不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様2社 -
2024/02/22
※2024/02/22 更新
マルウェア感染させると考えられるURLを検知(2024/02/22)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxps://skv[.]members[.]openarmscv[.]com/editContent hxxps://ccsfc[.]members[.]openarmscv[.]com/editContent hxxps://ccmk[.]members[.]openarmscv[.]com/editContent hxxps://gzj[.]members[.]openarmscv[.]com/editContent hxxp://posiit[.]com/get_file hxxp://peeriosity[.]com/shared-services/j[.]js? hxxp://posiit[.]com/cookies hxxp://soundsend[.]com/traffic?uuid= hxxp://chrome[.]freegeneratorai[.]com/intl/en/chrome/next-steps[.]html hxxp://phpsearch[.]com/api/get_file_drop?offer=Chrome hxxp://student-voice[.]com/api/set_v_2_new_uuid hxxp://soundsend[.]com/?offer=Chrome hxxps://mjxef[.]members[.]openarmscv[.]com/editContent hxxps://wwk[.]members[.]openarmscv[.]com/editContent hxxps://ads-quantum[.]com/cdn-vs/cache[.]php hxxps://ads-quantum[.]com/cache/ezrgqnaww[.]php hxxps://zej[.]members[.]openarmscv[.]com/editContent hxxps://aphqj[.]members[.]openarmscv[.]com/editContent |
FAKEUPDATES |
| URL | hxxp://185[.]91[.]127[.]233/m-6[.]8-k[.]SNOOPY hxxp://185[.]91[.]127[.]233/a-r[.]m-4[.]SNOOPY hxxp://185[.]91[.]127[.]233/p-p[.]c-[.]SNOOPY hxxp://185[.]91[.]127[.]233/x-8[.]6-[.]SNOOPY hxxp://185[.]91[.]127[.]233/a-r[.]m-6[.]SNOOPY hxxp://185[.]91[.]127[.]233/m-i[.]p-s[.]SNOOPY hxxp://185[.]91[.]127[.]233/a-r[.]m-7[.]SNOOPY hxxp://185[.]91[.]127[.]233/x-3[.]2-[.]SNOOPY hxxp://185[.]91[.]127[.]233/a-r[.]m-5[.]SNOOPY hxxp://185[.]91[.]127[.]233/s-h[.]4-[.]SNOOPY hxxp://185[.]91[.]127[.]233/m-p[.]s-l[.]SNOOPY hxxp://185[.]91[.]127[.]233/i-5[.]8-6[.]SNOOPY |
Bashlite |
| URL | hxxp://147[.]45[.]47[.]35/bDjkb2xSd/Plugins/clip64[.]dll hxxp://147[.]45[.]47[.]35/bDjkb2xSd/Plugins/cred64[.]dll hxxp://15[.]204[.]49[.]148/files/un[.]config[.]CfgEncFile hxxp://15[.]204[.]49[.]148/files/2UN[.]config[.]CfgEncFile hxxp://15[.]204[.]49[.]148/files/1UN[.]config[.]CfgEncFile |
Amadey |
| URL | hxxps://api[.]telegram[.]org/bot6731075855:AAFv2p-1odBHhSo9d28EfpRNYUd7GsORa8A/ hxxp://23[.]94[.]148[.]10/8080/ORR[.]txt hxxps://kalnet[.]top/pages/legacyzx[.]exe hxxps://paste[.]ee/d/JPr4M hxxp://23[.]94[.]148[.]10/8080/oceanfishgood[.]vbs hxxp://23[.]94[.]148[.]10/gh/dasleodasgoodtohearthathappinessgoodforeveryonegoodtogoforupdationvalidatetheupdationgoodfortogoforgood[.]doC hxxps://api[.]telegram[.]org/bot7013847015:AAGJ9U6sgMmsBCQ0DNkHT8DYuslAtpiqCbA/ hxxps://api[.]telegram[.]org/bot6900011672:AAGYn3MKegYd1zTjvCLgpKWqQCU6dnOO61A/ hxxps://paste[.]ee/d/Gvp3u hxxps://keskollc[.]top/pages/peterzx[.]exe hxxp://goupbuy[.]com/dd/dd[.]exe hxxps://keskollc[.]top/pages/newzx[.]exe hxxp://172[.]245[.]214[.]91/tuesdayfileafternoon[.]vbs hxxp://172[.]245[.]214[.]91/afternooniwalkupfromtheunclesunrisetoentereverywherefasterthanprevioustoenterpcfast[.]doC hxxps://jialm[.]online/jO0tVWkVaK8UcUQmax[.]exe |
Agent Tesla |
| URL | hxxps://83[.]97[.]73[.]254/YzI4MGFhZjI2MmM5/ | Coper |
| URL | hxxps://nrf2station[.]com/01u1w1[.]php?id=1 hxxps://fumicenter[.]com/w8rcye[.]php?id=1 hxxps://terravilla[.]fr/ui610y[.]php?id=1 hxxps://u3faktory[.]com/jz0tno[.]php?id=1 hxxps://traidinnovation[.]com/o2pmcb[.]php?id=1 hxxps://401cssabatino[.]com/sk5w8b[.]php?id=1 hxxps://ourzanzibar-portal[.]com/wdswbw[.]php?id=1 hxxps://www[.]alroaaacademy[.]com/s1btpl[.]php?id=1 |
WikiLoader |
| URL | hxxps://amassmodel[.]top/pages/catzx[.]exe | Nanocore RAT |
| URL | hxxp://whitemansearch[.]shop/ClassroomEc[.]exe | Rhadamanthys |
| URL | hxxps://rourtmanjsdadhfakja[.]com/a hxxp://rourtmanjsdadhfakja[.]com/kclddtnk hxxps://rourtmanjsdadhfakja[.]com/jggmrogs hxxps://rourtmanjsdadhfakja[.]com/pkfbetex hxxps://computersupportexperts[.]com/css/cab/1%20(8)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(28)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(56)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(66)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(43)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(103)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(57)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(88)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(46)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(53)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(6)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(30)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(19)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(95)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(50)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(41)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(34)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(63)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(65)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(82)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(64)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(36)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(101)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(51)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(25)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(20)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(87)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(23)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(96)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(39)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(60)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(104)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(3)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(45)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(38)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(77)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(5)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(32)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(52)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(62)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(107)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(12)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(80)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(22)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(9)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(58)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(78)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(44)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(55)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(89)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(93)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(92)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(105)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(18)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(29)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(85)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(61)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(67)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(26)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(68)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(4)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(71)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(81)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(86)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(1)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(90)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(49)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(2)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(91)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(97)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(37)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(70)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(99)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(106)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(42)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(74)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(79)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(54)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(69)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(108)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(27)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(76)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(75)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(83)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(21)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(16)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(48)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(40)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(35)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(17)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(10)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(72)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(33)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(102)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(84)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(100)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(98)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(94)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(11)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(7)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(15)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(47)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(13)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(24)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(31)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(73)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(59)[.]vbs hxxps://computersupportexperts[.]com/css/cab/1%20(14)[.]vbs |
DarkGate |
| URL | hxxps://mayanboats[.]com/wp-content/uploads/svc[.]exe | Azorult |
| URL | hxxps://buy-dnd[.]shop/pixel[.]gif hxxps://81[.]19[.]138[.]57:4443/fwlink hxxp://104[.]21[.]80[.]122:8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxp://www[.]nkbiky[.]cn:8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxp://www[.]ynpuning[.]cn:8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxp://62[.]204[.]41[.]104:9090/beacon[.]exe hxxp://62[.]204[.]41[.]104:9090/oci[.]dll hxxp://34[.]168[.]39[.]155/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxp://116[.]62[.]130[.]96:5555/IE9CompatViewList[.]xml hxxps://1[.]117[.]60[.]33/g[.]pixel hxxp://94[.]156[.]69[.]227/fwlink hxxp://47[.]108[.]153[.]69:7777/pixel hxxp://124[.]70[.]180[.]22:89/pixel hxxp://116[.]62[.]130[.]96:4444/pixel[.]gif hxxp://47[.]122[.]24[.]43:443/_/static/plugins/jquery/jquery[.]cookie[.]js hxxp://68[.]183[.]111[.]170/dpixel hxxps://185[.]196[.]10[.]62/ptj hxxps://104[.]234[.]240[.]6/en_US/all[.]js hxxp://152[.]136[.]100[.]26/pixel hxxps://101[.]42[.]228[.]86/visit[.]js hxxps://8[.]142[.]5[.]148/cm hxxps://182[.]23[.]67[.]109/__utm[.]gif hxxp://service-bvvdi136-1317500845[.]gz[.]tencentapigw[.]com/cx hxxps://www[.]nbcnews[.]site/sm[.]css hxxp://123[.]20[.]56[.]214:7777/ga[.]js hxxp://134[.]122[.]75[.]115:26/activity hxxps://134[.]122[.]75[.]115:444/IE9CompatViewList[.]xml hxxps://43[.]138[.]212[.]90:14443/jquery-3[.]3[.]1[.]min[.]js hxxps://218[.]94[.]206[.]222/jquery-3[.]3[.]1[.]min[.]js hxxps://121[.]17[.]123[.]105/jquery-3[.]3[.]1[.]min[.]js hxxps://116[.]211[.]153[.]240/jquery-3[.]3[.]1[.]min[.]js hxxps://223[.]68[.]136[.]206/jquery-3[.]3[.]1[.]min[.]js hxxps://61[.]159[.]80[.]241/jquery-3[.]3[.]1[.]min[.]js hxxps://112[.]28[.]231[.]110/jquery-3[.]3[.]1[.]min[.]js hxxps://120[.]39[.]197[.]231/jquery-3[.]3[.]1[.]min[.]js hxxps://139[.]162[.]155[.]161/g[.]pixel hxxps://193[.]168[.]173[.]45/en_US/all[.]js hxxp://68[.]183[.]111[.]170/ca hxxps://68[.]183[.]111[.]170/load |
Cobalt Strike |
| URL | hxxp://969727cm[.]nyashsens[.]top/externalserverTrackWordpresspublicprivate[.]php hxxp://102822cm[.]nyashsens[.]top/GeoGeneratorwp[.]php |
DCRat |
| URL | hxxps://woodfeetumhblefepoj[.]shop/api | Lumma Stealer |
| URL | hxxp://141[.]98[.]11[.]208/x86[.]nn | MooBot |
| URL | hxxp://91[.]92[.]246[.]192/129edec4272dc2c8[.]php hxxps://transfer[.]sh/get/PcxgCOQatq/MugRealistic[.]exe |
Stealc |
| URL | hxxp://rowtechequipments[.]com/iz/GmXqgExpUzCakBKX138[.]bin hxxp://rowtechequipments[.]com/iz/Colmanh[.]pfb hxxp://rowtechequipments[.]com/ud/avZfJWkxajgaFRZka1[.]bin hxxp://rowtechequipments[.]com/ud/KmnYxrmEnquhScW82[.]bin hxxp://rowtechequipments[.]com/ud/Kryb[.]hhp hxxp://rowtechequipments[.]com/ud/Englobin[.]asi hxxp://103[.]183[.]115[.]241/NguxStoiauhccvQclG223[.]bin hxxp://103[.]77[.]243[.]121/HixanpxbsHI5[.]bin |
CloudEyE |
| URL | hxxps://sempersim[.]su/c1/fre[.]php | LokiBot |
| URL | hxxp://116[.]72[.]22[.]117:39137/Mozi[.]m | Mozi |
| URL | hxxp://def[.]bestsup[.]su/data/pdf/june[.]exe hxxp://en[.]bestsup[.]su/data/pdf/may[.]exe hxxp://budubed[.]com/search/?q=67e28dd86554fa2a495aa4197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978a071ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923b6f8bfb13c3e896 hxxp://bdtzxdp[.]com/search/?q=67e28dd8390bf679470afe4d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa45e8889b5e4fa9281ae978a771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ef714c4ed96923a |
Socks5 Systemz |
| URL | hxxp://www[.]pdfexplorerplugin[.]com/q1 | XWorm |
