TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

【ニュース】

◆IndigoDrop spreads via military-themed lures to deliver Cobalt Strike (Talos(CISCO), 2020/06/22)
https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html


【関連情報】

◆軍事関連文書を装った Office ドキュメントで標的を誘い込み Cobalt Strike を仕掛ける IndigoDrop が拡散中 (Talos(CISCO), 2020/07/03)
https://gblogs.cisco.com/jp/2020/07/talos-indigodrop-maldocs-cobalt-strike/


【IoC情報】

◆IndigoDrop (2020/06/22)
https://ioc.hatenablog.com/entry/2020/06/22/000000

◆IndigoDrop spreads via military-themed lures to deliver Cobalt Strike (Talos(CISCO), 2020/06/22)
https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html
https://malware-log.hatenablog.com/entry/2020/06/22/000000_4


【インディケータ情報】

■ハッシュ情報(Sha256) - IndigoDrop (Maldoc) -

7a5b645a6ea07f1420758515661051cff71cdb34d2df25de6a62ceb15896a1b6
b11dbaf0dd37dd4079bfdb0c6246e53bc75b25b3a260c380bb92fcaec30ec89b
aeb38a11ffc62ead9cdabba1e6aa5fce28502a361725f69586c70e16de70df2c
71c88a59b16dbcf7f061d01ea2015658136a8d4af60beb01caa94eeb74c733cd
ab209db9694a3b69427fc5857a8a47d0822db4d8372434fc091dfc3e85510719
4a6990be2d43f482fe2ab377b5e798da47ba7e02f23dfb6dba26b5011e222d25
7deeb35d7e88b769d286cc7892ee5966a27c39f03c8ac12dec21733faeffa350

(以上は Talos(CISCO)の情報: 引用元は https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html )


■ハッシュ情報(Sha256) - IndigoDrop (Dropper) -

3bb90869523233cf965cf4a171d255c891c0179afd6d28198aa2af4e934f0055
570ef552b426f8337514ebdcb5935a132e5a8851a7252528c49d6d0d4aba34d9
059606e707a90333528043bdefbc7a55a27205aabed0ccd46c3966c2a53eea4e
1cda23e924ca606593a31ad54973266676c6540487a3baa29992c172d380bbd6
23091a9383704d22468f6e54babd57e64ced344900e5d3d693daf8bf609c997b
a2bf84f96f8d616ea248ac8f7bbb9d31b22920be4b3991982be0a88326303470
3cfbf274265860f176d6dbfad4df45a9c6953b71f9f439c87aeac36b38fde5b5
c31afceaef91380c658e4d77a78689cafb0f4179f3b251200e969195cbf4cf7b
1c3f185951b21d35f13b2a999a5d4d6b6db8f4b913e3b198fb2c86d4cd0b7781
852d4c98a786cb2b0fb10b4513163e3934b66e4d95a66de8ddcc6abc066dc61d
78ff0507cac9828fb94595d702cd2c22b8bec7a57c2159b78c924c0d0d5f8ccb
e40bdd8ff9e6432008afd54d6d526049ac6bd925dadc2b5a38f78c96df950d1a
cc0787025b297ed80e322d30b655d7c84c7c3a0d18c2089b4f545a03214b7557
e2db20377e8cc65c4cf262df15e47fc21b9a9f83fb7931d44b8d28c6b9ffc0f1
a319395e6cf01edb4c6ca879f36a11f4cf33b58657de379123851c63da6a3ef4
bec281baf1312fd059a315d5890ac3c959909047b3473103b069e5ca2ba2fdd1
e9b00f6f47eb70b35713bf7afd345a197f6d290afb8d2684afd8345edc086b29
c9ee415401566139237b14373f6a7a36013b6af693c729b9a5c21cc40e0ad5c6
f9a344c251dc391c5d12e8011185fe033b5ae902c5a866ccd8d8b49881b17151
3e196c77c006e299f26fb05df15644366433fceed73219e0ba6acef0b881531b
5a1a9a6bfc422bd547536e340725328cb04fd72587d83f7e06682abdeddb69a7
95bb65edc9e8e070680e0c85f72927a2bbb553f96fc1078d85e7df7a02c15165
365af2ddad27701d9d17a069b21dc95d39a2d2c5f78bea655db9123ff05fe086
b9c703dba1977fb34e9f6ac49ccdd0efb752ed010939d54f30f8d91358a9214d
7b0494937fd5a2bedf94999553d37e6049e45b935732a594e833078ed483a5ed
d6f62ce9696887693081373b87792fa53617f8412fa8e6b1a7de1a01070a9bae
d3f3df7cf1ece2519829ee75d29ca054e8233896b7fe50b41eaafda497ff0498
82155aaf86ba3555d5e809500c67da51e1586a6a97a9755870e22900c8790019
b3650199d6713d669992eebb3c4f05c80a97c470596170b5be16257b73785957
8f1abb122f35e66f20bd345323fb5eb8dbdbde785137c80c1e55fdaf525520bd
aa05a822f26a493efb27046f772790cc67cca29cd9f842b7bc6df2b391ce2ff8
59fd696f95182be1a51011caec172c5461ddacd556a43c329d939842cf7e7d7f

(以上は Talos(CISCO)の情報: 引用元は https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html )



■ハッシュ情報(Sha256) - IndigoDrop (Pyrhon Module Exes) -

3aa06700a22808978744aa83d9e084c358517f60525c89236f142b7aa2ce0bef
85e69341f2fe9b97cf0bc81dc63917e62bb17072bcd20fc6125d241623e68660
3066e859109397180c63797c4b779633569ac0c88b54c7cf73752f7895f39629
4260de850b4003c9d4663afea00ba57ec02761f687dba1117ded0a8b20c6b5bb
a657bb83fe62e4b555d20463bf090f3349e55e1560507f2197a42c2c3f152667
ce438b0d30dd1c221e3c7ab99585acb4254deaf68bdfb8fc73eb206d8fd04771

(以上は Talos(CISCO)の情報: 引用元は https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html )


■ハッシュ情報(Sha256) - COBALT STRIKE BEACON HASHES -

482858b70888acf67a5c2d30ddee61ca7b57ff856feaad9a2fa2b5d4bc0bbd7d
689f7d3f0def72248c4ff4b30da5022ec808a20e99b139e097c2a0d0ba5bab66
dbb5bba499e0ab07e545055d46acf3f78b5ed35fff83d9c88ce57c6455c02091
e37a0b4145f22ce7f7478918320c019a6014060cb033aafec18a8d130c4c426b
4b0c2f790c7b9c84517648bb36964c859629736dab1fa5466d91bd23f69c9b55
c2d9bbd5163a8e733483bf5d0d4959f053a2307d275b81eb38e69d87f1f5df7e
a0cfec815cb74a7671265fd5e0790a2a79c05fe0ef16d2d0c87584049d06658b

(以上は Talos(CISCO)の情報: 引用元は https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html )

■ハッシュ情報(Sha256) - MALICIOUS JQUERY FILES CONTAINING THE BEACONS -

1ea22d132c1d478347d7e4e72d79bae29f18df9bec5a3016a5a9971f702a8095
b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae
b081b818e5fbd5d2741822c9e161e536a8497764fab5ac79143614bbce8308f6
d2fd448a386416fdad0059be1bb61f49e99fc76e7efbd5f5e377dbbf6e7e3599
bdbc9dc2f2812a9808357aafe908e7206c9168bc7fea761dec871926de23eec0

(以上は Talos(CISCO)の情報: 引用元は https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html )


【検索】

google: 7a5b645a6ea07f1420758515661051cff71cdb34d2df25de6a62ceb15896a1b6
google: b11dbaf0dd37dd4079bfdb0c6246e53bc75b25b3a260c380bb92fcaec30ec89b
google: aeb38a11ffc62ead9cdabba1e6aa5fce28502a361725f69586c70e16de70df2c
google: 71c88a59b16dbcf7f061d01ea2015658136a8d4af60beb01caa94eeb74c733cd
google: ab209db9694a3b69427fc5857a8a47d0822db4d8372434fc091dfc3e85510719
google: 4a6990be2d43f482fe2ab377b5e798da47ba7e02f23dfb6dba26b5011e222d25
google: 7deeb35d7e88b769d286cc7892ee5966a27c39f03c8ac12dec21733faeffa350

google: 3bb90869523233cf965cf4a171d255c891c0179afd6d28198aa2af4e934f0055
google: 570ef552b426f8337514ebdcb5935a132e5a8851a7252528c49d6d0d4aba34d9
google: 059606e707a90333528043bdefbc7a55a27205aabed0ccd46c3966c2a53eea4e
google: 1cda23e924ca606593a31ad54973266676c6540487a3baa29992c172d380bbd6
google: 23091a9383704d22468f6e54babd57e64ced344900e5d3d693daf8bf609c997b
google: a2bf84f96f8d616ea248ac8f7bbb9d31b22920be4b3991982be0a88326303470
google: 3cfbf274265860f176d6dbfad4df45a9c6953b71f9f439c87aeac36b38fde5b5
google: c31afceaef91380c658e4d77a78689cafb0f4179f3b251200e969195cbf4cf7b
google: 1c3f185951b21d35f13b2a999a5d4d6b6db8f4b913e3b198fb2c86d4cd0b7781
google: 852d4c98a786cb2b0fb10b4513163e3934b66e4d95a66de8ddcc6abc066dc61d
google: 78ff0507cac9828fb94595d702cd2c22b8bec7a57c2159b78c924c0d0d5f8ccb
google: e40bdd8ff9e6432008afd54d6d526049ac6bd925dadc2b5a38f78c96df950d1a
google: cc0787025b297ed80e322d30b655d7c84c7c3a0d18c2089b4f545a03214b7557
google: e2db20377e8cc65c4cf262df15e47fc21b9a9f83fb7931d44b8d28c6b9ffc0f1
google: a319395e6cf01edb4c6ca879f36a11f4cf33b58657de379123851c63da6a3ef4
google: bec281baf1312fd059a315d5890ac3c959909047b3473103b069e5ca2ba2fdd1
google: e9b00f6f47eb70b35713bf7afd345a197f6d290afb8d2684afd8345edc086b29
google: c9ee415401566139237b14373f6a7a36013b6af693c729b9a5c21cc40e0ad5c6
google: f9a344c251dc391c5d12e8011185fe033b5ae902c5a866ccd8d8b49881b17151
google: 3e196c77c006e299f26fb05df15644366433fceed73219e0ba6acef0b881531b
google: 5a1a9a6bfc422bd547536e340725328cb04fd72587d83f7e06682abdeddb69a7
google: 95bb65edc9e8e070680e0c85f72927a2bbb553f96fc1078d85e7df7a02c15165
google: 365af2ddad27701d9d17a069b21dc95d39a2d2c5f78bea655db9123ff05fe086
google: b9c703dba1977fb34e9f6ac49ccdd0efb752ed010939d54f30f8d91358a9214d
google: 7b0494937fd5a2bedf94999553d37e6049e45b935732a594e833078ed483a5ed
google: d6f62ce9696887693081373b87792fa53617f8412fa8e6b1a7de1a01070a9bae
google: d3f3df7cf1ece2519829ee75d29ca054e8233896b7fe50b41eaafda497ff0498
google: 82155aaf86ba3555d5e809500c67da51e1586a6a97a9755870e22900c8790019
google: b3650199d6713d669992eebb3c4f05c80a97c470596170b5be16257b73785957
google: 8f1abb122f35e66f20bd345323fb5eb8dbdbde785137c80c1e55fdaf525520bd
google: aa05a822f26a493efb27046f772790cc67cca29cd9f842b7bc6df2b391ce2ff8
google: 59fd696f95182be1a51011caec172c5461ddacd556a43c329d939842cf7e7d7f

google: 3aa06700a22808978744aa83d9e084c358517f60525c89236f142b7aa2ce0bef
google: 85e69341f2fe9b97cf0bc81dc63917e62bb17072bcd20fc6125d241623e68660
google: 3066e859109397180c63797c4b779633569ac0c88b54c7cf73752f7895f39629
google: 4260de850b4003c9d4663afea00ba57ec02761f687dba1117ded0a8b20c6b5bb
google: a657bb83fe62e4b555d20463bf090f3349e55e1560507f2197a42c2c3f152667
google: ce438b0d30dd1c221e3c7ab99585acb4254deaf68bdfb8fc73eb206d8fd04771

google: 482858b70888acf67a5c2d30ddee61ca7b57ff856feaad9a2fa2b5d4bc0bbd7d
google: 689f7d3f0def72248c4ff4b30da5022ec808a20e99b139e097c2a0d0ba5bab66
google: dbb5bba499e0ab07e545055d46acf3f78b5ed35fff83d9c88ce57c6455c02091
google: e37a0b4145f22ce7f7478918320c019a6014060cb033aafec18a8d130c4c426b
google: 4b0c2f790c7b9c84517648bb36964c859629736dab1fa5466d91bd23f69c9b55
google: c2d9bbd5163a8e733483bf5d0d4959f053a2307d275b81eb38e69d87f1f5df7e
google: a0cfec815cb74a7671265fd5e0790a2a79c05fe0ef16d2d0c87584049d06658b

google: 1ea22d132c1d478347d7e4e72d79bae29f18df9bec5a3016a5a9971f702a8095
google: b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae
google: b081b818e5fbd5d2741822c9e161e536a8497764fab5ac79143614bbce8308f6
google: d2fd448a386416fdad0059be1bb61f49e99fc76e7efbd5f5e377dbbf6e7e3599
google: bdbc9dc2f2812a9808357aafe908e7206c9168bc7fea761dec871926de23eec0


【VT検索】

https://www.virustotal.com/gui/file/7a5b645a6ea07f1420758515661051cff71cdb34d2df25de6a62ceb15896a1b6
https://www.virustotal.com/gui/file/b11dbaf0dd37dd4079bfdb0c6246e53bc75b25b3a260c380bb92fcaec30ec89b
https://www.virustotal.com/gui/file/aeb38a11ffc62ead9cdabba1e6aa5fce28502a361725f69586c70e16de70df2c
https://www.virustotal.com/gui/file/71c88a59b16dbcf7f061d01ea2015658136a8d4af60beb01caa94eeb74c733cd
https://www.virustotal.com/gui/file/ab209db9694a3b69427fc5857a8a47d0822db4d8372434fc091dfc3e85510719
https://www.virustotal.com/gui/file/4a6990be2d43f482fe2ab377b5e798da47ba7e02f23dfb6dba26b5011e222d25
https://www.virustotal.com/gui/file/7deeb35d7e88b769d286cc7892ee5966a27c39f03c8ac12dec21733faeffa350

https://www.virustotal.com/gui/file/3bb90869523233cf965cf4a171d255c891c0179afd6d28198aa2af4e934f0055
https://www.virustotal.com/gui/file/570ef552b426f8337514ebdcb5935a132e5a8851a7252528c49d6d0d4aba34d9
https://www.virustotal.com/gui/file/059606e707a90333528043bdefbc7a55a27205aabed0ccd46c3966c2a53eea4e
https://www.virustotal.com/gui/file/1cda23e924ca606593a31ad54973266676c6540487a3baa29992c172d380bbd6
https://www.virustotal.com/gui/file/23091a9383704d22468f6e54babd57e64ced344900e5d3d693daf8bf609c997b
https://www.virustotal.com/gui/file/a2bf84f96f8d616ea248ac8f7bbb9d31b22920be4b3991982be0a88326303470
https://www.virustotal.com/gui/file/3cfbf274265860f176d6dbfad4df45a9c6953b71f9f439c87aeac36b38fde5b5
https://www.virustotal.com/gui/file/c31afceaef91380c658e4d77a78689cafb0f4179f3b251200e969195cbf4cf7b
https://www.virustotal.com/gui/file/1c3f185951b21d35f13b2a999a5d4d6b6db8f4b913e3b198fb2c86d4cd0b7781
https://www.virustotal.com/gui/file/852d4c98a786cb2b0fb10b4513163e3934b66e4d95a66de8ddcc6abc066dc61d
https://www.virustotal.com/gui/file/78ff0507cac9828fb94595d702cd2c22b8bec7a57c2159b78c924c0d0d5f8ccb
https://www.virustotal.com/gui/file/e40bdd8ff9e6432008afd54d6d526049ac6bd925dadc2b5a38f78c96df950d1a
https://www.virustotal.com/gui/file/cc0787025b297ed80e322d30b655d7c84c7c3a0d18c2089b4f545a03214b7557
https://www.virustotal.com/gui/file/e2db20377e8cc65c4cf262df15e47fc21b9a9f83fb7931d44b8d28c6b9ffc0f1
https://www.virustotal.com/gui/file/a319395e6cf01edb4c6ca879f36a11f4cf33b58657de379123851c63da6a3ef4
https://www.virustotal.com/gui/file/bec281baf1312fd059a315d5890ac3c959909047b3473103b069e5ca2ba2fdd1
https://www.virustotal.com/gui/file/e9b00f6f47eb70b35713bf7afd345a197f6d290afb8d2684afd8345edc086b29
https://www.virustotal.com/gui/file/c9ee415401566139237b14373f6a7a36013b6af693c729b9a5c21cc40e0ad5c6
https://www.virustotal.com/gui/file/f9a344c251dc391c5d12e8011185fe033b5ae902c5a866ccd8d8b49881b17151
https://www.virustotal.com/gui/file/3e196c77c006e299f26fb05df15644366433fceed73219e0ba6acef0b881531b
https://www.virustotal.com/gui/file/5a1a9a6bfc422bd547536e340725328cb04fd72587d83f7e06682abdeddb69a7
https://www.virustotal.com/gui/file/95bb65edc9e8e070680e0c85f72927a2bbb553f96fc1078d85e7df7a02c15165
https://www.virustotal.com/gui/file/365af2ddad27701d9d17a069b21dc95d39a2d2c5f78bea655db9123ff05fe086
https://www.virustotal.com/gui/file/b9c703dba1977fb34e9f6ac49ccdd0efb752ed010939d54f30f8d91358a9214d
https://www.virustotal.com/gui/file/7b0494937fd5a2bedf94999553d37e6049e45b935732a594e833078ed483a5ed
https://www.virustotal.com/gui/file/d6f62ce9696887693081373b87792fa53617f8412fa8e6b1a7de1a01070a9bae
https://www.virustotal.com/gui/file/d3f3df7cf1ece2519829ee75d29ca054e8233896b7fe50b41eaafda497ff0498
https://www.virustotal.com/gui/file/82155aaf86ba3555d5e809500c67da51e1586a6a97a9755870e22900c8790019
https://www.virustotal.com/gui/file/b3650199d6713d669992eebb3c4f05c80a97c470596170b5be16257b73785957
https://www.virustotal.com/gui/file/8f1abb122f35e66f20bd345323fb5eb8dbdbde785137c80c1e55fdaf525520bd
https://www.virustotal.com/gui/file/aa05a822f26a493efb27046f772790cc67cca29cd9f842b7bc6df2b391ce2ff8
https://www.virustotal.com/gui/file/59fd696f95182be1a51011caec172c5461ddacd556a43c329d939842cf7e7d7f

https://www.virustotal.com/gui/file/3aa06700a22808978744aa83d9e084c358517f60525c89236f142b7aa2ce0bef
https://www.virustotal.com/gui/file/85e69341f2fe9b97cf0bc81dc63917e62bb17072bcd20fc6125d241623e68660
https://www.virustotal.com/gui/file/3066e859109397180c63797c4b779633569ac0c88b54c7cf73752f7895f39629
https://www.virustotal.com/gui/file/4260de850b4003c9d4663afea00ba57ec02761f687dba1117ded0a8b20c6b5bb
https://www.virustotal.com/gui/file/a657bb83fe62e4b555d20463bf090f3349e55e1560507f2197a42c2c3f152667
https://www.virustotal.com/gui/file/ce438b0d30dd1c221e3c7ab99585acb4254deaf68bdfb8fc73eb206d8fd04771

https://www.virustotal.com/gui/file/482858b70888acf67a5c2d30ddee61ca7b57ff856feaad9a2fa2b5d4bc0bbd7d
https://www.virustotal.com/gui/file/689f7d3f0def72248c4ff4b30da5022ec808a20e99b139e097c2a0d0ba5bab66
https://www.virustotal.com/gui/file/dbb5bba499e0ab07e545055d46acf3f78b5ed35fff83d9c88ce57c6455c02091
https://www.virustotal.com/gui/file/e37a0b4145f22ce7f7478918320c019a6014060cb033aafec18a8d130c4c426b
https://www.virustotal.com/gui/file/4b0c2f790c7b9c84517648bb36964c859629736dab1fa5466d91bd23f69c9b55
https://www.virustotal.com/gui/file/c2d9bbd5163a8e733483bf5d0d4959f053a2307d275b81eb38e69d87f1f5df7e
https://www.virustotal.com/gui/file/a0cfec815cb74a7671265fd5e0790a2a79c05fe0ef16d2d0c87584049d06658b

https://www.virustotal.com/gui/file/1ea22d132c1d478347d7e4e72d79bae29f18df9bec5a3016a5a9971f702a8095
https://www.virustotal.com/gui/file/b9efca96d451c0b4028b6081456c1ddd3035ab39e6a60bdd831bcf4a472a31ae
https://www.virustotal.com/gui/file/b081b818e5fbd5d2741822c9e161e536a8497764fab5ac79143614bbce8308f6
https://www.virustotal.com/gui/file/d2fd448a386416fdad0059be1bb61f49e99fc76e7efbd5f5e377dbbf6e7e3599
https://www.virustotal.com/gui/file/bdbc9dc2f2812a9808357aafe908e7206c9168bc7fea761dec871926de23eec0


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023