攻撃グループBlackTechが使用するマルウェアGh0stTimes - JPCERT/CC Eyes
Tags
| attack-pattern: | Data Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | aad61d49-05e3-4b4f-a857-0b2389fbc91b |
| Fingerprint | cba6d2016b9f8c2a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 28, 2021, midnight |
| Added to db | Sept. 11, 2022, 12:29 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | JPCERT/CC Eyes |
| Title | 攻撃グループBlackTechが使用するマルウェアGh0stTimes - JPCERT/CC Eyes |
| Detected Hints/Tags/Attributes | 11/1/33 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blogs.jpcert.or.jp/ja/2021/09/gh0sttimes.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 2 | cve-2021-3019 |
|
| Details | CVE | 10 | cve-2021-28482 |
|
| Details | CVE | 2 | cve-2021-1472 |
|
| Details | CVE | 2 | cve-2021-1473 |
|
| Details | CVE | 2 | cve-2021-28149 |
|
| Details | CVE | 2 | cve-2021-28152 |
|
| Details | CVE | 6 | cve-2021-21975 |
|
| Details | CVE | 4 | cve-2021-21983 |
|
| Details | CVE | 16 | cve-2018-2628 |
|
| Details | CVE | 2 | cve-2021-2135 |
|
| Details | Domain | 2 | fb.read |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | tftpupdate.ftpserver.biz |
|
| Details | Domain | 2 | update.centosupdates.com |
|
| Details | Domain | 1 | osscach2023.hicloud.tw |
|
| Details | Github username | 1 | yang0615777 |
|
| Details | Github username | 1 | liuxu54898 |
|
| Details | Github username | 4 | knownsec |
|
| Details | sha256 | 1 | 01581f0b1818db4f2cdd9542fd8d663896dc043efb6a80a92aadfac59ddb7684 |
|
| Details | sha256 | 1 | 18a696b09d0b7e41ad8ab6a05b84a3022f427382290ce58f079dec7b07e86165 |
|
| Details | sha256 | 1 | 15b8dddbfa37317ccdfbc340764cd0f43b1fb8915b1817b5666c4816ccb98e7c |
|
| Details | sha256 | 1 | 849ec6055f0c18eff76170912d8500d3da7be1435a9117d67f2134138c7e70c3 |
|
| Details | sha256 | 1 | f19ab3fcbc555a059d953196b6d1b04818a59e2dc5075cf1357cee84c9d6260b |
|
| Details | sha256 | 1 | 836b873ab9807fbdd8855d960250084c89af0c4a6ecb75991542a7deb60bd119 |
|
| Details | sha256 | 1 | a69a2b2a6f5a68c466880f4c634bad137cb9ae39c2c3e30c0bc44c2f07a01e8a |
|
| Details | sha256 | 1 | bd02ca03355e0ee423ba0e31384d21b4afbd8973dc888480bd4376310fe6af71 |
|
| Details | IPv4 | 1 | 108.61.163.36 |
|
| Details | IPv4 | 2 | 107.191.61.40 |
|
| Details | IPv4 | 1 | 103.85.24.122 |
|
| Details | IPv4 | 1 | 106.186.121.154 |
|
| Details | Url | 1 | https://github.com/yang0615777/poclist |
|
| Details | Url | 1 | https://github.com/liuxu54898/cve-2021-3019 |
|
| Details | Url | 1 | https://github.com/knownsec/pocsuite3 |