2017-12-14

産業制御システム（ICS）への新たな攻撃フレームワーク「TRITON」が重要インフラの運用停止を誘発

【ブログ】

◆産業制御システム（ICS）への新たな攻撃フレームワーク「TRITON」が重要インフラの運用停止を誘発 (FireEye, 2017/12/14)
https://www.fireeye.jp/company/press-releases/2017/attackers-deploy-new-ics-attack-framework-triton.html

◆Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure (FireEye, 2017/12/14)
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html

◆Triton / Trisis (まとめ)
http://malware-log.hatenablog.com/entry/Triton

【インディケータ情報】

■ハッシュ情報(Sha256) - Triton-

08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949
1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42
2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326
5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32
5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14
758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272
bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59
c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1
e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230

(以上は FireEyeの情報: 引用元は https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html)

08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949	imain.bin
1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42	TsBase.pyc
2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326	TS_cnames.pyc
5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32	TsLow.pyc
5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14	inject.bin
758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272	TsHi.pyc
bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59	library.zip
c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1	sh.pyc
e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230	trilog.exe

■ハッシュ情報(MD5) - Triton-

0544d425c7555dc4e9d76b571f31f500
0face841f7b2953e7c29c064d6886523
27c69aa39024d21ea109cc9c9d944a04
288166952f934146be172f6353e9a1f5
437f135ba179959a580412e564d3107f
6c39c3f4a08d3d78f2eb973a94bd7718
8b675db417cc8b23f4c43f3de5c83438
e98f4f3505f05bf90e17554fbc97bba9
f6b3a73c8c87506acda430671360ce15

(以上は FireEyeの情報: 引用元は https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html)

0544d425c7555dc4e9d76b571f31f500	inject.bin
0face841f7b2953e7c29c064d6886523	library.zip
27c69aa39024d21ea109cc9c9d944a04	TsHi.pyc
288166952f934146be172f6353e9a1f5	TsBase.pyc
437f135ba179959a580412e564d3107f	imain.bin
6c39c3f4a08d3d78f2eb973a94bd7718	trilog.exe
8b675db417cc8b23f4c43f3de5c83438	sh.pyc
e98f4f3505f05bf90e17554fbc97bba9	TS_cnames.pyc
f6b3a73c8c87506acda430671360ce15	TsLow.pyc

【検索】

google: 08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949
google: 1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42
google: 2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326
google: 5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32
google: 5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14
google: 758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272
google: bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59
google: c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1
google: e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230

google: 0544d425c7555dc4e9d76b571f31f500
google: 0face841f7b2953e7c29c064d6886523
google: 27c69aa39024d21ea109cc9c9d944a04
google: 288166952f934146be172f6353e9a1f5
google: 437f135ba179959a580412e564d3107f
google: 6c39c3f4a08d3d78f2eb973a94bd7718
google: 8b675db417cc8b23f4c43f3de5c83438
google: e98f4f3505f05bf90e17554fbc97bba9
google: f6b3a73c8c87506acda430671360ce15

]

【VT検索】

TT Malware Log

マルウェア / サイバー攻撃 / 解析技術に関する「個人」の調査・研究・参照ログ

産業制御システム（ICS）への新たな攻撃フレームワーク「TRITON」が重要インフラの運用停止を誘発