【図表】

出典: https://www.lac.co.jp/lacwatch/people/20170223_001224.html

【公開情報】

◆攻撃者グループmenuPassとマルウェア「Poison Ivy、PlugX、ChChes」の関連性 (Lac, 2017/02/23)
https://www.lac.co.jp/lacwatch/people/20170223_001224.html

【関連まとめ記事】

◆APT10 / MenuPass (まとめ)
http://malware-log.hatenablog.com/entry/APT10

◆PoisonIvy (まとめ)
http://malware-log.hatenablog.com/entry/PoisonIvy

【インディケータ情報】

■ハッシュ情報(MD5) - Poison Ivy -

08a268a4c473f9920b254a6b6fc62548
ca507b0dd178471e9cadf4ca313a67e3
098bfd5c1e7a5cf9f914c09abacb58f9
2685d8eb6009fd7f03956928f08071de
9b17ce7974a0cdd039ca759f3e31e82a
2186f6a75f13f533d05925c6403f9c5a
22b0ac28f22dec098f3d743be4a8164f
a1d0f8895052b60c4d2860556494f233
75569018fc3dcdf9458545ef5d83626b
6f932e38a2a67e8f73606dc30e7a2d7a
2cfdd81233e787045da7244690762c83
22d799e3fe58e5d10341080d370b683e
9dfab49035ee6c6e9b8bb601c63bdac9
578b17334312f81934adfed048ffdafd
a75bea992cef46c1a4ee5146150540aa
9bb609caf50d36e24b152ee467ef3a61
595205651920d06353e9ef9ef8b6e316
e6c596cfa163fe9b8883c7618d594018
de8ed8c6c2f9f83b70361e16d016f15a
224bc8cb1f2e265ccca90657232d8b4d
45f5b2404eefe7672534bcd13466987d
b1dc1fef5bfd49522a41fbfe808fd46f

(以上は Lac の情報。 引用元は https://www.lac.co.jp/lacwatch/people/20170223_001224.html)

■ハッシュ情報(MD5) - PlugX -

c870ce1cbc120f74059e5f1bb1f76040
13cdd0d9f222a47589c5c71fa3ac2cbe
53c8096033db54e5ec3d5eb9ac080fc4
e85005524e8e6a8612c9d0899bb952d6
2bd698ae474b18cf4748edd99bd6c9e7
5b425dcf90df36706bcdd21438d6d32a
7af04a468de09c519681dcb0bd77030b
9ee006601c5ee9f6f1992ec38fed63f6
25a2bb2eda3c432a4c1ce481d9ceb2e6
94bdc9ded334eceedfa288ffdd03e30f
257b3ed1145c25e3e67f83f61a637034
583ab1678588b754899b9d2c58f20aa2
62898b77bd9e8e286d6bc760f3e28981
a32468828c12657497cddf57190f5700
b18a316b2ce6e099fe7fbf69283cbc5e
d69598758998cf5f677be9312b807938
ef9d8cd06de03bd5f07b01c1cce9761f
d4398f6f7ba070b6cdee7204f6862bd9
667989ffa5e77943f3384e78adf93510
f86c912661dbda535cbab464e79e26be
17b8e6ac3830ad58afe1a70df4319fae
ac725400d9a5fe832dd40a1afb2951f8
0921d7b4bf06276f4f59c85eb240da29
faacabea42afbc6cd5ce684e1bbfb073
19417f7551bc54db6783823325557773

(以上は Lac の情報。 引用元は https://www.lac.co.jp/lacwatch/people/20170223_001224.html)

■ハッシュ情報(MD5) - ChChes -

75500bb4143a052795ec7d2e61ac3261
1b891bc2e5038615efafabe48920f200
f5744d72c6919f994ff452b0e758ffee
e8f3790cfac1b104965dead841dc20b2
f586edd88023f49bc4f9d84f9fb6bd7d
1d0105cf8e076b33ed499f1dfef9a46b
684888079aaf7ed25e725b55a3695062
d1bab4a30f2889ad392d17573302f097
472b1710794d5c420b9d921c484ca9e8
19610f0d343657f6842d2045e8818f09
ca9644ef0f7ed355a842f6e2d4511546
0c0a39e1cab4fc9896bdf5ef3c96a716
37c89f291dbe880b1f3ac036e6b9c558
07abd6583295061eac2435ae470eff78
23d03ee4bf57de7087055b230dae7c5b
c1cb28327d3364768d1c1e4ce0d9bc07
ac725400d9a5fe832dd40a1afb2951f8
b0649c1f7fb15796805ca983fd8f95a3
8a93859e5f7079d6746832a3a22ff65c
7891f00dcab0e4a2f928422062e94213
3afa9243b3aeb534e02426569d85e517
472b1710794d5c420b9d921c484ca9e8
f03f70d331c6564aec8931f481949188
779dbb88e037a6ecc8ab352961dbb028
c2a07ca21ecad714821df647ada8ecaa

(以上は Lac の情報。 引用元は https://www.lac.co.jp/lacwatch/people/20170223_001224.html)

■ドメイン情報 - C&Cサーバ -

app[.]lehigtapp[.]com
apple[.]cmdnetview[.]com
area[.]wthelpdesk[.]com
art[.]p6p6[.]net
cao[.]p6p6[.]net
dcc[.]jimingroup[.]com
dick[.]ccfchrist[.]com
fiveavmersi[.]websegoo[.]net
gold[.]polopurple[.]com
idpmus[.]hostport9[.]net
img[.]microtoo[.]info
jimin[.]jimindaddy[.]com
kawasaki[.]cloud-maste[.]com
kawasaki[.]unhamj[.]com
kmd[.]crabdance[.]com
last[.]p6p6[.]net
mailj[.]hostport9[.]net
messagea[.]emailfound[.]info
newdata[.]ygto[.]com
news[.]100fanwen[.]com
quick[.]oldbmwy[.]com
sakai[.]unhamj[.]com
sat[.]suayay[.]com
sbuudd[.]webssl9[.]info
scorpion[.]poulsenv[.]com
sdmsg[.]onmypc[.]org
sendmsg[.]jumpingcrab[.]com
smo[.]gadskysun[.]com
stone[.]jumpincrab[.]com
sz[.]thedomais[.]info
trout[.]belowto[.]com
unspa[.]hostport9[.]net
vm[.]vmdnsup[.]org
vmyiersend[.]websago[.]info
zebra[.]wthelpdesk[.]com

(以上は Lac の情報。 引用元は https://www.lac.co.jp/lacwatch/people/20170223_001224.html)