あの脆弱性は今 ~ハニーポットで追ってみた~

Transcript

1. 2018೥11݄10೔ ͢ΈͩηΩϡϦςΟษڧձ2018ͦͷ3ൃදࢿྉ ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ @morihi_soc

2. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ 
   XIPBNJ w ৿ٱ
   ࿨ত !NPSJIJ@TPD
   
   w ຊۀ͸ωοτϫʔΫηΩϡϦςΟΤϯδχΞɾΞφϦετ
   w

   झຯͰϋχʔϙοτͷӡ༻Λ͢Δϋχʔϙολʔ
   w ϒϩάˠ
   IUUQTXXXNPSJIJTPDOFU
   w ϋχʔϙολʔٕज़ަྲྀձ
   ओ࠵ऀ
   w IUUQTIBOJQPUFDIDPOOQBTTDPN 2 ࠓ·Ͱʹ͓ੈ࿩ʹͳͬͨΠϕϯτ(Ұ෦) ɾ*5,FZT ݱ4FD$BQ
   ɾωοτϫʔΫύέοτΛಡΉձ Ծ
   ɾ/*4$
   αΠόʔϋϩ΢Οϯ
   ɾ*OUFSOFU8FFL
   
   
   
   
   
   
   ɾ)BSEFOJOH
   ɾTTNKQ
   
   
   
   ɾ"*4FD
   
   
   ɾ4UVEZ$PEF
   ɾULUL
   ηΩϡϦςΟษڧձ
   ɾ૯ؔ੢αΠόʔηΩϡϦςΟ-5େձ
   ɾ08"41
   /BHPZB
   
   
   ɾ*P54FD+1 ग़൛ͨ͠ຊ΍ٕज़ಉਓࢽ NEW 2018೥10݄ˣ

3. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ϋχʔϙοτ w ϋχʔϙοτ )POFZQPU ͱ͸ɺ͋͑ͯ߈ܸΛड͚Δ ͜ͱΛલఏͱͨ͠γεςϜͰ͢ɻ
   w ϋχʔϙοτΛӡ༻͢Δਓͷ͜ͱˠϋχʔϙολʔ
   

   w ϋχʔϙοτͰ͸༷ʑͳϩάΛऩूՄೳ
   w ௕ظతʹϋχʔϙοτΛӡ༻͍ͯ͠Δ͔Βͦ͜ɺ
 ߈ܸͷ܏޲Λ೺Ѳ͢Δ͜ͱ͕Ͱ͖Δ
   w ࠓճ͸ɺڴҖ৘ใ 5ISFBU
   *OUFMMJHFODF ͷ৘ใݯͷ
 ͭͱͯ͠׆༻͢Δࣄྫͷ঺հͰ͢ɻ 3

4. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ηΩϡϦςΟ৘ใͷऩू w ηΩϡϦςΟٕज़ऀ͚ͩͰͳ͘ɺ*5
   ʹؔΘΔਓ͸
 ͳΜΒ͔ͷηΩϡϦςΟ৘ใΛऩू͍ͯ͠ΔͷͰ͸
   w *1"
   ৘ใηΩϡϦςΟ
 IUUQTXXXJQBHPKQTFDVSJUZ
   w

   +1$&35$$
 IUUQTXXXKQDFSUPSKQNFOV@SFDFJWFJOGPSNBUJPOIUNM
   w ಛʹࣗ෼͕ܞΘ͍ͬͯΔ੡඼΍ɺ࢖͍ͬͯΔιϑτ ΢ΣΞɺϥΠϒϥϦ͸ؔ৺͕ߴ͍͸ͣ
 Өڹ༗ແͷ֬ೝ͕ඞਢ 4

5. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ηΩϡϦςΟ৘ใ͕ൃ৴͞ΕΔ࣌ظ w ੬ऑੑ͕ใࠂɾൃݟɾमਖ਼͞Εͨͱ͖
   w ߈ܸίʔυ 1P$ ͕ެ։͞Εͨͱ͖
   w

   ߈ܸΛݕ஌ͨ͠ͱ͖
   w ྲྀߦͷஹ͕͋͠Δͱ͖
   w ݄࣍ɾ࢛൒ظɾقץɾ೥࣍ͳͲͷఆظϨϙʔτ
   ͳͲ 5 Өڹൣғͷେ͖͍΋ͷ΄Ͳ χϡʔεʹͳΓ(औΓ্͛ΒΕ)΍͍͢

6. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ΍͹͍Αɺ΍͹͍Α w ੬ऑੑରࡦ͸ॏཁɻύονద༻΍Ξοϓσʔτ͸ɺ ඞཁͩΑͶɻ
   w Ͱ΋ɺ͜͏͍͏৔߹΋͋Δ
   w ௕࣌ؒࢭΊΒΕͳ͍αʔϏε͔ͩΒɺࠜຊରࡦͷ

   ࣮ࢪ·ͰɺϫʔΫΞϥ΢ϯυͷํ๏Λ࠾༻͢Δ
 4USVUT 44 ΛϑΟϧλͰ͙྇
   w ߈ܸͷྲྀߦΓ͕͓͞·Δ·ͰɺΞΫηε੍ݶΛ͠ ͯ߈ܸΛड͚ΔՄೳੑΛ௿͘͢Δ
 $JTDP
   8FCFY
   Ͱඞཁͳ઀ଓ͢Δάϩʔόϧ
   *1
   ΞυϨε͚ͩΞΫηεΛڐՄ͢Δ 6

7. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ͦͷ৔͠ͷ͗Λղܾ͢Δ࣌ظ w ӡ༻ͰΧόʔ͸ݶք͕͋Δ
   w όʔδϣϯΞοϓ͸͍ͭ΍Δͷ
   w ͦͷ৔͠ͷ͗ͷঢ়ଶ͕ଓ͍͍ͯͳ͍

   
 
 ˠ࣌ظͷݟۃΊɾ൑அͷࢀߟ৘ใͱͯ͠ 7 ߈ܸ͸ऩଋͨ͠ͷ͔?

8. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ൃ৴͞ΕͨηΩϡϦςΟ৘ใͷߟ͑ํ w جຊతʹ߈ܸͷऩଋએݴ͸͞Εͳ͍ͱߟ͑Δ΂͖
   w ߈ܸ৘ใ͕ެ։͞Ε͍ͯΔͱ؆୯ʹɺ޿ൣғʹ߈ ܸ͢Δ͜ͱ͕Ͱ͖Δ
   w αΠόʔۭؒʹ͸໛฿൜΍εΫϦϓτΩσΟͷΑ

   ͏ͳਓ͕ͨͪେ੎ଘࡏ͢Δ
   w ߈ܸ৘ใ͕༰қʹೖखՄೳͰɺ߈ܸऀ͕ଟ਺ଘࡏ͢ Δͷ͔ͩΒɺ͍ͭ߈ܸ͕࠶ൃ΍࠶ྲྀߦͯ͠΋͓͔͠ ͘ͳ͍ɻ
 ˠऩଋએݴ͸ग़ͤͳ͍
   w ͨͩ͠ɺ܏޲ͷมԽ͸ಘΔ͜ͱ͕Ͱ͖Δɻ 8

9. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ϋχʔϙοτͷ௕ظӡ༻ w ܏޲ͷมԽΛࣗ෼Ͱ೺ѲͰ͖ΔΑ
   w ݸਓͰӡ༻͢Δগ਺ͷϋχʔϙοτͰ͑͞߈ܸ͞Ε ΔΑ͏Ͱ͋Ε͹ɺଟ਺ͷϗετΛૂͬͨ߈ܸͱߟ͑ Δ͜ͱ΋Ͱ͖Δ
   w

   ͋͘·Ͱࢀߟఔ౓ 9

10. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ϋχʔϙοτͷ߈ܸ܏޲ w ੬ऑੑΛϐοΫΞοϓͯ͠঺հ
     $(*
    ൛
    1)1
    ͷ੬ऑੑ "QBDIF
    .BHJDB
    

    #BTI 4IFMMTIPDL
     8FC-PHJD
     %SVQBM %SVQBMHFEEPO
     %PDLFS
     K2VFSZ
    w ௐࠪظؒ͸೥݄೔͔Β݄೔·Ͱ
    w ର৅͸
    NPSJIJTPD
    Ͱߏஙɾ؅ཧ͍ͯ͠Δϋχʔϙο τ 808)POFZQPU ͷϩάͷΈ 10 WOWHoneypot: ॳ৺ऀ޲͚! ߈ܸऀΛ͓΋ͯͳ͢͠Δ Web ϋχʔϙοτ https://github.com/morihisa/WOWHoneypot

11. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ิ଍ ϋχʔϙοτͷϩά؅ཧͱௐࠪ 11 ϋχʔϙοτ ϋχʔϙοτ ϋχʔϙοτ Syslog Ͱ

    ϩάΛू໿ खݩʹόοΫ Ξοϓ Google Cloud Storage Google BigQuery Ξοϓϩʔυ Insert

12. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ $(*
    ൛
    1)1
    ͷ੬ऑੑ "QBDIF
    .BHJDB w $(*
    Ͱ࣮ߦ͍ͯ͠Δ
    1)1
    ʹର͢Δ߈ܸ 3$&
    w $7&
    

    w ৽͍͠߈ܸख๏͕ެ։͞Ε೥݄͝Ζʹྲྀߦ
    w "QBDIF
    .BHJDB
    ͱݺ͹ΕΔ 12 ࢀߟ৘ใ CGI൛PHPʹର͢Δຐ๏গঁΞύονϚΪΧ߈ܸΛ؍ଌ͠·ͨ͠
 https://blog.tokumaru.org/2013/11/apache-magica-attack.html CGI൛PHP΁ͷApache Magica߈ܸͷ؍࡯ https://ozuma.hatenablog.jp/entry/20131103/1383413495 ϋχʔϙοτ؍࡯ه࿥(12) https://www.morihi-soc.net/?p=114 PoC ͷίϝϯτʹॻ͔Ε͍ͯΔ https://www.exploit-db.com/exploits/29290/

13. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ "QBDIF
    .BHJDB
    ߈ܸྫ 13 ←ݕ஌ͨ͠ϩάΛ֬ೝ͢Δͱ ߈ܸର৅ͷύε͕%Τϯίʔυ ͞Ε͍ͯΔͷ͕ݟͯऔΕΔɻ ←σίʔυͨ݁͠Ռ Apache Magica

    ͷಛ௃తͳ จࣈྻؚ͕·Ε͍ͯΔɻ

14. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ "QBDIF
    .BHJDB
    ݕ஌ঢ়گ w ೥ܦͬͨࠓ͸ɺҰ݄ʹ਺ճݕ஌͍ͯ͠Δఔ౓ ΄΅ 14

15. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ #BTI 4IFMMTIPDL w -JOVY
    ͷγΣϧͷͭͰ͋Δ
    #BTI
    ͷ؀ڥม਺ͷॲ ཧʹෆඋ͕͋Γɺ೚ҙͷίʔυ࣮ߦ͕Մೳͳ੬ऑੑ
    w $7&
    ͳͲෳ਺
    w

    4IFMMTIPDL
    ͱݺ͹ΕΔ 15 ࢀߟ৘ใ bashͷ੬ऑੑ(CVE-2014-6271) #ShellShock ͷؔ࿈ϦϯΫΛ·ͱΊͯΈͨ http://d.hatena.ne.jp/Kango/20140925/1411612246 GNU bash ͷ੬ऑੑ ʙ shellshock ໰୊ʙ ʹ͍ͭͯ http://www.nca.gr.jp/2014/shellshock/index.html bashʹ͓͚Δ੬ऑੑʮShellshockʯʹ͍ͭͯ https://www.netagent.co.jp/study/blog/ganso/51996406.html ←NHK ͷχϡʔεͰ΋ใಓ͞ΕΔ͘Β͍஫໨౓͕ߴ͔ͬͨ ӾཡͰ΢Πϧεײછ΋ʮ̷̱̰͂ʯʹॏେܽؕ http://www3.nhk.or.jp/news/html/20140927/k10014922101000.html ڕ୓ https://megalodon.jp/2014-0927-2204-24/www3.nhk.or.jp/news/html/20140927/k10014922101000.html

16. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ 4IFMMTIPDL
    ͷ߈ܸྫ w 6TFS"HFOU
    ϔομͳͲɺ)551
    ϔομʹϖΠϩʔ υؚ͕·Ε͍ͯΔɻ 16

17. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ 17 ิ଍ ߈ܸऀΛ͓΋ͯͳ͢͠Δʮ808)POFZQPUʯͷ঺հ ߈ܸऀ WOWHoneypot ᶃअຐ͢ΔͰʙ HTTP ϔομʹ

    echo 2014 | md5sum ΛؚΉ ᶅϘοτʹײછͤͨ͞Ζ wget ͰϑΝΠϧμ΢ϯϩʔυ&࣮ߦ ᶄίϚϯυ࣮ߦ݁ՌͰ͢ɻͲ͏ͧ! Ԡ౴಺༰Ͱʮad43fd99987a8f6a648abe05095bf52cʯΛฦ͢ ͓ͬίϚϯυ࣮ߦ੒ޭ͍ͯ͠Δ΍Μ ίϚϯυ࣮ߦ͠Α͏ͱͯ͠ΔΈ͍ͨ΍ͳ… GitHub→ https://github.com/morihisa/WOWHoneypot ෼ੳ ෼ੳ

18. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ 4IFMMTIPDL
    ݕ஌ঢ়گ w ೥ܦͬͨࠓͰ΋ɺ݅਺͸গͳ͍͕ݕ஌͕͋Δɻ
    w ݄೔ͷ݅ݕ஌͕࠷ଟ 18

19. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ 8FC-PHJD
    ͷ੬ऑੑ w 0SBDMF
    8FC-PHJD
    4FSWFS
    ͷ
    8-4
    4FDVSJUZ
    ʹؔ ͢Δॲཧͷෆඋʹ͓͚Δ੬ऑੑ 3$&
    w $7&
    

    w ೥຤͕େมͳ͜ͱʹɾɾɾ 19 ࢀߟ৘ใ Oracle WebLogic Server ͷ੬ऑੑ (CVE-2017-10271) ʹؔ͢Δ஫ҙשى http://www.jpcert.or.jp/at/2018/at180004.html ϋχʔϙοτ؍࡯ه࿥(38)ʮWebLogic ͷ WLS Security ʹର͢ΔίϚϯυ࣮ߦͷࢼΈ(CVE-2017-10271)ʯ https://www.morihi-soc.net/?p=910 WebLogic ͷ੬ऑੑ(CVE-2017-10271)Λૂ͏߈ܸऀͨͪͷख๏ https://speakerdeck.com/morihi_soc/weblogic-falsecui-ruo-xing-cve-2017-10271-woju-ugong-ji-zhe-tatifalseshou-fa ←2017೥12݄24೔ͷπΠʔτ ߈ܸऀ͔Βͷશવخ͘͠ͳ͍ ϓϨθϯτʹ͍ͭͯڞ༗ https://twitter.com/morihi_soc/status/945054924114599936

20. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ 8FC-PHJD
    ʹର͢Δ߈ܸͷྫ 20

21. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ 8FC-PHJD
    ʹର͢Δ߈ܸͷݕ஌ঢ়گ w (&5
    ʹΑΔ
    8FC-PHJD
    ͷՔಇঢ়گͷௐࠪͱɺ1045 ʹΑΔ߈ܸΛ෼͚ͯάϥϑԽɻ1045
    ͕ѹ౗తଟ਺ɻ 21

22. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ %SVQBM %SVQBMHFEEPO w $.4
    ͷͭͰ͋Δ
    %SVQBM
    ʹ͓͚ΔɺϦϞʔτ͔Β ίʔυ࣮ߦՄೳͳ੬ऑੑ
    w $7&
    $7&
    

    w ೥ͷ੬ऑੑΛኲኵͱͤ͞Δ΄Ͳةݥ౓͕ߴ͍ ͨΊɺ%SVQBMHFEEPO
    ͱݺ͹ΕΔɻ 22 ࢀߟ৘ใ Drupalgeddon2ʹؔ͢ΔݕূϨϙʔτʢCVE-2018-7600ʣ https://www.mbsd.jp/blog/20180420.html Drupalͷ੬ऑੑʹؔ͢ΔݕূϨϙʔτʢCVE-2018-7602ʣ https://www.mbsd.jp/blog/20180502.html Drupalgeddon2 ΛϋχʔϙοτͰ؍࡯ͯ͠Έͨ https://speakerdeck.com/morihi_soc/drupalgeddon2-wohanipotutodeguan-cha-sitemita ը૾Ҿ༻ݩˣ https://scanforsecurity.com/news/drupalgeddon-2-vulnerability-used-infect-servers-backdoors-coinminers.html

23. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ %SVQBMHFEEPO
    ͷ߈ܸྫ w 04
    ίϚϯυΠϯδΣΫγϣϯ͕ଟ͍ 23 ※εϖʔεͷ%20ͳͲΛ URL σίʔυࡁΈ ෳ਺ͷϑΝΠϧʹ෼ׂͯ͠

    ߈ܸऀͷૂ͍ΛӅ͍ͯ͠Δ

24. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ %SVQBMHFEEPO
    ͷݕ஌ঢ়گ w ΄΅ຖ೔ݕ஌͍ͯ͠Δɻ݄೔ͱ೔͸݅௒͑ 24

25. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ %PDLFS w ઃఆෆඋͷঢ়ଶͩͱɺϦϞʔτ͔Β
    "1*
    ܦ༝Ͱίϯ ςφΛىಈՄೳ ੬ऑੑͰ͸ͳ͍
    w )BSEFOJOH
    **
    $PMMFDUJWF


    ೥݄։࠵ Ͱ࢓ࠐ·
 Ε͍ͯͨωλͷͭΒ͍͠
    w ೥݄݄͸ɺ೔ʹ
 ਺े݅ͷݕ஌͕͋Γ·ͨ͠ˠ 25 ࢀߟ৘ใ Docker ίϯςφͷઃఆෆඋΛѱ༻͠Ծ૝௨՟ൃ۷Ϛϧ΢ΣΞΛ֦ࢄ͢Δ߈ܸΛ֬ೝ https://blog.trendmicro.co.jp/archives/19773 Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers https://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same- Origin-Bypass-And-Persistence.pdf https://twitter.com/morihi_soc/status/1015530623279120384

26. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ %PDLFS
    ʹର͢Δ߈ܸͷྫ w ίϯςφͰ࣮ߦ͍ͨ͠γΣϧεΫϦϓτΛμ΢ϯϩʔ υ͓Αͼ࣮ߦ͢Δ಺༰ؚ͕·Ε͍ͯΔɻ 26

27. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ %PDLFS
    ʹର͢Δ߈ܸͷݕ஌ঢ়گ w ݄͸΄ͱΜͲݕ஌ͳ͠ɻ݄த०͝Ζ͔Β૿Ճ
    w ݄೔͕݅Ͱ࠷ଟ 27

28. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ K2VFSZ w ೚ҙͷϑΝΠϧ͕ΞοϓϩʔυՄೳͳ੬ऑੑɻ 8PSE1SFTT
    ͷϓϥάΠϯͳͲʹ΋࢖ΘΕ͍ͯΔͷ ͰӨڹൣғ͕޿͍ɻ
    w $7&
    w

    ݸਓతʹ਺೥લ͔Βɺ40$
    ͷ෼ੳऀ΍
    8PSE1SFTT
    ؅ཧऀɺ8FC
    αʔό؅ཧऀɺϋχʔϙολʔʹ͸ط ஌ͷ੬ऑੑͩͱࢥ͍ͬͯͨɻ
 खݩͷϩάͩͱ೥݄೔ʹࠟ੻༗Γ 28 ࢀߟ৘ใ Thousands of applications affected by a zero-day issue in jQuery File Upload plugin https://securityaffairs.co/wordpress/77245/hacking/jquery-file-upload-plugin-0day.html Having The Security Rug Pulled Out From Under You https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html

29. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ K2VFSZ
    ʹର͢Δ߈ܸͷྫ w 8PSE1SFTT
    ϓϥάΠϯΛૂ͍ͬͯΔ 29 த਎͸ϑΝΠϧͷ ΞοϓϩʔυػೳΛ ࣋ͭ WebShell

    →

30. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ K2VFSZ
    ʹର͢Δ߈ܸͷݕ஌ঢ়گ w ݄೔ʹෳ਺ͷεΩϟϯΛݕ஌ ݅
    w ͦͷޙɺ੬ऑੑ͕૽͕Ε݄ͨ೔ʹݕ஌͕ٸ૿ 30

31. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ ·ͱΊ w ηΩϡϦςΟ৘ใͷऩू͸ॏཁɻͨͩ͠ɺެ։͞Ε ͨ߈ܸ৘ใʹ͍ͭͯɺऩଋએݴ͸͞Εͳ͍ͱߟ͑ͨ ํ͕͍͍ɻ
    w ϋχʔϙοτΛ௕ظӡ༻͢Δͱɺ߈ܸͷ܏޲มԽΛ ೺Ѳ͢Δ͜ͱ͕Մೳɻ
    

    w ੈؒͰ૽͕Εͨ੬ऑੑɺ૽͕Εͳ͔ͬͨ੬ऑੑͲͪ Β΋߈ܸ͸͞Εଓ͚͍ͯΔɻ 31 ৽چ໰Θͣɺࣗ෼ʹؔΘΓͷ͋Δ੬ऑੑ ৘ใ͸ऩूɾ׆༻͍͖ͯ͠·͠ΐ͏ ৘ใऩूͷબ୒ࢶͷ1ͭʹϋχʔϙοτ΋Ͳ͏ͧ(খ੠)

32. ͋ͷ੬ऑੑ͸ࠓ ʙϋχʔϙοτͰ௥ͬͯΈͨʙ )BQQZ
    )POFZQPU 32 ↑2018೥10݄20೔ ਗ਼ਫެԂ(ՖϑΝϯλδΞ)ͰࡱӨ ৯஬২෺Ͱ͸ͳ͍ɻ ͓͠·͍