TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

トップ > 攻撃組織: Winnti / Blackfly / Suckfly / Wicked Panda / Wicked Spider / APT41 / Barium > Suckfly: Revealing the secret life of your code signing certificates

Suckfly: Revealing the secret life of your code signing certificates

攻撃組織: Winnti / Blackfly / Suckfly / Wicked Panda / Wicked Spider / APT41 / Barium

f:id:tanigawa:20190302041947p:plain
Suckfly hacking tools and malware, characterized by functionality
出典: https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates


【ブログ】

◆Suckfly: Revealing the secret life of your code signing certificates (Symnatec, 2016/03/15)
https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates


【関連まとめ記事】

◆Winnti (まとめ)
http://malware-log.hatenablog.com/entry/winnti


【インディケータ情報】

■ハッシュ情報(MD5)  

05edd53508c55b9dd64129e944662c0d
1cf5ce3e3ea310b0f7ce72a94659ff54
352eede25c74775e6102a095fb49da8c
3b595d3e63537da654de29dd01793059
4709395fb143c212891138b98460e958
50f4464d0fc20d1932a12484a1db4342
96c317b0b1b14aadfb5a20a03771f85f
ba7b1392b799c8761349e7728c2656dd
de5057e579be9e3c53e50f97a9b1832b
e7d92039ffc2f07496fe7657d982c80f
e864f32151d6afd0a3491f432c2bb7a2

■FQDN

usv0503[.]iqservs-jp.com
aux[.]robertstockdill.com
fli[.]fedora-dns-update.com
bss[.]pvtcdn.com
ssl[.]microsoft-security-center.com
ssl[.]2upgrades.com
133.242.134.121
fli[.]fedora-dns-update.com

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023