TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究のログ

Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse

【ブログ】

◆Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse (Trendmicro, 2019/04/12)
https://blog.trendmicro.com/trendlabs-security-intelligence/miner-malware-spreads-beyond-china-uses-multiple-propagation-methods-including-eternalblue-powershell-abuse/


【インディケータ情報】

■ハッシュ情報 (Sha256)

3f28cace99d826b3fa6ed3030ff14ba77295d47a4b6785a190b7d8bc0f337e41 Trojan.PS1.MIMIKATZ.ADW
7c402add8feffadc6f07881d201cb21bc4b39df98709917949533f6febd53b6e Trojan.PS1.LUDICROUZ.A
aaef385a090d83639fb924c679b2ff22e90ae9377774674d537670a975513397 TrojanSpy.Win32.BEAHNY.THCACAI
e28b7c8b4fc37b0ef91f32bd856dd71599acd2f2071fcba4984cc331827c0e13 Trojan.PS1.PCASTLE.B
fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330


■ URL

hxxp://down.beahh.com/c32.dat
hxxp://down.beahh.com/new.dat?allv5
hxxp://ii.ackng.com/t.php?ID={Computer Name}&GUID={GUID}&MAC={MAC ADDRESS}&OS={OS Version&BIT={32/64}&CARD={VIDEO CARD INFORMATION}&_T={TIME}
hxxp://log.beahh.com/logging.php?ver=5p?src=wm&target
hxxp://oo.beahh.com/t.php?ID={Computer Name}&GUID={GUID}&MAC={MAC ADDRESS}&OS={OS Version&BIT={32/64}&CARD={VIDEO CARD INFORMATION}&_T={TIME}
hxxp://p.beahh.com/upgrade.php
hxxp://pp.abbny.com/t.php?ID={Computer Name}&GUID={GUID}&MAC={MAC ADDRESS}&OS={OS Version&BIT={32/64}&CARD={VIDEO CARD INFORMATION}&_T={TIME}
hxxp://v.beahh.com/wm?hp
hxxp://v.y6h.net/g?h
hxxp://v.y6h.net/g?l
lplp1.abbny.com:443
lplp1.ackng.com:443
lplp1.beahh.com:443


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2019