TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

カザフスタンとキルギスの国家機関に対するAPT攻撃に関する調査報告

【公開情報】

◆カザフスタンとキルギスの国家機関に対するAPT攻撃に関する調査報告 (Dr.Web, 2020/07/29)
https://news.drweb.co.jp/show/?i=13907&lng=ja


【資料】

◆Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan (Dr.Web, 2020/07/29)
https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf


【関連情報】

◆カザフスタンとキルギスの国家機関に対するAPT攻撃に関する調査報告 (ZDNet, 2020/08/05 09:00)
https://japan.zdnet.com/release/30464977/
https://malware-log.hatenablog.com/entry/2020/08/05/000000


【IoC情報】

◆カザフスタンとキルギスの国家機関に対するAPT攻撃 (2020/07/29) (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2020/07/29/000000_1


【インディケータ情報】

■ハッシュ情報(Sha1) - Exploit.RTF -

a707de5a277573b8080e2147bd99ec1015cf56c5

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - BackDoor.Apper -

48944207135ffbf0a3edf158e5fe96888a52fada
23dbe50d3484ba906a2fd4b7944d62fb4da42f95
5b041bce8559334dc9e819c72da9ff888d7e39c9

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - BackDoor.CmdUdp -

314b259739f4660e89221fa2e8990139a84611a9

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - BackDoor.Logtu -

7797107eb4a9a9e4359413c15999603fa27714b3

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - BackDoor.Mikroceen -

2930efc03e958479568e7930f269efb1e2bcea5a
56000aa9a70ff3c546dab3c2a3b19021636b3b9c
e98f3b43ab262f4c4e148e659cc615a0612d755f

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - BackDoor.PlugX -

b03c98a9539d4cbb17f2efc118c4b57882b96d93
b7eac081c814451791f0cd169d0c6a525a05194d
9a2d98321356ad58ea6c8a7796fd576e76237bd1
ec548ba0ec9d2452c30e9ef839eb6582a4b685c8
7bcb10f1ed9b41abbbe468d177cd46991c224315
d52152661c836e76bebd46046ba3f877c5d381d8
1ba85de14f85389bf3194acea865f4c819d7b602
8d5e7d389191a3de73350d444c3989857077f629
aa0e7101b1663c23f980598ca3d821d7b6ea342d
84c34167a696533cc7eddb5409739edd9af232ed
2c51147b271d691f0ab040f62c821246604d3d81
2e2919ce6f643d73ff588bccdc7da5d74c611b2c
6fc2e76a0d79cc2a78a8d73f63d2fc433ede8bd5
e6381d09cdf15973f952430e70547d0b88bb1248
f6bf976a2fdef5a5a44c60cbfb0c8fcbdc0bae02

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - BackDoor.Whitebird -

e70a5ce00b3920d83810496eab6b0d028c5f746e
c47883f01e51a371815fc86f2adbfb16ffb3cb8a
6fc2e76a0d79cc2a78a8d73f63d2fc433ede8bd5

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - BackDoor.Zhengxianma -

cce4ba074aa690fc0e188c34f3afff402602921a

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - Trojan.Mirage -

34085c6d935c4df7ce7f80297b0c14a8d3b436d8
f5fe30ee6e2de828c7a6eecbb7f874dc35d31f43
c4ef5981bee97c78d29fb245d84146a5db710782
d4558761c52027bf52aa9829bbb44fe12920381d

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - Trojan.Misics -

c90ade97ec1c6937aedeced45fd643424889d298
5b8f28a5986612a41a34cb627864db80b8c4b097

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - Trojan.XPath -

3e1d66ea09b7c4dbe3c6ffe58262713806564c17
b6fba9877ad79ce864d75b91677156a33a59399e
8cc16ad99b40ff76ae68d7b3284568521e6413d9
5c21ce425ff906920955e13a438f64f578635c8f
e4e365cc14eeeba5921d385b991e22dea48a1d75
b07568ef80462faac7da92f4556d5b50591ca28d
fc4844a6f9b5c76abc1ec50b93597c5cfde46075
2bf5cfe30265a99c13f5adad7dd17ccb9db272e0

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - Tool.Proxy -

a1c6958372cd229b8a75a09bdff8d72959bb6053
30debaf4ec160c00958470d9b295247c86595067

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - Tool.Scanner -

05a2b543b5a3a941c7ad9e6bff2a101dc2222cb2

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha1) - Tool.WmiExec -

8675e4c54a35b64e6fee3d8d7ad500f618e1aac9

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■FQDN

tv.teldcomtv.com
dns03.cainformations.com
www.sultris.com
kkkfaster.jumpingcrab.com
www.pneword.net
v.nnncity.xyz
nicodonald.accesscam.org

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


■ハッシュ情報(Sha256) --

45.32.184.101
45.63.114.127
45.77.234.118
45.251.241.26
46.105.227.110
46.166.129.241
103.93.76.27
104.194.215.199
114.116.8.198
116.206.94.68
137.175.79.212
142.252.249.25
202.74.232.2

(以上は Dr.Web の情報: 引用元は https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf )


【検索】

■Exploit.RTF

google: a707de5a277573b8080e2147bd99ec1015cf56c5


■BackDoor.Apper

google: 48944207135ffbf0a3edf158e5fe96888a52fada
google: 23dbe50d3484ba906a2fd4b7944d62fb4da42f95
google: 5b041bce8559334dc9e819c72da9ff888d7e39c9


■BackDoor.CmdUdp

google: 314b259739f4660e89221fa2e8990139a84611a9


■BackDoor.Logtu

google: 7797107eb4a9a9e4359413c15999603fa27714b3


■BackDoor.Mikroceen

google: 2930efc03e958479568e7930f269efb1e2bcea5a
google: 56000aa9a70ff3c546dab3c2a3b19021636b3b9c
google: e98f3b43ab262f4c4e148e659cc615a0612d755f


■BackDoor.PlugX

google: b03c98a9539d4cbb17f2efc118c4b57882b96d93
google: b7eac081c814451791f0cd169d0c6a525a05194d
google: 9a2d98321356ad58ea6c8a7796fd576e76237bd1
google: ec548ba0ec9d2452c30e9ef839eb6582a4b685c8
google: 7bcb10f1ed9b41abbbe468d177cd46991c224315
google: d52152661c836e76bebd46046ba3f877c5d381d8
google: 1ba85de14f85389bf3194acea865f4c819d7b602
google: 8d5e7d389191a3de73350d444c3989857077f629
google: aa0e7101b1663c23f980598ca3d821d7b6ea342d
google: 84c34167a696533cc7eddb5409739edd9af232ed
google: 2c51147b271d691f0ab040f62c821246604d3d81
google: 2e2919ce6f643d73ff588bccdc7da5d74c611b2c
google: 6fc2e76a0d79cc2a78a8d73f63d2fc433ede8bd5
google: e6381d09cdf15973f952430e70547d0b88bb1248
google: f6bf976a2fdef5a5a44c60cbfb0c8fcbdc0bae02


■BackDoor.Whitebird

google: e70a5ce00b3920d83810496eab6b0d028c5f746e
google: c47883f01e51a371815fc86f2adbfb16ffb3cb8a
google: 6fc2e76a0d79cc2a78a8d73f63d2fc433ede8bd5


■BackDoor.Zhengxianma

google: cce4ba074aa690fc0e188c34f3afff402602921a


■ハTrojan.Mirage

google: 34085c6d935c4df7ce7f80297b0c14a8d3b436d8
google: f5fe30ee6e2de828c7a6eecbb7f874dc35d31f43
google: c4ef5981bee97c78d29fb245d84146a5db710782
google: d4558761c52027bf52aa9829bbb44fe12920381d


■Trojan.Misics

google: c90ade97ec1c6937aedeced45fd643424889d298
google: 5b8f28a5986612a41a34cb627864db80b8c4b097


■Trojan.XPath

google: 3e1d66ea09b7c4dbe3c6ffe58262713806564c17
google: b6fba9877ad79ce864d75b91677156a33a59399e
google: 8cc16ad99b40ff76ae68d7b3284568521e6413d9
google: 5c21ce425ff906920955e13a438f64f578635c8f
google: e4e365cc14eeeba5921d385b991e22dea48a1d75
google: b07568ef80462faac7da92f4556d5b50591ca28d
google: fc4844a6f9b5c76abc1ec50b93597c5cfde46075
google: 2bf5cfe30265a99c13f5adad7dd17ccb9db272e0


■Tool.Proxy

google: a1c6958372cd229b8a75a09bdff8d72959bb6053
google: 30debaf4ec160c00958470d9b295247c86595067


■Tool.Scanner

google: 05a2b543b5a3a941c7ad9e6bff2a101dc2222cb2


■Tool.WmiExec

google: 8675e4c54a35b64e6fee3d8d7ad500f618e1aac9


■FQDN

google: "tv.teldcomtv.com"
google: "dns03.cainformations.com"
google: "www.sultris.com"
google: "kkkfaster.jumpingcrab.com"
google: "www.pneword.net"
google: "v.nnncity.xyz"
google: "nicodonald.accesscam.org"


■IPアドレス

google: "45.32.184.101"
google: "45.63.114.127"
google: "45.77.234.118"
google: "45.251.241.26"
google: "46.105.227.110"
google: "46.166.129.241"
google: "103.93.76.27"
google: "104.194.215.199"
google: "114.116.8.198"
google: "116.206.94.68"
google: "137.175.79.212"
google: "142.252.249.25"
google: "202.74.232.2"


【VT検索】

■Exploit.RTF

https://www.virustotal.com/gui/file/a707de5a277573b8080e2147bd99ec1015cf56c5


■BackDoor.Apper

https://www.virustotal.com/gui/file/48944207135ffbf0a3edf158e5fe96888a52fada
https://www.virustotal.com/gui/file/23dbe50d3484ba906a2fd4b7944d62fb4da42f95
https://www.virustotal.com/gui/file/5b041bce8559334dc9e819c72da9ff888d7e39c9


■BackDoor.CmdUdp

https://www.virustotal.com/gui/file/314b259739f4660e89221fa2e8990139a84611a9


■BackDoor.Logtu

https://www.virustotal.com/gui/file/7797107eb4a9a9e4359413c15999603fa27714b3


■BackDoor.Mikroceen

https://www.virustotal.com/gui/file/2930efc03e958479568e7930f269efb1e2bcea5a
https://www.virustotal.com/gui/file/56000aa9a70ff3c546dab3c2a3b19021636b3b9c
https://www.virustotal.com/gui/file/e98f3b43ab262f4c4e148e659cc615a0612d755f


■BackDoor.PlugX

https://www.virustotal.com/gui/file/b03c98a9539d4cbb17f2efc118c4b57882b96d93
https://www.virustotal.com/gui/file/b7eac081c814451791f0cd169d0c6a525a05194d
https://www.virustotal.com/gui/file/9a2d98321356ad58ea6c8a7796fd576e76237bd1
https://www.virustotal.com/gui/file/ec548ba0ec9d2452c30e9ef839eb6582a4b685c8
https://www.virustotal.com/gui/file/7bcb10f1ed9b41abbbe468d177cd46991c224315
https://www.virustotal.com/gui/file/d52152661c836e76bebd46046ba3f877c5d381d8
https://www.virustotal.com/gui/file/1ba85de14f85389bf3194acea865f4c819d7b602
https://www.virustotal.com/gui/file/8d5e7d389191a3de73350d444c3989857077f629
https://www.virustotal.com/gui/file/aa0e7101b1663c23f980598ca3d821d7b6ea342d
https://www.virustotal.com/gui/file/84c34167a696533cc7eddb5409739edd9af232ed
https://www.virustotal.com/gui/file/2c51147b271d691f0ab040f62c821246604d3d81
https://www.virustotal.com/gui/file/2e2919ce6f643d73ff588bccdc7da5d74c611b2c
https://www.virustotal.com/gui/file/6fc2e76a0d79cc2a78a8d73f63d2fc433ede8bd5
https://www.virustotal.com/gui/file/e6381d09cdf15973f952430e70547d0b88bb1248
https://www.virustotal.com/gui/file/f6bf976a2fdef5a5a44c60cbfb0c8fcbdc0bae02


■BackDoor.Whitebird

https://www.virustotal.com/gui/file/e70a5ce00b3920d83810496eab6b0d028c5f746e
https://www.virustotal.com/gui/file/c47883f01e51a371815fc86f2adbfb16ffb3cb8a
https://www.virustotal.com/gui/file/6fc2e76a0d79cc2a78a8d73f63d2fc433ede8bd5


■BackDoor.Zhengxianma

https://www.virustotal.com/gui/file/cce4ba074aa690fc0e188c34f3afff402602921a


■ハTrojan.Mirage

https://www.virustotal.com/gui/file/34085c6d935c4df7ce7f80297b0c14a8d3b436d8
https://www.virustotal.com/gui/file/f5fe30ee6e2de828c7a6eecbb7f874dc35d31f43
https://www.virustotal.com/gui/file/c4ef5981bee97c78d29fb245d84146a5db710782
https://www.virustotal.com/gui/file/d4558761c52027bf52aa9829bbb44fe12920381d


■Trojan.Misics

https://www.virustotal.com/gui/file/c90ade97ec1c6937aedeced45fd643424889d298
https://www.virustotal.com/gui/file/5b8f28a5986612a41a34cb627864db80b8c4b097


■Trojan.XPath

https://www.virustotal.com/gui/file/3e1d66ea09b7c4dbe3c6ffe58262713806564c17
https://www.virustotal.com/gui/file/b6fba9877ad79ce864d75b91677156a33a59399e
https://www.virustotal.com/gui/file/8cc16ad99b40ff76ae68d7b3284568521e6413d9
https://www.virustotal.com/gui/file/5c21ce425ff906920955e13a438f64f578635c8f
https://www.virustotal.com/gui/file/e4e365cc14eeeba5921d385b991e22dea48a1d75
https://www.virustotal.com/gui/file/b07568ef80462faac7da92f4556d5b50591ca28d
https://www.virustotal.com/gui/file/fc4844a6f9b5c76abc1ec50b93597c5cfde46075
https://www.virustotal.com/gui/file/2bf5cfe30265a99c13f5adad7dd17ccb9db272e0


■Tool.Proxy

https://www.virustotal.com/gui/file/a1c6958372cd229b8a75a09bdff8d72959bb6053
https://www.virustotal.com/gui/file/30debaf4ec160c00958470d9b295247c86595067


■Tool.Scanner

https://www.virustotal.com/gui/file/05a2b543b5a3a941c7ad9e6bff2a101dc2222cb2


■Tool.WmiExec

https://www.virustotal.com/gui/file/8675e4c54a35b64e6fee3d8d7ad500f618e1aac9


■FQDN

https://www.virustotal.com/gui/domain/tv.teldcomtv.com
https://www.virustotal.com/gui/domain/dns03.cainformations.com
https://www.virustotal.com/gui/domain/www.sultris.com
https://www.virustotal.com/gui/domain/kkkfaster.jumpingcrab.com
https://www.virustotal.com/gui/domain/www.pneword.net
https://www.virustotal.com/gui/domain/v.nnncity.xyz
https://www.virustotal.com/gui/domain/nicodonald.accesscam.org


■IPアドレス

https://www.virustotal.com/gui/ip-address/45.32.184.101
https://www.virustotal.com/gui/ip-address/45.63.114.127
https://www.virustotal.com/gui/ip-address/45.77.234.118
https://www.virustotal.com/gui/ip-address/45.251.241.26
https://www.virustotal.com/gui/ip-address/46.105.227.110
https://www.virustotal.com/gui/ip-address/46.166.129.241
https://www.virustotal.com/gui/ip-address/103.93.76.27
https://www.virustotal.com/gui/ip-address/104.194.215.199
https://www.virustotal.com/gui/ip-address/114.116.8.198
https://www.virustotal.com/gui/ip-address/116.206.94.68
https://www.virustotal.com/gui/ip-address/137.175.79.212
https://www.virustotal.com/gui/ip-address/142.252.249.25
https://www.virustotal.com/gui/ip-address/202.74.232.2


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020