サイバーリスク情報提供 Dアラート 特許取得済み

不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様0 URLアクセスした
弊社お客様0
2023/03/02
※2023/03/02 更新
マルウェア感染させると考えられるURLを検知(2023/03/02) 
■IoC(※1)





Type:
IOC:
Signature:




URL
hxxp://193[.]233[.]20[.]21/lebro[.]exe
Amadey




URL
hxxp://80[.]240[.]19[.]194:9000/ga[.]js
hxxps://152[.]89[.]247[.]45/register/PDF/MTGZD6VC
hxxps://jovuwidane[.]com/register/PDF/MTGZD6VC
hxxps://104[.]225[.]131[.]58:8080/download/v3[.]4/ISLW04TTZ
hxxps://caputono[.]com:8080/download/v3[.]4/ISLW04TTZ
hxxp://91[.]206[.]93[.]139:8080/jquery-3[.]3[.]1[.]min[.]js
hxxp://31[.]44[.]184[.]232/g[.]pixel
hxxps://152[.]89[.]247[.]149/Split/configure/0TA39FV4P4Y
hxxps://ravomariri[.]com/Split/configure/0TA39FV4P4Y
hxxp://42[.]51[.]49[.]171:81/visit[.]js		
Cobalt Strike




URL
hxxp://xjuxjt32[.]top/gate[.]php
CryptBot




URL
hxxps://mbal-karlovo[.]com/impresa/
hxxp://109[.]248[.]11[.]15/network[.]exe
hxxp://primusth[.]com/connect/index[.]php
hxxps://juba-web[.]com/impresa/
hxxps://oneweekday[.]com/impresa/impresa[.]ppa
hxxps://uzuri-shop[.]com/impresa/Marzo[.]ppa
hxxps://ultradroneafrica[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://ultradroneafrica[.]com/impresa/Marzo[.]ppa
hxxps://samikshashetty[.]com/impresa/contratto[.]ppa
hxxps://mbal-karlovo[.]com/impresa/impresa[.]ppa
hxxps://solonotizie[.]com/impresa/Direzione[.]ppa
hxxps://mbal-karlovo[.]com/impresa/Direzione[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/
hxxps://medicalbillingandtelehealth[.]com/impresa/cliente[.]ppa
hxxps://fortdelgres[.]com/impresa/contratto[.]ppa
hxxps://design[.]stellrit[.]com/impresa/cliente[.]ppa
hxxps://clublameute[.]com/impresa/Agenzia[.]ppa
hxxps://uzuri-shop[.]com/impresa/impresa[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://design[.]stellrit[.]com/impresa/
hxxps://juba-web[.]com/impresa/documenti[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/documenti[.]ppa
hxxps://clublameute[.]com/impresa/impresa[.]ppa
hxxps://design[.]stellrit[.]com/impresa/contratto[.]ppa
hxxps://design[.]stellrit[.]com/impresa/Agenzia[.]ppa
hxxp://asaims[.]co/connect/index[.]php
hxxps://uzuri-shop[.]com/impresa/contratto[.]ppa
hxxps://design[.]stellrit[.]com/impresa/documenti[.]ppa
hxxps://solonotizie[.]com/impresa/contratto[.]ppa
hxxps://solonotizie[.]com/impresa/Marzo[.]ppa
hxxps://samikshashetty[.]com/impresa/azienda[.]ppa
hxxps://design[.]stellrit[.]com/impresa/Direzione[.]ppa
hxxp://109[.]248[.]11[.]155/network[.]exe
hxxps://solonotizie[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://uzuri-shop[.]com/impresa/Agenzia[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://samikshashetty[.]com/impresa/
hxxps://alligatorplataformas[.]com/impresa/cliente[.]ppa
hxxps://oneweekday[.]com/impresa/
hxxps://oneweekday[.]com/impresa/Agenzia[.]ppa
hxxps://oneweekday[.]com/impresa/cliente[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/contratto[.]ppa
hxxps://oneweekday[.]com/impresa/AgenziaEntrate[.]ppa
hxxp://191[.]101[.]2[.]39/installazione[.]exe
hxxps://medicalbillingandtelehealth[.]com/impresa/Agenzia[.]ppa
hxxps://mbal-karlovo[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://uzuri-shop[.]com/impresa/documenti[.]ppa
hxxps://solonotizie[.]com/impresa/impresa[.]ppa
hxxps://design[.]stellrit[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://alligatorplataformas[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://fortdelgres[.]com/impresa/Agenzia[.]ppa
hxxps://design[.]stellrit[.]com/impresa/Marzo[.]ppa
hxxps://fortdelgres[.]com/impresa/Marzo[.]ppa
hxxps://uzuri-shop[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://juba-web[.]com/impresa/contratto[.]ppa
hxxps://mbal-karlovo[.]com/impresa/documenti[.]ppa
hxxps://solonotizie[.]com/impresa/
hxxps://clublameute[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/Marzo[.]ppa
hxxps://samikshashetty[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://uzuri-shop[.]com/impresa/azienda[.]ppa
hxxps://solonotizie[.]com/impresa/Agenzia[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/Agenzia[.]ppa
hxxps://juba-web[.]com/impresa/Direzione[.]ppa
hxxps://alligatorplataformas[.]com/impresa/contratto[.]ppa
hxxps://ultradroneafrica[.]com/impresa/
hxxps://mbal-karlovo[.]com/impresa/Marzo[.]ppa
hxxps://uzuri-shop[.]com/impresa/
hxxps://fortdelgres[.]com/impresa/
hxxps://oneweekday[.]com/impresa/documenti[.]ppa
hxxps://oneweekday[.]com/impresa/Marzo[.]ppa
hxxps://ultradroneafrica[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://juba-web[.]com/impresa/Agenzia[.]ppa
hxxps://oneweekday[.]com/impresa/Direzione[.]ppa
hxxps://oneweekday[.]com/impresa/azienda[.]ppa
hxxps://oneweekday[.]com/impresa/contratto[.]ppa
hxxps://clublameute[.]com/impresa/cliente[.]ppa
hxxps://ultradroneafrica[.]com/impresa/impresa[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/azienda[.]ppa
hxxps://alligatorplataformas[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://ultradroneafrica[.]com/impresa/azienda[.]ppa
hxxps://fortdelgres[.]com/impresa/azienda[.]ppa
hxxps://fortdelgres[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://uzuri-shop[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/Direzione[.]ppa
hxxps://juba-web[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/impresa[.]ppa
hxxps://solonotizie[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://samikshashetty[.]com/impresa/Direzione[.]ppa
hxxps://clublameute[.]com/impresa/azienda[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/cliente[.]ppa
hxxps://oneweekday[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://fortdelgres[.]com/impresa/cliente[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://fortdelgres[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://alligatorplataformas[.]com/impresa/Marzo[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/contratto[.]ppa
hxxps://clublameute[.]com/impresa/
hxxps://clublameute[.]com/impresa/documenti[.]ppa
hxxps://clublameute[.]com/impresa/Direzione[.]ppa
hxxps://clublameute[.]com/impresa/Marzo[.]ppa
hxxps://clublameute[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://juba-web[.]com/impresa/Marzo[.]ppa
hxxps://juba-web[.]com/impresa/cliente[.]ppa
hxxps://clublameute[.]com/impresa/contratto[.]ppa
hxxps://samikshashetty[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://uzuri-shop[.]com/impresa/cliente[.]ppa
hxxps://juba-web[.]com/impresa/AgenziaEntrate[.]ppa
hxxps://juba-web[.]com/impresa/azienda[.]ppa
hxxps://uzuri-shop[.]com/impresa/Direzione[.]ppa
hxxps://juba-web[.]com/impresa/impresa[.]ppa
hxxps://alligatorplataformas[.]com/impresa/azienda[.]ppa
hxxps://alligatorplataformas[.]com/impresa/Direzione[.]ppa
hxxps://alligatorplataformas[.]com/impresa/impresa[.]ppa
hxxps://alligatorplataformas[.]com/impresa/documenti[.]ppa
hxxps://samikshashetty[.]com/impresa/Agenzia[.]ppa
hxxps://samikshashetty[.]com/impresa/impresa[.]ppa
hxxps://samikshashetty[.]com/impresa/Marzo[.]ppa
hxxps://samikshashetty[.]com/impresa/documenti[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/documenti[.]ppa
hxxps://samikshashetty[.]com/impresa/cliente[.]ppa
hxxps://fotografogianpaolosoldatini[.]com/impresa/
hxxps://solonotizie[.]com/impresa/documenti[.]ppa
hxxps://alligatorplataformas[.]com/impresa/
hxxps://fortdelgres[.]com/impresa/documenti[.]ppa
hxxps://design[.]stellrit[.]com/impresa/impresa[.]ppa
hxxps://ultradroneafrica[.]com/impresa/cliente[.]ppa
hxxps://design[.]stellrit[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://ultradroneafrica[.]com/impresa/contratto[.]ppa
hxxps://mbal-karlovo[.]com/impresa/azienda[.]ppa
hxxps://fortdelgres[.]com/impresa/Direzione[.]ppa
hxxps://ultradroneafrica[.]com/impresa/documenti[.]ppa
hxxps://design[.]stellrit[.]com/impresa/azienda[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/impresa[.]ppa
hxxps://mbal-karlovo[.]com/impresa/cliente[.]ppa
hxxps://mbal-karlovo[.]com/impresa/Agenzia_Entrate[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/Direzione[.]ppa
hxxps://ultradroneafrica[.]com/impresa/Direzione[.]ppa
hxxp://gplongxuyen[.]org/connect/index[.]php
hxxps://medicalbillingandtelehealth[.]com/impresa/Marzo[.]ppa
hxxps://medicalbillingandtelehealth[.]com/impresa/azienda[.]ppa
hxxps://fortdelgres[.]com/impresa/impresa[.]ppa
hxxps://solonotizie[.]com/impresa/azienda[.]ppa
hxxps://ultradroneafrica[.]com/impresa/Agenzia[.]ppa
hxxps://solonotizie[.]com/impresa/cliente[.]ppa
hxxps://mbal-karlovo[.]com/impresa/Agenzia[.]ppa
hxxps://mbal-karlovo[.]com/impresa/contratto[.]ppa		
Gozi




URL
hxxp://31[.]220[.]52[.]23/bot/regex
Laplas




URL
hxxp://208[.]67[.]105[.]148/kffy/five/fre[.]php
hxxp://185[.]246[.]220[.]60/office/five/fre[.]php		
LokiBot




URL
hxxp://777[.]ultihost[.]net/2[.]jpg
hxxp://777[.]ultihost[.]net/4[.]jpg
hxxp://777[.]ultihost[.]net/6[.]jpg
hxxp://777[.]ultihost[.]net/7[.]jpg
hxxp://777[.]ultihost[.]net/5[.]jpg
hxxp://777[.]ultihost[.]net/1[.]jpg
hxxp://777[.]ultihost[.]net/3[.]jpg		
Oski Stealer




URL
hxxp://45[.]155[.]204[.]13/cryp[.]exe
hxxp://193[.]233[.]20[.]21/male/birma[.]exe		
RedLine Stealer




URL
hxxp://www[.]cpasdrole[.]com/handdiy_4[.]exe
Socelars




URL
hxxp://94[.]142[.]138[.]139:16804/authed/
hxxp://45[.]154[.]98[.]191:7441/authed/
hxxp://77[.]73[.]134[.]33:4510/authed/
hxxp://94[.]142[.]138[.]145:5000/authed/
hxxp://94[.]142[.]138[.]10:5000/authed/
hxxp://89[.]23[.]98[.]188:5000/authed/		
TitanStealer




URL
hxxp://198[.]12[.]123[.]17:6040/Vre
Vjw0rm






※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況(※2)
▽i-FILTER(※3)
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

※ 特許取得済み(特許6716051号)/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Dアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」
▲「i-FILTER@Cloud Dアラート配信レポートサービス」の詳細はこちらから
イベント・セミナー情報