TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Hiding in plain sight: PhantomLance walks into a market

【ブログ】

◆Hiding in plain sight: PhantomLance walks into a market (Kaspersky, 2020/04/28 15:00)
https://securelist.com/apt-phantomlance/96772/


【IoC情報】

◆PhantomLance (2020/04/28)
https://ioc.hatenablog.com/entry/2020/04/28/000000


【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)
  ◆標的型攻撃組織 / APT (まとめ)

◆APT32 (まとめ)
https://malware-log.hatenablog.com/entry/APT32


【インディケータ情報】

■ハッシュ情報(Sha256) - PhantomLance malware -

2e06bbc26611305b28b40349a600f95c
b1990e19efaf88206f7bffe9df0d9419
7048d56d923e049ca7f3d97fb5ba9812
e648a2cc826707aec33208408b882e31
3285ae59877c6241200f784b62531694
8d5c64fdaae76bb74831c0543a7865c3
6bf9b834d841b13348851f2dc033773e
0d5c03da348dce513bf575545493f3e3
0e7c2adda3bc65242a365ef72b91f3a8
a795f662d10040728e916e1fd7570c1d
d23472f47833049034011cad68958b46
8b35b3956078fc28e5709c5439e4dcb0
af44bb0dd464680395230ade0d6414cd
65d399e6a77acf7e63ba771877f96f8e
79f06cb9281177a51278b2a33090c867
b107c35b4ca3e549bdf102de918749ba
83cd59e3ed1ba15f7a8cadfe9183e156
c399d93146f3d12feb32da23b75304ba
83c423c36ecda310375e8a1f4348a35e
94a3ca93f1500b5bd7fd020569e46589
54777021c34b0aed226145fde8424991
872a3dd2cd5e01633b57fa5b9ac4648d
243e2c6433815f2ecc204ada4821e7d6

(以上は Kaspersky の情報: 引用元は https://securelist.com/apt-phantomlance/96772/ )


■ハッシュ情報(Sha256) - PhantomLance payload-free versions -

a330456d7ca25c88060dc158049f3298
a097b8d49386c8aab0bb38bbfdf315b2
7285f44fa75c3c7a27bbb4870fc0cdca
b4706f171cf98742413d642b6ae728dc
8008bedaaebc1284b1b834c5fd9a7a71
0e7b59b601a1c7ecd6f2f54b5cd8416a

(以上は Kaspersky の情報: 引用元は https://securelist.com/apt-phantomlance/96772/ )


■ハッシュ情報(Sha256) - PAndroid campaign 2014-2017 -

0e7c2adda3bc65242a365ef72b91f3a8
50bfd62721b4f3813c2d20b59642f022
5079cb166df41233a1017d5e0150c17a
810ef71bb52ea5c3cfe58b8e003520dc
c630ab7b51f0c0fa38a4a0f45c793e24
ce5bae8714ddfca9eb3bb24ee60f042d
d61c18e577cfc046a6252775da12294f
fe15c0eacdbf5a46bc9b2af9c551f86a
07e01c2fa020724887fc39e5c97eccee
2e49775599942815ab84d9de13e338b3
315f8e3da94920248676b095786e26ad
641f0cc057e2ab43f5444c5547e80976

(以上は Kaspersky の情報: 引用元は https://securelist.com/apt-phantomlance/96772/ )


■FQDN - PhantomLance -

mine.remaariegarcia.com
egg.stralisemariegar.com
api.anaehler.com
cloud.anofrio.com
video.viodger.com
term.ursulapaulet.com
inc.graceneufville.com
log.osloger.biz
file.log4jv.info
news.sqllitlever.info
us.jaxonsorensen.club
staff.kristianfiedler.club
bit.catalinabonami.com
hr.halettebiermann.com
cyn.ettebiermahalet.com

(以上は Kaspersky の情報: 引用元は https://securelist.com/apt-phantomlance/96772/ )


■FQDN - Android campaign 2014-2017 -

mtk.baimind.com
ming.chujong.com
mokkha.goongnam.com
ckoen.dmkatti.com
sadma.knrowz.com
itpk.mostmkru.com
aki.viperse.com
game2015.net
taiphanmemfacebookmoi.info
nhaccuatui.android.zyngacdn.com
quam.viperse.com
jang.goongnam.com

(以上は Kaspersky の情報: 引用元は https://securelist.com/apt-phantomlance/96772/ )


【検索】

google: 2e06bbc26611305b28b40349a600f95c
google: b1990e19efaf88206f7bffe9df0d9419
google: 7048d56d923e049ca7f3d97fb5ba9812
google: e648a2cc826707aec33208408b882e31
google: 3285ae59877c6241200f784b62531694
google: 8d5c64fdaae76bb74831c0543a7865c3
google: 6bf9b834d841b13348851f2dc033773e
google: 0d5c03da348dce513bf575545493f3e3
google: 0e7c2adda3bc65242a365ef72b91f3a8
google: a795f662d10040728e916e1fd7570c1d
google: d23472f47833049034011cad68958b46
google: 8b35b3956078fc28e5709c5439e4dcb0
google: af44bb0dd464680395230ade0d6414cd
google: 65d399e6a77acf7e63ba771877f96f8e
google: 79f06cb9281177a51278b2a33090c867
google: b107c35b4ca3e549bdf102de918749ba
google: 83cd59e3ed1ba15f7a8cadfe9183e156
google: c399d93146f3d12feb32da23b75304ba
google: 83c423c36ecda310375e8a1f4348a35e
google: 94a3ca93f1500b5bd7fd020569e46589
google: 54777021c34b0aed226145fde8424991
google: 872a3dd2cd5e01633b57fa5b9ac4648d
google: 243e2c6433815f2ecc204ada4821e7d6

google: a330456d7ca25c88060dc158049f3298
google: a097b8d49386c8aab0bb38bbfdf315b2
google: 7285f44fa75c3c7a27bbb4870fc0cdca
google: b4706f171cf98742413d642b6ae728dc
google: 8008bedaaebc1284b1b834c5fd9a7a71
google: 0e7b59b601a1c7ecd6f2f54b5cd8416a

google: 0e7c2adda3bc65242a365ef72b91f3a8
google: 50bfd62721b4f3813c2d20b59642f022
google: 5079cb166df41233a1017d5e0150c17a
google: 810ef71bb52ea5c3cfe58b8e003520dc
google: c630ab7b51f0c0fa38a4a0f45c793e24
google: ce5bae8714ddfca9eb3bb24ee60f042d
google: d61c18e577cfc046a6252775da12294f
google: fe15c0eacdbf5a46bc9b2af9c551f86a
google: 07e01c2fa020724887fc39e5c97eccee
google: 2e49775599942815ab84d9de13e338b3
google: 315f8e3da94920248676b095786e26ad
google: 641f0cc057e2ab43f5444c5547e80976


【VT検索】

https://www.virustotal.com/gui/file/2e06bbc26611305b28b40349a600f95c
https://www.virustotal.com/gui/file/b1990e19efaf88206f7bffe9df0d9419
https://www.virustotal.com/gui/file/7048d56d923e049ca7f3d97fb5ba9812
https://www.virustotal.com/gui/file/e648a2cc826707aec33208408b882e31
https://www.virustotal.com/gui/file/3285ae59877c6241200f784b62531694
https://www.virustotal.com/gui/file/8d5c64fdaae76bb74831c0543a7865c3
https://www.virustotal.com/gui/file/6bf9b834d841b13348851f2dc033773e
https://www.virustotal.com/gui/file/0d5c03da348dce513bf575545493f3e3
https://www.virustotal.com/gui/file/0e7c2adda3bc65242a365ef72b91f3a8
https://www.virustotal.com/gui/file/a795f662d10040728e916e1fd7570c1d
https://www.virustotal.com/gui/file/d23472f47833049034011cad68958b46
https://www.virustotal.com/gui/file/8b35b3956078fc28e5709c5439e4dcb0
https://www.virustotal.com/gui/file/af44bb0dd464680395230ade0d6414cd
https://www.virustotal.com/gui/file/65d399e6a77acf7e63ba771877f96f8e
https://www.virustotal.com/gui/file/79f06cb9281177a51278b2a33090c867
https://www.virustotal.com/gui/file/b107c35b4ca3e549bdf102de918749ba
https://www.virustotal.com/gui/file/83cd59e3ed1ba15f7a8cadfe9183e156
https://www.virustotal.com/gui/file/c399d93146f3d12feb32da23b75304ba
https://www.virustotal.com/gui/file/83c423c36ecda310375e8a1f4348a35e
https://www.virustotal.com/gui/file/94a3ca93f1500b5bd7fd020569e46589
https://www.virustotal.com/gui/file/54777021c34b0aed226145fde8424991
https://www.virustotal.com/gui/file/872a3dd2cd5e01633b57fa5b9ac4648d
https://www.virustotal.com/gui/file/243e2c6433815f2ecc204ada4821e7d6

https://www.virustotal.com/gui/file/a330456d7ca25c88060dc158049f3298
https://www.virustotal.com/gui/file/a097b8d49386c8aab0bb38bbfdf315b2
https://www.virustotal.com/gui/file/7285f44fa75c3c7a27bbb4870fc0cdca
https://www.virustotal.com/gui/file/b4706f171cf98742413d642b6ae728dc
https://www.virustotal.com/gui/file/8008bedaaebc1284b1b834c5fd9a7a71
https://www.virustotal.com/gui/file/0e7b59b601a1c7ecd6f2f54b5cd8416a

https://www.virustotal.com/gui/file/0e7c2adda3bc65242a365ef72b91f3a8
https://www.virustotal.com/gui/file/50bfd62721b4f3813c2d20b59642f022
https://www.virustotal.com/gui/file/5079cb166df41233a1017d5e0150c17a
https://www.virustotal.com/gui/file/810ef71bb52ea5c3cfe58b8e003520dc
https://www.virustotal.com/gui/file/c630ab7b51f0c0fa38a4a0f45c793e24
https://www.virustotal.com/gui/file/ce5bae8714ddfca9eb3bb24ee60f042d
https://www.virustotal.com/gui/file/d61c18e577cfc046a6252775da12294f
https://www.virustotal.com/gui/file/fe15c0eacdbf5a46bc9b2af9c551f86a
https://www.virustotal.com/gui/file/07e01c2fa020724887fc39e5c97eccee
https://www.virustotal.com/gui/file/2e49775599942815ab84d9de13e338b3
https://www.virustotal.com/gui/file/315f8e3da94920248676b095786e26ad
https://www.virustotal.com/gui/file/641f0cc057e2ab43f5444c5547e80976

https://www.virustotal.com/gui/domain/mine.remaariegarcia.com
https://www.virustotal.com/gui/domain/egg.stralisemariegar.com
https://www.virustotal.com/gui/domain/api.anaehler.com
https://www.virustotal.com/gui/domain/cloud.anofrio.com
https://www.virustotal.com/gui/domain/video.viodger.com
https://www.virustotal.com/gui/domain/term.ursulapaulet.com
https://www.virustotal.com/gui/domain/inc.graceneufville.com
https://www.virustotal.com/gui/domain/log.osloger.biz
https://www.virustotal.com/gui/domain/file.log4jv.info
https://www.virustotal.com/gui/domain/news.sqllitlever.info
https://www.virustotal.com/gui/domain/us.jaxonsorensen.club
https://www.virustotal.com/gui/domain/staff.kristianfiedler.club
https://www.virustotal.com/gui/domain/bit.catalinabonami.com
https://www.virustotal.com/gui/domain/hr.halettebiermann.com
https://www.virustotal.com/gui/domain/cyn.ettebiermahalet.com

https://www.virustotal.com/gui/domain/mtk.baimind.com
https://www.virustotal.com/gui/domain/ming.chujong.com
https://www.virustotal.com/gui/domain/mokkha.goongnam.com
https://www.virustotal.com/gui/domain/ckoen.dmkatti.com
https://www.virustotal.com/gui/domain/sadma.knrowz.com
https://www.virustotal.com/gui/domain/itpk.mostmkru.com
https://www.virustotal.com/gui/domain/aki.viperse.com
https://www.virustotal.com/gui/domain/game2015.net
https://www.virustotal.com/gui/domain/taiphanmemfacebookmoi.info
https://www.virustotal.com/gui/domain/nhaccuatui.android.zyngacdn.com
https://www.virustotal.com/gui/domain/quam.viperse.com
https://www.virustotal.com/gui/domain/jang.goongnam.com


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020