不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2026/03/19
※2026/03/19 更新
マルウェア感染させると考えられるURLを検知(2026/03/19)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxps://dev-t4-host[.]fluido-v[.]cfd/verification[.]google hxxps://api-r8-remote[.]fluido-v[.]cfd/verification[.]google hxxps://cloud-w22-store[.]fluido-v[.]cfd/verification[.]google hxxps://infra-k1-static[.]ventonodal[.]cfd/verification[.]google hxxps://dist-z7-cache[.]ventonodal[.]cfd/verification[.]google hxxps://sync-v02-edge[.]ventonodal[.]cfd/verification[.]google hxxps://node-x911-auth[.]ventonodal[.]cfd/verification[.]google hxxps://zub5gp24[.]skyhub[.]digital/?=check&&actmn=yjeCznBBWdEcmCQG hxxps://04cbe3jm[.]fastbit[.]digital/?=check&&actmn=TfRmElaHjUglnKGz |
ClearFake |
| URL | hxxps://core-j1-sync[.]optic-prime[.]cfd/verification[.]google hxxps://web-303-proxy[.]optic-prime[.]cfd/verification[.]google hxxps://app-v09-data[.]optic-prime[.]cfd/verification[.]google hxxps://srv-q44-meta[.]optic-prime[.]cfd/verification[.]google hxxps://shell-t0-core[.]nauticbase[.]cfd/verification[.]google hxxps://trace-y21-alpha[.]nauticbase[.]cfd/verification[.]google hxxps://auth-l9-user[.]termoviva[.]cfd/verification[.]google hxxps://db-g1-point[.]termoviva[.]cfd/verification[.]google hxxps://base-f3-infra[.]termoviva[.]cfd/verification[.]google hxxps://net-d88-global[.]termoviva[.]cfd/verification[.]google hxxps://flow-z4-work[.]prismagrid[.]cfd/verification[.]google hxxps://hub-v22-local[.]prismagrid[.]cfd/verification[.]google hxxps://link-p9-power[.]prismagrid[.]cfd/verification[.]google hxxps://sys-s01-monitor[.]prismagrid[.]cfd/verification[.]google hxxps://gate-v5-entry[.]fluido-v[.]cfd/verification[.]google hxxps://space-x9-open[.]polar-axis[.]cfd/verification[.]google hxxps://field-z2-vast[.]polar-axis[.]cfd/verification[.]google hxxps://zone-w8-area[.]polar-axis[.]cfd/verification[.]google hxxps://rim-k11-outer[.]polar-axis[.]cfd/verification[.]google hxxps://scan-a9-point[.]curva-flux[.]cfd/verification[.]google hxxps://bridge-e1-light[.]curva-flux[.]cfd/verification[.]google hxxps://room-v5-dark[.]curva-flux[.]cfd/verification[.]google hxxps://vision-i4-sync[.]nauticbase[.]cfd/verification[.]google hxxps://ghost-u9-node[.]nauticbase[.]cfd/verification[.]google |
ACR Stealer |
| URL | hxxp://45[.]88[.]105[.]142/1[.]exe | Vidar |
| URL | hxxps://github[.]com/moyousry95/slash2/raw/refs/heads/main/Security[.]exe hxxps://github[.]com/moyousry95/slash/raw/refs/heads/main/Graphics[.]exe hxxp://156[.]233[.]71[.]230/EN/Exe/nhFRAN/interac[.]bat |
AsyncRAT |
| URL | hxxp://158[.]94[.]208[.]7/files/8468794285/4Ma9Ksk[.]exe hxxp://158[.]94[.]208[.]7/files/8283992944/RriJPMz[.]exe |
SantaStealer |
| URL | hxxp://158[.]94[.]208[.]7/files/7776573655/JHNYcS3[.]exe hxxp://158[.]94[.]209[.]95/dll hxxp://158[.]94[.]209[.]95/good hxxp://158[.]94[.]209[.]95/content hxxp://158[.]94[.]209[.]95/success hxxp://158[.]94[.]209[.]95/service hxxp://158[.]94[.]209[.]95/update hxxp://158[.]94[.]209[.]95/info |
GCleaner |
| URL | hxxps://raw[.]githubusercontent[.]com/moyousry95/slash2/refs/heads/main/payment[.]bat hxxp://156[.]233[.]71[.]230/EN/Exe/kSYMP4/MEGO-BAT[.]bat hxxp://156[.]233[.]71[.]230/EN/Exe/DBopwb/MEGO-BAT[.]bat hxxp://156[.]233[.]71[.]230:8080/EN/Exe/nhFRAN/interac[.]exe hxxps://deejay-florin[.]ro/text/img_165821[.]png hxxps://ziaintegracion[.]com/img_200618[.]png |
XWorm |
| URL | hxxp://187[.]204[.]201[.]242/1[.]exe | Meterpreter |
| URL | hxxp://158[.]94[.]208[.]7/files/7845402472/eL1aVtT[.]exe hxxps://allsydevs[.]com/image002[.]png |
PureRAT |
| URL | hxxp://85[.]121[.]148[.]88:42871/kunkun/jquery-3[.]3[.]1[.]min[.]js hxxp://wwwsec[.]top:443/jquery-3[.]3[.]1[.]min[.]js |
Cobalt Strike |
| URL | hxxps://grocery[.]brightnous[.]com/images/vxjirch/mqkrehf/vxbcdrz/gmchmkp[.]txt hxxps://sunchernical[.]com/blessed/blessed/ENCRYPT[.]Ps1 hxxps://grocery[.]brightnous[.]com/images/vxjirch/mqkrehf/vxbcdrz/ddcgagd[.]txt hxxps://grocery[.]brightnous[.]com/images/vxjirch/mqkrehf/vxbcdrz/rhaadpf[.]txt hxxps://api[.]telegram[.]org/bot8662603117:AAFyO8ngVxygO6pzvXUmDv-pwkdNtXGlI5A/sendMessage?chat_id=8722447888 |
Stealerium |
| URL | hxxps://pablo[.]yzz[.]me/img_235619[.]png hxxps://zynova[.]yzz[.]me/MSI_115222[.]png hxxps://pablo[.]yzz[.]me/img_002942[.]png hxxp://107[.]173[.]143[.]35/122/wecc/createdbestthinsgsforme[.]hta hxxps://shatrujeetpublicschool[.]com/Document/BFXUUAULRFWMGXCZJHASIGZWPXNQGYJDWXATLBWYKDVJXNTOHRUQSTWVRLYTJSCWL[.]zip hxxp://107[.]173[.]143[.]35/122/goodthingsbestforme[.]vbs |
Remcos |
| URL | hxxps://controliumbt[.]com/MSI_140830[.]png hxxps://controliumbt[.]com/img_182028[.]png |
Snake Keylogger |
| URL | hxxp://91[.]92[.]242[.]3/noesisllc[.]online/fisherzxcc/fisherxx/tgckftbiqazqkklwtwtu7vhhnh6foxc[.]js hxxps://gateway[.]lighthouse[.]storage/ipfs/bafybeigl7leimjh6izjxqapmyjzuobigsz6l7y2lvfcyrnyw5nl254m6aq hxxps://gateway[.]lighthouse[.]storage/ipfs/bafybeiahu62lb53vvmvkppzxtjfftylicgzfz67immb5yf6pyqencjug7m hxxps://gateway[.]lighthouse[.]storage/ipfs/bafybeifbptcev25ovccag6aiwvcnhfu6nqlgpsh6ojkoxqkhd7gltf3akq hxxps://wintecs[.]store/file/anaAcac[.]txt hxxps://shardaherbals[.]com/ooci/bin[.]dat |
Formbook |
| URL | hxxp://89[.]169[.]12[.]241/api/NTE3YjdjNWU1NjYzNjU2YTA1N2Y= | SmartLoader |
| URL | hxxps://webdriver-select[.]vg/pirate03[.]toolfix | CountLoader |
| URL | hxxps://api[.]telegram[.]org/bot8501998229:AAHjElZbeTaKixsNcIKfDppOh23wWVQo9bc/ | Agent Tesla |
| URL | hxxps://postoconel[.]com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/locs | Lumma Stealer |
| URL | hxxps://voginc[.]com/58hgs[.]js hxxps://voginc[.]com/js[.]php hxxps://afshapiro[.]com/search |
KongTuke |
| URL | hxxp://45[.]76[.]21[.]42/index[.]js hxxp://45[.]76[.]21[.]42/svchost[.]exe hxxp://45[.]76[.]21[.]42/3/3 |
PortStarter |
| URL | hxxp://158[.]94[.]208[.]7/files/5657278942/wTC5hgy[.]msi | EternalRocks |
| URL | hxxps://github[.]com/kakunovegorik-bit/bbvb/raw/refs/heads/main/vpn[.]exe hxxps://raw[.]githubusercontent[.]com/kakunovegorik-bit/bbvb/refs/heads/main/vpn[.]exe |
SalatStealer |
| URL | hxxps://sabrineme[.]com/asfixsoftwaredev[.]zip | QuirkyLoader |
