不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様2社 -
2025/09/19
※2025/09/19 更新
マルウェア感染させると考えられるURLを検知(2025/09/19)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://196[.]251[.]73[.]58/H2/mexx[.]exe hxxp://107[.]174[.]212[.]72/shimwed[.]vbs hxxps://arkanmep[.]com/q[.]jpg hxxps://arkanmep[.]com/old/K[.]txt |
Agent Tesla |
| URL | hxxp://205[.]185[.]121[.]141/sex[.]sh hxxp://103[.]118[.]28[.]144/hidakibest[.]sh hxxp://205[.]185[.]121[.]141/586 hxxp://205[.]185[.]121[.]141/x86 hxxp://205[.]185[.]121[.]141/sh4 hxxp://205[.]185[.]121[.]141/mips hxxp://205[.]185[.]121[.]141/m68k hxxp://205[.]185[.]121[.]141/arm61 hxxp://205[.]185[.]121[.]141/i686 hxxp://205[.]185[.]121[.]141/ppc hxxp://205[.]185[.]121[.]141/dss hxxp://205[.]185[.]121[.]141/co hxxp://205[.]185[.]121[.]141/mipsel hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]i686 hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]arm7 hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]x86 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]m68k hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]mips hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]ppc hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]i586 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]sh4 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]arm4 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]arm6 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]i586 hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]m68k hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]arm5 hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]arm4 hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]sparc hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]ppc hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]sparc hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]i686 hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]arm5 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]x86 hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]sh4 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]arm7 hxxp://us-1[.]apollohost[.]xyz/aoxbot[.]mips hxxp://s1[.]prostreamx[.]xyz/bins[.]sh hxxp://s1[.]prostreamx[.]xyz/aoxbot[.]arm6 hxxp://us-1[.]apollohost[.]xyz/bins[.]sh |
Bashlite |
| URL | hxxp://176[.]46[.]152[.]62:5858/493d0dfa7e0a46fe89bdfab48f9ce98f_crypted_build[.]exe | Rhadamanthys |
| URL | hxxp://185[.]208[.]158[.]56/Drop[.]png | Quasar RAT |
| URL | hxxp://144[.]31[.]221[.]122:6060/capcha9856 hxxp://144[.]31[.]221[.]122:6060/19 hxxps://porsasystem[.]com/6m9x[.]js hxxps://porsasystem[.]com/js[.]php hxxp://144[.]31[.]221[.]122:8888/19 |
KongTuke |
| URL | hxxps://retiregenz[.]com/d[.]js hxxps://everyday2gether[.]info/res/ethics hxxps://loadstopdocs[.]com/carrierpacket/FullCarrierPacket[.]exe hxxps://fortiseadon[.]com/res/panicagenttime hxxps://numberpold[.]com/ajax/pixi[.]min[.]js |
NetSupportManager RAT |
| URL | hxxps://vitambio[.]shop/xakd hxxp://178[.]16[.]54[.]200/files/1540890878/ws92P1k[.]exe hxxp://178[.]16[.]54[.]200/files/8052963817/Y51XUme[.]exe hxxps://github[.]com/ellerysy/bss/raw/refs/heads/main/main8[.]exe |
Lumma Stealer |
| URL | hxxp://196[.]251[.]73[.]58/host/solution[.]ps1 hxxp://178[.]16[.]54[.]200/files/8125593549/Q4pQKhS[.]exe hxxp://96[.]44[.]159[.]216/134/IMAGES___00040599696969949EEFF[.]hta hxxp://107[.]175[.]246[.]22/img/zyn/IMAGESG____099988777669900099009EEEEEEEEEE[.]hta |
PureLogs Stealer |
| URL | hxxp://196[.]251[.]73[.]58/Home/h20remcos[.]ps1 hxxp://196[.]251[.]73[.]58/H2/rr[.]ps1 hxxps://www[.]logpasta[.]com/paste/raw/1c265914-0753-4f96-bf51-f769dd686bed[.]txt hxxp://107[.]175[.]246[.]22/img/kbz/CleanImages___0049569600797079799797997[.]hta hxxp://196[.]251[.]73[.]58/H2/Server_Encrypted2[.]ps1 |
Remcos |
| URL | hxxp://45[.]61[.]149[.]68:8000/vi1433[.]exe | Metasploit |
| URL | hxxps://educa[.]rr[.]gov[.]br/resources/img/1[.]png hxxp://mthreebm[.]gt[.]tc/arquivo_20250916220521[.]txt hxxp://mthreebm[.]gt[.]tc/arquivo_20250917192237[.]txt hxxp://pureductsmi[.]xo[.]je/arquivo_20250918071505[.]txt hxxp://vitrolifegroup[.]gt[.]tc/arquivo_20250917173356[.]txt hxxp://pureductsmi[.]xo[.]je/arquivo_20250917100119[.]txt |
Formbook |
| URL | hxxp://rafts[.]top/HVC[.]exe hxxp://rafts[.]top/MMM[.]exe |
BluStealer |
| URL | hxxp://91[.]92[.]240[.]104/vq7qNSPpTLL2NJm[.]exe hxxps://api[.]telegram[.]org/bot8217021378:AAEww4SRG-pA_21rVpw9T0B7udyqZlECZLc/sendMessage?chat_id=6615017086 |
Snake Keylogger |
| URL | hxxp://104[.]168[.]54[.]139:18444/NhDc hxxp://117[.]72[.]222[.]203/02[.]08[.]2022[.]exe hxxp://1[.]15[.]174[.]189/02[.]08[.]2022[.]exe hxxp://61[.]155[.]145[.]182:8090/02[.]08[.]2022[.]exe hxxp://1[.]15[.]134[.]238:10089/02[.]08[.]2022[.]exe hxxp://103[.]144[.]245[.]250:2080/02[.]08[.]2022[.]exe hxxp://47[.]120[.]23[.]221:8080/02[.]08[.]2022[.]exe hxxp://4[.]201[.]106[.]183/02[.]08[.]2022[.]exe hxxp://43[.]139[.]146[.]100/02[.]08[.]2022[.]exe hxxp://115[.]190[.]127[.]112:82/02[.]08[.]2022[.]exe hxxp://190[.]102[.]43[.]29/02[.]08[.]2022[.]exe hxxp://82[.]157[.]232[.]157:10443/02[.]08[.]2022[.]exe hxxp://42[.]51[.]34[.]56:8011/02[.]08[.]2022[.]exe hxxp://124[.]71[.]106[.]116:8111/02[.]08[.]2022[.]exe hxxp://106[.]13[.]137[.]229:7777/02[.]08[.]2022[.]exe hxxp://103[.]115[.]64[.]166:443/02[.]08[.]2022[.]exe hxxp://154[.]23[.]243[.]186:9966/02[.]08[.]2022[.]exe hxxp://1[.]15[.]134[.]238:6667/02[.]08[.]2022[.]exe hxxp://47[.]94[.]38[.]41:1080/02[.]08[.]2022[.]exe hxxp://47[.]117[.]174[.]198:8080/02[.]08[.]2022[.]exe hxxp://43[.]138[.]139[.]240/02[.]08[.]2022[.]exe hxxp://47[.]120[.]70[.]161/02[.]08[.]2022[.]exe hxxp://47[.]108[.]217[.]44:8848/02[.]08[.]2022[.]exe |
Cobalt Strike |
| URL | hxxp://178[.]16[.]54[.]200/files/1781548144/84gl8zP[.]exe hxxps://api[.]telegram[.]org/bot8359555422:AAE0OIsErTuFgZljJ4w38RYirJSlzW1cI2M/sendMessage?chat_id=7787132136 |
AsyncRAT |
| URL | hxxps://api[.]telegram[.]org/bot8382114271:AAHSbVPDbET_crWmchBbXRYm9X0nm-CRunM/sendMessage?chat_id=7629232865 | MASS Logger |
| URL | hxxps://t7[.]z-72[.]ru/yqlxr9k59h[.]webm hxxps://q[.]d1a8[.]ru/vk[.]check/?t=1o2i7xdz hxxps://t7[.]z-72[.]ru/t7vu1voehv[.]webm hxxps://aw[.]g6i2[.]ru/0xj[.]google/?t=u1txkgup hxxps://h[.]z-72[.]ru/uncglhmvfl[.]webm hxxps://am[.]g6i2[.]ru/6h9[.]check/?t=ci5ped7v hxxps://q5[.]f-11[.]ru/s876xtxtg5[.]webm hxxps://aq[.]k9u1[.]ru/gv[.]google/?t=c028ialc hxxps://c[.]f-11[.]ru/eidizqidxw[.]webm hxxps://ag[.]d1a8[.]ru/qn0[.]check/?t=xxg051xv hxxps://v[.]d1a8[.]ru/vg0[.]check/?t=j9u6a5df hxxps://wm9[.]z-72[.]ru/8giapubhnc[.]webm hxxps://wm9[.]z-72[.]ru/tskr5mj325[.]webm hxxps://bf[.]d1a8[.]ru/fdn[.]check/?t=l4e9wt7c hxxps://j[.]p-81[.]ru/sgc1bp9hgy[.]webm hxxps://l[.]k9u1[.]ru/z0t[.]google/?t=zzyv2xak hxxps://zr3[.]f-11[.]ru/livh4w656m[.]webm hxxps://bc[.]k9u1[.]ru/c1x[.]google/?t=upm0lm3r hxxps://q5[.]f-11[.]ru/gc3t1xfim6[.]webm hxxps://ae[.]k9u1[.]ru/k5[.]check/?t=27wytcat hxxps://m1[.]p-81[.]ru/rdpphh3k47[.]webm hxxps://bu[.]l9a5[.]ru/q2q[.]google/?t=oa1waiuy hxxps://m1[.]p-81[.]ru/k59v3032fi[.]webm hxxps://al[.]l9a5[.]ru/0e[.]google/?t=3q5m3t4h hxxps://g[.]l9a5[.]ru/nu9[.]google/?t=rtbazfeu hxxps://j[.]p-81[.]ru/teahndlc5p[.]webm hxxps://d[.]x-05[.]ru/thybihffls[.]webm hxxps://bo[.]h8y0[.]ru/jy6[.]google/?t=onwovyqh hxxps://d[.]x-05[.]ru/s0z39jnnve[.]webm hxxps://t[.]h8y0[.]ru/n78[.]google/?t=sfilcxfv hxxps://d[.]x-05[.]ru/o6o5jzmblh[.]webm hxxps://a[.]l9a5[.]ru/p74[.]check/?t=afuva62s hxxps://pq5[.]x-05[.]ru/t7dx96pfba[.]webm hxxps://ar[.]q8e5[.]ru/3on[.]check/?t=n5o93h2b hxxps://u3[.]x-05[.]ru/odjc122h07[.]webm hxxps://b[.]h8y0[.]ru/sv[.]google/?t=5st9z8yt hxxps://d[.]x-05[.]ru/84gpwx8964[.]webm hxxps://y[.]h8y0[.]ru/rm[.]check/?t=vo9pk5wy hxxps://e[.]z-67[.]ru/60x9pvtjvq[.]webm hxxps://bs[.]q8e5[.]ru/a0[.]google/?t=kns6qlwg hxxps://k2[.]z-67[.]ru/vvkw4dbuor[.]webm hxxps://m9[.]tem5[.]ru/2f3[.]google/?t=nag58qla hxxps://k2[.]z-67[.]ru/vqtn65uwis[.]webm hxxps://a[.]tem5[.]ru/yk[.]check/?t=jflhjdex hxxps://e[.]z-67[.]ru/ysjzdneyuj[.]webm hxxps://r[.]q8e5[.]ru/tf[.]check/?t=s1a8hap2 hxxps://l[.]n-98[.]ru/pkgxixovsd[.]webm hxxps://x2n[.]tem5[.]ru/abq1[.]google/?t=yr9soqmr hxxps://ty3[.]z-67[.]ru/8ycnccrql6[.]webm hxxps://qk[.]tem5[.]ru/z7p[.]check/?t=8a1j2y8q hxxps://tx[.]fid1[.]ru/0a3[.]google/?t=ssjt2n61 hxxps://qw2[.]n-98[.]ru/vigwux4ot8[.]webm hxxps://h4[.]n-98[.]ru/t0tq4vxyet[.]webm hxxps://2q[.]fid1[.]ru/np7[.]check/?t=4bczg6ki hxxps://p9[.]juq0[.]ru/rue9uakncf[.]webm hxxps://q7[.]ror6[.]ru/d1p[.]check/?t=m1tk8bae hxxps://k[.]juq0[.]ru/yt4a3j1amv[.]webm hxxps://z[.]ror6[.]ru/hm[.]google/?t=nva5swiy hxxps://m1f[.]fid1[.]ru/zwq[.]check/?t=xerz8wvf hxxps://k[.]juq0[.]ru/pifhxc19jz[.]webm hxxps://xq8[.]juq0[.]ru/6i2wm9fnps[.]webm hxxps://u1r[.]ror6[.]ru/ttn4[.]check/?t=ly2xuslb hxxps://p9[.]juq0[.]ru/s3wuhedauz[.]webm hxxps://be[.]ror6[.]ru/49[.]google/?t=awryo9l1 hxxps://n[.]wuk0[.]ru/3y[.]google/?t=tmau05yx hxxps://t[.]zik9[.]ru/o2n5m9nhu4[.]webm hxxps://t[.]zik9[.]ru/o1vmicsyvt[.]webm hxxps://k3[.]wuk0[.]ru/lz8[.]check/?t=toy02k6m |
ClearFake |
| URL | hxxps://178[.]16[.]54[.]200/f8nus4b/index[.]php hxxps://185[.]196[.]10[.]34/b8sdjsdkS/index[.]php hxxps://185[.]196[.]10[.]34/b8sdjsdkS/Login[.]php hxxp://178[.]16[.]54[.]200/f8nus4b/index[.]php hxxp://178[.]16[.]54[.]200/f8nus4b/Login[.]php |
Amadey |
| URL | hxxp://62[.]60[.]226[.]114/19c793e4ebd94a2f[.]php hxxp://145[.]249[.]115[.]85/5092799c709b4b87[.]php hxxp://185[.]208[.]156[.]150/094b49835e344ed9[.]php hxxp://91[.]200[.]14[.]213/49f5811b512cd8e8[.]php hxxp://159[.]223[.]136[.]7/ebc036eae50241c6[.]php hxxp://95[.]215[.]207[.]65/3b25206b5df94a91[.]php hxxp://77[.]90[.]153[.]129/9ab2b73ab8b94d87[.]php hxxp://34[.]162[.]122[.]142/a7595815107a4684[.]php hxxp://178[.]16[.]54[.]200/files/5917492177/LcCagbQ[.]exe hxxp://chrome1update[.]shop/afc4f85e6b33b2f0[.]php |
Stealc |
| URL | hxxps://bjxqd[.]com/reg | Broomstick |
| URL | hxxps://valoikdortordas[.]com/work/ hxxps://h1asoplooproe[.]com/work/ |
Latrodectus |
| URL | hxxp://141[.]11[.]164[.]20:8080/file/v209update[.]pdf | MetaStealer |
| URL | hxxp://188[.]122[.]242[.]178/Photo[.]scr hxxp://188[.]122[.]242[.]178/%D0%9F%D0%B8%D0%BB%D0%BE%D1%82/Photo[.]scr hxxp://188[.]122[.]242[.]178/Video[.]scr hxxp://188[.]122[.]242[.]178/%D0%9F%D0%B8%D0%BB%D0%BE%D1%82/AV[.]scr hxxp://188[.]122[.]242[.]178/%D0%9F%D0%B8%D0%BB%D0%BE%D1%82/Video[.]scr hxxp://188[.]122[.]242[.]178/AV[.]scr |
Coinminer |
