TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

トップ > 攻撃組織: APT34 / OilRig / Pipefish / Greenbug / Helix Kitten / Chrysene / Crambus / Cobalt Gyp > OilRigマルウェア攻撃活動、ツールセットを更新し標的を拡大

OilRigマルウェア攻撃活動、ツールセットを更新し標的を拡大

攻撃組織: APT34 / OilRig / Pipefish / Greenbug / Helix Kitten / Chrysene / Crambus / Cobalt Gyp

【ブログ】

◆OilRigマルウェア攻撃活動、ツールセットを更新し標的を拡大 (Paloalto, 2016/10/06 08:00)
https://www.paloaltonetworks.jp/company/in-the-news/2016/161005-unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets


【IoC情報】

◆APT34 / OilRig (2016/10/06) (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2016/10/06/000000


【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)
  ◆標的型攻撃組織 / APT (まとめ)

◆APT34 / OilRig (まとめ)
https://malware-log.hatenablog.com/entry/APT34


【インディケータ情報】

■ハッシュ情報(Sha256) - OilRig -

F04CF9361CF46BFF2F9D19617BBA577EA5F3AD20EA76E1F7E159701E446364FC
E2EC7FA60E654F5861E09BBE59D14D0973BD5727B83A2A03F1CECF1466DD87AA
31DB0841C3975BE5395F13C894B7E444D150CC701487B756FFF43CE78D98B1E6
C3C17383F43184A29F49F166A92453A34BE18E51935DDBF09576A60441440E51
C6437F57A8F290B5EC46B0933BFA8A328B0CB2C0C7FBEEA7F21B770CE0250D3D
5A2C38BE89AC878D28080A7465C4A3F8708FB414B811511B9D5AE61A47593A69
BD0920C8836541F58E0778B4B64527E5A5F2084405F73EE33110F7BC189DA7A9
90639C7423A329E304087428A01662CC06E2E9153299E37B1B1C90F6D0A195ED
528D432952EF879496542BC62A5A4B6EEE788F60F220426BD7F933FA2C58DC6B
3772D473A2FE950959E1FD56C9A44EC48928F92522246F75F4B8CB134F4713FF
F3856C7AF3C9F84101F41A82E36FC81DFC18A8E9B424A3658B6BA7E3C99F54F2
0CD9857A3F626F8E0C07495A4799C59D502C4F3970642A76882E3ED68B790F8E
80161DAD1603B9A7C4A92A07B5C8BCE214CF7A3DF897B561732F9DF7920ECB3E
D874F513A032CCB6A5E4F0CD55862B024EA0BEE4DE94CCF950B3DD894066065D
5E9DDB25BDE3719C392D08C13A295DB418D7ACCD25D82D020B425052E7BA6DC9
299BC738D7B0292820D99028289280BA24D7FB985851D9C74060AF7950CECEF0
2E226A0210A123AD828803EB871B74ECBDB702FC4BABD9FF786231C486FF65E0
F1DE7B941817438DA2A4B7284BC56C291DB7312E3BA5E2397B3621811A816AA3
65920EAEA00764A245ACB58A3565941477B78A7BCC9EFAEC5BF811573084B6CF
742A52084162D3789E196FB5FF6F8E2983147CD914088BD5F9ED363D7A5B0DF0
4E5B85EA68BF8F2306B6B931810AE38C8DFF3679D78DA1AF2C91032C36380353
36D4B4B018EC78A79F3C06DC30EC77C250307628A7631F6B5B5995E797D0674F
005DDE45A6F1D9B2A254E71F89F12AB0DFAAA48D081F5C0A434800BD5C327086
2C4BCAB135BF1846684B598E66E3F51443F70F9E8D0544F3417774CBE907E8EF
C4FBC723981FC94884F0F493CB8711FDC9DA698980081D9B7C139FCFFBE723DA
CFFC694ACE3E1547007AE00437536F2A88BA60179C51F23228E696FB02AFDC86
0B9437DD87A3C24ED7D200F9B870D69F9B7AD918C51325C11444DF8BC6FB97BA
903B6D948C16DC92B69FE1DE76CF64AB8377893770BF47C29BF91F3FD987F996
8BFBB637FE72DA5C9AEE9857CA81FA54A5ABE7F2D1B061BC2A376943C63727C7
9C0A33A5DC62933F17506F20E0258F877947BDCD15B091A597EAC05D299B7471
93940B5E764F2F4A2D893BEBEF4BF1F7D63C4DB856877020A5852A6647CB04A0
0EC288AC8C4AA045A45526C2939DBD843391C9C75FA4A3BCC0A6D7DC692FDCD1
089BF971E8839DB818AC462F53F82DAED523C413BFC2E01FB76DD70B37162AFE
D808F3109822C185F1D8E1BF7EF7781C219DC56F5906478651748F0ACE489D34
3986D54B00647B507B2AFD708B7A1CE4C37027FB77D67C6BC3C20C3AC1A88CA4
1B2FEE00D28782076178A63E669D2306C37BA0C417708D4DC1F751765C3F94E1
662C53E69B66D62A4822E666031FD441BBDFA741E20D4511C6741EC3CB02475F
F5A64DE9087B138608CCF036B067D91A47302259269FB05B3349964CA4060E7E
A787C0E42608F9A69F718F6DCA5556607BE45EC77D17B07EB9EA1E0F7BB2E064
4B5112F0FB64825B879B01D686E8F4D43521252A3B4F4026C9D1D76D3F15B281
3AF6DFA4CEBD82F48B6638A9757730810707D79D961DDE1B72D3768E972E6184

(以上は Paloalto の情報: 引用元は https://www.paloaltonetworks.jp/company/in-the-news/2016/161005-unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets )


■FQDN - OilRig C2 -

shalaghlagh[.]tk
go0gIe[.]com
winodwsupdates[.]me
update-kernal[.]net
googleupdate[.]download
yahoooooomail[.]com
upgradesystems[.]info

(以上は Paloalto の情報: 引用元は https://www.paloaltonetworks.jp/company/in-the-news/2016/161005-unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets )

■ファイルバス - OilRig C2 -

%PUBLIC%/Libraries/dn
%PUBLIC%/Libraries/up
%USERPROFILE%/AppData/Local/Microsoft/Media/up
%USERPROFILE%/AppData/Local/Microsoft/Media/dn


【検索】

google: F04CF9361CF46BFF2F9D19617BBA577EA5F3AD20EA76E1F7E159701E446364FC
google: E2EC7FA60E654F5861E09BBE59D14D0973BD5727B83A2A03F1CECF1466DD87AA
google: 31DB0841C3975BE5395F13C894B7E444D150CC701487B756FFF43CE78D98B1E6
google: C3C17383F43184A29F49F166A92453A34BE18E51935DDBF09576A60441440E51
google: C6437F57A8F290B5EC46B0933BFA8A328B0CB2C0C7FBEEA7F21B770CE0250D3D
google: 5A2C38BE89AC878D28080A7465C4A3F8708FB414B811511B9D5AE61A47593A69
google: BD0920C8836541F58E0778B4B64527E5A5F2084405F73EE33110F7BC189DA7A9
google: 90639C7423A329E304087428A01662CC06E2E9153299E37B1B1C90F6D0A195ED
google: 528D432952EF879496542BC62A5A4B6EEE788F60F220426BD7F933FA2C58DC6B
google: 3772D473A2FE950959E1FD56C9A44EC48928F92522246F75F4B8CB134F4713FF
google: F3856C7AF3C9F84101F41A82E36FC81DFC18A8E9B424A3658B6BA7E3C99F54F2
google: 0CD9857A3F626F8E0C07495A4799C59D502C4F3970642A76882E3ED68B790F8E
google: 80161DAD1603B9A7C4A92A07B5C8BCE214CF7A3DF897B561732F9DF7920ECB3E
google: D874F513A032CCB6A5E4F0CD55862B024EA0BEE4DE94CCF950B3DD894066065D
google: 5E9DDB25BDE3719C392D08C13A295DB418D7ACCD25D82D020B425052E7BA6DC9
google: 299BC738D7B0292820D99028289280BA24D7FB985851D9C74060AF7950CECEF0
google: 2E226A0210A123AD828803EB871B74ECBDB702FC4BABD9FF786231C486FF65E0
google: F1DE7B941817438DA2A4B7284BC56C291DB7312E3BA5E2397B3621811A816AA3
google: 65920EAEA00764A245ACB58A3565941477B78A7BCC9EFAEC5BF811573084B6CF
google: 742A52084162D3789E196FB5FF6F8E2983147CD914088BD5F9ED363D7A5B0DF0
google: 4E5B85EA68BF8F2306B6B931810AE38C8DFF3679D78DA1AF2C91032C36380353
google: 36D4B4B018EC78A79F3C06DC30EC77C250307628A7631F6B5B5995E797D0674F
google: 005DDE45A6F1D9B2A254E71F89F12AB0DFAAA48D081F5C0A434800BD5C327086
google: 2C4BCAB135BF1846684B598E66E3F51443F70F9E8D0544F3417774CBE907E8EF
google: C4FBC723981FC94884F0F493CB8711FDC9DA698980081D9B7C139FCFFBE723DA
google: CFFC694ACE3E1547007AE00437536F2A88BA60179C51F23228E696FB02AFDC86
google: 0B9437DD87A3C24ED7D200F9B870D69F9B7AD918C51325C11444DF8BC6FB97BA
google: 903B6D948C16DC92B69FE1DE76CF64AB8377893770BF47C29BF91F3FD987F996
google: 8BFBB637FE72DA5C9AEE9857CA81FA54A5ABE7F2D1B061BC2A376943C63727C7
google: 9C0A33A5DC62933F17506F20E0258F877947BDCD15B091A597EAC05D299B7471
google: 93940B5E764F2F4A2D893BEBEF4BF1F7D63C4DB856877020A5852A6647CB04A0
google: 0EC288AC8C4AA045A45526C2939DBD843391C9C75FA4A3BCC0A6D7DC692FDCD1
google: 089BF971E8839DB818AC462F53F82DAED523C413BFC2E01FB76DD70B37162AFE
google: D808F3109822C185F1D8E1BF7EF7781C219DC56F5906478651748F0ACE489D34
google: 3986D54B00647B507B2AFD708B7A1CE4C37027FB77D67C6BC3C20C3AC1A88CA4
google: 1B2FEE00D28782076178A63E669D2306C37BA0C417708D4DC1F751765C3F94E1
google: 662C53E69B66D62A4822E666031FD441BBDFA741E20D4511C6741EC3CB02475F
google: F5A64DE9087B138608CCF036B067D91A47302259269FB05B3349964CA4060E7E
google: A787C0E42608F9A69F718F6DCA5556607BE45EC77D17B07EB9EA1E0F7BB2E064
google: 4B5112F0FB64825B879B01D686E8F4D43521252A3B4F4026C9D1D76D3F15B281
google: 3AF6DFA4CEBD82F48B6638A9757730810707D79D961DDE1B72D3768E972E6184


【VT検索】

https://www.virustotal.com/gui/file/F04CF9361CF46BFF2F9D19617BBA577EA5F3AD20EA76E1F7E159701E446364FC
https://www.virustotal.com/gui/file/E2EC7FA60E654F5861E09BBE59D14D0973BD5727B83A2A03F1CECF1466DD87AA
https://www.virustotal.com/gui/file/31DB0841C3975BE5395F13C894B7E444D150CC701487B756FFF43CE78D98B1E6
https://www.virustotal.com/gui/file/C3C17383F43184A29F49F166A92453A34BE18E51935DDBF09576A60441440E51
https://www.virustotal.com/gui/file/C6437F57A8F290B5EC46B0933BFA8A328B0CB2C0C7FBEEA7F21B770CE0250D3D
https://www.virustotal.com/gui/file/5A2C38BE89AC878D28080A7465C4A3F8708FB414B811511B9D5AE61A47593A69
https://www.virustotal.com/gui/file/BD0920C8836541F58E0778B4B64527E5A5F2084405F73EE33110F7BC189DA7A9
https://www.virustotal.com/gui/file/90639C7423A329E304087428A01662CC06E2E9153299E37B1B1C90F6D0A195ED
https://www.virustotal.com/gui/file/528D432952EF879496542BC62A5A4B6EEE788F60F220426BD7F933FA2C58DC6B
https://www.virustotal.com/gui/file/3772D473A2FE950959E1FD56C9A44EC48928F92522246F75F4B8CB134F4713FF
https://www.virustotal.com/gui/file/F3856C7AF3C9F84101F41A82E36FC81DFC18A8E9B424A3658B6BA7E3C99F54F2
https://www.virustotal.com/gui/file/0CD9857A3F626F8E0C07495A4799C59D502C4F3970642A76882E3ED68B790F8E
https://www.virustotal.com/gui/file/80161DAD1603B9A7C4A92A07B5C8BCE214CF7A3DF897B561732F9DF7920ECB3E
https://www.virustotal.com/gui/file/D874F513A032CCB6A5E4F0CD55862B024EA0BEE4DE94CCF950B3DD894066065D
https://www.virustotal.com/gui/file/5E9DDB25BDE3719C392D08C13A295DB418D7ACCD25D82D020B425052E7BA6DC9
https://www.virustotal.com/gui/file/299BC738D7B0292820D99028289280BA24D7FB985851D9C74060AF7950CECEF0
https://www.virustotal.com/gui/file/2E226A0210A123AD828803EB871B74ECBDB702FC4BABD9FF786231C486FF65E0
https://www.virustotal.com/gui/file/F1DE7B941817438DA2A4B7284BC56C291DB7312E3BA5E2397B3621811A816AA3
https://www.virustotal.com/gui/file/65920EAEA00764A245ACB58A3565941477B78A7BCC9EFAEC5BF811573084B6CF
https://www.virustotal.com/gui/file/742A52084162D3789E196FB5FF6F8E2983147CD914088BD5F9ED363D7A5B0DF0
https://www.virustotal.com/gui/file/4E5B85EA68BF8F2306B6B931810AE38C8DFF3679D78DA1AF2C91032C36380353
https://www.virustotal.com/gui/file/36D4B4B018EC78A79F3C06DC30EC77C250307628A7631F6B5B5995E797D0674F
https://www.virustotal.com/gui/file/005DDE45A6F1D9B2A254E71F89F12AB0DFAAA48D081F5C0A434800BD5C327086
https://www.virustotal.com/gui/file/2C4BCAB135BF1846684B598E66E3F51443F70F9E8D0544F3417774CBE907E8EF
https://www.virustotal.com/gui/file/C4FBC723981FC94884F0F493CB8711FDC9DA698980081D9B7C139FCFFBE723DA
https://www.virustotal.com/gui/file/CFFC694ACE3E1547007AE00437536F2A88BA60179C51F23228E696FB02AFDC86
https://www.virustotal.com/gui/file/0B9437DD87A3C24ED7D200F9B870D69F9B7AD918C51325C11444DF8BC6FB97BA
https://www.virustotal.com/gui/file/903B6D948C16DC92B69FE1DE76CF64AB8377893770BF47C29BF91F3FD987F996
https://www.virustotal.com/gui/file/8BFBB637FE72DA5C9AEE9857CA81FA54A5ABE7F2D1B061BC2A376943C63727C7
https://www.virustotal.com/gui/file/9C0A33A5DC62933F17506F20E0258F877947BDCD15B091A597EAC05D299B7471
https://www.virustotal.com/gui/file/93940B5E764F2F4A2D893BEBEF4BF1F7D63C4DB856877020A5852A6647CB04A0
https://www.virustotal.com/gui/file/0EC288AC8C4AA045A45526C2939DBD843391C9C75FA4A3BCC0A6D7DC692FDCD1
https://www.virustotal.com/gui/file/089BF971E8839DB818AC462F53F82DAED523C413BFC2E01FB76DD70B37162AFE
https://www.virustotal.com/gui/file/D808F3109822C185F1D8E1BF7EF7781C219DC56F5906478651748F0ACE489D34
https://www.virustotal.com/gui/file/3986D54B00647B507B2AFD708B7A1CE4C37027FB77D67C6BC3C20C3AC1A88CA4
https://www.virustotal.com/gui/file/1B2FEE00D28782076178A63E669D2306C37BA0C417708D4DC1F751765C3F94E1
https://www.virustotal.com/gui/file/662C53E69B66D62A4822E666031FD441BBDFA741E20D4511C6741EC3CB02475F
https://www.virustotal.com/gui/file/F5A64DE9087B138608CCF036B067D91A47302259269FB05B3349964CA4060E7E
https://www.virustotal.com/gui/file/A787C0E42608F9A69F718F6DCA5556607BE45EC77D17B07EB9EA1E0F7BB2E064
https://www.virustotal.com/gui/file/4B5112F0FB64825B879B01D686E8F4D43521252A3B4F4026C9D1D76D3F15B281
https://www.virustotal.com/gui/file/3AF6DFA4CEBD82F48B6638A9757730810707D79D961DDE1B72D3768E972E6184

https://www.virustotal.com/gui/domain/shalaghlagh.tk
https://www.virustotal.com/gui/domain/go0gIe.com
https://www.virustotal.com/gui/domain/winodwsupdates.me
https://www.virustotal.com/gui/domain/update-kernal.net
https://www.virustotal.com/gui/domain/googleupdate.download
https://www.virustotal.com/gui/domain/yahoooooomail.com
https://www.virustotal.com/gui/domain/upgradesystems.info

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023