IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

FlawedAmmyy (TA505)

【インディケータ情報】

■ハッシュ情報(Sha256) - FlawedAmmyy -

920dc539dc6d018864ab2d1ce1955c4efc1bb70cfb4f31837349bdd198b202b0
a1e8b9e0b10a9fa979ac90f08721b237d6d2c000313855442f1a88aca43e709a
ffa564c01110a8d3350624b12dc67703fc00644f87b3e5b599013837c33854d9
c24ab9d90ba0dd363de5cac13a27758a9951f5f60dd7ecbf3f458d9d80cee432
0d51f0fa172718b5e462fd8f2b077285f3cf28a6132933858293af4051f025b9
9de446b29f7ac43609a4026a89e240809cd98cf33963387a708a4fd3d72bce6b
3ded9c7772a9a7a63e78e4f78e2b652351be8185863f23cbff369e2faff1d9a1
8e5a7ca13f217a7acf9cdeb38f1c2e926dcebaaeb32e145bd079e44d7be9d92c
50f300bf2e87a2063eee32867b1d7f41f55f67cec0b2f26d2d6766dcf7c459a6
388769cfe8894c84cce9de27ea27f31fdeec5178db3c27cb6e969225e7bc4669
2ca22859ea8a28e55502b5c7da12f3df33552ab0b94373a75c7f4c9c62eb3cd9
c97e51b5e19206a8b0181aab52c427473d221422ec22a3a4c8dcd25fb5f441bb
834d3c93e4e19bf609ea0af2fca9355c46a05050df8647027ff788287e93d259
31f4a30317b6d6eea7829750a706366528ec13e57abfa1ecaef88ca4e570ff07
25dda542bcae4694bd1e9c0d7f768d2f92f326445151124b8ce5b58c46975b80
e2cb3ede6e6cfd774ba1ff8460530461cac2085c664d3288338eb565e1556016
aacc4be830debbbe0695cf2da6a97662050030734e3cdee1507735ffbe464b79
29d909f3fc2691c1e144d07666644ed34663ee35feff38de28855f5652646b55
70eb8455c7f785dd0e2b2d99f49855209af1336b63b2d469d4374a23d61db61b
a71868b9a251b7986841b2adf10e4e6e0d3a53e1ba08a8fe5ce0ff8d5c954748
35c4636bc2298f6d61cbf656930b984e30a5767bc45d140d7517ca3b6a5fb30f
bd89300f5e2ab6a7aaeb339870f526465a5d3ec2f8f8fa6c969a9a7635406a22
2527295523f67e0a87c7e6049f2b7954f494b33e18254618ae02528e1f9b1d4b
ae570d4a4127838a19daa4cc44ebb7528905be9e75c8a1cf3545ea231f4d7d6e
f3df565c41cc26604a19b2d27406fa5ec94e6f876ef5f40b64bf2e3d28696e76
5d121e2a5a4ce3bbb96152af8dd529a06a969e2b405f79af038e02f2ae862c31
e0c1c2ab82ff668a2310652b46a340738b2e7c2cdec90d197ec57b874b0de6dc
c76e57800aa901071a462a0fe0bb5dddb6433cba5cf2cc26337dc10625409d51
c7bd34c293757db133003b926be050bbeabc8cabfae4a2cac1e58ae528594aec
8235712093c3d4d8e6ace925ce65654bb6d68673cfcfb8f3808f40b67bbdf65d
c8fb3160afb8cc0f6bded6b4d27c5557e25df3aa6379d053ba82a5ee216ea29c
af8d87c144265ab2f056802b128af06eb8b548ed0761161f7a4a5b39fd0d2165
aed93518018d50c2d41d9d8a3c07207512205a17a0978a208deb28e4d88fc38a
322a5c41e47e2d311d7535f407df803d9a56b2ec90c5948b7a9236edd0ff276b
4066c65958d09f36a453f5a3fd794f46e886fcd878aac4c589ae9264eb070457
103d73ff58511b8f67b83507afba8262c145e006647264423bb2ed8fb77e13d7
7ad161d420780db1b14358cd60d50482e3bd9964ad8a9cb33942e698bdbf0d9e
6389e82e1674e56d006c2c58e36641db661c35eba3a7a418e5577c71497459dc
4777235644a753cd6f0cfdf20d003d2a46be75bf0a1c8bdc3b7e3aef7713b002
9ec25cfed79d1193f3d65e1669fe291856cd6d51f6da2cf2888af9aa983a9280
080f4870f8ca4f50d1be57d8c529b7a2a3df52790171c2464674bc134b58a9e6
70d46db11c64062ff93111137c530d180668685d1a19997365156876723ed7ee
443d45c29f035af7dbe086068eda6b22b85ad862a74bc7e0e02ba65f63e9d912
a46dae2f891fef5744b110751f0037a8db04a15d183d05a11c31c79de9c4e6dc
be3e8f4518163790fa9dccafd510ed752617b28dfe0a8833ec38b493d6630dc2
5c5c457c7debe90dc57beb33deadb973fea6e400990fd11899dd003b10e4d54e
4da4d6917d07d7eb9021ffb8de669720c9f51a86b9fbb5ce99ebe2afd1441cf5
fb51e4be53d9cee67b7001f4b7f0f84b23f42e809f44c5b679a2bc5f31e3f80d
15811bd40a1a8b80c16db43a03d129835b386aef791c487208b31117da952d98
8658d105354b4cabe349788894fb56ba6fa375632d450df8e21b82e85f0f0d3e
a0cce7cb98e88da35b219fc071cce889921e88d4042fa706eb8a84b96891a238
f0a934abc38094c052662ccb878693633c012f59b611b3b653ba76c717899e51
6837b198cfd6f30df59ce07c5f7267b59f0d1bef0163b4ab0136d9888dd35988
714a4f83585ed7da31211e697d0ff6056215420248b783165848b46de222edbb
c146486576db4515b181b8754a2788edf0d5b4a2733f7c18dd5ce3d34433c125
bbcaa05900f9180fa5eb9291fd01cefb5370804beedac605cba07996948b5ad3
ea367af7f8f23bc6a8c16eaf184bf7ab36c37de8e1d39fb44b66e64f9c0f2401

(以上は Trendmicro の情報。 引用元は https://documents.trendmicro.com/assets/TA505_tactics_HTML_RATs_techniques_latest_campaigns_appendix.pdf )




【ニュース】

◆Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns (Trendmicro, 2019/06/12 05:00)
https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/


【インディケータ情報】

◆Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns Appendix (Trendmicro, 2019/06/12 05:00)
https://documents.trendmicro.com/assets/TA505_tactics_HTML_RATs_techniques_latest_campaigns_appendix.pdf