不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2023/12/22
※2023/12/22 更新
マルウェア感染させると考えられるURLを検知(2023/12/22)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxps://zateghar[.]com/build_2023-12-19_21-29[.]exe hxxps://zateghar[.]com/againn[.]exe hxxps://zateghar[.]com/crypted[.]exe hxxp://olivehr[.]co[.]za/v1220-55000[.]exe |
RedLine Stealer |
| URL | hxxp://bombertublestylebanws[.]fun/api hxxp://creepfleetconfusew[.]fun/api |
Lumma Stealer |
| URL | hxxp://962855cm[.]nyashtech[.]top/DatalifeTemp[.]php hxxp://82[.]146[.]37[.]188/Cdnmulti/linepollsqldlecdn[.]php hxxp://78[.]24[.]217[.]54/CentralcentralRequest/4Eternal/LongpollImage4/31temp/3/Pipe/pollPublic/providertrafficLinux/requestVoiddb1bigload/Image9ExternalVideo/public/VideoDle0/Server5Dleflower/Flower2/Asynchttpauth/Wordpress2Multi/Process/pythonprocessdbflowergeneratortemporary[.]php |
DCRat |
| URL | hxxps://nmtu[.]settings[.]oysterfloats[.]org/editContent hxxps://qej[.]settings[.]oysterfloats[.]org/editContent hxxps://lfr[.]settings[.]oysterfloats[.]org/editContent hxxps://bbmr[.]settings[.]oysterfloats[.]org/editContent |
FAKEUPDATES |
| URL | hxxp://185[.]172[.]128[.]32/ma[.]exe | Coinminer |
| URL | hxxps://zx[.]regsvcast[.]com/hr hxxps://as[.]regsvcast[.]com/hr hxxps://qw[.]regsvcast[.]com/hr hxxp://103[.]164[.]49[.]148/g[.]pixel hxxps://138[.]197[.]178[.]187/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxps://service-lqsfxdz9-1307700818[.]sh[.]tencentapigw[.]com/geqeqwea[.]js hxxps://82[.]157[.]78[.]234/updates[.]rss hxxp://213[.]109[.]202[.]219/ca hxxp://1[.]15[.]189[.]30/__utm[.]gif hxxp://111[.]229[.]163[.]225/pixel[.]gif hxxp://85[.]209[.]11[.]236/broadcast hxxp://115[.]159[.]112[.]155/dpixel hxxp://164[.]155[.]212[.]249:8087/jquery-3[.]3[.]1[.]min[.]js hxxp://8[.]140[.]147[.]193/IE9CompatViewList[.]xml hxxp://91[.]92[.]252[.]228/VLeNAth hxxp://165[.]3[.]113[.]96/jquery-3[.]3[.]1[.]min[.]js hxxp://45[.]136[.]14[.]51/activity hxxp://8[.]141[.]13[.]130:8001/system/role/list hxxp://47[.]109[.]102[.]98/match hxxps://cdn-014[.]epsonupdate[.]uk/j[.]ad |
Cobalt Strike |
| URL | hxxps://gofly[.]id/P9g/0[.]9681228263349928[.]dat hxxps://israrliaqat[.]com/6wX4/0[.]844468240812589[.]dat hxxps://holyrosaryinternational[.]com/N1H3/0[.]5119460133828262[.]dat hxxps://paldiengineering[.]com/8WjmD9n/0[.]5687043298865158[.]dat hxxps://grehlingerssealcoating[.]com/3hidbt/0[.]6552612703498036[.]dat hxxps://saeedalkarmi[.]com/aT2ja9/0[.]6508004520633979[.]dat hxxps://tecruxglobal[.]com/rln6/ hxxps://progusto[.]ro/fio/ hxxps://pregnantdogandcatrescue[.]com/bfi/ hxxps://rottingertamiri[.]com/zpn/ hxxps://omertgroup[.]com/pyse/ hxxps://coopec-2sftogo[.]com/gsoc/ hxxps://artstardesign[.]com[.]my/vdomh/ hxxps://greenlane[.]co[.]za/ixrv/ hxxps://konyaikincielesya[.]com/hzdq/ hxxps://lpggaztankeri[.]com[.]tr/l46cs/ hxxps://konyapelet[.]com[.]tr/ihp/ hxxps://mittaa[.]com/bc2o/ hxxps://scgroupsrl[.]com/t2t45/ hxxps://ozkarahafriyat[.]com/ntll/ hxxps://libbobur[.]uz/4g5/ hxxps://yaykon[.]com[.]tr/7zef6/ hxxps://masinak[.]hu/srf/ hxxps://blueberry-tech[.]com/ajl/ hxxps://imperialsociety[.]co[.]ke/9ny/ hxxps://rebanagresik[.]com/tshr/ hxxps://strategyadvantedge[.]info/byhy/ hxxps://alyzsports[.]com/sknw/ hxxps://dentarayclinic[.]com/kkmj/ hxxps://dadpomsondaj[.]com/fye/ hxxps://kadmos[.]com[.]ng/toek/ hxxps://ams[.]cci[.]edu[.]pk/mlal/ hxxps://shaffaf[.]pk/kew/ hxxps://ligadoaraguaia[.]com[.]br/jvk/ hxxps://1st[.]ge/nohh0/ hxxps://fencingequipmentepee[.]com/9lfub/ hxxps://medisupplywarehouse[.]com/44bt1/ hxxps://jestusweldingschool[.]com/7azv/ hxxps://benderhidrolik[.]com/puh/ hxxps://teknokarsogutma[.]com/4gba4/ hxxps://pardoselprado[.]com/jb7/ hxxps://creditcareph[.]com/qdc/ hxxps://mymetaldekorasyon[.]com/kze/ hxxps://directradio[.]ml/4ln/ hxxps://lmkconsulting[.]co[.]za/8vqqa/ hxxps://snapify[.]space/6je/ hxxps://smprintingca[.]com/83t/ hxxps://jambudwipa[.]in/wlc/ hxxps://bigexcomputers[.]com/rml9x/ hxxps://jntuned[.]cl/ebme/ hxxps://budaktur[.]com/ood/ hxxps://quraninsoul[.]com/cyhmo/ hxxps://amanispa[.]co[.]ke/7ygqb/ hxxps://leadguru[.]ma/hf5f/ hxxps://dksi[.]co[.]id/izc2/ hxxps://orana[.]ca/xt7k/ hxxps://annisatransportjogja[.]com/c7j/ hxxps://vatra-satului[.]ro/wab/ hxxps://etharrelief[.]org/hdo/ hxxps://arcconstructora[.]cl/fhqo/ hxxps://robotkar[.]ir/1odop/ hxxps://lucknowcakes[.]in/lf8/ hxxps://sharifiandigital[.]com/xooey/ hxxps://shzuni[.]com/wbad/ hxxps://eldoacademy[.]ir/rihww/ hxxps://bigtopsolos[.]com/yihsw/ hxxps://moe-edugm[.]my/moa/ hxxps://prolimpe[.]com/xlwvc/ hxxps://pv-ic[.]com/vfgzb/ hxxps://jorgechavezimagenes[.]com/apf/ hxxps://raeecolombianet[.]com[.]co/zogo/ hxxps://lelivrepourarreterdefumer[.]com/b8cqs/ hxxps://wycieczkihurghadaimarsaalam[.]com/ozg/ hxxps://lightdigital-consult[.]cd/svs/ hxxps://inmobiliariasolucionurbana[.]com/azk/ hxxps://khanlab[.]pk/kwg/ hxxps://mindspacesolution[.]in/vnnj/ hxxps://colegioparroquialaconsolata[.]edu[.]co/tmcd6/ hxxps://denisspedition[.]ro/ogzn/ hxxps://media-business-phone[.]com/ydcn/ hxxps://kalkandigital[.]com/zt9m/ hxxps://tosundokum[.]com/vnaf/ hxxps://bursasineklikcambalkon[.]gen[.]tr/ebfp/ hxxps://fevzicoskun[.]com/fivv/ hxxps://konyayasarvinc[.]com/oih8/ hxxps://konyaotogaz[.]com/xwt0/ hxxps://karelotocam[.]com[.]tr/hdr/ hxxps://inanyazilim[.]com[.]tr/bajq/ hxxps://firatitfaiye[.]com[.]tr/jfmj/ hxxps://avcreklam[.]com/mb9/ hxxps://konyacelikcati[.]com/9qcv/ hxxps://konyapvckapipenceretamiri[.]com/11qy/ hxxps://baytarim[.]com/rm2mz/ hxxps://somoyerkagoj[.]com/cei68/ hxxps://ingasbesto[.]cl/xjxx/ hxxps://crowbar[.]com[.]sg/kcs68/ hxxps://ultrastei[.]ro/vcd/ hxxps://pcmgkb[.]my[.]id/nola/ hxxps://polkcountydumpsterrentals[.]com/gtl/ hxxps://serspizza[.]com/2vru/ hxxps://entersa[.]pl/dwc/ hxxps://arkinfonet[.]com/zbm/ hxxps://elkomyfish[.]com/6xm/ hxxps://kaytkaytv[.]com/5et/ hxxps://esi-engineeringcompany[.]com/ww38r/ hxxps://marvelsports-intl[.]com/kor8/ hxxps://stemimpactcenterkenya[.]org/eb2/ hxxps://lunarchemplast[.]com/eiyaj/ hxxps://zackscrm[.]com/k3msk/ hxxps://pcce[.]eu/kg2z/ hxxps://goforbroke[.]org/wsk0/ hxxps://erkascozgu[.]com/qds/ hxxps://agencymediasosial[.]com/to2mu/ hxxps://danaedu[.]my[.]id/aphu1/ hxxps://erslaneng[.]com/dyg/ hxxps://gstechnique[.]com/t9i4d/ hxxps://spitalcfpascani[.]ro/w4h5q/ hxxps://tafsirerp[.]com/w0sav/ hxxps://outdoorsolargrill[.]com/vqb/ hxxps://beautyaromas[.]com/migg2/ hxxps://kataeno[.]com/y9oqn/ hxxps://aahypnosis[.]com[.]au/a2noy/ hxxps://ghchalifax[.]ca/eaq/ hxxps://sports-windows[.]com/aqbo/ hxxps://servipolares[.]com/a8n1u/ hxxps://taijimenusa[.]org/hzdhj/ hxxps://atechairsystems[.]ca/pvlrz/ hxxps://kenal[.]link/jrp/ hxxps://mskonferanskoltugu[.]com/swlp/ hxxps://publivolumetricos[.]com/1pfa/ hxxps://petrolabindo[.]co[.]id/fb2/ hxxps://arquitectosdca[.]com/1x2w/ hxxps://puffarena[.]com/lhgb/ hxxps://claudiosanchez[.]cl/nrldl/ hxxps://aldynetworks[.]com/54u/ hxxps://starphonefix[.]com/qrjpq/ hxxps://opticienregard[.]com/tdln/ hxxps://bprpekanbaru[.]co[.]id/bqt/ hxxps://sifpos[.]com/arf/ hxxps://careercompanion[.]au/anqv/ hxxps://jeakimphotography[.]co/xwa/ hxxps://milleniumtelecomservice[.]com/sr1m/ hxxps://crafteon[.]xyz/sj7/ hxxps://insidemoringa[.]com/jsv/ hxxps://gardencityraiders[.]com/ncsr/ hxxps://uzfix[.]com/rgho/ hxxps://procretestructures[.]co[.]ke/5f8v7/ hxxps://gfnpssijmr[.]com/p6xqj/ hxxps://sfashion[.]com[.]mx/ikm8/ hxxps://enicon[.]mx/1qa/ hxxps://lebens-elemente[.]com/mmhg/ hxxps://articlecontentplanet[.]com/rkbj/ hxxps://ielsupport[.]com/exat/ hxxps://sarkerrentacar[.]com/f0plm/ hxxps://towardsbrilliance[.]com/ah1/ hxxps://kaakkai[.]in/hdjuf/ hxxps://tdemperu[.]com/1hj0/ hxxps://cedixperu[.]com/plj/ hxxps://eventstime[.]sa/on1o/ hxxps://kilicogludovme[.]com/1qz7/ hxxps://virallagency[.]com/4yvgi/ hxxps://jayabhushanagroindustries[.]com/sqj/ hxxps://dr-tamar[.]pro/zayl/ hxxps://novedadesyartesaniaslupita[.]com/rvug/ hxxps://oralemexicanrestaurant[.]com/qshv/ hxxps://nadhariclinic[.]co[.]ke/moegv/ hxxps://vanshikaautomobiles[.]com/9hud/ hxxps://duolighting[.]co/clez/ hxxps://aaronkaleeba[.]com/zajo8/ hxxps://anatex[.]md/xnvu/ hxxps://misfena[.]ro/tbsvc/ hxxps://dimelabs[.]io/bwnn/ |
Pikabot |
| URL | hxxp://zen[.]topteamlife[.]com/order/adobe[.]exe | Socks5 Systemz |
| URL | hxxp://62[.]84[.]96[.]105/brg[.]exe hxxp://85[.]209[.]11[.]204/api/files/software/ww[.]exe |
Rhadamanthys |
| URL | hxxps://tempfiles[.]ninja/d/gTSWkp9SRrs9cIbE/ShE8qQv970pdsiQkvoCPdggJI3RnzXRX hxxps://tempfiles[.]ninja/d/yHxZE00hSrG0sxXj/xfJfMMbKwICYaP3TbXXetewac9FGbtvu hxxp://moscow-post[.]ru/blogggg/blogger[.]php |
Mars Stealer |
| URL | hxxps://vptriathlon[.]com/mail/Heidi_na[.]txt | AsyncRAT |
| URL | hxxp://emgvod[.]com/emd/index[.]php hxxp://5[.]42[.]65[.]125/forrock[.]exe |
Amadey |
| URL | hxxp://109[.]107[.]182[.]3/hugo/rest[.]exe | RisePro |
| URL | hxxp://193[.]3[.]19[.]247/sl[.]exe hxxp://193[.]3[.]19[.]247/pl[.]exe |
Phorpiex |
| URL | hxxps://discord[.]com/api/webhooks/1186834019627827270/y0S-n-hBE1jR15tIr1j1sESR1UsUyFoPzm0ZqLatEGGEP8xXdU9hk3RwMYMEZqV8QFo2 | Agent Tesla |
| URL | hxxp://103[.]114[.]107[.]28/l3131/ hxxp://103[.]114[.]107[.]28/l32/ hxxp://103[.]114[.]107[.]28/l33/ hxxp://103[.]114[.]107[.]28/l34/ hxxp://103[.]114[.]107[.]28/l35/ hxxp://103[.]114[.]107[.]28/l36/ hxxp://103[.]114[.]107[.]28/l38/ hxxp://103[.]114[.]107[.]28/l37/ hxxp://103[.]114[.]107[.]28/l39/ hxxp://103[.]114[.]107[.]28/l404/ hxxp://103[.]114[.]107[.]28/l4040/ hxxp://103[.]114[.]107[.]28/l606/ hxxp://2[.]56[.]57[.]108/osk/ hxxp://103[.]114[.]107[.]28/l808/ hxxp://2[.]56[.]59[.]226/www/ hxxp://37[.]0[.]11[.]237/nn/ hxxp://64[.]188[.]21[.]227/x/ hxxp://adwa2tv[.]com/new/ hxxp://aegismd[.]ca/cgi/ hxxp://de4mon-p4nel[.]site/oski/ hxxp://elsantos[.]co/sa/ hxxp://gilvantur[.]com/site/bot/ hxxp://ipc-nena[.]net/oski/ hxxp://soitaab[.]co/make/ hxxp://trafficbadassery[.]com/a/ hxxp://tunqyuindia[.]com/mar3/ hxxp://marbellacabs[.]com/hao/ hxxp://mcharglaw[.]com/cgi/ hxxp://mmcjo[.]com/crown/ hxxp://no1geekfun[.]com/surce/a/ hxxp://pplonline[.]org/Cgi/ hxxp://rgjeweller[.]mu/oski/ hxxp://smarteyecare[.]in/assets/fonts/static/ hxxp://103[.]114[.]107[.]28/l3030/ hxxp://103[.]114[.]107[.]28/l27/ hxxp://103[.]114[.]107[.]28/l2828/ hxxp://103[.]114[.]107[.]28/l29/ hxxp://103[.]114[.]107[.]28/l25/ hxxp://103[.]114[.]107[.]28/l2626/ hxxp://103[.]114[.]107[.]28/l2323/ hxxp://103[.]114[.]107[.]28/l24/ hxxp://103[.]114[.]107[.]28/l2121/ hxxp://103[.]114[.]107[.]28/l22/ hxxp://103[.]114[.]107[.]28/l1919/ hxxp://103[.]114[.]107[.]28/l1414/ hxxp://103[.]114[.]107[.]28/l1616/ hxxp://103[.]114[.]107[.]28/l1212/ hxxp://103[.]114[.]107[.]28/l1010/ hxxp://web24host[.]com/a/a/www/ hxxp://zenginler[.]online/oski/ |
Oski Stealer |
| URL | hxxps://194[.]26[.]135[.]67/MTQ4MmUxODBhMTVi/ | Coper |
| URL | hxxp://195[.]20[.]16[.]45/api/firegate[.]php hxxp://195[.]20[.]16[.]45/api/firepro[.]php |
PrivateLoader |
| URL | hxxp://146[.]19[.]191[.]205/sparc hxxp://146[.]19[.]191[.]205/armv4l hxxp://146[.]19[.]191[.]205/x86 hxxp://146[.]19[.]191[.]205/i586 hxxp://146[.]19[.]191[.]205/i686 hxxp://146[.]19[.]191[.]205/armv5l hxxp://146[.]19[.]191[.]205/powerpc hxxp://146[.]19[.]191[.]205/mipsel hxxp://146[.]19[.]191[.]205/armv6l hxxp://146[.]19[.]191[.]205/mips hxxp://103[.]116[.]52[.]127/I686 hxxp://103[.]116[.]52[.]127/I586 hxxp://146[.]19[.]191[.]205/sh4 hxxp://103[.]116[.]52[.]127/SPARC hxxp://103[.]116[.]52[.]127/ARMV5L hxxp://103[.]116[.]52[.]127/ARMV4L |
Bashlite |
| URL | hxxp://185[.]196[.]8[.]248/frreebeeie[.]exe | PureCrypter |
| URL | hxxp://brusuax[.]com/dl/build2[.]exe | Vidar |
