不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2023/04/11
※2023/04/11 更新
マルウェア感染させると考えられるURLを検知(2023/04/11)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://109[.]206[.]243[.]208/2[.]exe | RedLine Stealer |
| URL | hxxp://51[.]161[.]64[.]200/Dle7Wp/ProtonUniversalUpdate/tracklowApi/2to/PythonTrafficDump/08/external/8/LowRequestDumpUploads/Geo2/4Pollgeo2/UpdatelongpollSqlAsync/670f86479e7a82b5a0fff7ff96896db823fc0052[.]bin | Formbook |
| URL | hxxp://51[.]161[.]64[.]200/Dle7Wp/ProtonUniversalUpdate/tracklowApi/2to/PythonTrafficDump/08/external/8/LowRequestDumpUploads/Geo2/4Pollgeo2/UpdatelongpollSqlAsync/c4d7bf2bcba3816ef7bb5ad6bafab2185617c3f1[.]bin hxxp://51[.]161[.]64[.]200/Dle7Wp/ProtonUniversalUpdate/tracklowApi/2to/PythonTrafficDump/08/external/8/LowRequestDumpUploads/Geo2/4Pollgeo2/UpdatelongpollSqlAsync/ed2fceb95061cae49d67c4282c8cabc04d4783ee[.]bin |
DCRat |
| URL | hxxp://162[.]55[.]214[.]47/8569064d5363f710[.]php hxxp://193[.]109[.]85[.]62/43e18f2a3b646c54[.]php hxxp://193[.]109[.]85[.]63/ef0b5c6106fc176f[.]php hxxp://212[.]118[.]53[.]103/abdf030235da153b[.]php hxxp://167[.]235[.]49[.]73/a8ae018f1ad770f9[.]php hxxp://80[.]66[.]79[.]48/79a4685f16037964[.]php hxxp://80[.]66[.]79[.]48/ae304807cc9a759f/nss3[.]dll hxxp://80[.]66[.]79[.]48/ae304807cc9a759f/vcruntime140[.]dll hxxp://80[.]66[.]79[.]48/ae304807cc9a759f/softokn3[.]dll hxxp://80[.]66[.]79[.]48/ae304807cc9a759f/msvcp140[.]dll hxxp://80[.]66[.]79[.]48/ae304807cc9a759f/mozglue[.]dll hxxp://80[.]66[.]79[.]48/ae304807cc9a759f/sqlite3[.]dll hxxp://80[.]66[.]79[.]48/ae304807cc9a759f/freebl3[.]dll |
Stealc |
| URL | hxxp://62[.]204[.]41[.]48:92/__utm[.]gif hxxp://62[.]204[.]41[.]44/cx hxxp://120[.]46[.]219[.]85:808/jquery-3[.]3[.]1[.]min[.]js hxxps://134[.]122[.]170[.]68/load hxxp://123[.]249[.]41[.]238/__utm[.]gif hxxps://81[.]68[.]136[.]116/match hxxps://121[.]229[.]23[.]156:4434/__utm[.]gif hxxp://1[.]117[.]228[.]211:8888/api hxxps://104[.]244[.]79[.]172/match hxxps://45[.]207[.]49[.]206:2080/j[.]ad hxxps://121[.]229[.]23[.]156:1443/visit[.]js hxxp://134[.]122[.]170[.]68:8080/cx hxxp://45[.]207[.]49[.]206:2090/pixel[.]gif hxxp://18[.]183[.]148[.]215:8080/dot[.]gif hxxps://139[.]198[.]155[.]226:8443/www/handle/doc hxxp://82[.]157[.]43[.]174/IE9CompatViewList[.]xml hxxp://120[.]48[.]51[.]84:82/dot[.]gif hxxps://120[.]48[.]71[.]139/dot[.]gif hxxps://ternocorg[.]cf/activity hxxp://54[.]157[.]253[.]23/jquery-3[.]3[.]1[.]min[.]js hxxp://162[.]14[.]115[.]220/__utm[.]gif hxxp://43[.]136[.]14[.]250:8080/visit[.]js hxxp://154[.]40[.]42[.]101:8080/search/ hxxp://103[.]90[.]160[.]144:9088/c/msdownload/update/others/2020/10/29136388_ hxxp://108[.]165[.]178[.]42:8080/pixel hxxp://47[.]115[.]211[.]116/sugrec hxxp://1[.]15[.]141[.]252/ptj hxxps://ns-1953dns[.]ns-google[.]com/jquery-3[.]3[.]1[.]min[.]js hxxps://3[.]36[.]51[.]139/load hxxps://3[.]36[.]51[.]139/submit[.]php hxxps://8[.]212[.]179[.]114/ga[.]js hxxps://103[.]42[.]214[.]102/www/handle/doc hxxps://120[.]26[.]46[.]50:7389/IE9CompatViewList[.]xml hxxp://syncupserver[.]com:8080/sq[.]js hxxp://106[.]52[.]244[.]189:10001/match hxxp://120[.]78[.]133[.]177:2222/match hxxps://online[.]microsoft-online[.]top:2096/www/handle/doc hxxp://101[.]43[.]127[.]45:9988/dot[.]gif hxxp://43[.]142[.]40[.]194:8880/cx hxxp://101[.]43[.]115[.]39:8088/match hxxp://syncupserver[.]com/rw hxxp://185[.]212[.]60[.]42:10333/IE9CompatViewList[.]xml hxxp://31[.]25[.]88[.]156:10333/load hxxp://81[.]161[.]229[.]120/Alert/v9[.]64/9AYF79FN6P hxxps://9348[.]cn/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxp://85[.]117[.]234[.]181:8096/ga[.]js hxxp://101[.]43[.]115[.]39:2222/dpixel hxxps://81[.]161[.]229[.]120/Alert/v9[.]64/9AYF79FN6P hxxps://173[.]234[.]155[.]100/Level/standard/6H66LDBF hxxps://goyususoke[.]info/Level/standard/6H66LDBF hxxps://microsoft-store[.]zliufu[.]shop:8443/fd/ls/ hxxps://42[.]192[.]38[.]240:9023/load hxxps://101[.]43[.]127[.]45/IE9CompatViewList[.]xml hxxps://eserverlink[.]com/logo hxxps://121[.]196[.]214[.]119:65004/g[.]pixel hxxp://101[.]43[.]169[.]247:8080/updates[.]rss hxxp://eserverlink[.]com/mobile-android[.]css hxxps://syncupserver[.]com/lt[.]js hxxp://82[.]157[.]232[.]246:39001/push hxxp://82[.]157[.]161[.]99:8082/ptj hxxps://173[.]234[.]155[.]100:8080/Level/standard/6H66LDBF hxxps://goyususoke[.]info:8080/Level/standard/6H66LDBF hxxps://msupd[.]wimdowupdate[.]com/css/jquery[.]min[.]js |
Cobalt Strike |
| URL | hxxp://ubyrcy12[.]top/gate[.]php | CryptBot |
| URL | hxxps://marketplace[.]walmart[.]lc/download[.]php | Lumma Stealer |
| URL | hxxps://www[.]tractorandinas[.]com/dscontent/screenshotcontents/vsdhfvzgsfvzshfszhdfrff[.]exe | AsyncRAT |
| URL | hxxp://185[.]106[.]92[.]23/shared/Ruzvelt[.]exe hxxp://128[.]140[.]13[.]168/download[.]zip hxxp://95[.]217[.]233[.]36/download[.]zip |
Vidar |
| URL | hxxp://bll5e[.]shop/dbkl/index[.]php | Azorult |
| URL | hxxps://goldenmoviesawards[.]com/kMx/ hxxps://chancerylaw[.]net/JgzJX/ hxxps://hazonchurch[.]org/az4/ hxxps://ride1atv[.]com/I8STWq/ hxxps://ingenieriacamporiego[.]com/ZaO/ hxxps://myanmargolffederation[.]org/G22/ hxxps://internationalvocalcoach[.]com/3qAZw/ hxxps://estudiovictorpacheco[.]com/ZkWkl/ hxxps://lesdelicesdeyannick[.]com/EmF/ hxxps://androidposme[.]com/oR6B5H1/ hxxps://fortune[.]travel/4dAe/ hxxps://getbuttn[.]com/MDh/ hxxps://teleguiando[.]com/gHZo4/ hxxps://runsandtrails[.]com/eov/eov[.]php hxxps://tabticaret[.]com/ede/ede[.]php hxxps://revistas[.]upp[.]edu[.]pe/lt/lt[.]php hxxps://vtiger[.]fhs[.]cloud/mauq/mauq[.]php hxxps://unityhyip[.]com/uumu/uumu[.]php hxxps://qb365[.]biz/set/set[.]php hxxp://codas-thompson[.]com[.]py/el/el[.]php hxxps://glorious-techbd[.]com/osm/osm[.]php hxxps://abcmontessori[.]co[.]in/uq/uq[.]php hxxps://areebacollection[.]com/mi/mi[.]php hxxps://itax[.]ke/iue/iue[.]php hxxp://bsdbd[.]com/eoo/eoo[.]php hxxps://237mart[.]com/inpr/inpr[.]php hxxps://godataworld[.]com/cap/cap[.]php hxxps://egycomp[.]net/mmn/mmn[.]php hxxp://etakebazar[.]com/oens/oens[.]php hxxps://gloscotrust[.]com/lu/lu[.]php hxxps://carservice-kuw[.]com/mtei/mtei[.]php hxxps://sha-d[.]co[.]il/fai/fai[.]php hxxps://sakalerkagoj[.]com/cet/cet[.]php hxxps://topfarm[.]app/dr/dr[.]php hxxps://sportkhodro[.]com/iur/iur[.]php hxxps://tgmweb[.]ir/miaq/miaq[.]php hxxps://subvilla[.]ng/asc/asc[.]php hxxps://smesgroup[.]net[.]au/diid/diid[.]php hxxps://satsdubai[.]com/ga/ga[.]php hxxps://tenetmediacorp[.]com/inet/inet[.]php hxxps://thephoolmala[.]com/enst/enst[.]php hxxps://thevenusjewellers[.]com/uvt/uvt[.]php hxxps://tradicasa[.]fhs[.]cloud/alm/alm[.]php hxxps://vps[.]uoz[.]edu[.]krd/uea/uea[.]php hxxps://shipudeyben[.]co[.]il/nesq/nesq[.]php hxxps://teachme[.]ust[.]md/uta/uta[.]php hxxps://wearne[.]co[.]za/mt/mt[.]php hxxps://sindicato2tvn[.]cl/pse/pse[.]php hxxps://scmsgroup[.]org/ne/ne[.]php hxxps://xpressionsmcr[.]store/io/io[.]php hxxps://vipimnetz[.]com/uuto/uuto[.]php hxxps://siqcontrol[.]fhs[.]cloud/iou/iou[.]php hxxps://testing[.]uts[.]com[.]pk/ui/ui[.]php hxxps://ust[.]md/ta/ta[.]php hxxps://techmighty[.]studio/aum/aum[.]php hxxps://viralebu[.]com/ein/ein[.]php hxxps://zacuta[.]com/eupa/eupa[.]php hxxps://utsup[.]uts[.]com[.]pk/es/es[.]php hxxps://tawahi[.]host/ii/ii[.]php hxxps://tgimaps[.]com/stv/stv[.]php hxxps://xteemmedicalservices[.]com/oos/oos[.]php hxxps://saltnsalt360[.]com/aimd/aimd[.]php hxxps://vtutrade[.]com/sab/sab[.]php hxxps://wchatbot[.]live/mre/mre[.]php hxxps://fgcknaivashatown[.]org/naas/naas[.]php hxxps://goldsafeonline[.]com/uqni/uqni[.]php hxxps://iurisfin[.]fhs[.]cloud/luiu/luiu[.]php hxxps://lopezaragon[.]fhs[.]cloud/oe/oe[.]php hxxps://deltaedirectory[.]com[.]ng/tae/tae[.]php hxxps://gazeteturk[.]be/uip/uip[.]php hxxps://nationalsculpture[.]org/ab/ab[.]php hxxps://koalaklub[.]hu/ou/ou[.]php hxxps://jvesign[.]com/cac/cac[.]php hxxps://lignummedia[.]com/csd/csd[.]php hxxps://quemadores[.]mx/itr/itr[.]php hxxps://flashtech[.]co[.]ke/rec/rec[.]php hxxps://motakamel[.]net/abue/abue[.]php hxxps://refrisul[.]com/eurt/eurt[.]php hxxps://cscbvthidanad[.]org/peto/peto[.]php hxxps://rockwoodmachinery[.]com/sued/sued[.]php hxxps://fivestarspro[.]com/utcr/utcr[.]php hxxps://naija[.]top/eus/eus[.]php hxxps://ethio-health[.]com/aus/aus[.]php hxxps://danishlaptops[.]com/nr/nr[.]php hxxps://imovestsp[.]com[.]br/iamu/iamu[.]php hxxps://nacosfunaab[.]com[.]ng/te/te[.]php hxxps://mianoorengineering[.]com[.]pk/gm/gm[.]php hxxps://fitcontessa[.]co[.]za/ite/ite[.]php hxxps://livewatch[.]online/sn/sn[.]php hxxps://lilycourt[.]ng/erho/erho[.]php hxxps://iroidtechnologies[.]in/ta/ta[.]php hxxps://linalysis[.]net/ivea/ivea[.]php hxxps://gracepolytechnic[.]edu[.]ng/gts/gts[.]php hxxps://mamunkabir[.]com/tim/tim[.]php hxxps://drjerrie[.]com/oes/oes[.]php hxxps://rdazzle[.]co[.]za/tm/tm[.]php hxxps://mltbiz[.]com/mp/mp[.]php hxxps://oliv[.]tw/mot/mot[.]php hxxps://eduvodafrica[.]com/ac/ac[.]php hxxps://rar[.]ust[.]md/all/all[.]php hxxps://gloviewschool[.]online/gn/gn[.]php hxxps://ibime[.]edu[.]mx/ui/ui[.]php hxxps://labcom[.]com[.]mx/am/am[.]php hxxps://neopet[.]cl/lo/lo[.]php hxxps://pfc[.]ps/qp/qp[.]php hxxps://goonlineservice[.]com/re/re[.]php hxxps://coress[.]org[.]uk/qmme/qmme[.]php hxxps://k2office[.]com[.]au/sote/sote[.]php hxxps://joyceocommunity[.]org/teut/teut[.]php hxxps://inmobiliariachihuahua[.]com/idi/idi[.]php hxxps://escaperoom33[.]com/iemr/iemr[.]php hxxps://qaiserabbas[.]org/ause/ause[.]php hxxps://rajatraveltour[.]com[.]pk/tuft/tuft[.]php hxxps://explane[.]com[.]br/pu/pu[.]php hxxps://datastatresearch[.]org/li/li[.]php hxxps://ivobarbozaadv[.]com[.]br/snoi/snoi[.]php hxxps://ivobarboza[.]com[.]br/uot/uot[.]php hxxps://lafiacatholicdiocese[.]com/eas/eas[.]php hxxps://expresswave[.]delivery/ueaa/ueaa[.]php hxxps://hicosd[.]com/ttue/ttue[.]php hxxps://eskco-op[.]com[.]au/aiu/aiu[.]php hxxps://keewaycolombia[.]co/ecm/ecm[.]php hxxps://olympicenterprises[.]com[.]au/teus/teus[.]php hxxps://onecs[.]com[.]my/aade/aade[.]php hxxps://insutec[.]ao/lder/lder[.]php hxxps://revista[.]ust[.]md/sfci/sfci[.]php hxxps://crpao[.]ac[.]th/tre/tre[.]php hxxps://londonairportstransfer[.]co[.]uk/per/per[.]php hxxps://laboratoriocalcagno[.]com[.]ar/so/so[.]php hxxps://dev[.]njc[.]gov[.]ng/mis/mis[.]php hxxps://osec[.]ng/luu/luu[.]php hxxps://isbglobalminners[.]us/tpoi/tpoi[.]php hxxps://gynaeonline[.]com/num/num[.]php hxxps://faisalmovers[.]com/ld/ld[.]php hxxps://krankihouse[.]com/toe/toe[.]php hxxps://jellysystems[.]com/iid/iid[.]php hxxps://mercygilhorn[.]online/lo/lo[.]php hxxps://procurement[.]njc[.]gov[.]ng/eos/eos[.]php hxxps://heykemisola[.]ng/mss/mss[.]php hxxps://meeask[.]com/el/el[.]php hxxps://lotusmont[.]com/rtap/rtap[.]php hxxps://ketteringairportcab[.]co[.]uk/lt/lt[.]php hxxps://liceu[.]ust[.]md/nibi/nibi[.]php hxxps://ffbl[.]uts[.]com[.]pk/cmrs/cmrs[.]php hxxps://inetcomputers[.]ca/snoe/snoe[.]php hxxps://earningadvice[.]com/unsi/unsi[.]php hxxps://f2mdata[.]com/aier/aier[.]php hxxps://grandforthlawyers[.]com/oi/oi[.]php hxxps://marylouretton[.]com/af/af[.]php hxxps://negdar[.]dd[.]sa/nbas/nbas[.]php hxxps://mind[.]uts[.]com[.]pk/tnde/tnde[.]php hxxps://safes-endocrine[.]com/opu/opu[.]php hxxps://infoinsect[.]com/quir/quir[.]php hxxps://mnfs[.]uts[.]com[.]pk/ueem/ueem[.]php hxxps://edenbeachresorts[.]com/emro/emro[.]php hxxps://amlakgachsaran[.]com/qutm/qutm[.]php hxxp://sugarandteaweddings[.]com[.]au/bi/bi[.]php hxxps://bonanzafresh[.]com/li/li[.]php hxxp://biasharainfolink[.]com/ato/ato[.]php hxxps://beatmachineproductions[.]com/enuc/enuc[.]php hxxps://atamlbgchanger[.]net/esdt/esdt[.]php hxxp://simplyclean[.]com[.]br/itit/itit[.]php hxxp://pradorentacar[.]com[.]pe/mtq/mtq[.]php hxxp://evaluaciondgetichiapas2022[.]com[.]mx/msno/msno[.]php hxxp://carnovegan[.]de/tma/tma[.]php hxxps://bridgeeducation[.]in/igf/igf[.]php hxxps://actionhomerehab[.]com[.]au/snm/snm[.]php hxxps://bamboozimbabwe[.]org[.]zw/nui/nui[.]php hxxps://banglanetbd[.]com/li/li[.]php hxxps://7plus[.]world/oi/oi[.]php hxxps://apply[.]uts[.]com[.]pk/lnr/lnr[.]php hxxps://afrinzuri[.]com/eic/eic[.]php hxxps://baklavacimehmetusta[.]de/ouq/ouq[.]php hxxps://arcadiapousada[.]com[.]br/uaqi/uaqi[.]php hxxp://rajarbari[.]com/uai/uai[.]php hxxps://conas[.]uz/vsil/vsil[.]php hxxp://ensjsi[.]dz/tiq/tiq[.]php hxxp://sanjesolutions[.]com/ml/ml[.]php hxxps://calyxtech[.]net/tsed/tsed[.]php hxxps://cancerbhagao[.]org/tte/tte[.]php hxxps://allopays[.]com[.]br/sdl/sdl[.]php hxxp://heavyranker[.]com/ulu/ulu[.]php hxxp://canmuhendislikinsaat[.]com/mia/mia[.]php hxxps://codetones[.]com/rxi/rxi[.]php hxxp://quinexus[.]mx/sqe/sqe[.]php hxxps://benigletechnologies[.]com/aip/aip[.]php hxxps://allstargroupinc[.]com/ribs/ribs[.]php hxxps://bodybuildingsupplementzone[.]com/mu/mu[.]php hxxp://sarswatisansthan[.]com/utrs/utrs[.]php hxxp://abhishekmeena[.]in/ducs/ducs[.]php hxxp://globalsoulconnexion[.]com/taq/taq[.]php hxxp://19dm82[.]info/outs/outs[.]php hxxp://kggmk[.]org/sq/sq[.]php hxxp://smsbuzzbd[.]com/isut/isut[.]php hxxp://121directmarketing[.]com/tlc/tlc[.]php hxxp://sexyrosa[.]com[.]mx/mee/mee[.]php |
QakBot |
| URL | hxxp://185[.]66[.]91[.]157/Business/Ransomware[.]exe hxxp://185[.]66[.]91[.]157/Business/Stealer[.]exe |
Eternity |
| URL | hxxps://qirrl[.]cloudid[.]teacherhamish[.]com/gotoCheckout | FAKEUPDATES |
| URL | hxxp://bearingbuddy[.]com/default[.]php hxxp://weddingperfetto[.]com/default[.]php?TgZyGg8pvXHPyfiUvqS154pOAyBRdYUl hxxp://alltipsland[.]com/default[.]php?l1Hd2wYGiSKUMArzvsnfTp2WKVCtArm7WNiz hxxp://bearingbuddy[.]com/default[.]php?bKDxsu8Wn8eBuP8KhWhFBb9dBngm69OI5q5 |
Pony |
| URL | hxxp://146[.]0[.]36[.]62/Demon[.]sh4 hxxp://146[.]0[.]36[.]62/Demon[.]x86 hxxp://146[.]0[.]36[.]62/Demon[.]sparc hxxp://146[.]0[.]36[.]62/Demon[.]mips hxxp://146[.]0[.]36[.]62/Demon[.]ppc hxxp://146[.]0[.]36[.]62/Demon[.]mpsl hxxp://146[.]0[.]36[.]62/Demon[.]i586 hxxp://146[.]0[.]36[.]62/Demon[.]m68k hxxp://146[.]0[.]36[.]62/Demon[.]i686 hxxp://146[.]0[.]36[.]62/Demon[.]arm6 |
Bashlite |
