2018-03-10

APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS

攻撃組織: APT15 / Ke3chang / Mirage / Vixen Panda / GREF / Playful Dragon /Albacore / Lurid *インディケータ情報

【ニュース】

◆APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS (nccgroup, 2018/03/10)
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/

【IoT情報】

◆APT15 (2018/03/10)
https://ioc.hatenablog.com/entry/2018/03/10/000000

◆APT15 (まとめ)
https://malware-log.hatenablog.com/entry/APT15

【インディケータ情報】

■ハッシュ情報(Sha256)

bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d	Royal DNS
750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b	BS2005
6ea9cc475d41ca07fa206eb84b10cf2bbd2392366890de5ae67241afa2f4269f	BS2005
6df9b712ff56009810c4000a0ad47e41b7a6183b69416251e060b5c80cd05785	RoyalCli
16b868d1bef6be39f69b4e976595e7bd46b6c0595cf6bc482229dbb9e64f1bce	MS Exchange Tool

【検索】

google: bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d
google: 750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b
google: 6ea9cc475d41ca07fa206eb84b10cf2bbd2392366890de5ae67241afa2f4269f
google: 6df9b712ff56009810c4000a0ad47e41b7a6183b69416251e060b5c80cd05785
google: 16b868d1bef6be39f69b4e976595e7bd46b6c0595cf6bc482229dbb9e64f1bce

【VT検索】

https://www.virustotal.com/gui/file/bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d
https://www.virustotal.com/gui/file/750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b
https://www.virustotal.com/gui/file/6ea9cc475d41ca07fa206eb84b10cf2bbd2392366890de5ae67241afa2f4269f
https://www.virustotal.com/gui/file/6df9b712ff56009810c4000a0ad47e41b7a6183b69416251e060b5c80cd05785
https://www.virustotal.com/gui/file/16b868d1bef6be39f69b4e976595e7bd46b6c0595cf6bc482229dbb9e64f1bce

TT Malware Log

マルウェア / サイバー攻撃 / 解析技術に関する「個人」の調査・研究・参照ログ

APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS