【別名】
| 攻撃組織名 |
命名組織 |
|---|---|
| APT-C-17 | |
| APT-Q-39 | |
| BabyElephant | |
| DEV-0124 | |
| G0121 | ATT&CK |
| GroupA21 | |
| Hardcore Nationalist | |
| HN2 | |
| Leafperphorator | |
| Orange Chandi | |
| Rattlesnake | Tencent |
| Razor Tiger | Crowdstrike |
| Sidewinder | Kaspersky |
| T-APT-04 | Tencent |
| UNC1687 | |
| Venomous Gemini | Palo Alto |
【辞書】
◆APT group: SideWinder, Rattlesnake (ETDA)
https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Razor%20Tiger&n=1
◆RAZOR TIGER (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/razor_tiger
【ニュース】
■2020年
◇2020年12月
◆SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign (Threatpost, 2020/12/09 14:53)
https://threatpost.com/sidewinder-apt-nepal-afghanistan-spy-campaign/162086/
⇒ https://malware-log.hatenablog.com/entry/2020/12/09/000000_7
■2021年
◇2021年1月
◆A Global Perspective of the SideWinder APT (AT&T Alien Labs, 2021/01/13)
https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf
⇒ https://malware-log.hatenablog.com/entry/2021/01/13/000000_8
【ブログ】
■2024年
◇2024年8月
◆パロアルトネットワークス Unit 42 が追跡している脅威アクター グループの一覧 (UNIT42(Palo Alto), 2024/08/04 17:47)
https://unit42.paloaltonetworks.jp/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/
⇒ https://malware-log.hatenablog.com/entry/2024/08/04/000000
【ブログ】
■2016年
◇2016年8月
◆MONSOON – ANALYSIS OF AN APT CAMPAIGN (Forcepoint, 2016/08/08)
[モンスーン - 適切なキャンペーンの分析]
https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf
https://malware-log.hatenablog.com/entry/2016/08/08/000000_3
【検索】
google: SideWinder
google: APT-C-17
google: Chinastrats
google: DEV-0124
google: G0121
google: Leafperphorator
google: Orange Chandi
google: Rattlesnake
google: Razor Tiger
google: T-APT-04
google: UNC1687
google: Venomous Gemini
google:news: SideWinder
google: site:virustotal.com SideWinder
google: site:github.com SideWinder
■Bing
https://www.bing.com/search?q=SideWinder
https://www.bing.com/news/search?q=SideWinder
https://twitter.com/search?q=%23SideWinder
https://twitter.com/hashtag/SideWinder
■VirusTotal
https://www.virustotal.com/gui/search/SideWinder
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
【インディケータ情報】
■ハッシュ情報(MD5)
★Malicious PowerPoint slides
| 0bbff4654d0c4551c58376e6a99dfda0 | |
| 1de10c5bc704d3eaf4f0cfa5ddd63f2d | MilitaryReforms2.pps |
| 2ba26a9cc1af4479e99dcc6a0e7d5d67 | 2016_China_Military_PowerReport.pps |
| 375f240df2718fc3e0137e109eef57ee | PLA_UAV_DEPLOYMENT.pps |
| 38e71afcdd6236ac3ad24bda393a81c6 | militarizationofsouthchinasea_1.pps |
| 3e9d1526addf2ca6b09e2fdb5fd4978f | How_to_easily_clean_an_infected_computer.pps |
| 475c29ed9373e2c04b7c3df6766761eb | PLA_Forthcoming_Revolution_in_Doctrinal_Affairs.pps |
| 4dbb8ad1776af25a5832e92b12d4bfff | maritime_dispute.pps |
| 4dbb8ad1776af25a5832e92b12d4bfff | Clingendael_Report_South_China_Sea.pps |
| 543d402a56406c93b68622a7e392728d | 2016_China_Military_PowerReport.pps |
| 551e244aa85b92fe470ed2eac9d8808a | Assessing_PLA_Organisational_Reforms.pps |
| 6877e60f141793287169125a08e36941 | Clingendael_Report_South_China_Sea.pps |
| 6d8534597ae05d2151d848d2e6427f9e | cn-lshc-hospital-operations-excellence.pps |
| 74fea3e542add0f301756581d1f16126 | Clingendael_Report_South_China_Sea_20160517Downloaded.pps |
| 812a856288a03787d85d2cb9c1e1b3ba | |
| 8f7b1f320823893e159f6ebfb8ce3e78 | |
| b163e3906b3521a407910aeefd055f03 | china_security_report_2016.pps |
| d456bbf44d73b1f0f2d1119f16993e93 | |
| e7b4511cba3bba6983c43c9f9014a49d | Chinastrats.com netflix2.pps |
| ebfa776a91de20674a4ae55294d85087 | Chinese_Influence_Faces_2.pps |
| eefcef704b1a7bea6e92dc8711cfd35e | Top_Five_AF.pps |
★Malicious rich text files
| 2099fcd4a81817171649cb38dac0fb2a | |
| 3d852dea971ced1481169d8f66542dc5 | China_Vietnam_Military_Clash.doc |
| 4ff89d5341ac36eb9bed79e7afe04cb3 | Cyber_Crime_bill.doc |
| 7012f07e82092ab2daede774b9000d64 | china_report_EN_web_2016_A01.doc |
| 735f0fbe44b70e184665aed8d1b2c117 | Cyber_Crime_bill.doc |
| 7796ae46da0049057abd5cfb9798e494 | |
| e5685462d8a2825e124193de9fa269d9 | PLA_Forthcoming_Revolution_in_Doctrinal_Affairs2.doc |
| f5c81526acbd830da2f533ae93deb1e1 | Job_offers.doc |
★Payloads
| 0f09e24a8d57fb8b1a8cc51c07ebbe3f | Backdoor.Steladok |
| 233a71ea802af564dd1ab38e62236633 | Backodor.Enfourks |
| 2c0efa57eeffed228eb09ee97df1445a | Backdoor.Steladok |
| 3ac28869c83d20f9b18ebbd9ea3a9155 | Backodor.Enfourks |
| 465de3db14158005ede000f7c0f16efe | Trojan.Gen.2 |
| 4fca01f852410ea1413a876df339a36d | Trojan.Gen.2 |
| 61e0f4ecb3d7c56ea06b8f609fd2bf13 | Backodor.Enfourks |
| 6b335a77203b566d92c726b939b8d8c9 | Backodor.Enfourks |
| a4fb5a6765cb8a30a8393d608c39d9f7 | Backodor.Enfourks |
| b594a4d3f7183c3af155375f81ad6c3d | Backodor.Enfourks |
| b7433c57a7111457506f85bdf6592d18 | Backodor.Enfourks |
| b7433c57a7111457506f85bdf6592d18 | Backodor.Enfourks |
| c575f9b40cf6e6141f0ee40c8a544fb8 | Backodor.Enfourks |
| d8102a24ca00ef3db7d942912765441e | Backodor.Enfourks |
| f47484e6705e52a115a3684832296b39 | Backdoor.Steladok |
| f7ce9894c1c99ce64455155377446d9c | Backodor.Enfourks |
| ffab6174860af9a7c3b37a7f1fb8f381 | Infostealer |