概要
【辞書】
◆APT27 (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/apt27
◆Emissary Panda (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/emissary_panda
◆LuckyMouse (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/luckymouse
◆GOBLIN PANDA (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/goblin_panda
【概要】
■組織名
| 攻撃組織名 | 命名組織 |
|---|---|
| APT27 | FireEye |
| ARCHERFISH | iDefense |
| Bronze Union | SecureWorks |
| Circle Typhoon | Microsoft |
| Emissary Panda | CrowdStrike, NCC Group |
| Earth Smilodon | Trend Micro |
| G0027 | MITRE |
| GreedyTaotie | Malpedia |
| Goblin Panda | Fortinet, CrowdStrike |
| Group 35 | Cisco |
| HIPPOTeam | Thales Group |
| Iron Taurus | Unit 42 (Palo Alto) |
| Iron Tiger | Trend Micro |
| Linen Typhoon | Microsoft |
| LuckyMouse | Kaspersky |
| Red Phoenix | Microsoft |
| TEMP.Hippo | Malpedia |
| TG-3390 | SecureWorks |
| Threat Group-3390 | MITRE |
| ZipToken | Malpedia |
■関係国
- 中国
【最新情報】
◆McCrary report flags China’s escalating cyber tactics, warns of Typhoon cyber threats to US critical infrastructure (Indistrial Cyber, 2025/10/30)
[マクラリー報告書は中国のエスカレートするサイバー戦術を指摘し、米国の重要インフラに対する台風サイバー脅威を警告]
https://industrialcyber.co/reports/mccrary-report-flags-chinas-escalating-cyber-tactics-warns-of-typhoon-cyber-threats-to-us-critical-infrastructure/
⇒ https://malware-log.hatenablog.com/entry/2025/10/30/000000
記事
【ニュース】
■2015年
◆Threat Group 3390 Cyberespionage (Secureworks, 2015/08/05)
https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
⇒ http://malware-log.hatenablog.com/entry/2015/08/05/000000_3
■2018年
◆LuckyMouse uses malicious NDISProxy Windows driver to target gov't entities (ZDNet, 2018/09/10)
https://www.zdnet.com/article/luckymouse-targets-govt-entities-through-malicious-ndisproxy-driver/
⇒ http://malware-log.hatenablog.com/entry/2018/09/10/000000_5
◆Kaspersky Lab、サイバー犯罪組織「LuckyMouse」が盗んだ正規のデジタル証明書でマルウェアに署名し、攻撃に利用していることを確認 (産経新聞, 2018/09/18 14:44)
http://www.sankei.com/economy/news/180918/prl1809180243-n1.html
⇒ http://malware-log.hatenablog.com/entry/2018/09/18/185335
■2019年
◆RSAC 2019: Bronze Union APT Updates Remote Access Trojans in Fresh Wave of Attacks (ThreatPost, 2019/02/27)
https://threatpost.com/bronze-union-apt-updates-remote-access-trojans-in-fresh-wave-of-attacks/142219/
⇒ http://malware-log.hatenablog.com/entry/2019/02/27/000000_4
◆少数ながら、APTグループ「Emmissary Panda」に類似した攻撃を検知(ラック)(NetSecurity, 2019/12/26 06:06)
https://scan.netsecurity.ne.jp/article/2019/12/26/43462.html
⇒ https://malware-log.hatenablog.com/entry/2019/12/26/000000_8
■2021年
◆China's APT hackers move to ransomware attacks (BleepingComputer, 2021/01/04 09:36)
[中国のAPTハッカーがランサムウェア攻撃に動く]
https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/
⇒ https://malware-log.hatenablog.com/entry/2021/01/04/000000
◆APT27 continues targeting the gambling industry. New APT34 activity. Malicious code in APKPure app store. (Cyberwire, 2021/04/14)
[APT27は引き続きギャンブル業界を標的にしています。新たなAPT34の活動。APKPureアプリストアに悪意のあるコード]
https://thecyberwire.com/newsletters/research-briefing/3/15
⇒ https://malware-log.hatenablog.com/entry/2021/04/14/000000_3
■2022年
◆サイバー攻撃の被害に遭った赤十字、「国家が支援」するハッカーが未パッチの脆弱性を悪用したと発表 (TechCrunch, 2022/02/18)
https://jp.techcrunch.com/2022/02/18/2022-02-16-red-cross-links-january-cyberattack-to-state-sponsored-hackers/
⇒ https://malware-log.hatenablog.com/entry/2022/02/18/000000_3
◆中国系ハッカーが台湾の重要インフラを攻撃しない理由 (Wedge, 2022/08/08 13:46)
https://wedge.ismedia.jp/articles/-/27534
⇒ https://malware-log.hatenablog.com/entry/2022/08/08/000000_2
◆Chinese hackers backdoor chat app with new Linux, macOS malware (BleepingComputer, 2022/08/12)
[中国のハッカーがLinuxとmacOSの新マルウェアでチャットアプリをバックドア化]
https://www.bleepingcomputer.com/news/security/chinese-hackers-backdoor-chat-app-with-new-linux-macos-malware/
⇒ https://malware-log.hatenablog.com/entry/2022/08/12/000000_4
■2025年
◇2025年3月
◆US charges Chinese hackers linked to critical infrastructure breaches (BleepingComputer, 2025/03/05 12:23)
[米国、重要インフラへの侵入に関与した中国人ハッカーを起訴]
https://www.bleepingcomputer.com/news/security/us-charges-chinese-hackers-linked-to-critical-infrastructure-breaches/
⇒ https://malware-log.hatenablog.com/entry/2025/03/05/000000_1
◆中国系ハッカー集団「APT27」メンバーを含む12人をアメリカ司法省が起訴 (Gigazine, 2025/03/06 14:00)
https://gigazine.net/news/20250306-doj-charges-apt27-member/
⇒ https://malware-log.hatenablog.com/entry/2025/03/06/000000
◇2025年7月
◆Microsoft links Sharepoint ToolShell attacks to Chinese hackers (BleepingComputer, 2025/07/22 07:26)
[Microsoft、Sharepoint ToolShell 攻撃を中国のハッカーと関連付け]
https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/
⇒ https://malware-log.hatenablog.com/entry/2025/07/22/000000
◆US nuclear weapons agency hacked in Microsoft SharePoint attacks (BleepingComputer, 2025/07/23 11:14)
[米国核兵器機関、Microsoft SharePoint 攻撃でハッキング被害]
https://www.bleepingcomputer.com/news/security/us-nuclear-weapons-agency-hacked-in-microsoft-sharepoint-attacks/
⇒ https://malware-log.hatenablog.com/entry/2025/07/23/000000
◆SharePointのゼロデイ脆弱性をLinen TyphoonとViolet Typhoonという2つの中国国家レベルのハッカー集団が悪用しているのをMicrosoftが確認 (Gigazine, 2025/07/23 21:00)
https://gigazine.net/news/20250723-sharepoint-vulnerabilities/
⇒ https://malware-log.hatenablog.com/entry/2025/07/23/000000_2
◆中国複数グループが「ToolShell」攻撃を展開 - 攻撃拡大に懸念 (Security NEXT, 2025/07/24)
https://www.security-next.com/172675
⇒ https://malware-log.hatenablog.com/entry/2025/07/24/000000_2
◇2025年10月
◆McCrary report flags China’s escalating cyber tactics, warns of Typhoon cyber threats to US critical infrastructure (Indistrial Cyber, 2025/10/30)
[マクラリー報告書は中国のエスカレートするサイバー戦術を指摘し、米国の重要インフラに対する台風サイバー脅威を警告]
https://industrialcyber.co/reports/mccrary-report-flags-chinas-escalating-cyber-tactics-warns-of-typhoon-cyber-threats-to-us-critical-infrastructure/
⇒ https://malware-log.hatenablog.com/entry/2025/10/30/000000
【ブログ】
■2015年
◆Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes” (Ars Technica, 2015/08/06 04:00)
Emissary Panda group penetrated the networks of industrial espionage targets.
https://arstechnica.com/information-technology/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/
⇒ https://malware-log.hatenablog.com/entry/2015/08/06/000000_1
■2016年
◆ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? (ThreatConnect, 2016/10/17)
https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/
⇒ https://malware-log.hatenablog.com/entry/2016/10/17/000000_4
■2017年
◆BRONZE UNION Cyberespionage Persists Despite Disclosures (SecureWorks, 2017/06/27)
https://www.secureworks.com/research/bronze-union
⇒ https://malware-log.hatenablog.com/entry/2017/06/27/000000_3
■2018年
◆Decoding network data from a Gh0st RAT variant (nccgroup, 2018/04/17)
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/
⇒ https://malware-log.hatenablog.com/entry/2018/04/17/000000_5
◆LuckyMouse hits national data center to organize country-level waterholing campaign (Kaspersky, 2018/06/13 10:00)
https://securelist.com/luckymouse-hits-national-data-center/86083/
⇒ http://malware-log.hatenablog.com/entry/2018/06/13/000000_2
◆Emissary Panda – A potential new malicious tool Introduction (nccgroup, 2018/05/18)
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/emissary-panda-a-potential-new-malicious-tool/
⇒ https://malware-log.hatenablog.com/entry/2018/05/18/000000_4
◆Chinese Hackers Carried Out Country-Level Watering Hole Attack (The Hacker News, 2018/06/14)
https://thehackernews.com/2018/06/chinese-watering-hole-attack.html
⇒ https://malware-log.hatenablog.com/entry/2018/06/14/000000_7
◆Meet CrowdStrike’s Adversary of the Month for August: GOBLIN PANDA (Crowdstrike, 2018/08/29)
[8月のCrowdStrikeの「月間脅威アクター」はGOBLIN PANDAです。]
https://www.crowdstrike.com/en-us/blog/meet-crowdstrikes-adversary-of-the-month-for-august-goblin-panda/
⇒ https://malware-log.hatenablog.com/entry/2018/08/29/000000_6
◆LuckyMouse Group is back and using a legitimate certificate to sign malware (Kaspersky, 2018/09/10)
https://www.kaspersky.com/about/press-releases/2018_luckymouse-group-is-back-and-using-a-legitimate-certificate-to-sign-malware
⇒ http://malware-log.hatenablog.com/entry/2018/09/10/000000_4
■2021年
◆Exchange servers under siege from at least 10 APT groups (WeLiveSecurity, 2021/03/10 14:00)
[少なくとも10のAPTグループから四面楚歌のExchangeサーバー]ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world
[ESETリサーチによると、LuckyMouse、Tick、Winnti Group、Calypsoなどが、最近のMicrosoft Exchangeの脆弱性を利用して世界中のメールサーバーを危険にさらしている可能性が高いことがわかりました]https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
⇒ https://malware-log.hatenablog.com/entry/2021/03/10/000000_3
■2023年
◇2023年1月
◆ESET Research: Russian APT groups, including Sandworm, continue their attacks against Ukraine with wipers and ransomware (ESET, 2023/01/31)
[ESETの調査: Sandwormを含むロシアのAPTグループが、ワイパーやランサムウェアでウクライナに対する攻撃を継続中]
https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-russian-apt-groups-including-sandworm-continue-their-attacks-against-ukraine-with-wipe/
⇒ https://malware-log.hatenablog.com/entry/2023/01/31/000000_7
◇2023年3月
◆Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting (Trendmicro, 2023/03/01)
[Iron TigerのSysUpdateが再登場、Linuxをターゲットにした機能を追加]
https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
⇒ https://malware-log.hatenablog.com/entry/2023/03/01/000000_3
【公開情報】
■2015年
◆REGIONAL ADVANCED THREAT REPORT:Europe, Middle East and Africa 1H2015 (FireEye, 2015)
https://www.fireeye.com/content/dam/fireeye-www/partners/pdfs/rpt-regional-atr-emea-web-bt.pdf
⇒ http://malware-log.hatenablog.com/entry/2015/04/01/000000
【図表】
【検索】
google: APT27
google: Emissary Panda
google: Bronze Union
google: TG-3390
google: Threat Group-3390
google: ZipToken
google: ARCHERFISH
google: Iron Tiger
google: Group 35
google: TEMP.Hippo
google: LuckyMouse
google: HIPPOTeam
google: Goblin Panda
google: Linen Typhoon
google:news: APT27
google:news: Linen Typhoon
google: site:virustotal.com APT27
google: site:virustotal.com Linen Typhoon
■Bing
https://www.bing.com/search?q=APT27
https://www.bing.com/search?q=Linen%20Typhoon
https://www.bing.com/news/search?q=APT27
https://www.bing.com/news/search?q=Linen%20Typhoon
https://twitter.com/search?q=%23APT27
https://twitter.com/search?q=%23Linen%20Typhoon
https://twitter.com/hashtag/APT27
https://twitter.com/hashtag/Linen%20Typhoon
■VirusTotal
https://www.virustotal.com/gui/search/APT27
https://www.virustotal.com/gui/search/Linen%20Typhoon
関連情報
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT
【インディケータ情報】
■ハッシュ情報(MD5)
- 3BEA073FA50B62C561CEDD9619CD8425
■ハッシュ情報(Sha256)
| SHA-256 | Filename |
|---|---|
| EE04B324F7E25B59D3412232A79D1878632D6817C3BB49500B214BF19AFA4E2C | Mozilla.exe |
| 0BA49FEB7784E6D33D821B36C5C669D09E58B6795ACA3EEBBF104B763B3B3C20 | Updateproxy.dll |
| 33B7407E534B46BF8EC06D9F45ECD2D3C7D954340669E94CD7CEDCBAE5BAD2DD | Telnet.dll |
| 6160AF383794212B6AD8AB9D6D104BBE7AEFB22410F3AB8EA238F98DABFC48B7 | Socks.dll |
| C63B01C40038CA076072A35913F56D82E32FCEE3567650F3392B5C5DA0004548 | Shell.dll |
| D51EC4ACEAFA971E7ABD0CF4D27539A4212A448268EF1DB285CD9CE9024D6EB3 | Session.dll |
| BD8086DE44E16EFDD380E23E49C4058D956538B01E1AE999B679B6B76B643C7D | Screen.dll |
| B44A9545B697B4D46D5B96862A6F19EA72F89FED279F56309B2F245AC8380BE0 | Port.dll |
| F4DF97108F18654089CFB863F2A45AA41D17A3CE8A44CCCC474F281A20123436 | File.dll |
| D31D38403E039F5938AE8A5297F35EB5343BB9362D08499B1E07FAD3936CE6F7 | ConEmu.exe |
| A591D4D5B8D23FF12E44A301CE5D4D9BF966EBA0FC0068085B4B4EC3CE352963 | Noodles.exe |
| EEBFF21DEF49AF4E85C26523AF2AD659125A07A09DB50AC06BD3746483C89F9D | Coal.exe (Malicious executable) |
| 97B9D7E16CD6B78A090E9FA7863BD9A57EA5BBE6AE443FA788603EEE5DA0BFC3 | Abg.exe (Malicious executable) |
| B6C21C26AEF75AD709F6C9CFA84BFA15B7EE709588382CE4BC3544A04BCEB661 | 23d.exe (Malicious executable) |
| DB9B9FA9EFA53662EC27F4B74B79E745F54B6C30C547A4E5BD2754E9F635F6DB | 89d.exe (Malicious executable) |
■IPアドレス(C&C)
- 23.227.207.137
- 89.249.65.194
■ファイル
- C:\ProgramData\HIDMgr
- C:\ProgramData\Rascon
- C:\ProgramData\TrkSvr
■サービス
- HIDMgr
- RasconMan
- TrkSvr
■レジストリ
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
(以上は nccgroupの情報。 引用元は https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/)
■マルウェア情報
| MD5 | 3bea073fa50b62c561cedd9619cd8425 |
| SHA1 | ae917a61cb01df3906472b3140193c1ef62f8d75 |
| SHA256 | df7bafe27b2ac5121d3c46405f7c168453dbc09200049d693dceff6c4b59b2db |
| SHA512 | |
| SSDEEP | 768:8kTUqTrSxd1WaNmN+NoF4P2MBL/enc8RGIcA2YvrK3gHLXokP:LwqCd1dINmEYYBGIcA2UK3Mok |
| authentihash | 8e313f41dc7e65a09f3b2b944cdc53276e01988e85834bb3053d23b9d7eb5013 |
| imphash | e62620335bb00fe44ca7fe6a8bd55a4b |
| File Size | 86016 bytes |
| File Type | Win32 EXE (PE32 executable for MS Windows (GUI) Intel 80386 32-bit) |
| コンパイル日時 | 2015-06-30 10:29:41 |
| Debug Path | |
| File Name | |
| File Path | |
| 生成ファイル | |
| 特徴 | |
| 参考情報 | https://www.virustotal.com/ja/file/df7bafe27b2ac5121d3c46405f7c168453dbc09200049d693dceff6c4b59b2db/analysis/ |
◆ハッシュ情報(MD5)
- 22CBE2B0F1EF3F2B18B4C5AED6D7BB79
- 0D0320878946A73749111E6C94BF1525
- ac337bd5f6f18b8fe009e45d65a2b09b
- 04dece2662f648f619d9c0377a7ba7c0
◆FQDN
- bbs.sonypsps[.]com
- update.iaacstudio[.]com
- wh0am1.itbaydns[.]com
- google-updata[.]tk
- windows-updata[.]tk
