2021-07-04

Kaseya supply chain attack targeting MSPs to deliver REvil ransomware

【図表】

f:id:tanigawa:20210708055727p:plain
出典: https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/

【ブログ】

◆Kaseya supply chain attack targeting MSPs to deliver REvil ransomware (Truesec, 2021/07/04)
https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/

【ログ】

[I 2021-07-02T13:59:59.544250Z +02:00 ] [ProcessCmd] Systemname-and-Kaseya-agent-details (REDACTED) logged in successfully.
[I 2021-07-02T14:00:01.512990Z +02:00 1840 16cc] [EVENT_SERVER] Fri Jul 2 16:00:01 2021: [5836] WARNING: Write File task will rewrite entire file '#agentWrkDir#\agent.crt' to 'Systemname-and-Kaseya-agent-details' (REDACTED) because the timestamp of the file on the server has changed.
[I 2021-07-02T14:00:01.559863Z +02:00 1840 12b4] [EVENT_SERVER] Fri Jul 2 16:00:01 2021: [4788] Write File task continuing previous transfer to file '#agentWrkDir#\agent.crt' at offset 1221800 of 1221802 bytes for 'Systemname-and-Kaseya-agent-details' (REDACTED). Process time = 0 seconds.

D:\Kaseya\Kserver\Kserver.log (侵入の形跡)

◆Sodinokibi / Sodin / REvil (まとめ)
https://malware-log.hatenablog.com/entry/Sodin

TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 / 攻撃組織に関する「個人」の調査・研究・参照ログ

Kaseya supply chain attack targeting MSPs to deliver REvil ransomware