TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

APT35 (まとめ)

概要

【要点】

◎イランのサイバー攻撃組織。イラン国家が後ろ盾と感がえられている


【別名】

攻撃組織名 命名組織
APT35 FireEye
Charming Kitten Clearsky
Magic Hound
Rocket Kitten
Ajax Security Team
Newscaster
Cobalt Gypsy
Phosphorus Microsoft


【作戦名】

作戦名 備考
Operation Saffron Rose FireEye
Operation Woolen-Goldfish


【辞書】

◆Magic Hound (ATT&CK)
https://attack.mitre.org/groups/G0059/

◆APT35 (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/apt35

記事


【ニュース】

◆Kaspersky Lab、データを破壊する新マルウエア「StoneDrill」を発見 (ITPro, 2017/03/10)
http://itpro.nikkeibp.co.jp/atcl/news/17/031000785/
http://malware-log.hatenablog.com/entry/2017/03/10/000000_6

◆2018년 주목해야 할 정부지원 해킹그룹 8 (boannews, 2018/02/17)
http://www.boannews.com/media/view.asp?idx=66847
http://malware-log.hatenablog.com/entry/2018/02/17/000000

◆MS、イランのハッカー集団のドメイン差し押さえ--裁判所命令勝ち取る (ZDNet, 2019/3/28 13:05)
https://japan.zdnet.com/article/35134876/
https://malware-log.hatenablog.com/entry/2019/03/28/000000_2


【ブログ】

◆Magic Hound Campaign Attacks Saudi Targets (UNIT42, 2017/02/15 21:16)
https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/
http://malware-log.hatenablog.com/entry/2017/02/15/000000_8

◆From Shamoon to StoneDrill (Kaspersky, 2017/03/06 15:36)
https://securelist.com/from-shamoon-to-stonedrill/77725/
http://malware-log.hatenablog.com/entry/2017/03/06/000000_1

◆CopyKittens Exposed by ClearSky and Trend Micro (Trendmicro, 2017/07/25)
https://blog.trendmicro.com/copykittens-exposed-clearsky-trend-micro/
http://malware-log.hatenablog.com/entry/2017/07/25/000000_9

◆OVERRULED: Containing a Potentially Destructive Adversary (FireEye, 2018/12/21)
https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
https://malware-log.hatenablog.com/entry/2018/12/21/000000_19

◆Microsoft slaps down 99 APT35/Charming Kitten domains (Naked Security(Sophos), 2019/04/01)
https://nakedsecurity.sophos.com/2019/04/01/microsoft-slaps-down-99-apt35-charming-kitten-domains/
https://malware-log.hatenablog.com/entry/2019/04/01/000000_8


【公開情報】

◆Report: The CopyKittens are targeting Israelis (Clearsky, 2015/11/23)
https://www.clearskysec.com/report-the-copykittens-are-targeting-israelis/
http://malware-log.hatenablog.com/entry/2015/11/23/000000_1


【資料】

◆FROM SHAMOON TO STONEDRILL (Kaspersky, 2017/03/07)

Wipers attacking Saudi organizations and beyond

https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
http://malware-log.hatenablog.com/entry/2017/03/06/000000_1

◆Operation Wilted Tulip (ClearSky Cyber Security, 2017/07/27)
https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
http://malware-log.hatenablog.com/entry/2017/07/27/000000_7

◆Charming Kitten (Clearsky, 2017/12)
http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf
http://malware-log.hatenablog.com/entry/2017/12/01/000000_7


【コード】

◆pupy (n1nj4sec)
https://github.com/n1nj4sec/pupy

関連情報


【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)

◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2019