ShadowHammer - IoC (TT Malware Log)

【インディケータ情報】

■ハッシュ情報(MD5)

5855362028a58d8760c9ea2dcdf37af5
0db57cc899ae7385c60b16a62b748a18
c0116d877d048b1ba87c0de6fd7c3fb2
7df9736f60a979eee5b90d6c53dc9374
56a046f11c84c691295267dcf1f00c4a
fa83ffde24f149f9f6d1d8bc05c0e023
17a36ac3e31f3a18936552aff2c80249
2a95475af7a07ee95ab11caad9e99b0c
0f49621b06f2cdaac8850c6e9581a594
f2f879989d967e03b9ea0938399464ab
06c19cd73471f0db027ab9eb85edc607
63f2fe96de336b6097806b22b5ab941a
9c74402572344aee9018587188fe441e
bd809a2abb1eda0e28becc1661b96581
8baa46d0e0faa2c6a3f20aeda2556b18
cdb0a09067877f30189811c7aea3f253
aa15eb28292321b586c27d8401703494
8756bafa7f0a9764311d52bc792009f9
2ec9d0df80df005becbd37142811e43b
55a7aa5f0e52ba4d78c145811c830107
915086d90596eb5903bcd5b02fd97e3e
5220c683de5b01a70487dac2440e0ecb
5855ce7c4a3167f0e006310eb1c76313

【検索】

google: 5855362028a58d8760c9ea2dcdf37af5
google: 0db57cc899ae7385c60b16a62b748a18
google: c0116d877d048b1ba87c0de6fd7c3fb2
google: 7df9736f60a979eee5b90d6c53dc9374
google: 56a046f11c84c691295267dcf1f00c4a
google: fa83ffde24f149f9f6d1d8bc05c0e023
google: 17a36ac3e31f3a18936552aff2c80249
google: 2a95475af7a07ee95ab11caad9e99b0c
google: 0f49621b06f2cdaac8850c6e9581a594
google: f2f879989d967e03b9ea0938399464ab
google: 06c19cd73471f0db027ab9eb85edc607
google: 63f2fe96de336b6097806b22b5ab941a
google: 9c74402572344aee9018587188fe441e
google: bd809a2abb1eda0e28becc1661b96581
google: 8baa46d0e0faa2c6a3f20aeda2556b18
google: cdb0a09067877f30189811c7aea3f253
google: aa15eb28292321b586c27d8401703494
google: 8756bafa7f0a9764311d52bc792009f9
google: 2ec9d0df80df005becbd37142811e43b
google: 55a7aa5f0e52ba4d78c145811c830107
google: 915086d90596eb5903bcd5b02fd97e3e
google: 5220c683de5b01a70487dac2440e0ecb
google: 5855ce7c4a3167f0e006310eb1c76313

■URL(Download Link)

hxxp://liveupdate01.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER365.zip
hxxps://liveupdate01s.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER362.zip
hxxps://liveupdate01s.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER360.zip
hxxps://liveupdate01s.asus[.]com/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER359.zip

■FQDN(C&C)

asushotfix[.]com
simplexoj[.]com
homeabcd[.]com

■IPアドレス(C&C)

35.154.92[.]115
141.105.71[.]116

【ブログ】

◆ASUS Supply-Chain Attack: A Technical Look Inside (TeamT5, 2019/03/28)
https://teamt5.org/resource/newsroom/2019/03/28/another-supply-chain-attack-asus-software-updates-was-hacked.html