TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Odinaff: New Trojan used in high level financial attacks

【ニュース】

◆Odinaff: New Trojan used in high level financial attacks (Broadcom, 2016/10/11 08:59)
https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument


【インディケータ情報】

■ハッシュ情報(Sha256) - Odinaff droppers -

f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5
c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Odinaff document droppers -

102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990
60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Odinaff samples -

22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96
2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - SWIFT log suppressors -

84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Backdoor.Batel RTF document dropper -

21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Backdoor.Batel stagers -

001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746
1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Older Batel *.CPL droppers -

1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d
298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Cobalt Strike, possible ATM implants -

429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e
44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Cobalt Strike implants -

1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486
48fb5e3c3dc17f549a76e1b1ce74c9fef5c94bfc29119a248ce1647644b125c7

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Backdoor.Batel loaders -

0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24
174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Stagers (MINGW) -

d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455
3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Disk wipers -

72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17
c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Keylogger -

e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Screengrabbers -

a7c3f125c8b9ca732832d64db2334f07240294d74ba76bdc47ea9d4009381fdc
ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Command shells -

9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a
e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - HTTP Backconnect -

b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Connection checkers -

28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5
d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - PoisonIvy loaders -

25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da
91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Ammyy Admin remote administration tools -

0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687
295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Ammyy Admin, Trojanized -

cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - RemoteUtilities remote administration tools -

2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1
3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Runas -

170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Mimikatz -

7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4
e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


■ハッシュ情報(Sha256) - Kasidet -

c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2
cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba

(以上は Broadcom の情報: 引用元は https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument )


【検索】


google: f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5
google: c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14

google: 102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990
google: 60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa

google: 22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96
google: 2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098

google: 84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8

google: 21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f

google: 001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746
google: 1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a

google: 1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d
google: 298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd

google: 429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e
google: 44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579

google: 1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486
google: 48fb5e3c3dc17f549a76e1b1ce74c9fef5c94bfc29119a248ce1647644b125c7

google: 0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24
google: 174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed

google: d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455
google: 3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e

google: 72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17
google: c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da

google: e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90

google: a7c3f125c8b9ca732832d64db2334f07240294d74ba76bdc47ea9d4009381fdc
google: ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c

google: 9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a
google: e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a

google: b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec

google: 28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5
google: d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874

google: 25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da
google: 91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c

google: 0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687
google: 295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130

google: cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f

google: 2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1
google: 3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51

google: 170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20

google: 7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4
google: e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6

google: c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2
google: cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba


【VT検索】


https://www.virustotal.com/gui/file/f7e4135a3d22c2c25e41f83bb9e4ccd12e9f8a0f11b7db21400152cd81e89bf5
https://www.virustotal.com/gui/file/c122b285fbd2db543e23bc34bf956b9ff49e7519623817b94b2809c7f4d31d14

https://www.virustotal.com/gui/file/102158d75be5a8ef169bc91fefba5eb782d6fa2186bd6007019f7a61ed6ac990
https://www.virustotal.com/gui/file/60ae0362b3f264981971672e7b48b2dda2ff61b5fde67ca354ec59dbf2f8efaa

https://www.virustotal.com/gui/file/22be72632de9f64beca49bf4d17910de988f3a15d0299e8f94bcaeeb34bb8a96
https://www.virustotal.com/gui/file/2503bdaeaa264bfc67b3a3603ee48ddb7b964d6466fac0377885c6649209c098

https://www.virustotal.com/gui/file/84d348eea1b424fe9f5fe8f6a485666289e39e4c8a0ff5a763e1fb91424cdfb8

https://www.virustotal.com/gui/file/21e897fbe23a9ff5f0e26e53be0f3b1747c3fc160e8e34fa913eb2afbcd1149f

https://www.virustotal.com/gui/file/001221d6393007ca918bfb25abbb0497981f8e044e377377d51d82867783a746
https://www.virustotal.com/gui/file/1d9ded30af0f90bf61a685a3ee8eb9bc2ad36f82e824550e4781f7047163095a

https://www.virustotal.com/gui/file/1710b33822842a4e5029af0a10029f8307381082da7727ffa9935e4eabc0134d
https://www.virustotal.com/gui/file/298d684694483257f12c63b33220e8825c383965780941f0d1961975e6f74ebd

https://www.virustotal.com/gui/file/429bdf288f400392a9d3d6df120271ea20f5ea7d59fad745d7194130876e851e
https://www.virustotal.com/gui/file/44c783205220e95c1690ef41e3808cd72347242153e8bdbeb63c9b2850e4b579

https://www.virustotal.com/gui/file/1341bdf6485ed68ceba3fec9b806cc16327ab76d18c69ca5cd678fb19f1e0486
https://www.virustotal.com/gui/file/48fb5e3c3dc17f549a76e1b1ce74c9fef5c94bfc29119a248ce1647644b125c7

https://www.virustotal.com/gui/file/0ffe521444415371e49c6526f66363eb062b4487a43c75f03279f5b58f68ed24
https://www.virustotal.com/gui/file/174236a0b4e4bc97e3af88e0ec82cced7eed026784d6b9d00cc56b01c480d4ed

https://www.virustotal.com/gui/file/d94d58bd5a25fde66a2e9b2e0cc9163c8898f439be5c0e7806d21897ba8e1455
https://www.virustotal.com/gui/file/3cadacbb37d4a7f2767bc8b48db786810e7cdaffdef56a2c4eebbe6f2b68988e

https://www.virustotal.com/gui/file/72b4ef3058b31ac4bf12b373f1b9712c3a094b7d68e5f777ba71e9966062af17
https://www.virustotal.com/gui/file/c361428d4977648abfb77c2aebc7eed5b2b59f4f837446719cb285e1714da6da

https://www.virustotal.com/gui/file/e07267bbfcbff72a9aff1872603ffbb630997c36a1d9a565843cb59bc5d97d90

https://www.virustotal.com/gui/file/a7c3f125c8b9ca732832d64db2334f07240294d74ba76bdc47ea9d4009381fdc
https://www.virustotal.com/gui/file/ae38884398fe3f26110bc3ca09e9103706d4da142276dbcdba0a9f176e0c275c

https://www.virustotal.com/gui/file/9041e79658e3d212ece3360adda37d339d455568217173f1e66f291b5765b34a
https://www.virustotal.com/gui/file/e1f30176e97a4f8b7e75d0cdf85d11cbb9a72b99620c8d54a520cecc29ea6f4a

https://www.virustotal.com/gui/file/b25eee6b39f73367b22df8d7a410975a1f46e7489e2d0abbc8e5d388d8ea7bec

https://www.virustotal.com/gui/file/28fba330560bcde299d0e174ca539153f8819a586579daf9463aa7f86e3ae3d5
https://www.virustotal.com/gui/file/d9af163220cc129bb722f2d80810585a645513e25ab6bc9cece4ed6b98f3c874

https://www.virustotal.com/gui/file/25ff64c263fb272f4543d024f0e64fbd113fed81b25d64635ed59f00ff2608da
https://www.virustotal.com/gui/file/91601e3fbbebcfdd7f94951e9b430608f7669eb80f983eceec3f6735de8f260c

https://www.virustotal.com/gui/file/0caaf7a461a54a19f3323a0d5b7ad2514457919c5af3c7e392a1e4b7222ef687
https://www.virustotal.com/gui/file/295dd6f5bab13226a5a3d1027432a780de043d31b7e73d5414ae005a59923130

https://www.virustotal.com/gui/file/cce04fa1265cbfd61d6f4a8d989ee3c297bf337a9ee3abc164c9d51f3ef1689f

https://www.virustotal.com/gui/file/2ba2a8e20481d8932900f9a084b733dd544aaa62b567932e76620628ebc5daf1
https://www.virustotal.com/gui/file/3232c89d21f0b087786d2ba4f06714c7b357338daedffe0343db8a2d66b81b51

https://www.virustotal.com/gui/file/170282aa7f2cb84e023f08339ebac17d8fefa459f5f75f60bd6a4708aff11e20

https://www.virustotal.com/gui/file/7d7ca44d27aed4a2dc5ddb60f45e5ab8f2e00d5b57afb7c34c4e14abb78718d4
https://www.virustotal.com/gui/file/e5a702d70186b537a7ae5c99db550c910073c93b8c82dd5f4a27a501c03bc7b6

https://www.virustotal.com/gui/file/c1e797e156e12ace6d852e51d0b8aefef9c539502461efd8db563a722569e0d2
https://www.virustotal.com/gui/file/cee2b6fa4e0acd06832527ffde20846bc583eb06801c6021ea4d6bb828bfe3ba


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020