不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様10社 -
2024/05/10
※2024/05/10 更新
マルウェア感染させると考えられるURLを検知(2024/05/10)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://192[.]3[.]109[.]149/20780/hjv[.]exe hxxp://192[.]3[.]179[.]142/22551/html[.]exe hxxp://192[.]3[.]179[.]142/44557/HJCL[.]exe hxxp://192[.]3[.]179[.]142/xampp/wksh/wk/veryhappytoseeherthingstogetitsbackwithlotofthingssurewewillbebacksoonandeverythinggogreatwithout___happeingkisses[.]doc |
Formbook |
| URL | hxxps://pasteio[.]com/raw/xIsAJb1izaR6 hxxp://192[.]3[.]179[.]142/22552/html[.]exe hxxps://192[.]3[.]179[.]142/44556/HJCL[.]exe hxxp://103[.]186[.]116[.]171/xampp/FGF/fg/beautifulthingstohappeningwhenwegivingachancetosomeonetoprovesoheproveandwegetchancetointroducethe___loverkindtobebackthelevel[.]doc |
Remcos |
| URL | hxxps://smallders[.]com/ar/understanding-ohio-forced-medication-laws-what-you-need-to-know/ hxxps://www[.]mindelscott[.]com/2022/11/11/legal-responsibility-of-a-when-a-dog-attacks-a-cat/ hxxp://ecoprotection[.]in/understanding-traffic-laws-in-grenada-a-complete-guide/64592/ hxxps://www[.]plugh[.]co[.]in/understanding-false-advertising-laws-in-ohio-what-you-need-to-know/ hxxp://asleman[.]org/2023/12/10/do-you-qualify-for-bereavement-leave-for-grandparents-in-law hxxps://larryslocksmith[.]com/is-a-collaborative-practice-agreement-required-in-texas-for-physician-assistant/ hxxps://awadhshreehospital[.]in/index[.]php/2023/03/20/pros-and-cons-of-multilateral-trade-agreements/ hxxps://ngsindia[.]org/2023/10/12/understanding-the-lebanese-legal-system-laws-courts-and-rights/ hxxps://theelegant[.]co[.]uk/abm/disagreement-has-how-many-syllables/ hxxps://mysmartbox[.]solutions/california-law-essential-break-room-requirements-explained/ hxxps://asleman[.]org/2022/03/31/washington-state-medical-assistant-scope-of-practice-laws-legal-overview/ hxxps://pinkfinancialbank[.]com/2022/02/26/humana-medicare-tier-exception-form/ hxxp://pt-tkbi[.]com/what-is-the-difference-between-appointment-letter-and-employment-contract/ hxxp://norholmgods[.]com/common-law-marriage-military-recognition-and-legal-rights hxxps://krushinews18[.]com/free-online-company-secretary-courses-legal-training-certification/ hxxps://www[.]travisshoots[.]com/blog/resignation-letter-template-mutual-agreement/ hxxps://americanepoxy[.]bond10templates[.]com/2022/12/04/ver-saldo-do-nota-legal/ hxxps://ngsindia[.]org/2021/12/30/ukraine-staff-level-agreement-legal-guidelines-and-requirements/ hxxps://museocambellotti[.]cittadifondazione[.]it/vps-enterprise-agreement-2016-schedule-b/ hxxp://pt-tkbi[.]com/scaffolding-agreement/ hxxps://lotbuds[.]com/legalisation-of-documents-a-guide-to-authenticating-legal-papers/ hxxp://studiolegalefalco-masi[.]it/microsoft-enterprise-purchase-agreement/ hxxp://larryslocksmith[.]com/is-a-collaborative-practice-agreement-required-in-texas-for-physician-assistant hxxps://bigcheeserodents[.]com/mcmaster-collective-agreement-faculty/ hxxp://pptribe[.]com/2022/11/13/legal-valuation-group-valuation-sap/ hxxps://tcl[.]brandshop[.]ke/understanding-legal-entity-hierarchy-a-comprehensive-guide/ hxxps://signcitysa[.]com/general-manager-role-key-responsibilities-and-legal-implications/ hxxp://urbedu[.]live/ny-car-lease-tax-calculator/ hxxps://mctools[.]co/ifrs-16-legal-fees-understanding-the-implications-for-businesses hxxps://goodstos[.]com/mutual-agreement-resignation-letter-sample?v=2416390f62ea%3C/p%3E%3C/div%3E%3C/body%3E%3C/html%3E hxxps://asleman[.]org/2023/12/10/do-you-qualify-for-bereavement-leave-for-grandparents-in-law/ hxxps://you-green[.]com/sample-general-manager-employment-contract-for-a-company/ hxxps://phutungotochinhhang[.]vn/what-is-in-the-new-nafta-agreement/ hxxps://jcfpa[.]org/2023/01/20/sample-physician-assistant-practice-agreement-california/ hxxps://alphacleantech[.]com/how-contract-research-organizations-profit-business-model-analysis/ hxxps://artlab[.]se/manual[.]php hxxps://arts-npo[.]org/manual[.]php hxxps://auto-coop[.]com/manual[.]php hxxps://www[.]medischdrukwerk[.]nl/english[.]php hxxps://www[.]gxtfinance[.]com/english[.]php hxxps://auto-coop[.]hu/manual[.]php hxxps://www[.]dismerchandise[.]com/doc[.]php hxxps://www[.]penhaligonsfriends[.]org[.]uk/english[.]php hxxps://www[.]petrolpower[.]de/english[.]php hxxps://www[.]metalhoz[.]com/english[.]php hxxps://www[.]anettelonnsfotvard[.]se/doc[.]php hxxps://www[.]chanderbhushan[.]com/doc[.]php hxxps://2015[.]artencounters[.]ro/manual[.]php hxxps://4dgamers[.]com/manual[.]php hxxps://www[.]miketrees[.]com/english[.]php hxxps://www[.]fastex[.]se/english[.]php hxxps://www[.]finaltolightspeed[.]com/english[.]php hxxps://conyers[.]biz/index[.]php/2023/06/04/nbu-msp-collective-agreement/ hxxps://overhplusproperties[.]com/fha-cash-reserve-requirements-everything-you-need-to-know/ hxxps://bellbaker[.]com/bcnu-collective-agreement-bereavement-leave/ hxxp://reiner[.]nrha[.]com/ema-guidance-on-quality-agreements hxxps://produtoresflorestais[.]pt/gun-laws-in-denmark-understanding-regulations-and-restrictions hxxps://www[.]paloubis[.]com/2023/05/what-is-the-benefit-of-a-tolling-agreement/ hxxps://lareplica[.]es/withdrawal-agreement-free-movement/ hxxp://alphacleantech[.]com/how-contract-research-organizations-profit-business-model-analysis hxxp://phutungotochinhhang[.]vn/what-is-in-the-new-nafta-agreement hxxp://conyers[.]biz/index[.]php/2023/06/04/nbu-msp-collective-agreement hxxp://lareplica[.]es/withdrawal-agreement-free-movement hxxp://pt-tkbi[.]com/scaffolding-agreement hxxp://jcfpa[.]org/2023/01/20/sample-physician-assistant-practice-agreement-california hxxp://museocambellotti[.]cittadifondazione[.]it/vps-enterprise-agreement-2016-schedule-b hxxp://produtoresflorestais[.]pt/gun-laws-in-denmark-understanding-regulations-and-restrictions hxxp://theelegant[.]co[.]uk/abm/disagreement-has-how-many-syllables hxxp://pinkfinancialbank[.]com/2022/02/26/humana-medicare-tier-exception-form hxxp://mysmartbox[.]solutions/california-law-essential-break-room-requirements-explained hxxp://goodstos[.]com/mutual-agreement-resignation-letter-sample hxxp://plugh[.]co[.]in/understanding-false-advertising-laws-in-ohio-what-you-need-to-know hxxps://aynasy[.]com/manual[.]php hxxp://pptribe[.]com/2022/11/13/legal-valuation-group-valuation-sap hxxp://eberlie[.]ca/tenancy-agreement-sample-guyana hxxp://bellbaker[.]com/bcnu-collective-agreement-bereavement-leave |
GootLoader |
| URL | hxxps://tavimtopindomiz[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://harmancomesdel[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://gabirezdolirezdomez[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://tahtalivilazdolezdominez[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://tahirbankobinezcomez[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://demetakbaslobinezdomez[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://sahrayedcomineztopes[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://tekireztokirezdomez[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://takhoplikezdomez[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://caymahedsocyescez[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://tahirwolwerdoviz[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://hatipbabagelipdol[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://terektorekdomirez[.]top/ZDgyNWM4Zjc4NGU2/ hxxps://hahyolkabinezlokezdo[.]top/ZDgyNWM4Zjc4NGU2/ hxxps://salihogobinezdolinez[.]top/ZDgyNWM4Zjc4NGU2/ hxxps://teyfangobinezdo[.]xyz/ZDgyNWM4Zjc4NGU2/ hxxps://sayrodfalireznolere[.]top/ZDgyNWM4Zjc4NGU2/ hxxps://tarakomizdolirez[.]top/ZDgyNWM4Zjc4NGU2/ hxxps://caymedcoymenconez[.]top/ZDgyNWM4Zjc4NGU2/ |
Coper |
| URL | hxxps://skylinehigh[.]com/8OtaBr/ hxxps://skylinehigh[.]com/bvxny6R6 |
ClearFake |
| URL | hxxps://universalmovies[.]top/scree[.]scr hxxp://rocheholding[.]top/evie3/five/fre[.]php |
LokiBot |
| URL | hxxps://paste[.]ee/d/pfeW8 hxxp://104[.]168[.]33[.]34/35009/hjv[.]exe hxxp://104[.]168[.]33[.]34/xampp/cha/ch/beautifulgardencreatedlookingbeautifulthingsentireworldireallywantounderstandsomegoodthingstohappened___greatbeautifulthings[.]doc hxxp://new-coder[.]cc/Users/immortal_genius_20240411075733898[.]exe hxxps://api[.]telegram[.]org/bot6921829812:AAEnJSJNfX1IyXT3BfHBFaRrW9XkEjVZMFs/ hxxps://api[.]telegram[.]org/bot6698844298:AAF9oR0Jf7k4zXD2nMFwUYBsEQgGIs_Be9c/ |
Agent Tesla |
| URL | hxxp://45[.]137[.]22[.]110/Jdtdoj130[.]bin hxxp://185[.]29[.]9[.]120/QthFnXYOg74[.]bin hxxp://162[.]251[.]122[.]108/EaiiKI19[.]bin hxxp://162[.]251[.]122[.]108/PmffKPOllahtmJcecHvKz172[.]bin hxxp://162[.]251[.]122[.]108/gHXwWa103[.]bin |
CloudEyE |
| URL | hxxps://maheegroup[.]com/cg/HVAPRIL[.]txt hxxps://maheegroup[.]com/cg/reccc[.]txt hxxps://pastebin[.]com/raw/eXzv6n76 hxxps://pastebin[.]com/raw/pXsdsa2c hxxps://maheegroup[.]com/cg/xmay[.]txt |
XWorm |
| URL | hxxp://5[.]42[.]65[.]64/files/US[.]file hxxp://5[.]42[.]96[.]32/current[.]exe hxxps://hushedsombkereos[.]shop/api hxxp://185[.]235[.]137[.]54/file/update_3[.]exe |
Lumma Stealer |
| URL | hxxps://111[.]230[.]12[.]238/wp06/wp-includes/po[.]php hxxp://81[.]71[.]127[.]160:8888/activity hxxps://43[.]138[.]188[.]41:4443/cx hxxp://49[.]232[.]208[.]22/activity hxxp://134[.]122[.]75[.]115:23/cx hxxp://175[.]178[.]242[.]75:50001/activity hxxp://47[.]102[.]156[.]247:8080/__utm[.]gif hxxps://175[.]178[.]242[.]75:50002/__utm[.]gif hxxp://111[.]230[.]98[.]22:7777/j[.]ad hxxps://49[.]235[.]187[.]155/cx hxxp://54[.]244[.]147[.]176/ptj hxxps://3se9ewodke339f0e83[.]connectivitytests[.]com/pixel[.]gif hxxps://newstatisc[.]googleinfo[.]se:2053/match hxxps://54[.]244[.]147[.]176/load hxxp://39[.]104[.]230[.]184:6666/match hxxps://js[.]msedgeupdate[.]com/push hxxps://134[.]122[.]75[.]115:444/__utm[.]gif hxxps://112[.]124[.]65[.]163:8089/dpixel hxxp://47[.]102[.]156[.]247/push hxxp://111[.]230[.]98[.]22/visit[.]js hxxps://103[.]150[.]10[.]45:9443/ga[.]js hxxp://52[.]190[.]15[.]163/IE9CompatViewList[.]xml hxxp://156[.]224[.]20[.]92/visit[.]js hxxps://23[.]95[.]65[.]198/fwlink hxxp://investment[.]kumbaraan[.]biz[.]id/jquery-3[.]3[.]1[.]min[.]js hxxps://81[.]70[.]189[.]76/ga[.]js hxxp://47[.]96[.]74[.]108:8800/j[.]ad hxxp://101[.]133[.]175[.]78:6511/dpixel hxxps://185[.]145[.]148[.]107/updates[.]rss hxxps://www[.]hathawaya[.]xyz/about hxxp://185[.]145[.]148[.]107/dpixel hxxp://8[.]134[.]148[.]103:5555/updates[.]rss hxxp://1[.]14[.]204[.]208/IE9CompatViewList[.]xml hxxp://121[.]40[.]127[.]134:5555/pixel hxxp://103[.]26[.]14[.]91:8099/pixel[.]gif hxxps://106[.]54[.]143[.]140/api/x hxxps://175[.]24[.]252[.]50/user hxxps://39[.]98[.]157[.]4:8089/pixel[.]gif hxxps://104[.]214[.]168[.]71/push hxxp://52[.]190[.]15[.]163/g[.]pixel hxxps://39[.]98[.]157[.]4/load hxxps://39[.]98[.]157[.]4:8888/match hxxps://101[.]201[.]54[.]74:9999/pixel hxxp://39[.]107[.]242[.]125/ga[.]js hxxps://149[.]62[.]47[.]7/cx hxxp://149[.]62[.]47[.]7:8081/ca hxxp://23[.]95[.]65[.]198:2222/cx |
Cobalt Strike |
| URL | hxxps://zksnacksfiles[.]com/WasabiB[.]msi | CryptoShuffler |
| URL | hxxp://956330cm[.]n9shteam2[.]top/ImagejavascriptupdateapiServerDefaultbasewindowstrafficpublic[.]php | DCRat |
| URL | hxxp://117[.]222[.]251[.]230:60880/Mozi[.]m | Mozi |
| URL | hxxp://103[.]153[.]69[.]150/fuckjewishpeople[.]arm6 hxxp://178[.]215[.]236[.]182/rebirth[.]x86 hxxp://178[.]215[.]236[.]182/rebirth[.]mips hxxp://178[.]215[.]236[.]182/rebirth[.]mpsl hxxp://178[.]215[.]236[.]182/rebirth[.]arm7 hxxp://178[.]215[.]236[.]182/rebirth[.]arm4 hxxp://178[.]215[.]236[.]182/rebirth[.]arm6 hxxp://178[.]215[.]236[.]182/rebirth[.]spc hxxp://178[.]215[.]236[.]182/rebirth[.]m68 hxxp://178[.]215[.]236[.]182/rebirth[.]i686 hxxp://178[.]215[.]236[.]182/rebirth[.]sh4 hxxp://178[.]215[.]236[.]182/rebirth[.]ppc |
Bashlite |
| URL | hxxp://103[.]228[.]37[.]56/debug[.]dbg hxxp://103[.]228[.]37[.]56/most-arm hxxp://103[.]228[.]37[.]56/most-x86 hxxp://103[.]228[.]37[.]56/most-arm7 hxxp://103[.]228[.]37[.]56/most-mips hxxp://103[.]228[.]37[.]56/a hxxp://103[.]228[.]37[.]56/most-arm5 hxxp://103[.]228[.]37[.]56/and hxxp://103[.]228[.]37[.]56/most-sh4 hxxp://103[.]228[.]37[.]56/most-arm6 hxxp://103[.]228[.]37[.]56/most-spc hxxp://103[.]228[.]37[.]56/most-m68k hxxp://103[.]228[.]37[.]56/most-mpsl hxxp://103[.]228[.]37[.]56/most-ppc hxxp://103[.]228[.]37[.]56/most-x86_64 hxxp://qqchun[.]top/bot[.]mips hxxp://qqchun[.]top/bot[.]arm7 hxxp://qqchun[.]top/bot[.]x86_64 hxxp://qqchun[.]top/bot[.]arm5 hxxp://qqchun[.]top/bot[.]arm hxxp://qqchun[.]top/bot[.]x86 hxxp://qqchun[.]top/bot[.]ppc hxxp://qqchun[.]top/bot[.]arm6 hxxp://qqchun[.]top/bot[.]m68k hxxp://qqchun[.]top/bot[.]sh4 hxxp://qqchun[.]top/bot[.]spc hxxp://qqchun[.]top/bot[.]mpsl hxxp://178[.]215[.]236[.]182/rebirth[.]arm5 hxxp://178[.]215[.]236[.]182/bins[.]sh hxxp://103[.]109[.]37[.]60/bot[.]arm7 hxxp://103[.]109[.]37[.]60/bot[.]mips hxxp://103[.]109[.]37[.]60/bot[.]mpsl hxxp://103[.]109[.]37[.]60/bot[.]x86 hxxp://103[.]109[.]37[.]60/bot[.]arm hxxp://103[.]109[.]37[.]60/bot[.]arm6 hxxp://103[.]109[.]37[.]60/bot[.]m68k hxxp://103[.]109[.]37[.]60/bot[.]sh4 hxxp://103[.]109[.]37[.]60/bot[.]arm5 hxxp://178[.]215[.]236[.]112/bot[.]arm7 hxxp://178[.]215[.]236[.]112/bot[.]mips hxxp://178[.]215[.]236[.]112/bot[.]sh4 |
MooBot |
| URL | hxxps://mystifying[.]org/1[.]exe | Unidentified 111 (Latrodectus) |
| URL | hxxp://a0981250[.]xsph[.]ru/1[.]exe | Venom RAT |
| URL | hxxps://transfer[.]adttemp[.]com[.]br/get/15ZSJM/build[.]exe | RedLine Stealer |
| URL | hxxp://103[.]14[.]48[.]254/xxx | Coinminer |
| URL | hxxps://fprwl[.]colo[.]oystergarden[.]net/editContent | FAKEUPDATES |
| URL | hxxp://45[.]11[.]92[.]124/982c183d8a9835c6[.]php | Stealc |
