IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

Hadglider (2020/07/16)

【インディケータ情報】

■ハッシュ情報(Sha256) - Hadglider -

6b8d828511b479e3278264eff68059f03b3b8011f9a6daaeff2af06b13ba6090
6c73e45b06544fc43ce0e9164be52810884f317a710978c31462eb5b8ebc30cc
459190ba0173640594d9b1fa41d5ba610ecea59fd275d3ff378d4cedb044e26d
8926672fe6ab2f9229a72e344fcb64a880a40db20f9a71ba0d92def9c14497b6
7d791ac65b01008d2be9622095e6020d7a7930b6ce1713de5d713fc3cccfa862
b60be03a7305946a5b1e2d22aa4f8e3fc93a55e1d7637bebb58bf2de19a6cf4a
bebaac2a2b1d72aa189c98d00f4988b24c72f72ae9348c49f62d16b433b05332
3c907087ec77fc1678011f753ddf4531a484009f3c64563d96eff0edea0dcd29

(以上は Trendmicro の情報: 引用元は https://blog.trendmicro.co.jp/wp-content/uploads/2020/07/IoC-2.pdf )


■URL - Hadglider -

hxxp://45.9.148.123/COVID19/nk/NarrenKappe.sh
hxxp://45.9.148.123/COVID19/sh/clean.sh
hxxp://45.9.148.123/COVID19/sh/lan.ssh.kinsing.sh
hxxp://45.9.148.123/COVID19/sh/setup.basics.sh
hxxp://45.9.148.123/COVID19/sh/setup.mytoys.sh
hxxp://45.9.148.123/COVID19/sh/setup.xmrig.curl.sh
hxxp://teamtnt.red/dns
hxxp://teamtnt.red/sysinfo
hxxp://teamtnt.red/up/setup_upload.php

(以上は Trendmicro の情報: 引用元は https://blog.trendmicro.co.jp/wp-content/uploads/2020/07/IoC-2.pdf )


■FQDN - Hadglider -

irc[.]kaiserfranz[.]cc

(以上は Trendmicro の情報: 引用元は https://blog.trendmicro.co.jp/wp-content/uploads/2020/07/IoC-2.pdf )


【検索】

google: Hadglider
google:news: Hadglider

google: 6b8d828511b479e3278264eff68059f03b3b8011f9a6daaeff2af06b13ba6090
google: 6c73e45b06544fc43ce0e9164be52810884f317a710978c31462eb5b8ebc30cc
google: 459190ba0173640594d9b1fa41d5ba610ecea59fd275d3ff378d4cedb044e26d
google: 8926672fe6ab2f9229a72e344fcb64a880a40db20f9a71ba0d92def9c14497b6
google: 7d791ac65b01008d2be9622095e6020d7a7930b6ce1713de5d713fc3cccfa862
google: b60be03a7305946a5b1e2d22aa4f8e3fc93a55e1d7637bebb58bf2de19a6cf4a
google: bebaac2a2b1d72aa189c98d00f4988b24c72f72ae9348c49f62d16b433b05332
google: 3c907087ec77fc1678011f753ddf4531a484009f3c64563d96eff0edea0dcd29


【VT検索】

https://www.virustotal.com/gui/file/6b8d828511b479e3278264eff68059f03b3b8011f9a6daaeff2af06b13ba6090
https://www.virustotal.com/gui/file/6c73e45b06544fc43ce0e9164be52810884f317a710978c31462eb5b8ebc30cc
https://www.virustotal.com/gui/file/459190ba0173640594d9b1fa41d5ba610ecea59fd275d3ff378d4cedb044e26d
https://www.virustotal.com/gui/file/8926672fe6ab2f9229a72e344fcb64a880a40db20f9a71ba0d92def9c14497b6
https://www.virustotal.com/gui/file/7d791ac65b01008d2be9622095e6020d7a7930b6ce1713de5d713fc3cccfa862
https://www.virustotal.com/gui/file/b60be03a7305946a5b1e2d22aa4f8e3fc93a55e1d7637bebb58bf2de19a6cf4a
https://www.virustotal.com/gui/file/bebaac2a2b1d72aa189c98d00f4988b24c72f72ae9348c49f62d16b433b05332
https://www.virustotal.com/gui/file/3c907087ec77fc1678011f753ddf4531a484009f3c64563d96eff0edea0dcd29

https://www.virustotal.com/gui/url/4e17463ece15069633e35760c52ca6021892f26baceee3d98af060c30280f021
https://www.virustotal.com/gui/url/90e235b60f0a3d19d6b3f34e9395006df44098305cb9116705c45bef2693f8fc
https://www.virustotal.com/gui/url/a78247b3e05a2fa1274be1cad42b3d41ab821a8288c9d3022edf4075bfe46a4d
https://www.virustotal.com/gui/url/fb7f0ad9420dcdc4d4d4e2a74153fa7073227723a0f1ae874f04f9003cf2002a
https://www.virustotal.com/gui/url/252230c979729458b2fba5785072619274276d23ed75b6ecca1efdbf53235b0c
https://www.virustotal.com/gui/url/67fc88bf1edaf098922664ab86a32b52374775585aa0aaf329dc37d9f188885a
https://www.virustotal.com/gui/url/d56491d39d11f0795756572e5d95da76cc5819d52f43c14bd4cb784dc607cd1e
https://www.virustotal.com/gui/url/2861a5f1bac3a8939def3e3f6203ff3f900f92da7d9ace0d8a8e7ec4f0f61bf3
https://www.virustotal.com/gui/url/0d33d3387517600734e2c0ae801575c90bcde3d77c57637abd1f40924f2b704c


【ブログ】

◆Docker デーモンのオープンポートを狙うマルウェア、目的はボット感染とマイニング (Trendmicro, 2020/07/16)
https://blog.trendmicro.co.jp/archives/25580
https://malware-log.hatenablog.com/entry/2020/07/16/000000_14