【インディケータ情報】
■ハッシュ情報(MD5)
05edc5d5bd9bda9ac8a75392b4231146
365f6b4ef127bc2adf445f3b19615cc2
3bdb9ab7caa2a9285b4ed04fe1c4753b
5b41fe8d645d2e1245748c176bd82960
6701efb6306fb3919cde58b82d42712d
a01c73da8fbafeae8a76f71d066aa135
a64bb1ed1f8210ef13fe686621161699
a8e3defc8184708bc0a66a96a686bd50
ae345f9833ac621cf497141b08ad34c2
b19d9aa5bcede2aa8648b85308ede71c
b582d899d519aaa8bb5a5c8b13bc6f76
c248bd02cf6468cb97a34b149701ec94
cf8b4d2fbd7622881b13b96d6467cdab
db7252dcd67affc4674c57d67c13c4f0
fc6f9b6c7402d1018f69f3f665f81c28
fcc4820790d8bf2c0cd654b594b791e1
■URL - C2 -
www.a-mas***.jp/html/mainland/index.php
www.sofu***.or.jp/htm/copyright/folder/index.php
www.sofu***.or.jp/htm/copyright/folder/sc_flash/index.php
www.toko-***.com/koushi/detail/index.php
www.toko-***.com/koushi/detail/sc_flash/index.php
www.turite***.jp/book/index.php
www.motoava***.com/shinyo/backup/look/index.php
www.skywo***.co.jp/tenpo/look/index.php
www.iand***.co.jp/blog/2014/index.php
www.katou***.com/images/fuck/index.php
www.sakurano***.com/blog/index.php
www.dol*.org.hk/FrNghomily/wp-content/upgrade/index.php
www.yodel-for***.jp/event/index.php
www.muku-m***.com/wp-includes/news/scripts/index.php
www.sib*.co.jp/view6/viewdata/book/index.php
www.techno***-net.co.jp/korea/company/folder/index.php
【インディケータ情報】
【検索】
google: 05edc5d5bd9bda9ac8a75392b4231146
google: 365f6b4ef127bc2adf445f3b19615cc2
google: 3bdb9ab7caa2a9285b4ed04fe1c4753b
google: 5b41fe8d645d2e1245748c176bd82960
google: 6701efb6306fb3919cde58b82d42712d
google: a01c73da8fbafeae8a76f71d066aa135
google: a64bb1ed1f8210ef13fe686621161699
google: a8e3defc8184708bc0a66a96a686bd50
google: ae345f9833ac621cf497141b08ad34c2
google: b19d9aa5bcede2aa8648b85308ede71c
google: b582d899d519aaa8bb5a5c8b13bc6f76
google: c248bd02cf6468cb97a34b149701ec94
google: cf8b4d2fbd7622881b13b96d6467cdab
google: db7252dcd67affc4674c57d67c13c4f0
google: fc6f9b6c7402d1018f69f3f665f81c28
google: fcc4820790d8bf2c0cd654b594b791e1
【VT検索】
https://www.virustotal.com/gui/file/05edc5d5bd9bda9ac8a75392b4231146
https://www.virustotal.com/gui/file/365f6b4ef127bc2adf445f3b19615cc2
https://www.virustotal.com/gui/file/3bdb9ab7caa2a9285b4ed04fe1c4753b
https://www.virustotal.com/gui/file/5b41fe8d645d2e1245748c176bd82960
https://www.virustotal.com/gui/file/6701efb6306fb3919cde58b82d42712d
https://www.virustotal.com/gui/file/a01c73da8fbafeae8a76f71d066aa135
https://www.virustotal.com/gui/file/a64bb1ed1f8210ef13fe686621161699
https://www.virustotal.com/gui/file/a8e3defc8184708bc0a66a96a686bd50
https://www.virustotal.com/gui/file/ae345f9833ac621cf497141b08ad34c2
https://www.virustotal.com/gui/file/b19d9aa5bcede2aa8648b85308ede71c
https://www.virustotal.com/gui/file/b582d899d519aaa8bb5a5c8b13bc6f76
https://www.virustotal.com/gui/file/c248bd02cf6468cb97a34b149701ec94
https://www.virustotal.com/gui/file/cf8b4d2fbd7622881b13b96d6467cdab
https://www.virustotal.com/gui/file/db7252dcd67affc4674c57d67c13c4f0
https://www.virustotal.com/gui/file/fc6f9b6c7402d1018f69f3f665f81c28
https://www.virustotal.com/gui/file/fcc4820790d8bf2c0cd654b594b791e1
【ブログ】
◆医療費通知に偽装した攻撃(Backdoor.Emdivi) その後 (マクニカネットワークス, 2015/01/26)
http://blog.macnica.net/blog/2015/01/post-39d4.html
⇒ https://malware-log.hatenablog.com/entry/2015/01/26/000000_2
