【ブログ】
◆Microsoft Exchangeのゼロデイ脆弱性の悪用への検知と対応 (FireEye, 2021/03/08)
https://www.fireeye.jp/blog/jp-threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html
【関連まとめ記事】
◆全体まとめ
◆インシデント (まとめ)
◆標的型攻撃のインシデント (まとめ)
◆Exchange Server への大規模サイバー攻撃 (まとめ)
https://malware-log.hatenablog.com/entry/Exchange_Server_202103
【インディケータ情報】
■ハッシュ情報(MD5) - Exchange Server の脆弱性 -
4b3039cf227c611c45d2242d1228a121
0fd9bffa49c76ee12e51e3b8ae0609ac
79eb217578bed4c250803bd573b10151
(以上は FireEye の情報: 引用元は https://www.fireeye.jp/blog/jp-threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html )
■IPアドレス情報 - Exchange Server の脆弱性 -
165.232.154.116
182.18.152.105
89.34.111.11
86.105.18.116
(以上は FireEye の情報: 引用元は https://www.fireeye.jp/blog/jp-threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html )
【検索】
google: 4b3039cf227c611c45d2242d1228a121
google: 0fd9bffa49c76ee12e51e3b8ae0609ac
google: 79eb217578bed4c250803bd573b10151
google: 165.232.154.116
google: 182.18.152.105
google: 89.34.111.11
google: 86.105.18.116
【VT検索】
https://www.virustotal.com/gui/file/4b3039cf227c611c45d2242d1228a121
https://www.virustotal.com/gui/file/0fd9bffa49c76ee12e51e3b8ae0609ac
https://www.virustotal.com/gui/file/79eb217578bed4c250803bd573b10151
https://www.virustotal.com/gui/ip-address/165.232.154.116
https://www.virustotal.com/gui/ip-address/182.18.152.105
https://www.virustotal.com/gui/ip-address/89.34.111.11
https://www.virustotal.com/gui/ip-address/86.105.18.116