【図表】
出典: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
【公開情報】
◆WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations (Symantec, 2020/06/26)
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
【IoC情報】
◆WastedLocker (2020/06/26) (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2020/06/26/000000_9
【関連まとめ記事】
◆全体まとめ
◆マルウェア / Malware (まとめ)
◆ランサムウェア (まとめ)
◆WastedLocker (まとめ)
https://malware-log.hatenablog.com/entry/WastedLocker
【インディケータ情報】
■ハッシュ情報(Sha256) - WastedLocker -
5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367
887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d
8897db876553f942b2eb4005f8475a232bafb82a50ca7761a621842e894a3d80
bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8
e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3
aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
817704ed2f654929623d9d3e4b71ce0082ef4eadb3fe2d80c726e874dc6952a3
85f391ecd480711401f6da2f371156f995dd5cff7580f37791e79e62b91fd9eb
(以上は Symnatec の情報: 引用元は https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us )
■ハッシュ情報(Sha256) - Cobalt Strike loader -
2f72550c99a297558235caa97d025054f70a276283998d9686c282612ebdbea0
389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848
3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
714e0ed61b0ae779af573dce32cbc4d70d23ca6cfe117b63f53ed3627d121feb
810576224c148d673f47409a34bd8c7f743295d536f6d8e95f22ac278852a45f
83710bbb9d8d1cf68b425f52f2fb29d5ebbbd05952b60fb3f09e609dfcf1976c
91e18e5e048b39dfc8d250ae54471249d59c637e7a85981ab0c81cf5a4b8482d
adabf8c1798432b766260ac42ccdd78e0a4712384618a2fc2e3695ff975b0246
b0354649de6183d455a454956c008eb4dec093141af5866cc9ba7b314789844d
bc1c5fecadc752001826b736810713a86cfa64979b3420ab63fe97ba7407f068
c781c56d8c8daedbed9a15fb2ece165b96fdda1a85d3beeba6bb3bc23e917c90
c7cde31daa7f5d0923f9c7591378b4992765eac12efa75c1baaaefa5f6bdb2b6
f093b0006ef5ac52aa1d51fee705aa3b7b10a6af2acb4019b7bc16da4cabb5a1
(以上は Symnatec の情報: 引用元は https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us )
■ハッシュ情報(Sha256) - SocGholish(Zip) -
d8cdf823efe1bd2ec019bd32890d40b34695cbf7ce9e0b7780e96f7d32b5b4fc
1b03c872c85b00b2ef2e2f9e5e3f85b703ee2190374d8aaba4da065f54efd21f
2334c93c4f6ae3d370a8e7ad57c72e67d950b2842360105d3074a3fdbcea6e6c
6ee2884c7dfcf85030e4c26e68b3d65a6a8dd3b502f895938fca86653bfa171e
1346085caf84eedcd8437b31b6549aa3a5f88b168efc165b67acde907d2ee691
00e55499c1fce017d25e27201f2919502797180264ef67a6bc8da2f0b6fe89ac
8f18111a4d45ecbcaa5d409afda01bff59a335f6e92895d3422f21465e6e070e
34c40cee6ec17b6b76249bea42dab11380310df0bb5f1fd687be5648025cf887
47aecefb1b8c20d1ac705581fb84331aa96bac0ba11a9dd9dcb3afe782d662d3
52a8a9afe1637e8faa39894d4b7ec8857aadec8c631469a982d5d0860a6f3511
8e8e911906e2881dab603fb446c1ca98eb989e4b1a933496b3c49e64e3d34d33
5d282476a27409c1eaa8d68f46bcc69f3027840a87a16159c25c0e49e87d8f9a
a1849335f5a9d185c514f1b963de6c9599e375046292e07feb6fec30e26a4c54
4df28f81d5c9e84d96137ff0a24c9902589af1f120742441ed49e68e601b9d87
effa6018b4d8b48e59684dc66c64a08658e118a43715f6d0902d7c83db3902c0
912c405cf9506288c18984f92d66f1fd263b999c2f4a346a8e133dcb846560f9
5eb57802b26631c22ed4ebe9f252cd22822a04a2f28a594aaf4bc4887d33caf5
d3705a1fd6c1736aeabcae24bc6d247e6bcbe2168523b9788a22714fb165bfec
d9717e971ac44f6233b3f5854f9b264040250aa39d74bfa227a4b4602b6eb832
1150850a7cc92b753cc9f51db547ea675f177ce290652368599a49cfa2826d34
cd04bf5e9383f717975e4b2e901d04782c9cab00099a5ad06a8a9429bd4cf9a5
e38ae05677ea8137a432307214816e0c17fe22e42c2c4279e89d5019a4599acd
e14257ac1f2ef19a21c7ef60c29b6dce9f63d198746d59046198fa254d9d3a54
ec1674ec04b9b12378198526546a43a19ad3720f5a57b9b420386a17cc0f8983
94e17b0d20a458b997a43d6c5aaee62454e1168080574c5e472cf152046d7540
90221dec6d92d6f76af0240d3968a8503e821955d3cc3acf30527bc8f2a65e9c
36d6f04bbb409bc6e74cf4d8bbc11f250789cb2de14e243ffe891b0f75145549
bcddb155313a76b05e4758c6071c3ff26b3c383d705c90c0015f68e7d11f504d
92b79542921cab76d001d785dceb5c4f55cfa9d3a51cbc99a3e2db1cce4892e6
b349848b0357abd4be79b456e1019305c5105892eab768b85bc89da1932f3d22
289a5876bae1f28fd3817a7fc010e2dc2205372c0eeb957dcce009fa10b57bd9
631c71d88a3d0fdfbb22ed393eddc78276c0b4abc85e2d0163b4edd603306fd6
d83a6cddf932d129f49b871d8a42f8b1a885cbdc8ae3f44b215d409d8f7eaf05
54c8ff32e714a1160235683a26bbf9cbaa267a45e20fa34544e9b9b3b2753cfc
a5d3b330150b5de4e2d484fefe7cbbcf0273aa5f043c3d54c83437785e6af1d5
61099171f2bce433e2a8cdb1d24811cc2f6c01b8d9f08f66f5023c97306aa9ca
73a3d35902745b2b3e46efa884f711f6aa490a7961105ed1d735ac0878fe8b26
【検索】
■WastedLocker
google: 5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367
google: 887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d
google: 8897db876553f942b2eb4005f8475a232bafb82a50ca7761a621842e894a3d80
google: bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8
google: e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
google: ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3
google: aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
google: 817704ed2f654929623d9d3e4b71ce0082ef4eadb3fe2d80c726e874dc6952a3
google: 85f391ecd480711401f6da2f371156f995dd5cff7580f37791e79e62b91fd9eb
■Cobalt Strike loader
google: 2f72550c99a297558235caa97d025054f70a276283998d9686c282612ebdbea0
google: 389f2000a22e839ddafb28d9cf522b0b71e303e0ae89e5fc2cd5b53ae9256848
google: 3dfb4e7ca12b7176a0cf12edce288b26a970339e6529a0b2dad7114bba0e16c3
google: 714e0ed61b0ae779af573dce32cbc4d70d23ca6cfe117b63f53ed3627d121feb
google: 810576224c148d673f47409a34bd8c7f743295d536f6d8e95f22ac278852a45f
google: 83710bbb9d8d1cf68b425f52f2fb29d5ebbbd05952b60fb3f09e609dfcf1976c
google: 91e18e5e048b39dfc8d250ae54471249d59c637e7a85981ab0c81cf5a4b8482d
google: adabf8c1798432b766260ac42ccdd78e0a4712384618a2fc2e3695ff975b0246
google: b0354649de6183d455a454956c008eb4dec093141af5866cc9ba7b314789844d
google: bc1c5fecadc752001826b736810713a86cfa64979b3420ab63fe97ba7407f068
google: c781c56d8c8daedbed9a15fb2ece165b96fdda1a85d3beeba6bb3bc23e917c90
google: c7cde31daa7f5d0923f9c7591378b4992765eac12efa75c1baaaefa5f6bdb2b6
google: f093b0006ef5ac52aa1d51fee705aa3b7b10a6af2acb4019b7bc16da4cabb5a1
■SocGholish(Zip)
google: d8cdf823efe1bd2ec019bd32890d40b34695cbf7ce9e0b7780e96f7d32b5b4fc
google: 1b03c872c85b00b2ef2e2f9e5e3f85b703ee2190374d8aaba4da065f54efd21f
google: 2334c93c4f6ae3d370a8e7ad57c72e67d950b2842360105d3074a3fdbcea6e6c
google: 6ee2884c7dfcf85030e4c26e68b3d65a6a8dd3b502f895938fca86653bfa171e
google: 1346085caf84eedcd8437b31b6549aa3a5f88b168efc165b67acde907d2ee691
google: 00e55499c1fce017d25e27201f2919502797180264ef67a6bc8da2f0b6fe89ac
google: 8f18111a4d45ecbcaa5d409afda01bff59a335f6e92895d3422f21465e6e070e
google: 34c40cee6ec17b6b76249bea42dab11380310df0bb5f1fd687be5648025cf887
google: 47aecefb1b8c20d1ac705581fb84331aa96bac0ba11a9dd9dcb3afe782d662d3
google: 52a8a9afe1637e8faa39894d4b7ec8857aadec8c631469a982d5d0860a6f3511
google: 8e8e911906e2881dab603fb446c1ca98eb989e4b1a933496b3c49e64e3d34d33
google: 5d282476a27409c1eaa8d68f46bcc69f3027840a87a16159c25c0e49e87d8f9a
google: a1849335f5a9d185c514f1b963de6c9599e375046292e07feb6fec30e26a4c54
google: 4df28f81d5c9e84d96137ff0a24c9902589af1f120742441ed49e68e601b9d87
google: effa6018b4d8b48e59684dc66c64a08658e118a43715f6d0902d7c83db3902c0
google: 912c405cf9506288c18984f92d66f1fd263b999c2f4a346a8e133dcb846560f9
google: 5eb57802b26631c22ed4ebe9f252cd22822a04a2f28a594aaf4bc4887d33caf5
google: d3705a1fd6c1736aeabcae24bc6d247e6bcbe2168523b9788a22714fb165bfec
google: d9717e971ac44f6233b3f5854f9b264040250aa39d74bfa227a4b4602b6eb832
google: 1150850a7cc92b753cc9f51db547ea675f177ce290652368599a49cfa2826d34
google: cd04bf5e9383f717975e4b2e901d04782c9cab00099a5ad06a8a9429bd4cf9a5
google: e38ae05677ea8137a432307214816e0c17fe22e42c2c4279e89d5019a4599acd
google: e14257ac1f2ef19a21c7ef60c29b6dce9f63d198746d59046198fa254d9d3a54
google: ec1674ec04b9b12378198526546a43a19ad3720f5a57b9b420386a17cc0f8983
google: 94e17b0d20a458b997a43d6c5aaee62454e1168080574c5e472cf152046d7540
google: 90221dec6d92d6f76af0240d3968a8503e821955d3cc3acf30527bc8f2a65e9c
google: 36d6f04bbb409bc6e74cf4d8bbc11f250789cb2de14e243ffe891b0f75145549
google: bcddb155313a76b05e4758c6071c3ff26b3c383d705c90c0015f68e7d11f504d
google: 92b79542921cab76d001d785dceb5c4f55cfa9d3a51cbc99a3e2db1cce4892e6
google: b349848b0357abd4be79b456e1019305c5105892eab768b85bc89da1932f3d22
google: 289a5876bae1f28fd3817a7fc010e2dc2205372c0eeb957dcce009fa10b57bd9
google: 631c71d88a3d0fdfbb22ed393eddc78276c0b4abc85e2d0163b4edd603306fd6
google: d83a6cddf932d129f49b871d8a42f8b1a885cbdc8ae3f44b215d409d8f7eaf05
google: 54c8ff32e714a1160235683a26bbf9cbaa267a45e20fa34544e9b9b3b2753cfc
google: a5d3b330150b5de4e2d484fefe7cbbcf0273aa5f043c3d54c83437785e6af1d5
google: 61099171f2bce433e2a8cdb1d24811cc2f6c01b8d9f08f66f5023c97306aa9ca
google: 73a3d35902745b2b3e46efa884f711f6aa490a7961105ed1d735ac0878fe8b26
【VT検索】
https://www.virustotal.com/gui/file/5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367
https://www.virustotal.com/gui/file/887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d
https://www.virustotal.com/gui/file/8897db876553f942b2eb4005f8475a232bafb82a50ca7761a621842e894a3d80
https://www.virustotal.com/gui/file/bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8
https://www.virustotal.com/gui/file/e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
https://www.virustotal.com/gui/file/ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3
https://www.virustotal.com/gui/file/aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
https://www.virustotal.com/gui/file/817704ed2f654929623d9d3e4b71ce0082ef4eadb3fe2d80c726e874dc6952a3
https://www.virustotal.com/gui/file/85f391ecd480711401f6da2f371156f995dd5cff7580f37791e79e62b91fd9eb
