԫՕฒࢬवαᄐߓอࢨᚨشڤዥΖ

Δආڼڂ NGTP ૹऱޓ౨ņפᏁऱࢬอழ೭ᛵᇞաߓ

ਢᝫᛵᇞᚨᝩୌࠄळរΖᏖΔ٣ൕ৵ᓫದΖ

ᔖᗗջޡޟᘈġေ۷נՀ٨א NGTP ᇞூழࢬᚨᝩऱउΚ

լᙇᖗႛໂೠ౨ԺऱᇞூΖᚌฆऱ NGTP ข೭

லሁೡش៣ᄎ٣ආڍΖڤᑓፖலሁೡ൷ऱሎڤགփױ

൷Δክ৵ᄎփڤ NGTP Δא᠙բवऱౡΕ

რຌڃᐸᄅრຌૹᓤސᚰΙڼ؆Δေ۷ආشᎭᒵ

տऱ MPS ໂழΔᓮᒔڼᣊໂགփڤຝᆟऱ؈ய

ΰfail-openαຑᒵ౨ԺΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

54 | ತࠒϞΙфࡄ٩

ড়ᄂᡛࡉၐᡛΙфࡄ٩ᐠڙ

壂ΖωኙԳᎅΚψवਢԫጟڶ

٤ڜআ౨ᄭΕᛩቼഏ୮ڇڱ

Ꮖઝᖂऱભഏഏ୮ኔ

ฃ९ߢΔኙլਢڼڕΖຍ

ኔޢຟՕၦऱഏ

୮మയඕტᇷறΔՈګڼڂ೯

ᖲൎΕࡌऱጻሁᆞحᙰᇆ

ᑑΖؾ

Աᒔঅᇷறլᔡ᧗؆ਜ਼Δኔ

ຝᆟۯ٤ऱᄐᇷಛ٤ڜᇘ

ᆜΔץਔ־ᛥΕIPS ΰAVαᇞூΖΔڶԫኔᆖ

᠆ऱฃ९ᦰԱԫᒧᇷಛڜ

٤ཚעխऱΔփ୲૪ԫ୮ᇿ

աࢬጥऱኔᑓઌᅝऱ

៣Δᔡ APT ՈᛵהᚰૹΙސ

ᇞ APT ऱሎڤႚอ٤ڜ

ᗧᖲऄፖհݼᘝऱڂΖ

ፖᆖ᠆ऱᇷಛ٤ڜቸၷᘬᇬ

መ৵ΔהवՂڶԫጟለᄅᣊ

ऱጻሁ٤ڜᗧᖲЁᄅԫז

ౡᥨΙהՈवሐڶԫ୮ࠎᚨ

הڶࢬ NGTP ીԺޓᚨࠎ

ড়ೠၸౡņਢܗ FireEyeΰwwwfireeyecomαΖ

ᅝඡΔቸၷխԫԳፖ FireEyeᜤᢀڜඈᄎழΔհ৵ৰݶ

ေ۷ΖFireEyeWebMPS ໂ

אᇢኔױԫऱழ

൳ጻሁၦΔཀܛழऱإயΖ

լشழऱழΔขسኔ

ऱנೠآ٤ݙᗧᖲ٤ڜڶ

რڤᒘᤞΖ

ᑇၜ৵ FireEye MPS ໂբ٤Ե

ᒵՂᥨᑓڤΖᇠໂऱݶຒሁஉ

᠙פ౨ױॴբवऱኙփސᚰ

რຌڃᐸΔٵழפ౨ൎՕऱဠᚵച

ᚯױᄷᒔೠآवऱጻሁސᚰΖ

ኔऱฃ९वה२ཚփլᄎ

ՂΔաע٤ཚڜფऱᇷಛڇ

ኔᔡސᚰऱᖄ৵Δאױ

პᠾԫՑΖ

6 ണ

ᒵᐅғጂޟ NGTPПਰġ

ҏണ१ᘈ

ᕣຟե NGTP Пਰਢᔖᗗջޡޟᘈ

ᐌ౩ௌޟ NGTP ᗊࠌ

Δڇ Ղڶڍጻሁࠎ٤ڜᚨઃᑑข೭౨

ೠࠀ᠙ၸጻሁސᚰΔץਔሿழސᚰΕݮౡ

APTΙࢨຍࠎࠄᚨຟ౨ೠࠀ᠙բवऱސᚰΔ

वऱآᚰਢ᠙ސࠄᚰЁᅝຍސवऱآᑇ౨᠙ڶ

ΰլԫՕฒࢬवαᄐߓอࢨᚨشڤዥΖ

Δආڼڂ NGTP ૹऱޓ౨ņפᏁऱࢬอழ೭ᛵᇞաߓ

ਢᝫᛵᇞᚨᝩୌࠄळរΖᏖΔ٣ൕ৵ᓫದΖ

ᔖᗗջޡޟᘈġေ۷נՀ٨א NGTP ᇞூழࢬᚨᝩऱउΚ

լᙇᖗႛໂೠ౨ԺऱᇞூΖᚌฆऱ NGTP ข೭

லሁೡش៣ᄎ٣ආڍΖڤᑓፖலሁೡ൷ऱሎڤགփױ

൷Δክ৵ᄎփڤ NGTP Δא᠙բवऱౡΕ

რຌڃᐸᄅრຌૹᓤސᚰΙڼ؆Δေ۷ආشᎭᒵ

տऱ MPS ໂழΔᓮᒔڼᣊໂགփڤຝᆟऱ؈ய

ΰfail-openαຑᒵ౨ԺΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

6 ണ

ᒵᐅғጂޟ NGTPПਰġ

ҏണ१ᘈ

ᕣຟե NGTP Пਰਢᔖᗗջޡޟᘈ

ᐌ౩ௌޟ NGTP ᗊࠌ

Δڇ Ղڶڍጻሁࠎ٤ڜᚨઃᑑข೭౨

ೠࠀ᠙ၸጻሁސᚰΔץਔሿழސᚰΕݮౡ

APTΙࢨຍࠎࠄᚨຟ౨ೠࠀ᠙բवऱސᚰΔ

वऱآᚰਢ᠙ސࠄᚰЁᅝຍސवऱآᑇ౨᠙ڶ

ΰլԫՕฒࢬवαᄐߓอࢨᚨشڤዥΖ

Δආڼڂ NGTP ૹऱޓ౨ņפᏁऱࢬอழ೭ᛵᇞաߓ

ਢᝫᛵᇞᚨᝩୌࠄळរΖᏖΔ٣ൕ৵ᓫದΖ

ᔖᗗջޡޟᘈġေ۷נՀ٨א NGTP ᇞூழࢬᚨᝩऱउΚ

լᙇᖗႛໂೠ౨ԺऱᇞூΖᚌฆऱ NGTP ข೭

லሁೡش៣ᄎ٣ආڍΖڤᑓፖலሁೡ൷ऱሎڤགփױ

൷Δክ৵ᄎփڤ NGTP Δא᠙բवऱౡΕ

რຌڃᐸᄅრຌૹᓤސᚰΙڼ؆Δေ۷ආشᎭᒵ

տऱ MPS ໂழΔᓮᒔڼᣊໂགփڤຝᆟऱ؈ய

ΰfail-openαຑᒵ౨ԺΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

56 | ತࠒϞΙфࡄ٩

լᙇᖗආޥشฏઝݾऱข೭Ζࢬᘯױᖞٽ៱ठޥฏઝݾऱ

NGTP ᇞூΔৰ୲ૠ壄യऱౡ೯ధᇞΖౡ

೯ᄎૠრຌೠߓอਢܡຝᆟႚอऱޥฏઝݾΔڕ

ޥڇฏᛩቼխᄎೖრΔאᝩೠΖ

ᝩᙇᖗጤڤऱრຌΖޢԫ NGTP ᇞூઃᚨ౨

ཀጤפ౨୶ࢤΔऱ NGTP ᇞூᝫ౨ຘ

መጤࠆᇷΔլਢრຌЁڕጤਜႛ౨

რຌΔᇿ༼ࠎ NGTP ٤ᇞڜ౨ጻሁפڍ౨ऱפ

ூչᏖΖڇ MPS ໂխᖞٽဠᚵചᚯ৵Δױऴ൷ڇ

ګݙრຌΔՕ༼რຌᢝऱො୶

ᒔঅᖲയᚾூլ؆ਜ਼ΖױΔᝫࢤ

ᝩᙇᖗפڍ౨ٽԫऱ MPS ໂΖԱཀᅝվᄅীኪጻሁސ

ᚰऱࠋೠயΔᚨආሽၡΕጻᚾூش٥অᥨ

റشऱᗑم MPS ໂЁᓮᖞٺٽᗑم MPS ໂאࠆᇷΖ

ڇ൞բवሐආழᚨᝩऱळរΔ൷ထಾኙ۶ૹᇷಛ

ᖞૹऱࡨ٤ऱ៣Δڜ NGTP ࢤආ堚ΖᓮᔹՀᆏ

փ୲Ζ

१ौᗊࠌġլᓵ៣ᑓࢨขᄐ۶ΔٺᄐࡉਙᖲᣂઃᚨಖאՀ

NGTP ආᄷঞΖ

ඪᒺௌġ

ছ૪ૉեආᄷঞءڇխբಘᓵመΔױലઌᚨ૪ᅝګ១

ऱૹរᖞΙڕᏁޓᇡาऱᎅᓮᔹร 3Ε4 ຒᄵԫΖݶ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 57

ᆩॲȃႫυӇЅᔬਰᔮกޟᐌӫԒNGTPҁѮġ

ឈຍଡᠲڇխנլԫڻΔڼڇᝫਢڻ٦ൎᓳૹ

ࢤΖڕሗ APT ܛԵរΚߠრຌऱڇᚰΔႊސ

ጻΕሽၡᚾூᆜᖞڤٽᥨᖲΖᥨࠋऱ

NGTP ᄎᖞٽറشऱ MPS ໂΰჸሉᗑऱඔݾڤዝ

ጩऄαΔೠփሽၡಛஒΕጻၦᙩኪᚾூխऱ

რຌΔٵழ৬مೠհऱᣂຑࢤΔॴᖞଡᄐऱ

APT ᚰΖސ

ឈ၇ࠎᚨጠױೠԿጟտऱ MPS ໂΔཚ

լଖকထ៣ᔡڇኔߢ९ཚΔءګࠄᆏઊԫױߢ APT ౨ऱໂΖפᇷႛຝೠދᚰऱଅᙠΔސ

ᅿΣοᇄюοၥਟࢺ໔ġ

ԫऱ NGTP ጻሽၡಛஒऱԵՑΰኙࠐอᄎ൳ߓ

փαၦΔאᢝױ౨ၸრຌऱױጊԲᚾூΖՕڍ

ᑇ NGTP Գრ؆ऱਢחՑΰኙ؆αၦΔנլᄎ൳ࠀอߓ

ਬࠄ NGTP ႛ൳נՑᇷறၦΖຘመٵழ൳ԵՑፖנՑᇷற

ၦΔMPS ໂٵױழೠኙփऱრຌઌᚨऱኙ؆ڃ

ᐸຑᒵΖ

ϸġ

ऱڞڶ NGTP ᇞூթໂٵழ൳ԵՑፖנՑၦऱૹ

פ౨Ιڼԫૹפ౨༼ࠎԱᠰ؆ऱᗧᐋЁਢױ౨៶ط

ტऱ೯ᇘᆜൕᙄֆছԵऱౡΖ

ᔮกσጒ൜ᔬਰġ

ኙਬࠄऱNGTPᇞூ౨ףآയexeࡉdllᚾூխ

ऱრຌΔ൞ࢨᄎტլױ৸ᤜΙࠃኔՂΔრຌױփ

ऱشࠌࢬ೯խਔᄕ٠ץᑌऱढᣊীխΖխ១ٺڤٺ

XOR ᒳᒘԲᚾூΔࢨ RSA Security ᤛሿழشࠌᚰխސ

Flash ዥऱ Microsoft Excel ᚾΰᓮߠร 3 ψRSA Securityᔡࢭࡖ APT ᚰωೡᖄαΖސ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

58 | ತࠒϞΙфࡄ٩

ϸġ

ڤٽዥડנᐖऑጻሁ٤ڜොհΖڇ RSA Security ᇷற؆ਜ਼ࠃխΔExcel ᇢጩސآࠀᚰ Microsoft ExcelΔਢಾኙԫଡᚨشڤ೯٤ዥސᚰΖ

ய౨ऱ NGTP ᇞூᄎش壄യऱඔݾڤრຌೠ

ዝጩऄΔנބጻฒڍᚾூᣊীխऱၸრຌΙຍࠄᚾ

ூᣊীץਔΚcomΕdocΕdocxΕgifΕjpgΕmovΕmp3Εmp4ΕpdfΕpngΕpptΕpptxΕswfΕtiffΕxlsΕxlsxΕzip Ζ

Йଢ଼ඌཎᡝϷݙПਰġ

MPS ໂխჸሉऱဠᚵചᚯᄎΰጤചαױ

ጊᚾூਢץܡၸრຌΖڼڕԫࠐ٤ڜஃ༼ࠎᣂ

उऱዥۯᒷᓢᄨم৬شਔץᚰऱᇡาᦸᢝᇷறΔސዥ

Εᇢቹ Windows ᦞऱᖙΔشאዶዥᇷறऱڃᐸ

ஆᑑΖ

٤אழᄎክ೯რຌΔڶᚨԳࠃᆖऱڶ

რຌച৵ᥛԲՀሉࡉዥԵॿޡᚰЁൕސᛵᇞۯ

೯ΖԱየߩႃݙޓᖞᦸᢝᇷறऱᏁޣΔڞऱ NGTP ᚨࠎ

Ոᄎ༼ࠎᗑڤمრຌߓอΰMASαΔຏᇿऱᖲ

ਮڜڤᇘໂჸഇΖ

MAS ᚨᖞٽໂՠፖ೯ऱဠᚵᖲᕴΙဠᚵᖲᕴঞᚨჸሉ

ጟٺ Microsoft Windows ठٺءጟຌᚨشڤΔڕ Microsoft Office Adobe ReaderΖڼڕലױᨃஃԵಳױጊΰࢨբ

वტαऱԲΔאԫޡᛵᇞጻሁސᚰऱრቹፖؾᑑΔ

լᏁᠰ؆৬ࠀمፂᥨٺጟૡᇢᛩቼΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

6 ണȈᒵᐅғጂޟ NGTP Пਰ | 59

ฒᇲܖᇲ֏ġ

ய౨լࠋऱ NGTP ೠࢬขسऱᎄᎄܡᄎՕ၄៣ګ

౨ᄎ᠙ᄐ೭ᣂᚾױᚾூᣊრᚾூαإΖᎄΰലء

ூࠌऄႚؾऱچΔլႛ၄ழᝫױ౨ທګᛜگჾ؈Ιᎄ

ტრຌࠌᣤૹΔޓᚾூαऱ৵إΰലრᚾூᣊܡ

ऱᚾூڇլᏁԫޡऱउՀאຏؾऱچΖݺ

უΔኙຍጟउࢬسऱ৵ΔݺլᏁڍᇞᤩΖ

ऱڞՂܛᎅڕ NGTP ᎄࢨᎄسอኙլᄎขߓ

ΖຍᑌऱᖲᄕመኔΔߢរڶࢨܡ

ϸġ

Ղऱټေ۷ڕ NGTP ᇞூೠ౨ԺΔױചေ۷א

ױଡᇞூխᖗԫΔڇ൞ڕΖشٽܡᇠᇞூਢە

αᇢΔ৵ڤऱலሁೡᦫᑓڤขၦΰ೯سᑌऱٵشࠌழٵ

ለګயΖ

ՌॏࠌЛධġ

รڕ 5 խࢬ૪ΔNGTP ጥڶழᄎݦඨႪԵشࠌ YARA ঞ

ߢ৬مऱૡۯցᐋঞΔאඔ೯ಾኙᇠ៣೯ऱౡ

հઌฤढΰሐٵጻሁ IPS ৬مૡᐛᒘΖα

ေ۷౨ԺլઌՂՀऱ NGTP ข೭ழΔەױᐞᇞூऱۼױ

୶ࢤΔאਢܡགૡრຌೠঞΖ

ϭ७ġޱҢٺឈԒޢ

ᇷಛ٤ڜᚨشڤᓵפ౨٦ൎՕڍࢨցΔشࠌڕլΕլ

IT ៣ආشЁՕᑓආشņঞԫ֊ຟਢᓫΙNGTPᇞூՈਢڼڕΖ

ڕ٤ᇞூņڜਙঞऱᇷಛړم৬ࢨᏁᓳᖞڶႚอ־ᛥࢨ IPS ໂΔNGTP ೯֏ऱᇞூΖޓอਢߓ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

60 | ತࠒϞΙфࡄ٩

ΔᏚ೭១ᖙشࠌΔܫᤞऱ৬م

ՈႊᨃᖙԳ౨ՂΖ

ӰᔖࡊИЛධġ

ᙇᖗ NGTP ᙇᖗࠅլࢤᚨऱૹࠎ NGTP ขΖᄐࡉਙ

ᙇᖗ۶ڇᖲᣂ IT གຏਢᚌݾอழΔᔆऱߓ

ၦΖە٣

ඪᒺௌġ

ေ۷ڇױᚨऱড়ག೭ᔆΖ൞ࠎආছᓮ೭ေ۷

ၸཚፖࠎᚨऱݾགຝ൷ڻΔլᇿਐ

൞ऱ SE ൷Ιڇࠌܛေ۷ཚנڶ۶ംᠲΔՈጐױ౨፹

ທנ༽ࢨԫࠄംᠲΖڕࠏΚᇬംขפ౨ࢤഗءംᠲ ņ ຍଡழ

ଢױေ۷ݾགזऱᆖፖຂΔࠀಖՀ൞ڍՆթڶ

Գ൞೭Ζڕመ 30 ᤪթݾڶགזᇿ൞ኙᓫΔ

Հԫଡאױ൞قᆜംᠲΔ១ऱڃኙऄ

ᚨऱข೭ေ۷ԱΖࠎ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

ຠཊߒġ

CnCΰחࡎፖ൳αۻᕴΚطጻሁᆞحᖙऱۻᕴΔش༼

ໄᚎΖחਐࠎ

RATΰጤጥՠαΚ༼ࠎᙹড়Եტߓอאᗭ൶ࢨ༳൳

ᖲऱ৵ຌΖ

SQL ᇷறឆᒘސᚰΚԫጟಾኙᇷறᖄٻጻᚨشڤऱސᚰݮ

ᆖᦞऱآᚰᄎചސΔխڤ SQL ٤ዥऱڜڶధސΔחࡎ

ڤᒘΖ

αΔڤᐛᒘΰԲᚾூᑓޓᓤ፹ழᄎڻޢౡΚݮ

ೠऱრຌΖڤشᚨࢨ٤ᇘᆜڜᝩא

ጟᣊڍၸ೯ΔૠٺᚰऱސၸጻሁڇറٽΚڤڍ

ীრຌऱጻሁސᚰΖ

ᖲऱጻሁᑑؾຝڍԫ៣փٵ᠙ݾᚰސጟڍشࠌΚۯڍ

ᚰΖސ

რຌΚԱխឰሽᆰሎΕႃඕტᇷಛࢨߏԳሽᆰߓ

อژᦞࢬૠऱრຌΰڕΚሽᆰఐΕᤘࢨαΖ

ᘪຌΕᤘΖʳߠᓮ

რຌᥨߓอΰMPSαΚຂೠױጊጻሁढΔࠀ

ΰߓڼطอಜጥऱαဠᚵചᚯᐛᒘऱᖲਮڜڤ

ᇘໂΖʳ

რຌߓอΰMASαΚჸሉױᨃشࠌ೯ᛀױ౨

რຌढऱဠᚵചᚯհໂΖʳ

ʳ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

62 | ತࠒϞΙфࡄ٩

ഏ୮ᇷܗऱౡΚഗਙएطڂഏ୮ႄشΔאኙᑅഏ

೯ጻሁސᚰऱጻሁᆞحΖʳ

ᙹড়೯ᆠΚشܓሽᆰࡉሽᆰጻሁݼᤜЯࢨ༼ଠਙएؾऱΖʳ

ᒷᓢᄨސۯᚰΚڇᒷᓢᆜנቃࢭױऱᇷறၦΔࠌ

ጻሁࢨڤشዥᚨشࠌᒘΰຏڤചૡڼ៶ᚰ౨ސ

೭ऱၸᦞαސګݙᚰΖʳ

ڤٽౡΚᖞٽಾኙٺጟլٵዥࢬ೯ऱጻሁސᚰΖʳ

ᘪຌΚԫጟشࠌڇवࢨլवऱउՀΔႃፖشࠌ

ઌᣂᇷಛऱრຌΖʳ

ᒌೡᙕڤΚشࠌڇլवऱउՀಖᙕሽᆰᒌ೯ऱᚨ

Ζʳڤش

ၸᥛࢤዶຘౡΰAPTαΚሎشၸᇷற᧗ݾ९ழᑨ

լऱ壄യጻሁސᚰΖʳ

ၸؾᑑސڤᚰΰATAαΚၸᥛࢤዶຘౡऱԫጟټጠΖʳ

ᣓΚಾኙጥᐋהᄐထؾᑑࢬ೯ऱጻሁސᚰΖʳ

ໄᚎΚࡉחࡎط൳ΰCnCαۻᕴխ؇൳ऱტሽᆰΰࢨ

ጤរαΖʳ

ሿழౡΚಾኙآवΰآࢨᆖᜰαऱᄐߓอࢨᚨشڤዥ

ࢬ೯ऱጻሁސᚰΖʳ

லሁೡ൷ᑓڤΚԫጟጻሁໂऱሎᑓڤΔ౨ൕጻሁ TAP ࢨ

ངᕴ SPAN ຑ൷കᓤ፹መࠐऱၦΖʳ

ᤘΚԫጟشܓጻሁዥཋᐾהሽᆰऱრຌڤݮΖʳ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

ຠཊ63 | ߒ

ԵՑၦΚൕጻሁ؆ຝጻሁփຝᖲऱሽᆰጻሁၦΖʳ

ԵॿᗧߓอΰIPSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސᚰ

ழאף᠙ऱԵڤΰ೯ڤαᐛᒘ٤ڜᇘᆜΖʳ

ԵॿೠߓอΰIDSαΚ൳ጻሁၦΔڇࠀೠբवጻሁސ

ᚰழᤛᤞऱலሁೡ൷ڤᐛᒘ٤ڜᇘᆜΖʳ

ጊԲᚾூऱຌױ٤ᛩቼՀڜဠᚵᖲᕴऱڇشฏΚޥ

ᚨشڤΔ壄ऱጻሁސᚰຏױᝩڼݾऱೠΖʳ

৫ᗧฃΚڜᇘԫ٨ߓጻሁ٤ڜᗧߓอΔطאਬ٤ڜᐋ

ױ౨٤ڜהᐋᙊዥऱౡΖʳ

೭խឰऱउࢨໂឰሽڇΚጻሁໂऱᎭᒵտ౨ய؈

ՀΔፂຑᒵאጻሁխឰऱ౨ԺΖʳ

ΚೕᇘإګᚾூࢨኔشᚨشڤऱრຌΔ

ᑑሽᆰΖʳؾژڤᆖᦞऱآאᙹড়ࠌڇऱؾ

ጻሁΚೕᇘٽګऄኔႚಬሽၡشࠌΔ៶ڼᣑࠌ

٤ᒘЁऱΖʳڜᇆᒘषᄎشॾڕԳᇷಛЁߏش

ጻሁஎࢠᆠΚڇஎࢠ೯խشࠌጻᎾጻሁސᚰΔץਔრՕ

ᑓխឰሽᆰጻሁऱΖʳ

ጻሁᖏञΚנਙए೯ᖲᙹԵԫഏጻሁߓהࢨอΔചధᡏ

Яࢨᘪ೯Ζʳ

ጻሁᆞحΚॺऄ᧗הԳሽᆰᇷறאቹܓଡԳऱᙹড়Ζʳ

ᎄΚᎄലإᚾூᣊڶრຌऱᚾூΖʳ

ᎄܡΚᎄലڶრຌऱᚾூᣊإᚾூΖʳ

ᒵՂᑓڤΚലጻሁໂऴ൷ᆜጻሁၦᒵሁΔࠌ᠙ጻሁ

ᚰΖʳސ

ʳ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

64 | ತࠒϞΙфࡄ٩

ᄅԫזౡΚլطᐛᒘ٤ڜᗧᖲࢬೠऱᅝվᄅীኪጻ

ሁސᚰΖڕࠏΚݮრຌΕሿழౡ APTΖʳ

ᄅԫזౡᥨΰNGTPαΚڜᇘڇೠࠀ᠙ᅝվᄅীኪጻሁ

ໂՂऱຌΖʳڤᖲਮشᚰऱറސ

ဠᚵചᚯΚMPS ໂऱխԫႈցΔڇشဠᚵᖲᕴऱڜ

٤ᛩቼՀኙױጊढᐛᒘΖʳ

ᎈ塆ΚԫጟषՠސᚰΔސᚰᄎലڶრຌऱኔ

ΰڕ USB ᙟߪαਚრᙊᆵؾڇᑑ៣ॵ२Ζʳ

ՐڤጻሁΚԫጟਐٻ៣ࢨᇠ៣փԳՓऱጻሁ

ڤΖʳ

ՠױ᥋ڤໂΰBYODαΚԫႈւՠ᥋ଡԳᇘᆜՠ

ژࢬ៣ᇷறऱ៣ਙΖʳ

ጤౡᇷጻሁΚԫጟط NGTP ֏ᚨጥऱጻᎾጻሁࠎ

೭Δאش ΰ൷گαጻሁސᚰᇷ ΰα ড় MPS ໂΖr

խឰ೭ΰDoSαސᚰΚൕԫᖲՕၦԵإຏಛޣΔᖄ

ીؾᑑᖲ೭խឰࢨೖشऱጻሁސᚰΖʳ

խ؇ጥߓอΰCMSαΚຂڇ NGTP ᛩቼխ൳ࠀጥ MPSໂऱᖲਮڜڤᇘໂΖʳ

ᇷற؆ਜ਼ᥨΰDLPαΚאᑓڤΰڕषᄎ٤ڜᒘαഗழೠ

ᑨڇᇷறᙊ؈ऱߓอΖʳ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

ᔞᄘᆩၯ

բዶຘ 95ऱጻሁΖ

ௌឈுՌϏџ٥۷ၼޟ 5ȉ

൞ױ౨ᎁ൞ڶऱ٤ڜᗧߓอբ౨ᅝվᄅীኪጻ

ሁސᚰԵॿ൞ऱጻሁࠀ᧗ᇷறΔኔࠀլΖᅝվऱጻሁ

ຌᛥΕIPSΕ־זᝩႚอᄅԫᚰբ౨ސ

ΰAVαሴሐऱೠΖ

FireEyeਢ൞ࠋऱᗧᕴΖאᄅԫזጻሁౡᥨΔሗ

ᅝվᄅীኪጻሁސᚰΖᦟ०ທwwwFireEyecom ࠀᨃ

٤ዥΖڜ൞ᇞጻሁऱܗଚݺ

copy 2013 FireEye Inc ठᦞڶࢬΔߒٱΖ

ኳϚϬᄘᆩၯᔞȉҢΙфࡄ٩

ȞNGTPȟȂᏽഽᆩၯኳΡȄ

៣ڣޢक़ 200 Ꮩભցൎ֏ڜࢨᇘႚอऱ٤ڜᗧߓอΔڕվᝫኙ

ዶຘౡΰAPTαᙰᇆᄅࢤრຌၸᥛݮᚰΕސሿழዥڕ

ীኪጻሁސᚰΖڕუᚰඓᅝվᇷ८ךᇛΕ೯ᖲൎऱᑅԳආᄅ৸

ፂΙڕ൞ຂᒔঅ၆ֆऱጻሁࢤ٤ڜΔޓՏᆄլ౨ᙑመءΖ

bull ౡڤऱᄅזᚰፖᄅԫސౡЁለႚอጻሁזᆠᄅԫ

bull ᛵᇞᑅԳЁ൶ಘԿՕጻሁᑅԳᣊীధᇞႚอ٤ڜᗧᖲऱऄ

bull ၸጻሁސᚰଳЁᛵᇞၸސᚰࡎسၜཚऱնଡၸΔᛵᇞೠנ

APT ऱᤞಛ

bull ᖄԵ NGTPmdashᐉ NGTPᇞூऱցࠀለ NGTPፖႚอ٤ڜ

ᗧᖲ

bull ൶ NGTPЁᛵᇞ۶ڕሽၡಛஒΕጻຏಛᙩኪᚾூխऱᄅ

ԫזౡ

bull ᙇᖗٽᔞऱ NGTP ᇞூЁᛵᇞေ۷ NGTP ᇞூழრऱૹរ

ႈࠃऱᚨᝩא

հޱᙏϭ

StevePiperਢᖑڶ 20 ߪ٤റ୮Ζڜᆖऱᇷಛݾઝڣڍ

ଫط୮ംጟߪΔڇᇷಛ٤ڜΕጻሁഗዌ

௧ၦᇷறΰBigDataαڶڍΖSteveᖑڶएමཤ

ՕᖂऱᖂՓᄐጥጚՓᖂۯΔࠀڶISC2ऱCISSPᇷ

Δᦟ०ທΚwwwstevepipercomΖڍޓᛵᇞڕᢞᅃΖڜ

ᆃഇ