TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する個人の調査・研究ログ

The “Kimsuky” Operation: A North Korean APT?

f:id:tanigawa:20130909135558j:plain
出典: https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/


【ニュース】

◆The “Kimsuky” Operation: A North Korean APT? (SecureList, 2013/09/11 20:10)
https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/


【インディケータ情報】

MD5(ハッシュ)

  • 3baaf1a873304d2d607dbedf47d3e2b4
  • 3195202066f026de3abfe2f966c9b304
  • 4839370628678f0afe3e6875af010839
  • 173c1528dc6364c44e887a6c9bd3e07c
  • 191d2da5da0e37a3bb3cbca830a405ff
  • 5eef25dc875cfcb441b993f7de8c9805
  • b20c5db37bda0db8eb1af8fc6e51e703
  • face9e96058d8fe9750d26dd1dd35876
  • 9f7faf77b1a2918ddf6b1ef344ae199d
  • d0af6b8bdc4766d1393722d2e67a657b
  • 45448a53ec3db51818f57396be41f34f
  • 80cba157c1cd8ea205007ce7b64e0c2a
  • f68fa3d8886ef77e623e5d94e7db7e6c
  • 4a1ac739cd2ca21ad656eaade01a3182
  • 4ea3958f941de606a1ffc527eec6963f
  • 637e0c6d18b4238ca3f85bcaec191291
  • b3caca978b75badffd965a88e08246b0
  • dbedadc1663abff34ea4bdc3a4e03f70
  • 3ae894917b1d8e4833688571a0573de4
  • 8a85bd84c4d779bf62ff257d1d5ab88b
  • d94f7a8e6b5d7fc239690a7e65ec1778
  • f1389f2151dc35f05901aba4e5e473c7
  • 96280f3f9fd8bdbe60a23fa621b85ab6
  • f25c6f40340fcde742018012ea9451e0
  • 122c523a383034a5baef2362cad53d57
  • 2173bbaea113e0c01722ff8bc2950b28
  • 2a0b18fa0887bb014a344dc336ccdc8c
  • ffad0446f46d985660ce1337c9d5eaa2
  • 81b484d3c5c347dc94e611bae3a636a3
  • ab73b1395938c48d62b7eeb5c9f3409d
  • 69930320259ea525844d910a58285e15


■生成するサービス


マルウェアが使用するファイル

  • %windir%system32kbdlv2.dll
  • %windir%system32auto.dll
  • %windir%system32netsvcs.exe
  • %windir%system32netsvcs_ko.dll
  • %windir%system32vcmon.exe
  • %windir%system32svcsmon.exe
  • %windir%system32svcsmon_ko.dll
  • %windir%system32wsmss.exe
  • %temp%~DFE8B437DD7C417A6D.TMP
  • %temp%~DFE8B43.TMP
  • %temp%~tmp.dll
  • C:Windowstaskmgr.exe
  • C:Windowssetup.log
  • C:Windowswinlog.txt
  • C:Windowsupdate.log
  • C:Windowswmdns.log
  • C:Windowsoledvbs.inc
  • C:Windowsweoig.log
  • C:Windowsdata.dat
  • C:Windowssys.log
  • C:WindowsPcMon.exe
  • C:WindowsGoogle Update.exe
  • C:WindowsReadMe.log
  • C:Windowsmsdatt.bat
  • C:Windowsmsdatl3.inc
  • C:Program FilesCommon FilesSystemOle DBmsdmeng.cnt
  • C:Program FilesCommon FilesSystemOle DBxmlrwbin.inc
  • C:Program FilesCommon FilesSystemOle DBmsdapml.cnt
  • C:Program FilesCommon FilesSystemOle DBsqlsoldb.exe
  • C:Program FilesCommon FilesSystemOle DBoledjvs.inc
  • C:Program FilesCommon FilesSystemOle DBoledvbs.inc
  • C:Program FilesCommon FilesSystemOle DBmsolui80.inc
  • C:Program FilesCommon FilesSystemOle DBmsdaipp.cnt
  • C:Program FilesCommon FilesSystemOle DBmsdaerr.cnt
  • C:Program FilesCommon FilesSystemOle DBsqlxmlx.inc
  • <Hangul full path>HncReporter.exe

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2017