【別名情報(概要)】
名称 | 別名 | 備考 |
---|---|---|
APT33 | Charming Kitten, Parastoo, iKittens, MacDownloader, NEWSCASTER, NewsBeef, Group 83, Stonedrill, Shamoon2.0 | |
APT34 | Oilrig, Cobalt Gypsy, Twisted Kitten, Crambus, Helix Kitten, Chrysene | |
APT35 | Magic Hound, Timberworm, Shamoon 2.0 | |
Cadelle | ||
Chafer | ||
Clever Kitten | Group 41 | |
CopyKittens | Slayer Kitten | |
Cyber fighters of Izz Ad-Din | Al Qassam, Fraternal Jackal, Ababil, ApAbabil | |
Greenbug | ||
ITSecTeam | ||
Mabna Institute | Silent Librarian | |
Madi | ||
Mermaid | ||
MuddyWater | TEMP.Zagros | |
Prince of Persia | ||
Rocket Kitten | Flying Kitten, Temp.Beanie, Saffron Rose, Ajax Security Team, Group 26, Woolen Goldfish, Thamar , Reservoir | |
Shamoon | Volatile Kitten | |
Sima | ||
TG-2889 | Cobalt Gypsy, Cutting Kitten, Ghambar |
【参考情報】
■APT33
別名: APT33, Charming Kitten, Parastoo, iKittens, MacDownloader, NEWSCASTER, NewsBeef, Group 83, Stonedrill, Shamoon2.0
- https://iranthreats.github.io/resources/macdownloader-macos-malware/
- https://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/
- https://github.com/gasgas4/APT_CyberCriminal_Campagin/tree/master/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks
- https://www.verfassungsschutz.de/download/broschuere-2016-10-bfv-cyber-brief-2016-04.pdf
- https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/
- https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
- https://cryptome.org/2012/11/parastoo-hacks-iaea.htm
- https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/
- http://www.clearskysec.com/charmingkitten/
◆ファイア・アイ、イランのハッカー集団「APT33」の 活動内容と技術詳細を明らかに (FireEye, 2017/09/22)
https://www.fireeye.jp/company/press-releases/2017/apt33-insights-into-iranian-cyber-espionage.html
◆イラン政府の関与が疑われる諜報活動グループ「APT33」が韓国を狙った理由 (THE ZERO/ONE, 2017/10/13 08:00)
https://the01.jp/p0005877/
◆IRANIAN APT33 TARGETS US FIRMS WITH DESTRUCTIVE MALWARE (threat post, 2017/09/21 13:54)
https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/
◆APT33: New Insights into Iranian Cyber Espionage Group (FireEye, 2017/09/21)
https://www.brighttalk.com/webcast/10703/275683/apt33-new-insights-into-iranian-cyber-espionage-group
■APT34
別名: APT34, Oilrig, Cobalt Gypsy, Twisted Kitten, Crambus, Helix Kitten, Chrysene
- https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
- http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/
- http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/
- http://www.clearskysec.com/oilrig/
- https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf
- http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/
- http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability%2520
- https://www.forbes.com/forbes/welcome/?toURL%3Dhttps://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/%26refURL%3D%26referrer%3D%2356749aa2468a
- https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/%2356749aa2468a
- https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/
- https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/
- https://researchcenter.paloaltonetworks.com/2017/09/unit42-striking-oil-closer-look-adversary-infrastructure/
- https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
- https://researchcenter.paloaltonetworks.com/2017/12/unit42-introducing-the-adversary-playbook-first-up-oilrig/
- https://www.dragos.com/blog/20180517Chrysene.html
■APT35
別名: APT35, Magic Hound, Timberworm, Shamoon 2.0
- http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/
- https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/
- https://www.symantec.com/connect/blogs/shamoon-multi-staged-destructive-attacks-limited-specific-targets
- https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html
- https://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
- https://gallery.logrhythm.com/threat-intelligence-reports/shamoon-2-malware-analysis-logrhythm-labs-threat-intelligence-report.pdf
■Cadelle
■Chafer
- http://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets
- https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions
■Clever Kitten
別名: Clever Kitten, Group 41
■CopyKittens
別名: CopyKittens, Slayer Kitten
- https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf
- https://blog.domaintools.com/2017/03/hunt-case-study-hunting-campaign-indicators-on-privacy-protected-attack-infrastructure/
- http://www.clearskysec.com/copykitten-jpost/
- http://www.clearskysec.com/tulip/
■Cyber fighters of Izz Ad-Din
別名: Cyber fighters of Izz Ad-Din, Al Qassam, Fraternal Jackal, Ababil, ApAbabil
- http://pastebin.com/u/QassamCyberFighters
- http://ddanchev.blogspot.com.es/2012/09/dissecting-operation-ababil-osint.html
- http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html
- https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html
■Greenbug
- https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon
- https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/
- https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/
- https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/february/ism-rat/
- http://www.clearskysec.com/ismagent/
■ITSecTeam
- http://pastebin.com/mCHia4W5
- http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html
- https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312_story.html
Mabna Institute
■別名: Mabna Institute, Silent Librarian
- https://www.fbi.gov/wanted/cyber/iranian-mabna-hackers
- https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment
- https://twitter.com/ClearskySec/status/977899578346430464
■Madi
- https://securelist.com/blog/incidents/33693/the-madi-campaign-part-i-5/
- https://securelist.com/blog/incidents/33701/the-madi-campaign-part-ii-53/
■Mermaid
■MuddyWater
別名: MuddyWater, TEMP.Zagros
- https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/
- https://sec0wn.blogspot.co.il/2018/03/a-quick-dip-into-muddywaters-recent.html
- https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/
- https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html
- https://iranthreats.github.io/
- http://researchcenter.paloaltonetworks.com/2016/05/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/
- https://researchcenter.paloaltonetworks.com/2017/08/unit42-prince-persia-ride-lightning-infy-returns-foudre/
- https://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/
■Rocket Kitten
別名: Rocket Kitten, Flying Kitten, Temp.Beanie, Saffron Rose, Ajax Security Team, Group 26, Woolen Goldfish, Thamar , Reservoir
- https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing
- https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf
- http://www.clearskysec.com/thamar-reservoir/
- https://citizenlab.org/2015/08/iran_two_factor_phishing/
- https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
- http://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/july/a-new-flying-kitten/
- https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf
■Shamoon
別名: Shamoon, Volatile Kitten
- https://en.wikipedia.org/wiki/Shamoon
- http://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html
■Sima
■TG-2889
別名: TG-2889, Cobalt Gypsy, Cutting Kitten, Ghambar
- http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/
- https://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf
- https://www.secureworks.com/research/the-curious-case-of-mia-ash
- https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf
【まとめ情報】
◆攻撃者の情報 (まとめ)
http://malware-log.hatenablog.com/entry/attacker