TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 / 攻撃組織に関する「個人」の調査・研究・参照ログ

Log4Shell exploited to implant coin miners

脆弱性: Log4Shell ライブラリ: Apache Log4j *インディケータ情報

【図表】

f:id:tanigawa:20211213154430p:plain
f:id:tanigawa:20211213154441p:plain
出典: https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/

【ブログ】

◆Log4Shell exploited to implant coin miners (SANS, 2021/12/13)
[Log4Shellがコインマイナーの移植に悪用される]
https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/

【関連まとめ記事】

◆全体まとめ
　◆脆弱性 (まとめ)

◆Log4Shell (まとめ)
https://malware-log.hatenablog.com/entry/Log4Shell

【インディケータ情報】

■ハッシュ情報(Sha256) - Log4Shell -

4c97321bcd291d2ca82c68b02cde465371083dace28502b7eb3a88558d7e190c
eb76b7fb22dd442ba7d5064dce4cec79e6db745ace7019b6dfe5642782bf8660
e8b2a8d0c3444c53f143d0b4ba87c23dd1b58b03fd0a6b1bcd6e8358e57807f1
c70e6f8edfca4be3ca0dc2cfac8fddd14804b7e1e3c496214d09c6798b4620c5

(以上は SANS の情報: 引用元は https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ )

■ハッシュ情報(MD5) - Log4Shell -

ceb9a55eaa71101f86b14c6b296066c9
f6e51ea341570c6e9e4c97aee082822b
c717c47941c150f867ce6a62ed0d2d35
1718956642fbd382e9cde0c6034f0e21

(以上は SANS の情報: 引用元は https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ )

■url情報 - -

ldap://45[.]83.193.150
hxxp://31[.]220.58.29
hxxp://172[.]105.241.146
hxxp://18[.]228.7.109

(以上は SANS の情報: 引用元は https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ )

【検索】

google: 4c97321bcd291d2ca82c68b02cde465371083dace28502b7eb3a88558d7e190c
google: eb76b7fb22dd442ba7d5064dce4cec79e6db745ace7019b6dfe5642782bf8660
google: e8b2a8d0c3444c53f143d0b4ba87c23dd1b58b03fd0a6b1bcd6e8358e57807f1
google: c70e6f8edfca4be3ca0dc2cfac8fddd14804b7e1e3c496214d09c6798b4620c5

google: ceb9a55eaa71101f86b14c6b296066c9
google: f6e51ea341570c6e9e4c97aee082822b
google: c717c47941c150f867ce6a62ed0d2d35
google: 1718956642fbd382e9cde0c6034f0e21

google: "45.83.193.150"
google: "31.220.58.29"
google: "172.105.241.146"
google: "18.228.7.109"

【VT検索】

https://www.virustotal.com/gui/file/4c97321bcd291d2ca82c68b02cde465371083dace28502b7eb3a88558d7e190c
https://www.virustotal.com/gui/file/eb76b7fb22dd442ba7d5064dce4cec79e6db745ace7019b6dfe5642782bf8660
https://www.virustotal.com/gui/file/e8b2a8d0c3444c53f143d0b4ba87c23dd1b58b03fd0a6b1bcd6e8358e57807f1
https://www.virustotal.com/gui/file/c70e6f8edfca4be3ca0dc2cfac8fddd14804b7e1e3c496214d09c6798b4620c5

https://www.virustotal.com/gui/ip-address/45.83.193.150
https://www.virustotal.com/gui/ip-address/31.220.58.29
https://www.virustotal.com/gui/ip-address/172.105.241.146
https://www.virustotal.com/gui/ip-address/18.228.7.109

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023