Golangマルウェアに対する新たなアプローチgimpfuzzyの実装と評価
Common Information
| Type | Value |
|---|---|
| UUID | 7c085869-143c-481e-8608-560f4e16288d |
| Fingerprint | 1cd29dc25aa37b0bf7ae5d70231616e4c4e9cbb4b0cf8f7df0496544fc8f786c |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 11, 2023, 2:52 p.m. |
| Added to db | March 11, 2024, 7:52 p.m. |
| Last updated | Aug. 31, 2024, 4:03 a.m. |
| Headline | Golangマルウェアに対する新たなアプローチgimpfuzzyの実装と評価 |
| Title | Golangマルウェアに対する新たなアプローチgimpfuzzyの実装と評価 |
| Detected Hints/Tags/Attributes | 23/2/51 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://jp.security.ntt/resources/gimpfuzzy.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | degobfuscate.py |
|
| Details | Domain | 1 | obfuscate.py |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 97 | abuse.ch |
|
| Details | Domain | 93 | bazaar.abuse.ch |
|
| Details | Domain | 6 | hatching.io |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 2 | project.github.io |
|
| Details | Domain | 15 | virustotal.github.io |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 26 | www.researchgate.net |
|
| Details | Domain | 11 | intezer.com |
|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 98 | www.ncsc.gov.uk |
|
| Details | File | 1 | 難読化を解除し情報を復元するツールdegobfuscate.py |
|
| Details | File | 1 | リプトdegobfuscate.py |
|
| Details | File | 1 | degobfuscate.py |
|
| Details | File | 1 | obfuscate.py |
|
| Details | File | 816 | index.html |
|
| Details | File | 8 | malware-wellmes-9b78.html |
|
| Details | Github username | 3 | mooncat-greenpy |
|
| Details | Github username | 4 | unixpickle |
|
| Details | Github username | 1 | mooncat- |
|
| Details | Github username | 1 | nextronsystems |
|
| Details | Github username | 1 | devigned |
|
| Details | sha256 | 1 | 4f0add8eadb24a134b5cab6052920f576eec1bb39232c9548286a66883dcab82 |
|
| Details | sha256 | 1 | 087f2ec8bbcee4091241e5ad30d449a1aecd0b9879338d072638c7d0ed6b30da |
|
| Details | sha256 | 6 | bec1981e422c1e01c14511d384a33c9bcc66456c1274bbbac073da825a3f537d |
|
| Details | sha256 | 7 | 0b8e6a11adaa3df120ec15846bb966d674724b6b92eae34d63b665e0698e0193 |
|
| Details | sha256 | 5 | d7e7182f498440945fc8351f0e82ad2d5844530ebdba39051d2205b730400381 |
|
| Details | sha256 | 8 | 7c39841ba409bce4c2c35437ecf043f22910984325c70b9530edf15d826147ee |
|
| Details | sha256 | 6 | 8749c1495af4fd73ccfc84b32f56f5e78549d81feefb0c1d1c3475a74345f6a8 |
|
| Details | sha256 | 9 | 5ca4a9f6553fea64ad2c724bf71d0fac2b372f9e7ce2200814c98aac647172fb |
|
| Details | sha256 | 6 | 4c8671411da91eb5967f408c2a6ff6baf25ff7c40c65ff45ee33b352a711bf9c |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Url | 2 | https://github.com/mooncat-greenpy/ghidra_golanganalyzerextension |
|
| Details | Url | 1 | https://github.com/unixpickle/gobfuscate |
|
| Details | Url | 1 | https://github.com/mooncat- |
|
| Details | Url | 43 | https://www.virustotal.com |
|
| Details | Url | 4 | https://bazaar.abuse.ch |
|
| Details | Url | 1 | https://hatching.io/triage |
|
| Details | Url | 1 | https://github.com/nextronsystems/gimphash |
|
| Details | Url | 1 | https://www.mandiant.com/resources/blog/golang-internals-symbol- |
|
| Details | Url | 9 | https://virustotal.github.io/yara |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/the-gopher- |
|
| Details | Url | 1 | https://github.com/devigned/veil |
|
| Details | Url | 1 | https://www.researchgate.net/publication/268185911_the_truth_of_the_ |
|
| Details | Url | 1 | https://intezer.com/blog/research/a-storm-is-brewing-ipstorm-now-has- |
|
| Details | Url | 8 | https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/news/uk- |