TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

トップ > アプリ: Exchange Server > Exchange servers under siege from at least 10 APT groups

Exchange servers under siege from at least 10 APT groups

アプリ: Exchange Server 脆弱性: ProxyLogon / ProxyLogin 攻撃組織: Hafnium / ハフニウム 攻撃組織: Tick / Bronze Butler / NCPH / RedBaldKnight / The Bald Knight Rises 攻撃組織: Calypso 攻撃組織: Websiic 攻撃組織: Winnti / Blackfly / Suckfly / Wicked Panda / Wicked Spider / APT41 / Barium 攻撃組織: Tonto Team 攻撃組織: Mikroceen / SixLittleMonkeys 攻撃組織: APT27 / Emissary Panda / Bronze Union / TG-3390 / ZipToken / ARCHERFISH / Iron Tiger Malware: Owlproxy

【ブログ】

◆Exchange servers under siege from at least 10 APT groups (WeLiveSecurity, 2021/03/10 14:00)
[少なくとも10のAPTグループから四面楚歌のExchangeサーバー]

ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world
[ESETリサーチによると、LuckyMouse、Tick、Winnti Group、Calypsoなどが、最近のMicrosoft Exchangeの脆弱性を利用して世界中のメールサーバーを危険にさらしている可能性が高いことがわかりました]

https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/


【関連まとめ記事】

全体まとめ
 ◆インシデント (まとめ)
  ◆標的型攻撃のインシデント (まとめ)

◆Exchange Server への大規模サイバー攻撃 (まとめ)
https://malware-log.hatenablog.com/entry/Exchange_Server_202103


【関連まとめ記事】

 ◆攻撃組織 / Actor (まとめ)
  ◆標的型攻撃組織 / APT (まとめ)

◆Mikroceen (まとめ)
https://malware-log.hatenablog.com/entry/Mikroceen

◆APT27 (まとめ)
https://malware-log.hatenablog.com/entry/APT27

◆Tonto Team (まとめ)
https://malware-log.hatenablog.com/entry/Tonto_Team


【インディケータ情報】

■ハッシュ情報(Sha1) - ProxyLogon を狙ったマルウェア-

30DD3076EC9ABB13C15053234C436406B88FB2B9
EB8D39CE08B32A07B7D847F6C29F4471CD8264F2
4F0EA31A363CFE0D2BBB4A0B4C5D558A87D8683E
2075D8E39B7D389F92FD97D97C41939F64822361
02886F9DAA13F7D9855855048C54F1D6B1231B0A
123CF9013FA73C4E1F8F68905630C8B5B481FCE7
B873C80562A0D4C3D0F8507B7B8EC82C4DF9FB07
59C507BCBEFCA2E894471EFBCD40B5AAD5BC4AC8
3D5D32A62F770608B6567EC5D18424C24C3F5798
AF421B1F5A08499E130D24F448F6D79F7C76AF2B
1DE8CBBF399CBC668B6DD6927CFEE06A7281CDA4
B8D7B850DC185160A24A3EE43606A9EF41D60E80
33C7C049967F21DA0F1431A2D134F4F1DE9EC27E
A0B86104E2D00B3E52BDA5808CCEED9842CE2CEA
281FA52B967B08DBC1B51BAFBFBF7A258FF12E54
46F44B1760FF1DBAB6AAD44DEB1D68BEE0E714EA
195FC90AEE3917C94730888986E34A195C12EA78
20546C5A38191D1080B4EE8ADF1E54876BEDFB9E
84F4AEAB426CE01334FD2DA3A11D981F6D9DCABB
9AFA2AFB838CAF2748D09D013D8004809D48D3E4
3ED18FBE06D6EF2C8332DB70A3221A00F7251D55
AA9BA493CB9E9FA6F9599C513EDBCBEE84ECECD6

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/ )


【検索】

google: 30DD3076EC9ABB13C15053234C436406B88FB2B9
google: EB8D39CE08B32A07B7D847F6C29F4471CD8264F2
google: 4F0EA31A363CFE0D2BBB4A0B4C5D558A87D8683E
google: 2075D8E39B7D389F92FD97D97C41939F64822361
google: 02886F9DAA13F7D9855855048C54F1D6B1231B0A
google: 123CF9013FA73C4E1F8F68905630C8B5B481FCE7
google: B873C80562A0D4C3D0F8507B7B8EC82C4DF9FB07
google: 59C507BCBEFCA2E894471EFBCD40B5AAD5BC4AC8
google: 3D5D32A62F770608B6567EC5D18424C24C3F5798
google: AF421B1F5A08499E130D24F448F6D79F7C76AF2B
google: 1DE8CBBF399CBC668B6DD6927CFEE06A7281CDA4
google: B8D7B850DC185160A24A3EE43606A9EF41D60E80
google: 33C7C049967F21DA0F1431A2D134F4F1DE9EC27E
google: A0B86104E2D00B3E52BDA5808CCEED9842CE2CEA
google: 281FA52B967B08DBC1B51BAFBFBF7A258FF12E54
google: 46F44B1760FF1DBAB6AAD44DEB1D68BEE0E714EA
google: 195FC90AEE3917C94730888986E34A195C12EA78
google: 20546C5A38191D1080B4EE8ADF1E54876BEDFB9E
google: 84F4AEAB426CE01334FD2DA3A11D981F6D9DCABB
google: 9AFA2AFB838CAF2748D09D013D8004809D48D3E4
google: 3ED18FBE06D6EF2C8332DB70A3221A00F7251D55
google: AA9BA493CB9E9FA6F9599C513EDBCBEE84ECECD6

google:
google:news:

【VT検索】

https://www.virustotal.com/gui/file/30DD3076EC9ABB13C15053234C436406B88FB2B9
https://www.virustotal.com/gui/file/EB8D39CE08B32A07B7D847F6C29F4471CD8264F2
https://www.virustotal.com/gui/file/4F0EA31A363CFE0D2BBB4A0B4C5D558A87D8683E
https://www.virustotal.com/gui/file/2075D8E39B7D389F92FD97D97C41939F64822361
https://www.virustotal.com/gui/file/02886F9DAA13F7D9855855048C54F1D6B1231B0A
https://www.virustotal.com/gui/file/123CF9013FA73C4E1F8F68905630C8B5B481FCE7
https://www.virustotal.com/gui/file/B873C80562A0D4C3D0F8507B7B8EC82C4DF9FB07
https://www.virustotal.com/gui/file/59C507BCBEFCA2E894471EFBCD40B5AAD5BC4AC8
https://www.virustotal.com/gui/file/3D5D32A62F770608B6567EC5D18424C24C3F5798
https://www.virustotal.com/gui/file/AF421B1F5A08499E130D24F448F6D79F7C76AF2B
https://www.virustotal.com/gui/file/1DE8CBBF399CBC668B6DD6927CFEE06A7281CDA4
https://www.virustotal.com/gui/file/B8D7B850DC185160A24A3EE43606A9EF41D60E80
https://www.virustotal.com/gui/file/33C7C049967F21DA0F1431A2D134F4F1DE9EC27E
https://www.virustotal.com/gui/file/A0B86104E2D00B3E52BDA5808CCEED9842CE2CEA
https://www.virustotal.com/gui/file/281FA52B967B08DBC1B51BAFBFBF7A258FF12E54
https://www.virustotal.com/gui/file/46F44B1760FF1DBAB6AAD44DEB1D68BEE0E714EA
https://www.virustotal.com/gui/file/195FC90AEE3917C94730888986E34A195C12EA78
https://www.virustotal.com/gui/file/20546C5A38191D1080B4EE8ADF1E54876BEDFB9E
https://www.virustotal.com/gui/file/84F4AEAB426CE01334FD2DA3A11D981F6D9DCABB
https://www.virustotal.com/gui/file/9AFA2AFB838CAF2748D09D013D8004809D48D3E4
https://www.virustotal.com/gui/file/3ED18FBE06D6EF2C8332DB70A3221A00F7251D55
https://www.virustotal.com/gui/file/AA9BA493CB9E9FA6F9599C513EDBCBEE84ECECD6

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023