【ニュース】
◆米政府、北朝鮮によるマルウェア「FALLCHILL」を警告 (CNET, 2017/11/16 10:46)
https://japan.cnet.com/article/35110480/
【公開情報】
◆HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL (US-CERT, 2017/11/14)
https://www.us-cert.gov/ncas/alerts/TA17-318A
◆IOCs related to HIDDEN COBRA (US-CERT, 2017/11/14)
https://www.us-cert.gov/sites/default/files/publications/TA%20FALLCHILL%20IOCs.csv
◆Malware Analysis Report (MAR) - 10135536-A (US-CERT, 2017/11/14)
https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-A_WHITE_S508C.pdf
【インディケータ情報】
■ハッシュ情報(MD5)
- 1216da2b3d6e64075e8434be1058de06
■IPアドレス情報
- 125.212.132.222
- 175.100.189.174
- 81.0.213.173
- 98.101.211.162
- 181.119.19.118
- 181.119.19.141
- 181.119.19.196
- 181.119.19.5
- 181.119.19.50
- 181.119.19.54
- 181.119.19.56
- 181.119.19.58
- 181.119.19.74
- 190.105.225.232
- 41.92.208.194
- 41.92.208.196
- 41.92.208.197
- 209.183.21.222
- 190.82.74.66
- 190.82.86.164
- 111.207.78.204
- 119.10.74.66
- 122.114.89.131
- 122.114.94.26
- 139.217.27.203
- 221.208.194.72
- 221.235.53.229
- 77.78.100.101
- 81.0.213.173
- 62.243.45.227
- 117.232.100.154
- 59.90.93.138
- 125.160.213.239
- 27.123.221.66
- 36.71.90.4
- 191.233.33.177
- 200.57.90.108
- 5.79.99.169
- 203.160.191.116
- 196.25.89.30
- 82.223.213.115
- 82.223.73.81
- 91.116.139.195
- 195.74.38.115
- 210.202.40.35
- 104.192.193.149
- 173.0.129.65
- 173.0.129.83
- 191.234.40.112
- 199.167.100.46
- 208.180.64.10
- 208.78.33.70
- 208.78.33.82
- 216.163.20.178
- 50.62.168.157
- 64.29.144.201
- 66.175.41.191
- 66.232.121.65
- 66.242.128.11
- 66.242.128.12
- 66.242.128.13
- 66.242.128.134
- 66.242.128.140
- 66.242.128.158
- 66.242.128.162
- 66.242.128.163
- 66.242.128.164
- 66.242.128.170
- 66.242.128.173
- 66.242.128.179
- 66.242.128.181
- 66.242.128.185
- 66.242.128.186
- 66.242.128.223
- 71.125.1.130
- 71.125.1.132
- 71.125.1.133
- 71.125.1.138
- 72.167.53.183
- 75.103.110.134
- 96.65.90.58
- 98.101.211.140
- 98.101.211.170
- 98.101.211.251
- 98.113.84.130
- 98.159.16.132
- 197.211.212.14
