攻撃グループTickによる日本の組織をターゲットにした攻撃活動 - JPCERT/CC Eyes
Tags
| attack-pattern: | Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | bdf941bf-3755-4ae8-a5e2-d38acd620412 |
| Fingerprint | dbb2da873de2c94c |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 19, 2019, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:31 p.m. |
| Headline | JPCERT/CC Eyes |
| Title | 攻撃グループTickによる日本の組織をターゲットにした攻撃活動 - JPCERT/CC Eyes |
| Detected Hints/Tags/Attributes | 19/1/46 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 6 | cve-2016-7836 |
|
| Details | Domain | 2 | www.rakutenline.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 7 | www.secureworks.jp |
|
| Details | Domain | 26 | www.jpcert.or.jp |
|
| Details | Domain | 2 | menu.rakutenline.com |
|
| Details | Domain | 2 | www.sa-guard.com |
|
| Details | Domain | 2 | menu.sa-guard.com |
|
| Details | Domain | 2 | www.han-game.com |
|
| Details | Domain | 2 | menu.han-game.com |
|
| Details | Domain | 3 | www.aromatictree.co.kr |
|
| Details | Domain | 1 | rp.thumbbay.com |
|
| Details | Domain | 2 | www.amamihanahana.com |
|
| Details | Domain | 1 | www.kdcnet.co.kr |
|
| Details | File | 3 | hp.php |
|
| Details | File | 674 | node.js |
|
| Details | File | 59 | app.js |
|
| Details | File | 27 | node.exe |
|
| Details | File | 1 | flash.vbs |
|
| Details | File | 4 | app.json |
|
| Details | File | 2 | auto.json |
|
| Details | File | 2 | getproxy.exe |
|
| Details | File | 3 | uninstaller.exe |
|
| Details | File | 1 | マルウエア本体となるapp.js |
|
| Details | File | 1 | このapp.js |
|
| Details | File | 1 | はnode.js |
|
| Details | File | 1 | at160051.html |
|
| Details | sha256 | 2 | f36db81d384e3c821b496c8faf35a61446635f38a57d04bde0b3dfd19b674587 |
|
| Details | sha256 | 2 | f71a3a772f4316ab3c940f94aab3d52eabe7ee9da311b112a12eacfcadddb85e |
|
| Details | sha256 | 2 | c6cf0ad6d1e687b185407ee450a5b8e9a8ab60461f5c051251badb245df6245f |
|
| Details | sha256 | 2 | d1617e7ec278484920c05476eabf783d399d6c03e8d8ab69e2f1fcb6a76417b4 |
|
| Details | sha256 | 2 | 6530f94ac6d5b7b1da6b881aeb5df078fcc3ebffd3e2ba37585a37b881cde7d3 |
|
| Details | sha256 | 3 | e38d3a7a86a72517b6ebea89cfd312db0f433385a33d87f2ec8bf83a62396bb3 |
|
| Details | sha256 | 4 | d91894e366bb1a8362f62c243b8d6e4055a465a7f59327089fa041fe8e65ce30 |
|
| Details | sha256 | 1 | a7adfd0258e40d4df8cbc2ad7a660fd1c73f8dc2b9a4becc585a712cb5cfa9f1 |
|
| Details | sha256 | 4 | 569ceec6ff588ef343d6cb667acf0379b8bc2d510eda11416a9d3589ff184189 |
|
| Details | sha256 | 3 | 517b2695bbf7164bfb9cab0a133bb0b1aeb387cbb7f30aa01bf5d6f89cca4214 |
|
| Details | sha256 | 2 | c2e87e5c0ed40806949628ab7d66caaf4be06cab997b78a46f096e53a6f49ffc |
|
| Details | sha256 | 1 | 4d4ad53fd47c2cc7338fab0de5bbba7cf45ee3d1d947a1942a93045317ed7b49 |
|
| Details | sha256 | 1 | 4dc63bc7bd8bcc758a75f48d573bcea62444db41f6d3bce7c1202265340ab577 |
|
| Details | IPv4 | 3 | 211.233.81.242 |
|
| Details | IPv4 | 2 | 110.45.203.133 |
|
| Details | IPv4 | 2 | 61.106.60.47 |
|
| Details | Url | 1 | https://www.symantec.com/connect/ja/blogs/tick |
|
| Details | Url | 2 | https://www.secureworks.jp/resources/rp-bronze-butler |
|
| Details | Url | 1 | https://www.jpcert.or.jp/at/2016/at160051.html |