IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

XXMM

Malware: XXMM / Wali / ShadowWalker / ShadowWali (RAT) 攻撃組織: Tick / Bronze Butler / NCPH / RedBaldKnight / The Bald Knight Rises IoC: Sha256

【インディケータ情報】

■ハッシュ情報(Sha256) - xxmm -

18e896a7547aacb33aa3941ab1b61659ed099c0f6fbb924068f81b4289b05f12
4d208c86c8331b7f1f6dd53f83af9ee4ec700a74792b419f663a3ce105d15d1c
28894a78bc00d6774d1242925787d35c5c2ae2563f5f7f1ff38dc0b441a15812
747041d73b3eb29dde5c9e31efdd5e675f16f182c23999ed5613be0e9be12351
15b4c1d29b41531b255e41d39d194a52bdc98a3b65a13771d8caf92372b324ce
ac501bb7e9e1bc57dd027d152f4a7c473f108e37023aae4bad64117241963b5c
7197de18bc5a4c854334ff979f3e4dafa16f43d7bf91edfe46f03e6cc88f7b73
fe06b99a0287e2b2d9f7faffbda3a4b328ecc05eab56a3e730cfc99de803b192
e94a7e835c657dd8a82dab5705db0ec279d1de97a3524f0e25e1e3d78f0561b8
09df0591a885b8d16767820c9eac51a5dd8099a4b17a46bffe38b315a6e29d0b
7333f4601379d5877ec1416e4d82654d312210d5bcf4d628b98207a737bdb654
425616f2958ba176662eb9bd66259fb38ca513b5831f0a07956b22839d915306
46eae3931334468246c728a7e0ab3bbfafe40c9f73f80bf0544b8aa649227d60

(以上は SecureWorks(Dell) の情報: 引用元は https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses )


■URL

hxxp://www.kamomeza.net/coppermine/images/thumb_dom.php
hxxp://noukankyo.org/images/about/soshikizu.php
hxxp://jmta.co.jp/module/Template/Plugin/Math.php
hxxp://i-frontierasia.com/shiryoku/link.php
hxxp://leadoffnet.com/img/top/top_12.php
hxxp://www.concierge.com.cn/public_html/wp-content/themes/comment.php
hxxp://www.wco-kyousai.com/ex-engine/themes/xe_default/conf/info.php
hxxp://angelbaby.jpn.cm/html/images/deleteComments.php

【ブログ】

◆BRONZE BUTLER Targets Japanese Enterprises (SecureWorks, 2017/10/12)
https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses
http://malware-log.hatenablog.com/entry/2017/10/12/000000_6