Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Преступная группа menuPass
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Преступная группа
menuPass
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

menuPass

menuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018) menuPass has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.(Citation: Palo Alto menuPass Feb 2017)(Citation: Crowdstrike CrowdCast Oct 2013)(Citation: FireEye Poison Ivy)(Citation: PWC Cloud Hopper April 2017)(Citation: FireEye APT10 April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
ID: G0045
Associated Groups: HOGFISH, POTASSIUM, Stone Panda, APT10, Red Apollo, CVNX, Cicada
Version: 2.1
Created: 31 May 2017
Last Modified: 20 Jul 2022

Associated Group Descriptions
Name Description
HOGFISH (Citation: Accenture Hogfish April 2018)
POTASSIUM (Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
Stone Panda (Citation: Palo Alto menuPass Feb 2017)(Citation: Accenture Hogfish April 2018)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)(Citation: Symantec Cicada November 2020)
APT10 (Citation: Palo Alto menuPass Feb 2017)(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)(Citation: DOJ APT10 Dec 2018)(Citation: Symantec Cicada November 2020)
Red Apollo (Citation: PWC Cloud Hopper April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
CVNX (Citation: PWC Cloud Hopper April 2017)(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
Cicada (Citation: Symantec Cicada November 2020)

Techniques Used
Domain ID Name Use
Enterprise T1087 .002 Account Discovery: Domain Account

menuPass has used the Microsoft administration tool csvde.exe to export Active Directory data.(Citation: PWC Cloud Hopper Technical Annex April 2017)
Enterprise T1583 .001 Acquire Infrastructure: Domains

menuPass has registered malicious domains for use in intrusion campaigns.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018)
Enterprise T1560 .001 Archive Collected Data: Archive via Utility

menuPass has compressed files before exfiltration using TAR and RAR.(Citation: PWC Cloud Hopper April 2017)(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Symantec Cicada November 2020)
Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

menuPass uses PowerSploit to inject shellcode into PowerShell.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Symantec Cicada November 2020)
.003 Command and Scripting Interpreter: Windows Command Shell

menuPass executes commands using a command-line interface and reverse shell. The group has used a modified version of pentesting script wmiexec.vbs to execute commands.(Citation: PWC Cloud Hopper April 2017)(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Github AD-Pentest-Script)(Citation: FireEye APT10 Sept 2018) menuPass has used malicious macros embedded inside Office documents to execute files.(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)

Enterprise T1074 .001 Data Staged: Local Data Staging

menuPass stages data prior to exfiltration in multi-part archives, often saved in the Recycle Bin.(Citation: PWC Cloud Hopper April 2017)
.002 Data Staged: Remote Data Staging

menuPass has staged data on remote MSP systems or other victim networks prior to exfiltration.(Citation: PWC Cloud Hopper April 2017)(Citation: Symantec Cicada November 2020)

Enterprise T1568 .001 Dynamic Resolution: Fast Flux DNS

menuPass has used dynamic DNS service providers to host malicious domains.(Citation: District Court of NY APT10 Indictment December 2018)
Enterprise T1574 .001 Hijack Execution Flow: DLL Search Order Hijacking

menuPass has used DLL search order hijacking.(Citation: PWC Cloud Hopper April 2017)
.002 Hijack Execution Flow: DLL Side-Loading

menuPass has used DLL side-loading to launch versions of Mimikatz and PwDump6 as well as UPPERCUT.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: FireEye APT10 Sept 2018)(Citation: Symantec Cicada November 2020)

Enterprise T1070 .003 Indicator Removal: Clear Command History

menuPass has used Wevtutil to remove PowerShell execution logs.(Citation: Securelist APT10 March 2021)
.004 Indicator Removal: File Deletion

A menuPass macro deletes files after it has decoded and decompressed them.(Citation: Accenture Hogfish April 2018)(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1056 .001 Input Capture: Keylogging

menuPass has used key loggers to steal usernames and passwords.(Citation: District Court of NY APT10 Indictment December 2018)
Enterprise T1036 .003 Masquerading: Rename System Utilities

menuPass has renamed certutil and moved it to a different location on the system to avoid detection based on use of the tool.(Citation: FireEye APT10 Sept 2018)
.005 Masquerading: Match Legitimate Name or Location

menuPass has been seen changing malicious files to appear legitimate.(Citation: District Court of NY APT10 Indictment December 2018)

Enterprise T1003 .002 OS Credential Dumping: Security Account Manager

menuPass has used a modified version of pentesting tools wmiexec.vbs and secretsdump.py to dump credentials.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Github AD-Pentest-Script)
.003 OS Credential Dumping: NTDS

menuPass has used Ntdsutil to dump credentials.(Citation: Symantec Cicada November 2020)

.004 OS Credential Dumping: LSA Secrets

menuPass has used a modified version of pentesting tools wmiexec.vbs and secretsdump.py to dump credentials.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: Github AD-Pentest-Script)

Enterprise T1588 .002 Obtain Capabilities: Tool

menuPass has used and modified open-source tools like Impacket, Mimikatz, and pwdump.(Citation: PWC Cloud Hopper Technical Annex April 2017)
Enterprise T1566 .001 Phishing: Spearphishing Attachment

menuPass has sent malicious Office documents via email as part of spearphishing campaigns as well as executables disguised as documents.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: FireEye APT10 April 2017)(Citation: FireEye APT10 Sept 2018)(Citation: District Court of NY APT10 Indictment December 2018)
Enterprise T1055 .012 Process Injection: Process Hollowing

menuPass has used process hollowing in iexplore.exe to load the RedLeaves implant.(Citation: Accenture Hogfish April 2018)
Enterprise T1090 .002 Proxy: External Proxy

menuPass has used a global service provider's IP as a proxy for C2 traffic from a victim.(Citation: FireEye APT10 April 2017)(Citation: FireEye APT10 Sept 2018)
Enterprise T1021 .001 Remote Services: Remote Desktop Protocol

menuPass has used RDP connections to move across the victim network.(Citation: PWC Cloud Hopper April 2017)(Citation: District Court of NY APT10 Indictment December 2018)
.004 Remote Services: SSH

menuPass has used Putty Secure Copy Client (PSCP) to transfer data.(Citation: PWC Cloud Hopper April 2017)

Enterprise T1053 .005 Scheduled Task/Job: Scheduled Task

menuPass has used a script (atexec.py) to execute a command on a target machine via Task Scheduler.(Citation: PWC Cloud Hopper Technical Annex April 2017)
Enterprise T1553 .002 Subvert Trust Controls: Code Signing

menuPass has resized and added data to the certificate table to enable the signing of modified files with legitimate signatures.(Citation: Securelist APT10 March 2021)
Enterprise T1218 .004 System Binary Proxy Execution: InstallUtil

menuPass has used InstallUtil.exe to execute malicious software.(Citation: PWC Cloud Hopper Technical Annex April 2017)
Enterprise T1204 .002 User Execution: Malicious File

menuPass has attempted to get victims to open malicious files such as Windows Shortcuts (.lnk) and/or Microsoft Office documents, sent via email as part of spearphishing campaigns.(Citation: PWC Cloud Hopper Technical Annex April 2017)(Citation: FireEye APT10 April 2017)(Citation: Accenture Hogfish April 2018)(Citation: FireEye APT10 Sept 2018)(Citation: District Court of NY APT10 Indictment December 2018)

Software
ID Name References Techniques
S0039 Net (Citation: Microsoft Net Utility) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Savill 1999) Password Policy Discovery, Domain Groups, System Time Discovery, Domain Account, Local Account, System Service Discovery, Remote System Discovery, Network Share Discovery, System Network Connections Discovery, Network Share Connection Removal, Service Execution, Local Account, Local Groups, SMB/Windows Admin Shares, Domain Account
S0160 certutil (Citation: Accenture Hogfish April 2018) (Citation: FireEye APT10 Sept 2018) (Citation: Symantec Cicada November 2020) (Citation: TechNet Certutil) Install Root Certificate, Deobfuscate/Decode Files or Information, Ingress Tool Transfer
S0194 PowerSploit (Citation: GitHub PowerSploit May 2012) (Citation: PowerShellMagazine PowerSploit July 2014) (Citation: PowerSploit Documentation) (Citation: PWC Cloud Hopper Technical Annex April 2017) Path Interception by PATH Environment Variable, Keylogging, Reflective Code Loading, Credentials in Registry, Indicator Removal from Tools, Audio Capture, Windows Management Instrumentation, Path Interception by Unquoted Path, Query Registry, Data from Local System, Group Policy Preferences, Path Interception, Dynamic-link Library Injection, Obfuscated Files or Information, Access Token Manipulation, Windows Service, Screen Capture, Registry Run Keys / Startup Folder, Scheduled Task, DLL Search Order Hijacking, Path Interception by Search Order Hijacking, Kerberoasting, Local Account, Security Support Provider, Process Discovery, Windows Credential Manager, PowerShell, Domain Trust Discovery, LSASS Memory
S0153 RedLeaves (Citation: BUGJUICE) (Citation: DOJ APT10 Dec 2018) (Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Twitter Nick Carr APT10) Shortcut Modification, Commonly Used Port, DLL Search Order Hijacking, Credentials from Web Browsers, Custom Command and Control Protocol, Uncommonly Used Port, Screen Capture, Obfuscated Files or Information, File Deletion, Windows Command Shell, System Network Configuration Discovery, System Information Discovery, Symmetric Cryptography, System Owner/User Discovery, Web Protocols, File and Directory Discovery, Non-Standard Port, Registry Run Keys / Startup Folder, System Network Connections Discovery, Ingress Tool Transfer
S0357 Impacket (Citation: Impacket Tools) (Citation: PWC Cloud Hopper Technical Annex April 2017) LLMNR/NBT-NS Poisoning and SMB Relay, Network Sniffing, Kerberoasting, NTDS, Service Execution, LSASS Memory, Windows Management Instrumentation, Security Account Manager, LSA Secrets
S0624 Ecipekac (Citation: DESLoader) (Citation: HEAVYHAND) (Citation: Securelist APT10 March 2021) (Citation: SigLoader) Obfuscated Files or Information, Code Signing, DLL Side-Loading, Ingress Tool Transfer, Deobfuscate/Decode Files or Information
S0152 EvilGrab (Citation: PWC Cloud Hopper Technical Annex April 2017) Keylogging, Audio Capture, Video Capture, Commonly Used Port, Screen Capture, Registry Run Keys / Startup Folder
S0159 SNUGRIDE (Citation: FireEye APT10 April 2017) Web Protocols, Registry Run Keys / Startup Folder, Windows Command Shell, Symmetric Cryptography
S0628 FYAnti (Citation: DILLJUICE stage2) (Citation: Securelist APT10 March 2021) Ingress Tool Transfer, File and Directory Discovery, Deobfuscate/Decode Files or Information, Software Packing
S0013 PlugX (Citation: CIRCL PlugX March 2013) (Citation: Dell TG-3390) (Citation: DestroyRAT) (Citation: DOJ APT10 Dec 2018) (Citation: FireEye APT10 April 2017) (Citation: FireEye Clandestine Fox Part 2) (Citation: Kaba) (Citation: Korplug) (Citation: Lastline PlugX Analysis) (Citation: New DragonOK) (Citation: Novetta-Axiom) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Sogu) (Citation: Thoper) (Citation: TVT) Modify Registry, File and Directory Discovery, Masquerade Task or Service, Hidden Files and Directories, Multiband Communication, Non-Application Layer Protocol, Keylogging, Dead Drop Resolver, DLL Side-Loading, Process Discovery, Query Registry, DLL Search Order Hijacking, Network Share Discovery, MSBuild, Web Protocols, Windows Service, Windows Command Shell, Ingress Tool Transfer, System Checks, System Network Connections Discovery, Match Legitimate Name or Location, Registry Run Keys / Startup Folder, Custom Command and Control Protocol, DNS, Screen Capture, Commonly Used Port, Symmetric Cryptography, Deobfuscate/Decode Files or Information, Native API, Obfuscated Files or Information
S0626 P8RAT (Citation: GreetCake) (Citation: HEAVYPOT) (Citation: Securelist APT10 March 2021) Time Based Evasion, Process Discovery, Junk Data, System Checks, Ingress Tool Transfer
S0627 SodaMaster (Citation: DARKTOWN) (Citation: DelfsCake) (Citation: dfls) (Citation: Securelist APT10 March 2021) Ingress Tool Transfer, Native API, System Checks, Asymmetric Cryptography, Time Based Evasion, Obfuscated Files or Information, System Owner/User Discovery, System Information Discovery, Symmetric Cryptography, Process Discovery, Query Registry
S0006 pwdump (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Wikipedia pwdump) Security Account Manager
S0154 Cobalt Strike (Citation: cobaltstrike manual) (Citation: Securelist APT10 March 2021) Domain Fronting, Sudo and Sudo Caching, Code Signing, Scheduled Transfer, JavaScript, Remote Desktop Protocol, Native API, Pass the Hash, Domain Accounts, Indicator Removal from Tools, Bypass User Account Control, System Network Configuration Discovery, Service Execution, PowerShell, Web Protocols, Application Layer Protocol, Data from Local System, Disable or Modify Tools, Dynamic-link Library Injection, Local Accounts, Multiband Communication, Keylogging, Distributed Component Object Model, Process Discovery, BITS Jobs, Process Hollowing, Software Discovery, Local Accounts, BITS Jobs, Remote Desktop Protocol, Internal Proxy, Exploitation for Privilege Escalation, Screen Capture, Process Argument Spoofing, Modify Registry, Domain Groups, System Network Connections Discovery, Protocol Impersonation, Parent PID Spoofing, Token Impersonation/Theft, Protocol Tunneling, Windows Service, Visual Basic, Native API, Parent PID Spoofing, Process Injection, System Service Discovery, Timestomp, System Network Configuration Discovery, SSH, File and Directory Discovery, DNS, Token Impersonation/Theft, DNS, Bypass User Account Control, Process Hollowing, Scheduled Transfer, Security Account Manager, Local Groups, PowerShell, SSH, Python, Reflective Code Loading, Remote System Discovery, LSASS Memory, Screen Capture, Commonly Used Port, Query Registry, Domain Account, Data Transfer Size Limits, Network Service Discovery, Pass the Hash, Domain Accounts, Network Share Discovery, Web Protocols, Asymmetric Cryptography, Windows Command Shell, Process Injection, Browser Session Hijacking, Deobfuscate/Decode Files or Information, Remote System Discovery, Visual Basic, Protocol Tunneling, Exploitation for Privilege Escalation, Windows Management Instrumentation, Keylogging, Browser Session Hijacking, Windows Remote Management, Symmetric Cryptography, Non-Application Layer Protocol, Standard Encoding, Ingress Tool Transfer, Indicator Removal from Tools, Domain Account, Internal Proxy, Service Execution, Windows Remote Management, SMB/Windows Admin Shares, Rundll32, Windows Service, Application Layer Protocol, Python, SMB/Windows Admin Shares, Windows Management Instrumentation, Security Account Manager, Make and Impersonate Token, Exploitation for Client Execution, Network Service Discovery, Timestomp, Distributed Component Object Model, Multiband Communication, Commonly Used Port, Network Share Discovery, Custom Command and Control Protocol, Process Discovery, Make and Impersonate Token, Data from Local System, Office Template Macros, Windows Command Shell, Obfuscated Files or Information
S0002 Mimikatz (Citation: Adsecurity Mimikatz Guide) (Citation: Deply Mimikatz) (Citation: PWC Cloud Hopper Technical Annex April 2017) DCSync, Credentials from Password Stores, Rogue Domain Controller, Private Keys, SID-History Injection, Security Support Provider, Pass the Hash, Account Manipulation, Pass the Ticket, Credentials from Web Browsers, Golden Ticket, Security Account Manager, LSASS Memory, Silver Ticket, Windows Credential Manager, Steal or Forge Authentication Certificates, LSA Secrets
S0012 PoisonIvy (Citation: Breut) (Citation: Darkmoon) (Citation: District Court of NY APT10 Indictment December 2018) (Citation: FireEye Poison Ivy) (Citation: Novetta-Axiom) (Citation: Poison Ivy) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Symantec Darkmoon Aug 2005) (Citation: Symantec Darkmoon Sept 2014) (Citation: Symantec Elderwood Sept 2012) Windows Service, Modify Registry, Uncommonly Used Port, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Keylogging, Active Setup, Dynamic-link Library Injection, Local Data Staging, Windows Command Shell, Ingress Tool Transfer, Symmetric Cryptography, Data from Local System, Application Window Discovery, Rootkit
S0097 Ping (Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: TechNet Ping) Remote System Discovery
S0106 cmd (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: TechNet Cmd) (Citation: TechNet Copy) (Citation: TechNet Del) (Citation: TechNet Dir) File and Directory Discovery, Ingress Tool Transfer, System Information Discovery, File Deletion, Windows Command Shell, Lateral Tool Transfer
S0404 esentutl (Citation: FireEye APT10 Sept 2018) (Citation: Microsoft Esentutl) Lateral Tool Transfer, NTDS, NTFS File Attributes, Ingress Tool Transfer, Data from Local System
S0262 QuasarRAT (Citation: DOJ APT10 Dec 2018) (Citation: GitHub QuasarRAT) (Citation: Securelist APT10 March 2021) (Citation: Symantec Cicada November 2020) (Citation: TrendMicro Patchwork Dec 2017) (Citation: Volexity Patchwork June 2018) (Citation: xRAT) Remote Desktop Protocol, Keylogging, Symmetric Cryptography, Credentials from Web Browsers, Registry Run Keys / Startup Folder, Hidden Window, System Information Discovery, Ingress Tool Transfer, System Location Discovery, Modify Registry, Hidden Files and Directories, System Owner/User Discovery, Bypass User Account Control, Data from Local System, Non-Application Layer Protocol, System Network Configuration Discovery, Credentials from Password Stores, Credentials In Files, Windows Command Shell, Proxy, Non-Standard Port, Code Signing, Scheduled Task, Video Capture
S0144 ChChes (Citation: FireEye APT10 April 2017) (Citation: HAYMAKER) (Citation: JPCERT ChChes Feb 2017) (Citation: Palo Alto menuPass Feb 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Scorpion) (Citation: Twitter Nick Carr APT10) Web Protocols, Disable or Modify Tools, Registry Run Keys / Startup Folder, Standard Encoding, Ingress Tool Transfer, Credentials from Web Browsers, System Information Discovery, File and Directory Discovery, Symmetric Cryptography, Match Legitimate Name or Location, Process Discovery, Code Signing
S0552 AdFind (Citation: FireEye FIN6 Apr 2019) (Citation: FireEye Ryuk and Trickbot January 2019) (Citation: Red Canary Hospital Thwarted Ryuk October 2020) (Citation: Symantec Cicada November 2020) Domain Trust Discovery, Domain Groups, System Network Configuration Discovery, Remote System Discovery, Domain Account
S0275 UPPERCUT (Citation: ANEL) (Citation: FireEye APT10 Sept 2018) Web Protocols, System Time Discovery, System Owner/User Discovery, Windows Command Shell, Screen Capture, Symmetric Cryptography, System Network Configuration Discovery, System Information Discovery, Ingress Tool Transfer, File and Directory Discovery
S0029 PsExec (Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: Russinovich Sysinternals) (Citation: SANS PsExec) SMB/Windows Admin Shares, Windows Service, Lateral Tool Transfer, Service Execution, Domain Account

References

  1. FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.
  2. Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.
  3. PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
  4. Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.
  5. United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.
  6. US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.
  7. GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.
  8. Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.
  9. Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.
  10. PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.
  11. Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved March 1, 2017.
  12. FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved November 12, 2014.
  13. Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.