TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 / 攻撃組織 に関する「個人」の調査・研究・参照ログ

脅威:コンテナ環境を対象としたマルウェア「Kinsing」が増加中

【図表】

f:id:tanigawa:20200416065041j:plain
出典: https://www.creationline.com/lab/34036


【ブログ】

◆脅威:コンテナ環境を対象としたマルウェア「Kinsing」が増加中 (Creationline, 2020/04/08)
https://www.creationline.com/lab/34036


【インディケータ情報】

■ハッシュ情報(Sha256) - Kinsing -

0d3b26a8c65cf25356399cc5936a7210
6bffa50350be7234071814181277ae79
c4be7a3abc9f180d997dbb93937926ad
d9011709dd3da2649ed30bf2be52b99e

(以上は Aqua Security の情報: 引用元は https://www.creationline.com/lab/34036 )


■URL

hxxp://142.44.191.122/d.sh
hxxp://142.44.191.122/kinsing/
hxxp://142.44.191.122/al.sh
hxxp://142.44.191.122/cron.sh
hxxp://142.44.191.122/
hxxp://142.44.191.122/kinsing
hxxp://142.44.191.122/ex.sh
hxxp://185.92.74.42/w.sh
hxxp://185.92.74.42/d.sh
hxxp://217.12.221.244/
hxxp://217.12.221.24/d.sh
hxxp://217.12.221.244/kinsing
hxxp://217.12.221.244/j.sh
hxxp://217.12.221.244/t.sh
hxxp://217.12.221.244/spr.sh
hxxp://217.12.221.244/spre.sh
hxxp://217.12.221.244/p.sh
hxxp://217.12.221.244/Application.jar
hxxp://217.12.221.244/f.sh
hxxp://www.traffclick.ru/
hxxp://www.mechta-dachnika-tut.ru/
hxxp://www.rus-wintrillions-com.ru/
hxxp://rus-wintrillions-com.ru/
hxxp://stroitelnye-jekologicheskie-materialy2016.ru

(以上は Aqua Security の情報: 引用元は https://www.creationline.com/lab/34036 )


■IPアドレス

45.10.88.102
91.215.169.111
193.33.87.219

(以上は Aqua Security の情報: 引用元は https://www.creationline.com/lab/34036 )


【検索】

google: Kinsing

google: 0d3b26a8c65cf25356399cc5936a7210
google: 6bffa50350be7234071814181277ae79
google: c4be7a3abc9f180d997dbb93937926ad
google: d9011709dd3da2649ed30bf2be52b99e


【VT検索】

https://www.virustotal.com/gui/file/0d3b26a8c65cf25356399cc5936a7210
https://www.virustotal.com/gui/file/6bffa50350be7234071814181277ae79
https://www.virustotal.com/gui/file/c4be7a3abc9f180d997dbb93937926ad
https://www.virustotal.com/gui/file/d9011709dd3da2649ed30bf2be52b99e

https://www.virustotal.com/gui/url/http://142.44.191.122/d.sh
https://www.virustotal.com/gui/url/http://142.44.191.122/kinsing/
https://www.virustotal.com/gui/url/http://142.44.191.122/al.sh
https://www.virustotal.com/gui/url/http://142.44.191.122/cron.sh
https://www.virustotal.com/gui/url/http://142.44.191.122/
https://www.virustotal.com/gui/url/http://142.44.191.122/kinsing
https://www.virustotal.com/gui/url/http://142.44.191.122/ex.sh
https://www.virustotal.com/gui/url/http://185.92.74.42/w.sh
https://www.virustotal.com/gui/url/http://185.92.74.42/d.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/
https://www.virustotal.com/gui/url/http://217.12.221.24/d.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/kinsing
https://www.virustotal.com/gui/url/http://217.12.221.244/j.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/t.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/spr.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/spre.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/p.sh
https://www.virustotal.com/gui/url/http://217.12.221.244/Application.jar
https://www.virustotal.com/gui/url/http://217.12.221.244/f.sh
https://www.virustotal.com/gui/url/http://www.traffclick.ru/
https://www.virustotal.com/gui/url/http://www.mechta-dachnika-tut.ru/
https://www.virustotal.com/gui/url/http://www.rus-wintrillions-com.ru/
https://www.virustotal.com/gui/url/http://rus-wintrillions-com.ru/
https://www.virustotal.com/gui/url/http://stroitelnye-jekologicheskie-materialy2016.ru

https://www.virustotal.com/gui/ip-address/45.10.88.102
https://www.virustotal.com/gui/ip-address/91.215.169.111
https://www.virustotal.com/gui/ip-address/193.33.87.219


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023