Lancefly APTグループ、カスタムバックドアで政府や航空部門などの組織を標的に
Tags
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Mavinject - T1218.013 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | 4c3d19c5-aefd-453e-85f0-80022af3b823 |
| Fingerprint | 1c93962527bd4983 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 31, 2023, midnight |
| Added to db | Oct. 24, 2023, 1:21 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | Lancefly APTグループ、カスタムバックドアで政府や航空部門などの組織を標的に |
| Title | Lancefly APTグループ、カスタムバックドアで政府や航空部門などの組織を標的に |
| Detected Hints/Tags/Attributes | 35/1/146 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 285 | microsoft.net |
|
| Details | File | 7 | perfhost.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 8 | siteadv.exe |
|
| Details | File | 5 | siteadv.dll |
|
| Details | File | 3 | ssr32.exe |
|
| Details | File | 3 | safestore32.dll |
|
| Details | File | 6 | chrome_frame_helper.exe |
|
| Details | File | 5 | chrome_frame_helper.dll |
|
| Details | File | 15 | wsc_proxy.exe |
|
| Details | File | 18 | wsc.dll |
|
| Details | File | 4 | coinst.exe |
|
| Details | File | 42 | msvcr100.dll |
|
| Details | File | 3 | coinstcfg.dat |
|
| Details | File | 1 | powershellでrundll32.exe |
|
| Details | File | 69 | comsvcs.dll |
|
| Details | File | 165 | reg.exe |
|
| Details | File | 1 | かsvchost.exe |
|
| Details | File | 11 | mavinject.exe |
|
| Details | File | 1 | やcreatedump.exe |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 7 | formdll.dll |
|
| Details | File | 2 | tdiproxy.sys |
|
| Details | File | 77 | http.sys |
|
| Details | File | 4 | res.ini |
|
| Details | File | 36 | egui.exe |
|
| Details | File | 53 | ekrn.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 8 | res.dat |
|
| Details | File | 2 | defendersvc.dll |
|
| Details | File | 2 | iesockethlp.dll |
|
| Details | File | 32 | %systemroot%\system32\svchost.exe |
|
| Details | File | 2 | msrpcsvc.dll |
|
| Details | File | 50 | a.exe |
|
| Details | File | 2 | smadhook64c.dll |
|
| Details | File | 5 | libmupdf.dll |
|
| Details | File | 2 | smadavprotect64.exe |
|
| Details | File | 11 | form.exe |
|
| Details | File | 175 | update.exe |
|
| Details | File | 2 | tdiproip.sys |
|
| Details | File | 2 | iehlpsrv.dll |
|
| Details | File | 2 | usbhpms.sys |
|
| Details | File | 6 | ssmuidll.dll |
|
| Details | File | 7 | tosbtkbd.dll |
|
| Details | File | 2 | klcsstd2.dll |
|
| Details | File | 2 | comhlpsvc.dll |
|
| Details | File | 2 | searchsrvc.exe |
|
| Details | File | 2 | comhlpsvc32.dll |
|
| Details | File | 6 | intel.exe |
|
| Details | File | 2 | tfc_windows_amd64.exe |
|
| Details | File | 2 | deliver.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 8 | tool.exe |
|
| Details | File | 22 | browser.exe |
|
| Details | File | 10 | python27.dll |
|
| Details | File | 15 | frpc.exe |
|
| Details | File | 3 | ssf.exe |
|
| Details | File | 2 | intel_drive.exe |
|
| Details | File | 2 | smbver.exe |
|
| Details | File | 2 | smb2os.exe |
|
| Details | File | 2 | ntmsvc.dll |
|
| Details | File | 2 | lsassunhooker.exe |
|
| Details | File | 7 | ladon.exe |
|
| Details | File | 6 | nbt.exe |
|
| Details | File | 2 | pot.exe |
|
| Details | sha256 | 2 | 1f09d177c99d429ae440393ac9835183d6fd1f1af596089cc01b68021e2e29a7 |
|
| Details | sha256 | 2 | 180970fce4a226de05df6d22339dd4ae03dfd5e451dcf2d464b663e86c824b8e |
|
| Details | sha256 | 2 | d5df686bb202279ab56295252650b2c7c24f350d1a87a8a699f6034a8c0dd849 |
|
| Details | sha256 | 2 | 13df2d19f6d2719beeff3b882df1d3c9131a292cf097b27a0ffca5f45e139581 |
|
| Details | sha256 | 2 | 8f64c25ba85f8b77cfba3701bebde119f610afef6d9a5965a3ed51a4a4b9dead |
|
| Details | sha256 | 2 | 8e98eed2ec14621feda75e07379650c05ce509113ea8d949b7367ce00fc7cd38 |
|
| Details | sha256 | 2 | 89e503c2db245a3db713661d491807aab3d7621c6aff00766bc6add892411ddc |
|
| Details | sha256 | 2 | c840e3cae2d280ff0b36eec2bf86ad35051906e484904136f0e478aa423d7744 |
|
| Details | sha256 | 2 | 5f16633dbf4e6ccf0b1d844b8ddfd56258dd6a2d1e4fb4641e2aa508d12a5075 |
|
| Details | sha256 | 2 | ff4c2a91a97859de316b434c8d0cd5a31acb82be8c62b2df6e78c47f85e57740 |
|
| Details | sha256 | 2 | 14edb3de511a6dc896181d3a1bc87d1b5c443e6aea9eeae70dbca042a426fcf3 |
|
| Details | sha256 | 2 | db5deded638829654fc1595327400ed2379c4a43e171870cfc0b5f015fad3a03 |
|
| Details | sha256 | 2 | e244d1ef975fcebb529f0590acf4e7a0a91e7958722a9f2f5c5c05a23dda1d2c |
|
| Details | sha256 | 2 | f76e001a7ccf30af0706c9639ad3522fd8344ffbdf324307d8e82c5d52d350f2 |
|
| Details | sha256 | 2 | dc182a0f39c5bb1c3a7ae259f06f338bb3d51a03e5b42903854cdc51d06fced6 |
|
| Details | sha256 | 3 | fa5f32457d0ac4ec0a7e69464b57144c257a55e6367ff9410cf7d77ac5b20949 |
|
| Details | sha256 | 2 | fe7a6954e18feddeeb6fcdaaa8ac9248c8185703c2505d7f249b03d8d8897104 |
|
| Details | sha256 | 2 | 341d8274cc1c53191458c8bbc746f428856295f86a61ab96c56cd97ee8736200 |
|
| Details | sha256 | 2 | f3478ccd0e417f0dc3ba1d7d448be8725193a1e69f884a36a8c97006bf0aa0f4 |
|
| Details | sha256 | 2 | 750b541a5f43b0332ac32ec04329156157bf920f6a992113a140baab15fa4bd3 |
|
| Details | sha256 | 2 | 9f00cee1360a2035133e5b4568e890642eb556edd7c2e2f5600cf6e0bdcd5774 |
|
| Details | sha256 | 2 | a9051dc5e6c06a8904bd8c82cdd6e6bd300994544af2eed72fe82df5f3336fc0 |
|
| Details | sha256 | 2 | d62596889938442c34f9132c9587d1f35329925e011465c48c94aa4657c056c7 |
|
| Details | sha256 | 2 | f0003e08c34f4f419c3304a2f87f10c514c2ade2c90a830b12fdf31d81b0af57 |
|
| Details | sha256 | 2 | 139c39e0dc8f8f4eb9b25b20669b4f30ffcbe2197e3a9f69d0043107d06a2cb4 |
|
| Details | sha256 | 2 | 11bb47cb7e51f5b7c42ce26cbff25c2728fa1163420f308a8b2045103978caf5 |
|
| Details | sha256 | 2 | 0abc1d12ef612490e37eedb1dd1833450b383349f13ddd3380b45f7aaabc8a75 |
|
| Details | sha256 | 3 | eb3b4e82ddfdb118d700a853587c9589c93879f62f576e104a62bdaa5a338d7b |
|
| Details | sha256 | 3 | 1ab4f52ff4e4f3aa992a77d0d36d52e796999d6fc1a109b9ae092a5d7492b7dd |
|
| Details | sha256 | 2 | fae713e25b667f1c42ebbea239f7b1e13ba5dc99b225251a82e65608b3710be7 |
|
| Details | sha256 | 2 | a6020794bd6749e0765966cd65ca6d5511581f47cc2b38e41cb1e7fddaa0b221 |
|
| Details | sha256 | 2 | 592e237925243cf65d30a0c95c91733db593da64c96281b70917a038da9156ae |
|
| Details | sha256 | 2 | 929b771eabef5aa9e3fba8b6249a8796146a3a4febfd4e992d99327e533f9798 |
|
| Details | sha256 | 2 | 009d8d1594e9c8bc40a95590287f373776a62dad213963662da8c859a10ef3b4 |
|
| Details | sha256 | 2 | ef08f376128b7afcd7912f67e2a90513626e2081fe9f93146983eb913c50c3a8 |
|
| Details | sha256 | 2 | ee486e93f091a7ef98ee7e19562838565f3358caeff8f7d99c29a7e8c0286b28 |
|
| Details | sha256 | 2 | 32d837a4a32618cc9fc1386f0f74ecf526b16b6d9ab6c5f90fb5158012fe2f8c |
|
| Details | sha256 | 2 | a1f9b76ddfdafc47d4a63a04313c577c0c2ffc6202083422b52a00803fd8193d |
|
| Details | sha256 | 2 | 3ce38a2fc896b75c2f605c135297c4e0cddc9d93fc5b53fe0b92360781b5b94e |
|
| Details | sha256 | 2 | 210934a2cc59e1f5af39aa5a18aae1d8c5da95d1a8f34c9cfc3ab42ecd37ac92 |
|
| Details | sha256 | 2 | 530c7d705d426ed61c6be85a3b2b49fd7b839e27f3af60eb16c5616827a2a436 |
|
| Details | sha256 | 2 | 5018fe25b7eac7dd7bc30c7747820e3c1649b537f11dbaa9ce6b788b361133bf |
|
| Details | sha256 | 2 | efa9e9e5da6fba14cb60cba5dbd3f180cb8f2bd153ca78bbacd03c270aefd894 |
|
| Details | sha256 | 2 | a5a4dacddfc07ec9051fb7914a19f65c58aad44bbd3740d7b2b995262bd0c09e |
|
| Details | sha256 | 2 | 10b96290a17511ee7a772fcc254077f62a8045753129d73f0804f3da577d2793 |
|
| Details | sha256 | 2 | 0dcfcdf92e85191de192b4478aba039cb1e1041b1ae7764555307e257aa566a7 |
|
| Details | sha256 | 2 | 415f9dc11fe242b7a548be09a51a42a4b5c0f9bc5c32aeffe7a98940b9c7fc04 |
|
| Details | sha256 | 2 | 947f7355aa6068ae38df876b2847d99a6ca458d67652e3f1486b6233db336088 |
|
| Details | sha256 | 2 | 8d77fe4370c864167c1a712d0cc8fe124b10bd9d157ea59db58b42dea5007b63 |
|
| Details | sha256 | 2 | d8cc2dc0a96126d71ed1fce73017d5b7c91465ccd4cdcff71712381af788c16d |
|
| Details | sha256 | 3 | e94a5bd23da1c6b4b8aec43314d4e5346178abe0584a43fa4a204f4a3f7464b9 |
|
| Details | sha256 | 2 | 5655a2981fa4821fe09c997c84839c16d582d65243c782f45e14c96a977c594e |
|
| Details | sha256 | 2 | 19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169 |
|
| Details | sha256 | 3 | 41d174514ed71267aaff578340ff83ef00dbb07cb644d2b1302a18aa1ca5d2d0 |
|
| Details | sha256 | 3 | 67ebc03e4fbf1854a403ea1a3c6d9b19fd9dc2ae24c7048aafbbff76f1bea675 |
|
| Details | sha256 | 3 | f92cac1121271c2e55b34d4e493cb64cdb0d4626ee30dc77016eb7021bf63414 |
|
| Details | sha256 | 2 | 859e76b6cda203e84a7b234c5cba169a7a02bf028a5b75e2ca8f1a35c4884065 |
|
| Details | sha256 | 2 | fcdec9d9b195b8ed827fb46f1530502816fe6a04b1f5e740fda2b126df2d9fd5 |
|
| Details | sha256 | 2 | 9584df964369c1141f9fc234c64253d8baeb9d7e3739b157db5f3607292787f2 |
|
| Details | sha256 | 2 | 711a347708e6d94da01e4ee3b6cdb9bcc96ebd8d95f35a14e1b67def2271b2e9 |
|
| Details | sha256 | 2 | f040a173b954cdeadede3203a2021093b0458ed23727f849fc4c2676c67e25db |
|
| Details | sha256 | 2 | 90edb2c7c3ba86fecc90e80ac339a42bd89fbaa3f07d96d68835725b2e9de3ba |
|
| Details | sha256 | 2 | b0d25b06e59b4cca93e40992fa0c0f36576364fcf1aca99160fd2a1faa5677a2 |
|
| Details | sha256 | 2 | 4c55f48b37f3e4b83b6757109b6ee0a661876b41428345239007882993127397 |
|
| Details | sha256 | 2 | 3e1c8d982b1257471ab1660b40112adf54f762c570091496b8623b0082840e9f |
|
| Details | sha256 | 2 | 9830f6abec64b276c9f327cf7c6817ad474b66ea61e4adcb8f914b324da46627 |
|
| Details | sha256 | 2 | 79ae300ac4f1bc7636fe44ce2faa7e5556493f7013fc5c0a3863f28df86a2060 |
|
| Details | IPv4 | 2 | 1.6.0.23 |
|
| Details | IPv4 | 5 | 1.3.0.1 |
|
| Details | IPv4 | 15 | 1.0.0.3 |
|
| Details | IPv4 | 2 | 14.7.3.12 |
|
| Details | Mandiant Temporary Group Assumption | 2 | TEMP.TEMP |
|
| Details | Pdb | 2 | c:\google\objchk_win7_amd64\amd64\google.pdb |
|
| Details | Pdb | 2 | form.pdb |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ptdf |
|
| Details | Windows Registry Key | 2 | HKEY_CLASSES_ROOT\.udf |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ecdf |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.tudf |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exfat |
|
| Details | Windows Registry Key | 2 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD |