防衛関連のファイルを装うマクロマルウェアの新しい手口 | セキュリティ研究センターブログ
Tags
Common Information
| Type | Value |
|---|---|
| UUID | b86d5395-9e19-4408-b337-56c183642f1e |
| Fingerprint | a8ffd585638a179b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 4, 2017, 2:01 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 14, 2024, 10:56 p.m. |
| Headline | |
| Title | 防衛関連のファイルを装うマクロマルウェアの新しい手口 | セキュリティ研究センターブログ |
| Detected Hints/Tags/Attributes | 5/0/19 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.macnica.net/blog/2017/12/post-8c22.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | thnjfy.cab |
|
| Details | Domain | 1 | web.casacam.net |
|
| Details | Domain | 1 | diamond.ninth.biz |
|
| Details | Domain | 4 | www.decalage.info |
|
| Details | Domain | 14 | analyze.intezer.com |
|
| Details | File | 1 | thnjfy.cab |
|
| Details | File | 1 | 主な処理はパーシステンスを確立するためにスタートアップにexeのショートカットリンクを作成する事とiexplorer.exe |
|
| Details | File | 1 | c2サーバとの通信はiexplorer.exe |
|
| Details | File | 56 | iexplorer.exe |
|
| Details | File | 3 | 2.docm |
|
| Details | File | 1 | lw32.exe |
|
| Details | File | 2 | vntfxf32.dll |
|
| Details | File | 12 | decalage.inf |
|
| Details | sha256 | 1 | 3dc047a44d664d58204709662e76adac0afe95cc95bd2505e175aacb1fea3a25 |
|
| Details | sha256 | 1 | 51461952833847467c126f071d3e6ede9613fed564170e6386a4c2722e973e18 |
|
| Details | sha256 | 1 | 3938436ab73dcd10c495354546265d5498013a6d17d9c4f842507be26ea8fafb |
|
| Details | Threat Actor Identifier - APT | 278 | APT10 |
|
| Details | Url | 1 | http://www.decalage.info |
|
| Details | Url | 1 | https://analyze.intezer.com |