【公開情報】
◆Alert (AA22-174A) Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems (CISA, 2022/06/23)
https://www.cisa.gov/uscert/ncas/alerts/aa22-174a
https://www.cisa.gov/uscert/sites/default/files/publications/AA22-174A_Joint_CSA_Malicious_Cyber_Actors_Exploiting_Log4Shell_in_Unpatched_VMware_Horizon_Systems_FINAL.pdf
【インディケータ情報】
■ハッシュ情報(Sha256) - Malware Analysis Report (AR22-174B) -
28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab
(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174b )
| Sha256 | 備考 |
|---|---|
| 28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816 | error_401.jsp |
| 33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b | odbccads.exe |
| 3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0 | fontdrvhosts.exe |
| 66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16 | winds.exe |
| 7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751 | praiser.exe |
| 88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8 | f7_dump_64.exe |
| d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f | d071c4959d00a1ef9cce535056c6b0... |
| f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab | SvcEdge.exe |
(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174b )
■ハッシュ情報(Sha256) - Malware Analysis Report (AR22-174A) -
6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349
6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d
(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174a )
| Sha256 | 備考 |
|---|---|
| 6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349 | hmsvc.exe |
| 6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d | 658_dump_64.exe |
(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174a )
■IPアドレス情報 - Malware Analysis Report (AR22-174B) -
134.119.177.107
155.94.211.207
162.245.190.203
185.136.163.104
(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174b )
【検索】
google: 28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
google: 33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
google: 3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
google: 66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
google: 7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
google: 88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
google: d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
google: f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab
google: 6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349
google: 6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d
google: 134.119.177.107
google: 155.94.211.207
google: 162.245.190.203
google: 185.136.163.104
【VT検索】
https://www.virustotal.com/gui/file/28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
https://www.virustotal.com/gui/file/33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
https://www.virustotal.com/gui/file/3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
https://www.virustotal.com/gui/file/66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
https://www.virustotal.com/gui/file/7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
https://www.virustotal.com/gui/file/88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
https://www.virustotal.com/gui/file/d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
https://www.virustotal.com/gui/file/f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab
https://www.virustotal.com/gui/file/6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349
https://www.virustotal.com/gui/file/6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d
https://www.virustotal.com/gui/ip-address/134.119.177.107
https://www.virustotal.com/gui/ip-address/155.94.211.207
https://www.virustotal.com/gui/ip-address/162.245.190.203
https://www.virustotal.com/gui/ip-address/185.136.163.104
