IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

NetWire (2020/04/05)

【インディケータ情報】

■ハッシュ情報(Sha256) - NetWire, 1st Stage -

cc554633c0b734778211a6289e1d6d383d734a3e1a8edeb13d6d0fafc8a2f162
4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967
aadc6031fed895de570214afb8b6cdc66f17d01f1df0407f4d57f1d04313ae2b

(以上は Paloalto の情報: 引用元は https://unit42.paloaltonetworks.jp/guloader-installing-netwire-rat/ )


■ハッシュ情報(Sha256) - NetWire, 2nd Stage -

c87e798118a539a136baa0bb9d2539a6e074b0ee640cf0a4ed1ef17936f69ebf
e895c525a99922beedf02ca7742c49f320448522185bec8f7d2a49d6cee9f24
661d9c0c23e9c17412eee8d72cc1bb66c1b4e5f73908c8cce48f89420f38b205

(以上は Paloalto の情報: 引用元は https://unit42.paloaltonetworks.jp/guloader-installing-netwire-rat/ )


■URL

116.202.210.82:80
213.219.212.206:80
185.163.47.213:2121
104.27.138.31:80
213.219.212.206:80
185.196.8.122:80
185.163.47.168:2020


【検索】

google: cc554633c0b734778211a6289e1d6d383d734a3e1a8edeb13d6d0fafc8a2f162
google: 4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967
google: aadc6031fed895de570214afb8b6cdc66f17d01f1df0407f4d57f1d04313ae2b

google: c87e798118a539a136baa0bb9d2539a6e074b0ee640cf0a4ed1ef17936f69ebf
google: e895c525a99922beedf02ca7742c49f320448522185bec8f7d2a49d6cee9f24
google: 661d9c0c23e9c17412eee8d72cc1bb66c1b4e5f73908c8cce48f89420f38b205


【VT検索】

https://www.virustotal.com/gui/file/cc554633c0b734778211a6289e1d6d383d734a3e1a8edeb13d6d0fafc8a2f162
https://www.virustotal.com/gui/file/4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967
https://www.virustotal.com/gui/file/aadc6031fed895de570214afb8b6cdc66f17d01f1df0407f4d57f1d04313ae2b

https://www.virustotal.com/gui/file/c87e798118a539a136baa0bb9d2539a6e074b0ee640cf0a4ed1ef17936f69ebf
https://www.virustotal.com/gui/file/e895c525a99922beedf02ca7742c49f320448522185bec8f7d2a49d6cee9f24
https://www.virustotal.com/gui/file/661d9c0c23e9c17412eee8d72cc1bb66c1b4e5f73908c8cce48f89420f38b205

https://www.virustotal.com/gui/ip-address/116.202.210.82
https://www.virustotal.com/gui/ip-address/213.219.212.206
https://www.virustotal.com/gui/ip-address/185.163.47.213
https://www.virustotal.com/gui/ip-address/104.27.138.31
https://www.virustotal.com/gui/ip-address/213.219.212.206
https://www.virustotal.com/gui/ip-address/185.196.8.122
https://www.virustotal.com/gui/ip-address/185.163.47.168


【ブログ】

◆GuLoader:NetWire RATをインストールするマルスパム攻撃キャンペーン (Paloalto, 2020/04/05 18:53)
https://unit42.paloaltonetworks.jp/guloader-installing-netwire-rat/