不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社

2023/02/10
※2023/02/10 更新
マルウェア感染させると考えられるURLを検知（2023/02/10）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://15[.]237[.]96[.]139/11[.]DOC
hxxp://15[.]237[.]96[.]139/211/vbc[.]exe
hxxp://208[.]67[.]105[.]179/prosperzx[.]exe
Agent Tesla


URL
hxxp://62[.]204[.]41[.]251/ki/rocku[.]exe
Amadey


URL
hxxps://tecnozona[.]shop/DW/Final1cr[.]exe
Aurora Stealer


URL
hxxps://ab-modul[.]ru/DocumentsV[.]7z
Ave Maria


URL
hxxp://47[.]87[.]230[.]233/chernobyl[.]arm4
hxxp://47[.]87[.]230[.]233/chernobyl[.]arm5
hxxp://47[.]87[.]230[.]233/chernobyl[.]arm6
hxxp://47[.]87[.]230[.]233/chernobyl[.]arm7
hxxp://47[.]87[.]230[.]233/chernobyl[.]i586
hxxp://47[.]87[.]230[.]233/chernobyl[.]i686
hxxp://47[.]87[.]230[.]233/chernobyl[.]m68k
hxxp://47[.]87[.]230[.]233/chernobyl[.]mips
hxxp://47[.]87[.]230[.]233/chernobyl[.]mipsel
hxxp://47[.]87[.]230[.]233/chernobyl[.]ppc
hxxp://47[.]87[.]230[.]233/chernobyl[.]sh4
hxxp://47[.]87[.]230[.]233/chernobyl[.]sparc
Bashlite


URL
hxxp://107[.]172[.]206[.]242:444/pixel[.]gif
hxxp://47[.]92[.]115[.]123:4445/socialapiVersion=1[.]1
Cobalt Strike


URL
hxxps://2fdghhoo11[.]top/doc/
hxxps://3fdghhoo11[.]top/doc/
hxxps://4fdghhoo11[.]top/doc/
hxxps://5fdghhoo11[.]top/doc/
hxxps://6fdghhoo11[.]top/doc/
hxxps://7fdghhoo11[.]top/doc/
hxxps://8fdghhoo11[.]top/doc/
hxxps://9fdghhoo11[.]top/doc/
hxxps://10fdghhoo11[.]top/doc/
hxxps://11fdghhoo11[.]top/doc/
hxxps://12fdghhoo11[.]top/doc/
hxxps://13fdghhoo11[.]top/doc/
hxxps://14fdghhoo11[.]top/doc/
hxxps://15fdghhoo11[.]top/doc/
hxxps://16fdghhoo11[.]top/doc/
hxxps://17fdghhoo11[.]top/doc/
hxxps://18fdghhoo11[.]top/doc/
hxxps://19fdghhoo11[.]top/doc/
hxxps://20fdghhoo11[.]top/doc/
hxxps://21fdghhoo11[.]top/doc/
hxxps://23fdghhoo11[.]top/doc/
hxxps://24fdghhoo11[.]top/doc/
hxxps://25fdghhoo11[.]top/doc/
hxxps://26fdghhoo11[.]top/doc/
hxxps://27fdghhoo11[.]top/doc/
hxxps://28fdghhoo11[.]top/doc/
hxxps://29fdghhoo11[.]top/doc/
hxxps://30fdghhoo11[.]top/doc/
Coper


URL
hxxps://158a3[.]samples[.]muzikcitysound[.]com/subscribeEvent
hxxps://61983[.]samples[.]muzikcitysound[.]com/subscribeEvent
FAKEUPDATES


URL
hxxp://208[.]67[.]105[.]179/zodzx[.]exe
hxxp://www[.]ingetic[.]cl/wp-content/themes/seotheme/bobolak2[.]1[.]exe
Formbook


URL
hxxp://500000wordswithpictures[.]com/connect/index[.]php
hxxp://62[.]173[.]149[.]243/scarica[.]exe
hxxp://alakheilizwe[.]org/connect/index[.]php
hxxp://inrecom[.]com/connect/index[.]php
hxxp://pgn-dkppsby[.]com/connect/index[.]php
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E1[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E2[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E3[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E4[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E5[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E6[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E7[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E8[.]zip
hxxp://pomdamour[.]net/landing/wp-content/themes/sketch/azienda/Agenzia_E9[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E1[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E2[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E3[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E4[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E5[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E6[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E7[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E8[.]zip
hxxp://vhtcomputers[.]eu/agenzia/azienda/Agenzia_E9[.]zip
hxxps://agropian[.]com/wp-content/themes/twentyfive/entrate/Agenzia[.]zip
hxxps://agropian[.]com/wp-content/themes/twentyfive/entrate/agenzia_delle_entrate[.]zip
hxxps://agropian[.]com/wp-content/themes/twentyfive/entrate/Agenzia_Entrate[.]zip
hxxps://agropian[.]com/wp-content/themes/twentyfive/entrate/AgenziaEntrate[.]zip
hxxps://agropian[.]com/wp-content/themes/twentyfive/entrate/documento[.]zip
hxxps://cupidoparamayores[.]com/groups/entrate/Agenzia[.]zip
hxxps://cupidoparamayores[.]com/groups/entrate/agenzia_delle_entrate[.]zip
hxxps://cupidoparamayores[.]com/groups/entrate/Agenzia_Entrate[.]zip
hxxps://cupidoparamayores[.]com/groups/entrate/AgenziaEntrate[.]zip
hxxps://cupidoparamayores[.]com/groups/entrate/documento[.]zip
hxxps://cupidoparamayores[.]com/groups/entrate/verificare[.]zip
hxxps://dawntakaful[.]com/wp-content/plugins/press/entrate/agenzia_delle_entrate[.]zip
hxxps://dawntakaful[.]com/wp-content/plugins/press/entrate/Agenzia_Entrate[.]zip
hxxps://dawntakaful[.]com/wp-content/plugins/press/entrate/AgenziaEntrate[.]zip
hxxps://dawntakaful[.]com/wp-content/plugins/press/entrate/documento[.]zip
hxxps://dawntakaful[.]com/wp-content/plugins/press/entrate/verificare[.]zip
hxxps://hallmapping[.]com/agenzia/online/index[.]php
hxxps://medinamaster[.]com/wp-content/plugins/press/entrate/AgenziaEntrate[.]zip
hxxps://medinamaster[.]com/wp-content/plugins/press/entrate/verificare[.]zip
hxxps://rayyankhaddi[.]com/wp-content/plugins/press/entrate/agenzia_delle_entrate[.]zip
hxxps://rayyankhaddi[.]com/wp-content/plugins/press/entrate/Agenzia_Entrate[.]zip
hxxps://rayyankhaddi[.]com/wp-content/plugins/press/entrate/AgenziaEntrate[.]zip
hxxps://rayyankhaddi[.]com/wp-content/plugins/press/entrate/documento[.]zip
hxxps://rayyankhaddi[.]com/wp-content/plugins/press/entrate/verificare[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E1[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E2[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E3[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E4[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E5[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E6[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E7[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E8[.]zip
hxxps://vonalkoddebrecen[.]hu/azienda/Agenzia_E9[.]zip
Gozi


URL
hxxp://195[.]74[.]86[.]227/five[.]exe
Laplas


URL
hxxp://185[.]246[.]220[.]85/bally/five/fre,php
LokiBot


URL
hxxp://175[.]107[.]2[.]161:42192/Mozi[.]m
Mozi


URL
hxxp://47[.]93[.]60[.]63:8000/systrem[.]exe
Nitol


URL
hxxp://mudmagazine[.]co/sa3/gate[.]php
Pony


URL
hxxp://163[.]123[.]143[.]4/EXT/mysearch[.]jpeg
hxxps://amikstiekomsu[.]ac[.]id/TranKLPort354259[.]exe
hxxps://suprimax[.]vet[.]br/css/fonts/OneCleanerInst942914[.]exe
PrivateLoader


URL
hxxp://146[.]59[.]43[.]159/780683[.]dat
hxxp://174[.]139[.]150[.]45/653219[.]dat
hxxp://45[.]155[.]37[.]170/300332[.]dat
hxxp://45[.]77[.]63[.]210/760433[.]dat
hxxp://5[.]42[.]221[.]116/197928[.]dat
hxxp://85[.]239[.]41[.]55/703558[.]dat
hxxp://87[.]236[.]146[.]155/553145[.]dat
hxxp://98[.]142[.]254[.]89/452845[.]dat
hxxp://ozcontests[.]com/tE3xt/01[.]png
hxxp://qualityrepairatdoor[.]com/lmSQNui/01[.]png
hxxp://sahifatinews[.]com/jZbaw/01[.]png
hxxp://thetwindollar[.]com/L7PJjN/01[.]png
QakBot


URL
hxxp://62[.]204[.]41[.]251/orta/dubna[.]exe
hxxp://62[.]204[.]41[.]251/sokr/igla[.]exe
RedLine Stealer


URL
hxxp://109[.]206[.]240[.]64/ECM[.]exe
Remcos


URL
hxxp://38[.]153[.]157[.]57/411/vbc[.]exe
Snake Keylogger




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。