TT Malware Log

マルウェア / サイバー攻撃 / 解析技術に関する「個人」の調査・研究・参照ログ

FBot aka Satori Is Back With New Peculiar Obfuscation, Brute-force Techniques

Malware: Satori / Okiru / Okiku / FBot (IoT)

【図表】

f:id:tanigawa:20200309040709p:plain
出典: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fbot-aka-satori-is-back-with-new-peculiar-obfuscation-brute-force-techniques

【概要】

Cipher Alphabet	MLSDFQWYXNCZRPOKGIUTABVHEJtfqomaechlynudwvjrxigkzsbp7890254163=@^$
Plain Alphabet	ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./ -

【ブログ】

◆FBot aka Satori Is Back With New Peculiar Obfuscation, Brute-force Techniques (Trendmicro, 2019/12/18)
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fbot-aka-satori-is-back-with-new-peculiar-obfuscation-brute-force-techniques

【インディケータ情報】

■ハッシュ情報(Sha256) - FBot -

51e208e0003ebcf2225f0482865dd03896f759c170f0be84649f666c13e1130c

(以上は Trendmicro の情報: 引用元は https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fbot-aka-satori-is-back-with-new-peculiar-obfuscation-brute-force-techniques )

■FQDN

Ohyaya.raiseyourdongers.pw

(以上は Trendmicro の情報: 引用元は https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fbot-aka-satori-is-back-with-new-peculiar-obfuscation-brute-force-techniques )

■IPアドレス/Port

5.206.227.65:7685

(以上は Trendmicro の情報: 引用元は https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fbot-aka-satori-is-back-with-new-peculiar-obfuscation-brute-force-techniques )

【検索】

google: 51e208e0003ebcf2225f0482865dd03896f759c170f0be84649f666c13e1130c

【VT検索】

https://www.virustotal.com/gui/file/51e208e0003ebcf2225f0482865dd03896f759c170f0be84649f666c13e1130c

https://www.virustotal.com/gui/ip-address/5.206.227.65

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023