サイバーリスク情報提供 Dアラート 特許取得済み

不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様
0 URLアクセスした
弊社お客様
6
2024/05/09
※2024/05/09 更新
マルウェア感染させると考えられるURLを検知(2024/05/09)
■IoC(※1)
Type: IOC: Signature:
URL hxxp://38[.]255[.]42[.]91/mxnwd[.]vbs
hxxp://192[.]3[.]179[.]142/44556/HJCL[.]exe
hxxp://192[.]3[.]179[.]142/xampp/wksh/veryhappytoseeherthingstogetitsbackwithlotofthingssurewewillbebacksoonandeverythinggogreatwithout___happeingkisses[.]doc
hxxp://188[.]127[.]225[.]225/30990/EVA[.]txt
hxxps://paste[.]ee/d/Leqxg
hxxp://188[.]127[.]225[.]225/30990/ev/atruewinnerhereforthetruethingstohappenedwhatkindofbeautifulthingitsisverybeautifulimagesheretocreatenewone___tounderstandtheimagesgoodfor[.]doc
hxxp://188[.]127[.]225[.]225/30990/browserflowerimagesample[.]jpg
Remcos
URL hxxps://penetratedworrsyw[.]shop/api
hxxp://193[.]233[.]132[.]56/lend/conhost[.]exe
hxxp://185[.]235[.]137[.]54/file/update[.]exe
hxxps://whispedwoodmoodsksl[.]shop/api
Lumma Stealer
URL hxxps://kyrtasarim22[.]net/MjE3ZTBjN2RmM2M4/
hxxps://kyrtasarim22[.]com/MjE3ZTBjN2RmM2M4/
hxxps://kyrtasarim33[.]com/MjE3ZTBjN2RmM2M4/
Coper
URL hxxps://valentinedaycard[.]com/bvxny6R6
hxxps://valentinedaycard[.]com/8OtaBr/
hxxps://currentsilverprice[.]com/8OtaBr/
hxxps://currentsilverprice[.]com/bvxny6R6
hxxps://waytowealth[.]org/8OtaBr/
hxxps://waytowealth[.]org/bvxny6R6
hxxps://teachabletutorials[.]com/8OtaBr/
hxxps://teachabletutorials[.]com/bvxny6R6
hxxps://listwisconsin[.]com/bvxny6R6
hxxps://listwisconsin[.]com/8OtaBr/
hxxps://voicelesson[.]org/8OtaBr/
hxxps://voicelesson[.]org/bvxny6R6
hxxps://debtavailable[.]com/8OtaBr/
hxxps://debtavailable[.]com/bvxny6R6
ClearFake
URL hxxp://172[.]245[.]208[.]36/20777/hjv[.]exe
hxxp://172[.]245[.]208[.]36/xampp/bg/verygoodnewisshewasreadytomarrythepersonwhoshelovedalotwithentirethingssheisverybeautifulwomenwhosheloved____sheisbeautifulgirlssheis[.]doc
hxxp://www[.]qeintechnologies[.]com/NmBkxeAZlIrfpt226[.]bin
hxxp://www[.]qeintechnologies[.]com/ySuxi164[.]bin
hxxp://87[.]121[.]105[.]54/uZSXwWgeEgRsNXGAa146[.]bin
hxxp://87[.]121[.]105[.]54/Wonderment[.]inf
hxxp://146[.]70[.]113[.]142/zVruSzQypzXRhqHDQYTzq247[.]bin
hxxp://193[.]239[.]86[.]203/xGzvfQQaLW3[.]bin
hxxp://167[.]160[.]166[.]205/WBnzJPbEs18[.]bin
hxxp://167[.]160[.]166[.]205/XnPTd121[.]bin
hxxp://167[.]160[.]166[.]205/LkTupLMJe71[.]bin
hxxp://45[.]137[.]22[.]110/IGmUGQPdScBTGw229[.]bin
hxxp://192[.]3[.]109[.]149/xampp/gh/beautifulgirlsarerememberingthepersonwhoshelovedalotbecasusesheislovingthepersonisverybeautifulpersonn___sheisgreatgirliknow[.]doc
hxxp://www[.]qeintechnologies[.]com/IYiwE0[.]bin
CloudEyE
URL hxxp://192[.]3[.]216[.]154/20778/hjv[.]exe
hxxp://104[.]168[.]33[.]34/33660/htm[.]exe
hxxp://104[.]168[.]33[.]34/xampp/bcc/bc/attractivesthingsmusthappenedalwayswithmetogetitbackeverythinggoodforusbeautifuldaystartingwithme___tounderstandhowimporatntitistomeforentirethigs[.]doc
hxxp://192[.]3[.]216[.]154/xampp/vg/verygoodmorningwecreatedagoodideatowalkupearlymronignfromthesleppsheisbeautifulsoiwknow___howmuchshelovedher[.]doc
hxxps://api[.]telegram[.]org/bot6107178761:AAHgabxzERKwr-kmuctjwK7hlO5aXFWx-vU/
hxxps://api[.]telegram[.]org/bot5967521781:AAFM9TWkFoveAFBEBJsmTEG-0oQtcRWcbVE/
hxxps://api[.]telegram[.]org/bot7120261306:AAEr4-KVB7u5Io5QXqJOespukUAYWvA7it0/
hxxps://api[.]telegram[.]org/bot7185330984:AAEhcUODBdkvuF0o7sB49L4zfsoWtQ10tyA/
hxxps://api[.]telegram[.]org/bot7166327996:AAGPihVNd1ShcG_CmE24Dqt8T2_CJLtBA7k/
hxxps://paste[.]ee/d/VrRVp
hxxp://139[.]99[.]162[.]245/verycuteflowerpictureimage[.]jpg
hxxp://139[.]99[.]162[.]245/wecreatedflowerbasedlandwhichverybeautifulandcuteforeveryonetovisitatimeperioditsgreatforourproject___sheisbeautifulgirlforme[.]doc
hxxp://139[.]99[.]162[.]245/tryandsee[.]txt
hxxps://api[.]telegram[.]org/bot7134623757:AAG14l2IijdHtUMTQB8PlsH-2xdwM6WlmzQ/
Agent Tesla
URL hxxps://hkrha[.]colo[.]oystergarden[.]net/editContent
hxxps://scsvc[.]colo[.]oystergarden[.]net/editContent
FAKEUPDATES
URL hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/msvcp140[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/softokn3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/freebl3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/nss3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/sqlite3[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/mozglue[.]dll
hxxp://193[.]163[.]7[.]82/bb07217c4593b55f/vcruntime140[.]dll
Stealc
URL hxxps://bitbucket[.]org/testerrrrrrrrrrr888/retsettttttt522222/downloads/en[.]exe
hxxp://147[.]45[.]198[.]80/AlterableStockstill[.]exe
RedLine Stealer
URL hxxp://193[.]233[.]132[.]56/lend/main0506[.]exe
hxxp://065963cm[.]nyashkoon[.]top/ExternalvmSecuresqlWindowsTrackDatalife[.]php
hxxp://199[.]231[.]191[.]222/42public4/base/Test0CentralVideo/datalifePythondbflower/Bigloadprovider/2dle/0private/authLine6/Request4/ProvidervideoRequestflowerTraffictesttrackTemporary[.]php
hxxp://77[.]221[.]157[.]108/Python4/cdnDownloads/baseJavascript/provider5Trafficwindows/5dump/7WindowsWindowsDatalife/Auth8/GeneratorvideobasePhp/Mariadbphp/Multidefault/1dumpcentral5/flowerapitrackProcessor/CpujsMultiBetter/3Uploads/DleUploads0multi/Sqlpython/4External/Http/Better8Geo/PhpRequestLinuxpublic[.]php
hxxp://005514cm[.]n9shteam1[.]top/pythontrack[.]php
DCRat
URL hxxp://193[.]233[.]132[.]56/lend/jgyesfersg[.]exe SystemBC
URL hxxp://193[.]233[.]132[.]56/lend/swiy[.]exe Mars Stealer
URL hxxp://45[.]153[.]243[.]219/sh
hxxp://103[.]109[.]37[.]155/fuckjewishpeople[.]arm6
hxxp://103[.]14[.]226[.]21/fuckjewishpeople[.]arm6
Bashlite
URL hxxp://bufuvpb[.]com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a628ffa13c9e695
hxxp://bufuvpb[.]com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12eab517aa5c96bd86e99d874f865a8bbc896c58e713bc90c91b36b5281fc235a925ed3e55d6bd974a95129070b616e96cc92be20ea778c255bbe258b90d3b4eed3233d1626a8ff810c5ee909832c46f
hxxp://bdydnrb[.]com/search/?q=67e28dd86f0bfb7b435fa54e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1ee8889b5e4fa9281ae978a371ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffa10c5ed9c9232
hxxp://bdydnrb[.]com/search/?q=67e28dd86f0bfb7b435fa54e7c27d78406abdd88be4b12eab517aa5c96bd86eb968349805a8bbc896c58e713bc90c94b36b5281fc235a925ed3e00d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee909b3ecf669e1f
Socks5 Systemz
URL hxxp://seadrill[.]top/kelvin/five/fre[.]php
hxxp://sempersim[.]su/d4/fre[.]php
hxxp://sempersim[.]su/d1/fre[.]php
LokiBot
URL hxxps://api[.]telegram[.]org/bot6800672014:AAFjIhthNxpYeDLxh4u9CJvqMfisOhMGH6M/sendMessage?chat_id=6542615755 DarkCloud
URL hxxp://88[.]214[.]26[.]29:8001/activity
hxxps://47[.]116[.]211[.]207/ptj
hxxp://120[.]27[.]131[.]3/visit[.]js
hxxps://111[.]230[.]12[.]238/pixel
hxxps://124[.]222[.]141[.]231:1443/load
hxxps://103[.]150[.]10[.]45:8443/visit[.]js
hxxp://118[.]194[.]233[.]185/updates[.]rss
hxxps://3se9ewodke339f0e83[.]connectivitytests[.]com/load
hxxp://60[.]204[.]217[.]11:9998/j[.]ad
hxxp://124[.]222[.]141[.]231:8080/IE9CompatViewList[.]xml
hxxps://117[.]72[.]8[.]192/c/msdownload/update/others/2024/05/9Dv7AyHg1Ag2KwO30_
hxxp://8[.]134[.]80[.]227/ChromeUpdate/ShellEx/index[.]php
hxxps://23[.]95[.]65[.]198/load
hxxp://210[.]114[.]11[.]173:806/load
hxxp://service-b0kt7bkd-1307485220[.]cd[.]tencentapigw[.]com/api/x
hxxps://124[.]221[.]181[.]157:8443/cx
hxxp://101[.]43[.]43[.]245/ca
hxxps://47[.]99[.]177[.]59:7443/cm
hxxp://47[.]109[.]49[.]229:8887/pixel[.]gif
hxxp://111[.]230[.]98[.]22:9999/push
hxxps://service-b0kt7bkd-1307485220[.]cd[.]tencentapigw[.]com/api/x
hxxp://49[.]235[.]118[.]195/match
hxxp://52[.]215[.]189[.]95/load
hxxp://54[.]67[.]45[.]193/ptj
hxxp://47[.]92[.]96[.]144/IE9CompatViewList[.]xml
hxxp://8[.]130[.]133[.]34/ptj
hxxp://8[.]130[.]102[.]101/g[.]pixel
hxxp://111[.]231[.]15[.]198/__utm[.]gif
hxxp://119[.]91[.]231[.]57:8080/fwlink
Cobalt Strike
URL hxxp://119[.]45[.]223[.]112:81/mimi[.]exe MimiKatz
URL hxxp://a0980222[.]xsph[.]ru/1[.]exe
hxxp://193[.]222[.]96[.]124:7287/5[.]hta
hxxp://193[.]222[.]96[.]124:7287/4[.]hta
hxxp://193[.]222[.]96[.]124:7287/1[.]hta
AsyncRAT
URL hxxps://164[.]155[.]241[.]15/ready[.]apk
hxxp://38[.]55[.]251[.]253/ready[.]apk
hxxp://164[.]155[.]241[.]15/ready[.]apk
SpyNote
URL hxxp://193[.]222[.]96[.]143:7287/[.]hta
hxxp://193[.]222[.]96[.]143:7287/xx[.]bat
hxxp://193[.]222[.]96[.]124:7287/xD[.]bat
hxxp://193[.]222[.]96[.]124:7287/3[.]hta
hxxp://193[.]222[.]96[.]124:7287/2[.]hta
Venom RAT
URL hxxp://trustadvisorygroup[.]com/2022/11/26/pet-skunk-legal-in-california GootLoader
URL hxxp://78[.]153[.]140[.]96/kinsing2
hxxp://78[.]153[.]140[.]96/ni[.]sh
hxxp://78[.]153[.]140[.]96/cp[.]sh
hxxp://78[.]153[.]140[.]96/mo[.]sh
hxxp://78[.]153[.]140[.]96/vm[.]sh
hxxp://78[.]153[.]140[.]96/py[.]sh
hxxp://78[.]153[.]140[.]96/tr[.]sh
hxxp://78[.]153[.]140[.]96/mi[.]sh
hxxp://78[.]153[.]140[.]96/se[.]sh
hxxp://78[.]153[.]140[.]96/ph[.]sh
hxxp://78[.]153[.]140[.]96/ci[.]sh
hxxp://78[.]153[.]140[.]96/st[.]sh
hxxp://78[.]153[.]140[.]96/al[.]sh
hxxp://78[.]153[.]140[.]96/spr[.]sh
hxxp://78[.]153[.]140[.]96/lr[.]sh
hxxp://78[.]153[.]140[.]96/kn[.]sh
hxxp://78[.]153[.]140[.]96/pg[.]sh
hxxp://78[.]153[.]140[.]96/md[.]sh
hxxp://78[.]153[.]140[.]96/wb[.]sh
hxxp://78[.]153[.]140[.]96/sp[.]sh
hxxp://78[.]153[.]140[.]96/ae[.]sh
hxxp://78[.]153[.]140[.]96/lf[.]sh
hxxp://78[.]153[.]140[.]96/ge[.]sh
hxxp://78[.]153[.]140[.]96/rm[.]sh
hxxp://78[.]153[.]140[.]96/pa[.]sh
hxxp://78[.]153[.]140[.]96/tc[.]sh
hxxp://78[.]153[.]140[.]96/an[.]sh
hxxp://78[.]153[.]140[.]96/gi[.]sh
hxxp://78[.]153[.]140[.]96/vb[.]sh
hxxp://78[.]153[.]140[.]96/sa[.]sh
hxxp://78[.]153[.]140[.]96/xx[.]sh
hxxp://78[.]153[.]140[.]96/ws[.]sh
hxxp://78[.]153[.]140[.]96/ce[.]sh
hxxp://78[.]153[.]140[.]96/acb[.]sh
hxxp://78[.]153[.]140[.]96/pg2[.]sh
hxxp://78[.]153[.]140[.]96/ku[.]sh
hxxp://78[.]153[.]140[.]96/bg[.]sh
hxxp://78[.]153[.]140[.]96/hb[.]sh
hxxp://78[.]153[.]140[.]96/sc[.]sh
hxxp://78[.]153[.]140[.]96/do[.]sh
hxxp://78[.]153[.]140[.]96/tm[.]sh
hxxp://78[.]153[.]140[.]96/mt[.]sh
hxxp://78[.]153[.]140[.]96/gl[.]sh
hxxp://78[.]153[.]140[.]96/ap[.]sh
hxxp://78[.]153[.]140[.]96/rv[.]sh
hxxp://78[.]153[.]140[.]96/cf[.]sh
hxxp://78[.]153[.]140[.]96/ki[.]sh
hxxp://78[.]153[.]140[.]96/scg[.]sh
hxxp://78[.]153[.]140[.]96/sm[.]sh
Kinsing
URL hxxp://cajgtus[.]com/lancer/get[.]php STOP
URL hxxp://91[.]92[.]245[.]192/x[.]tgz Coinminer
URL hxxp://59[.]89[.]178[.]203:37872/Mozi[.]m Mozi
※1「i-FILTER」アクセスログを検索し端末を特定してください 不要なアクセスを避けるため、一部変更しております。 ■製品対応状況(※2) ▽i-FILTER(※3) ・[脅威情報サイト]カテゴリでブロック可能 ※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。 ※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。
イベント・セミナー情報