TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究ログ

Leviathan / APT40 (まとめ)

【別名】

攻撃組織名 呼称組織
Leviathan Proofpoint
APT40 FireEye
TEMP.Periscope FireEye
TEMP.Jumper FireEye
(名称無し) F-Secure,


【使用マルウェア】

マルウェア名 備考
NanHaiShu


【辞書】

◆Group: Leviathan (ATT&CK)
https://attack.mitre.org/wiki/Group/G0065

◆Leviathan (malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/leviathan

【ニュース】

◆Chinese Hackers Blamed for South China Sea Campaign (Info Security, 2016/08/04)
https://www.infosecurity-magazine.com/news/chinese-hackers-blamed-south-china/
http://malware-log.hatenablog.com/entry/2016/08/04/000000_5

◆Chinese APT Deploys NanHaiShu RAT Against International Adversaries (Softpedia, 2016/08/04 19:05)

A threat group activating from China has been deploying the NanHaiShu RAT (Remote Access Trojan) against the country's opposition in the now-concluded South China Sea dispute, on which a UN arbitration court sided with the Philippines.
(中国の攻撃組織が、南シナ海で現在続いている紛争に対してNanHaiShu RAT(リモートアクセストロイの木馬)
を使用しています。)

https://news.softpedia.com/news/chinese-apt-deploys-nanhaishu-rat-against-international-adversaries-506984.shtml
http://malware-log.hatenablog.com/entry/2016/08/04/000000_4

◆How hackers used this Trojan malware to spy on a territorial dispute (ZDNet, 2016/08/04 12:00)

F-Secure researchers say parties involved in the South China Sea arbitration case were infected with the data-stealing NanHaiShu Trojan.

https://www.zdnet.com/article/how-hackers-used-this-trojan-malware-to-spy-on-a-territorial-dispute/
http://malware-log.hatenablog.com/entry/2016/08/04/000000_6

◆Leviathan: Hackers targeting international governments to steal defence and military secrets (IBTimes, 2017/10/19 10:58 BST)
https://www.ibtimes.co.uk/leviathan-hackers-targeting-international-governments-steal-defence-military-secrets-1643756
http://malware-log.hatenablog.com/entry/2017/10/19/000000_9

◆中国のハッカー、南シナ海関連の米企業を攻撃-戦略情報の収集狙いか (Bloomberg, 2018/03/16 15:08)
https://www.bloomberg.co.jp/news/articles/2018-03-16/P5O4166KLVR701
http://malware-log.hatenablog.com/entry/2018/03/16/000000_8

◆Chinese hackers breach Cambodian government ahead of country's general election (CyberScoop, 2018/07/10)
https://www.cyberscoop.com/temp-periscope-china-cambodia-government-hack-fire-eye/
http://malware-log.hatenablog.com/entry/2018/07/10/000000_2

◆[FT]中国のハッカー、選挙目前のカンボジア標的に (日経新聞, 2018/07/12 12:56)
https://www.nikkei.com/article/DGXMZO32902910S8A710C1000000/
http://malware-log.hatenablog.com/entry/2018/07/12/000000_6

◆Chinese hackers stole sensitive U.S. Navy submarine plans from contractor (CyberScoop, 2018/06/08)
https://www.cyberscoop.com/submarine-contractor-hacked-china-us-navy/
http://malware-log.hatenablog.com/entry/2018/07/10/000000_3

◆無人潜水機など海事技術狙う「APT 40」 - 中国関与か (Security NEXT, 2019/03/06)
http://www.security-next.com/103093
http://malware-log.hatenablog.com/entry/2019/03/06/000000


【ブログ】

◆NanHaiShu: RATing the South China Sea (F-Secure, 2016/08/04)
https://labsblog.f-secure.com/2016/08/04/nanhaishu-rating-the-south-china-sea/
http://malware-log.hatenablog.com/entry/2016/08/04/000000_3

◆Leviathan: Espionage actor spearphishes maritime and defense targets (Proofpoint, 2017/10/16)
https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
http://malware-log.hatenablog.com/entry/2017/10/16/000000_14

◆Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries (FireEye, 2018/03/16)
https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html
http://malware-log.hatenablog.com/entry/2018/03/16/000000_7

◆Chinese APT Group TEMP.Periscope targets US Engineering and Maritime Industries (MUST READ, 2018/03/17)
https://securityaffairs.co/wordpress/70355/hacking/temp-periscope-espionage.html
http://malware-log.hatenablog.com/entry/2018/03/17/000000_1

◆中国の関与が疑われるサイバー・スパイ・グループ「TEMP.Periscope」、米国のエンジニアリング業界と海運業界を標的に (FireEye, 2018/03/23)
https://www.fireeye.jp/blog/jp-threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html
http://malware-log.hatenablog.com/entry/2018/03/23/000000_5

◆Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally (FireEye, 2018/07/10)
https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html
http://malware-log.hatenablog.com/entry/2018/07/10/000000_2

◆2018年7月のカンボジア総選挙を狙った 中国のスパイグループ「TEMP.Periscope」による 広範かつグローバルな標的活動が明らかに (FireEye, 2018/07/12)
https://www.fireeye.jp/blog/jp-threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html
http://malware-log.hatenablog.com/entry/2018/07/12/000000_5

◆APT40: Examining a China-Nexus Espionage Actor (FireEye, 2019/03/04)
https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html
http://malware-log.hatenablog.com/entry/2019/03/04/000000_5

◆APT40 cyberespionage group supporting growth of China’s naval sector (Security Affairs, 2019/03/06)
https://securityaffairs.co/wordpress/82018/apt/apt40-naval-industry.html
http://malware-log.hatenablog.com/entry/2019/03/06/000000_3


【資料】

◆NANHAISHU RATing the South China Sea (F-Secure, 2016/07)
https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf
http://malware-log.hatenablog.com/entry/2016/07/31/000000


【関連まとめ記事】

◆NanHaiShu (まとめ)
http://malware-log.hatenablog.com/entry/NanHaiShu


【参考情報】

f:id:tanigawa:20180717203810j:plain
出典: https://www.fireeye.jp/blog/jp-threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html

f:id:tanigawa:20190309194225j:plain
NanHaiShu感染のスケジュール
出典: https://news.softpedia.com/news/chinese-apt-deploys-nanhaishu-rat-against-international-adversaries-506984.shtml




【インディケータ情報】

■ハッシュ情報(Sha256)

cdf6e2e928a89cbb857e688055a25e37a8d8b8b90530bd52c8548fb544f66f1f
c7fa6f27ec4f4142ae591f2dd7c63d046431945f03c87dbed88d79f55180a46d
39c952c7e14b6be5a9cb1be3f05eafa22e1115806e927f4e2dc85d609bc0eb36
5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362
ced7ca9625543d3d3d09f70223cc19f0d99e21792854452df5ba84b3a59d17b8
305f331bfb1e97028f8c92cbcb1dff2741dcddacc76843e65f9b1ec5a66f52bc
bfc5c6817ff2cc4f3cd40f649e10cc9ae1e52139f35fdddbd32cb4d221368922
80b931ab1798d7d8a8d63411861cee07e31bb9a68f595f579e11d3817cfc4aca
146aa9a0ec013aa5bdba9ea9d29f59d48d43bc17c6a20b74bb8c521dbb5bc6f4
4029b43c7febd05e8bf013c1022244aaa238341ca44bbce2250667614c1a4932


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2019