【図表】
出典: https://www.creationline.com/lab/34036
【ブログ】
◆脅威:コンテナ環境を対象としたマルウェア「Kinsing」が増加中 (Creationline, 2020/04/08)
https://www.creationline.com/lab/34036
【インディケータ情報】
■ハッシュ情報(Sha256) - Kinsing -
0d3b26a8c65cf25356399cc5936a7210
6bffa50350be7234071814181277ae79
c4be7a3abc9f180d997dbb93937926ad
d9011709dd3da2649ed30bf2be52b99e
(以上は Aqua Security の情報: 引用元は https://www.creationline.com/lab/34036 )
■URL
hxxp://142.44.191.122/d.sh
hxxp://142.44.191.122/kinsing/
hxxp://142.44.191.122/al.sh
hxxp://142.44.191.122/cron.sh
hxxp://142.44.191.122/
hxxp://142.44.191.122/kinsing
hxxp://142.44.191.122/ex.sh
hxxp://185.92.74.42/w.sh
hxxp://185.92.74.42/d.sh
hxxp://217.12.221.244/
hxxp://217.12.221.24/d.sh
hxxp://217.12.221.244/kinsing
hxxp://217.12.221.244/j.sh
hxxp://217.12.221.244/t.sh
hxxp://217.12.221.244/spr.sh
hxxp://217.12.221.244/spre.sh
hxxp://217.12.221.244/p.sh
hxxp://217.12.221.244/Application.jar
hxxp://217.12.221.244/f.sh
hxxp://www.traffclick.ru/
hxxp://www.mechta-dachnika-tut.ru/
hxxp://www.rus-wintrillions-com.ru/
hxxp://rus-wintrillions-com.ru/
hxxp://stroitelnye-jekologicheskie-materialy2016.ru
(以上は Aqua Security の情報: 引用元は https://www.creationline.com/lab/34036 )
■IPアドレス
45.10.88.102
91.215.169.111
193.33.87.219
(以上は Aqua Security の情報: 引用元は https://www.creationline.com/lab/34036 )
【検索】
google: 0d3b26a8c65cf25356399cc5936a7210
google: 6bffa50350be7234071814181277ae79
google: c4be7a3abc9f180d997dbb93937926ad
google: d9011709dd3da2649ed30bf2be52b99e
【VT検索】
https://www.virustotal.com/gui/file/0d3b26a8c65cf25356399cc5936a7210
https://www.virustotal.com/gui/file/6bffa50350be7234071814181277ae79
https://www.virustotal.com/gui/file/c4be7a3abc9f180d997dbb93937926ad
https://www.virustotal.com/gui/file/d9011709dd3da2649ed30bf2be52b99e
https://www.virustotal.com/gui/url/http://142.44.191.122/d.sh
https://www.virustotal.com/gui/url/http://142.44.191.122/kinsing/
https://www.virustotal.com/gui/url/http://142.44.191.122/al.sh
https://www.virustotal.com/gui/url/http://142.44.191.122/cron.sh
https://www.virustotal.com/gui/url/http://142.44.191.122/
https://www.virustotal.com/gui/url/http://142.44.191.122/kinsing
https://www.virustotal.com/gui/url/http://142.44.191.122/ex.sh
https://www.virustotal.com/gui/url/http://185.92.74.42/w.sh
https://www.virustotal.com/gui/url/http://185.92.74.42/d.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/
https://www.virustotal.com/gui/url/http://217.12.221.24/d.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/kinsing
https://www.virustotal.com/gui/url/http://217.12.221.244/j.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/t.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/spr.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/spre.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/p.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/Application.jar
https://www.virustotal.com/gui/url/http://217.12.221.244/f.sh
https://www.virustotal.com/gui/url/http://www.traffclick.ru/
https://www.virustotal.com/gui/url/http://www.mechta-dachnika-tut.ru/
https://www.virustotal.com/gui/url/http://www.rus-wintrillions-com.ru/
https://www.virustotal.com/gui/url/http://rus-wintrillions-com.ru/
https://www.virustotal.com/gui/url/http://stroitelnye-jekologicheskie-materialy2016.ru
https://www.virustotal.com/gui/ip-address/45.10.88.102
https://www.virustotal.com/gui/ip-address/91.215.169.111
https://www.virustotal.com/gui/ip-address/193.33.87.219
