TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign

【図表】

f:id:tanigawa:20210105202618p:plain
出典: https://malware-log.hatenablog.com/entry/2021/01/05/000000_1


【ブログ】

◆Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign (Symantec, 2020/11/17)
[日系組織を標的とした長期にわたる巧妙な攻撃キャンペーン]

Evidence that advanced persistent threat group Cicada is behind attack campaign targeting companies in 17 regions and multiple sectors.
[先進的な永続的脅威グループ「Cicada」が、17の地域と複数のセクターの企業を標的とした攻撃キャンペーンの背後にいることを示す証拠]

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage


【IoC情報】

◆APT10 (2020/11/17)
https://ioc.hatenablog.com/entry/2020/11/17/000000


【関連情報】

◆中国政府とつながるハッカー集団が日本企業を標的に大規模なハッキング攻撃を仕掛けているとの報告 (Gigazine, 2020/11/20 20:00)
https://gigazine.net/news/20201120-japan-targeted-china-state-funded-hack/
https://malware-log.hatenablog.com/entry/2020/11/20/000000


【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)
  ◆標的型攻撃組織 / APT (まとめ)

◆APT10 / MenuPass (まとめ)
https://malware-log.hatenablog.com/entry/APT10


【インディケータ情報】

■ハッシュ情報(Sha256) - APT10 -

8b6ad87e408e38fc1db868da6e643f616dac59fbae08382c4a7dd4ea119ea057
d5e38ac1187c607e701f506c4015bde94be6c485d566d004d810d7565c188743
26460aa2df29f766cb5712ebca44cb3365ebfdb5cae0b2ec36ef1e3568911d6a
cdec58a57381bb8c1e374efb0bf1897d89d1e096d2b704820893859d9f08d086
ea9d994de91389280b334f2af991baa49ca613a6bf898d7bb25f88cc66488f5c
3f5b623222c755d59052fab9e096c9d2b9a47d06b3a5de62fb9a66750af4efc4
27873e3d4ec3a0e7d66bee8bda4d65cc8fcefbdca2c8d5c049372a63ff0bc2ed
cf3ae16b01f7eb129e0e7387ac7feb61ecfce5db0d7494b3962c02c681f504d4
578ea26729b43fd976365a6700c80950e0b71a39e67bfff715423d60ae6bfab9
03ab1588acaabdb509e9db7cfe1e60522bc8baa13bbd35160b4bde7d1b6402ef
4a08eb0eb1f4ebb54bceabbebcb7da48238f0278ae5421326ee65ec7951e4239

(以上は Bloadcom の情報: 引用元は https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage )


■IPアドレス情報 - APT10 -

178.73.210.238
188.119.112.225
213.252.246.245
45.14.224.93
45.67.230.134
81.7.7.159
95.179.143.32

(以上は Bloadcom の情報: 引用元は https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage )


【検索】

google: 8b6ad87e408e38fc1db868da6e643f616dac59fbae08382c4a7dd4ea119ea057
google: d5e38ac1187c607e701f506c4015bde94be6c485d566d004d810d7565c188743
google: 26460aa2df29f766cb5712ebca44cb3365ebfdb5cae0b2ec36ef1e3568911d6a
google: cdec58a57381bb8c1e374efb0bf1897d89d1e096d2b704820893859d9f08d086
google: ea9d994de91389280b334f2af991baa49ca613a6bf898d7bb25f88cc66488f5c
google: 3f5b623222c755d59052fab9e096c9d2b9a47d06b3a5de62fb9a66750af4efc4
google: 27873e3d4ec3a0e7d66bee8bda4d65cc8fcefbdca2c8d5c049372a63ff0bc2ed
google: cf3ae16b01f7eb129e0e7387ac7feb61ecfce5db0d7494b3962c02c681f504d4
google: 578ea26729b43fd976365a6700c80950e0b71a39e67bfff715423d60ae6bfab9
google: 03ab1588acaabdb509e9db7cfe1e60522bc8baa13bbd35160b4bde7d1b6402ef
google: 4a08eb0eb1f4ebb54bceabbebcb7da48238f0278ae5421326ee65ec7951e4239


【VT検索】

https://www.virustotal.com/gui/file/8b6ad87e408e38fc1db868da6e643f616dac59fbae08382c4a7dd4ea119ea057
https://www.virustotal.com/gui/file/d5e38ac1187c607e701f506c4015bde94be6c485d566d004d810d7565c188743
https://www.virustotal.com/gui/file/26460aa2df29f766cb5712ebca44cb3365ebfdb5cae0b2ec36ef1e3568911d6a
https://www.virustotal.com/gui/file/cdec58a57381bb8c1e374efb0bf1897d89d1e096d2b704820893859d9f08d086
https://www.virustotal.com/gui/file/ea9d994de91389280b334f2af991baa49ca613a6bf898d7bb25f88cc66488f5c
https://www.virustotal.com/gui/file/3f5b623222c755d59052fab9e096c9d2b9a47d06b3a5de62fb9a66750af4efc4
https://www.virustotal.com/gui/file/27873e3d4ec3a0e7d66bee8bda4d65cc8fcefbdca2c8d5c049372a63ff0bc2ed
https://www.virustotal.com/gui/file/cf3ae16b01f7eb129e0e7387ac7feb61ecfce5db0d7494b3962c02c681f504d4
https://www.virustotal.com/gui/file/578ea26729b43fd976365a6700c80950e0b71a39e67bfff715423d60ae6bfab9
https://www.virustotal.com/gui/file/03ab1588acaabdb509e9db7cfe1e60522bc8baa13bbd35160b4bde7d1b6402ef
https://www.virustotal.com/gui/file/4a08eb0eb1f4ebb54bceabbebcb7da48238f0278ae5421326ee65ec7951e4239

https://www.virustotal.com/gui/ip-address/178.73.210.238
https://www.virustotal.com/gui/ip-address/188.119.112.225
https://www.virustotal.com/gui/ip-address/213.252.246.245
https://www.virustotal.com/gui/ip-address/45.14.224.93
https://www.virustotal.com/gui/ip-address/45.67.230.134
https://www.virustotal.com/gui/ip-address/81.7.7.159
https://www.virustotal.com/gui/ip-address/95.179.143.32


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020