{"id":27219,"date":"2017-11-06T08:54:54","date_gmt":"2017-11-06T06:54:54","guid":{"rendered":"https:\/\/amica.ua\/?p=23986"},"modified":"2017-11-06T08:54:54","modified_gmt":"2017-11-06T06:54:54","slug":"backswing-dostaet-svoj-kozyr-virus-badrabbit","status":"publish","type":"post","link":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/","title":{"rendered":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit"},"content":{"rendered":"<p><strong>\u041a\u0440\u0430\u0442\u043a\u0438\u0439 \u043e\u0431\u0437\u043e\u0440<\/strong><\/p>\n<p>24 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2017 \u0433\u043e\u0434\u0430 \u0441\u043e\u0433\u043b\u0430\u0441\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 web-\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0432\u0438\u0440\u0443\u0441 Badrabbit \u043d\u0430 \u043d\u0435\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 FireEye \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0431\u0430\u0437\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f. \u0412\u043e \u0432\u0440\u0435\u043c\u044f \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f FireEye \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043f\u0440\u044f\u043c\u043e\u0435 \u0441\u043e\u0432\u043f\u0430\u0434\u0435\u043d\u0438\u0435 \u043c\u0435\u0436\u0434\u0443 \u0441\u0430\u0439\u0442\u0430\u043c\u0438 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Badrabbit \u0438 \u0441\u0430\u0439\u0442\u0430\u043c\u0438, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d \u043f\u0440\u043e\u0444\u0430\u0439\u043b\u0435\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u044b \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c \u043a\u0430\u043a \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 Backswing. \u041c\u044b \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 51 \u0441\u0430\u0439\u0442, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0435\u0442\u0441\u044f Backswing, \u0438 \u0447\u0435\u0442\u044b\u0440\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 Badrabbit. \u0412 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 2017 \u0433\u043e\u0434\u0430 \u043c\u044b \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438 \u0434\u0432\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Backswing \u0438 \u0443\u0432\u0438\u0434\u0435\u043b\u0438 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u0435 \u0432 \u043c\u0430\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u044f\u0432\u043d\u043e \u0441\u0444\u043e\u043a\u0443\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u043d\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0445 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432. \u041c\u043e\u0434\u0435\u043b\u044c \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0441\u043f\u043e\u043d\u0441\u043e\u0440\u0430 \u0441 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 \u0440\u0435\u0433\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0430\u043c\u0438 \u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u043c\u043e\u0442\u0438\u0432\u0430\u0446\u0438\u044e, \u043f\u043e\u043c\u0438\u043c\u043e \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0439 \u0432\u044b\u0433\u043e\u0434\u044b. \u00a0\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u0438\u0435 \u0434\u043e\u043c\u0435\u043d\u044b \u0432\u0441\u0435 \u0435\u0449\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c Backswing, \u043c\u044b \u043e\u043f\u0430\u0441\u0430\u0435\u043c\u0441\u044f, \u0447\u0442\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0440\u0438\u0441\u043a \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043e\u043d\u0438 \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0431\u0443\u0434\u0443\u0449\u0438\u0445 \u0430\u0442\u0430\u043a.<\/p>\n<p><strong>\u041f\u0440\u0435\u0434\u043f\u043e\u0441\u044b\u043b\u043a\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430<\/strong><\/p>\n<p>\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 24 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0432 08:00, FireEye \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0437\u0430\u0440\u0430\u0437\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u043e\u043f\u0443\u0442\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 masquerading \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Flash (install_flash_player.exe), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b \u0447\u0435\u0440\u0432\u044f\u0447\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b, \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0435\u0439 \u0432\u044b\u043a\u0443\u043f. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u044b\u043b\u0438 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0439 \u0441\u0430\u0439\u0442 \u0441 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, http: \/\/www.mediaport [.] Ua \/ sites \/ default \/ files \/ page-main.js), \u0447\u0442\u043e \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0441\u043a\u043e\u043e\u0440\u0434\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0438 \u0448\u0438\u0440\u043e\u043a\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u0443\u044e \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.<\/p>\n<p>\u0421\u0435\u0442\u0435\u0432\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 FireEye \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0436\u0435\u0440\u0442\u0432, \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0432 \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u0438, \u042f\u043f\u043e\u043d\u0438\u0438 \u0438 \u0421\u0428\u0410 \u0434\u043e 24 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 15:00, \u043f\u043e\u043a\u0430 \u043d\u0435 \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u043b\u0438\u0441\u044c \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438 \u043d\u0435 \u0431\u044b\u043b\u0430 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e \u2013 \u043a\u0430\u043a \u043d\u0430 1dnscontrol[.]com, \u0442\u0430\u043a \u0438 \u043d\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043a\u043e\u0434.<\/p>\n<p><strong>\u0421\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 B<\/strong><strong>ackswing<\/strong><strong>, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c\u044e B<\/strong><strong>adrabbit<\/strong><\/p>\n<p>\u0421\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u043c\u0435\u0442\u044c \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043e\u0431\u044a\u0435\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f. \u0414\u043b\u044f \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u0432 \u0443\u0433\u0440\u043e\u0437 \u0447\u0430\u0441\u0442\u043e \u043f\u043e\u0434\u0431\u0438\u0440\u0430\u0435\u0442\u0441\u044f \u043f\u0430\u0440\u0430 \u0432\u0435\u0431-\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0439 \u0441 \u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0434\u043b\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0441 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u0430\u043c\u0438 \u043e\u0431\u043c\u0430\u043d\u0430. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f FireEye \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2016 \u0433\u043e\u0434\u0430 Backswing, \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u043f\u0440\u043e\u0444\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f JavaScript, \u0431\u044b\u043b\u0430 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0430, \u043f\u043e \u043c\u0435\u043d\u044c\u0448\u0435\u0439 \u043c\u0435\u0440\u0435, \u043d\u0430 54 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u0430\u0445. \u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u0441\u0430\u0439\u0442\u043e\u0432 \u043f\u043e\u0437\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430 URL-\u0430\u0434\u0440\u0435\u0441\u0430 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 Badrabbit.<\/p>\n<p>&nbsp;<\/p>\n<p>FireEye iSIGHT Intelligence \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0434\u0432\u0435 \u0440\u0430\u0437\u043d\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Backswing, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u043e\u0434\u043d\u0443 \u0438 \u0442\u0443 \u0436\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u043d\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u044e\u0442\u0441\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430\u043c\u0438 \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430. \u041c\u044b \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c Backswing \u043a\u0430\u043a \u043e\u0431\u0449\u0438\u0439 \u0440\u0435\u0437\u0435\u0440\u0432\u0443\u0430\u0440, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0434\u043b\u044f \u043e\u0442\u0431\u043e\u0440\u0430 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u0441\u0435\u0430\u043d\u0441\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 (User-Agent, HTTP Referrer, Cookies \u0438 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430). \u0417\u0430\u0442\u0435\u043c \u044d\u0442\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u00abC2\u00bb, \u0438\u043d\u043e\u0433\u0434\u0430 \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u044b\u0439 \u00ab\u0440\u0435\u0441\u0438\u0432\u0435\u0440\u043e\u043c\u00bb. \u0415\u0441\u043b\u0438 \u0440\u0435\u0441\u0438\u0432\u0435\u0440 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d \u043a \u0441\u0435\u0442\u0438, \u0441\u0435\u0440\u0432\u0435\u0440 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0439 JSON blob \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0449\u0435\u043c\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0442\u0435\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u043e\u0434\u043e\u043c Backswing (\u0440\u0438\u0441. 1).<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-23988 size-full\" src=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig1.png\" alt=\"\" width=\"665\" height=\"313\" \/>\u041e\u0442\u0447\u0435\u0442 Backswing \u0440\u0438\u0441. 1<\/p>\n<p>Backswing \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u0432 JSON blob \u0431\u0443\u0434\u0435\u0442 \u0434\u0432\u0430 \u043f\u043e\u043b\u044f: \u00abInjectionType\u00bb (\u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0446\u0435\u043b\u043e\u0435 \u0447\u0438\u0441\u043b\u043e) \u0438 \u00abInjectionString\u00bb (\u043e\u0436\u0438\u0434\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u044d\u0442\u043e \u0441\u0442\u0440\u043e\u043a\u0430, \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u044c \u0441\u0442\u0440\u043e\u043a\u0443 HTML). Backswing \u0432\u0435\u0440\u0441\u0438\u0438 1 (\u0440\u0438\u0441. 2) \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u00abInjectionType\u00bb \u0432 \u0434\u0432\u0443\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0430\u0445 \u043a\u043e\u0434\u0430:<\/p>\n<p>\u0415\u0441\u043b\u0438 InjectionType == 1 (\u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u043e\u0432\u044b\u0432\u0430\u0435\u0442 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u0432 URL)<\/p>\n<p>\u0415\u0441\u043b\u0438 InjectionType != (\u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442 HTML \u0432 DOM)<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-23989\" src=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig2.png\" alt=\"\" width=\"656\" height=\"871\" \/>\u00a0Backswing \u0412\u0435\u0440\u0441\u0438\u044f 1 (\u0440\u0438\u0441.2)<\/p>\n<p>\u0412\u043e 2-\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 (\u0440\u0438\u0441. 3) BACKSWING \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0443\u044e \u043b\u043e\u0433\u0438\u043a\u0443, \u043d\u043e \u043e\u0431\u043e\u0431\u0449\u0430\u0435\u0442 \u0441\u0442\u0440\u043e\u043a\u0443 InjectionString, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u0443\u0434\u0435\u0442 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0431\u0435\u0437 \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d\u0438\u0439, \u0447\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c \u043e\u0442\u0447\u0435\u0442 \u0432 DOM.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-23990\" src=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig3.png\" alt=\"\" width=\"731\" height=\"650\" \/>Backswing \u0412\u0435\u0440\u0441\u0438\u044f 2 (\u0440\u0438\u0441.3)<\/p>\n<p>\u0412\u0435\u0440\u0441\u0438\u044f 1:<\/p>\n<p>&#8212; FireEye \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0430 Backswing \u0432\u0435\u0440\u0441\u0438\u044e 1 \u0432 \u043a\u043e\u043d\u0446\u0435 2016 \u0433\u043e\u0434\u0430 \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445, \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0438\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0433\u043e\u0441\u0442\u0435\u043f\u0440\u0438\u0438\u043c\u0441\u0442\u0432\u0430 \u0427\u0435\u0448\u0441\u043a\u043e\u0439 \u0420\u0435\u0441\u043f\u0443\u0431\u043b\u0438\u043a\u0438, \u0432 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0443 \u0432 \u0427\u0435\u0440\u043d\u043e\u0433\u043e\u0440\u0438\u0438. \u0422\u0443\u0440\u0435\u0446\u043a\u043e-\u0442\u0443\u0440\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0430\u0439\u0442\u044b \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u044b \u044d\u0442\u0438\u043c \u043f\u0440\u043e\u0444\u0430\u0439\u043b\u0435\u0440\u043e\u043c.<\/p>\n<p>&#8212; \u041e\u0431\u044b\u0447\u043d\u043e Backswing v1 \u043e\u0431\u044b\u0447\u043d\u043e \u0432\u0432\u043e\u0434\u0438\u043b\u0441\u044f \u0432 \u0447\u0438\u0441\u0442\u044b\u0439 \u0442\u0435\u043a\u0441\u0442 \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b, \u043d\u043e \u0441\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c \u043f\u043e\u0434\u043b\u0435\u0446\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0437\u0430\u043f\u0443\u0442\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u0434 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 Dean-Edwards Packer \u0438 \u0432\u0432\u043e\u0434\u0438\u043b\u0438 \u0435\u0433\u043e \u0432 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043d\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b JavaScript \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445. \u041d\u0430 \u0440\u0438\u0441\u0443\u043d\u043a\u0435 4 \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u0435 \u0432\u0432\u043e\u0434\u0430.<\/p>\n<p>&#8212; \u0421\u043d\u0430\u0447\u0430\u043b\u0430 \u00a0\u043c\u0430\u044f 2017 \u0433\u043e\u0434\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f FireEye \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0430 \u0447\u0442\u043e, \u0440\u044f\u0434 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0445 \u0441\u0430\u0439\u0442\u043e\u0432, \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 Backswing v1, \u0438 \u0432 \u0438\u044e\u043d\u0435 2017 \u0433\u043e\u0434\u0430 \u0441\u0442\u0430\u043b\u0438 \u0437\u0430\u043c\u0435\u0447\u0430\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u043b\u0438 \u0440\u0435\u0441\u0438\u0432\u0435\u0440\u044b Backswing.<\/p>\n<p>&#8212; \u0412 \u043a\u043e\u043d\u0446\u0435 \u0438\u044e\u043d\u044f 2017 \u0433\u043e\u0434\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b Backswing \u0432\u0435\u0440\u043d\u0443\u043b\u0438 \u044d\u043b\u0435\u043c\u0435\u043d\u0442 HTML div \u0441 \u0434\u0432\u0443\u043c\u044f \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430\u043c\u0438. \u041f\u0440\u0438 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0435 Backswing v1 \u0432\u043d\u0435\u0434\u0440\u044f\u043b \u0432 DOM \u0434\u0432\u0430 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 div \u0441\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f\u043c\u0438 07a06a96-3345-43f2-afe1-2a70d951f50a \u0438 9b142ec2-1fdb-4790-b48c-ffdf22911104. \u041d\u0438\u043a\u0430\u043a\u043e\u0433\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u044f \u0432 \u044d\u0442\u0438\u0445 \u043e\u0442\u0447\u0435\u0442\u0430\u0445 \u043d\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-23991\" src=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4.png\" alt=\"\" width=\"973\" height=\"502\" srcset=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4.png 973w, https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4-430x222.png 430w, https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4-150x77.png 150w, https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4-700x361.png 700w, https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4-400x206.png 400w, https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4-768x396.png 768w, https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig4-860x444.png 860w\" sizes=\"(max-width: 973px) 100vw, 973px\" \/>\u0421\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u0435 \u0432\u0432\u043e\u0434\u0430 Backswing (\u0440\u0438\u0441.4)<\/p>\n<p>\u0412\u0435\u0440\u0441\u0438\u044f 2:<\/p>\n<p>&#8212; \u0421\u0430\u043c\u043e\u0435 \u0440\u0430\u043d\u043d\u0435\u0435, \u0447\u0442\u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f FireEye Backswing v2, \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u0430 5 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2017 \u0433\u043e\u0434\u0430 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u043d\u0435\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u043b\u0438 Backswing v1.<\/p>\n<p>&#8212; Backswing v2 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432\u0432\u043e\u0434\u0438\u043b\u0438 \u0432 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043d\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b JavaScript, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u044b \u043d\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445, \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0431\u044b\u043b\u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0441\u0430\u0439\u0442\u043e\u0432.<\/p>\n<p>&#8212; \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f FirEye \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043e\u0431\u0440\u0430\u0437\u0446\u043e\u0432 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0430 \u044d\u0442\u0430 \u0432\u0435\u0440\u0441\u0438\u044f \u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u0437\u0430\u043c\u0435\u0448\u0430\u043d\u044b \u0432 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043f\u044f\u0445 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0438\u0440\u0443\u0441\u043e\u043c Badrabbit (\u0441\u043c. \u0422\u0430\u0431\u043b\u0438\u0446\u0443 1).<\/p>\n<p>\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u043e\u0444\u0430\u0439\u043b\u0435\u0440\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432\u0430\u0445 \u043f\u0435\u0440\u0435\u0434 \u0442\u0435\u043c, \u043a\u0430\u043a \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0447\u0430\u0441\u0442\u0438 \u0432\u0438\u0440\u0443\u0441\u0430 (\u0432 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u00ab\u0444\u043b\u044d\u0448-\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u00bb \u0434\u0440\u043e\u043f\u043f\u0435\u0440 \u0432\u0438\u0440\u0443\u0441\u0430 Badrabbit).<\/p>\n<p>\u0412 \u0442\u0430\u0431\u043b\u0438\u0446\u0435 1 \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u044b \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0435\u0442\u0441\u044f Backswing, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 HTTP \u0441\u0441\u044b\u043b\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0434\u043b\u044f \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 \u0432\u0438\u0440\u0443\u0441\u0430 Badrabbit.<\/p>\n<table width=\"640\">\n<tbody>\n<tr>\n<td width=\"151\"><strong>\u0421\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439<\/strong><\/p>\n<p><strong>\u0441\u0430\u0439\u0442<\/strong><\/td>\n<td width=\"274\"><strong>B<\/strong><strong>ackswing<\/strong> <strong>\u0440\u0435\u0441\u0438\u0432\u0435\u0440<\/strong><\/td>\n<td width=\"101\"><strong>\u0412\u0435\u0440\u0441\u0438\u044f <\/strong><strong>Backswing<\/strong><\/td>\n<td width=\"115\"><strong>\u041f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u044f <\/strong><strong>Badrabbit<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>blog.fontanka[.]ru<\/strong><\/td>\n<td width=\"274\">\u041d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d<\/td>\n<td width=\"101\">\u041d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>www.aica.co[.]jp<\/strong><\/td>\n<td width=\"274\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"101\">v2<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>www.fontanka[.]ru<\/strong><\/td>\n<td width=\"274\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"101\">v2<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>www.mediaport[.]ua<\/strong><\/td>\n<td width=\"274\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"101\">v1<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>www.mediaport[.]ua<\/strong><\/td>\n<td width=\"274\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"101\">v2<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>www.smetkoplan[.]com<\/strong><\/td>\n<td width=\"274\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"101\">v1<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>www.smetkoplan[.]com<\/strong><\/td>\n<td width=\"274\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"101\">v1<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<tr>\n<td width=\"151\"><strong>www.smetkoplan[.]com<\/strong><\/td>\n<td width=\"274\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"101\">v2<\/td>\n<td width=\"115\">1dnscontrol[.]com<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u0422\u0430\u0431\u043b. 1\u00a0 \u0421\u0430\u0439\u0442\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0444\u0430\u0439\u043b\u0435\u0440\u044b Backswing \u0438 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 Badrabbit.<\/p>\n<p>\u0421\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0432 \u0442\u0430\u0431\u043b.1, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442 \u043e\u0434\u0438\u043d \u0438\u0437 \u043f\u0435\u0440\u0432\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u0435\u0432, \u043a\u043e\u0433\u0434\u0430 \u043c\u044b \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0433\u043e\u0442\u043e\u0432\u043d\u043e\u0441\u0442\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 Backswing. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f FireEye \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0440\u0430\u0441\u0442\u0443\u0449\u0435\u0435 \u0447\u0438\u0441\u043b\u043e \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0435\u0442\u0441\u044f Backswing, \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0434\u0430\u043b\u044c\u0448\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432 \u0431\u0443\u0434\u0443\u0449\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \u0412 \u0442\u0430\u0431\u043b. 2 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d \u0441\u043f\u0438\u0441\u043e\u043a \u0441\u0430\u0439\u0442\u043e\u0432, \u0442\u0430\u043a\u0436\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Backswing.<\/p>\n<table width=\"552\">\n<tbody>\n<tr>\n<td width=\"186\"><strong>\u0421\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439<\/strong><\/p>\n<p><strong>\u0421\u0430\u0439\u0442<\/strong><\/td>\n<td width=\"285\"><strong>B<\/strong><strong>ackswing <\/strong><strong>\u0440\u0435\u0441\u0438\u0432\u0435\u0440<\/strong><\/td>\n<td width=\"81\"><strong>\u0412\u0435\u0440\u0441\u0438\u044f<\/strong><\/p>\n<p><strong>Backswing<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>akvadom.kiev[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>bahmut.com[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/dfkiueswbgfreiwfsd[.]tk\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>bitte.net[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>bon-vivasan.com[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>bonitka.com[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>camp.mrt.gov[.]me<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>Evrosmazki[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>forum.andronova[.]net<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>forum.andronova[.]net<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>grandua[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>grupovo[.]bg<\/strong><\/td>\n<td width=\"285\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"81\">v2<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>hr.pensionhotel[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>i24.com[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>i24.com[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"81\">v2<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>icase.lg[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>montenegro-today[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>montenegro-today[.]ru<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>most-dnepr[.]info<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>most-dnepr[.]info<\/strong><\/td>\n<td width=\"285\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"81\">v2<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>obereg-t[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>sarktur[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/104.244.159[.]23:8080\/i<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>sarktur[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>school12.cn[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>sinematurk[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>vgoru[.]org<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.2000[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.444android[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.444android[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.aica.co[.]jp<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.alapli.bel[.]tr<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.ambilet[.]ro<\/strong><\/td>\n<td width=\"285\">http:\/\/185.149.120[.]3\/scholargoogle\/<\/td>\n<td width=\"81\">v2<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.andronova[.]net<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.chnu.edu[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.dermavieskin[.]com<\/strong><\/td>\n<td width=\"285\">https:\/\/bodum-online[.]gq\/Core\/Engine\/Index\/three<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.evrosmazki[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.hercegnovi[.]me<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.len[.]ru<\/strong><\/td>\n<td width=\"285\">http:\/\/185.149.120[.]3\/scholasgoogle\/<\/td>\n<td width=\"81\">v2<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.montenegro-today[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.montenegro-today[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.otbrana[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]be<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]cz<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]de<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]de<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]dk<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]nl<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]pl<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]ro<\/strong><\/td>\n<td width=\"285\">http:\/\/46.20.1[.]98\/scholargoogle\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.pensionhotel[.]sk<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.sinematurk[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.t.ks[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.teknolojihaber[.]net<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/two<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.uscc[.]ua<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.vertizontal[.]ro<\/strong><\/td>\n<td width=\"285\">http:\/\/91.236.116[.]50\/Core\/Engine\/Index\/three<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.visa3777[.]com<\/strong><\/td>\n<td width=\"285\">http:\/\/172.97.69[.]79\/i\/<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<tr>\n<td width=\"186\"><strong>www.www.pensionhotel[.]de<\/strong><\/td>\n<td width=\"285\">http:\/\/38.84.134[.]15\/Core\/Engine\/Index\/default<\/td>\n<td width=\"81\">v1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u0422\u0430\u0431\u043b\u0438\u0446\u0430 2: \u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0444\u0430\u0439\u043b\u0435\u0440\u044b Backswing \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0440\u0435\u0441\u0438\u0432\u0435\u0440\u044b.<\/p>\n<p>\u0420\u0430\u0441\u0441\u044b\u043b\u043a\u0430 \u0441\u0430\u0439\u0442\u043e\u0432, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Backswing, \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u043c\u043e\u0442\u0438\u0432\u0430\u0446\u0438\u044e, \u043f\u043e\u043c\u0438\u043c\u043e \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0439 \u0432\u044b\u0433\u043e\u0434\u044b. \u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f FireEye \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0430 \u0442\u0430\u043a\u0443\u044e \u0441\u0445\u0435\u043c\u0443 \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0442\u0443\u0440\u0435\u0446\u043a\u0438\u0445 \u0438 \u0447\u0435\u0440\u043d\u043e\u0433\u043e\u0440\u0441\u043a\u0438\u0445 \u0441\u0430\u0439\u0442\u0430\u0445. \u041c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0434\u0438\u043b\u0438 \u043f\u0440\u043e\u0442\u043e\u0442\u0438\u043f \u043e\u0431\u0440\u0430\u0437\u0446\u043e\u0432 Backswing \u043d\u0430 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0445 \u0441\u0430\u0439\u0442\u0430\u0445 \u0441\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0440\u043e\u0441\u0442\u043e\u043c \u0432 \u043c\u0430\u0435 2017 \u0433\u043e\u0434\u0430. \u0425\u043e\u0442\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0430\u0439\u0442\u044b, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0435\u0442\u0441\u044f Backswing, \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0447\u0435\u0442\u043a\u043e\u0439 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0432\u044f\u0437\u0438, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u0430\u044f \u043c\u043e\u0434\u0435\u043b\u044c \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u043f\u043e\u043d\u0441\u043e\u0440\u0430 \u0441\u043e \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0440\u0435\u0433\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0430\u043c\u0438.<\/p>\n<p><strong>\u00a0<\/strong><strong>\u0421\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0435 \u0432\u0438\u0440\u0443\u0441\u0430 <\/strong><strong>Badrabbit<\/strong><\/p>\n<p>Badrabbit \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432, \u043a\u0430\u043a \u043e\u043f\u0438\u0441\u0430\u043d\u043e \u043d\u0430 \u0440\u0438\u0441.5<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-23992\" src=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig5.png\" alt=\"\" width=\"1133\" height=\"570\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u0420\u0438\u0441.5 \u041a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0432\u0438\u0440\u0443\u0441\u0430 Badrabbit<\/p>\n<p><strong>Install<\/strong><strong>_<\/strong><strong>flashPlayer<\/strong><strong>.<\/strong><strong>exe<\/strong><strong> (<\/strong><strong>MD<\/strong><strong>5: <\/strong><strong>FBBDC<\/strong><strong>39<\/strong><strong>AF<\/strong><strong>1139<\/strong><strong>AEBBA<\/strong><strong>4<\/strong><strong>DA<\/strong><strong>004475<\/strong><strong>E<\/strong><strong>8839)<\/strong><\/p>\n<p>\u041f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 the install_flashplayer.exe \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0435\u0442 infpub.dat (MD5: C4F26ED277B51EF45FA180BE597D96E8) \u043d\u0430 C: \\ Windows directory \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u0435\u0433\u043e \u0432 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e rundll32.exe \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c C: \\ Windows \\ infpub.dat, # 1 15. \u042d\u0442\u043e\u0442 \u0444\u043e\u0440\u043c\u0430\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0442\u043e\u0436\u0435 \u0447\u0442\u043e \u0438 EternalPetya.<\/p>\n<p><strong>infpub.dat (MD5: 1D724F95C61F1055F0D02C2154BBCCD3)<\/strong><\/p>\n<p>\u0414\u0432\u043e\u0438\u0447\u043d\u044b\u0439(\u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439) \u0444\u0430\u0439\u043b infpub.dat \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c \u0432\u044b\u0440\u0443\u0441\u0430-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0442\u0432\u0435\u0447\u0430\u0435\u0442 \u0437\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432, \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0445 \u0432 \u0440\u0430\u0437\u0434\u0435\u043b\u0435 \u00abBadrabbit Components\u00bb. \u0412\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 RSA-2048 \u043e\u0431\u043b\u0435\u0433\u0447\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043a\u043b\u044e\u0447 AES-128 \u0434\u043b\u044f \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432. \u0420\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0438\u0436\u0435, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u044b \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f:<\/p>\n<p>.3ds.7z.accdb.ai.asm.asp.aspx.avhd.back.bak.bmp.brw.c.cab.cc.cer.cfg.conf.cpp.crt.cs.ctl.cxx.dbf.der.dib.disk.djvu.doc.docx.dwg.eml.fdb.gz.h.hdd.hpp.hxx.iso.java.jfif.jpe.jpeg.jpg.js.kdbx.key.mail.mdb.msg.nrg.odc.odf.odg.odi.odm.odp.ods.odt.ora.ost.ova.ovf.p12.p7b.p7c.pdf.pem.pfx.php.pmf.png.ppt.pptx.ps1.pst.pvi.py.pyc.pyw.qcow.qcow2.rar.rb.rtf.scm.sln.sql.tar.tib.tif.tiff.vb.vbox.vbs.vcb.vdi.vfd.vhd.vhdx.vmc.vmdk.vmsd.vmtm.vmx.vsdx.vsv.work.xls.xlsx.xml.xvd.zip<\/p>\n<p>\u041d\u0438\u0436\u0435\u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0438 \u043d\u0435 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0438:<\/p>\n<ul>\n<li>\\Windows<\/li>\n<li>\\Program Files<\/li>\n<li>\\ProgramData<\/li>\n<li>\\AppData<\/li>\n<\/ul>\n<p>\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0441\u0432\u043e\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e \u0432\u044b\u043a\u0443\u043f\u0435 \u0432 \u043a\u043e\u0440\u0435\u043d\u044c \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u0438\u0441\u043a\u0430 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c \u0444\u0430\u0439\u043b\u0430 Readme.txt.<\/p>\n<p>\u0424\u0430\u0439\u043b Infpub.dat \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0431\u043e\u043a\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 WMI \u0438\u043b\u0438 SMB. \u0421\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c Mimikatz, \u0447\u0442\u043e \u043e\u0431\u043b\u0435\u0433\u0447\u0430\u0435\u0442 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0432 \u0441\u0435\u0442\u0438. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0441\u043f\u0438\u0441\u043a\u0438 \u043e\u0431\u0449\u0438\u0445 \u0438\u043c\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438 \u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043a\u0430\u043d\u0430\u043b\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.<\/p>\n<p>\u0415\u0441\u043b\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043e\u0434\u0438\u043d \u0438\u0437 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 Dr.Web, \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f. \u0415\u0441\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u00ab-f\u00bb, \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043b\u0430\u0442\u0435\u0440\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0438\u0441\u043a\u043b\u044e\u0447\u0430\u044e\u0442\u0441\u044f.<\/p>\n<p><strong>dispci.exe (MD5: B14D8FAF7F0CBCFAD051CEFE5F39645F)<\/strong><\/p>\n<p>\u0411\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b dispci.exe \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u043c DiskCryptor (cscc.dat) \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430. \u0415\u0441\u043b\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d \u043e\u0434\u0438\u043d \u0438\u0437 \u0442\u0440\u0435\u0445 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 McAfee, dispci.exe \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 % ALLUSERSPROFILE%; \u0432 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u043d \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 C: \\ Windows. \u041e\u0431\u0440\u0430\u0437\u0435\u0446 \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442 \u0432 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0437\u0430\u0434\u0430\u0447\u0438 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c rhaegal.<\/p>\n<p><strong>cscc.dat (MD5s: B4E6D97DAFD9224ED9A547D52C26CE02 <\/strong><strong>\u0438\u043b\u0438<\/strong><strong> EDB72F4A46C39452D1A5414F7D26454A)<\/strong><\/p>\n<p>32 \u0438\u043b\u0438 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0439 \u0434\u0440\u0430\u0439\u0432\u0435\u0440 DiskCryptor \u0441 \u0438\u043c\u0435\u043d\u0435\u043c cscc.dat \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u0438\u0441\u043a\u0430. \u041e\u043d \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435: \\ Windows \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u043b\u0443\u0436\u0431\u044b \u044f\u0434\u0440\u0430 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 cscc.<\/p>\n<p><strong>\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u0442\u0438\u043b\u0438\u0442<\/strong><strong>\u044b<\/strong> <strong>Mimikatz (MD5s: 37945C44A897AA42A66ADCAB68F560E0 \u0438\u043b\u0438 347AC3B6B791054DE3E5720A7144A977)<\/strong><\/p>\n<p>32 \u0438\u043b\u0438 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0443\u0442\u0438\u043b\u0438\u0442\u044b Mimikatz \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, 651D.tmp) \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 C: \\ Windows \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0443\u0442\u0435\u043c \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0441\u0442\u0440\u043e\u043a\u0438 \u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u0430\u043d\u0430\u043b\u0430 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \\\\. \\ Pipe \\ {8A93FA32-1B7A-4E2F -AAD2-76A095F261DC}) \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430. \u0421\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u043e\u0431\u0440\u0430\u0442\u043d\u043e \u043d\u0430 infpub.dat \u0447\u0435\u0440\u0435\u0437 \u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b, \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e EternalPetya.<\/p>\n<p><strong>\u0421\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u0435 <\/strong><strong>Badrabbit<\/strong> <strong>c<\/strong> <strong>EternalPetya<\/strong><\/p>\n<p>\u0424\u0430\u0439\u043b Infpub.dat \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u043e\u0439 \u0441\u0443\u043c\u043c\u044b, \u043a\u0430\u043a \u0438 \u0442\u043e\u0442, \u0447\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 EternalPetya. \u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u043e\u0439 \u0441\u0443\u043c\u043c\u044b \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f: 0x87654321 \u0432 infpub.dat, 0x12345678 \u0432 EternalPetya. infpub.dat \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0442\u0435 \u0436\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438, \u0447\u0442\u043e \u0438 EternalPetya, \u0441 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u00ab-f\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u0445\u043e\u0434\u0438\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c.<\/p>\n<p>\u041a\u0430\u043a \u0438 EternalPetya, infpub.dat \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043b\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0435\u0441\u043b\u0438 \u043e\u043d \u043d\u0430\u0439\u0434\u0435\u043d, \u0442\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u043f\u0440\u0435\u043a\u0440\u0430\u0449\u0430\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0443. \u0424\u0430\u0439\u043b \u0432 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 &#8212; cscc.dat. infpub.dat \u0443\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f wmic.exe, \u043d\u043e, \u0432 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442 EternalPetya, \u043d\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u043a\u043e\u0434 PSEXEC, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u043e\u043a\u043e\u0432\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f.<\/p>\n<p>\u041e\u0431\u0430 \u043e\u0431\u0440\u0430\u0437\u0446\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0442\u0443 \u0436\u0435 \u0441\u0435\u0440\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434 wevtutil \u0438 fsutil \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438-\u0430\u043d\u0430\u043b\u0438\u0437\u0430:<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"606\">wevtutil cl Setup &amp; wevtutil cl System &amp; wevtutil cl Security &amp; wevtutil cl Application &amp; fsutil usn deletejournal \/D %SYSTEMDRIVE%<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-23993\" src=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig6.png\" alt=\"\" width=\"975\" height=\"498\" \/>\u0420\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u00a0<\/strong><strong>FireEye<\/strong><\/p>\n<table width=\"560\">\n<tbody>\n<tr>\n<td width=\"132\"><strong>\u041f\u0440\u043e\u0434\u0443\u043a\u0442<\/strong><\/td>\n<td width=\"428\"><strong>\u0418\u043c\u0435\u043d\u0430 \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0432\u0430\u043d\u0438\u044f<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">NX,EX,AX,FX,ETP<\/td>\n<td width=\"428\">malware.binary.exe, Trojan.Ransomware.MVX, Exploit.PossibleWaterhole.BACKSWING<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">HX<\/td>\n<td width=\"428\">BADRABBIT RANSOMWARE (FAMILY), Gen:Heur.Ransom.BadRabbit.1, Gen:Variant.Ransom.BadRabbit.1<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">TAP<\/td>\n<td width=\"428\">WINDOWS METHODOLOGY [Scheduled Task Created], WINDOWS METHODOLOGY [Service Installation], WINDOWS METHODOLOGY [Audit Log Cleared], WINDOWS METHODOLOGY [Rundll32 Ordinal Arg], WINDOWS METHODOLOGY [Wevtutil Clear-log], WINDOWS METHODOLOGY [Fsutil USN Deletejournal], WINDOWS METHODOLOGY [Multiple Admin Share Failures]<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u0418\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b<\/strong><\/p>\n<p>\u0424\u0430\u0439\u043b: Install_flashPlayer.exe<br \/>\n\u0425\u0435\u0448-\u043a\u043e\u0434: FBBDC39AF1139AEBBA4DA004475E8839<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: install_flashplayer.exe drops infpub.dat<\/p>\n<p>\u0424\u0430\u0439\u043b: infpub.dat<br \/>\n\u0425\u0435\u0448-\u043a\u043e\u0434: 1D724F95C61F1055F0D02C2154BBCCD3<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043f\u0435\u0440\u0432\u0438\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b<\/p>\n<p>\u0424\u0430\u0439\u043b: dispci.exe<br \/>\n\u0425\u0435\u0448-\u043a\u043e\u0434: B14D8FAF7F0CBCFAD051CEFE5F39645F<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u043c DiskCryptor (cscc.dat) \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0442\u0432\u0435\u0447\u0430\u0435\u0442 \u0437\u0430 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u0444\u0430\u0439\u043b\u0430<\/p>\n<p>\u0424\u0430\u0439\u043b: cscc.dat<br \/>\n\u0425\u0435\u0448-\u043a\u043e\u0434: B4E6D97DAFD9224ED9A547D52C26CE02 \u0438\u043b\u0438 EDB72F4A46C39452D1A5414F7D26454A<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: 32 or 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0439 \u0434\u0440\u0430\u0439\u0432\u0435\u0440 DiskCryptor<\/p>\n<p>\u0424\u0430\u0439\u043b: &lt;rand_4_hex&gt;.tmp<br \/>\n\u0425\u0435\u0448-\u043a\u043e\u0434: 37945C44A897AA42A66ADCAB68F560E0 \u0438\u043b\u0438 347AC3B6B791054DE3E5720A7144A977<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: 32 or 64-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0443\u0442\u0438\u043b\u0438\u0442\u044b Mimikatz<\/p>\n<p>\u0424\u0430\u0439\u043b: Readme.txt<br \/>\n\u0425\u0435\u0448-\u043a\u043e\u0434: \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0439<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u044b\u043a\u0443\u043f\u0430<\/p>\n<p>\u041a\u043e\u043c\u0430\u043d\u0434\u0430: \\system32\\rundll32.exe C:\\Windows\\infpub.dat,#1 15<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b Badrabbit. \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u00a0\u00ab15\u00bb \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0434\u043b\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u043e \u043f\u0443\u0442\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u044f \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 \u043f\u0440\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 install_flash_player.exe.<\/p>\n<p>\u041a\u043e\u043c\u0430\u043d\u0434\u0430: %COMSPEC% \/c schtasks \/Create \/RU SYSTEM \/SC ONSTART \/TN rhaegal \/TR &#171;&lt;%COMSPEC%&gt; \/C Start \\&#187;\\&#187; \\&#187;&lt;dispci_exe_path&gt;\\&#187; -id<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 rhaegal<\/p>\n<p>\u041a\u043e\u043c\u0430\u043d\u0434\u0430: %COMSPEC% \/c schtasks \/Create \/SC once \/TN drogon \/RU SYSTEM \/TR &#171;%WINDIR%\\system32\\shutdown.exe \/r \/t 0 \/f&#187; \/ST &lt;HH:MM:00&gt;<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 drogon<\/p>\n<p>\u041a\u043e\u043c\u0430\u043d\u0434\u0430: %COMSPEC% \/c schtasks \/Delete \/F \/TN drogon<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0437\u0430\u0434\u0430\u043d\u0438\u0435 drogon<\/p>\n<p>\u041a\u043e\u043c\u0430\u043d\u0434\u0430: %COMSPEC% \/c wswevtutil cl Setup &amp; wswevtutil cl System &amp; wswevtutil cl Security &amp; wswevtutil cl Application &amp; fsutil usn deletejournal \/D &lt;current_drive_letter&gt;:<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0430\u043d\u0442\u0438-\u0430\u043d\u0430\u043b\u0438\u0437<\/p>\n<p>\u0418\u043c\u044f \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u0434\u0430\u043d\u0438\u044f: rhaegal<br \/>\nScheduled Task Run: &#171;&lt;%COMSPEC%&gt; \/C Start \\&#187;\\&#187; \\&#187;&lt;dispci_exe_path&gt;\\&#187; -id &lt;rand_task_id&gt; &amp;&amp; exit&#187;<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0441 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u043e\u043c<\/p>\n<p>\u0418\u043c\u044f \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u0434\u0430\u043d\u0438\u044f: drogon<br \/>\n\u0417\u0430\u043f\u0443\u0441\u043a \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u0434\u0430\u043d\u0438\u044f: &#171;%WINDIR%\\system32\\shutdown.exe \/r \/t 0 \/f&#187;<br \/>\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430<\/p>\n<p>\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0441\u043b\u0443\u0436\u0431\u044b: cscc<br \/>\n\u041e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u043c\u043e\u0435 \u0438\u043c\u044f \u0441\u043b\u0443\u0436\u0431\u044b: Windows Client Side Caching DDriver<br \/>\n\u0421\u0435\u0440\u0432\u0438\u0441\u043d\u044b\u0439 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u043f\u0443\u0442\u044c: cscc.dat<\/p>\n<p><strong>\u0412\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u0438\u043c\u0435\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 \u0444\u0430\u0439\u043b\u0430 <\/strong><strong>infpub<\/strong><strong>.<\/strong><strong>dat<\/strong><strong> (1<\/strong><strong>D<\/strong><strong>724<\/strong><strong>F<\/strong><strong>95<\/strong><strong>C<\/strong><strong>61<\/strong><strong>F<\/strong><strong>1055<\/strong><strong>F<\/strong><strong>0<\/strong><strong>D<\/strong><strong>02<\/strong><strong>C<\/strong><strong>2154<\/strong><strong>BBCCD<\/strong><strong>3)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"600\">Administrator<br \/>\nAdmin<br \/>\nGuest<br \/>\nUser<br \/>\nUser1<br \/>\nuser-1<br \/>\nTest<br \/>\nroot<br \/>\nbuh<br \/>\nboss<br \/>\nftp<br \/>\nrdp<br \/>\nrdpuser<br \/>\nrdpadmin<br \/>\nmanager<br \/>\nsupport<br \/>\nwork<br \/>\nother user<br \/>\noperator<br \/>\nbackup<br \/>\nasus<br \/>\nftpuser<br \/>\nftpadmin<br \/>\nnas<br \/>\nnasuser<br \/>\nnasadmin<br \/>\nsuperuser<br \/>\nnetguest<br \/>\nalex<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u00a0<\/strong><strong>\u0412\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u0440\u043e\u043b\u0438 \u0438\u0437 \u0444\u0430\u0439\u043b\u0430 <\/strong><strong>infpub<\/strong><strong>.<\/strong><strong>dat<\/strong><strong> (1<\/strong><strong>D<\/strong><strong>724<\/strong><strong>F<\/strong><strong>95<\/strong><strong>C<\/strong><strong>61<\/strong><strong>F<\/strong><strong>1055<\/strong><strong>F<\/strong><strong>0<\/strong><strong>D<\/strong><strong>02<\/strong><strong>C<\/strong><strong>2154<\/strong><strong>BBCCD<\/strong><strong>3)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"600\">Administrator<br \/>\nadministrator<br \/>\nGuest<br \/>\nguest<br \/>\nUser<br \/>\nuser<br \/>\nAdmin<br \/>\nadminTest<br \/>\ntest<br \/>\nroot<br \/>\n123<br \/>\n1234<br \/>\n12345<br \/>\n123456<br \/>\n1234567<br \/>\n12345678<br \/>\n123456789<br \/>\n1234567890<br \/>\nAdministrator123<br \/>\nadministrator123<br \/>\nGuest123<br \/>\nguest123<br \/>\nUser123<br \/>\nuser123<br \/>\nAdmin123<br \/>\nadmin123Test123<br \/>\ntest123<br \/>\npassword<br \/>\n111111<br \/>\n55555<br \/>\n77777<br \/>\n777<br \/>\nqwe<br \/>\nqwe123<br \/>\nqwe321<br \/>\nqwer<br \/>\nqwert<br \/>\nqwerty<br \/>\nqwerty123<br \/>\nzxc<br \/>\nzxc123<br \/>\nzxc321<br \/>\nzxcv<br \/>\nuiop<br \/>\n123321<br \/>\n321<br \/>\nlove<br \/>\nsecret<br \/>\nsex<br \/>\ngod<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u00a0<\/strong><strong>\u0412\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043a\u0430\u043d\u0430\u043b\u044b \u0438\u0437 \u0444\u0430\u0439\u043b\u0430 <\/strong><strong>infpub<\/strong><strong>.<\/strong><strong>dat<\/strong><strong> (1<\/strong><strong>D<\/strong><strong>724<\/strong><strong>F<\/strong><strong>95<\/strong><strong>C<\/strong><strong>61<\/strong><strong>F<\/strong><strong>1055<\/strong><strong>F<\/strong><strong>0<\/strong><strong>D<\/strong><strong>02<\/strong><strong>C<\/strong><strong>2154<\/strong><strong>BBCCD<\/strong><strong>3)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"600\">atsvc<br \/>\nbrowser<br \/>\neventlog<br \/>\nlsarpc<br \/>\nnetlogon<br \/>\nntsvcs<br \/>\nspoolss<br \/>\nsamr<br \/>\nsrvsvc<br \/>\nscerpc<br \/>\nsvcctl<br \/>\nwkssvc<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u00a0<\/strong><strong>Yara Rules<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"600\">rule FE_Hunting_BADRABBIT {<br \/>\nmeta:version=&#187;.2&#8243;<br \/>\nfiletype=&#187;PE&#187;<br \/>\nauthor=&#187;ian.ahl @TekDefense &amp; nicholas.carr @itsreallynick&#187;<br \/>\ndate=&#187;2017-10-24&#8243;<br \/>\nmd5 = &#171;b14d8faf7f0cbcfad051cefe5f39645f&#187;<br \/>\nstrings:<br \/>\n\/\/ Messages<br \/>\n$msg1 = &#171;Incorrect password&#187; nocase ascii wide<br \/>\n$msg2 = &#171;Oops! Your files have been encrypted.&#187; ascii wide<br \/>\n$msg3 = &#171;If you see this text, your files are no longer accessible.&#187; ascii wide<br \/>\n$msg4 = &#171;You might have been looking for a way to recover your files.&#187; ascii wide<br \/>\n$msg5 = &#171;Don&#8217;t waste your time. No one will be able to recover them without our&#187; ascii wide<br \/>\n$msg6 = &#171;Visit our web service at&#187; ascii wide<br \/>\n$msg7 = &#171;Your personal installation key#1:&#187; ascii wide<br \/>\n$msg8 = &#171;Run DECRYPT app at your desktop after system boot&#187; ascii wide<br \/>\n$msg9 = &#171;Password#1&#187; nocase ascii wide<br \/>\n$msg10 = &#171;caforssztxqzf2nm.onion&#187; nocase ascii wide<br \/>\n$msg11 = \/partition (unbootable|not (found|mounted))\/ nocase ascii wide\/\/ File references<br \/>\n$fref1 = &#171;C:\\\\Windows\\\\cscc.dat&#187; nocase ascii wide<br \/>\n$fref2 = &#171;\\\\\\\\.\\\\dcrypt&#187; nocase ascii wide<br \/>\n$fref3 = &#171;Readme.txt&#187; ascii wide<br \/>\n$fref4 = &#171;\\\\Desktop\\\\DECRYPT.lnk&#187; nocase ascii wide<br \/>\n$fref5 = &#171;dispci.exe&#187; nocase ascii wide<br \/>\n$fref6 = &#171;C:\\\\Windows\\\\infpub.dat&#187; nocase ascii wide<br \/>\n\/\/ META<br \/>\n$meta1 = &#171;http:\/\/diskcryptor.net\/&#187; nocase ascii wide<br \/>\n$meta2 = &#171;dispci.exe&#187; nocase ascii wide<br \/>\n$meta3 = &#171;GrayWorm&#187; ascii wide<br \/>\n$meta4 = &#171;viserion&#187; nocase ascii wide<br \/>\n\/\/commands<br \/>\n$com1 = &#171;ComSpec&#187; ascii wide<br \/>\n$com2 = &#171;\\\\cmd.exe&#187; nocase ascii wide<br \/>\n$com3 = &#171;schtasks \/Create&#187; nocase ascii wide<br \/>\n$com4 = &#171;schtasks \/Delete \/F \/TN %ws&#187; nocase ascii wide<br \/>\ncondition:<br \/>\n(uint16(0) == 0x5A4D)<br \/>\nand<br \/>\n(8 of ($msg*) and 3 of ($fref*) and 2 of ($com*))<br \/>\nor<br \/>\n(all of ($meta*) and 8 of ($msg*))<br \/>\n}rule FE_Trojan_BADRABBIT_DROPPER<br \/>\n{<br \/>\nmeta:<br \/>\nauthor = &#171;muhammad.umair&#187;<br \/>\nmd5 = &#171;fbbdc39af1139aebba4da004475e8839&#187;<br \/>\nrev = 1<br \/>\nstrings:<br \/>\n$api1 = &#171;GetSystemDirectoryW&#187; fullword<br \/>\n$api2 = &#171;GetModuleFileNameW&#187; fullword<br \/>\n$dropped_dll = &#171;infpub.dat&#187; ascii fullword wide<br \/>\n$exec_fmt_str = &#171;%ws C:\\\\Windows\\\\%ws,#1 %ws&#187; ascii fullword wide<br \/>\n$extract_seq = { 68 ?? ?? ?? ?? 8D 95 E4 F9 FF FF 52 FF 15 ?? ?? ?? ?? 85 C0 0F 84 C4 00 00 00 8D 85 A8 ED FF FF 50 8D 8D AC ED FF FF E8 ?? ?? ?? ?? 85 C0 0F 84 AA 00 00 00 }<br \/>\ncondition:<br \/>\n(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and filesize &lt; 500KB and all of them<br \/>\n}rule FE_Worm_BADRABBIT<br \/>\n{<br \/>\nmeta:<br \/>\nauthor = &#171;muhammad.umair&#187;<br \/>\nmd5 = &#171;1d724f95c61f1055f0d02c2154bbccd3&#187;<br \/>\nrev = 1<br \/>\nstrings:<br \/>\n$api1 = &#171;WNetAddConnection2W&#187; fullword<br \/>\n$api2 = &#171;CredEnumerateW&#187; fullword<br \/>\n$api3 = &#171;DuplicateTokenEx&#187; fullword<br \/>\n$api4 = &#171;GetIpNetTable&#187;<br \/>\n$del_tasks = &#171;schtasks \/Delete \/F \/TN drogon&#187; ascii fullword wide<br \/>\n$dropped_driver = &#171;cscc.dat&#187; ascii fullword wide<br \/>\n$exec_fmt_str = &#171;%ws C:\\\\Windows\\\\%ws,#1 %ws&#187; ascii fullword wide<br \/>\n$iter_encrypt = { 8D 44 24 3C 50 FF 15 ?? ?? ?? ?? 8D 4C 24 3C 8D 51 02 66 8B 31 83 C1 02 66 3B F7 75 F5 2B CA D1 F9 8D 4C 4C 3C 3B C1 74 07 E8 ?? ?? ?? ?? }<br \/>\n$share_fmt_str = &#171;\\\\\\\\%ws\\\\admin$\\\\%ws&#187; ascii fullword wide<br \/>\ncondition:<br \/>\n(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and filesize &lt; 500KB and all of them<br \/>\n}rule FE_Trojan_BADRABBIT_MIMIKATZ<br \/>\n{<br \/>\nmeta:<br \/>\nauthor = &#171;muhammad.umair&#187;<br \/>\nmd5 = &#171;37945c44a897aa42a66adcab68f560e0&#187;<br \/>\nrev = 1<br \/>\nstrings:<br \/>\n$api1 = &#171;WriteProcessMemory&#187; fullword<br \/>\n$api2 = &#171;SetSecurityDescriptorDacl&#187; fullword<br \/>\n$api_str1 = &#171;BCryptDecrypt&#187; ascii fullword wide<br \/>\n$mimi_str = &#171;CredentialKeys&#187; ascii fullword wide<br \/>\n$wait_pipe_seq = { FF 15 ?? ?? ?? ?? 85 C0 74 63 55 BD B8 0B 00 00 57 57 6A 03 8D 44 24 1C 50 57 68 00 00 00 C0 FF 74 24 38 4B FF 15 ?? ?? ?? ?? 8B F0 83 FE FF 75 3B }<br \/>\ncondition:<br \/>\n(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and filesize &lt; 500KB and all of them<br \/>\n}rule FE_Trojan_BADRABBIT_DISKENCRYPTOR<br \/>\n{<br \/>\nmeta:<br \/>\nauthor = &#171;muhammad.umair&#187;<br \/>\nmd5 = &#171;b14d8faf7f0cbcfad051cefe5f39645f&#187;<br \/>\nrev = 1<br \/>\nstrings:<br \/>\n$api1 = &#171;CryptAcquireContextW&#187; fullword<br \/>\n$api2 = &#171;CryptEncrypt&#187; fullword<br \/>\n$api3 = &#171;NetWkstaGetInfo&#187; fullword<br \/>\n$decrypt_seq = { 89 5D EC 78 10 7F 07 3D 00 00 00 01 76 07 B8 00 00 00 01 EB 07 C7 45 EC 01 00 00 00 53 50 53 6A 04 53 8B F8 56 89 45 FC 89 7D E8 FF 15 ?? ?? ?? ?? 8B D8 85 DB 74 5F }<br \/>\n$msg1 = &#171;Disk decryption progress&#8230;&#187; ascii fullword wide<br \/>\n$task_fmt_str = &#171;schtasks \/Create \/SC ONCE \/TN viserion_%u \/RU SYSTEM \/TR \\&#187;%ws\\&#187; \/ST %02d:%02d:00&#8243; ascii fullword wide<br \/>\n$tok1 = &#171;\\\\\\\\.\\\\dcrypt&#187; ascii fullword wide<br \/>\n$tok2 = &#171;C:\\\\Windows\\\\cscc.dat&#187; ascii fullword wide<br \/>\ncondition:<br \/>\n(uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and filesize &lt; 150KB and all of them<br \/>\n}<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[vc_row row_padd=&#187;xs-padding&#187; section_bg_color=&#187;#f5f5f5&#8243;][vc_column width=&#187;1\/6&#8243;][vc_single_image image=&#187;22017&#8243; img_size=&#187;113*150&#8243; alignment=&#187;right&#187;][\/vc_column][vc_column width=&#187;5\/6&#8243;][vc_column_text css=&#187;.vc_custom_1483612005172{margin-right: 100px !important;margin-left: 10px !important;}&#187; it_color=&#187;#000000&#8243;]\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u00ab\u0410\u043c\u0438\u043a\u0430\u00bb \u0432\u0441\u0435\u0433\u0434\u0430 \u0433\u043e\u0442\u043e\u0432\u044b \u043f\u0440\u043e\u043a\u043e\u043d\u0441\u0443\u043b\u044c\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0430\u0441 \u043f\u043e \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c, \u0443\u0441\u043b\u0443\u0433\u0430\u043c \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0432\u0430\u0448\u0438\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u041c\u044b \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u043c\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c\u0438 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438:<\/p>\n<ul>\n<li>\u0417\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u0443\u0442\u0435\u0447\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 (DLP).<\/li>\n<li>\u0417\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u0446\u0435\u043b\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a (APT).<\/li>\n<li>\u0417\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 DDOS.<\/li>\n<li>\u0417\u0430\u0449\u0438\u0442\u0430 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 (BYOD \u0438 MDM)<\/li>\n<li>\u0410\u0443\u0434\u0438\u0442 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c<\/li>\n<li>\u0422\u0435\u0441\u0442\u044b \u043d\u0430 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435.<\/li>\n<\/ul>\n<p>\u0411\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u0443\u044e \u043a\u043e\u043d\u0441\u0443\u043b\u044c\u0442\u0430\u0446\u0438\u044e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c, \u043e\u0431\u0440\u0430\u0442\u0438\u0432\u0448\u0438\u0441\u044c \u043a \u043d\u0430\u043c \u043f\u043e \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0443 +38 044 355-07-70 \u0438\u043b\u0438 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 <a href=\"mailto:security@amica.ua\">security@amica.ua<\/a>.[\/vc_column_text][\/vc_column][\/vc_row][vc_row row_padd=&#187;sm-padding&#187;][vc_column css=&#187;.vc_custom_1516090483757{margin-bottom: -35px !important;}&#187;][vc_row_inner][vc_column_inner width=&#187;1\/2&#8243;][vc_custom_heading text=&#187;\u041e\u0441\u0442\u0430\u043b\u0438\u0441\u044c \u0432\u043e\u043f\u0440\u043e\u0441\u044b? \u041e\u0431\u0440\u0430\u0449\u0430\u0439\u0442\u0435\u0441\u044c \u043a \u043d\u0430\u0448\u0438\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c.&#187; font_container=&#187;tag:h2|text_align:left|color:%23000000&#8243; google_fonts=&#187;font_family:Open%20Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic|font_style:300%20light%20regular%3A300%3Anormal&#187;][vc_column_text]<\/p>\n<h5>\u0417\u0430\u043f\u043e\u043b\u043d\u0438\u0442\u0435 \u0444\u043e\u0440\u043c\u0443 \u0441\u043f\u0440\u0430\u0432\u0430 \u0438 \u043d\u0430\u0448\u0438 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u044b \u0441\u0432\u044f\u0436\u0443\u0442\u0441\u044f \u0441 \u0432\u0430\u043c\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0438 10 \u043c\u0438\u043d\u0443\u0442.<\/h5>\n<p>[\/vc_column_text][\/vc_column_inner][vc_column_inner width=&#187;1\/2&#8243;][vc_column_text][amoforms id=&#187;8&#8243;][\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row][vc_row parallax=&#187;1&#8243; overlay_opacity=&#187;0.8&#8243; row_padd=&#187;xs-padding&#187; overlay_color=&#187;#000000&#8243; section_bg_color=&#187;#f7f6f6&#8243;][vc_column][vc_custom_heading text=&#187;\u0411\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u0430\u044f PDF-\u0431\u0440\u043e\u0448\u044e\u0440\u0430&#187; font_container=&#187;tag:h2|font_size:22|text_align:center|color:%232e4861&#8243; google_fonts=&#187;font_family:Open%20Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic|font_style:300%20light%20regular%3A300%3Anormal&#187;][vc_custom_heading text=&#187;&#171;7 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432, \u043a\u0430\u043a \u043d\u0435 \u0441\u0442\u0430\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u044f&#171;&#187; font_container=&#187;tag:h2|font_size:36|text_align:center|color:%232e4861&#8243; google_fonts=&#187;font_family:Open%20Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic|font_style:700%20bold%20regular%3A700%3Anormal&#187;][vc_row_inner css=&#187;.vc_custom_1486984446549{margin-top: 10px !important;}&#187;][vc_column_inner width=&#187;1\/3&#8243;][vc_single_image image=&#187;22823&#8243; img_size=&#187;&#187; alignment=&#187;right&#187;][\/vc_column_inner][vc_column_inner width=&#187;1\/3&#8243; css=&#187;.vc_custom_1486984003247{background-position: 0 0 !important;background-repeat: no-repeat !important;border-radius: 1px !important;}&#187;][vc_column_text it_color=&#187;#2e4861&#8243;]<\/p>\n<h4>\u0412 \u0431\u0440\u043e\u0448\u044e\u0440\u0435 \u0432\u0430\u0441 \u0436\u0434\u0443\u0442 \u043e\u0442\u0432\u0435\u0442\u044b \u043d\u0430 \u0442\u0430\u043a\u0438\u0435 \u0432\u043e\u043f\u0440\u043e\u0441\u044b, \u043a\u0430\u043a:<\/h4>\n<ul>\n<li>\u041a\u0430\u043a \u0443\u0431\u0435\u0440\u0435\u0447\u044c \u0441\u0435\u0431\u044f \u043e\u0442 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f<\/li>\n<li>\u041a\u0430\u043a\u0443\u044e \u043f\u0440\u043e\u0444\u0438\u043b\u0430\u043a\u0442\u0438\u043a\u0443 \u0441\u0442\u043e\u0438\u0442 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043d\u0430 \u0441\u0432\u043e\u0451\u043c \u041f\u041a<\/li>\n<li>\u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438<\/li>\n<li>\u041d\u044e\u0430\u043d\u0441\u044b\u00a0\u0432 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0441\u043f\u043e\u0441\u043e\u0431\u0430\u0445 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0432\u0438\u0440\u0443\u0441\u043e\u0432<\/li>\n<li>\u0427\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u0447\u0442\u043e\u0431\u044b \u043e\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u0438\u0442\u044c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044e \u043e\u0442 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a.<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column_inner][vc_column_inner width=&#187;1\/3&#8243;][vc_column_text it_color=&#187;#2e4861&#8243;]<\/p>\n<h4><strong>\u041f\u043e\u043b\u0443\u0447\u0438\u0442\u0435 \u0431\u0440\u043e\u0448\u044e\u0440\u0443\u00a0\u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e, \u043e\u0441\u0442\u0430\u0432\u0438\u0432 \u0441\u0432\u043e\u0439 email \u043d\u0438\u0436\u0435<br \/>\n<\/strong><\/h4>\n<p>[\/vc_column_text][vc_raw_js]JTNDc2NyaXB0JTIwdHlwZSUzRCUyMnRleHQlMkZqYXZhc2NyaXB0JTIyJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZhcHAuZ2V0cmVzcG9uc2UuY29tJTJGdmlld193ZWJmb3JtX3YyLmpzJTNGdSUzREJUVDFLJTI2d2ViZm9ybXNfaWQlM0Q1ODM1NDA2JTIyJTNFJTNDJTJGc2NyaXB0JTNF[\/vc_raw_js][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/vc_row] <\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u041a\u0440\u0430\u0442\u043a\u0438\u0439 \u043e\u0431\u0437\u043e\u0440 24 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2017 \u0433\u043e\u0434\u0430 \u0441\u043e\u0433\u043b\u0430\u0441\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 web-\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0432\u0438\u0440\u0443\u0441 Badrabbit \u043d\u0430 \u043d\u0435\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0423\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 FireEye<\/p>\n","protected":false},"author":74,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[119],"tags":[],"class_list":["post-27219","post","type-post","status-publish","format-standard","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica<\/title>\n<meta name=\"description\" content=\"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/\" \/>\n<meta property=\"og:locale\" content=\"ru_RU\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit\" \/>\n<meta property=\"og:description\" content=\"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica\" \/>\n<meta property=\"og:url\" content=\"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/\" \/>\n<meta property=\"og:site_name\" content=\"Amica\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/amica.it\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-06T06:54:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig1.png\" \/>\n<meta name=\"author\" content=\"Sergey Mudrenko\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sergey Mudrenko\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 \u043c\u0438\u043d\u0443\u0442\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/\"},\"author\":{\"name\":\"Sergey Mudrenko\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#\\\/schema\\\/person\\\/837c969717c1d531a74a8d41cf6e72fd\"},\"headline\":\"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit\",\"datePublished\":\"2017-11-06T06:54:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/\"},\"wordCount\":3674,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/uploads\\\/2017\\\/11\\\/Fig1.png\",\"articleSection\":[\"\u041d\u043e\u0432\u043e\u0441\u0442\u0438\"],\"inLanguage\":\"ru-RU\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/\",\"url\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/\",\"name\":\"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/uploads\\\/2017\\\/11\\\/Fig1.png\",\"datePublished\":\"2017-11-06T06:54:54+00:00\",\"description\":\"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#breadcrumb\"},\"inLanguage\":\"ru-RU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/uploads\\\/2017\\\/11\\\/Fig1.png\",\"contentUrl\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/uploads\\\/2017\\\/11\\\/Fig1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/backswing-dostaet-svoj-kozyr-virus-badrabbit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043e\u043b\u043e\u0432\u043d\u0430\",\"item\":\"https:\\\/\\\/amica.ua\\\/ru\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#website\",\"url\":\"https:\\\/\\\/amica.ua\\\/ru\\\/\",\"name\":\"Amica\",\"description\":\"\u0441\u0438\u0441\u0442\u0435\u043c\u043d\u0438\u0439 \u0456\u043d\u0442\u0435\u0433\u0440\u0430\u0442\u043e\u0440\",\"publisher\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#organization\"},\"alternateName\":\"\u0410\u043c\u0456\u043a\u0430\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/amica.ua\\\/ru\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ru-RU\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#organization\",\"name\":\"Amica\",\"alternateName\":\"\u0410\u043c\u0456\u043a\u0430\",\"url\":\"https:\\\/\\\/amica.ua\\\/ru\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/fff-amica_logo_true.svg\",\"contentUrl\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/fff-amica_logo_true.svg\",\"width\":452,\"height\":131,\"caption\":\"Amica\"},\"image\":{\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/amica.it\\\/\",\"https:\\\/\\\/www.instagram.com\\\/amica_integration\\\/?igsh=MWwzZDM1bDA3d2pmMQ\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCG3_4OsvOOy0Cauv8DgYruw\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/amica.ua\\\/ru\\\/#\\\/schema\\\/person\\\/837c969717c1d531a74a8d41cf6e72fd\",\"name\":\"Sergey Mudrenko\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/litespeed\\\/avatar\\\/704af47f6d6b9e1e0e44a62bec567970.jpg?ver=1778776550\",\"url\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/litespeed\\\/avatar\\\/704af47f6d6b9e1e0e44a62bec567970.jpg?ver=1778776550\",\"contentUrl\":\"https:\\\/\\\/amica.ua\\\/wp-content\\\/litespeed\\\/avatar\\\/704af47f6d6b9e1e0e44a62bec567970.jpg?ver=1778776550\",\"caption\":\"Sergey Mudrenko\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica","description":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/","og_locale":"ru_RU","og_type":"article","og_title":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit","og_description":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica","og_url":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/","og_site_name":"Amica","article_publisher":"https:\/\/www.facebook.com\/amica.it\/","article_published_time":"2017-11-06T06:54:54+00:00","og_image":[{"url":"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig1.png","type":"","width":"","height":""}],"author":"Sergey Mudrenko","twitter_card":"summary_large_image","twitter_misc":{"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c":"Sergey Mudrenko","\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f":"12 \u043c\u0438\u043d\u0443\u0442"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#article","isPartOf":{"@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/"},"author":{"name":"Sergey Mudrenko","@id":"https:\/\/amica.ua\/ru\/#\/schema\/person\/837c969717c1d531a74a8d41cf6e72fd"},"headline":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit","datePublished":"2017-11-06T06:54:54+00:00","mainEntityOfPage":{"@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/"},"wordCount":3674,"commentCount":0,"publisher":{"@id":"https:\/\/amica.ua\/ru\/#organization"},"image":{"@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#primaryimage"},"thumbnailUrl":"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig1.png","articleSection":["\u041d\u043e\u0432\u043e\u0441\u0442\u0438"],"inLanguage":"ru-RU","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/","url":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/","name":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica","isPartOf":{"@id":"https:\/\/amica.ua\/ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#primaryimage"},"image":{"@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#primaryimage"},"thumbnailUrl":"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig1.png","datePublished":"2017-11-06T06:54:54+00:00","description":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit - Amica","breadcrumb":{"@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#breadcrumb"},"inLanguage":"ru-RU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/"]}]},{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#primaryimage","url":"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig1.png","contentUrl":"https:\/\/amica.ua\/wp-content\/uploads\/2017\/11\/Fig1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/amica.ua\/ru\/backswing-dostaet-svoj-kozyr-virus-badrabbit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043e\u043b\u043e\u0432\u043d\u0430","item":"https:\/\/amica.ua\/ru\/"},{"@type":"ListItem","position":2,"name":"Backswing \u0434\u043e\u0441\u0442\u0430\u0435\u0442 \u0441\u0432\u043e\u0439 \u043a\u043e\u0437\u044b\u0440\u044c\u2013 \u0432\u0438\u0440\u0443\u0441 Badrabbit"}]},{"@type":"WebSite","@id":"https:\/\/amica.ua\/ru\/#website","url":"https:\/\/amica.ua\/ru\/","name":"Amica","description":"\u0441\u0438\u0441\u0442\u0435\u043c\u043d\u0438\u0439 \u0456\u043d\u0442\u0435\u0433\u0440\u0430\u0442\u043e\u0440","publisher":{"@id":"https:\/\/amica.ua\/ru\/#organization"},"alternateName":"\u0410\u043c\u0456\u043a\u0430","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/amica.ua\/ru\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ru-RU"},{"@type":"Organization","@id":"https:\/\/amica.ua\/ru\/#organization","name":"Amica","alternateName":"\u0410\u043c\u0456\u043a\u0430","url":"https:\/\/amica.ua\/ru\/","logo":{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/amica.ua\/ru\/#\/schema\/logo\/image\/","url":"https:\/\/amica.ua\/wp-content\/uploads\/2024\/01\/fff-amica_logo_true.svg","contentUrl":"https:\/\/amica.ua\/wp-content\/uploads\/2024\/01\/fff-amica_logo_true.svg","width":452,"height":131,"caption":"Amica"},"image":{"@id":"https:\/\/amica.ua\/ru\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/amica.it\/","https:\/\/www.instagram.com\/amica_integration\/?igsh=MWwzZDM1bDA3d2pmMQ","https:\/\/www.youtube.com\/channel\/UCG3_4OsvOOy0Cauv8DgYruw"]},{"@type":"Person","@id":"https:\/\/amica.ua\/ru\/#\/schema\/person\/837c969717c1d531a74a8d41cf6e72fd","name":"Sergey Mudrenko","image":{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/amica.ua\/wp-content\/litespeed\/avatar\/704af47f6d6b9e1e0e44a62bec567970.jpg?ver=1778776550","url":"https:\/\/amica.ua\/wp-content\/litespeed\/avatar\/704af47f6d6b9e1e0e44a62bec567970.jpg?ver=1778776550","contentUrl":"https:\/\/amica.ua\/wp-content\/litespeed\/avatar\/704af47f6d6b9e1e0e44a62bec567970.jpg?ver=1778776550","caption":"Sergey Mudrenko"}}]}},"_links":{"self":[{"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/posts\/27219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/users\/74"}],"replies":[{"embeddable":true,"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/comments?post=27219"}],"version-history":[{"count":0,"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/posts\/27219\/revisions"}],"wp:attachment":[{"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/media?parent=27219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/categories?post=27219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/amica.ua\/ru\/wp-json\/wp\/v2\/tags?post=27219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}