【インディケータ情報】
■ハッシュ情報(Sha256) - AZORult -
865d2e9cbf5d88ae8b483f0f5e2397449298651381f66c55b7afd4b750eb4da4
0d2def167ecf39a69a7e949c88bb2096cfd76f7d4bf72f1b0fe27a9da686c141
10d159b0ddb92e9f4b395e90f9cfaa554622c4e77f66f7da176783777db5526a
(以上は Proofpoint の情報: 引用元は https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan )
■URL - AZORult -
hxxp://goo.gl/G7z1aS?paypal-nonauthtransaction.jpg
hxxp://katyaflash.com/pp.php
hxxp://wasingo.info/2/flash.exe
hxxp://www.viscot.com/system/helper/bzr.exe
91.215.154.202/AZORult/gate.php
(以上は Proofpoint の情報: 引用元は https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan )
■FQDN - AZORult -
kingstonevikte.com
(以上は Proofpoint の情報: 引用元は https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan )
【検索】
google: 865d2e9cbf5d88ae8b483f0f5e2397449298651381f66c55b7afd4b750eb4da4
google: 0d2def167ecf39a69a7e949c88bb2096cfd76f7d4bf72f1b0fe27a9da686c141
google: 10d159b0ddb92e9f4b395e90f9cfaa554622c4e77f66f7da176783777db5526a
【VT検索】
https://www.virustotal.com/gui/file/865d2e9cbf5d88ae8b483f0f5e2397449298651381f66c55b7afd4b750eb4da4
https://www.virustotal.com/gui/file/0d2def167ecf39a69a7e949c88bb2096cfd76f7d4bf72f1b0fe27a9da686c141
https://www.virustotal.com/gui/file/10d159b0ddb92e9f4b395e90f9cfaa554622c4e77f66f7da176783777db5526a
https://www.virustotal.com/gui/url/http://goo.gl/G7z1aS?paypal-nonauthtransaction.jpg
https://www.virustotal.com/gui/url/http://katyaflash.com/pp.php
https://www.virustotal.com/gui/url/http://wasingo.info/2/flash.exe
https://www.virustotal.com/gui/url/http://www.viscot.com/system/helper/bzr.exe
https://www.virustotal.com/gui/url/91.215.154.202/AZORult/gate.php
https://www.virustotal.com/gui/domain/kingstonevikte.com
【ニュース】
◆Threat Actors Using Legitimate PayPal Accounts To Distribute Chthonic Banking Trojan (Proofpoint, 2016/07/26)
https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan
⇒ https://malware-log.hatenablog.com/entry/2016/07/26/000000_3