【目次】
概要
【別名】
攻撃組織名 | 命名組織 |
---|---|
Pitty Panda | CrowdStrike |
PittyTiger | FireEye |
Tigerbarb | iDefense |
Manganese | Microsoft |
APT24 | FireEye *1 |
【辞書】
◆PittyTiger (ATT&CK)
https://attack.mitre.org/groups/G0011/
◆Pitty Panda (malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/pitty_panda
◆Pitty Panda (Threat Actor Map)
https://aptmap.netlify.com/#Pitty%20Panda
◆THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA (ThaiCERT, 2019/06/19)
https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf (P.184)
【概要】
■活動時期
- 2011~
■使用ツール/マルウェア
ツール名 | ATT&CK ID | 備考 |
---|---|---|
gh0st RAT | S0032 | RAT |
gsecdump | S0008 | 認証情報の取得 |
Lurid | S0010 | 暗号・圧縮 |
Mimikatz | S0002 | 認証情報の所得(パスワード解読) |
PoisonIvy | S0012 | RAT |
記事
【ニュース】
◆Pitty Tiger APT exploits older version Office flaws (SC Magazine, 2014/07/15)
http://www.scmagazineuk.com/pitty-tiger-apt-exploits-older-version-office-flaws/article/360847/
⇒ https://malware-log.hatenablog.com/entry/2014/07/15/000000_3
◆PittyTiger APT group sells its services to companies (HELP NET SECURITY, 2014/07/15)
http://www.net-security.org/secworld.php?id=17118&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:%20HelpNetSecurity%20(Help%20Net%20Security)
⇒ https://malware-log.hatenablog.com/entry/2014/07/15/000000_2
【ブログ】
◆Pitty Tiger – small ATPs scare private companies (Security Affairs, 2014/07/13)
http://securityaffairs.co/wordpress/26592/cyber-crime/pitty-tiger-atp.html
⇒ https://malware-log.hatenablog.com/entry/2014/07/13/000000_1
◆Targeted Attacks on French Company Exploit Multiple Word Vulnerabilities (McAfee, 2014/07/15)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/targeted-attacks-on-french-company-exploit-multiple-word-vulnerabilities/
⇒ https://malware-log.hatenablog.com/entry/2014/07/15/000000_4
◆Spy of the Tiger (FireEye, 2014/07/31)
https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html
⇒ https://malware-log.hatenablog.com/entry/2014/07/31/000000_1
【公開情報】
◆The Eye of the Tiger (Airbus, 2014/07/11 11:00)
http://blog.cassidiancybersecurity.com/post/2014/07/The-Eye-of-the-Tiger2
⇒ https://malware-log.hatenablog.com/entry/2014/07/11/000000_3
【資料】
◆The Eye of the Tiger (Airbus, 2014/07)
https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20Report.pdf
⇒ https://malware-log.hatenablog.com/entry/2014/07/31/000000_2
関連情報
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
【インディケータ情報】
■ハッシュ情報(Sha1)
25dd831ae7d720998a3e3a8d205ab684 | dr.asp |
4b89c31d1d7744bcf5049d582d35e717 | Install-Dll.bat |
e738286a0031621d50aeb5fc1d95d7a4 | JHttpSrv.dll |