北朝鮮関連サイトを踏み台とした 水飲み場型攻撃 解析レポート
Common Information
| Type | Value |
|---|---|
| UUID | 9be113be-679c-4912-94b3-b3c20199f19d |
| Fingerprint | 8be1071646b39f3b8ad6b5e026cb5b5a79f0001b979093a233b182231cbd6659 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 18, 2017, 12:20 p.m. |
| Added to db | March 11, 2024, 7:53 p.m. |
| Last updated | Aug. 31, 2024, 3:50 a.m. |
| Headline | 北朝鮮関連サイトを踏み台とした 水飲み場型攻撃 解析レポート |
| Title | 北朝鮮関連サイトを踏み台とした 水飲み場型攻撃 解析レポート |
| Detected Hints/Tags/Attributes | 43/1/91 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://jp.security.ntt/resources/WaterHoleAttack_chongryon.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 77 | cve-2016-0189 |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 74 | adodb.stream |
|
| Details | Domain | 1 | wscript.sh |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 16 | www.netresec.com |
|
| Details | Domain | 3 | cript.shell |
|
| Details | Domain | 2 | kpn.com |
|
| Details | Domain | 21 | poc.py |
|
| Details | Domain | 12 | www.sankei.com |
|
| Details | Domain | 1 | www.chongryon.com |
|
| Details | Domain | 1 | www.kcna.co.jp |
|
| Details | Domain | 3 | theori.io |
|
| Details | Domain | 247 | www.virusbulletin.com |
|
| Details | 1 | juan.sacco@kpn.com |
||
| Details | File | 1 | a7db98c120710f08ea5604f2bf622ac9.php |
|
| Details | File | 35 | windbg.exe |
|
| Details | File | 40 | ollydbg.exe |
|
| Details | File | 17 | idaq.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 65 | python.exe |
|
| Details | File | 1 | juchech.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1 | ocheck.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 4 | rawcap.exe |
|
| Details | File | 1 | awcap.exe |
|
| Details | File | 2 | cap.exe |
|
| Details | File | 1 | zxcas.vbs |
|
| Details | File | 5 | app.log |
|
| Details | File | 4 | socket.bin |
|
| Details | File | 40 | 7z.exe |
|
| Details | File | 20 | 7z.dll |
|
| Details | File | 5 | er.exe |
|
| Details | File | 50 | a.exe |
|
| Details | File | 1 | ここでダウンロードされたツールuploader.exe |
|
| Details | File | 1 | 存時のファイルはa.exe |
|
| Details | File | 1 | や7z.dll |
|
| Details | File | 1 | をuploader.exe |
|
| Details | File | 1 | yzw.7z |
|
| Details | File | 1 | book1.xlsx |
|
| Details | File | 1 | dist.7z |
|
| Details | File | 1 | この攻撃ツールred.exe |
|
| Details | File | 3 | red.exe |
|
| Details | File | 20 | poc.py |
|
| Details | File | 1 | afr1705130004-n1.html |
|
| Details | File | 3 | uploader.exe |
|
| Details | File | 1 | bb3537dc74ca56f5975c1f82818340ce.php |
|
| Details | File | 1 | f7015a0edbf0564d9b34cf8addd9dff5.php |
|
| Details | File | 1 | 59c295edc8782dea64cde7fcbd292747.php |
|
| Details | md5 | 1 | 72b7579fe4095435679933ca351822a8 |
|
| Details | md5 | 1 | a7db98c120710f08ea5604f2bf622ac9 |
|
| Details | md5 | 1 | 98e0f9b8979cd21347468a29e6386ca7 |
|
| Details | md5 | 1 | 2593a0ef1bea32cf23f4c8c42b814b2a |
|
| Details | md5 | 1 | 6a5ad1450a58a0da27066f53e3a94379 |
|
| Details | md5 | 1 | a72ca104fa41228f0cab31dadeea92c4 |
|
| Details | md5 | 1 | 8f9dedaacaf8dd971b7d88a826acd90d |
|
| Details | md5 | 1 | 75eb3772141fc2123783cfcc59db6502 |
|
| Details | md5 | 1 | 3918d5876061a0be96d58d912687b03f |
|
| Details | md5 | 1 | 59fc53d05aaf4196d560a5af6bf54d24 |
|
| Details | md5 | 1 | 6564aeeacb3ec1eb195ba44ec9cb4621 |
|
| Details | md5 | 1 | bb3537dc74ca56f5975c1f82818340ce |
|
| Details | md5 | 1 | f7015a0edbf0564d9b34cf8addd9dff5 |
|
| Details | md5 | 1 | 59c295edc8782dea64cde7fcbd292747 |
|
| Details | md5 | 1 | 256f0751d6b26488ba98fd57d354ce2a |
|
| Details | md5 | 1 | ea0ec5f659136deba37c324436a292ce |
|
| Details | IPv4 | 1 | 52.78.95.103 |
|
| Details | IPv4 | 198 | 1.1.1.1 |
|
| Details | IPv4 | 2 | 0.1.5.0 |
|
| Details | IPv4 | 1 | 169.254.51.142 |
|
| Details | IPv4 | 4 | 192.168.10.2 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 3 | 192.168.10.3 |
|
| Details | IPv4 | 3 | 192.168.10.4 |
|
| Details | IPv4 | 1 | 52.78.95.1 |
|
| Details | IPv4 | 1 | 54.238.186.73 |
|
| Details | Url | 1 | http://52.78.95.103/a7db98c120710f08ea5604f2bf622ac9.php |
|
| Details | Url | 1 | http://52.78.95.103/98e0f9b8979cd21347468a29e6 |
|
| Details | Url | 1 | http://52.78.95.103/98e0f9b8979cd21347468a29e6386ca7/r |
|
| Details | Url | 1 | http://www.netresec.com |
|
| Details | Url | 1 | http://52.78.95.103/98e0f9b8979cd21347468a29e6386ca7/7z.exe |
|
| Details | Url | 1 | http://52.78.95.103/98e0f9b8979cd21347468a29e6386ca7/7z.dll |
|
| Details | Url | 1 | http://52.78.95.103/98e0f9b8979cd21347468a29e6386ca7/upload |
|
| Details | Url | 1 | http://52.78.95.103/98e0f9b8979cd21347468a29e |
|
| Details | Url | 1 | http://www.sankei.com/affairs/news/170513/afr1705130004-n1.html |
|
| Details | Url | 1 | http://www.chongryon.com |
|
| Details | Url | 1 | http://www.kcna.co.jp |
|
| Details | Url | 1 | http://theori.io/research/cve-2016-0189 |
|
| Details | Url | 1 | https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evoluti |