IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

Bistromath

Malware: Bistromath IoC: Sha256 IoC: MD5 IoC: IPアドレス

【インディケータ情報】

■ハッシュ情報(Sha256) - Bistromath -

04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30
1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6
738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32
133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f
43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c

(以上は CASA の情報: 引用元は https://www.us-cert.gov/ncas/analysis-reports/ar20-045a )

96071956D4890AEBEA14ECD8015617
688890DDBF532A4DE7C83A58E6AA59
0AE8A7B6B4D70C0884095629FC02C1
C51416635E529183CA5337FADE8275
26520499A3FC627D335E34586E99DE
a21171923ec09b9569f2baad496c9e
83833f8dbdd6ecf3a1212f5d1fc3d9

(以上は CASA の情報: 引用元は https://www.us-cert.gov/ncas/analysis-reports/ar20-045a )


■IPアドレス - Bistromath -

159.100.250.231

【検索】

google: 04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30
google: 1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
google: 618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6
google: 738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
google: b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32
google: 133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f
google: 43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c

google: 96071956D4890AEBEA14ECD8015617
google: 688890DDBF532A4DE7C83A58E6AA59
google: 0AE8A7B6B4D70C0884095629FC02C1
google: C51416635E529183CA5337FADE8275
google: 26520499A3FC627D335E34586E99DE
google: a21171923ec09b9569f2baad496c9e
google: 83833f8dbdd6ecf3a1212f5d1fc3d9

google: 159.100.250.231


【VT検索】

https://www.virustotal.com/gui/file/04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30
https://www.virustotal.com/gui/file/1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
https://www.virustotal.com/gui/file/618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6
https://www.virustotal.com/gui/file/738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
https://www.virustotal.com/gui/file/b6811b42023524e691b517d19d0321f890f91f35ebbdf1c12cbb92cda5b6de32
https://www.virustotal.com/gui/file/133820ebac6e005737d5bb97a5db549490a9f210f4e95098bc9b0a7748f52d1f
https://www.virustotal.com/gui/file/43193c4efa8689ff6de3fb18e30607bb941b43abb21e8cee0cfd664c6f4ad97c

https://www.virustotal.com/gui/file/96071956D4890AEBEA14ECD8015617
https://www.virustotal.com/gui/file/688890DDBF532A4DE7C83A58E6AA59
https://www.virustotal.com/gui/file/0AE8A7B6B4D70C0884095629FC02C1
https://www.virustotal.com/gui/file/C51416635E529183CA5337FADE8275
https://www.virustotal.com/gui/file/26520499A3FC627D335E34586E99DE
https://www.virustotal.com/gui/file/a21171923ec09b9569f2baad496c9e
https://www.virustotal.com/gui/file/83833f8dbdd6ecf3a1212f5d1fc3d9

https://www.virustotal.com/gui/ip-address/159.100.250.231




【公開情報】

◆Malware Analysis Report (AR20-045A) MAR-10265965-1.v1 – North Korean Trojan: BISTROMATH (CISA, 2020/02/14)
https://www.us-cert.gov/ncas/analysis-reports/ar20-045a
https://malware-log.hatenablog.com/entry/2020/02/14/000000_3