【インディケータ情報】
■ハッシュ情報(MD5) - HttpBrowser RAT dropper -
1cb4b74e9d030afbb18accf6ee2bfca1
b333b5d541a0488f4e710ae97c46d9c2
86a05dcffe87caf7099dda44d9ec6b48
93e40da0bd78bebe5e1b98c6324e9b5b
f43d9c3e17e8480a36a62ef869212419
57e85fc30502a925ffed16082718ec6c
4251aaf38a485b08d5562c6066370f09
bbfd1e703f55ce779b536b5646a0cdc1
12a522cb96700c82dc964197adb57ddf
728e5700a401498d91fb83159beec834
2bec1860499aae1dbcc92f48b276f998
(以上は Secureworks の情報: 引用元は https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage )
■ハッシュ情報(MD5) - HttpBrowser RAT -
014122d7851fa8bf4070a8fc2acd5dc5
0ae996b31a2c3ed3f0bc14c7a96bea38
1a76681986f99b216d5c0f17ccff2a12
380c02b1fd93eb22028862117a2f19e3
40a9a22da928cbb70df48d5a3106d887
46cf2f9b4a4c35b62a32f28ac847c575
5436c3469cb1d87ea404e8989b28758d
692cecc94ac440ec673dc69f37bc0409
6a39a4e9933407aef31fdc3dfa2a2a95
8b4ed3b392ee5da139c16b8bca38ea5e
8ea5d8bb6b28191e4436456c35477e39
9271bcfbba056c8f80c7f04d72efd62d
996843b55a7c5c7a36e8c6956e599610
a554efc889714c70e9362bdc81fadd6a
c9c93c2d62a084031872aab96202ee3e
ddbdf0efdf26e0c267ef6155edb0e6b8
e7df18a17d8e7c2ed541a57020444068
ea4dcafc224f604c096032dde33a1d6d
f658bb17d69912404f34532901edad0e
f869a1b40f6438dfdd89e73480103211
81ed752590752016cb1c12f3e9ab3454
5ef719f8aeb9bf97beb24a5c2ed19173
7ec91768376324be2bad4fd30b1c2051
20c446ad2d7d1586138b493ecddfbbc7
44cf0793e05ba843dd53bbc7020e0f1c
02826bb6636337963cc5162e6f87745e
1606ab7a54735af654ee6deb7427f652
1539b3a5921203f0e2b6c05d692ffa27
c66e09429ad6669321e5c69b1d78c082
225e10e362eeee15ec64246ac021f4d6
a631fc7c45cbdf80992b9d730df0ff51
af785b4df71da0786bcae233e55cf6c1
e3e0f3ad4ff3b981b513cc66b37583e8
5cd0e97a1f09001af5213462aa3f7eb1
15fd9c04d6099273a9acf8feab81acfe
ea8b9e0bf95fc0c71694310cb685cd3b
5c3ab475be110ec59257617ee1388e01
6aac7417ea1eb60a869597af9049b8fa
372f5370085a63f5b660fab635ce6cd7
fac4885324cb67bd421d6250fdc9533c
e7e555615a07040bb5dbe9ce59ac5d11
ff34cb1d90d76a656546293e879afe22
2abf7421c34c60d48e09325a206e720e
396b4317db07cc8a2480786160b33044
e404873d3fcd0268db10657b53bdab64
6e4189b20adb253b3c1ad7f8fdc95009
bff424289c38d389a8cafb16b47dfe39
7294c7f3860315d51f74152e8ad353df
40092f76fea082b05e9631d91975a401
e42fce74bbd637c35320cf4e95f5e055
d0dafc3716a0d0ce393cde30b2b14a07
ae66bad0c7de88ab0ab1050c4bec9095
c7c2be1cd3780b2ba4638cef9a5422c7
405949955b1cb65673c16bf7c8da2f4d
ff4f052dbe73a81403df5e98313000fb
b30fcd362c7b8ac75b7dddfe6cb448c7
1d24f4d20b80562de46a8ac95d0ff8c2
9538bbdb3a73201b40296e9d4dc80ade
46bb2caeda30c09a6337fd46ec98c32c
0c8842e48e80643d91dd290d0f786147
0fc975c3c4e6c546b4f2b5aaed50dd78
41be449f687828466ed7d87f0f30a278
2b95caf3307ebd36cf405b1133b30aa8
ccc715a4d9d0157b9776deacdb26bf78
37933acfa8d8e78c54413d88ca705e17
2813c5a1c87f7e3d33174fed8b0988a1
8f22834efe52ccefb17e768569eb36b9
6f01628a0b5de757a8dbe99020499d10
7f8d9f12f41156512b60ab17f8d85fe9
debe5ef2868b212f4251c58be1687660
e136d4ebab357fd19df8afe221460571
a86a906cfafaf1d7e3725bb0161b0cfe
03e1eac3512a726da30fff41dbc26039
baac5e5dd3ce7dae56cab6d3dac14e15
0f7dde31fbeb5ddbb6230c401ed41561
36d957f6058f954541450f5a85b28d4b
42d874f91145bd2ddf818735346022d8
3468034fc3ac65c60a1f1231e3c45107
4e3b51a6a18bdb770fc38650a70b1883
3647068230839f9cadf0fd4bd82ade84
550922107d18aa4caad0267997709ee5
d8f0a6450f9df637daade521dc90d29d
bf2e2283b19b0febc4bd1f47aa82a94c
d0eec2294a70ceff84ca8d0ed7939fb5
e91d2464c8767552036dd0294fc7e6fb
f627bc2db3cab34d97c8949931cb432d
(以上は Secureworks の情報: 引用元は https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage )
■ハッシュ情報(MD5) - PlugX RAT dropper -
b313bbe17bd5ee9c00acff3bfccdb48a
f7a842eb1364d1269b40a344510068e8
8dacca7dd24844935fcd34e6c9609416
7cffd679599fb8579abae8f32ce49026
462fd01302bc40624a44b7960d2894cd
(以上は Secureworks の情報: 引用元は https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage )
■ドメイン情報
american.blackcmd.com
api.apigmail.com
apigmail.com
backup.darkhero.org
bel.updatawindows.com
binary.update-onlines.org
blackcmd.com
castle.blackcmd.com
ctcb.blackcmd.com
darkhero.org
dav.local-test.com
test.local-test.com
dev.local-test.com
ocean.local-test.com
ga.blackcmd.com
helpdesk.blackcmd.com
helpdesk.csc-na.com
helpdesk.hotmail-onlines.com
helpdesk.lnip.org
hotmail-onlines.com
jobs.hotmail-onlines.com
justufogame.com
lnip.org
local-test.com
login.hansoftupdate.com
long.update-onlines.org
longlong.update-onlines.org
longshadow.dyndns.org
longshadow.update-onlines.org
longykcai.update-onlines.org
lostself.update-onlines.org
mac.navydocument.com
mail.csc-na.com
mantech.updatawindows.com
micr0soft.org
microsoft-outlook.org
mtc.navydocument.com
navydocument.com
mtc.update-onlines.org
news.hotmail-onlines.com
oac.3322.org
ocean.apigmail.com
pchomeserver.com
registre.organiccrap.com
security.pomsys.org
services.darkhero.org
sgl.updatawindows.com
shadow.update-onlines.org
sonoco.blackcmd.com
test.logmastre.com
up.gtalklite.com
updatawindows.com
update-onlines.org
update.deepsoftupdate.com
update.hancominc.com
update.micr0soft.org
update.pchomeserver.com
urs.blackcmd.com
wang.darkhero.org
webs.local-test.com
word.apigmail.com
wordpress.blackcmd.com
working.blackcmd.com
working.darkhero.org
working.hotmail-onlines.com
www.trendmicro-update.org
www.update-onlines.org
x.apigmail.com
ykcai.update-onlines.org
ykcailostself.dyndns-free.com
ykcainobody.dyndns.org
zj.blackcmd.com
laxness-lab.com
google-ana1ytics.com
www.google-ana1ytics.com
ftp.google-ana1ytics.com
hotmailcontact.net
(以上は Secureworks の情報: 引用元は https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage )
■IPアドレス
208.115.242.36
208.115.242.37
208.115.242.38
66.63.178.142
72.11.148.220
72.11.141.133
74.63.195.236
74.63.195.236
74.63.195.237
74.63.195.238
103.24.0.142
103.24.1.54
106.187.45.162
192.151.236.138
192.161.61.19
192.161.61.20
192.161.61.22
103.24.1.54
67.215.232.179
96.44.177.195
49.143.192.221
67.215.232.181
67.215.232.182
96.44.182.243
96.44.182.245
96.44.182.246
49.143.205.30
(以上は Secureworks の情報: 引用元は https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage )
【ニュース】
◆Threat Group 3390 Cyberespionage (Secureworks, 2015/08/05)
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
⇒ https://malware-log.hatenablog.com/entry/2015/08/05/000000_3
