TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Dark Halo Leverages SolarWinds Compromise to Breach Organizations

【ブログ】

◆Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity, 2020/12/14)
[Dark Halo、SolarWindsの妥協を利用して組織に侵入]
https://www.volexity.com/blog/tag/darkhalo/


【インディケータ情報】

■IPアドレス

13.57.184.217
13.59.205.66
18.217.225.111
18.220.219.143
196.203.11.89
3.16.81.254
3.87.182.149
3.87.182.149
34.219.234.134
54.193.127.66
54.215.192.52


■URL

deftsecurity [.] com digitalcollege.org
freescanonline [.] com
globalnetworkissues [.] com
kubecloud [.] com
seobundlekit [.] com
solartrackingsystem [.] net
thedoccloud [.] com
virtualwebdata [.]com


■PowerShell コマンド

Get-AcceptedDomain
Get-CASMailbox
Get-Mailbox
Get-ManagementRoleAssignment
Get-OrganizationConfig
Get-OwaVirtualDirectory
Get-Process
Get-WebServicesVirtualDirectory
New-MailboxExportRequest
Remove-MailboxExportRequest
Set-CASMailbox


■DGA ドメイン

184.72.1.3
184.72.101.22
184.72.113.55
184.72.145.34
184.72.209.33
184.72.21.54
184.72.212.52
184.72.224.3
184.72.229.1
184.72.240.3
184.72.245.1
184.72.48.22
20.141.48.154
8.18.144.11
8.18.144.12
8.18.144.130
8.18.144.135
8.18.144.136
8.18.144.149
8.18.144.156
8.18.144.158
8.18.144.165
8.18.144.170
8.18.144.180
8.18.144.188
8.18.144.20
8.18.144.40
8.18.144.44
8.18.144.62
8.18.144.9
8.18.145.131
8.18.145.134
8.18.145.136
8.18.145.139
8.18.145.150
8.18.145.157
8.18.145.181
8.18.145.21
8.18.145.3
8.18.145.33
8.18.145.36


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020