TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 / 攻撃組織に関する「個人」の調査・研究・参照ログ

Bisonal Malware Used in Attacks Against Russia and South Korea

Ransomware: Bisonal / Korlia (RAT) 国: ロシア国: 韓国

【ブログ】

◆Bisonal Malware Used in Attacks Against Russia and South Korea (Paloalto, 2018/07/31 05:00)
https://unit42.paloaltonetworks.com/unit42-bisonal-malware-used-attacks-russia-south-korea/

【IoC情報】

◆Bisonal (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2018/07/31/000000

【関連まとめ記事】

◆全体まとめ
　◆マルウェア / Malware (まとめ)
　　◆標的型攻撃マルウェア (まとめ)

◆Bisonal (まとめ)
https://malware-log.hatenablog.com/entry/Bisonal

【インディケータ情報】

■ハッシュ情報(Sha256) - Dropper -

B1DA7E1963DC09C325BA3EA2442A54AFEA02929EC26477A1B120AE44368082F8
0641FE04713FBDAD272A6F8E9B44631B7554DFD1E1332A8AFA767D845A90B3FA

(以上は Unit42(Paloalto) の情報: 引用元はhttps://unit42.paloaltonetworks.com/unit42-bisonal-malware-used-attacks-russia-south-korea/ )

■ハッシュ情報(Sha256) - Bisonal -

43459F5117BEE7B49F2CEE7CE934471E01FB2AA2856F230943460E14E19183A6
DFA1AD6083AA06B82EDFA672925BB78C16D4E8CB2510CBE18EA1CF598E7F2722
1128D10347DD602ECD3228FAA389ADD11415BF6936E2328101311264547AFA75
359835C4A9DBE2D95E483464659744409E877CB6F5D791DAA33FD601A01376FC

(以上は Unit42(Paloalto) の情報: 引用元はhttps://unit42.paloaltonetworks.com/unit42-bisonal-malware-used-attacks-russia-south-korea/ )

■IPアドレス

196.44.49.154
116.193.155.38

(以上は Unit42(Paloalto) の情報: 引用元はhttps://unit42.paloaltonetworks.com/unit42-bisonal-malware-used-attacks-russia-south-korea/ )

■FQDN

jennifer998.lookin.at
www.hosting.tempors.com
kted56erhg.dynssl.com
euiro8966.organiccrap.com
games.my-homeip.com

(以上は Unit42(Paloalto) の情報: 引用元はhttps://unit42.paloaltonetworks.com/unit42-bisonal-malware-used-attacks-russia-south-korea/ )

【検索】

google: B1DA7E1963DC09C325BA3EA2442A54AFEA02929EC26477A1B120AE44368082F8
google: 0641FE04713FBDAD272A6F8E9B44631B7554DFD1E1332A8AFA767D845A90B3FA

google: 43459F5117BEE7B49F2CEE7CE934471E01FB2AA2856F230943460E14E19183A6
google: DFA1AD6083AA06B82EDFA672925BB78C16D4E8CB2510CBE18EA1CF598E7F2722
google: 1128D10347DD602ECD3228FAA389ADD11415BF6936E2328101311264547AFA75
google: 359835C4A9DBE2D95E483464659744409E877CB6F5D791DAA33FD601A01376FC

【VT検索】

https://www.virustotal.com/gui/file/B1DA7E1963DC09C325BA3EA2442A54AFEA02929EC26477A1B120AE44368082F8
https://www.virustotal.com/gui/file/0641FE04713FBDAD272A6F8E9B44631B7554DFD1E1332A8AFA767D845A90B3FA

https://www.virustotal.com/gui/file/43459F5117BEE7B49F2CEE7CE934471E01FB2AA2856F230943460E14E19183A6
https://www.virustotal.com/gui/file/DFA1AD6083AA06B82EDFA672925BB78C16D4E8CB2510CBE18EA1CF598E7F2722
https://www.virustotal.com/gui/file/1128D10347DD602ECD3228FAA389ADD11415BF6936E2328101311264547AFA75
https://www.virustotal.com/gui/file/359835C4A9DBE2D95E483464659744409E877CB6F5D791DAA33FD601A01376FC

https://www.virustotal.com/gui/ip-address/196.44.49.154
https://www.virustotal.com/gui/ip-address/116.193.155.38

https://www.virustotal.com/gui/domain/jennifer998.lookin.at
https://www.virustotal.com/gui/domain/www.hosting.tempors.com
https://www.virustotal.com/gui/domain/kted56erhg.dynssl.com
https://www.virustotal.com/gui/domain/euiro8966.organiccrap.com
https://www.virustotal.com/gui/domain/games.my-homeip.com

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023