{"id":1083,"date":"2019-01-24T07:58:58","date_gmt":"2019-01-24T07:58:58","guid":{"rendered":"http:\/\/material.watanab2.mbsrv.net\/blog\/?p=1083"},"modified":"2023-02-13T07:54:06","modified_gmt":"2023-02-13T07:54:06","slug":"mac-osx%e3%81%aeboot-loader-malware","status":"publish","type":"post","link":"https:\/\/material.watanab2.mbsrv.net\/blog\/2019\/01\/mac-osx%e3%81%aeboot-loader-malware\/","title":{"rendered":"Mac OSX\u306eboot loader\u306b\u3042\u308b\u30de\u30eb\u30a6\u30a8\u30a2\u306e\u898b\u3064\u3051\u65b9"},"content":{"rendered":"\n

\u96fb\u6e90\u30b9\u30a4\u30c3\u30c1\u3092\u5165\u308c\u3066\u304b\u3089\u6700\u521d\u306b\u8d77\u52d5\u3059\u308bboot loader<\/strong>\u3068\u3044\u3046\u306e\u306b\u30de\u30eb\u30a6\u30a7\u30a2\u304c\u57cb\u3081\u8fbc\u307e\u308c\u308b\u3053\u3068\u304c\u591a\u3044\u3089\u3057\u3044\u3067\u3059\u3002\u3068\u308a\u3042\u3048\u305a\u306f\u3069\u3046\u3084\u3063\u3066\u30a2\u30af\u30bb\u30b9\u3059\u308b\u304b\u3001\u307e\u3067\u3092\u3002\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308c\u3070boot loader\u306e\u30d5\u30a1\u30a4\u30eb\u3092VirusTotal<\/strong>\u306b\u3042\u3052\u3066\u30c1\u30a7\u30c3\u30af\u304c\u53ef\u80fd\u306a\u306e\u3067\u305d\u3053\u307e\u3067\u3092\u66f8\u304d\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n

MacBook-Air:~ $ diskutil list
\/dev\/disk0 (internal, physical):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *121.3 GB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_APFS Container disk1 121.1 GB disk0s2<\/p>\n\n\n\n

\/dev\/disk1 (synthesized):
#: TYPE NAME SIZE IDENTIFIER
0: APFS Container Scheme – +121.1 GB disk1
Physical Store disk0s2
1: APFS Volume Macintosh HD 99.9 GB disk1s1
2: APFS Volume Preboot 43.9 MB disk1s2
3: APFS Volume Recovery 517.0 MB disk1s3
4: APFS Volume VM 2.1 GB disk1s<\/p>\n\n\n\n

\u30bf\u30fc\u30df\u30ca\u30eb\u304b\u3089diskutil list\u3067\u30c7\u30a3\u30b9\u30af\u540d\u3092\u8868\u793a\u30021:\u306eEFI EFI \u3068\u66f8\u3044\u3066\u3042\u308bdisk0s1\u304c\u521d\u56de\u30d6\u30fc\u30c8\u306b\u4f7f\u3046\u30c7\u30a3\u30b9\u30af\u3067\u3059\u3002<\/p>\n\n\n\n

\/dev\/disk0s1 \u306b\u305d\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308b\u304b\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002<\/p>\n\n\n\n

ls \/dev\/disk* <\/p>\n\n\n\n

\u3067\u30de\u30a6\u30f3\u30c8\u53ef\u80fd\u306a\u30c7\u30a3\u30b9\u30af\u4e00\u89a7\u304c\u51fa\u307e\u3059\u3002<\/p>\n\n\n\n

sudo diskutil mount \/dev\/disk0s1<\/p>\n\n\n\n

\u3053\u308c\u3067 \/Volumes\u4ee5\u4e0b\u306b\u3001EFI \u3068\u3044\u3046\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u30de\u30a6\u30f3\u30c8\u3055\u308c\u3066dis0s1\u306e\u5185\u5bb9\u304c\u307f\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n

\u5909\u306b\u3044\u3058\u308b\u3068\u6b21\u56de\u8d77\u52d5\u3057\u306a\u304f\u306a\u308b\u6050\u308c\u3082\u3042\u308b\u306e\u3067\u3001\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u65e9\u3081\u306b\u30de\u30a6\u30f3\u30c8\u89e3\u9664\u3057\u3066\u3057\u307e\u3044\u307e\u3059\u3002<\/p>\n\n\n\n

cp \/Volumes\/EFI Desktop (\u30c7\u30b9\u30af\u30c8\u30c3\u30d7\u306b\u30b3\u30d4\u30fc)<\/p>\n\n\n\n

sudo diskutil umount \/dev\/disk0s1(EFI\u306e\u30de\u30a6\u30f3\u30c8\u89e3\u9664)<\/p>\n\n\n\n

EFI\u5185\u306eFIRMWARE\u306a\u3069\u306e\u30d5\u30a1\u30a4\u30eb\u3092VirusTotal\u306b\u3042\u3052\u3066\u307f\u305f\u3068\u3053\u308d\u3001Relation\u3092\u898b\u308b\u3068DOS.EXE\u3068\u3044\u3046\u306e\u304c\u305f\u304f\u3055\u3093\u3042\u308a\u307e\u3057\u305f\u3002\u305f\u3076\u3093\u3053\u308c\u3092\u8d77\u52d5\u3055\u305b\u3066\u304a\u3051\u3070\u5f8c\u3005\u5225\u306e\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u3053\u308c\u308b\u3084\u3064\u304b\u3082\u3057\u308c\u306a\u3044\u3067\u3059\u3002\u5168\u3066.EXE\u306a\u306e\u3067Mac\u306b\u306f\u5f71\u97ff\u306a\u3044\u6a21\u69d8\u3002<\/strong><\/p>\n\n\n\n

\"MacOS\u306eboot<\/figure>\n\n\n\n
\"EXE\u30d5\u30a1\u30a4\u30eb\u304c\u5927\u91cf\u306b\u898b\u3064\u304b\u308a\u307e\u3057\u305f\"<\/figure>\n\n\n\n

\u3053\u3053\u307e\u3067boot loader\u3001MBR\u3001gpt\u306a\u3069\u306eOS\u8d77\u52d5\u524d\u306b\u5b9f\u884c\u3055\u308c\u308b\u30de\u30eb\u30a6\u30a7\u30a2\u306e\u767a\u898b\u306e\u4ed5\u65b9\u3067\u3057\u305f\u3002\u767a\u898b\u3055\u3048\u3067\u304d\u308c\u3070\u5f8c\u306f\u306a\u3093\u3068\u3067\u3082\u306a\u308a\u305d\u3046\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u96fb\u6e90\u30b9\u30a4\u30c3\u30c1\u3092\u5165\u308c\u3066\u304b\u3089\u6700\u521d\u306b\u8d77\u52d5\u3059\u308bboot loader\u3068\u3044\u3046\u306e\u306b\u30de\u30eb\u30a6\u30a7\u30a2\u304c\u57cb\u3081\u8fbc\u307e\u308c\u308b\u3053\u3068\u304c\u591a\u3044\u3089\u3057\u3044\u3067\u3059\u3002\u3068\u308a\u3042\u3048\u305a\u306f\u3069\u3046\u3084\u3063\u3066\u30a2\u30af\u30bb\u30b9\u3059\u308b\u304b\u3001\u307e\u3067\u3092\u3002\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308c\u3070boot loader\u306e\u30d5\u30a1\u30a4\u30eb\u3092Viru … “Mac OSX\u306eboot loader\u306b\u3042\u308b\u30de\u30eb\u30a6\u30a8\u30a2\u306e\u898b\u3064\u3051\u65b9” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[162],"tags":[73,159],"class_list":["post-1083","post","type-post","status-publish","format-standard","hentry","category-software-categories","tag-how-to-guide","tag-159"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/posts\/1083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/comments?post=1083"}],"version-history":[{"count":3,"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/posts\/1083\/revisions"}],"predecessor-version":[{"id":3406,"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/posts\/1083\/revisions\/3406"}],"wp:attachment":[{"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/media?parent=1083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/categories?post=1083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/material.watanab2.mbsrv.net\/blog\/wp-json\/wp\/v2\/tags?post=1083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}