Cookieヘッダーを用いてC&CサーバとやりとりするマルウエアChChes(2017-01-26) - JPCERT/CC Eyes
Tags
| country: | Italy |
| attack-pattern: | Data Code Signing - T1553.002 Software - T1592.002 Code Signing - T1116 |
Common Information
| Type | Value |
|---|---|
| UUID | aa9be08d-d655-4aa3-9ee1-7f301a1b194c |
| Fingerprint | fed0769fc729251b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 26, 2017, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | JPCERT/CC Eyes |
| Title | Cookieヘッダーを用いてC&CサーバとやりとりするマルウエアChChes(2017-01-26) - JPCERT/CC Eyes |
| Detected Hints/Tags/Attributes | 19/2/43 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.jpcert.or.jp/magazine/acreport-ChChes.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 24 | arc4.new |
|
| Details | Domain | 10 | www.verisign.com |
|
| Details | Domain | 4 | area.wthelpdesk.com |
|
| Details | Domain | 4 | dick.ccfchrist.com |
|
| Details | Domain | 3 | kawasaki.cloud-maste.com |
|
| Details | Domain | 4 | kawasaki.unhamj.com |
|
| Details | Domain | 3 | sakai.unhamj.com |
|
| Details | Domain | 4 | scorpion.poulsenv.com |
|
| Details | Domain | 4 | trout.belowto.com |
|
| Details | Domain | 4 | zebra.wthelpdesk.com |
|
| Details | Domain | 2 | hamiltion.catholicmmb.com |
|
| Details | Domain | 1 | gavin.ccfchrist.com |
|
| Details | File | 1 | mtd1xyojmq.htm |
|
| Details | File | 50 | hashlib.md5 |
|
| Details | File | 1 | mal.cer |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 748 | kernel32.dll |
|
| Details | sha256 | 2 | 5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1 |
|
| Details | sha256 | 2 | ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145 |
|
| Details | sha256 | 2 | 2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910 |
|
| Details | sha256 | 2 | 19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b |
|
| Details | sha256 | 2 | 316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d |
|
| Details | sha256 | 2 | efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057 |
|
| Details | sha256 | 2 | e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b |
|
| Details | sha256 | 2 | 9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c |
|
| Details | sha256 | 2 | bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91 |
|
| Details | sha256 | 2 | e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e |
|
| Details | sha256 | 2 | e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0 |
|
| Details | sha256 | 2 | d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed |
|
| Details | sha256 | 2 | 2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699 |
|
| Details | sha256 | 2 | 312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3 |
|
| Details | sha256 | 1 | 4ff6a97d06e2e843755be8697f3324be36e1ebeb280bb45724962ce4b6710297 |
|
| Details | sha256 | 2 | 45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2 |
|
| Details | sha256 | 2 | cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628 |
|
| Details | sha256 | 1 | 75ef6ea0265d2629c920a6a1c0d1dd91d3c0eda86445c7d67ebb9b30e35a2a9f |
|
| Details | sha256 | 1 | 471b7edbd3b344d3e9f18fe61535de6077ea9fd8aa694221529a2ff86b06e856 |
|
| Details | sha256 | 1 | ae0dd5df608f581bbc075a88c48eedeb7ac566ff750e0a1baa7718379941db86 |
|
| Details | sha256 | 1 | 646f837a9a5efbbdde474411bb48977bff37abfefaa4d04f9fb2a05a23c6d543 |
|
| Details | sha256 | 1 | 3d5e3648653d74e2274bb531d1724a03c2c9941fdf14b8881143f0e34fe50f03 |
|
| Details | sha256 | 1 | 9fbd69da93fbe0e8f57df3161db0b932d01b6593da86222fabef2be31899156d |
|
| Details | sha256 | 1 | 723983883fc336cb575875e4e3ff0f19bcf05a2250a44fb7c2395e564ad35d48 |
|
| Details | sha256 | 1 | f45b183ef9404166173185b75f2f49f26b2e44b8b81c7caf6b1fc430f373b50b |
|
| Details | Url | 4 | https://www.verisign.com/rpa |