日本を狙うサイバーエスピオナージ (標的型攻撃) の動向2022年度 .indd
Common Information
| Type | Value |
|---|---|
| UUID | f088f6bb-5543-4c15-b2f8-8eb64005dc07 |
| Fingerprint | ed7574e375e9adf7b82f963b7045b6e0fafedf6b5eaa4ac3d07f29f7cc306f2e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 21, 2023, 2:48 p.m. |
| Added to db | July 25, 2024, 12:28 p.m. |
| Last updated | Aug. 31, 2024, 9:01 a.m. |
| Headline | 日本を狙うサイバーエスピオナージ (標的型攻撃) の動向2022年度 .indd |
| Title | 日本を狙うサイバーエスピオナージ (標的型攻撃) の動向2022年度 .indd |
| Detected Hints/Tags/Attributes | 93/4/160 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 22 | cve-2022-41091 |
|
| Details | Domain | 15 | www.macnica.co.jp |
|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 3 | security.macnica.co.jp |
|
| Details | Domain | 20 | insight-jp.nttsecurity.com |
|
| Details | Domain | 15 | www.ipa.go.jp |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 80 | www.eset.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 1 | doc.documentshare.info |
|
| Details | Domain | 2 | mail.mraden.com |
|
| Details | Domain | 1 | csits.org |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 452 | msrc.microsoft.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 2 | share.1drvmicrosoft.com |
|
| Details | Domain | 1 | www.fistlove1.com |
|
| Details | Domain | 1 | www.isghost123.com |
|
| Details | Domain | 1 | mail-csg.xyz |
|
| Details | Domain | 1 | mraden.com |
|
| Details | Domain | 1 | lzuedu.com |
|
| Details | Domain | 1 | mail-csits.org |
|
| Details | Domain | 1 | www.mraden.com |
|
| Details | Domain | 1 | mail.lzuedu.com |
|
| Details | File | 3 | cyberespionage_report_2021_6.pdf |
|
| Details | File | 2 | shorten_url_lnk.html |
|
| Details | File | 3 | iso.html |
|
| Details | File | 2 | 000099786.pdf |
|
| Details | File | 5 | 000106897.pdf |
|
| Details | File | 1 | targeted-attack-campaign-earth-yako.html |
|
| Details | File | 1 | 戦略.doc |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 1 | xcqkxhrwom.docx |
|
| Details | File | 3 | offcln.exe |
|
| Details | File | 3 | oclean.dll |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | ルのコマンドはmshta.exe |
|
| Details | File | 1 | 拡散をめぐる国際政治_docx.exe |
|
| Details | File | 1 | 核不拡散をめぐる国際政治_docx.exe |
|
| Details | File | 4 | k7avscan.exe |
|
| Details | File | 1 | がexplorer.exe |
|
| Details | File | 34 | win.rar |
|
| Details | File | 1 | ナ戦争が日本のエネルギーに及ぼす影響.zip |
|
| Details | File | 29 | 1.doc |
|
| Details | File | 3 | 2.docx |
|
| Details | File | 28 | word.exe |
|
| Details | File | 1 | のこの通信先の関連ファイルとして同名のファイルwin.rar |
|
| Details | File | 25 | win.exe |
|
| Details | File | 1 | 鍵123456aaaaaaaaaaで復号してgoogleupdate.exe |
|
| Details | File | 2 | base.jpg |
|
| Details | File | 105 | googleupdate.exe |
|
| Details | File | 28 | goopdate.dll |
|
| Details | File | 1 | の実行でgoopdate.dll |
|
| Details | File | 1 | がbase.jpg |
|
| Details | File | 1 | workdll.dll |
|
| Details | File | 1 | またはworkdll.dll |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1 | されるwin.rar |
|
| Details | File | 1 | ecbモードで鍵の値に123456aaaaaaaaaaを使って.dat |
|
| Details | File | 1 | 得られたペイロードをnotepad.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1 | 国際政治_docx.exe |
|
| Details | File | 10 | 1.docx |
|
| Details | File | 6 | k7avwscn.dll |
|
| Details | File | 1 | 親プロセスがexplorer.exe |
|
| Details | File | 1 | downloadsフォルダに移動されたk7avscan.exe |
|
| Details | File | 1 | がロードされた後に暗号化ファイルk7avscan.exe |
|
| Details | File | 1 | 8091.htm |
|
| Details | File | 1 | k7tssplh.exe |
|
| Details | File | 4 | k7ui.dll |
|
| Details | File | 69 | vcruntime140.dll |
|
| Details | File | 3 | elze.exe |
|
| Details | File | 3 | frau.dll |
|
| Details | File | 3 | 正規ファイルk7sysmon.exe |
|
| Details | File | 3 | がロードするk7sysmn1.dll |
|
| Details | sha256 | 1 | 51489994496ded4ecc1c2762a661a59a6d105f96cbd8733edb9bfb796fb1b763 |
|
| Details | sha256 | 1 | acac32fd6c5bf8e66ab559903a75591c87ab6167d6b777f6c91692f32564b8df |
|
| Details | sha256 | 1 | 42e9991533dab50beba6b2f58de6b72d5a9d622202840921ac9a357ca1c1b9f5 |
|
| Details | sha256 | 1 | 526f48c6b3b767c119282e362eeb39238ac3593f7b3742eb08e67cd93d913a44 |
|
| Details | sha256 | 1 | 947cc470b079ee4b70b72c853d9e9dc75f6ee7455c2e61ae5d91e3d1bd2e4e71 |
|
| Details | sha256 | 2 | 7a4fd1cc932b96175055b2940242877cab728a9d7c7ee371cad8438b4e88a812 |
|
| Details | sha256 | 1 | 632975a3642b0f2a6084880e59ffa19dfa8b08d13ac15b639e1e0ad3bdbf45bd |
|
| Details | sha256 | 1 | ab29f429b50805d1f271ac3918a293626682f3d7f4f7ad28f4fc07da85cd057a |
|
| Details | sha256 | 2 | f38c367e6e4e7f6e20fa7a3ce0d8501277f5027f93e46761e72c36ec709f4304 |
|
| Details | sha256 | 3 | bdc15b09b78093a1a5503a1a7bfb487f7ef4ca2cb8b4d1d1bdf9a54cdc87fae4 |
|
| Details | sha256 | 1 | 7db3b2401c555a301046911998ae95f080a3d9590047b309e2f7a2e98bfab260 |
|
| Details | sha256 | 1 | b20d1ebe9d39ae587af87076e24275cfc47de4cb4b6860607e25f61847a216d7 |
|
| Details | sha256 | 1 | 58ba6e58df27f999e0ef90006ca071356abc786d46390a4a059a5855037c3d39 |
|
| Details | sha256 | 1 | 15908e00a2fd56a1d4ce7c5162aeaacbadf16f1f038a6b292e9ccee9b7553eb5 |
|
| Details | sha256 | 1 | 7d226cdf9139cd666daa2b939740be2e47a78c2386dbec6904f603eacf9e8839 |
|
| Details | sha256 | 1 | 950cdd2b62701c4420a28970565e8eafdef1a3d8304915590b7b107f02e9a80b |
|
| Details | sha256 | 1 | 53602f72554e3563b62f2092706fea47837056d0e5628eeebbc89bab95fd544d |
|
| Details | sha256 | 1 | 2938aa7ff29ab16a52f9130f55570dfeb769621d209b92cb1519daf0b93b8fb6 |
|
| Details | sha256 | 1 | 320e0121ab2bf3fc0800763910aaccf55ae4d450258feea9a92b0fecf32868a6 |
|
| Details | sha256 | 1 | 4ba13bba6f118a5af5f5174183f9c77a67b034d059af393f29d07f10a3a1b40d |
|
| Details | sha256 | 1 | 9d47acf2f8d1c0eb11e46e1d64f87a80827975513630bdb64dff11546c94cc97 |
|
| Details | sha256 | 1 | 780f5d21f1f38779f643f1fdf6c42795d23f7e77e1f75b09cead2ce5d0f15ea3 |
|
| Details | IPv4 | 6 | 5.8.95.174 |
|
| Details | IPv4 | 6 | 103.175.16.39 |
|
| Details | IPv4 | 1 | 178.128.125.50 |
|
| Details | IPv4 | 1 | 103.96.148.227 |
|
| Details | IPv4 | 1 | 108.61.183.251 |
|
| Details | IPv4 | 1 | 45.76.107.53 |
|
| Details | IPv4 | 2 | 207.148.103.42 |
|
| Details | IPv4 | 1 | 104.238.149.178 |
|
| Details | IPv4 | 2 | 85.209.43.142 |
|
| Details | IPv4 | 2 | 207.148.90.45 |
|
| Details | IPv4 | 2 | 185.126.236.166 |
|
| Details | IPv4 | 2 | 198.13.33.117 |
|
| Details | IPv4 | 1 | 103.139.1.141 |
|
| Details | IPv4 | 1 | 85.209.40.155 |
|
| Details | IPv4 | 1 | 8.210.220.182 |
|
| Details | MITRE ATT&CK Techniques | 22 | T1566.003 |
|
| Details | MITRE ATT&CK Techniques | 137 | T1059.005 |
|
| Details | MITRE ATT&CK Techniques | 9 | T1055.004 |
|
| Details | MITRE ATT&CK Techniques | 116 | T1134 |
|
| Details | MITRE ATT&CK Techniques | 227 | T1574.002 |
|
| Details | MITRE ATT&CK Techniques | 115 | T1571 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 119 | T1218.011 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | Threat Actor Identifier - APT | 278 | APT10 |
|
| Details | Url | 3 | https://www.macnica.co.jp/business/security/cyberespionage_report_2021_6.pdf |
|
| Details | Url | 3 | https://blogs.jpcert.or.jp/ja/tags/lodeinfo |
|
| Details | Url | 1 | https://blogs.jpcert.or.jp/ja/2019/07/shorten_url_lnk.html |
|
| Details | Url | 3 | https://security.macnica.co.jp/blog/2022/05/iso.html |
|
| Details | Url | 4 | https://insight-jp.nttsecurity.com/post/102ho8o/operation-restylink |
|
| Details | Url | 1 | https://www.ipa.go.jp/security/j-crat/ug65p9000000nks8-att/000099786.pdf |
|
| Details | Url | 1 | https://www.ipa.go.jp/security/j-crat/ug65p9000000nks8-att/000106897.pdf |
|
| Details | Url | 1 | https://www.trendmicro.com/ja_jp/research/23/a/targeted-attack-campaign-earth-yako.html |
|
| Details | Url | 1 | https://www.eset.com/jp/blog/welivesecurity/lookback-ta410-umbrella-cyberespionage-ttps-activity |
|
| Details | Url | 1 | https://insight-jp.nttsecurity.com/post/102id0t/usbflowcloud |
|
| Details | Url | 3 | https://attack.mitre.org/groups/g0081 |
|
| Details | Url | 1 | http://5.8.95.174 |
|
| Details | Url | 1 | http://103.175.16.39 |
|
| Details | Url | 1 | http://officeonline.oneから更なるペイロードを入手して攻撃を行ったものと思われます |
|
| Details | Url | 1 | http://178.128.125.50/$word$xcqkxhrwom.docx |
|
| Details | Url | 1 | https://doc.documentshare.info/iagodk3zbqqukxjdg/wjjkrpsx7q4 |
|
| Details | Url | 1 | http://108.61.183.251 |
|
| Details | Url | 1 | http://45.76.107.53 |
|
| Details | Url | 2 | http://mail.mraden.com/win.rar |
|
| Details | Url | 1 | https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology |
|
| Details | Url | 1 | http://104.238.149.178 |
|
| Details | Url | 1 | http://207.148.103.42 |
|
| Details | Url | 1 | http://mail.mraden.com/win.rarをダウンロードしてc |
|
| Details | Url | 4 | https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742 |
|
| Details | Url | 1 | https://attack.mitre.org/versions/v13 |
|
| Details | Url | 1 | https://learn.microsoft.com/ja-jp/deployoffice/security/internet-macros-blocked |
|
| Details | Url | 3 | https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2022-41091 |
|
| Details | Url | 2 | https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia |
|
| Details | Url | 1 | http://207.148.103.42/8091.htm |
|
| Details | Url | 1 | http://207.148.90.45/8091.htm |
|
| Details | Url | 1 | http://207.148.90.45 |
|
| Details | Url | 1 | http://185.126.236.166 |
|
| Details | Url | 1 | http://198.13.33.117 |