【ブログ】
◆産業制御システム(ICS)への新たな攻撃フレームワーク「TRITON」が重要インフラの運用停止を誘発 (FireEye, 2017/12/14)
https://www.fireeye.jp/company/press-releases/2017/attackers-deploy-new-ics-attack-framework-triton.html
◆Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure (FireEye, 2017/12/14)
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
【関連まとめ記事】
◆全体まとめ
◆マルウェア / Malware (まとめ)
◆破壊型マルウェア (まとめ)
◆Triton / Trisis (まとめ)
http://malware-log.hatenablog.com/entry/Triton
【インディケータ情報】
■ハッシュ情報(Sha256) - Triton-
08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949
1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42
2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326
5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32
5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14
758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272
bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59
c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1
e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230
(以上は FireEyeの情報: 引用元は https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html)
08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949 | imain.bin |
1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42 | TsBase.pyc |
2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326 | TS_cnames.pyc |
5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32 | TsLow.pyc |
5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14 | inject.bin |
758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272 | TsHi.pyc |
bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59 | library.zip |
c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1 | sh.pyc |
e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230 | trilog.exe |
■ハッシュ情報(MD5) - Triton-
0544d425c7555dc4e9d76b571f31f500
0face841f7b2953e7c29c064d6886523
27c69aa39024d21ea109cc9c9d944a04
288166952f934146be172f6353e9a1f5
437f135ba179959a580412e564d3107f
6c39c3f4a08d3d78f2eb973a94bd7718
8b675db417cc8b23f4c43f3de5c83438
e98f4f3505f05bf90e17554fbc97bba9
f6b3a73c8c87506acda430671360ce15
(以上は FireEyeの情報: 引用元は https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html)
0544d425c7555dc4e9d76b571f31f500 | inject.bin |
0face841f7b2953e7c29c064d6886523 | library.zip |
27c69aa39024d21ea109cc9c9d944a04 | TsHi.pyc |
288166952f934146be172f6353e9a1f5 | TsBase.pyc |
437f135ba179959a580412e564d3107f | imain.bin |
6c39c3f4a08d3d78f2eb973a94bd7718 | trilog.exe |
8b675db417cc8b23f4c43f3de5c83438 | sh.pyc |
e98f4f3505f05bf90e17554fbc97bba9 | TS_cnames.pyc |
f6b3a73c8c87506acda430671360ce15 | TsLow.pyc |
【検索】
google: 08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949
google: 1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42
google: 2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326
google: 5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32
google: 5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14
google: 758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272
google: bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59
google: c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1
google: e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230
google: 0544d425c7555dc4e9d76b571f31f500
google: 0face841f7b2953e7c29c064d6886523
google: 27c69aa39024d21ea109cc9c9d944a04
google: 288166952f934146be172f6353e9a1f5
google: 437f135ba179959a580412e564d3107f
google: 6c39c3f4a08d3d78f2eb973a94bd7718
google: 8b675db417cc8b23f4c43f3de5c83438
google: e98f4f3505f05bf90e17554fbc97bba9
google: f6b3a73c8c87506acda430671360ce15
]
【VT検索】
https://www.virustotal.com/gui/file/08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949
https://www.virustotal.com/gui/file/1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42
https://www.virustotal.com/gui/file/2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326
https://www.virustotal.com/gui/file/5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32
https://www.virustotal.com/gui/file/5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14
https://www.virustotal.com/gui/file/758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272
https://www.virustotal.com/gui/file/bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59
https://www.virustotal.com/gui/file/c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1
https://www.virustotal.com/gui/file/e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230
https://www.virustotal.com/gui/file/0544d425c7555dc4e9d76b571f31f500
https://www.virustotal.com/gui/file/0face841f7b2953e7c29c064d6886523
https://www.virustotal.com/gui/file/27c69aa39024d21ea109cc9c9d944a04
https://www.virustotal.com/gui/file/288166952f934146be172f6353e9a1f5
https://www.virustotal.com/gui/file/437f135ba179959a580412e564d3107f
https://www.virustotal.com/gui/file/6c39c3f4a08d3d78f2eb973a94bd7718
https://www.virustotal.com/gui/file/8b675db417cc8b23f4c43f3de5c83438
https://www.virustotal.com/gui/file/e98f4f3505f05bf90e17554fbc97bba9
https://www.virustotal.com/gui/file/f6b3a73c8c87506acda430671360ce15