【インディケータ情報】
■ハッシュ情報(Sha256) - Decoy documents -
876939aa0aa157aa2581b74ddfc4cf03893cede542ade22a2d9ac70e2fef1656
20da161f0174d2867d2a296d4e2a8ebd2f0c513165de6f2a6f455abcecf78f2a
(以上は Malwarebytes の情報: 引用元は https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/ )
■ハッシュ情報(Sha256) - Crimson RAT -
0ee399769a6e6e6d444a819ff0ca564ae584760baba93eff766926b1effe0010
b67d764c981a298fa2bb14ca7faffc68ec30ad34380ad8a92911b2350104e748
(以上は Malwarebytes の情報: 引用元は https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/ )
■URL - Decoy -
email.gov.in.maildrive[.]email/?att=1579160420
email.gov.in.maildrive[.]email/?att=1581914657
(以上は Malwarebytes の情報: 引用元は https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/ )
■URL - C2 -
107.175.64.209
64.188.25.205
【検索】
google: 876939aa0aa157aa2581b74ddfc4cf03893cede542ade22a2d9ac70e2fef1656
google: 20da161f0174d2867d2a296d4e2a8ebd2f0c513165de6f2a6f455abcecf78f2a
google: 0ee399769a6e6e6d444a819ff0ca564ae584760baba93eff766926b1effe0010
google: b67d764c981a298fa2bb14ca7faffc68ec30ad34380ad8a92911b2350104e748
【VT検索】
https://www.virustotal.com/gui/file/876939aa0aa157aa2581b74ddfc4cf03893cede542ade22a2d9ac70e2fef1656
https://www.virustotal.com/gui/file/0da161f0174d2867d2a296d4e2a8ebd2f0c513165de6f2a6f455abcecf78f2a
https://www.virustotal.com/gui/file/0ee399769a6e6e6d444a819ff0ca564ae584760baba93eff766926b1effe0010
https://www.virustotal.com/gui/file/b67d764c981a298fa2bb14ca7faffc68ec30ad34380ad8a92911b2350104e748
【ブログ】
◆APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT (MalwareBytes, 2020/3/16)
https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
⇒ https://malware-log.hatenablog.com/entry/2020/03/16/000000_3
【関連まとめ記事】
◆全体まとめ
◆マルウェア / Malware (まとめ)
◆標的型攻撃マルウェア (まとめ)
◆Crimson RAT (まとめ)
https://malware-log.hatenablog.com/entry/Crimson_RAT