【ブログ】

◆Patchwork cyberespionage group expands targets from governments to wide range of industries (Symantec, 2016/07/25)
[サイバースパイグループ Patchwork、政府関係から各種の産業へ標的を拡大]

Symantec finds that Patchwork now targets a variety of industries in the US, China, Japan, South East Asia, and the UK

https://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries

【関連情報】

◆サイバースパイグループ Patchwork、政府関係から各種の産業へ標的を拡大 (Symantec, 2016/07/27)

シマンテックは、Patchwork が米国、中国、日本、東南アジア、英国でさまざまな業種を狙い始めたことを確認しました

https://www.symantec.com/connect/nl/blogs/patchwork-0?page=1

【関連まとめ記事】

◆全体まとめ
　◆攻撃組織 / Actor (まとめ)
　　◆標的型攻撃組織 / APT (まとめ)

◆Patchwork (まとめ)
https://malware-log.hatenablog.com/entry/Patchwork

【インディケータ情報】

■ハッシュ情報(MD5)

★Malicious PowerPoint slides

0bbff4654d0c4551c58376e6a99dfda0
1de10c5bc704d3eaf4f0cfa5ddd63f2d	MilitaryReforms2.pps
2ba26a9cc1af4479e99dcc6a0e7d5d67	2016_China_Military_PowerReport.pps
375f240df2718fc3e0137e109eef57ee	PLA_UAV_DEPLOYMENT.pps
38e71afcdd6236ac3ad24bda393a81c6	militarizationofsouthchinasea_1.pps
3e9d1526addf2ca6b09e2fdb5fd4978f	How_to_easily_clean_an_infected_computer.pps
475c29ed9373e2c04b7c3df6766761eb	PLA_Forthcoming_Revolution_in_Doctrinal_Affairs.pps
4dbb8ad1776af25a5832e92b12d4bfff	maritime_dispute.pps
4dbb8ad1776af25a5832e92b12d4bfff	Clingendael_Report_South_China_Sea.pps
543d402a56406c93b68622a7e392728d	2016_China_Military_PowerReport.pps
551e244aa85b92fe470ed2eac9d8808a	Assessing_PLA_Organisational_Reforms.pps
6877e60f141793287169125a08e36941	Clingendael_Report_South_China_Sea.pps
6d8534597ae05d2151d848d2e6427f9e	cn-lshc-hospital-operations-excellence.pps
74fea3e542add0f301756581d1f16126	Clingendael_Report_South_China_Sea_20160517Downloaded.pps
812a856288a03787d85d2cb9c1e1b3ba
8f7b1f320823893e159f6ebfb8ce3e78
b163e3906b3521a407910aeefd055f03	china_security_report_2016.pps
d456bbf44d73b1f0f2d1119f16993e93
e7b4511cba3bba6983c43c9f9014a49d	Chinastrats.com netflix2.pps
ebfa776a91de20674a4ae55294d85087	Chinese_Influence_Faces_2.pps
eefcef704b1a7bea6e92dc8711cfd35e	Top_Five_AF.pps

★Malicious rich text files

2099fcd4a81817171649cb38dac0fb2a
3d852dea971ced1481169d8f66542dc5	China_Vietnam_Military_Clash.doc
4ff89d5341ac36eb9bed79e7afe04cb3	Cyber_Crime_bill.doc
7012f07e82092ab2daede774b9000d64	china_report_EN_web_2016_A01.doc
735f0fbe44b70e184665aed8d1b2c117	Cyber_Crime_bill.doc
7796ae46da0049057abd5cfb9798e494
e5685462d8a2825e124193de9fa269d9	PLA_Forthcoming_Revolution_in_Doctrinal_Affairs2.doc
f5c81526acbd830da2f533ae93deb1e1	Job_offers.doc

★Payloads

0f09e24a8d57fb8b1a8cc51c07ebbe3f	Backdoor.Steladok
233a71ea802af564dd1ab38e62236633	Backodor.Enfourks
2c0efa57eeffed228eb09ee97df1445a	Backdoor.Steladok
3ac28869c83d20f9b18ebbd9ea3a9155	Backodor.Enfourks
465de3db14158005ede000f7c0f16efe	Trojan.Gen.2
4fca01f852410ea1413a876df339a36d	Trojan.Gen.2
61e0f4ecb3d7c56ea06b8f609fd2bf13	Backodor.Enfourks
6b335a77203b566d92c726b939b8d8c9	Backodor.Enfourks
a4fb5a6765cb8a30a8393d608c39d9f7	Backodor.Enfourks
b594a4d3f7183c3af155375f81ad6c3d	Backodor.Enfourks
b7433c57a7111457506f85bdf6592d18	Backodor.Enfourks
b7433c57a7111457506f85bdf6592d18	Backodor.Enfourks
c575f9b40cf6e6141f0ee40c8a544fb8	Backodor.Enfourks
d8102a24ca00ef3db7d942912765441e	Backodor.Enfourks
f47484e6705e52a115a3684832296b39	Backdoor.Steladok
f7ce9894c1c99ce64455155377446d9c	Backodor.Enfourks
ffab6174860af9a7c3b37a7f1fb8f381	Infostealer