IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

Tick (2019/11/29)

攻撃組織: Tick / Bronze Butler / NCPH / RedBaldKnight / The Bald Knight Rises Malware: Broler Operation: ENDTRADE 未対応

【インディケータ情報】

■ハッシュ情報(Sha256) - Broler -

011352189918eaf1dd43dfce76dc376d93be5f164bd7248fb58781b89a4f163a
d9edf027469f54168a64bcff2808332de5301a728917206f549c5c5c25042489
c315e18e01abdb50117c3e1e140a1bddf8fcf11ec47830ea926c00d6ff1632a2
c005428fb73c5f2958d70b58f4110c02220a38138c99be273bd009f3bd4a7188
246149fc8dea7fa34c7faaf73f96d5eac0c2adc1c7c8cb6c9da3bb811272cf8c
d17686a3339a48770b400a919015e8987a87b2baf9098923be6a25b0f4dd9c16
89042a16706e373bc7f0f42b5dda4a7bcdf27b4954b0792827ebf3635c7fd84e
54d9ff27f21316f932332dec23d17ec670f4236a1b32fc2d679725fa041ecfaa
2c6581716955c315e3258be7861ec5a03c1472a1969fe9d065b02e344c9b4b48
1fdd9bd494776e72837b76da13021ad4c1b3a47c8a49ca06b41dab0982a47c7e
2186eaf4533d9d0339e7e3709e08e27a06c0e1eb0af5f2f19be8a1d684612afb
28a78075942bed58d79b7418c069b72d295fc2f2a5d3bdb6c4f8926fe30f4dbb
60fc4f0bf2fba3052e74ae714df061ea77383325c646b1c1c8e59b45ee2fe3eb
98b2732902387948c4b2ee4346b2a3f9d0fe588b886c89fe75c720f38a9e434d
156b9226624a7cf0f06927a8b625d1c1d6e619b9d6dd9654e7c69f695fa68b4a
7b13cdeeb19f7afd481efa2ce184c67381442dd73381b3476c7d542a3d730600
6745a175746742b6fef01e7277b76211b03b131d7f394319e72b284ad2b8e5ad
7e81b504da286208e96a1ed56e215fcd7693c74d65cd60bccac0d393a956bd02
b8eb5d1e9aca4710dbdc47ee25e989355ff9a1960a656a2e6d41a3647d99d14a
f1fbe8ab38a66dd6f1b0ac3c93462aa815679cf4ad7eebcff3e029eb5f8faf36
fb49332c9a744fe443ebe5e89a27fa85ed3074549aef1971863f3ee9aa1a380e
12fd9d77884cde298f6461eb6e69b62ca0dc29d8bc0211ec600b6c6c66ecf2f4
294cd677662c357ac365f680637cf4dfbf6d86dca77777ca231b404092bc299b
0fba10247ea152662c3f98b3926083512708c167695435381cbefd378a074593
cd3bde7a6d64feb806bbf256ba7b2c4f76ed3215e24ea6baf94f14d742a7aeeb
157d1e89515709cca7ed86b536e2b193d04d6cdd06f836a5286b0c9902fd2e5e
8510a7258d935b33fd5237147377d8251267eb3d00b034d55bc20910d0d7b2e5
3fd347bb27e514725a76052c844703df8d557047a7c3e6afd050bf1a8bb594bd
4862829b8c7cc33bc23b478631767dacec6b2f10a9d2ac2e9fe5f07cb2135005
3928df160afb9fed5bb1df239477d2e70599d935b6f21b2954c80e05642a2bfa
dbfbfeac96924098b17a4cf3c8524174dfea1ec5eabb812398fbaf62f73169d8
8a56278bc8ffb65d66047f22802abbb84b2aeb0af128c36b30d2e14f65a60a34
70809fd84c4f1a74232f5227c16f3d4e444bb90c5ee3d2387bbb2f1b373e6a5f
c9780b397a69cf7f7ca5bce5715cc6ab68c075a2b9b245c1ba5b142d7375d88c
2c36335da0e0dbf65a63ff59ddaefd9b76ff8493d9204a7c285148be76b8ee4f
4f50287fae5268772152c2784114831bfebf606f5e32365134c89a1e4b72b57b
cdfaa20ba26ce5e4a08933872af9c64f9012af4ae953c4e096068dce3fc2dde5
95d168d0db227f1e5587be56d74eda7bb967ca849084d6be3b7d5789dd4f6079
a5f3412e17b864d6adca3abdfd89d15478e3b40ca92a8b4807272c3861acf09b
ae70d21b8ddb66a2bb083144ed9dc37bed03407f3b909c1365af3327efcdbc2a
d878f8eb803be135e513fb41ce6d372689f71a2fd016e4c6d3d4fe0c38b51f03
c921e1d5b3dd45ba432006768f6c942c7f5d41c9ce673ab87b5577ef3c80fb17
cb5f6077f47d980703d1527ef4ed453c687cd5334d909e638f9ce64fb8424bed
294cd607d3c1a590719958d9cb1e855ad96f86326c4c43aef543990a4c1af68f
3a53cc67b6c9952f39f09559c5fb3ab332797eacdd95b409d14561ae258b40ee
e96bceee228b4d76f317a0779c2c5aff0db61f652433e3c79546ac1b0d200599
989f22008b496d628277af77801b2739c8cde707de8f764876ce99762810fe80
a328d9f1392ea20058c454504f90e4bd8a20faf690ff33a13625ad3cfecdd0f5
5383c8a4da404c71d4d3000c9b346c873deed236702606a0094e55bd869d9bcc
b860955cf2671c1677cf54e136026099d20ef5bf7082a11710a12530072f8129
3549cb783f87edf64aa9fb4f011d37eda3a495becc12faae36dca0bb48d718e4
7a1738c87d29780eacb389c62cbda8c58fde593cf047715504d286b76596651f
9f56cedb714650058cdad4efce2ccbb0a30ee12c6cf0db15969ef94111e44921
80ffaea12a5ffb502d6ce110e251024e7ac517025bf95daa49e6ea6ddd0c7d5b
39aef9646057899c23c1db1d253cd0abd12161d5e9db5db77e92bb5595352cd3
ace1426094e15b1bb0581fcac7a589e4156a99aed308dd84016d0e0318e3c9f2
94e7a8c62cc4ace9abcb4216771ff4f6ee78f4fdd9fb280975467930121a301a
73ab778cd1315b924435f9dbc57306fb13175429e6505673531f5cbda60d1889
584f2385530bf738dcc78b44156b0edb0518ce6ff8efd4adafefd02de83fa57c
046c5da162a289c0ff797321fde3be540ca19b6ba50987027e9c36287e11a412
78403e797914216ca58ba484fa151bace77de9181ec09e0b9dd4894fa36cc50c
a3753afeae55fbb43a0111406fe367d2e3cbfb9edcb1fec08c51408de86fb4d8
ba48a988cded8cf8e2f2a0e1a03b389ecc08b9867fda5b17359d893eeacac311
4e64b497ffb441ab2d45794d463b1ef15d6e2175f55b3cae004593b6a4a54808
6d78443c7d2f5ee95e339ca585e3319dd5cad0e6ec1e55e9ab19494496be94d0
be033e6b66928bfe280f6db0b91690b68f1eae7a3b3993807207ba86d5748a3d
fd71e444f344fd9712413585ddc654216bd20209d5b93a16615b4deeaaabd48a
a2e984904dd2770292bda0d23b7f258febe469abbfeeef44d29060307417a959
d02af75eac0f033fa6d228878ab75bddb8dad2cc4d8f5a20758970cec865329d
0f109fcbeb029f54342b05af700dc8efcb89bc57763e4f13e554f31f8961f2e1
80b77f61fb30e955838fa1073fb2886f94716c2dab29e7c1827b69e16a13588c
c0831ceb0ed7b2eb86a2bf2ee961db88b097e7f318b5dc371f37758d4e0c7eae


■ハッシュ情報(Sha256) - Budown -

ae6fea2b33a72bc53b1f271c9257afba579147b513a937b0368a7a4f55a40f4f
faba8716d7ecd2c03116bed0993ca2182a62baeabc4cdd28b93ca3af71da45a5
9597a268e5f03fc1385b4ef94c404eb1973515345a0f4ba58ecb4e49bd182d13


■ハッシュ情報(Sha256) - Downnw -

ef86b52073963d449ef79225e28f7e39178de2d2aee85ca100f5866e0ab7297c
511852629f286b16e7e226cb8356739043a0a3b88183437113395c2531cc0a93
2411d1810ac1a146a366b109e4c55afe9ef2a297afd04d38bc71589ce8d9aee3
0de553b20acca2bca002f60ee3fcba7a9ed05bd0be214e88656caa19efd65573
355d79a373c2b49128a43f4e0b0c67ea4e99041058484696521fc2ad69021841
2a0468d05b0d0e3d814d266b5a182be2f4505b52ee57d8b91c8e43c68e510a4f
8eb41c1f2673a10c9d149b98c4f49964f8d0d52c59d7431394b65036202c46b3
91ffe2348541c84f9764eea1f1f523f64764ae89b76ece8391c4f3bae14a2a2c
805c75b52adda18daa5dda738a828091d9c626e37597703729895cccbd758054
6aefa78cd9a4618d697fa4ccc055de46f320d25427e0b7f39e1f6f2117e01acb
8eb41c1f2673a10c9d149b98c4f49964f8d0d52c59d7431394b65036202c46b3
fa671c75401f08862ba682a53b382aa447246d0416b80f545748695b198a5bee
a44494b18bb78bfef1ebd094032838f71769df99c84774f2b90713fe0b7d4edf


■ハッシュ情報(Sha256) - PlugX -

86066a7f72ce27fb9c351ac83b3cb01c04a2804f6e41d9ed632d9472f8ed9132


■ハッシュ情報(Sha256) - AVGR -

51a41a16d18c801aea558e051d6c7db8d7f820754d455b1061a9213e05cb1c14
45357e6f746f3946165602b07b59e81bacc0e406e47212f851512f1cd812f00f
9b2b907d95a6069d248ca75a8e6cd02645014d13c016a47d4d42d92923e01ad7
88b805868dea34e7de2791a33a6536048ab3832cc7d99338cd82fc3f81ee3b3f
a9ab23871cf42d30cfdada3ffa7b68e04ae6614200d17ec8219349969c17feec
d508a1311e07dccbbf02122d29953b6bcda51823512ce83347284d3702cb1308


■ハッシュ情報(Sha256) - AVNGR -

749b9d44a5e54f286228be3e5e06d1a130e73c04db66ff81a3034e15108c6683
9eee2dd9c0e61f22b2116621dc74cbf2bc412fb149f98900d54d4c5141e6b80e
901210a6fb308926bb5b4374aaa0f662dbd235d829068a854606126f276dc2fa
6008a21a468be426b2915153d0fb10bd4c9543b5fc985a56a786494fbbe7610d
8d2a70e520e60733285a9574839361f2da668de38a84ab7d43f71e980274b101


■ハッシュ情報(Sha256) - RunCasper -

711f4eee0e9bf954d5b9e5916f59c815a062d6d31ba2e1935b8ddf4f9f40902e


■ハッシュ情報(Sha256) - Casper -

1818fdbef2f202d64135f61ce34986307d0ab314f2b2be531c63f254051e67f6
0c71fa8bc17b45502e3a0ad8d227576e5f206796b52df7ae5b0a09dc3df101d8
b238326c565ebdc89f81dfbf56520c9f62c07bc8a01fb06a66bd2a877859e7ba
184c82fec8602f31f8c90727215b324de154154e6cac6d306c57a8fbd987e2db
cbf31542df2568474ccabf36843253713623873294f3521661f88ccf8c859eca
6ea1fd3511b0f78e56568921b2cb24aa363db1daa8c284778e24502376fdd693
18d01a2742b1ffaea457b9a177d593a9acdacfc73bbcf9d87cae90a254f559ed
a26979768fe16ba99bff4dbf66d5b157dbe9025764a98349a75c9fb15c60c9c6
68cd2b7ce57ec19684abc578a8be97efdaa4630d9d59f76bbd8543e48150009f
2c86b21b2bcab21a09e0963a9f2e67ddefd7ff78838ef5a7d4be32715946adad
97e79b215302cb9ecbe678c94ffd0d341440c30a5bd837f611ed4ac1f3be1e9e
8985091a2267b983f90402ebcfa385968f6df463bc8792441697b498b38d5589
60a55d7eba045a6a4580dfbc9994c46a57ba5231267310e3cd271339588d931b
3266f295e736ef46a627c1f708ecc0b19f099023f4c75a0ca912f09760c52623


■ハッシュ情報(Sha256) - Datper -

5a8086fa5d063a3b87785bdeb8efcc808364e41fcf866105cbfcdffd86c3e9f2
19cd7a19fe2224d871ae1597fbeaec4c64f6c0ef7431ac77cc5b0854b4260d0a
ffe5f62a3a9cf2c81ea1181c95d13614cedef8636475ba22132f6577b71e3bdd


■ハッシュ情報(Sha256) - Ausupv -

fb0d86dd4ed621b67dced1665b5db576247a10d43b40752c1236be783ac11049

■ハッシュ情報(Sha256) - Otorun -

5a3bd6c076fe945dfb967db43d1d5d898270b18ce07959bd498b6501309900c8


■ハッシュ情報(Sha256) - GetVersion -

2c30a332030c1cb7e197ea61c551de5231917295023354eef7606525e6211430
cd14fe4a674614b58ab37b1027b3cb501ad3e8b2790c3554870e14e9b86de662


■ハッシュ情報(Sha256) - Mimikatz -

af6243ecb80c56a95d90f6187b602a92dafbfa8016be49f751acabc66d76e094
3e0d479bcad9cd05fcf7fb89e0b49b35e56e37de454c1957d3e5b1697b37fa54
92a8d36d25423e84cca4eea1ca1584e76f26e922f82483d217fba6efb006d223


■ハッシュ情報(Sha256) - PortScan -

3692564477a5eee465f46cdb2462b75b2b271cd2e0e0518eade3cf76a4714765


■ハッシュ情報(Sha256) - TestMac -

0d790da7751bdedf14f8a342f25d1fcc9d4c1c4010002f5c45569d1d2b1a2d0f
6f9f4c1dc603586f856512bb53acfc73445645e533f358b9ade3a1213f650e88
c241ae89a47e8102d3092bd869d862449179227bb323aa367cc9bf90cc367605


■ハッシュ情報(Sha256) - ScreenCap -

cf035b3ddf1072ab414d82b6540ec8d06703d281a2f606d1e42c771d9391dfac


【資料】

◆Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data (Trendmicro, 2019/11/29)
https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-Tick-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf
https://malware-log.hatenablog.com/entry/2019/11/29/000000_7