Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

menuPass

menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018) menuPass has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.(Citation: Palo Alto menuPass Feb 2017)(Citation: Crowdstrike CrowdCast Oct 2013)(Citation: FireEye Poison Ivy)(Citation: PWC Cloud Hopper April 2017)(Citation: FireEye APT10 April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
ID: G0045
Associated Groups: BRONZE RIVERSIDE, CVNX, Red Apollo, APT10, Stone Panda, POTASSIUM, HOGFISH, Cicada
Version: 3.0
Created: 31 May 2017
Last Modified: 17 Nov 2024

Associated Group Descriptions

Name Description
BRONZE RIVERSIDE (Citation: SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022)
CVNX (Citation: PWC Cloud Hopper April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
Red Apollo (Citation: PWC Cloud Hopper April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
APT10 (Citation: Palo Alto menuPass Feb 2017)(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)(Citation: DOJ APT10 Dec 2018)(Citation: Symantec Cicada November 2020)
Stone Panda (Citation: Palo Alto menuPass Feb 2017)(Citation: Accenture Hogfish April 2018)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)(Citation: Symantec Cicada November 2020)
POTASSIUM (Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
HOGFISH (Citation: Accenture Hogfish April 2018)
Cicada (Citation: Symantec Cicada November 2020)

Techniques Used

Domain ID Name Use
Enterprise T1087 .002 Account Discovery: Domain Account

menuPass has used the Microsoft administration tool csvde.exe to export Active Directory data.(Citation: PWC Cloud Hopper Technical Annex April 2017)

Enterprise T1583 .001 Acquire Infrastructure: Domains

menuPass has registered malicious domains for use in intrusion campaigns.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1560 .001 Archive Collected Data: Archive via Utility

menuPass has compressed files before exfiltration using TAR and RAR.(Citation: PWC Cloud Hopper April 2017)(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Symantec Cicada November 2020)

Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

menuPass uses PowerSploit to inject shellcode into PowerShell.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Symantec Cicada November 2020)

.003 Command and Scripting Interpreter: Windows Command Shell

menuPass executes commands using a command-line interface and reverse shell. The group has used a modified version of pentesting script wmiexec.vbs to execute commands.(Citation: PWC Cloud Hopper April 2017)(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Github AD-Pentest-Script)(Citation: FireEye APT10 Sept 2018) menuPass has used malicious macros embedded inside Office documents to execute files.(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)

Enterprise T1074 .001 Data Staged: Local Data Staging

menuPass stages data prior to exfiltration in multi-part archives, often saved in the Recycle Bin.(Citation: PWC Cloud Hopper April 2017)

.002 Data Staged: Remote Data Staging

menuPass has staged data on remote MSP systems or other victim networks prior to exfiltration.(Citation: PWC Cloud Hopper April 2017)(Citation: Symantec Cicada November 2020)

Enterprise T1568 .001 Dynamic Resolution: Fast Flux DNS

menuPass has used dynamic DNS service providers to host malicious domains.(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1574 .001 Hijack Execution Flow: DLL

menuPass has used DLL side-loading to launch versions of Mimikatz and PwDump6 as well as UPPERCUT.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: FireEye APT10 Sept 2018)(Citation: Symantec Cicada November 2020) menuPass has also used DLL search order hijacking.(Citation: PWC Cloud Hopper April 2017)

.002 Hijack Execution Flow: DLL Side-Loading

menuPass has used DLL side-loading to launch versions of Mimikatz and PwDump6 as well as UPPERCUT.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: FireEye APT10 Sept 2018)(Citation: Symantec Cicada November 2020)

Enterprise T1070 .003 Indicator Removal: Clear Command History

menuPass has used Wevtutil to remove PowerShell execution logs.(Citation: Securelist APT10 March 2021)

.004 Indicator Removal: File Deletion

A menuPass macro deletes files after it has decoded and decompressed them.(Citation: Accenture Hogfish April 2018)(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1056 .001 Input Capture: Keylogging

menuPass has used key loggers to steal usernames and passwords.(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1036 .003 Masquerading: Rename Legitimate Utilities

menuPass has renamed certutil and moved it to a different location on the system to avoid detection based on use of the tool.(Citation: FireEye APT10 Sept 2018)

.005 Masquerading: Match Legitimate Resource Name or Location

menuPass has been seen changing malicious files to appear legitimate.(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1003 .002 OS Credential Dumping: Security Account Manager

menuPass has used a modified version of pentesting tools wmiexec.vbs and secretsdump.py to dump credentials.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Github AD-Pentest-Script)

.003 OS Credential Dumping: NTDS

menuPass has used Ntdsutil to dump credentials.(Citation: Symantec Cicada November 2020)

.004 OS Credential Dumping: LSA Secrets

menuPass has used a modified version of pentesting tools wmiexec.vbs and secretsdump.py to dump credentials.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Github AD-Pentest-Script)

Enterprise T1027 .013 Obfuscated Files or Information: Encrypted/Encoded File

menuPass has encoded strings in its malware with base64 as well as with a simple, single-byte XOR obfuscation using key 0x40.(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)(Citation: Symantec Cicada November 2020)

Enterprise T1588 .002 Obtain Capabilities: Tool

menuPass has used and modified open-source tools like Impacket, Mimikatz, and pwdump.(Citation: PWC Cloud Hopper Technical Annex April 2017)

Enterprise T1566 .001 Phishing: Spearphishing Attachment

menuPass has sent malicious Office documents via email as part of spearphishing campaigns as well as executables disguised as documents.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: FireEye APT10 April 2017)(Citation: FireEye APT10 Sept 2018)(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1055 .012 Process Injection: Process Hollowing

menuPass has used process hollowing in iexplore.exe to load the RedLeaves implant.(Citation: Accenture Hogfish April 2018)

Enterprise T1090 .002 Proxy: External Proxy

menuPass has used a global service provider's IP as a proxy for C2 traffic from a victim.(Citation: FireEye APT10 April 2017)(Citation: FireEye APT10 Sept 2018)

Enterprise T1021 .001 Remote Services: Remote Desktop Protocol

menuPass has used RDP connections to move across the victim network.(Citation: PWC Cloud Hopper April 2017)(Citation: District Court of NY APT10 Indictment December 2018)

.004 Remote Services: SSH

menuPass has used Putty Secure Copy Client (PSCP) to transfer data.(Citation: PWC Cloud Hopper April 2017)

Enterprise T1053 .005 Scheduled Task/Job: Scheduled Task

menuPass has used a script (atexec.py) to execute a command on a target machine via Task Scheduler.(Citation: PWC Cloud Hopper Technical Annex April 2017)

Enterprise T1553 .002 Subvert Trust Controls: Code Signing

menuPass has resized and added data to the certificate table to enable the signing of modified files with legitimate signatures.(Citation: Securelist APT10 March 2021)

Enterprise T1218 .004 System Binary Proxy Execution: InstallUtil

menuPass has used InstallUtil.exe to execute malicious software.(Citation: PWC Cloud Hopper Technical Annex April 2017)

Enterprise T1204 .002 User Execution: Malicious File

menuPass has attempted to get victims to open malicious files such as Windows Shortcuts (.lnk) and/or Microsoft Office documents, sent via email as part of spearphishing campaigns.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: FireEye APT10 April 2017)(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)(Citation: District Court of NY APT10 Indictment December 2018)

Software

ID Name References Techniques
S0039 Net (Citation: Microsoft Net Utility) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Savill 1999) Domain Account, Local Account, Domain Groups, System Service Discovery, Network Share Discovery, Additional Local or Domain Groups, SMB/Windows Admin Shares, Local Account, Domain Account, System Network Connections Discovery, Local Groups, Network Share Connection Removal, Password Policy Discovery, Remote System Discovery, Service Execution, System Time Discovery
S0160 certutil (Citation: Accenture Hogfish April 2018) (Citation: FireEye APT10 Sept 2018) (Citation: Symantec Cicada November 2020) (Citation: TechNet Certutil) Archive via Utility, Deobfuscate/Decode Files or Information, Install Root Certificate, Ingress Tool Transfer
S0194 PowerSploit (Citation: GitHub PowerSploit May 2012) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: PowerShellMagazine PowerSploit July 2014) (Citation: PowerSploit Documentation) Scheduled Task, Windows Management Instrumentation, Screen Capture, Keylogging, Path Interception by PATH Environment Variable, Audio Capture, Local Account, Windows Service, DLL, Credentials in Registry, Data from Local System, Reflective Code Loading, Security Support Provider, Path Interception by Search Order Hijacking, LSASS Memory, Domain Trust Discovery, Group Policy Preferences, Process Discovery, PowerShell, Registry Run Keys / Startup Folder, Indicator Removal from Tools, Path Interception by Unquoted Path, Query Registry, Path Interception, Windows Credential Manager, Command Obfuscation, Access Token Manipulation, Kerberoasting, Dynamic-link Library Injection
S0153 RedLeaves (Citation: BUGJUICE) (Citation: DOJ APT10 Dec 2018) (Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Twitter Nick Carr APT10) Screen Capture, System Owner/User Discovery, Encrypted/Encoded File, Symmetric Cryptography, DLL, System Information Discovery, Shortcut Modification, Credentials from Web Browsers, System Network Configuration Discovery, File and Directory Discovery, System Network Connections Discovery, Registry Run Keys / Startup Folder, Non-Standard Port, Uncommonly Used Port, Windows Command Shell, File Deletion, Web Protocols, Ingress Tool Transfer, Custom Command and Control Protocol, Commonly Used Port
S0357 Impacket (Citation: Impacket Tools) (Citation: PWC Cloud Hopper Technical Annex April 2017) Windows Management Instrumentation, Security Account Manager, LSA Secrets, Network Sniffing, Ccache Files, LLMNR/NBT-NS Poisoning and SMB Relay, LSASS Memory, Lateral Tool Transfer, NTDS, Service Execution, Kerberoasting
S0624 Ecipekac (Citation: DESLoader) (Citation: HEAVYHAND) (Citation: Securelist APT10 March 2021) (Citation: SigLoader) DLL, Code Signing, Deobfuscate/Decode Files or Information, Obfuscated Files or Information, Ingress Tool Transfer
S0152 EvilGrab (Citation: PWC Cloud Hopper Technical Annex April 2017) Screen Capture, Keylogging, Audio Capture, Video Capture, Registry Run Keys / Startup Folder, Commonly Used Port
S0159 SNUGRIDE (Citation: FireEye APT10 April 2017) Symmetric Cryptography, Registry Run Keys / Startup Folder, Windows Command Shell, Web Protocols
S0628 FYAnti (Citation: DILLJUICE stage2) (Citation: Securelist APT10 March 2021) Deobfuscate/Decode Files or Information, File and Directory Discovery, Software Packing, Ingress Tool Transfer
S1097 HUI Loader (Citation: SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022) DLL, Deobfuscate/Decode Files or Information, Indicator Blocking
S0013 PlugX (Citation: CIRCL PlugX March 2013) (Citation: DOJ APT10 Dec 2018) (Citation: Dell TG-3390) (Citation: DestroyRAT) (Citation: FireEye APT10 April 2017) (Citation: FireEye Clandestine Fox Part 2) (Citation: Kaba) (Citation: Korplug) (Citation: Lastline PlugX Analysis) (Citation: New DragonOK) (Citation: Novetta-Axiom) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Sogu) (Citation: TVT) (Citation: Thoper) Screen Capture, Keylogging, DNS, Match Legitimate Resource Name or Location, Symmetric Cryptography, Windows Service, System Checks, DLL, Network Share Discovery, Native API, Deobfuscate/Decode Files or Information, Disable or Modify System Firewall, Modify Registry, File and Directory Discovery, Masquerade Task or Service, System Network Connections Discovery, Process Discovery, Multiband Communication, Registry Run Keys / Startup Folder, Non-Standard Port, Obfuscated Files or Information, Non-Application Layer Protocol, Query Registry, MSBuild, Windows Command Shell, Web Protocols, DLL Side-Loading, Ingress Tool Transfer, Hidden Files and Directories, Custom Command and Control Protocol, Dead Drop Resolver, Commonly Used Port
S0626 P8RAT (Citation: GreetCake) (Citation: HEAVYPOT) (Citation: Securelist APT10 March 2021) System Checks, Time Based Evasion, Process Discovery, Ingress Tool Transfer, Junk Data
S0627 SodaMaster (Citation: DARKTOWN) (Citation: DelfsCake) (Citation: Securelist APT10 March 2021) (Citation: dfls) System Owner/User Discovery, Symmetric Cryptography, System Checks, System Information Discovery, Native API, Time Based Evasion, Process Discovery, Obfuscated Files or Information, Asymmetric Cryptography, Query Registry, Ingress Tool Transfer
S0006 pwdump (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Wikipedia pwdump) Security Account Manager
S0154 Cobalt Strike (Citation: Securelist APT10 March 2021) (Citation: cobaltstrike manual) Windows Management Instrumentation, Screen Capture, Rundll32, Standard Encoding, Keylogging, JavaScript, Bypass User Account Control, Sudo and Sudo Caching, Security Account Manager, DNS, Domain Account, Symmetric Cryptography, Windows Service, Domain Groups, SSH, System Service Discovery, Code Signing, Network Share Discovery, Application Layer Protocol, Native API, Data from Local System, Deobfuscate/Decode Files or Information, Process Injection, Timestomp, Reflective Code Loading, Scheduled Transfer, SMB/Windows Admin Shares, Protocol Tunneling, Browser Session Hijacking, Modify Registry, Windows Remote Management, LSASS Memory, Distributed Component Object Model, System Network Configuration Discovery, Office Template Macros, File and Directory Discovery, System Network Connections Discovery, Token Impersonation/Theft, Make and Impersonate Token, Process Discovery, Parent PID Spoofing, PowerShell, Multiband Communication, File Transfer Protocols, Local Groups, Disable or Modify Tools, Indicator Removal from Tools, Process Hollowing, Exploitation for Privilege Escalation, Obfuscated Files or Information, Exploitation for Client Execution, Asymmetric Cryptography, Non-Application Layer Protocol, Protocol or Service Impersonation, Query Registry, Data Transfer Size Limits, Domain Accounts, BITS Jobs, Domain Fronting, Python, Windows Command Shell, Web Protocols, Visual Basic, Remote System Discovery, Network Service Discovery, Software Discovery, Pass the Hash, Ingress Tool Transfer, Remote Desktop Protocol, Service Execution, Dynamic-link Library Injection, Internal Proxy, Custom Command and Control Protocol, Commonly Used Port, Local Accounts, Process Argument Spoofing
S0002 Mimikatz (Citation: Adsecurity Mimikatz Guide) (Citation: Deply Mimikatz) (Citation: PWC Cloud Hopper Technical Annex April 2017) Security Account Manager, LSA Secrets, Credentials from Password Stores, Security Support Provider, Rogue Domain Controller, Credentials from Web Browsers, Private Keys, LSASS Memory, Golden Ticket, Pass the Ticket, Steal or Forge Authentication Certificates, Account Manipulation, SID-History Injection, Silver Ticket, Windows Credential Manager, Pass the Hash, DCSync
S0012 PoisonIvy (Citation: Breut) (Citation: Darkmoon) (Citation: District Court of NY APT10 Indictment December 2018) (Citation: FireEye Poison Ivy) (Citation: Novetta-Axiom) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Poison Ivy) (Citation: Symantec Darkmoon Aug 2005) (Citation: Symantec Darkmoon Sept 2014) (Citation: Symantec Elderwood Sept 2012) Keylogging, Rootkit, Local Data Staging, Active Setup, Symmetric Cryptography, Windows Service, Data from Local System, Mutual Exclusion, Application Window Discovery, Modify Registry, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Uncommonly Used Port, Windows Command Shell, Ingress Tool Transfer, Dynamic-link Library Injection
S0097 Ping (Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: TechNet Ping) Remote System Discovery
S0106 cmd (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: TechNet Cmd) (Citation: TechNet Copy) (Citation: TechNet Del) (Citation: TechNet Dir) System Information Discovery, File and Directory Discovery, Lateral Tool Transfer, Windows Command Shell, File Deletion, Ingress Tool Transfer
S0404 esentutl (Citation: FireEye APT10 Sept 2018) (Citation: Microsoft Esentutl) Direct Volume Access, Data from Local System, Lateral Tool Transfer, Ingress Tool Transfer, NTDS, NTFS File Attributes
S0262 QuasarRAT (Citation: DOJ APT10 Dec 2018) (Citation: GitHub QuasarRAT) (Citation: Securelist APT10 March 2021) (Citation: Symantec Cicada November 2020) (Citation: TrendMicro Patchwork Dec 2017) (Citation: Volexity Patchwork June 2018) (Citation: xRAT) Scheduled Task, System Owner/User Discovery, Keylogging, Bypass User Account Control, Symmetric Cryptography, Code Signing, System Information Discovery, Data from Local System, Credentials from Password Stores, Modify Registry, Credentials from Web Browsers, Video Capture, System Network Configuration Discovery, Proxy, Credentials In Files, Registry Run Keys / Startup Folder, Non-Standard Port, Non-Application Layer Protocol, System Location Discovery, Hidden Window, Windows Command Shell, Ingress Tool Transfer, Remote Desktop Protocol, Hidden Files and Directories
S0144 ChChes (Citation: FireEye APT10 April 2017) (Citation: HAYMAKER) (Citation: JPCERT ChChes Feb 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Palo Alto menuPass Feb 2017) (Citation: Scorpion) (Citation: Twitter Nick Carr APT10) Standard Encoding, Match Legitimate Resource Name or Location, Symmetric Cryptography, Code Signing, System Information Discovery, Credentials from Web Browsers, File and Directory Discovery, Process Discovery, Registry Run Keys / Startup Folder, Disable or Modify Tools, Web Protocols, Ingress Tool Transfer
S0552 AdFind (Citation: FireEye FIN6 Apr 2019) (Citation: FireEye Ryuk and Trickbot January 2019) (Citation: Red Canary Hospital Thwarted Ryuk October 2020) (Citation: Symantec Cicada November 2020) Domain Account, Domain Groups, System Network Configuration Discovery, Domain Trust Discovery, Remote System Discovery
S0275 UPPERCUT (Citation: ANEL) (Citation: FireEye APT10 Sept 2018) Screen Capture, System Owner/User Discovery, Symmetric Cryptography, System Information Discovery, System Network Configuration Discovery, File and Directory Discovery, Windows Command Shell, Web Protocols, Ingress Tool Transfer, System Time Discovery
S0029 PsExec (Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Russinovich Sysinternals) (Citation: SANS PsExec) Windows Service, SMB/Windows Admin Shares, Domain Account, Lateral Tool Transfer, Service Execution

References

  1. Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.
  2. United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.
  3. Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.
  4. PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.
  5. Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved November 17, 2024.
  6. PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
  7. Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.
  8. GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.
  9. Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.
  10. FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved September 19, 2024.
  11. US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.
  12. Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.
  13. Counter Threat Unit Research Team . (2022, June 23). BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER. Retrieved December 7, 2023.
  14. FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.