IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

HomamDownloader

攻撃組織: Tick / Bronze Butler / NCPH / RedBaldKnight / The Bald Knight Rises Malware: Bisodown / Cpycat / HomamDownloader

【インディケータ情報】

■ハッシュ情報(Sha256) - Trojanized Legitimate Software(HomamDownloader) -

b1bb1d5f178b064eb1d7c9cc7cadcf8b3959a940c14cee457ce3aba5795660aa
3227d1e39fc3bc842245ccdb16eeaadad3bcd298e811573b2e68ef2a7077f6f6
92e0d0346774127024c672cc7239dd269824a79e85b84c532128fd9663a0ce78
33665d93ab2a0262551c61ec9a3adca2c2b8dfea34e6f3f723274d88890f6ceb

(以上は paloalto の情報: 引用元は https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/ )


■ハッシュ情報(Sha256) - HomamDownloader -

019874898284935719dc74a6699fb822e20cdb8e3a96a7dc8ec4f625e3f1116e
ee8d025c6fea5d9177e161dbcedb98e871baceae33b7a4a12e9f73ab62bb0e38
f817c9826089b49d251b8a09a0e9bf9b4b468c6e2586af60e50afe48602f0bec

(以上は paloalto の情報: 引用元は https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/ )


■URL

pre.englandprevail.com


【検索】

google: b1bb1d5f178b064eb1d7c9cc7cadcf8b3959a940c14cee457ce3aba5795660aa
google: 3227d1e39fc3bc842245ccdb16eeaadad3bcd298e811573b2e68ef2a7077f6f6
google: 92e0d0346774127024c672cc7239dd269824a79e85b84c532128fd9663a0ce78
google: 33665d93ab2a0262551c61ec9a3adca2c2b8dfea34e6f3f723274d88890f6ceb

google: 019874898284935719dc74a6699fb822e20cdb8e3a96a7dc8ec4f625e3f1116e
google: ee8d025c6fea5d9177e161dbcedb98e871baceae33b7a4a12e9f73ab62bb0e38
google: f817c9826089b49d251b8a09a0e9bf9b4b468c6e2586af60e50afe48602f0bec


【VT検索】

https://www.virustotal.com/gui/file/b1bb1d5f178b064eb1d7c9cc7cadcf8b3959a940c14cee457ce3aba5795660aa
https://www.virustotal.com/gui/file/3227d1e39fc3bc842245ccdb16eeaadad3bcd298e811573b2e68ef2a7077f6f6
https://www.virustotal.com/gui/file/92e0d0346774127024c672cc7239dd269824a79e85b84c532128fd9663a0ce78
https://www.virustotal.com/gui/file/33665d93ab2a0262551c61ec9a3adca2c2b8dfea34e6f3f723274d88890f6ceb

https://www.virustotal.com/gui/file/019874898284935719dc74a6699fb822e20cdb8e3a96a7dc8ec4f625e3f1116e
https://www.virustotal.com/gui/file/ee8d025c6fea5d9177e161dbcedb98e871baceae33b7a4a12e9f73ab62bb0e38
https://www.virustotal.com/gui/file/f817c9826089b49d251b8a09a0e9bf9b4b468c6e2586af60e50afe48602f0bec




【ブログ】

◆Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems (paloalto, 2018/06/22)
https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
https://malware-log.hatenablog.com/entry/2018/06/22/000000_4