Trusted Design

Tick cyberespionage group zeros in on Japan

概要

A longstanding cyberespionage campaign has been targeting mainly Japanese organizations with its own, custom-developed, malware (Backdoor.Daserf). The group, known to Symantec as Tick, has maintained a low profile, appearing to be active for at least 10 years prior to discovery. In its most recent campaign, Tick employed spear-phishing emails and compromised a number of Japanese websites in order to infect a new wave of victims. The group is highly selective in its approach and only appears to deploy its full range of tools once it establishes that the compromised organization is an intended target. Tick also uses a range of hacktools to map the victim’s network and attempt to escalate privileges further. Daserf’s main purpose is information stealing and the Trojan is capable of gathering information from infected computers and relaying it back to attacker-controlled servers. Tick’s most recent attacks have concentrated on the technology, aquatic engineering, and broadcasting sectors in Japan.

Created: 2026-02-23

Indicators

• FileHash-SHA256 - 1ca3b1b259681bca70956139d25a559ccd0b0c04d4f45f08fb954e569aabf9ae -
• FileHash-SHA256 - b11941e0510e02283e7732a72f853027ea9271a2d4dc87d736ae33275eab2806 -
• FileHash-SHA256 - 15b4c1d29b41531b255e41d39d194a52bdc98a3b65a13771d8caf92372b324ce -
• URL - http://www.dreamsig.com/images/index.gif -
• FileHash-SHA256 - 09df0591a885b8d16767820c9eac51a5dd8099a4b17a46bffe38b315a6e29d0b -
• domain - dreamsig.com -
• FileHash-MD5 - 5dd701d2df35c2a75d1ed5ad75ded06d -
• hostname - www.aucsellers.com -
• FileHash-SHA256 - dab557bae0eb93475c2c2639f186fd717dd57d8d6354232838f44ba6b6a07172 -
• hostname - squral.ftpserver.biz -
• FileHash-MD5 - 5c242fab2d222848755dadfbd29f7176 -
• URL - http://www.primeob.com/include/mpage/store.php -
• FileHash-MD5 - 8d5bf506e55ab736f4c018d15739e352 -
• hostname - ntwo.turkdaw.com -
• FileHash-SHA256 - bd81521445639aaa5e3bcb5ece94f73feda3a91880a34a01f92639f8640251d6 -
• hostname - ipad.beppujigoku.com -
• FileHash-MD5 - 7c91dcc66f6d0c31d6e36bb2869c0622 -
• FileHash-SHA256 - 68e5013a8147e77e892dcd06687e5e815c3837fb83fbff16bac442c65b2f3e73 -
• hostname - phone.energymice.com -
• URL - http://106.184.5.30/ -
• FileHash-SHA256 - 7333f4601379d5877ec1416e4d82654d312210d5bcf4d628b98207a737bdb654 -
• FileHash-MD5 - d3031438d80913f21ec6d3078dc77068 -
• URL - http://160.16.243.147/images/CUI.jpg -
• FileHash-SHA256 - 2bdb88fa24cffba240b60416835189c76a9920b6c3f6e09c3c4b171c2f57031c -
• FileHash-MD5 - 422450b14ad728a3b40dee3c4a48b53f -
• FileHash-MD5 - a629926313ee12163e1bdd2bb633e0e2 -
• URL - http://203.111.252.40/ -
• URL - http://27.255.91.238/ -
• FileHash-SHA256 - 0fc1b4fdf0dc5373f98de8817da9380479606f775f5aa0b9b0e1a78d4b49e5f4 -
• URL - http://i-frontierasia.com/shiryoku/link.php -
• FileHash-MD5 - b33f4b8e776b94dc48c234ce9897cf74 -
• FileHash-SHA256 - 46eae3931334468246c728a7e0ab3bbfafe40c9f73f80bf0544b8aa649227d60 -
• URL - http://jmta.co.jp/module/Template/Plugin/Math.php -
• FileHash-SHA256 - db6a6a4f675cba87405c9c7b016713d3e65b052ffc6c8963764a3d3788f432fa -
• FileHash-SHA256 - b1690facbce9bcc66ebf18f138dbbc10c3662a2034c211e0c414e47c7e208b4a -
• FileHash-SHA256 - 7197de18bc5a4c854334ff979f3e4dafa16f43d7bf91edfe46f03e6cc88f7b73 -
• hostname - link.homcollate.com -
• FileHash-SHA256 - b1fdc6dc330e78a66757b77cc67a0e9931b777cd7af9f839911eecb74c04420a -
• URL - http://airsteel.co.jp/cgi-bin/search/02/06_cgi.php -
• FileHash-SHA256 - 6a63cb7089480fa76b784ca7043e147332768bccc39b84249af11f05b0dde66f -
• FileHash-SHA256 - 89a80ca92600af64eb9c32cab4e936c7d675cf815424d72438973e2d6788ef64 -
• FileHash-MD5 - f4ab35f4f8569a446eba63df68ab8d97 -
• URL - http://sha-sigma.com/led/aa.dat -
• FileHash-SHA256 - 18e896a7547aacb33aa3941ab1b61659ed099c0f6fbb924068f81b4289b05f12 -
• URL - http://www.stylmartin.co.jp/bdflashinfo/ns12.jpg -
• FileHash-SHA256 - 85544d2bcaf8e6ca32bbc0a9e9583c9db1dce837043f555a7ff66363d5858439 -
• FileHash-SHA256 - c043c28ea0d767055a8f8d4e94a9acdf62a81927b0ae63b8a9f16288f92cd093 -
• FileHash-SHA256 - 795327de450e7f1e371a019a3d43673b60df4b7bf91138afa9ddc3913384f913 -
• FileHash-SHA256 - 08e49c1d476aefb4c590cf135229d6da7981c7425e547d4f2877d79c1a1ab601 -
• hostname - www9.anglest.net -
• FileHash-MD5 - dbb4415b7ba646fd6272e18311f43c10 -
• FileHash-SHA256 - fa9a3341649e798bbc340ce9b2fe69791fe733aa9e46da666ce13b8cf7ca8f4d -
• URL - http://www.concierge.com.cn/public_html/wp-content/themes/comment.php -
• FileHash-SHA256 - e2f174f8368b46054e6ec2feec00b878b63e331ba3628374d584b238a95fd770 -
• FileHash-SHA256 - 236848e301d71cab6e17a0503fb268f25412838eccb5fb17e78580d2d0a3a31d -
• FileHash-SHA256 - f8f31f73157bf049b318429c1d60ad7ff2851e62535d95cf8d121216b95c8602 -
• FileHash-MD5 - b2ef0baef194f5c0044cfe5b6c5f321b -
• URL - http://www.stylmartin.co.jp/bdflashinfo/pageicons/6.jpg -
• hostname - eks.yukiheya.com -
• URL - http://www.kamomeza.net/coppermine/images/thumb_dom.php -
• URL - http://www.wco-kyousai.com/ex-engine/themes/xe_default/conf/info.php -
• FileHash-SHA256 - 340906b6b3a4149875dea37221843cb8b67c51eb4520b39956cb6761ef0a3c5d -
• FileHash-SHA256 - 4e15392553ca8e7d06f9f592eb04cf6dbfed18c98c56afc0ccd132465b270e12 -
• FileHash-SHA256 - b3cc83978bbc4f5603e93ec8c687a7007a3f7dbfbae01bff0a30332b06ea44d9 -
• URL - http://leadoffnet.com/img/top/top_12.php -
• FileHash-SHA256 - 4d208c86c8331b7f1f6dd53f83af9ee4ec700a74792b419f663a3ce105d15d1c -
• domain - daydreamsig.com -
• FileHash-SHA256 - 21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd -
• hostname - date.avayep.com -
• FileHash-SHA256 - b0966e89eae36a309d89a0c15c8a07677f58130fdc76bc98c16968376ec80626 -
• FileHash-SHA256 - 28894a78bc00d6774d1242925787d35c5c2ae2563f5f7f1ff38dc0b441a15812 -
• URL - http://www.baiya.jp/2014dressnumber/images/logo-unix.php -
• URL - http://115.144.166.240/ -
• FileHash-SHA256 - 7afb8082822bf3e55c6639ed2e272846c6be0e5c1fd40402b8b0f69e37402461 -
• FileHash-SHA256 - e94a7e835c657dd8a82dab5705db0ec279d1de97a3524f0e25e1e3d78f0561b8 -
• FileHash-SHA256 - 425616f2958ba176662eb9bd66259fb38ca513b5831f0a07956b22839d915306 -
• FileHash-SHA256 - efa68fcbd455a72276062fb513b71547ea11fedf4db10a476cc6c9a2fa4f67f7 -
• URL - http://buy.monexs.com/system/images/login.gif -
• FileHash-SHA256 - fe06b99a0287e2b2d9f7faffbda3a4b328ecc05eab56a3e730cfc99de803b192 -
• FileHash-SHA256 - 22e1965154bdb91dd281f0e86c8be96bf1f9a1e5fe93c60a1d30b79c0c0f0d43 -
• FileHash-SHA256 - ac501bb7e9e1bc57dd027d152f4a7c473f108e37023aae4bad64117241963b5c -
• hostname - www.beinzoo.com -
• URL - http://www.s-city.net/images/beach6.jpg -
• hostname - www.rakutan.jp -
• FileHash-MD5 - df44fab5096630133b4159e5c196e9b4 -
• URL - http://oan.jp/photo/logo_new.jpg -
• FileHash-MD5 - caafc4b6154022e7d50869d50d67148a -
• FileHash-SHA256 - 4d7ce20a8d5bc05b7d4b1e147174f486033805260db1edbbc2516fced7558bcc -
• URL - http://27.255.69.209/ -
• FileHash-SHA256 - 67e32df3a460f005e7aec83b903f6d47d5533ff3843a97d186ad02316dff9fa9 -
• FileHash-SHA256 - 331ac0965b50958db49b7794cc819b2945d7b5e5e919c185d83e997e205f107b -
• FileHash-MD5 - 80cc4ac026fa5d5b6f0ae82d19126ea4 -
• URL - http://www.sinwa-jp.com/works/logo-unix.php -
• hostname - www.lunwe.com -
• hostname - mshelp.energymice.com -
• URL - http://noukankyo.org/images/about/soshikizu.php -
• FileHash-MD5 - 4601e75267d0dcfe4256c43f45ec470a -
• URL - http://oan.jp/photo/logo_old.jpg -
• URL - http://www.infomiracle.info/TwitterQuest/image/ser.dat -
• FileHash-SHA256 - 70ef2e2fa3ac2c44a34963aca5dfe79e2b4f51795181374cca63bbf789f8a7f0 -
• hostname - www.dreamsig.com -
• FileHash-MD5 - 765017e16842c9eb6860a7e9f711b0db -
• hostname - isozaki.sakura.ne.jp -
• FileHash-SHA256 - b1bd03cd12638f44d9ace271f65645e7f9b707f86e9bcf790e0e5a96b755556b -
• FileHash-MD5 - 63fe9f06068823b02b925e4a74a57db0 -
• hostname - buy.monexs.com -
• hostname - list.max-fx.net -
• hostname - www.03trades.com -
• hostname - duckyard.suptvshow.com -
• FileHash-MD5 - 48efa1dbc5dfc59df0c34b13a96cbd5c -
• FileHash-SHA256 - db8b494de8d897976288c8ccee707ff7b7967fb48caef99d75687584191c2411 -
• hostname - tvbs.yeowkim.com -
• FileHash-SHA256 - a4afd9df1b4cc014c3a89d7b4a560fa3e368b02286c42841762714b23e68cc05 -
• FileHash-MD5 - 11c5664bb5ea536676735efff333e2e2 -
• FileHash-SHA256 - 4b8ca82e6f407792cfb51de881f06b86bd4b59f85746b29c3287aee0015b1683 -
• hostname - www.twscsk.net -
• FileHash-SHA256 - 2dc24622c1e91642a21a64c0dd31cbe953e8f77bd3d6abcf2c4676c3b11bb162 -
• URL - http://www.slvcx.com/t.rar -
• hostname - update.shinewanta.com -
• FileHash-MD5 - 122652ca6ef719f8ba2d8d412ea184fe -
• FileHash-SHA256 - 026f5c37f0d633ab27b83082dd0e818edbd80c27f86ba12b5cf32b425edb92d0 -
• FileHash-SHA256 - 0a031665d05e82038d620facf9d4a86a89e78544f2f770f579c980dae2e252bf -
• URL - http://160.16.243.147/images/ns.jpg -
• FileHash-SHA256 - e620c9d19d7d1f609e0bb08465e4c58db97fd0158fb286d938542fc1f03a2302 -
• URL - http://www.atnet-photo.com/japan/themes/default/themes.php -
• FileHash-SHA256 - 2c449b562dfce53cf98acaddf37286cfb2d1e9da1536511a08bbd24ed93624a6 -
• FileHash-SHA256 - 747041d73b3eb29dde5c9e31efdd5e675f16f182c23999ed5613be0e9be12351 -
• hostname - squral.dynssl.com -
• FileHash-MD5 - 8979b840eb5a9a5d84f3da7843859bd5 -
• FileHash-MD5 - bbd6fceba90efdbdbe22f11af9199321 -
• hostname - pcsecure.jparadise.net -
• CVE - CVE-2014-4114 -
• FileHash-SHA256 - 12d9b4ec7f8ae42c67a6fd030efb027137dbe29e63f6f669eb932d0299fbe82f -
• FileHash-MD5 - 9be919143ed3d33e713242ebe5923a89 -
• URL - http://gigasolar.jp/images/blog/20131011news-3.php -
• FileHash-SHA256 - e2fd17445d81df89f7a9c1ff1c69c9b382215f597db5e4730f5c76557a6fd1f9 -
• FileHash-MD5 - c35e99e48a4e81d43e66355a202f8902 -
• FileHash-MD5 - 9b7ccca8af5fd30e8e3706fdf4419653 -
• FileHash-MD5 - 975f512e59ae2e592ba8e2c657bcb3fc -
• hostname - go2kba.astringer.com -
• FileHash-SHA256 - 15abe7b1355cd35375de6dde57608f6d3481755fdc9e71d2bfc7c7288db4cd92 -
• domain - mitatsushoji.com -
• FileHash-MD5 - 27ad4f54563038b7a90e66444bf7146e -
• FileHash-MD5 - a77a25fb8112dc5f8a2feac0413d5f58 -
• FileHash-MD5 - 7ec173d469c2aa7a3a15acb03214256c -
• FileHash-MD5 - 3fa5965a1de2c095de38f22f0645af3e -
• URL - http://baby.ests.jp/Templates/themes.php -
• URL - http://angelbaby.jpn.cm/html/images/deleteComments.php -
• hostname - bbs.jirohome.com -
• FileHash-SHA256 - 2a39372dea901665ab9429d2f15b3f4fb10706423e177226539047ee1ac3e4a3 -
• FileHash-SHA256 - 630aa710bb7080143498d7fafbb152bbfe581bf690d9bfad041e4e285f152de2 -
• FileHash-SHA256 - 303b75a7c350d26116fe341d77105a33c8cb1da3dc82424c3eac401820e868dd -
• hostname - ipad.meropar.net -
• hostname - eat.leaftosky.com -
• FileHash-MD5 - 491b4a8912cf5c1554ce8807f7889d4b -
• hostname - www.haikuyears.com -
• FileHash-SHA256 - f06b440052bd2c2eb127c33c35a80c4eca34a06360d3ee1bb37348d6029dc955 -
• URL - http://s-city.net/sport/pic1612.jpg -
• FileHash-SHA256 - 90ac1fb148ded4f46949a5fea4cd8c65d4ea9585046d66459328a5866f8198b2 -
• hostname - news.justdied.com -
• URL - http://www.03trades.com/images/login6.gif -
• FileHash-SHA256 - de18ebedc5b29d66244773dda80b22ecf2c453cdbeaa85149c4ff0e96bdc4478 -
• hostname - phot.healthsvsolu.com -
• FileHash-MD5 - 9faf0d22bbb0e837ed750435d4c01431 -

類似Pulses

• Stealthy Cyberespionage Campaign Attacks With Social Engineering (score: 0.64)
• New Attacks Linked to C0d0s0 Group (score: 0.63)
• Taiwan targeted with new cyberespionage backdoor Trojan (score: 0.63)
• Recent Coordinated Attack on Security Infrastructure (score: 0.63)
• Indian organizations targeted in Suckfly attacks (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る