【ブログ】
◆Ransomware: Growing Number of Attackers Using Virtual Machines (Broadcom, 2021/06/23)
[ランサムウェア。仮想マシンを利用する攻撃者の増加]Tactic hides ransomware payload and lowers the risk of discovery while encryption process is underway.
[この戦術は、ランサムウェアのペイロードを隠し、暗号化処理中に発見されるリスクを低減します。]https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines
【関連まとめ記事】
◆Golang (まとめ)
https://malware-log.hatenablog.com/entry/Golang
◆検知回避 (まとめ)
https://malware-log.hatenablog.com/entry/Detection_Avoidance
【インディケータ情報】
■ハッシュ情報(Sha256) - -
2eae8e1c2e59527b8b4bb454a51b65f0ea1b0b7476e1c80b385f579328752836
9f801a8d6b4801b8f120be9e5a157b0d1fc3bbf6ba11a7d202a9060e60b707d8
e5291bae18b0fa3239503ab676cacb12f58a69eb2ec1fd3d0c0702b5a29246cb
d89bd47fb457908e8d65f705f091372251bae3603f5ff59afb2436abfcf976d8
8f247e4149742532b8a0258afd31466f968af7b5ac01fdb7960ac8c0643d2499
(以上は Broadcom の情報: 引用元は https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines )
Sha256 | 備考 |
---|---|
2eae8e1c2e59527b8b4bb454a51b65f0ea1b0b7476e1c80b385f579328752836 | Installer |
9f801a8d6b4801b8f120be9e5a157b0d1fc3bbf6ba11a7d202a9060e60b707d8 | runner.exe |
e5291bae18b0fa3239503ab676cacb12f58a69eb2ec1fd3d0c0702b5a29246cb | VirtualBox |
d89bd47fb457908e8d65f705f091372251bae3603f5ff59afb2436abfcf976d8 | Mountlocker |
8f247e4149742532b8a0258afd31466f968af7b5ac01fdb7960ac8c0643d2499 | Mountlocker |
【検索】
google: 2eae8e1c2e59527b8b4bb454a51b65f0ea1b0b7476e1c80b385f579328752836
google: 9f801a8d6b4801b8f120be9e5a157b0d1fc3bbf6ba11a7d202a9060e60b707d8
google: e5291bae18b0fa3239503ab676cacb12f58a69eb2ec1fd3d0c0702b5a29246cb
google: d89bd47fb457908e8d65f705f091372251bae3603f5ff59afb2436abfcf976d8
google: 8f247e4149742532b8a0258afd31466f968af7b5ac01fdb7960ac8c0643d2499
【VT検索】
https://www.virustotal.com/gui/file/2eae8e1c2e59527b8b4bb454a51b65f0ea1b0b7476e1c80b385f579328752836
https://www.virustotal.com/gui/file/9f801a8d6b4801b8f120be9e5a157b0d1fc3bbf6ba11a7d202a9060e60b707d8
https://www.virustotal.com/gui/file/e5291bae18b0fa3239503ab676cacb12f58a69eb2ec1fd3d0c0702b5a29246cb
https://www.virustotal.com/gui/file/d89bd47fb457908e8d65f705f091372251bae3603f5ff59afb2436abfcf976d8
https://www.virustotal.com/gui/file/8f247e4149742532b8a0258afd31466f968af7b5ac01fdb7960ac8c0643d2499