IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

トップ > 脆弱性: ProxyLogon > ProxyLogon を狙ったマルウェア (2021/03/10)

ProxyLogon を狙ったマルウェア (2021/03/10)

脆弱性: ProxyLogon IoC: Sha1

【インディケータ情報】

■ハッシュ情報(Sha1) - ProxyLogon を狙ったマルウェア-

02886F9DAA13F7D9855855048C54F1D6B1231B0A
123CF9013FA73C4E1F8F68905630C8B5B481FCE7
195FC90AEE3917C94730888986E34A195C12EA78
1DE8CBBF399CBC668B6DD6927CFEE06A7281CDA4
20546C5A38191D1080B4EE8ADF1E54876BEDFB9E
2075D8E39B7D389F92FD97D97C41939F64822361
281FA52B967B08DBC1B51BAFBFBF7A258FF12E54
30DD3076EC9ABB13C15053234C436406B88FB2B9
33C7C049967F21DA0F1431A2D134F4F1DE9EC27E
3D5D32A62F770608B6567EC5D18424C24C3F5798
3ED18FBE06D6EF2C8332DB70A3221A00F7251D55
46F44B1760FF1DBAB6AAD44DEB1D68BEE0E714EA
4F0EA31A363CFE0D2BBB4A0B4C5D558A87D8683E
59C507BCBEFCA2E894471EFBCD40B5AAD5BC4AC8
84F4AEAB426CE01334FD2DA3A11D981F6D9DCABB
9AFA2AFB838CAF2748D09D013D8004809D48D3E4
A0B86104E2D00B3E52BDA5808CCEED9842CE2CEA
AA9BA493CB9E9FA6F9599C513EDBCBEE84ECECD6
AF421B1F5A08499E130D24F448F6D79F7C76AF2B
B873C80562A0D4C3D0F8507B7B8EC82C4DF9FB07
B8D7B850DC185160A24A3EE43606A9EF41D60E80
EB8D39CE08B32A07B7D847F6C29F4471CD8264F2

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/ )


【検索】

google: 02886F9DAA13F7D9855855048C54F1D6B1231B0A
google: 123CF9013FA73C4E1F8F68905630C8B5B481FCE7
google: 195FC90AEE3917C94730888986E34A195C12EA78
google: 1DE8CBBF399CBC668B6DD6927CFEE06A7281CDA4
google: 20546C5A38191D1080B4EE8ADF1E54876BEDFB9E
google: 2075D8E39B7D389F92FD97D97C41939F64822361
google: 281FA52B967B08DBC1B51BAFBFBF7A258FF12E54
google: 30DD3076EC9ABB13C15053234C436406B88FB2B9
google: 33C7C049967F21DA0F1431A2D134F4F1DE9EC27E
google: 3D5D32A62F770608B6567EC5D18424C24C3F5798
google: 3ED18FBE06D6EF2C8332DB70A3221A00F7251D55
google: 46F44B1760FF1DBAB6AAD44DEB1D68BEE0E714EA
google: 4F0EA31A363CFE0D2BBB4A0B4C5D558A87D8683E
google: 59C507BCBEFCA2E894471EFBCD40B5AAD5BC4AC8
google: 84F4AEAB426CE01334FD2DA3A11D981F6D9DCABB
google: 9AFA2AFB838CAF2748D09D013D8004809D48D3E4
google: A0B86104E2D00B3E52BDA5808CCEED9842CE2CEA
google: AA9BA493CB9E9FA6F9599C513EDBCBEE84ECECD6
google: AF421B1F5A08499E130D24F448F6D79F7C76AF2B
google: B873C80562A0D4C3D0F8507B7B8EC82C4DF9FB07
google: B8D7B850DC185160A24A3EE43606A9EF41D60E80
google: EB8D39CE08B32A07B7D847F6C29F4471CD8264F2


【VT検索】

https://www.virustotal.com/gui/file/02886F9DAA13F7D9855855048C54F1D6B1231B0A
https://www.virustotal.com/gui/file/123CF9013FA73C4E1F8F68905630C8B5B481FCE7
https://www.virustotal.com/gui/file/195FC90AEE3917C94730888986E34A195C12EA78
https://www.virustotal.com/gui/file/1DE8CBBF399CBC668B6DD6927CFEE06A7281CDA4
https://www.virustotal.com/gui/file/20546C5A38191D1080B4EE8ADF1E54876BEDFB9E
https://www.virustotal.com/gui/file/2075D8E39B7D389F92FD97D97C41939F64822361
https://www.virustotal.com/gui/file/281FA52B967B08DBC1B51BAFBFBF7A258FF12E54
https://www.virustotal.com/gui/file/30DD3076EC9ABB13C15053234C436406B88FB2B9
https://www.virustotal.com/gui/file/33C7C049967F21DA0F1431A2D134F4F1DE9EC27E
https://www.virustotal.com/gui/file/3D5D32A62F770608B6567EC5D18424C24C3F5798
https://www.virustotal.com/gui/file/3ED18FBE06D6EF2C8332DB70A3221A00F7251D55
https://www.virustotal.com/gui/file/46F44B1760FF1DBAB6AAD44DEB1D68BEE0E714EA
https://www.virustotal.com/gui/file/4F0EA31A363CFE0D2BBB4A0B4C5D558A87D8683E
https://www.virustotal.com/gui/file/59C507BCBEFCA2E894471EFBCD40B5AAD5BC4AC8
https://www.virustotal.com/gui/file/84F4AEAB426CE01334FD2DA3A11D981F6D9DCABB
https://www.virustotal.com/gui/file/9AFA2AFB838CAF2748D09D013D8004809D48D3E4
https://www.virustotal.com/gui/file/A0B86104E2D00B3E52BDA5808CCEED9842CE2CEA
https://www.virustotal.com/gui/file/AA9BA493CB9E9FA6F9599C513EDBCBEE84ECECD6
https://www.virustotal.com/gui/file/AF421B1F5A08499E130D24F448F6D79F7C76AF2B
https://www.virustotal.com/gui/file/B873C80562A0D4C3D0F8507B7B8EC82C4DF9FB07
https://www.virustotal.com/gui/file/B8D7B850DC185160A24A3EE43606A9EF41D60E80
https://www.virustotal.com/gui/file/EB8D39CE08B32A07B7D847F6C29F4471CD8264F2




【ブログ】

◆Exchange servers under siege from at least 10 APT groups (WeLiveSecurity, 2021/03/10 14:00)
[少なくとも10のAPTグループから四面楚歌のExchangeサーバー]

ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world
[ESETリサーチによると、LuckyMouse、Tick、Winnti Group、Calypsoなどが、最近のMicrosoft Exchangeの脆弱性を利用して世界中のメールサーバーを危険にさらしている可能性が高いことがわかりました]

https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/