【ニュース】
◆サイバースパイグループ Patchwork、政府関係から各種の産業へ標的を拡大 (SecureNews, 2016/07/27)
http://securenews.appsight.net/entries/2174
⇒ https://malware-log.hatenablog.com/entry/2016/07/27/000000
◆コピペAPTを展開する「Patchwork」、日本企業も標的に - 南シナ海問題へ強い関心 (Security NEXT, 2016/07/28)
http://www.security-next.com/072317
◆Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent (UNIT42(Paloalto), 2018/03/07)
https://unit42.paloaltonetworks.com/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/
【ブログ】
◆The Dropping Elephant – aggressive cyber-espionage in the Asian region (SECURELIST, 2016/07/08 05:57)
https://securelist.com/the-dropping-elephant-actor/75328/
◆Patchwork cyberespionage group expands targets from governments to wide range of industries (Symantec, 2016/07/25)
Symantec finds that Patchwork now targets a variety of industries in the US, China, Japan, South East Asia, and the UK
https://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries
⇒ https://malware-log.hatenablog.com/entry/2016/07/25/000000
◆サイバースパイグループ Patchwork、政府関係から各種の産業へ標的を拡大 (Symantec, 2016/07/27)
シマンテックは、Patchwork が米国、中国、日本、東南アジア、英国でさまざまな業種を狙い始めたことを確認しました
https://www.symantec.com/connect/nl/blogs/patchwork-0
⇒ https://malware-log.hatenablog.com/entry/2016/07/27/000000
◆Patchwork APT Group Targets US Think Tanks (Volexity, 2018/06/07)
https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/
【資料】
◆UNVEILING PATCHWORK –THE COPY-PASTE APT (Cymmetia, 2016)
A targeted attack caught with cyber deception
https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf
◆MONSOON – ANALYSIS OF AN APT CAMPAIGN (Forcepoint, 2016/08/08)
https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
【インディケータ情報】
■ハッシュ情報(MD5)
★Malicious PowerPoint slides
| 0bbff4654d0c4551c58376e6a99dfda0 | |
| 1de10c5bc704d3eaf4f0cfa5ddd63f2d | MilitaryReforms2.pps |
| 2ba26a9cc1af4479e99dcc6a0e7d5d67 | 2016_China_Military_PowerReport.pps |
| 375f240df2718fc3e0137e109eef57ee | PLA_UAV_DEPLOYMENT.pps |
| 38e71afcdd6236ac3ad24bda393a81c6 | militarizationofsouthchinasea_1.pps |
| 3e9d1526addf2ca6b09e2fdb5fd4978f | How_to_easily_clean_an_infected_computer.pps |
| 475c29ed9373e2c04b7c3df6766761eb | PLA_Forthcoming_Revolution_in_Doctrinal_Affairs.pps |
| 4dbb8ad1776af25a5832e92b12d4bfff | maritime_dispute.pps |
| 4dbb8ad1776af25a5832e92b12d4bfff | Clingendael_Report_South_China_Sea.pps |
| 543d402a56406c93b68622a7e392728d | 2016_China_Military_PowerReport.pps |
| 551e244aa85b92fe470ed2eac9d8808a | Assessing_PLA_Organisational_Reforms.pps |
| 6877e60f141793287169125a08e36941 | Clingendael_Report_South_China_Sea.pps |
| 6d8534597ae05d2151d848d2e6427f9e | cn-lshc-hospital-operations-excellence.pps |
| 74fea3e542add0f301756581d1f16126 | Clingendael_Report_South_China_Sea_20160517Downloaded.pps |
| 812a856288a03787d85d2cb9c1e1b3ba | |
| 8f7b1f320823893e159f6ebfb8ce3e78 | |
| b163e3906b3521a407910aeefd055f03 | china_security_report_2016.pps |
| d456bbf44d73b1f0f2d1119f16993e93 | |
| e7b4511cba3bba6983c43c9f9014a49d | Chinastrats.com netflix2.pps |
| ebfa776a91de20674a4ae55294d85087 | Chinese_Influence_Faces_2.pps |
| eefcef704b1a7bea6e92dc8711cfd35e | Top_Five_AF.pps |
★Malicious rich text files
| 2099fcd4a81817171649cb38dac0fb2a | |
| 3d852dea971ced1481169d8f66542dc5 | China_Vietnam_Military_Clash.doc |
| 4ff89d5341ac36eb9bed79e7afe04cb3 | Cyber_Crime_bill.doc |
| 7012f07e82092ab2daede774b9000d64 | china_report_EN_web_2016_A01.doc |
| 735f0fbe44b70e184665aed8d1b2c117 | Cyber_Crime_bill.doc |
| 7796ae46da0049057abd5cfb9798e494 | |
| e5685462d8a2825e124193de9fa269d9 | PLA_Forthcoming_Revolution_in_Doctrinal_Affairs2.doc |
| f5c81526acbd830da2f533ae93deb1e1 | Job_offers.doc |
★Payloads
| 0f09e24a8d57fb8b1a8cc51c07ebbe3f | Backdoor.Steladok |
| 233a71ea802af564dd1ab38e62236633 | Backodor.Enfourks |
| 2c0efa57eeffed228eb09ee97df1445a | Backdoor.Steladok |
| 3ac28869c83d20f9b18ebbd9ea3a9155 | Backodor.Enfourks |
| 465de3db14158005ede000f7c0f16efe | Trojan.Gen.2 |
| 4fca01f852410ea1413a876df339a36d | Trojan.Gen.2 |
| 61e0f4ecb3d7c56ea06b8f609fd2bf13 | Backodor.Enfourks |
| 6b335a77203b566d92c726b939b8d8c9 | Backodor.Enfourks |
| a4fb5a6765cb8a30a8393d608c39d9f7 | Backodor.Enfourks |
| b594a4d3f7183c3af155375f81ad6c3d | Backodor.Enfourks |
| b7433c57a7111457506f85bdf6592d18 | Backodor.Enfourks |
| b7433c57a7111457506f85bdf6592d18 | Backodor.Enfourks |
| c575f9b40cf6e6141f0ee40c8a544fb8 | Backodor.Enfourks |
| d8102a24ca00ef3db7d942912765441e | Backodor.Enfourks |
| f47484e6705e52a115a3684832296b39 | Backdoor.Steladok |
| f7ce9894c1c99ce64455155377446d9c | Backodor.Enfourks |
| ffab6174860af9a7c3b37a7f1fb8f381 | Infostealer |
