IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア解析専析家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

Industroyer2 (2022/04/12)

【インディケータ情報】

■ハッシュ情報(Sha1) - など -

FD9C17C35A68FC505235E20C6E50C622AED8DEA0
6FA04992C0624C7AA3CA80DA6A30E6DE91226A16
9CE1491CE69809F92AE1FE8D4C0783BD1D11FBE7
0090CB4DE31D2D3BCA55FD4A36859921B5FC5DAE
D27D0B9BB57B2BAB881E0EFB97C740B7E81405DF
3CDBC19BC4F12D8D00B81380F7A2504D08074C15
8FC7646FA14667D07E3110FE754F61A78CFDE6BC

FD9C17C35A68FC505235E20C6E50C622AED8DEA0 Industroyer2
6FA04992C0624C7AA3CA80DA6A30E6DE91226A16 ArguePatch
9CE1491CE69809F92AE1FE8D4C0783BD1D11FBE7 TailJump(Encrypted CaddyWiper)
0090CB4DE31D2D3BCA55FD4A36859921B5FC5DAE Script which enumerates GPO
D27D0B9BB57B2BAB881E0EFB97C740B7E81405DF OrcShred (Linux worm)
3CDBC19BC4F12D8D00B81380F7A2504D08074C15 AwfulShred (Linux wiper)
8FC7646FA14667D07E3110FE754F61A78CFDE6BC SoloShred (Solaris wiper)

(以上は ESET の情報: 引用元は https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/ )


【検索】

google: FD9C17C35A68FC505235E20C6E50C622AED8DEA0
google: 6FA04992C0624C7AA3CA80DA6A30E6DE91226A16
google: 9CE1491CE69809F92AE1FE8D4C0783BD1D11FBE7
google: 0090CB4DE31D2D3BCA55FD4A36859921B5FC5DAE
google: D27D0B9BB57B2BAB881E0EFB97C740B7E81405DF
google: 3CDBC19BC4F12D8D00B81380F7A2504D08074C15
google: 8FC7646FA14667D07E3110FE754F61A78CFDE6BC


google: site:virustotal.com D9C17C35A68FC505235E20C6E50C622AED8DEA0
google: site:virustotal.com 6FA04992C0624C7AA3CA80DA6A30E6DE91226A16
google: site:virustotal.com 9CE1491CE69809F92AE1FE8D4C0783BD1D11FBE7
google: site:virustotal.com 0090CB4DE31D2D3BCA55FD4A36859921B5FC5DAE
google: site:virustotal.com D27D0B9BB57B2BAB881E0EFB97C740B7E81405DF
google: site:virustotal.com 3CDBC19BC4F12D8D00B81380F7A2504D08074C15
google: site:virustotal.com 8FC7646FA14667D07E3110FE754F61A78CFDE6BC


【VT検索】

https://www.virustotal.com/gui/file/FD9C17C35A68FC505235E20C6E50C622AED8DEA0
https://www.virustotal.com/gui/file/6FA04992C0624C7AA3CA80DA6A30E6DE91226A16
https://www.virustotal.com/gui/file/9CE1491CE69809F92AE1FE8D4C0783BD1D11FBE7
https://www.virustotal.com/gui/file/0090CB4DE31D2D3BCA55FD4A36859921B5FC5DAE
https://www.virustotal.com/gui/file/D27D0B9BB57B2BAB881E0EFB97C740B7E81405DF
https://www.virustotal.com/gui/file/3CDBC19BC4F12D8D00B81380F7A2504D08074C15
https://www.virustotal.com/gui/file/8FC7646FA14667D07E3110FE754F61A78CFDE6BC




【公開情報】

◆Industroyer2: Industroyer reloaded (WeLiveSecurity, 2022/04/12 11:28)
[インダストロイヤー2 インダストロイヤーのリロード]

This ICS-capable malware targets a Ukrainian energy company
[このICS対応マルウェアは、ウクライナのエネルギー企業を標的としています。]

https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/


【図表】



出典: https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/