Sony Pictures Entertainmentへの攻撃に使用されたマルウェアに関する情報をまとめてみた

2014-12-28 piyokango We have compiled information about the malware used in the attack on Sony Pictures Entertainment.

http://d.hatena.ne.jp/Kango/20141228/1419787781

Thumbnail for Sony Pictures Entertainmentへの攻撃に使用されたマルウェアに関する情報をまとめてみた

The excerpt analyzes malware used in the Sony Pictures Entertainment attack, including a dropper that deployed main modules, proxy tooling, disk destruction components, and cleanup functionality. One component sent log data to C2 every five minutes, including lists of systems where authentication succeeded, while another thread attempted SMB authentication and copied files to newly accessible hosts. The wiper registered itself as a service, copied itself under randomized names, deleted files on fixed and network drives while skipping Windows and Program Files directories, and attempted administrative share access using embedded credential lists. The technical details emphasize lateral movement, credential-based propagation, C2 reporting, and destructive drive/file operations observed in the SPE malware set.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 760c35a80d758f032d02cf4db12d3e55 2014-12-04 2023-05-02
HASH e904bf93403c0fb08b9683a9e858c73e 2014-12-04 2018-11-01
HASH 7e5fee143fb44fdb0d24a1d32b2bd4bb 2014-12-28 2014-12-28
HASH 4ef0ad7ad4fe3ef4fb3db02cd82bface 2014-12-19 2014-12-28
HASH eb435e86604abced7c4a2b11c4637a52 2014-12-19 2014-12-28
HASH 7e48d5ba6e6314c46550ad226f2b3c67 2014-12-19 2014-12-28
HASH 93bc819011b2b3da8487f964f29eb934 2014-12-19 2014-12-28
HASH 7759c7d2c6d49c8b0591a3a7270a44da 2014-12-19 2014-12-28
HASH 0bb82def661dd013a1866f779b455cf3 2014-12-19 2014-12-28
HASH 68a26b8eaf2011f16a58e4554ea576a1 2014-12-19 2014-12-28
HASH f6f48551d7723d87daeef2e840ae008f 2014-12-19 2014-12-28
HASH 3b9da603992d8001c1322474aac25f87 2014-12-19 2014-12-28
HASH a385900a36cad1c6a2022f31e8aca9f7 2014-12-19 2014-12-28
HASH 838e57492f632da79dcd5aa47b23f8a9 2014-12-19 2014-12-28
HASH c905a30badb458655009799b1274205c 2014-12-19 2014-12-28
HASH 11c9374cea03c3b2ca190b9a0fd2816b 2014-12-19 2014-12-28
HASH 734740b16053ccc555686814a93dfbeb 2014-12-19 2014-12-28
HASH b8ffff8b57586d24e1e65cd0b0ad9173 2014-12-19 2014-12-28
HASH 9ab7f2bf638c9d911c2c742a574db89e 2014-12-19 2014-12-28
HASH 7bea4323807f7e8cf53776e24cbd71f1 2014-12-19 2014-12-28
HASH 0a87c6f29f34a09acecce7f516cc7fdb 2014-12-19 2014-12-28
HASH 194ae075bf53aa4c83e175d4fa1b9d89 2014-12-19 2014-12-28
HASH f57e6156907dc0f6f4c9e2c5a792df48 2014-12-19 2014-12-28
HASH 7fb0441a08690d4530d2275d4d7eb351 2014-12-19 2014-12-28
HASH e509881b34a86a4e2b24449cf386af6a 2014-12-19 2014-12-28
HASH 9761dd113e7e6673b94ab4b3ad552086 2014-12-19 2014-12-28
HASH a565e8c853b8325ad98f1fac9c40fb88 2014-12-19 2014-12-28
HASH 25fb1e131f282fa25a4b0dec6007a0ce 2014-12-19 2014-12-28
HASH 74982cd1f3be3d0acfb0e6df22dbcd67 2014-12-19 2014-12-28
HASH ed7a9c6d9fc664afe2de2dd165a9338c 2014-12-19 2014-12-28
HASH 8dec36d7f5e6cbd5e06775771351c54e 2014-12-19 2014-12-28
HASH 40adcd738c5bdc5e1cc3ab9a48b3df39 2014-12-19 2014-12-28
HASH 2618dd3e5c59ca851f03df12c0cab3b8 2014-12-04 2014-12-28
HASH e1864a55d5ccb76af4bf7a0ae16279ba 2014-12-04 2014-12-28
HASH 6aeac618e29980b69721158044c2e544 2014-12-04 2014-12-28
HASH 86e212b7fc20fc406c692400294073ff 2014-12-04 2014-12-28
HASH b80aa583591eaf758fd95ab4ea7afe39 2014-12-04 2014-12-28
HASH d1c27ee7ce18675974edf42d4eea25c6 2014-12-04 2014-12-28
IPv4 208.105.226.235 2014-12-04 2014-12-28
IPv4 58.185.154.99 2014-12-04 2014-12-28
IPv4 212.31.102.100 2014-12-04 2014-12-28
IPv4 217.96.33.164 2014-12-04 2014-12-28
IPv4 200.87.126.116 2014-12-04 2014-12-28
IPv4 203.131.222.102 2014-12-04 2014-12-28
IPv4 88.53.215.64 2014-12-04 2014-12-28

Related Reports

« Back