TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Alert (AA22-174A) Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

【公開情報】

◆Alert (AA22-174A) Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems (CISA, 2022/06/23)
https://www.cisa.gov/uscert/ncas/alerts/aa22-174a
https://www.cisa.gov/uscert/sites/default/files/publications/AA22-174A_Joint_CSA_Malicious_Cyber_Actors_Exploiting_Log4Shell_in_Unpatched_VMware_Horizon_Systems_FINAL.pdf


【インディケータ情報】

■ハッシュ情報(Sha256) - Malware Analysis Report (AR22-174B) -

28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab

(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174b )

Sha256 備考
28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816 error_401.jsp
33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b odbccads.exe
3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0 fontdrvhosts.exe
66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16 winds.exe
7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751 praiser.exe
88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8 f7_dump_64.exe
d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f d071c4959d00a1ef9cce535056c6b0...
f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab SvcEdge.exe

(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174b )


■ハッシュ情報(Sha256) - Malware Analysis Report (AR22-174A) -

6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349
6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d

(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174a )

Sha256 備考
6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349 hmsvc.exe
6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d 658_dump_64.exe

(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174a )


■IPアドレス情報 - Malware Analysis Report (AR22-174B) -

134.119.177.107
155.94.211.207
162.245.190.203
185.136.163.104

(以上は CISA の情報: 引用元は https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-174b )


【検索】

google: 28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
google: 33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
google: 3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
google: 66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
google: 7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
google: 88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
google: d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
google: f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab

google: 6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349
google: 6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d

google: 134.119.177.107
google: 155.94.211.207
google: 162.245.190.203
google: 185.136.163.104


【VT検索】


https://www.virustotal.com/gui/file/28e4e7104cbffa97a0aa2f53b5ebcbcdba360ec416b34bb617e2f8891d204816
https://www.virustotal.com/gui/file/33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b
https://www.virustotal.com/gui/file/3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0
https://www.virustotal.com/gui/file/66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16
https://www.virustotal.com/gui/file/7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751
https://www.virustotal.com/gui/file/88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8
https://www.virustotal.com/gui/file/d071c4959d00a1ef9cce535056c6b01574d8a8104a7c3b00a237031ef930b10f
https://www.virustotal.com/gui/file/f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab

https://www.virustotal.com/gui/file/6589a687e69a182e075f11805a755ac1fabbddae1636c6fea8e80e7414521349
https://www.virustotal.com/gui/file/6e3840f11aa02f391edd7e3e65b214f1af128fa207b4feb7f69e438014a2206d

https://www.virustotal.com/gui/ip-address/134.119.177.107
https://www.virustotal.com/gui/ip-address/155.94.211.207
https://www.virustotal.com/gui/ip-address/162.245.190.203
https://www.virustotal.com/gui/ip-address/185.136.163.104


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023