攻撃キャンペーンDangerousPasswordに関連する攻撃動向

2023-05-01 JPCERT Attack trends related to the attack campaign DangerousPassword

https://blogs.jpcert.or.jp/ja/2023/05/dangerouspassword.html

Thumbnail for 攻撃キャンペーンDangerousPasswordに関連する攻撃動向

JPCERT/CC described recent DangerousPassword activity, also known as CryptoMimic or SnatchCrypto, against cryptocurrency exchange businesses, a campaign it has tracked since 2019. The source says attackers continued shortcut-file delivery but also used LinkedIn messages with RAR-packed CHM files, malicious OneNote files, VHD containers, and macOS-focused payloads to infect targets. The infection chains download MSI or DLL payloads, run PowerShell or curl commands, collect host information, post encoded data to attacker infrastructure, and adjust behavior when antivirus products are detected. The report highlights social-media recruiting lures and cross-platform tradecraft, and lists C2 domains such as azure.protection-service.cloud and docs.azure-protection.cloud plus many malware hashes for defensive tracking.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 26e376fc80b090b2ee04e7d3104d308… 2023-05-01 2023-06-06
DOMAIN web.j-ic.co 2023-05-01 2023-06-06
DOMAIN autoprotect.com.de 2023-02-16 2023-06-06
HASH 9525f5081a5a7ab7d35cf2fb2d7524e… 2023-05-01 2023-05-22
HASH 7981ebf35b5eff8be2f3849c8f3085b… 2023-05-01 2023-05-22
HASH c56a97efd6d3470e14193ac9e194fa4… 2023-05-01 2023-05-22
HASH 38106b043ede31a66596299f17254d3… 2023-05-01 2023-05-22
HASH a3f087c83453cde2bc845122c05ebeb… 2023-05-01 2023-05-12
HASH 5ad84c75b4a8825a4ee49fcb2ab895f… 2023-05-01 2023-05-12
HASH f14c5bad5219b1ed5166eb02f5ff08a… 2023-05-01 2023-05-12
HASH 5816eb32cbaadfc3477c823293a8c49… 2023-05-01 2023-05-12
HASH 741be5e53a5dc7cebaa63d6ff624c5e… 2023-05-01 2023-05-12
HASH 4fb31b9f5432fd09f1fa51a35e8de98… 2023-05-01 2023-05-12
HASH bdd109cba8346548dd6fe5110180aa2… 2023-05-01 2023-05-12
HASH a064e62cb168affa9dac8a4374b582b… 2023-05-01 2023-05-12
HASH 248867e775fda3c6c03c1daeb0e10d2… 2023-05-01 2023-05-12
HASH 9f7a7717884519763f043c39c1cb2a9… 2023-05-01 2023-05-12
HASH 049bfff97fbb2c5e53eeed6df36d2c9… 2023-05-01 2023-05-12
HASH 3a4aed5b9ad0827696a1bb5f3497a6a… 2023-05-01 2023-05-12
HASH eee5ee98f57ab2b30a3bf04b8fa9d7b… 2023-05-01 2023-05-12
HASH 1bc742f1aebbc12220cd6bf761509fd… 2023-05-01 2023-05-12
HASH a2fd03354c2ec433d2eedc28e85c0fe… 2023-05-01 2023-05-12
HASH 02acbedc105104541e67eec1ef845c7… 2023-05-01 2023-05-12
HASH 9472f5ecac1672186bc1275cc70f024… 2023-05-01 2023-05-12
HASH f0b6d6981e06c7be2e45650e5f6d395… 2023-05-01 2023-05-12
HASH a1a30091cf25740468cd1894d39fce0… 2023-05-01 2023-05-12
HASH ab31b0cb796b3ae001fb4d12d9cac8c… 2023-05-01 2023-05-12
HASH 5f4f006bfb9136c304e0aabf7557536… 2023-05-01 2023-05-12
HASH b63bca8d35653ce17b99b89f00fbee9… 2023-05-01 2023-05-12
HASH a131edf272f1df1c841a9c457a50011… 2023-05-01 2023-05-12
HASH 8a7ba38d597e8230609df4153039d1b… 2023-05-01 2023-05-12
HASH 31908e42d8cb30f5bda71516de7c5c6… 2023-05-01 2023-05-12
HASH f0cf1829a93751d2f7e812545af079a… 2023-05-01 2023-05-12
HASH 7e2b38decf1f826fbb792d762d9e6a2… 2023-05-01 2023-05-12
HASH 782f24a4b8fa692489ddfdac5eb989f… 2023-05-01 2023-05-12
HASH 4867215129fead94a52e4b62ef6851b… 2023-05-01 2023-05-12
HASH d18cda8fc17f0c412b209dda24784cb… 2023-05-01 2023-05-12
HASH 7935839ab987a47b9bacc2daf12e7af… 2023-05-01 2023-05-12
HASH 60701bdae4b33de7c53e4a0708b7187… 2023-05-01 2023-05-12
HASH d6c3d0d2dedfa37cd1bebded60f303b… 2023-05-01 2023-05-12
HASH ba186a1a97d4f647dad39cb3ccae546… 2023-05-01 2023-05-12
HASH d0072130eb4ee81ffba5b703a16c276… 2023-05-01 2023-05-12
HASH fc07a2468fafc762e106dd33fd0734a… 2023-05-01 2023-05-12
HASH 48bd1c5cf9ccc3d454ab80d7284abaf… 2023-05-01 2023-05-12
DOMAIN openaibt.com 2023-05-01 2023-05-12
IPv4 104.200.137.32 2023-05-01 2023-05-12
HASH 826f2a2a25f7b7d42f54d18a99f6721… 2022-11-29 2023-05-12

Related Reports

« Back