TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

No “Game over” for the Winnti Group

【ブログ】

◆No “Game over” for the Winnti Group (Welivesecurity(ESET), 2020/05/21 11:30)

The notorious APT group continues to play the video game industry with yet another backdoor

https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/

【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)
  ◆標的型攻撃組織 / APT (まとめ)

◆Winnti / APT41 (まとめ)
https://malware-log.hatenablog.com/entry/Winnti


【インディケータ情報】

■ハッシュ情報(Sha256) - First stage -

4B90E2E2D1DEA7889DC15059E11E11353FA621A6
C7A9DCD4F9B2F26F50E8DD7F96352AEC7C4123FE
3508EB2857E279E0165DE5AD7BBF811422959158
729D526E75462AA8D33A1493B5A77CB28DD654BC
5663AF9295F171FDD41A6D819094A5196920AA4B

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - PipeMon -

23789B2C9F831E385B22942DBC22F085D62B48C7
53C5AE2655808365F1030E1E06982A7A6141E47F
E422CC1D7B2958A59F44EE6D1B4E10B524893E9D
5BB96743FEB1C3375A6E2660B8397C68BEF4AAC2
78F4ACD69DC8F9477CAB9C732C91A92374ADCACD
B56D8F826FA8E073E6AD1B99B433EAF7501F129E
534CD47EB38FEE7093D24BAC66C2CF8DF24C7D03

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - PipeMon encrypted binaries -

168101B9B3B512583B3CE6531CFCE6E5FB581409
C887B35EA883F8622F7C48EC9D0427AFE833BF46
44D0A2A43ECC8619DE8DB99C1465DB4E3C8FF995
E17972F1A3C667EEBB155A228278AA3B5F89F560
C03BE8BB8D03BE24A6C5CF2ED14EDFCEFA8E8429
2B0481C61F367A99987B7EC0ADE4B6995425151C

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - WinEggDrop -

AF9C220D177B0B54A790C6CC135824E7C829B681

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - Mimikatz -

4A240EDEF042AE3CE47E8E42C2395DB43190909D

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - Netcat -

751A9CBFFEC28B22105CDCAF073A371DE255F176

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - HTran -

48230228B69D764F71A7BF8C08C85436B503109E

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - AceHash -

D24BBB898A4A301870CAB85F836090B0FC968163

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■ハッシュ情報(Sha256) - Code-signing certificate SHA-1 thumbprints -

745EAC99E03232763F98FB6099F575DFC7BDFAA3
2830DE648BF0A521320036B96CE0D82BEF05994C

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■FQDN - C&C -

n8.ahnlabinc[.]com
owa.ahnlabinc[.]com
ssl2.ahnlabinc[.]com
www2.dyn.tracker[.]com
ssl2.dyn-tracker[.]com
client.gnisoft[.]com
nmn.nhndesk[.]com
ssl.lcrest[.]com

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


■IPアドレス - C&C -

154.223.215[.]116
203.86.239[.]113

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ )


【検索】

google: 4B90E2E2D1DEA7889DC15059E11E11353FA621A6
google: C7A9DCD4F9B2F26F50E8DD7F96352AEC7C4123FE
google: 3508EB2857E279E0165DE5AD7BBF811422959158
google: 729D526E75462AA8D33A1493B5A77CB28DD654BC
google: 5663AF9295F171FDD41A6D819094A5196920AA4B

google: 23789B2C9F831E385B22942DBC22F085D62B48C7
google: 53C5AE2655808365F1030E1E06982A7A6141E47F
google: E422CC1D7B2958A59F44EE6D1B4E10B524893E9D
google: 5BB96743FEB1C3375A6E2660B8397C68BEF4AAC2
google: 78F4ACD69DC8F9477CAB9C732C91A92374ADCACD
google: B56D8F826FA8E073E6AD1B99B433EAF7501F129E
google: 534CD47EB38FEE7093D24BAC66C2CF8DF24C7D03

google: 168101B9B3B512583B3CE6531CFCE6E5FB581409
google: C887B35EA883F8622F7C48EC9D0427AFE833BF46
google: 44D0A2A43ECC8619DE8DB99C1465DB4E3C8FF995
google: E17972F1A3C667EEBB155A228278AA3B5F89F560
google: C03BE8BB8D03BE24A6C5CF2ED14EDFCEFA8E8429
google: 2B0481C61F367A99987B7EC0ADE4B6995425151C

google: AF9C220D177B0B54A790C6CC135824E7C829B681

google: 4A240EDEF042AE3CE47E8E42C2395DB43190909D

google: 751A9CBFFEC28B22105CDCAF073A371DE255F176

google: 48230228B69D764F71A7BF8C08C85436B503109E

google: D24BBB898A4A301870CAB85F836090B0FC968163

google: 745EAC99E03232763F98FB6099F575DFC7BDFAA3
google: 2830DE648BF0A521320036B96CE0D82BEF05994C


【VT検索】

https://www.virustotal.com/gui/file/4B90E2E2D1DEA7889DC15059E11E11353FA621A6
https://www.virustotal.com/gui/file/C7A9DCD4F9B2F26F50E8DD7F96352AEC7C4123FE
https://www.virustotal.com/gui/file/3508EB2857E279E0165DE5AD7BBF811422959158
https://www.virustotal.com/gui/file/729D526E75462AA8D33A1493B5A77CB28DD654BC
https://www.virustotal.com/gui/file/5663AF9295F171FDD41A6D819094A5196920AA4B

https://www.virustotal.com/gui/file/23789B2C9F831E385B22942DBC22F085D62B48C7
https://www.virustotal.com/gui/file/53C5AE2655808365F1030E1E06982A7A6141E47F
https://www.virustotal.com/gui/file/E422CC1D7B2958A59F44EE6D1B4E10B524893E9D
https://www.virustotal.com/gui/file/5BB96743FEB1C3375A6E2660B8397C68BEF4AAC2
https://www.virustotal.com/gui/file/78F4ACD69DC8F9477CAB9C732C91A92374ADCACD
https://www.virustotal.com/gui/file/B56D8F826FA8E073E6AD1B99B433EAF7501F129E
https://www.virustotal.com/gui/file/534CD47EB38FEE7093D24BAC66C2CF8DF24C7D03

https://www.virustotal.com/gui/file/168101B9B3B512583B3CE6531CFCE6E5FB581409
https://www.virustotal.com/gui/file/C887B35EA883F8622F7C48EC9D0427AFE833BF46
https://www.virustotal.com/gui/file/44D0A2A43ECC8619DE8DB99C1465DB4E3C8FF995
https://www.virustotal.com/gui/file/E17972F1A3C667EEBB155A228278AA3B5F89F560
https://www.virustotal.com/gui/file/C03BE8BB8D03BE24A6C5CF2ED14EDFCEFA8E8429
https://www.virustotal.com/gui/file/2B0481C61F367A99987B7EC0ADE4B6995425151C

https://www.virustotal.com/gui/file/AF9C220D177B0B54A790C6CC135824E7C829B681

https://www.virustotal.com/gui/file/4A240EDEF042AE3CE47E8E42C2395DB43190909D

https://www.virustotal.com/gui/file/751A9CBFFEC28B22105CDCAF073A371DE255F176

https://www.virustotal.com/gui/file/48230228B69D764F71A7BF8C08C85436B503109E

https://www.virustotal.com/gui/file/D24BBB898A4A301870CAB85F836090B0FC968163

https://www.virustotal.com/gui/file/745EAC99E03232763F98FB6099F575DFC7BDFAA3
https://www.virustotal.com/gui/file/2830DE648BF0A521320036B96CE0D82BEF05994C


https://www.virustotal.com/gui/domain/n8.ahnlabinc.com
https://www.virustotal.com/gui/domain/owa.ahnlabinc.com
https://www.virustotal.com/gui/domain/ssl2.ahnlabinc.com
https://www.virustotal.com/gui/domain/www2.dyn.tracker.com
https://www.virustotal.com/gui/domain/ssl2.dyn-tracker.com
https://www.virustotal.com/gui/domain/client.gnisoft.com
https://www.virustotal.com/gui/domain/nmn.nhndesk.com
https://www.virustotal.com/gui/domain/ssl.lcrest.com

https://www.virustotal.com/gui/ip-address/154.223.215.116
https://www.virustotal.com/gui/ip-address/203.86.239.113


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020