不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2023/12/14
※2023/12/14 更新
マルウェア感染させると考えられるURLを検知(2023/12/14)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxps://santerra[.]com[.]co/ast/ hxxps://gate[.]lsn[.]edu[.]dz/mo/ hxxps://jibranenterprises[.]com/esma/ hxxps://bursalambiri[.]com/ofan/ hxxps://curtainsblindsdesign[.]com[.]au/ruo/ hxxps://centralfinance[.]com[.]np/oa/ hxxps://carinhosomotel[.]com[.]br/siau/ hxxps://omal[.]in/iut/ hxxps://livework[.]in/eell/ hxxps://ratteb[.]com/muae/ hxxps://sattakingsss[.]in/at/ hxxps://fpno[.]edu[.]ng/iem/ hxxps://joyuksel[.]com/gna/ hxxps://muilee[.]com[.]my/sir/ hxxps://souq-alshashat[.]com/sia/ hxxps://fitnessholicgym[.]com/lp/ hxxps://educa[.]org[.]do/uoi/ hxxps://ucce[.]com[.]mx/io/ hxxps://topteam[.]fr/xno/ hxxps://youthclimatecouncil[.]com/na/ hxxps://parves[.]xyz/vm/ hxxps://limperus[.]com/7AhkO/0[.]9546116100800489[.]dat hxxps://fertelion[.]com/mWF/0[.]26620849638416144[.]dat hxxps://orionparti[.]com/QX6Lr/0[.]2327589069778651[.]dat hxxps://time-uniform[.]com/rme/ hxxps://avakentechnologies[.]com/aop/ hxxps://agentleadgenesis[.]com/imie/ hxxps://hogarentainversiones[.]com/smie/ hxxps://stsbd[.]org/ls/ hxxps://visionaries21st[.]com/npio/ hxxps://networthwhistler[.]com[.]ng/iic/ hxxps://livework[.]in/sse/ hxxps://silulo[.]com/orrr/ hxxps://infaccocr[.]com/ae/ hxxps://fitnessholicgym[.]com/nes/ hxxps://hamrahansystem[.]com/onmi/ hxxps://prosoltec[.]cl/mra/ hxxps://tacticalarms[.]com[.]pk/ev/ hxxps://opal[.]rw/sco/ hxxps://outsotec[.]com/taee/ hxxps://fpno[.]edu[.]ng/nnam/ hxxps://midad-adv[.]com/ei/ hxxps://indmed[.]in/let/ hxxps://mysammdedicated[.]com/teie/ hxxps://myekisan[.]com/uods/ hxxps://sattamatkago[.]in/nurc/ hxxps://luziania[.]go[.]gov[.]br/nim/ hxxps://priorityhomewarranty[.]com/teu/ hxxps://gate[.]lsn[.]edu[.]dz/aau/ hxxps://safaservices[.]com[.]sa/ise/ hxxps://salemgroups[.]com/um/ hxxps://mitostour[.]com/rx/ hxxps://usa-puravive-official[.]com/usit/ hxxps://shoepalacebd[.]com/ui/ hxxps://intenseedu[.]com/esus/ hxxps://socialnap[.]com/unaq/ hxxps://saudesomnis[.]com[.]br/soep/ hxxps://iskillsjr[.]com/otio/ hxxps://silverzone[.]pk/suue/ hxxps://ratteb[.]com/fneo/ hxxps://perdana[.]com[.]my/tu/ hxxps://h-i[.]mx/au/ hxxps://mini-apk[.]com/lt/ hxxps://metrofood[.]mk/tq/ hxxps://skcapitalguru[.]com/dol/ hxxps://tecnowaresolutions[.]com/mr/ hxxps://pcfa[.]org[.]my/dia/ hxxps://limpromex[.]com/esci/ hxxps://quintadospinheirais[.]pt/nve/ hxxps://gordaleteymanzanilla[.]es/iqem/ hxxps://expaceos[.]com/eag/ hxxps://ucce[.]com[.]mx/leo/ hxxps://polarizadosdecasas[.]com[.]ar/untm/ hxxps://igpmanzanillaygordaldesevilla[.]org/ea/ hxxps://sabor-redondo[.]es/mtuu/ hxxps://esthevaskin[.]com[.]np/ro/ hxxps://epsol[.]cl/sitm/ hxxps://eighttimeseight[.]com/nisr/ hxxps://elite-security[.]uk/ro/ hxxps://centralfinance[.]com[.]np/tesa/ hxxps://buildrs[.]com/aa/ hxxps://demo[.]tcc[.]sa/enti/ hxxps://curtainsblindsdesign[.]com[.]au/is/ hxxps://carinhosomotel[.]com[.]br/csq/ hxxps://crosspointeada[.]com/rsel/ hxxps://businesscest[.]com[.]ng/re/ hxxps://casadelteatro[.]org[.]co/ioti/ hxxps://c-pathways[.]com/ro/ hxxps://bigbuzzfact[.]in/ilu/ hxxps://aalamilk[.]com/na/ hxxps://arbatours[.]pk/rpn/ hxxps://asiatriathloncup[.]com/tinr/ hxxps://behrangmusic[.]com/si/ hxxps://bringlst[.]com/tism/ hxxps://bixellentgreen[.]com/it/ hxxps://books[.]ttc[.]edu[.]sg/tl/ hxxps://bajaurtimes[.]com/etfv/ hxxps://arxeologiya[.]az/apit/ hxxps://agitel-formation[.]net/nore/ hxxps://nonegar2[.]ir/tiut/077uWdcpcBopYQAqlRtNLDGRIRqbzUTfikQbgwKLxlyXmMhxixvQtkLBrqrPPAZRDxwPOPwgvfNZNJPMQASTo hxxps://abeseguros[.]com/lli/?1uBL |
Pikabot |
| URL | hxxp://199618cl[.]nyashtop[.]top/eternalimageCpugeneratorwordpress[.]php | DCRat |
| URL | hxxps://calzadosiris[.]com/temp/EngineWebViewModule[.]zip hxxps://chapasanpedro[.]com/temp/ChromiumModule[.]zip |
FakeUpdateRU |
| URL | hxxp://jazoopsloo[.]info/k92lsA3dpb/Login[.]php hxxp://172[.]86[.]75[.]98/kkshooterinstall[.]exe |
Amadey |
| URL | hxxp://24[.]144[.]70[.]95/file[.]exe hxxp://droppicches[.]xyz/c2conf hxxp://skipflowposses[.]pw/api hxxp://24[.]144[.]70[.]95/int[.]exe hxxp://suburbmeetabuseowp[.]pw/api hxxp://spontaneouslightss[.]fun/api hxxp://cinemaretailermkw[.]fun/api hxxp://piggepawneillusio[.]pw/api |
Lumma Stealer |
| URL | hxxps://120[.]240[.]66[.]16/jquery-3[.]3[.]1[.]min[.]js hxxps://220[.]181[.]164[.]252/jquery-3[.]3[.]1[.]min[.]js hxxps://124[.]227[.]184[.]117/jquery-3[.]3[.]1[.]min[.]js hxxps://112[.]48[.]167[.]168/jquery-3[.]3[.]1[.]min[.]js hxxps://220[.]181[.]164[.]249/jquery-3[.]3[.]1[.]min[.]js hxxps://61[.]241[.]151[.]66/jquery-3[.]3[.]1[.]min[.]js hxxps://182[.]242[.]63[.]224/jquery-3[.]3[.]1[.]min[.]js hxxp://47[.]109[.]56[.]200:45535/jquery-3[.]3[.]1[.]min[.]js hxxps://api[.]speech-microsoft[.]com/c/msdownload/update/others/2017/12/29132a9e7a0e9a9e2 hxxps://43[.]138[.]249[.]231/jquery-3[.]3[.]1[.]min[.]js hxxp://47[.]120[.]37[.]45/j[.]ad hxxp://182[.]92[.]102[.]71:6666/pixel[.]gif hxxp://104[.]131[.]3[.]4:8081/cm hxxp://159[.]75[.]104[.]157:8081/api/3 hxxp://8[.]134[.]36[.]228/ga[.]js hxxp://1[.]14[.]205[.]73/api/getit hxxp://107[.]174[.]186[.]194:9000/load hxxp://34[.]92[.]85[.]53:6633/__utm[.]gif hxxp://39[.]96[.]85[.]37:9000/match hxxp://68[.]183[.]68[.]212:8080/owa/ hxxp://124[.]220[.]28[.]253:8080/activity hxxps://www[.]goodljlagfhss[.]live/owa/ hxxp://123[.]56[.]194[.]52/j[.]ad hxxp://45[.]134[.]225[.]243:81/en_US/all[.]js hxxp://45[.]134[.]225[.]243/j[.]ad hxxps://47[.]109[.]102[.]98/cx hxxp://8[.]131[.]118[.]10/cx hxxp://101[.]43[.]109[.]197/ga[.]js hxxp://188[.]121[.]110[.]191/pixel hxxp://43[.]134[.]57[.]109/ptj hxxp://147[.]78[.]47[.]183:82/IE9CompatViewList[.]xml hxxp://120[.]53[.]104[.]31/activity hxxp://47[.]109[.]102[.]98:81/ptj hxxp://147[.]78[.]47[.]183:81/ga[.]js |
Cobalt Strike |
| URL | hxxps://api[.]telegram[.]org/bot6951347694:AAFNQsyUSI3cANPz4_GPvhuwkgXsMAsB41o/ hxxp://91[.]92[.]240[.]244/obinna[.]exe hxxp://172[.]82[.]128[.]201/microsoftreallyunderstandhowimportantfortodeletethehistoryfromthepc[.]Doc hxxp://172[.]82[.]128[.]201/5XeBRBxQGhytJ4j[.]exe hxxp://172[.]245[.]208[.]4/2116/wlanext[.]exe hxxp://91[.]92[.]253[.]11/microsoftstronglybelieveneedtodeletecachehistoryeverythingfromthepc[.]Doc hxxp://91[.]92[.]253[.]11/4332224222Hta%20File[.]hta hxxp://sagheur[.]top/neuvo/abux[.]exe hxxps://api[.]telegram[.]org/bot6336395090:AAGlS3Upwr7T6JbViy13mpkETSIn7zCu3dE/ hxxps://discord[.]com/api/webhooks/1183509273381187754/spQuuhuOkYp3-5OPsBoxI7A7FzonU9CmSnyRh10zXV0c3mmzRTdog6YNZzyPxnXyGgeL |
Agent Tesla |
| URL | hxxp://91[.]239[.]148[.]93/HoldV[.]exe hxxp://121[.]190[.]90[.]250:8081/js/45[.]640[.]txt hxxp://121[.]190[.]90[.]250:8081/js/45[.]647[.]txt |
Coinminer |
| URL | hxxp://107[.]150[.]18[.]214/ljwmt236[.]bin hxxp://185[.]255[.]114[.]18/yQuoxuvoBlXTBjxwStJ159[.]bin hxxp://185[.]255[.]114[.]18/YhdltNW64[.]bin hxxp://185[.]255[.]114[.]18/vYYJroeweoHuvNYlO133[.]bin hxxp://micapublicitatesatumare[.]ro/GEN[.]bin hxxp://micapublicitatesatumare[.]ro/ro[.]bin hxxp://micapublicitatesatumare[.]ro/ee[.]bin hxxp://micapublicitatesatumare[.]ro/SPA[.]bin hxxp://proecologicsistem[.]com/des[.]bin |
CloudEyE |
| URL | hxxp://investor[.]entracollc[.]top/_errorpages/investor/five/fre[.]php | LokiBot |
| URL | hxxps://nac-ecs[.]co[.]mz/onedrive/ORDER-231211[.]Xls[.]js hxxps://nac-ecs[.]co[.]mz/onedrive/wp[.]vbs |
WSHRAT |
| URL | hxxps://api[.]telegram[.]org/bot6107929879:AAHV6JwXs7rcYzMGLe3_opR5_gdKAC16Ye4/sendMessage?chat_id=6311012313 | DarkCloud |
| URL | hxxps://balkarsoftware[.]cubistech[.]com/public/build/important/DEC-872667-2023[.]zip hxxp://cdn3-adb1[.]online/abdwufkw/modules/cleanhelper[.]png hxxp://cdn3-adb1[.]online/abdwufkw/modules/legacy_l1[.]png hxxp://cdn3-adb1[.]online/abdwufkw/modules/runsysclean[.]png hxxp://5[.]181[.]156[.]243/Downloads/11[.]url hxxp://5[.]181[.]156[.]243/Downloads/filactery[.]zip hxxp://cdn3-adb1[.]ru/abdwufkw/modules/cleanhelper[.]png hxxp://cdn3-adb1[.]ru/abdwufkw/modules/runsysclean[.]png hxxp://cdn3-adb1[.]com/abdwufkw/modules/cleanhelper[.]png hxxp://cdn3-adb1[.]com/abdwufkw/modules/runsysclean[.]png hxxp://cdn3-adb1[.]ru/abdwufkw/modules/legacy_l1[.]png hxxp://cdn3-adb1[.]com/abdwufkw/modules/legacy_l1[.]png |
DarkGate |
| URL | hxxps://uumu[.]fi/blog[.]php hxxps://vente-outillages[.]com/blog[.]php hxxps://vaqutauxfamily-fanclub[.]com/blog[.]php hxxps://vilmas[.]digital-brands[.]de/blog[.]php hxxps://vicantres[.]com/blog[.]php hxxps://villadsen4x4[.]dk/blog[.]php hxxps://vancleefinc[.]com/blog[.]php hxxps://vietsportscience[.]com/blog[.]php hxxps://viewcast[.]tv/blog[.]php hxxps://urbedu[.]live/blog[.]php hxxps://vogelhaus-gestaltung[.]de/blog[.]php hxxps://volleytip[.]com/blog[.]php hxxps://volleyball-muenchen[.]de/blog[.]php hxxps://volltrendyfashion[.]de/blog[.]php hxxps://voxpublica[.]no/blog[.]php |
GootLoader |
| URL | hxxp://89[.]23[.]98[.]92/file4/pdf[.]exe hxxp://193[.]233[.]132[.]59/BEST-13-12-2023v1[.]exe |
RedLine Stealer |
| URL | hxxps://91[.]92[.]242[.]222/Nzg1YTc1N2RlNWQ4/ hxxps://azadkasilasaucunbra[.]net/Nzg1YTc1N2RlNWQ4/ hxxps://azadkasilasaucunbra[.]com/Nzg1YTc1N2RlNWQ4/ hxxps://azadkasilasaucunbra[.]xyz/Nzg1YTc1N2RlNWQ4/ hxxps://azadkasilasaucunbra[.]site/Nzg1YTc1N2RlNWQ4/ |
Coper |
| URL | hxxps://konr[.]settings[.]oysterfloats[.]org/editContent hxxps://axe[.]settings[.]oysterfloats[.]org/editContent hxxps://vbdm[.]settings[.]oysterfloats[.]org/editContent |
FAKEUPDATES |
