出典: https://gblogs.cisco.com/jp/2017/10/talos-fin7-stealer/
【ブログ】
◆FIN7 グループ、新たな攻撃に JavaScript と情報を窃取する DLL の亜種を使用 (CISCO, 2017/10/12)
https://gblogs.cisco.com/jp/2017/10/talos-fin7-stealer/
【インディケータ情報】
■ハッシュ情報(Sha256)
- 6bc8770206c5f2bb4079f7583615adeb4076f2e2d0c655fbafedd9669dc3a213
- df22408833b2ae58f0d3e2fe87581be31972ef56e0ebf5efafc4e6e0341b5521
- 2b4991b2a2792436b50404dcf6310ef2af2573505810ebac08e32f17aee3fbbe
- ebca565e21a42300e19f250f84b927fa3b32debf3fe13003a4aa5b71ed5cbee9
- 6604d806eb68fdf914dfb6bbf907a4f2bd9b8757fc4da4e7c5e4de141b8d4e2c
- 91f028b1ade885bae2e0c6c3be2f3c3dc692830b45d4cf1a070a0bd159f1f676
- ad578311d43d3aea3a5b2908bc6e408b499cc832723225ff915d9a7bc36e0aa4
- fadb57aa7a82dbcb2e40c034f52096b63801efc040dd8559a4b8fc873bc962a1
- 91f028b1ade885bae2e0c6c3be2f3c3dc692830b45d4cf1a070a0bd159f1f676
- 74a5471c3aa6f9ce0c806e85929c2816ac39082f7fea8dbe8e4e98e986d4be78
- f73c7ed3765fec13ffd79aef97de519cfbd6a332e81b8a247fe7d1ccb1946c9c
■IPアドレス(C&Cサーバ)
- 104.232.34.36
- 5.149.253.126
- 185.180.197.20
- 195.54.162.79
- 31.148.219.18
■URL(C&Cサーバ)
- hxxps://script.google.com/macros/s/AKfycbxvGGF-QBkaNIWCBFgjohBtkmyfyRpvm91yCGEvzgDvAJdqfW8_/exec
- hxxps://script.google.com/macros/s/AKfycbz6dmNJfCPwFchoq6WkJsMjQu22SJTJ9pxMUeQR7bCpmJhW6Bg2/exec
- hxxps://script.google.com/macros/s/AKfycbwkNc-8rk0caDWO5I4KMymvOXVinfOpR1eevZ63xiXDvcoqOE6p/exec
- hxxps://script.google.com/macros/s/AKfycbxyiIBW9SHUFV4S5JM6IW-dmVADFOrTJDM7bZspeBf2Kpf4IN0/exec