TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

MATA: Multi-platform targeted malware framework

【図表】

f:id:tanigawa:20200802173252p:plain
出典: https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/


【ブログ】

◆MATA: Multi-platform targeted malware framework (SecureList, 2020/07/22 10:00)

MATAマルウェアフレームワークは、ローダー、オーケストレータ、プラグインなどの複数のコンポーネントを持っています。この包括的なフレームワークは、Windows、Linux、およびmacOSオペレーティングシステムをターゲットにすることができます。最初に使用されたのは2018年4月頃

https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/


【IoC情報】

◆MATA (2020/07/22) (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2020/07/22/000000_1


【インディケータ情報】

■ハッシュ情報(Sha256) - MATA Windows Loader -

f364b46d8aafff67271d350b8271505a
85dcea03016df4880cebee9a70de0c02
1060702fe4e670eda8c0433c5966feee
7b068dfbea310962361abf4723332b3a
8e665562b9e187585a3f32923cc1f889
6cd06403f36ad20a3492060c9dc14d80
71d8b4c4411f7ffa89919a3251e6e5cb
a7bda9b5c579254114fab05ec751918c
e58cfbc6e0602681ff1841afadad4cc6
7e4e49d74b59cc9cc1471e33e50475d3
a93d1d5c2cb9c728fda3a5beaf0a0ffc
455997E42E20C8256A494FA5556F7333
7ead1fbba01a76467d63c4a216cf2902
7d80175ea344b1c849ead7ca5a82ac94
bf2765175d6fce7069cdb164603bd7dc
b5d85cfaece7da5ed20d8eb2c9fa477c
6145fa69a6e42a0bf6a8f7c12005636b
2b8ff2a971555390b37f75cb07ae84bd
1e175231206cd7f80de4f6d86399c079
65632998063ff116417b04b65fdebdfb
ab2a98d3564c6bf656b8347681ecc2be
e3dee2d65512b99a362a1dbf6726ba9c
fea3a39f97c00a6c8a589ff48bcc5a8c
2cd1f7f17153880fd80eba65b827d344
582b9801698c0c1614dbbae73c409efb
a64b3278cc8f8b75e3c86b6a1faa6686
ca250f3c7a3098964a89d879333ac7c8
ed5458de272171feee479c355ab4a9f3
f0e87707fd0462162e1aecb6b4a53a89
f1ca9c730c8b5169fe095d385bac77e7
f50a0cd229b7bf57fcbd67ccfa8a5147

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


■ハッシュ情報(Sha256) - Windows MATA -

bea49839390e4f1eb3cb38d0fcaf897e
8910bdaaa6d3d40e9f60523d3a34f914
6a066cf853fe51e3398ef773d016a4a8
228998f29864603fd4966cadd0be77fc
da50a7a05abffb806f4a60c461521f41
ec05817e19039c2f6cc2c021e2ea0016

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


■ハッシュ情報(Sha256) - Linux MATA -

859e7e9a11b37d355955f85b9a305fec
80c0efb9e129f7f9b05a783df6959812
d2f94e178c254669fb9656d5513356d2

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


■ハッシュ情報(Sha256) - Linux log collector -

982bf527b9fe16205fea606d1beed7fa

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


■ハッシュ情報(Sha256) - Open-source Linux SoCat(汎用ツール) -

e883bf5fd22eb6237eb84d80bbcf2ac9

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


■ハッシュ情報(Sha256) - Script for exploiting Atlassian Confluence Server -

a99b7ef095f44cf35453465c64f0c70c
199b4c116ac14964e9646b2f27595156

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


■ハッシュ情報(Sha256) - macOS MATA -

81f8f0526740b55fe484c42126cd8396
f05437d510287448325bac98a1378de1

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


■URL - MATA C2 -

104.232.71.7:443
107.172.197.175:443
108.170.31.81:443
111.90.146.105:443
111.90.148.132:443
172.81.132.41:443
172.93.184.62:443
172.93.201.219:443
185.62.58.207:443
192.210.239.122:443
198.180.198.6:443
209.90.234.34:443
216.244.71.233:443
23.227.199.53:443
23.227.199.69:443
23.254.119.12:443
67.43.239.146:443
68.168.123.86:443

(以上は SecureList(Kaspersky) の情報: 引用元は https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ )


【検索】

google: f364b46d8aafff67271d350b8271505a
google: 85dcea03016df4880cebee9a70de0c02
google: 1060702fe4e670eda8c0433c5966feee
google: 7b068dfbea310962361abf4723332b3a
google: 8e665562b9e187585a3f32923cc1f889
google: 6cd06403f36ad20a3492060c9dc14d80
google: 71d8b4c4411f7ffa89919a3251e6e5cb
google: a7bda9b5c579254114fab05ec751918c
google: e58cfbc6e0602681ff1841afadad4cc6
google: 7e4e49d74b59cc9cc1471e33e50475d3
google: a93d1d5c2cb9c728fda3a5beaf0a0ffc
google: 455997E42E20C8256A494FA5556F7333
google: 7ead1fbba01a76467d63c4a216cf2902
google: 7d80175ea344b1c849ead7ca5a82ac94
google: bf2765175d6fce7069cdb164603bd7dc
google: b5d85cfaece7da5ed20d8eb2c9fa477c
google: 6145fa69a6e42a0bf6a8f7c12005636b
google: 2b8ff2a971555390b37f75cb07ae84bd
google: 1e175231206cd7f80de4f6d86399c079
google: 65632998063ff116417b04b65fdebdfb
google: ab2a98d3564c6bf656b8347681ecc2be
google: e3dee2d65512b99a362a1dbf6726ba9c
google: fea3a39f97c00a6c8a589ff48bcc5a8c
google: 2cd1f7f17153880fd80eba65b827d344
google: 582b9801698c0c1614dbbae73c409efb
google: a64b3278cc8f8b75e3c86b6a1faa6686
google: ca250f3c7a3098964a89d879333ac7c8
google: ed5458de272171feee479c355ab4a9f3
google: f0e87707fd0462162e1aecb6b4a53a89
google: f1ca9c730c8b5169fe095d385bac77e7
google: f50a0cd229b7bf57fcbd67ccfa8a5147

google: bea49839390e4f1eb3cb38d0fcaf897e
google: 8910bdaaa6d3d40e9f60523d3a34f914
google: 6a066cf853fe51e3398ef773d016a4a8
google: 228998f29864603fd4966cadd0be77fc
google: da50a7a05abffb806f4a60c461521f41
google: ec05817e19039c2f6cc2c021e2ea0016

google: 859e7e9a11b37d355955f85b9a305fec
google: 80c0efb9e129f7f9b05a783df6959812
google: d2f94e178c254669fb9656d5513356d2

google: 982bf527b9fe16205fea606d1beed7fa

google: e883bf5fd22eb6237eb84d80bbcf2ac9

google: a99b7ef095f44cf35453465c64f0c70c
google: 199b4c116ac14964e9646b2f27595156

google: 81f8f0526740b55fe484c42126cd8396
google: f05437d510287448325bac98a1378de1


【VT検索】

https://www.virustotal.com/gui/file/f364b46d8aafff67271d350b8271505a
https://www.virustotal.com/gui/file/85dcea03016df4880cebee9a70de0c02
https://www.virustotal.com/gui/file/1060702fe4e670eda8c0433c5966feee
https://www.virustotal.com/gui/file/7b068dfbea310962361abf4723332b3a
https://www.virustotal.com/gui/file/8e665562b9e187585a3f32923cc1f889
https://www.virustotal.com/gui/file/6cd06403f36ad20a3492060c9dc14d80
https://www.virustotal.com/gui/file/71d8b4c4411f7ffa89919a3251e6e5cb
https://www.virustotal.com/gui/file/a7bda9b5c579254114fab05ec751918c
https://www.virustotal.com/gui/file/e58cfbc6e0602681ff1841afadad4cc6
https://www.virustotal.com/gui/file/7e4e49d74b59cc9cc1471e33e50475d3
https://www.virustotal.com/gui/file/a93d1d5c2cb9c728fda3a5beaf0a0ffc
https://www.virustotal.com/gui/file/455997E42E20C8256A494FA5556F7333
https://www.virustotal.com/gui/file/7ead1fbba01a76467d63c4a216cf2902
https://www.virustotal.com/gui/file/7d80175ea344b1c849ead7ca5a82ac94
https://www.virustotal.com/gui/file/bf2765175d6fce7069cdb164603bd7dc
https://www.virustotal.com/gui/file/b5d85cfaece7da5ed20d8eb2c9fa477c
https://www.virustotal.com/gui/file/6145fa69a6e42a0bf6a8f7c12005636b
https://www.virustotal.com/gui/file/2b8ff2a971555390b37f75cb07ae84bd
https://www.virustotal.com/gui/file/1e175231206cd7f80de4f6d86399c079
https://www.virustotal.com/gui/file/65632998063ff116417b04b65fdebdfb
https://www.virustotal.com/gui/file/ab2a98d3564c6bf656b8347681ecc2be
https://www.virustotal.com/gui/file/e3dee2d65512b99a362a1dbf6726ba9c
https://www.virustotal.com/gui/file/fea3a39f97c00a6c8a589ff48bcc5a8c
https://www.virustotal.com/gui/file/2cd1f7f17153880fd80eba65b827d344
https://www.virustotal.com/gui/file/582b9801698c0c1614dbbae73c409efb
https://www.virustotal.com/gui/file/a64b3278cc8f8b75e3c86b6a1faa6686
https://www.virustotal.com/gui/file/ca250f3c7a3098964a89d879333ac7c8
https://www.virustotal.com/gui/file/ed5458de272171feee479c355ab4a9f3
https://www.virustotal.com/gui/file/f0e87707fd0462162e1aecb6b4a53a89
https://www.virustotal.com/gui/file/f1ca9c730c8b5169fe095d385bac77e7
https://www.virustotal.com/gui/file/f50a0cd229b7bf57fcbd67ccfa8a5147

https://www.virustotal.com/gui/file/bea49839390e4f1eb3cb38d0fcaf897e
https://www.virustotal.com/gui/file/8910bdaaa6d3d40e9f60523d3a34f914
https://www.virustotal.com/gui/file/6a066cf853fe51e3398ef773d016a4a8
https://www.virustotal.com/gui/file/228998f29864603fd4966cadd0be77fc
https://www.virustotal.com/gui/file/da50a7a05abffb806f4a60c461521f41
https://www.virustotal.com/gui/file/ec05817e19039c2f6cc2c021e2ea0016

https://www.virustotal.com/gui/file/859e7e9a11b37d355955f85b9a305fec
https://www.virustotal.com/gui/file/80c0efb9e129f7f9b05a783df6959812
https://www.virustotal.com/gui/file/d2f94e178c254669fb9656d5513356d2

https://www.virustotal.com/gui/file/982bf527b9fe16205fea606d1beed7fa

https://www.virustotal.com/gui/file/e883bf5fd22eb6237eb84d80bbcf2ac9

https://www.virustotal.com/gui/file/a99b7ef095f44cf35453465c64f0c70c
https://www.virustotal.com/gui/file/199b4c116ac14964e9646b2f27595156

https://www.virustotal.com/gui/file/81f8f0526740b55fe484c42126cd8396
https://www.virustotal.com/gui/file/f05437d510287448325bac98a1378de1

https://www.virustotal.com/gui/url/79492fa1964b98d1c5ef33ff75b559357eebb0103103f70846c12cfee945c053 104.232.71.7:443
https://www.virustotal.com/gui/url/1b0a576e1aa51d87149ed0330b67951746393cae47df5993bc5b5f45cecc4510 107.172.197.175:443
https://www.virustotal.com/gui/url/996403521ec540dda1e0ebcd1e6a417e59d3fea2243d28cdfe2c635007ff49ca 108.170.31.81:443
https://www.virustotal.com/gui/url/7c403a7fca5d4ca5514bb8a96c71757664c5a9b665c5e5eee5fe7edd69db2012 111.90.146.105:443
https://www.virustotal.com/gui/url/27532d32ea8769fbb59de3320e5015260e420b937caceddad9fb3b4d8b14a2fa 111.90.148.132:443
https://www.virustotal.com/gui/url/a6d4ff266bd871261ada2005d26790ec49e3ec73d6ea7b4f3a6222ef15507fd9 172.81.132.41:443
https://www.virustotal.com/gui/url/b2625fb30cafe9b2d95a4ac645848a0c70e478e143183fedf44f0faf798cdcce 172.93.184.62:443
https://www.virustotal.com/gui/url/600c7407374f0a47609a8381e5525f2b18531ffdb6c97e1f29c2aacc190e1211 172.93.201.219:443
https://www.virustotal.com/gui/url/3cf7e869d02926d3918f30f0f058eec40d43f765d4296e282a4afbc6f7106a0d 185.62.58.207:443
https://www.virustotal.com/gui/url/c791c8095aa6605107e7370e62ccd0a6cdba1a798daa52ab574ee57b3644d3e9 192.210.239.122:443
https://www.virustotal.com/gui/url/fe170b1f231f5de8412c80361e1bc1302fafc2f45d8c1d590735829d1805bcd1 198.180.198.6:443
https://www.virustotal.com/gui/url/26cbe506dd04a6d0f005d736c428d823c84d6dea53af7f38f2e6891edb5db8ea 209.90.234.34:443
https://www.virustotal.com/gui/url/8007ad0a093aa2ba7376ec68fa62063162b0e8cd88e84a601454024661740c82 216.244.71.233:443
https://www.virustotal.com/gui/url/21df6cb73a5efbbbaed11e9715a4190c76342e9f4b2d866ba418a1d30337bfd4 23.227.199.53:443
https://www.virustotal.com/gui/url/c381f4cc9c042cdf16b46bd08b42dcbd4c518c0fbafffb9f80003a3e41ce62da 23.227.199.69:443
https://www.virustotal.com/gui/url/1bb28665e83a84f308fc2db8b6f2d04452fc9d089cea4baf791ed3080f8bf98b 67.43.239.146:443
https://www.virustotal.com/gui/url/a4c8c752c009ef9f43d736ac68e7870dd43e90d8fb233a82fb3183ee4dc41fcd 68.168.123.86:443

https://www.virustotal.com/gui/ip-address/104.232.71.7
https://www.virustotal.com/gui/ip-address/107.172.197.175
https://www.virustotal.com/gui/ip-address/108.170.31.81
https://www.virustotal.com/gui/ip-address/111.90.146.105
https://www.virustotal.com/gui/ip-address/111.90.148.132
https://www.virustotal.com/gui/ip-address/172.81.132.41
https://www.virustotal.com/gui/ip-address/172.93.184.62
https://www.virustotal.com/gui/ip-address/172.93.201.219
https://www.virustotal.com/gui/ip-address/185.62.58.207
https://www.virustotal.com/gui/ip-address/192.210.239.122
https://www.virustotal.com/gui/ip-address/198.180.198.6
https://www.virustotal.com/gui/ip-address/209.90.234.34
https://www.virustotal.com/gui/ip-address/216.244.71.233
https://www.virustotal.com/gui/ip-address/23.227.199.53
https://www.virustotal.com/gui/ip-address/23.227.199.69
https://www.virustotal.com/gui/ip-address/23.254.119.12
https://www.virustotal.com/gui/ip-address/67.43.239.146
https://www.virustotal.com/gui/ip-address/68.168.123.86


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020