カオス化する A41APT キャンペーンに対して私達ができること(公開版)
Common Information
| Type | Value |
|---|---|
| UUID | 227cd9a3-a631-4e7e-b383-0e320d1f47d4 |
| Fingerprint | e11a12f91e8c548991ddf3ce0679cae9026dadbc81baffa9fcf64807a1cb2ea2 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | None |
| Added to db | March 12, 2024, 7:57 p.m. |
| Last updated | Aug. 31, 2024, 1:55 a.m. |
| Headline | カオス化する A41APT キャンペーンに対して私達ができること(公開版) |
| Title | カオス化する A41APT キャンペーンに対して私達ができること(公開版) |
| Detected Hints/Tags/Attributes | 51/3/60 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 150 | cve-2018-13379 |
|
| Details | CVE | 3 | cve-2020-3125 |
|
| Details | CVE | 397 | cve-2021-44228 |
|
| Details | Domain | 18 | blog.trendmicro.co.jp |
|
| Details | Domain | 5 | secretdump.py |
|
| Details | Domain | 46 | jsac.jpcert.or.jp |
|
| Details | Domain | 15 | www.macnica.co.jp |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 22 | nsfocusglobal.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 2 | www.monferriina.com |
|
| Details | File | 5 | secretdump.py |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 3 | httpswin32.dll |
|
| Details | File | 2 | httpsx64_d.dll |
|
| Details | File | 3 | tcpcx64.dll |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 4 | jsac2021_202_niwa-yanagishita_jp.pdf |
|
| Details | File | 5 | jsac2021_202_niwa-yanagishita_en.pdf |
|
| Details | File | 43 | 0.pdf |
|
| Details | File | 6 | mpressioncss_ta_report_2020_5.pdf |
|
| Details | File | 2 | c:\windows\routinemaintenance.exe |
|
| Details | File | 2 | c:\windows\ceiprole.exe |
|
| Details | File | 2 | c:\windows\vss\writers\system\familysafety.exe |
|
| Details | File | 2 | c:\windows\system32\winrm\0409\usoclient.exe |
|
| Details | File | 2 | c:\windows\system32\da-dk\dataproviders.exe |
|
| Details | sha256 | 2 | cf5ec3b803563d8ef68138f5303ebc362b72da36da29b9cba3062ae996db9234 |
|
| Details | sha256 | 2 | c13f93b7bb1f8f5f9bd6dd4d25f7af873119c8b8248490de6bd9b29d0c68783e |
|
| Details | sha256 | 2 | 9bec85e6a3d811826580540b541723c6b5236377a3a980b1ffa5bf5f749a99d4 |
|
| Details | sha256 | 2 | 7db327cc7bd622038f69b4df4178ca3145659a73cbcb10d0228e48f2ece60896 |
|
| Details | sha256 | 2 | c0ed7939945726b61100009b926917723fdc5f9b2df0be070f2a500b6edf161c |
|
| Details | sha256 | 2 | 0a570b32d14799f6351ee211093567450d41705ca79e236a38ca15f135d78bfd |
|
| Details | sha256 | 2 | 2da5e37ec4c7059a7935165039ea31b0c9cc8f1bb0d0c620759776979158cf30 |
|
| Details | sha256 | 2 | e8797b4334fbaa067d5f91d1481bd8f55bf2e45483a92a8ea7030c2c604dd273 |
|
| Details | sha256 | 2 | 68dd499bca62e004c97ccc17f68e3d6dde2885446924dabe8cc525763caa08a3 |
|
| Details | sha256 | 2 | 1f1bcb03b008c4fdd462e7d2b5db5ca321ff6d56bbb22cddd39c82df1f6a038f |
|
| Details | sha256 | 2 | 7337071599eb49c75c63dff210aa516ea8dbbe99a8a66237f66f3f3c7f5aed31 |
|
| Details | sha256 | 2 | 59986e20e03774c7d0f5adb4eca394f5f51b01a8c2ba9cb6c1ce30f9312b9566 |
|
| Details | sha256 | 4 | 8efcecc00763ce9269a01d2b5918873144746c4b203be28c92459f5301927961 |
|
| Details | sha256 | 4 | 20fc3cf1afcad9e6f19e9abebfc9daf374909801d874c3d276b913f12d6230ec |
|
| Details | IPv4 | 2 | 168.100.8.20 |
|
| Details | IPv4 | 2 | 192.248.183.113 |
|
| Details | IPv4 | 2 | 185.10.16.115 |
|
| Details | Threat Actor Identifier - APT | 278 | APT10 |
|
| Details | Url | 4 | https://blog.trendmicro.co.jp/archives/29842 |
|
| Details | Url | 4 | https://jsac.jpcert.or.jp/archive/2021/pdf/jsac2021_202_niwa-yanagishita_jp.pdf |
|
| Details | Url | 4 | https://jsac.jpcert.or.jp/archive/2021/pdf/jsac2021_202_niwa-yanagishita_en.pdf |
|
| Details | Url | 1 | https://blog.kaspersky.co.jp/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign |
|
| Details | Url | 1 | https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/10151 |
|
| Details | Url | 1 | https://media.kasperskydaily.com/wp-content/uploads/sites/86/2021/02/25140359/greatidea_a41_v1.0.pdf |
|
| Details | Url | 6 | https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2020_5.pdf |
|
| Details | Url | 3 | https://www.fortinet.com/blog/threat-research/uncovering-new-activity-by-apt- |
|
| Details | Url | 2 | https://nsfocusglobal.com/insights-into-ransomware-spread-using-exchange-1-day-vulnerabiliti |
|
| Details | Url | 2 | https://twitter.com/manu_de_lucia/status/1430115616862638080 |
|
| Details | Url | 2 | https://twitter.com/fr0gger_/status/1430213808434339842 |
|
| Details | Url | 2 | https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and- |
|
| Details | Url | 2 | https://docs.microsoft.com/ja-jp/sysinternals/downloads/autoruns |