【インディケータ情報】
■ハッシュ情報(Sha256) - Trojan.Sofacy (Seduploader) -
093f2aedcf59c831cda7a92df48b146326c2c81c0a3f1d4f3bdc7c6b9a7c71e4
1140c624fbfe28b9ef19fef2e9aa251adfbe8c157820d5f0356d88b4d80c2c88
11cd541511cc793e7416655cda1e100d0a70fb043dfe7f6664564b91733431d0
12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8
23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701
3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b
3b87bfb837339445987cdf2e97169cb0c63072dc1d5bffa8ffb4af108a410988
5fdc673941ceac84f8f19d550f04a5e1a82c13cbd04771016b68fbf586ff6dc3
8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57
a5742651c3dab8d6ed6f49c2f9fb3ee3bea5cd01c3ec8e73ff0a6f400e32faeb
c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead
ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18
(以上は Broadcom の情報: 引用元は https://symantec-enterprise-blogs.security.com/sites/default/files/2018-10/APT28_IOCs.txt )
■ハッシュ情報(Sha256) - Backdoor.SofacyX (X-Agent) -
001d65185910ae8cd9e7e2472745e593be62b98eae3f5f2266a29c37e56daa1d
1228e9066819f115e8b2a6c1b75352566a6a5dc002d9d36a8c5b47758c9f6a45
2bf9c38d01681b33c1a84e5de1a291288b658939975714c63a487bc050adf03f
2d11e8d81bf776d668355ed15a596193d4bb10a42289ddb3223c1227b042d854
57e96a1136510ac67ff8a3f3e06787f6e6c09da64c318e01b6653fac19b7894f
73ee9ceaae23f96d9a1bc7ebfc382066ca727efb94e5e8ab1ddc0369896c95f7
776780cab8371fea0d2103a8c284d3eff9271f4e16042c0734369f1c9e9d939d
82fc44696d1c5ddfdd5338fcafb6a9dcf7a0796235cd58184d05a2f388ed7e9e
a1c73ce193ffa5323aaef73fbabbc2a984e10900f09cf9fcb0cb11606a23c402
a20e0a3e11c2ac22ac70c52593658993f153d98b8acc89fd82d7c3e0a605e16e
e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40
f97f2985ff599e073156e37cbd34024067680072ac18f9d2040c64eedbe38e4f
(以上は Broadcom の情報: 引用元は https://symantec-enterprise-blogs.security.com/sites/default/files/2018-10/APT28_IOCs.txt )
■ハッシュ情報(Sha256) - Trojan.Shunnael (X-Agent) -
a37eda810ca92486bfb0e1f1b27adb7c9df57aafab686c000ae1d6ec5d6f6180
fc224a6cca956a59812a13e53ba08a279996ea2ee194fe20fb10170ca5c2db6a
(以上は Broadcom の情報: 引用元は https://symantec-enterprise-blogs.security.com/sites/default/files/2018-10/APT28_IOCs.txt )
【検索】
■Trojan.Sofacy (Seduploader)
google: 093f2aedcf59c831cda7a92df48b146326c2c81c0a3f1d4f3bdc7c6b9a7c71e4
google: 1140c624fbfe28b9ef19fef2e9aa251adfbe8c157820d5f0356d88b4d80c2c88
google: 11cd541511cc793e7416655cda1e100d0a70fb043dfe7f6664564b91733431d0
google: 12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8
google: 23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701
google: 3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b
google: 3b87bfb837339445987cdf2e97169cb0c63072dc1d5bffa8ffb4af108a410988
google: 5fdc673941ceac84f8f19d550f04a5e1a82c13cbd04771016b68fbf586ff6dc3
google: 8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57
google: a5742651c3dab8d6ed6f49c2f9fb3ee3bea5cd01c3ec8e73ff0a6f400e32faeb
google: c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead
google: ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18
■Backdoor.SofacyX (X-Agent)
google: 001d65185910ae8cd9e7e2472745e593be62b98eae3f5f2266a29c37e56daa1d
google: 1228e9066819f115e8b2a6c1b75352566a6a5dc002d9d36a8c5b47758c9f6a45
google: 2bf9c38d01681b33c1a84e5de1a291288b658939975714c63a487bc050adf03f
google: 2d11e8d81bf776d668355ed15a596193d4bb10a42289ddb3223c1227b042d854
google: 57e96a1136510ac67ff8a3f3e06787f6e6c09da64c318e01b6653fac19b7894f
google: 73ee9ceaae23f96d9a1bc7ebfc382066ca727efb94e5e8ab1ddc0369896c95f7
google: 776780cab8371fea0d2103a8c284d3eff9271f4e16042c0734369f1c9e9d939d
google: 82fc44696d1c5ddfdd5338fcafb6a9dcf7a0796235cd58184d05a2f388ed7e9e
google: a1c73ce193ffa5323aaef73fbabbc2a984e10900f09cf9fcb0cb11606a23c402
google: a20e0a3e11c2ac22ac70c52593658993f153d98b8acc89fd82d7c3e0a605e16e
google: e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40
google: f97f2985ff599e073156e37cbd34024067680072ac18f9d2040c64eedbe38e4f
■Trojan.Shunnael (X-Agent)
google: a37eda810ca92486bfb0e1f1b27adb7c9df57aafab686c000ae1d6ec5d6f6180
google: fc224a6cca956a59812a13e53ba08a279996ea2ee194fe20fb10170ca5c2db6a
【VT検索】
■Trojan.Sofacy (Seduploader)
https://www.virustotal.com/gui/file/093f2aedcf59c831cda7a92df48b146326c2c81c0a3f1d4f3bdc7c6b9a7c71e4
https://www.virustotal.com/gui/file/1140c624fbfe28b9ef19fef2e9aa251adfbe8c157820d5f0356d88b4d80c2c88
https://www.virustotal.com/gui/file/11cd541511cc793e7416655cda1e100d0a70fb043dfe7f6664564b91733431d0
https://www.virustotal.com/gui/file/12e6642cf6413bdf5388bee663080fa299591b2ba023d069286f3be9647547c8
https://www.virustotal.com/gui/file/23411bb30042c9357ac4928dc6fca6955390361e660fec7ac238bbdcc8b83701
https://www.virustotal.com/gui/file/3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b
https://www.virustotal.com/gui/file/3b87bfb837339445987cdf2e97169cb0c63072dc1d5bffa8ffb4af108a410988
https://www.virustotal.com/gui/file/5fdc673941ceac84f8f19d550f04a5e1a82c13cbd04771016b68fbf586ff6dc3
https://www.virustotal.com/gui/file/8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57
https://www.virustotal.com/gui/file/a5742651c3dab8d6ed6f49c2f9fb3ee3bea5cd01c3ec8e73ff0a6f400e32faeb
https://www.virustotal.com/gui/file/c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead
https://www.virustotal.com/gui/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18
■Backdoor.SofacyX (X-Agent)
https://www.virustotal.com/gui/file/001d65185910ae8cd9e7e2472745e593be62b98eae3f5f2266a29c37e56daa1d
https://www.virustotal.com/gui/file/1228e9066819f115e8b2a6c1b75352566a6a5dc002d9d36a8c5b47758c9f6a45
https://www.virustotal.com/gui/file/2bf9c38d01681b33c1a84e5de1a291288b658939975714c63a487bc050adf03f
https://www.virustotal.com/gui/file/2d11e8d81bf776d668355ed15a596193d4bb10a42289ddb3223c1227b042d854
https://www.virustotal.com/gui/file/57e96a1136510ac67ff8a3f3e06787f6e6c09da64c318e01b6653fac19b7894f
https://www.virustotal.com/gui/file/73ee9ceaae23f96d9a1bc7ebfc382066ca727efb94e5e8ab1ddc0369896c95f7
https://www.virustotal.com/gui/file/776780cab8371fea0d2103a8c284d3eff9271f4e16042c0734369f1c9e9d939d
https://www.virustotal.com/gui/file/82fc44696d1c5ddfdd5338fcafb6a9dcf7a0796235cd58184d05a2f388ed7e9e
https://www.virustotal.com/gui/file/a1c73ce193ffa5323aaef73fbabbc2a984e10900f09cf9fcb0cb11606a23c402
https://www.virustotal.com/gui/file/a20e0a3e11c2ac22ac70c52593658993f153d98b8acc89fd82d7c3e0a605e16e
https://www.virustotal.com/gui/file/e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40
https://www.virustotal.com/gui/file/f97f2985ff599e073156e37cbd34024067680072ac18f9d2040c64eedbe38e4f
■Trojan.Shunnael (X-Agent)
https://www.virustotal.com/gui/file/a37eda810ca92486bfb0e1f1b27adb7c9df57aafab686c000ae1d6ec5d6f6180
https://www.virustotal.com/gui/file/fc224a6cca956a59812a13e53ba08a279996ea2ee194fe20fb10170ca5c2db6a
【ブログ】
◆APT28: New Espionage Operations Target Military and Government Organizations (Broadcom, 2018/10/04)
[APT28:軍事・政府機関を標的とした新たなスパイ活動]Recent campaigns see APT28 group return to covert intelligence gathering operations in Europe and South America.
[最近のキャンペーンでは、APT28グループが欧州や南米での秘密情報収集活動に復帰しています。]
【関連まとめ記事】
◆全体まとめ
◆攻撃組織 / Actor (まとめ)
◆標的型攻撃組織 / APT (まとめ)
◆APT28 (まとめ)
https://malware-log.hatenablog.com/entry/APT28
