標的型攻撃の実態と 対策アプローチ
Show in Graph
Image Description
Common Information
Type Value
UUID 70c68ad0-5827-4683-af7c-db9af91074ff
Fingerprint d7d194feea1e7d0a4cc042fad3222b152538782e4008d6c600928218bc8b9762
Analysis status DONE
Considered CTI value 2
Text language
Published May 13, 2019, 1:04 p.m.
Added to db April 14, 2024, 3:22 a.m.
Last updated Aug. 31, 2024, 9:12 a.m.
Headline 標的型攻撃の実態と 対策アプローチ
Title 標的型攻撃の実態と 対策アプローチ
Detected Hints/Tags/Attributes 72/3/163
Source URLs
Redirection Url
Details Source https://files.macnica.co.jp/mnc/mpressioncss_ta_report_2019.pdf
Details Source https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2019.pdf
Details Redirection https://www.macnica.net/file/mpressioncss_ta_report_2019.pdf
URL Provider
Details Provider Source level domain
Details macnica.co.jp www.macnica.co.jp
Details macnica.co.jp files.macnica.co.jp
Details macnica.net www.macnica.net
Attributes
Details Type #Events CTI Value
Details Domain 18 
blog.trendmicro.co.jp
Details Domain 12 
www.macnica.net
Details Domain 7 
intrusiontruth.wordpress.com
Details Domain 12 
www.mofa.go.jp
Details Domain 26 
www.lac.co.jp
Details Domain 71 
blogs.jpcert.or.jp
Details Domain 7 
www.secureworks.jp
Details Domain 262 
www.welivesecurity.com
Details Domain 103 
www.mcafee.com
Details Domain 111 
www.justice.gov
Details Domain 16 
www.nikkei.com
Details Domain 1 
eetimes.jp
Details Domain 224 
unit42.paloaltonetworks.com
Details Domain 4127 
github.com
Details Domain 6 
vmpsoft.com
Details Domain 26 
www.jpcert.or.jp
Details Domain 360 
attack.mitre.org
Details Domain 1 
naggnoggmoggmpggmmggnoggmfggjnggmfggnlggjnggnhgg.ijjlekgc.namshionline.com
Details Domain 1 
youtube.saaszebra.top
Details Domain 3 
robot.softsrobot.com
Details Domain 2 
www.runinngboys.com
Details Domain 2 
dns.safedexperiences.com
Details Domain 2 
google.safedexperiences.com
Details Domain 2 
web.birthhappiness.com
Details Domain 2 
www.birthhappiness.com
Details Domain 2 
www.korlearn.com
Details Domain 2 
www.miniiants.com
Details Domain 2 
www.safedexperiences.com
Details Domain 2 
dndns8866.com
Details Domain 2 
korlearn2030.com
Details Domain 1 
microsoftclick.com
Details Domain 1 
namshionline.com
Details Domain 3 
background.ristians.com
Details Domain 3 
enum.arkoorr.com
Details Domain 3 
worker.baraeme.com
Details Domain 3 
plan.evillese.com
Details Domain 3 
outlook.betamedias.com
Details Domain 1 
www.freenow.gq
Details Domain 1 
www.bluekoty.com
Details Domain 1 
budda.top
Details Domain 1 
dexita.top
Details Domain 1 
kddi-service.bid
Details Domain 1 
kerberst.xyz
Details Domain 1 
kosoto.top
Details Domain 1 
magicbobcats.top
Details Domain 1 
metawxer.xyz
Details Domain 1 
metingber.top
Details Domain 1 
nextset.top
Details Domain 1 
nuggetshawks.xyz
Details Domain 1 
ridepyter.top
Details Domain 1 
sangxbue.top
Details Domain 2 
sslvps.top
Details Domain 1 
ssonifty.top
Details Domain 1 
timexdate.top
Details Domain 1 
towpu.top
Details Domain 1 
trailblazers.top
Details Domain 1 
warriorssun.info
Details File 2 
apt10-targeting-japanese-corporations-using-updated-ttps.html
Details File 63 
report.html
Details File 2 
page4_004594.html
Details File 3 
20180425_001625.html
Details File 4 
tscookie.html
Details File 4 
eset_oceanlotus.pdf
Details File 3 
rp-operation-sharpshooter.pdf
Details File 1 
fireeye-cyber-attack-group-preventing-cyber-attacks.html
Details File 1 
news009.html
Details File 3 
tick-activity.html
Details File 1018 
rundll32.exe
Details File 1 
swg32.dll
Details File 130 
ws2_32.dll
Details File 1 
をロードしているrundll32.exe
Details File 1 
20171109codeblue2017_ja.pdf
Details File 1 
20171109ac-ir_research2.pdf
Details File 7 
p.dat
Details File 15 
com.dat
Details File 1 
ファイル中のsettings.xml
Details File 1 
chromeの正規のアップデータgoogleupdate.exe
Details File 1 
社の正規のword.exe
Details File 1 
cobaltstrike.html
Details File 1 
centerhelpwrite.exe
Details File 1 
バイト値のチェックと書き換えたcenterhelpwriter.exe
Details File 1 
新しく書き込んだcenterhelpwrite.exe
Details File 1 
にwordpad.exe
Details File 1 
centerhelpwriter.exe
Details File 90 
wordpad.exe
Details File 1 
にwrite.exe
Details File 1 
ではwrite.exe
Details File 21 
write.exe
Details File 1 
を実行するとwordpad.exe
Details File 1 
起動時にwrite.exe
Details File 1 
の仕組みで次に実行されるwordpad.exe
Details File 1 
システム構成のスタートアップに登録されたwrite.exe
Details File 1 
write.exe
Details File 1 
の実行によりcenterhelpwriter.exe
Details File 1 
最終的にcenterhelpwriter.exe
Details File 1 
upheart.asp
Details File 1 
downloadshell.asp
Details File 1 
ツールで表示したwrite.exe
Details File 1 
のwrite.exe
Details File 3 
hp.php
Details File 1 
dns.safe
Details File 2 
google.safe
Details File 72 
www.safe
Details File 1 
vean32.png
Details File 1 
vcvi.png
Details Github username 5 
gchq
Details Github username 6 
mdsecactivebreach
Details Github username 29 
gentilkiwi
Details sha256 1 
824a5d74bf78481fe935670bf1ea3797ebc210181e6ffe0ee5854d61cf59b2a1
Details sha256 1 
847d0fa2e12a1d0f1a68abad269b5e0aebc2bd904bb695067af08703982ae929
Details sha256 3 
d705734d64b5e8d61687db797d7ad3211e99e4160c30ba209931188f15ced451
Details sha256 2 
3f5a5819d3fe0860e688a08c1ad1af7208fe73fd9b577a7f16bcebf2426fbdaf
Details sha256 2 
53efaac9244c24fab58216a907783748d48cb32dbdc2f1f6fb672bd49f12be4c
Details sha256 1 
358df9aba78cf53e38c2a03c213c31ba8735e3936f9ac2c4a05cfb92ec1b2396
Details sha256 1 
6bb33a67af4f4a85cbae5cec2fac89297f1250167ec096f9e656af12068abc72
Details sha256 1 
071ca1d2b31d720d7660a47c06380342bf15c34fbabdb87b1ee0a91e05f57d7e
Details sha256 1 
8772bb991640a4e6a7862c92e818ec87018b2fa5e252682973d96f59fac82441
Details sha256 1 
bf4ac684ca1042f5b40a498dd0d1fabdfa6956ef7906bc21508ebd39ae5a79d3
Details sha256 1 
7ec0523fca7bc8eee27844038ce8ea985e0e0a95a9b906b917de9592929a966b
Details sha256 1 
8526f10b50ec4deb70e7da7a4e693ed04e6a8e332f891c8a84e3783aaad13ad9
Details sha256 1 
b2ec8cc72f632367dfc0cc9fe1a98034fb4e7b9011701ed20e7345e009fa525c
Details sha256 1 
33bfd6fdf8a34781d86fa48922856905509c057ba0fa5d58618e9749295a9741
Details IPv4 3 
211.233.81.242
Details MITRE ATT&CK Techniques 40 
T1221
Details Threat Actor Identifier - APT 278 
APT10
Details Threat Actor Identifier - APT 132 
APT32
Details Url 2 
https://blog.trendmicro.co.jp/archives/17280
Details Url 1 
https://www.fireeye.com/blog/jp-threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html
Details Url 1 
https://www.macnica.net/mpressioncss/report.html
Details Url 1 
https://intrusiontruth.wordpress.com/category/apt10
Details Url 3 
https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion
Details Url 2 
https://www.mofa.go.jp/mofaj/press/danwa/page4_004594.html
Details Url 1 
https://blog.trendmicro.co.jp/archives/15393
Details Url 3 
https://www.lac.co.jp/lacwatch/people/20180425_001625.html
Details Url 4 
https://blogs.jpcert.or.jp/ja/2018/03/tscookie.html
Details Url 2 
https://www.secureworks.jp/resources/rp-bronze-butler
Details Url 2 
https://www.welivesecurity.com/wp-content/uploads/2018/03/eset_oceanlotus.pdf
Details Url 1 
https://blog.trendmicro.co.jp/archives/19829
Details Url 1 
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf
Details Url 1 
https://www.fireeye.jp/company/press-releases/2014/fireeye-cyber-attack-group-preventing-cyber-attacks.html
Details Url 1 
https://www.justice.gov/opa/press-release/file/1106491/download
Details Url 1 
https://www.nikkei.com/article/dgxkzo38656320x01c18a2ea2000
Details Url 1 
https://eetimes.jp/ee/articles/1808/08/news009.html
Details Url 1 
https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign
Details Url 2 
https://unit42.paloaltonetworks.com/unit42-tick-group-continues-attacks
Details Url 3 
https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html
Details Url 3 
https://github.com/gchq/cyberchef
Details Url 3 
https://vmpsoft.com
Details Url 1 
https://www.jpcert.or.jp/present/2018/20171109codeblue2017_ja.pdf
Details Url 1 
https://www.jpcert.or.jp/research/20171109ac-ir_research2.pdf
Details Url 2 
https://attack.mitre.org/techniques/t1221
Details Url 1 
https://www.paloaltonetworks.jp/company/in-the-news/2019/tracking-oceanlotus-new-downloader-kerrdown
Details Url 3 
https://github.com/mdsecactivebreach/cactustorch
Details Url 1 
https://blogs.jpcert.or.jp/ja/2018/07/cobaltstrike.html
Details Url 14 
https://github.com/gentilkiwi/mimikatz
Details Url 1 
https://www.bloomberg.com/news/articles/2019-03-20/vietnam-tied-hackers-target-auto-industry-firms-fireeye-says
Details Url 57 
https://attack.mitre.org
Details Url 2 
http://211.233.81.242/hp.php
Details Url 1 
https://outlook.updateoffices.net/vean32.png
Details Url 1 
https://outlook.officebetas.com/vcvi.png
Details Url 1 
https://outlook.betamedias.com/templates
Details Windows Registry Key 1 
HKLM\SYSTEM\Current-ControlSet\Services\SCPolicys\Con
Details Windows Registry Key 1 
HKCU\Software\Mic