BlackTech 標的型攻撃解析レポート
Show in Graph
Image Description
Common Information
Type Value
UUID d8bdb75a-1a74-465e-b5da-af025d97a3a6
Fingerprint 2154b5f506a2a8526a6f0fa3c96e0351546cc5ea7023dcbde85cf34bc471d8bc
Analysis status DONE
Considered CTI value 0
Text language
Published April 26, 2022, 9:26 a.m.
Added to db March 11, 2024, 7:40 p.m.
Last updated Aug. 31, 2024, 3:51 a.m.
Headline BlackTech 標的型攻撃解析レポート
Title BlackTech 標的型攻撃解析レポート
Detected Hints/Tags/Attributes 56/2/63
Source URLs
Redirection Url
Details Source https://jp.security.ntt/resources/BlackTech_2021.pdf?utm_campaign=Weekly%20newsletter%20of%20Masafumi%20Negishi&utm_medium=email&utm_source=Revue%20newsletter
Details Source https://jp.security.ntt/resources/BlackTech_2021.pdf
URL Provider
Details Provider Source level domain
Details security.ntt jp.security.ntt
Attributes
Details Type #Events CTI Value
Details Domain 46 
jsac.jpcert.or.jp
Details Domain 71 
blogs.jpcert.or.jp
Details Domain 20 
www.seqrite.com
Details Domain 434 
medium.com
Details Domain 41 
www.freebuf.com
Details Domain 17 
vblocalhost.com
Details Domain 1 
jp.nttsecurity.com
Details Domain 4127 
github.com
Details Domain 3 
volatility-labs.blogspot.com
Details Domain 15 
www.macnica.co.jp
Details Domain 18 
teamt5.org
Details Domain 2 
report.threatbook.cn
Details File 816 
index.html
Details File 31 
tmp.exe
Details File 12 
splwow64.exe
Details File 1 
感染端末上のマルウェアをsplwow64.exe
Details File 2 
encrypted.bin
Details File 5 
decrypted.bin
Details File 24 
c:\windows\system32\calc.exe
Details File 2 
c:\users\public\downloads\schmet.exe
Details File 2 
c:\programdata\schost.exe
Details File 2 
wb.dll
Details File 49 
onedrive.exe
Details File 1 
が起動した際に悪意のあるfilesyncfalwb.dll
Details File 2 
c:\users\public\downloads\mpetect.exe
Details File 4 
jsac2022_8_hara_en.pdf
Details File 6 
gh0sttimes.html
Details File 2 
303176.html
Details File 4 
vb2021-50.pdf
Details File 3 
tscookie_loader.html
Details File 4 
tscookie.html
Details File 2 
elf_tscookie.html
Details File 2 
ivys.html
Details File 2 
ss_ta_report_2019_4.pdf
Details File 1 
elf_plead.html
Details File 2 
bl.pdf
Details Github username 4 
abhisek
Details Github username 3 
sweetsoftware
Details IPv4 3 
3.6.1.1
Details IPv4 8 
3.6.1.2
Details IPv4 3 
3.6.1.3
Details IPv4 6 
3.6.1.4
Details IPv4 2 
3.6.1.5
Details IPv4 3 
3.6.2.1
Details IPv4 3 
3.6.2.2
Details Url 4 
https://jsac.jpcert.or.jp/archive/2022/pdf/jsac2022_8_hara_en.pdf
Details Url 4 
https://blogs.jpcert.or.jp/ja/2021/09/gh0sttimes.html
Details Url 4 
https://www.seqrite.com/blog/4898-2
Details Url 2 
https://medium.com/deep-learning-for-
Details Url 2 
https://www.freebuf.com/articles/system/303176.html
Details Url 4 
https://vblocalhost.com/uploads/vb2021-50.pdf
Details Url 2 
https://github.com/abhisek/pe-
Details Url 2 
https://github.com/sweetsoftware/ares
Details Url 3 
https://blogs.jpcert.or.jp/ja/2019/09/tscookie_loader.html
Details Url 4 
https://blogs.jpcert.or.jp/ja/2018/03/tscookie.html
Details Url 2 
https://blogs.jpcert.or.jp/ja/2020/02/elf_tscookie.html
Details Url 2 
https://volatility-labs.blogspot.com/2012/10/reverse-engineering-poison-
Details Url 2 
https://www.macnica.co.jp/business/security/manufacturers/files/mpressionc
Details Url 2 
https://teamt5.org/tw/posts/technical-analysis-on-backdoor-bifrost-of-the-
Details Url 1 
https://blogs.jpcert.or.jp/ja/2020/11/elf_plead.html
Details Url 2 
http://report.threatbook.cn/bl.pdf
Details Windows Registry Key 112 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 9 
HKCU\Environment\UserInitMprLogonScript