D アラート情報｜サイバーリスク情報提供サービス「D アラート」

HP改ざんの運用監視委託はこちらから

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様20社: 2024/05/17
※2024/05/17 更新
マルウェア感染させると考えられるURLを検知（2024/05/17）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxps://pasteio[.]com/raw/xuyq6uMPN3NI
hxxp://23[.]94[.]36[.]162/4505/vnc[.]exe
hxxps://pasteio[.]com/raw/xzxDvtkxJqiP
hxxps://pasteio[.]com/raw/xGt3dK23NBr5
hxxp://45[.]33[.]50[.]155/70001/GOLGN[.]txt
hxxps://paste[.]ee/d/9Z62y
hxxp://45[.]33[.]50[.]155/70001/creamicecreamHDpicture[.]bmp
hxxp://45[.]33[.]50[.]155/70001/ghl/pappayaicecreamisreallysweeettoeatamditstruelygoodforhealthtounderstandhowmuchbeautiuflicecreamitsisveryuyandcreamy___whichicreamggoodtoeat[.]doc
hxxp://172[.]234[.]239[.]209/50090/SCRJ[.]txt
hxxps://paste[.]ee/d/oaz1A
hxxp://172[.]234[.]239[.]209/50090/EDF/beautifulthingshappenedaftergettinggoodimagestounderstandthequalityofbeautifulthingstohappenedgreat___weareperfectthings[.]doc
hxxp://172[.]234[.]239[.]209/50090/imagesHDqualitycheck[.]png
hxxps://pasteio[.]com/raw/xiXHvR5ETeXe
hxxps://pasteio[.]com/raw/xhy39U4zGODQ
Remcos


URL
hxxp://45[.]61[.]137[.]215/index[.]php/t?id=090
hxxp://164[.]90[.]149[.]46/index[.]php/check[.]php?s=1
hxxp://164[.]90[.]149[.]46/index[.]php/check[.]php
hxxps://covid19help[.]top/loudd[.]scr
hxxps://dukeenergyltd[.]top/sharzx[.]scr
hxxp://193[.]238[.]153[.]15/evie1/five/fre[.]php
LokiBot


URL
hxxps://eohs[.]location[.]oysterfloats[.]us/editContent
hxxps://penisowners[.]com/cdn-vs/original[.]js
hxxps://penisowners[.]com/cdn-vs/cache[.]php
hxxps://penisowners[.]com/cdn-vs/per[.]php
hxxps://redsquardhack[.]com/data[.]php
FAKEUPDATES


URL
hxxp://192[.]3[.]239[.]30/90008/smss[.]exe
hxxp://107[.]173[.]4[.]20/Tuesdayverycuteflowerpictureimage[.]txt
hxxps://microbal[.]net/jklkjklkj/kol[.]txt
hxxp://107[.]173[.]4[.]20/beautifulthingshappeningonbeautiuflpeoplesaroundtheworldwholovingtrulyfromthehearttounderstand__beautifulwordfromthe[.]doc
hxxp://107[.]173[.]4[.]20/todaywegobeautifulgirl[.]vbs
hxxps://paste[.]ee/d/Rpug4
hxxps://paste[.]ee/d/gvkxF
hxxp://107[.]172[.]130[.]130/xampp/bng/becauseofflowerwecantgivesuchamemorybecauseflowersareveryimporatntinffrontofloverwholikeyousheismygirl____ireallyloverhertruly[.]doc
hxxp://107[.]172[.]130[.]130/grace[.]exe
hxxps://dukeenergyltd[.]top/may[.]scr
hxxps://nanoshield[.]pro/files/dmnIifm[.]txt
hxxps://joccupationalscience[.]org/df/HcyOPOXEWiMEgkYiSRQESi103[.]bin
hxxps://polatfamilyengine[.]com/wp_doors/img-files/Shojin[.]viv
hxxps://polatfamilyengine[.]com/wp_doors/img-files/1d8719da-7004-45f7-a747-14c1857caf4e[.]accdb
hxxps://drive[.]google[.]com/uc?export=download&id=15NLl_i9vZajJwhYcvNJko4j6PKiDO3EF
hxxp://172[.]245[.]123[.]8/80090/UHHU[.]txt
hxxps://paste[.]ee/d/OJmBL
hxxps://paste[.]ee/d/ougGo
hxxps://paste[.]ee/d/6gQs6
hxxp://172[.]245[.]123[.]8/80090/createdveryhdimagestoview[.]png
hxxp://172[.]245[.]123[.]8/80090/uh/createdbeautifulimagesentireplacestounderstandhowmuchbeautiuflthingsiamdoingwithimsheisbeautiuflandverybeautifulgirltounderstand___sheismygirlmygirl[.]doc
Agent Tesla


URL
hxxp://139[.]59[.]1[.]92/kub54[.]exe
SmokeLoader


URL
hxxp://194[.]59[.]30[.]95/fd1[.]exe
hxxp://147[.]45[.]50[.]86/Downloads/Invoice[.]pdf[.]lnk
hxxps://invoiceinformations[.]com/InvoiceInfo/windefragsvc[.]exe
Venom RAT


URL
hxxp://194[.]59[.]30[.]95/msfiler[.]exe
hxxp://194[.]59[.]30[.]95/msmng2[.]exe
hxxp://157[.]254[.]165[.]243:3001/www/password[.]txt[.]lnk
hxxps://invoiceinformations[.]com/InvoiceInfo/Evernote-Invoice
AsyncRAT


URL
hxxp://157[.]254[.]165[.]243:3001/www/shared[.]vbs
hxxp://45[.]62[.]170[.]4:8080/Adobe[.]vbs
Zeus


URL
hxxp://183[.]81[.]33[.]83/cuh[.]x32
hxxp://183[.]81[.]33[.]83/cuh[.]arm6
hxxp://183[.]81[.]33[.]83/cuh[.]arm5
hxxp://183[.]81[.]33[.]83/cuh[.]ppc
hxxp://183[.]81[.]33[.]83/cuh[.]sh4
hxxp://183[.]81[.]33[.]83/cuh[.]sparc
hxxp://183[.]81[.]33[.]83/cuh[.]arm7
hxxp://183[.]81[.]33[.]83/cuh[.]ppc440
hxxp://183[.]81[.]33[.]83/cuh[.]arm4
hxxp://183[.]81[.]33[.]83/cuh[.]m68k
hxxp://103[.]153[.]69[.]151/a-r[.]m-4[.]ISIS
hxxp://103[.]153[.]69[.]151/m-p[.]s-l[.]ISIS
hxxp://103[.]153[.]69[.]151/s-h[.]4-[.]ISIS
hxxp://103[.]153[.]69[.]151/a-r[.]m-7[.]ISIS
hxxp://103[.]153[.]69[.]151/a-r[.]m-5[.]ISIS
hxxp://103[.]153[.]69[.]151/m-i[.]p-s[.]ISIS
hxxp://103[.]153[.]69[.]151/a-r[.]m-6[.]ISIS
hxxp://103[.]153[.]69[.]151/p-p[.]c-[.]ISIS
hxxp://103[.]153[.]69[.]151/x-8[.]6-[.]ISIS
Bashlite


URL
hxxps://frsk[.]xyz/Up/b
hxxps://frpk[.]xyz/Up/b
hxxps://frjk[.]xyz/Up/b
hxxps://frgk[.]xyz/Up/b
hxxps://frsk[.]xyz/Up
hxxps://frpk[.]xyz/Up
hxxps://frjk[.]xyz/Up
hxxps://frgk[.]xyz/Up
ACR Stealer


URL
hxxp://101[.]42[.]35[.]39/adminstor[.]exe
hxxp://shuiwujc4[.]cn/%E5%90%8D%E5%8D%95%E5%86%8C%E7%BB%88%E7%AB%AF[.]exe
Ghost RAT


URL
hxxp://45[.]204[.]80[.]87/!@O180_DoubleSFlow_NOP[.]exe
hxxp://45[.]204[.]80[.]87/@O59_ST_8PCH[.]exe
hxxp://45[.]204[.]80[.]87/@O59_ST_8PGree[.]exe
Orcus RAT


URL
hxxp://122[.]51[.]6[.]232:8080/shell[.]exe
hxxp://195[.]26[.]254[.]79/xmrig/xmrig_linux2
hxxp://195[.]26[.]254[.]79/xmrig/xmrig_win32
hxxp://139[.]162[.]180[.]73/xmrig/xmrig_linux2
hxxp://139[.]162[.]180[.]73/xmrig/xmrig_win32
hxxp://172[.]105[.]29[.]23/xmrig/xmrig_linux2
hxxp://172[.]105[.]29[.]23/xmrig/xmrig_win32
hxxp://5[.]42[.]96[.]78/files/file200un[.]exe
hxxp://139[.]162[.]180[.]73:1338/xmrig/xmrig_win32
hxxp://139[.]162[.]180[.]73:1338/xmrig/xmrig_linux2
hxxp://172[.]105[.]29[.]23:1338/xmrig/xmrig_linux2
hxxp://78[.]142[.]18[.]164:1338/xmrig/xmrig_linux2
hxxp://195[.]26[.]254[.]79:1338/xmrig/xmrig_linux2
hxxp://78[.]142[.]18[.]164:1338/xmrig/xmrig_win32
hxxp://172[.]105[.]29[.]23:1338/xmrig/xmrig_win32
hxxp://195[.]26[.]254[.]79:1338/xmrig/xmrig_win32
Coinminer


URL
hxxp://79[.]132[.]193[.]215:8000/client[.]exe
hxxps://pasteio[.]com/download/xcxWvykfm30a
Quasar RAT


URL
hxxp://3[.]17[.]159[.]152/artifact-64[.]exe
hxxp://146[.]70[.]79[.]36:8888/artifact[.]exe
hxxp://fileshare[.]sasepab[.]com/artifact[.]exe
hxxp://3[.]17[.]159[.]152/artifact[.]exe
hxxp://fileshare[.]sasepab[.]com/artifact-64[.]exe
hxxp://111[.]229[.]239[.]195:2222/artifact[.]exe
hxxp://111[.]229[.]239[.]195:2222/payload[.]ps1
hxxps://helloboy[.]shop/functionalStatus/M2m9ioDW7RSEqasWcw04yAC
hxxps://vip8806[.]mom/jquery-3[.]3[.]1[.]min[.]js
hxxps://www[.]testabcdtest[.]xyz:8443/jquery-3[.]3[.]1[.]min[.]js
hxxp://49[.]234[.]58[.]158:8080/vendorReact[.]dc6a29[.]chunk[.]js
hxxps://43[.]139[.]160[.]164:7443/ptj
hxxps://94[.]103[.]86[.]181/updates[.]rss
hxxp://47[.]116[.]187[.]27:7777/visit[.]js
hxxp://103[.]39[.]109[.]3:8080/j[.]ad
hxxps://360[.]wangli[.]cyou/dot[.]gif
hxxp://120[.]27[.]158[.]236:81/fwlink
hxxps://service-izlolzm0-1318382624[.]gz[.]tencentapigw[.]com[.]cn/api/x
hxxp://118[.]31[.]116[.]9/jquery-3[.]3[.]1[.]min[.]js
hxxp://103[.]116[.]247[.]207:443/ZsCM
hxxp://38[.]181[.]44[.]106:2345/jquery-3[.]3[.]1[.]min[.]js
hxxp://47[.]101[.]181[.]195/jquery-3[.]3[.]1[.]min[.]js
hxxp://3[.]208[.]96[.]244/Meeting/32251816/
hxxp://3[.]208[.]96[.]244/functionalStatus
hxxp://3[.]17[.]159[.]152/gotomeeting[.]exe
hxxp://fileshare[.]sasepab[.]com/gotomeeting[.]exe
hxxp://124[.]220[.]148[.]63:8889/cm
hxxp://124[.]220[.]148[.]63:9000/push
hxxps://23[.]95[.]65[.]198/dot[.]gif
hxxps://85[.]203[.]42[.]194/dpixel
hxxp://47[.]113[.]191[.]88/jquery-3[.]3[.]1[.]min[.]js
hxxp://124[.]221[.]95[.]96:8080/fwlink
hxxps://47[.]93[.]40[.]122:8443/api/auth/v1/log
hxxp://117[.]72[.]72[.]128/ca
hxxps://152[.]136[.]174[.]196/IE9CompatViewList[.]xml
hxxp://1[.]180[.]235[.]137/Docs
hxxp://42[.]202[.]173[.]171/Docs
hxxp://123[.]129[.]194[.]160/Docs
hxxp://117[.]27[.]246[.]96/Docs
hxxp://125[.]211[.]192[.]21/Docs
hxxp://117[.]180[.]231[.]141/Docs
hxxp://113[.]62[.]127[.]124/Docs
hxxp://116[.]207[.]181[.]183/Docs
hxxp://14[.]119[.]106[.]190/Docs
hxxp://47[.]243[.]26[.]247:5000/include/template/isx[.]php
hxxp://111[.]231[.]140[.]197:3333/__utm[.]gif
hxxp://43[.]153[.]222[.]28:433/j[.]ad
hxxps://43[.]134[.]23[.]107/j[.]ad
hxxps://43[.]153[.]222[.]28:4545/cx
hxxp://148[.]135[.]72[.]115:88/dot[.]gif
hxxp://www[.]chinamobile[.]live/push
hxxps://service-3c8gl60w-1320366142[.]gz[.]tencentapigw[.]com[.]cn/api/x
hxxp://47[.]108[.]153[.]69:7777/g[.]pixel
hxxp://123[.]57[.]85[.]206:50000/j[.]ad
hxxp://81[.]70[.]232[.]50/download/20/ZO2XY7A4BOWU
hxxp://124[.]220[.]148[.]63:8888/fwlink
hxxps://47[.]243[.]26[.]247:5001/updates[.]rss
hxxp://124[.]220[.]148[.]63:9001/__utm[.]gif
hxxps://101[.]200[.]120[.]13/IE9CompatViewList[.]xml
hxxps://192[.]227[.]232[.]151/j[.]ad
hxxp://45[.]136[.]14[.]91:7777/pixel
hxxps://io[.]cy789[.]ml:2087/updates[.]rss
hxxp://101[.]37[.]31[.]139:6650/pixel
hxxps://162[.]14[.]70[.]154:9443/jquery-3[.]3[.]1[.]min[.]js
hxxp://service-5hq806dl-1305010017[.]sh[.]tencentapigw[.]com/api/x
Cobalt Strike


URL
hxxp://47[.]120[.]32[.]125/reverse[.]exe
hxxp://79[.]132[.]193[.]215:8000/reverse[.]exe
hxxp://79[.]132[.]193[.]215:8000/64[.]exe
hxxps://34[.]143[.]198[.]6/reverse[.]exe
hxxps://linux[.]sun-asterisk[.]info/reverse[.]exe
hxxp://6[.]198[.]143[.]34[.]bc[.]googleusercontent[.]com/reverse[.]exe
hxxp://34[.]143[.]198[.]6/reverse[.]exe
Metasploit


URL
hxxp://111[.]229[.]239[.]195:2222/ms[.]exe
Meterpreter


URL
hxxp://128[.]199[.]107[.]104:1337/WeaponGadgets/VFTRACE[.]dll
hxxp://128[.]199[.]107[.]104:1337/Lab5/2023%E5%8F%B0%E7%A9%8D%E9%9B%BB%E6%96%B9%E9%87%9D%E8%88%87%E5%B0%8D%E7%AD%96%E5%8D%80%E5%9F%9F%E6%B2%BB%E7%90%86%E5%95%8F%E9%A1%8C[.]exe
HyperBro


URL
hxxps://www[.]rockcreekdds[.]com/wp-content/1[.]hta
hxxp://savoystocks[.]com/awybcwjc
hxxp://savoystocks[.]com/yrorantd
DarkGate


URL
hxxp://5[.]42[.]96[.]7/lend/crypted333[.]exe
Lumma Stealer


URL
hxxp://185[.]172[.]128[.]61/pub11[.]exe
Amadey


URL
hxxps://pricelessdesign[.]com/full-scope-contracting
hxxp://urbedu[.]live/what-is-the-difference-between-sla-ola-and-underpinning-contracts
hxxp://burleys[.]ca/2023/05/23/what-is-an-enterprise-agreements
hxxp://trustadvisorygroup[.]com/2022/12/11/what-tint-is-legal-in-new-mexico
GootLoader


URL
hxxps://polikarbonad[.]xyz/bvxny6R6
hxxps://polikarbonad[.]xyz/8OtaBr/
hxxps://d1x9q8w2e4[.]xyz/8OtaBr/
hxxps://d1x9q8w2e4[.]xyz/bvxny6R6
ClearFake


URL
hxxp://198[.]12[.]81[.]162/81116/smss[.]exe
hxxp://192[.]3[.]216[.]156/71120/smss[.]exe
hxxp://192[.]3[.]216[.]156/xampp/uhg/weneverneedtokissflowersbeausetheyarebeautifulandverybeautifulforentirethingswhenisawtheflowersfromtheheartitscuteverypuppy__lovingflowersbeauty[.]doc
hxxps://incolab[.]ro/LTDUXcCJFmPIIlE181[.]bin
hxxp://185[.]149[.]146[.]54/ReurgingGleek[.]exe
Formbook


URL
hxxp://89[.]105[.]198[.]134/244cbe83570df263[.]php
hxxp://185[.]172[.]128[.]159/dl[.]php
hxxp://185[.]172[.]128[.]170/7043a0c6a68d9c65[.]php
hxxp://94[.]156[.]67[.]48/324hj23k4jh423kjh4g423[.]exe
Stealc


URL
hxxp://144[.]126[.]134[.]25:8080/yak[.]cmd
hxxp://144[.]126[.]134[.]25:8080/bas[.]bat
hxxp://144[.]126[.]134[.]25:8080/yak[.]exe
hxxp://144[.]126[.]134[.]25:5000/basbasbas[.]bat
hxxp://144[.]126[.]134[.]25:5000/bas[.]bat
hxxp://144[.]126[.]134[.]25:5000/a[.]bat
hxxp://5[.]206[.]227[.]248/xampp/gns/sheismybeautifulwifewholovedalotmesheisagreatgirlunderstandthethingstogetmebackifeellikesheisgoodbutunluckyshenot___mylittleheartsheisgreat[.]doc
DBatLoader


URL
hxxp://dvaverif[.]ru:3001/www/shared[.]vbs
hxxp://dvaverif[.]ru:3001/www/password[.]txt[.]lnk
hxxp://dvaverif[.]ru/xw/shared[.]exe
hxxp://sunridemanagement[.]com:3001/www/password[.]txt[.]lnk
hxxp://sunridemanagement[.]com/xw/shared[.]exe
hxxp://sunridemanagement[.]com:3001/www/shared[.]vbs
XWorm


URL
hxxp://24[.]152[.]38[.]50/Update[.]msi
Ousaban


URL
hxxps://paste[.]ee/d/WoBkZ/0
hxxps://paste[.]ee/d/qV0Wl
hxxps://ranchoboscardin[.]com[.]br/dc/Sabellarian[.]xtp
hxxps://joccupationalscience[.]org/df/Vivianite[.]psp
hxxps://ranchoboscardin[.]com[.]br/dc/PsPyggxVUPQVS252[.]bin
hxxp://mobiera[.]ro/Skaldyrsalaternes[.]pcz
hxxp://107[.]173[.]58[.]73/BKetDvGYq0[.]bin
hxxp://185[.]222[.]58[.]62/XstAM114[.]bin
hxxp://46[.]183[.]222[.]32/JdJMiNqOzODx24[.]bin
hxxp://46[.]183[.]222[.]32/amtEDCTjQadgLql191[.]bin
hxxp://46[.]183[.]222[.]32/DbRxzRPH136[.]bin
hxxp://107[.]174[.]20[.]236/IckNkYjXCzkr78[.]bin
hxxp://107[.]174[.]20[.]236/mldJhOZvDN136[.]bin
hxxp://107[.]174[.]20[.]236/bVFYjCEB211[.]bin
hxxp://107[.]174[.]20[.]236/TKVpBqAzn12[.]bin
hxxps://incolab[.]ro/Korrelationerne[.]java
hxxps://cadenaderegalos[.]com/qAXgRWcSLetOt215[.]bin
hxxps://cadenaderegalos[.]com/Latissimus51[.]qxd
CloudEyE


URL
hxxp://ehzwq[.]shop/BL134/index[.]php
Azorult


URL
hxxp://5[.]42[.]67[.]23/dl[.]php?pub=mixten/
GCleaner




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxps://pasteio[.]com/raw/xuyq6uMPN3NI hxxp://23[.]94[.]36[.]162/4505/vnc[.]exe hxxps://pasteio[.]com/raw/xzxDvtkxJqiP hxxps://pasteio[.]com/raw/xGt3dK23NBr5 hxxp://45[.]33[.]50[.]155/70001/GOLGN[.]txt hxxps://paste[.]ee/d/9Z62y hxxp://45[.]33[.]50[.]155/70001/creamicecreamHDpicture[.]bmp hxxp://45[.]33[.]50[.]155/70001/ghl/pappayaicecreamisreallysweeettoeatamditstruelygoodforhealthtounderstandhowmuchbeautiuflicecreamitsisveryuyandcreamy___whichicreamggoodtoeat[.]doc hxxp://172[.]234[.]239[.]209/50090/SCRJ[.]txt hxxps://paste[.]ee/d/oaz1A hxxp://172[.]234[.]239[.]209/50090/EDF/beautifulthingshappenedaftergettinggoodimagestounderstandthequalityofbeautifulthingstohappenedgreat___weareperfectthings[.]doc hxxp://172[.]234[.]239[.]209/50090/imagesHDqualitycheck[.]png hxxps://pasteio[.]com/raw/xiXHvR5ETeXe hxxps://pasteio[.]com/raw/xhy39U4zGODQ	Remcos
URL	hxxp://45[.]61[.]137[.]215/index[.]php/t?id=090 hxxp://164[.]90[.]149[.]46/index[.]php/check[.]php?s=1 hxxp://164[.]90[.]149[.]46/index[.]php/check[.]php hxxps://covid19help[.]top/loudd[.]scr hxxps://dukeenergyltd[.]top/sharzx[.]scr hxxp://193[.]238[.]153[.]15/evie1/five/fre[.]php	LokiBot
URL	hxxps://eohs[.]location[.]oysterfloats[.]us/editContent hxxps://penisowners[.]com/cdn-vs/original[.]js hxxps://penisowners[.]com/cdn-vs/cache[.]php hxxps://penisowners[.]com/cdn-vs/per[.]php hxxps://redsquardhack[.]com/data[.]php	FAKEUPDATES
URL	hxxp://192[.]3[.]239[.]30/90008/smss[.]exe hxxp://107[.]173[.]4[.]20/Tuesdayverycuteflowerpictureimage[.]txt hxxps://microbal[.]net/jklkjklkj/kol[.]txt hxxp://107[.]173[.]4[.]20/beautifulthingshappeningonbeautiuflpeoplesaroundtheworldwholovingtrulyfromthehearttounderstand__beautifulwordfromthe[.]doc hxxp://107[.]173[.]4[.]20/todaywegobeautifulgirl[.]vbs hxxps://paste[.]ee/d/Rpug4 hxxps://paste[.]ee/d/gvkxF hxxp://107[.]172[.]130[.]130/xampp/bng/becauseofflowerwecantgivesuchamemorybecauseflowersareveryimporatntinffrontofloverwholikeyousheismygirl____ireallyloverhertruly[.]doc hxxp://107[.]172[.]130[.]130/grace[.]exe hxxps://dukeenergyltd[.]top/may[.]scr hxxps://nanoshield[.]pro/files/dmnIifm[.]txt hxxps://joccupationalscience[.]org/df/HcyOPOXEWiMEgkYiSRQESi103[.]bin hxxps://polatfamilyengine[.]com/wp_doors/img-files/Shojin[.]viv hxxps://polatfamilyengine[.]com/wp_doors/img-files/1d8719da-7004-45f7-a747-14c1857caf4e[.]accdb hxxps://drive[.]google[.]com/uc?export=download&id=15NLl_i9vZajJwhYcvNJko4j6PKiDO3EF hxxp://172[.]245[.]123[.]8/80090/UHHU[.]txt hxxps://paste[.]ee/d/OJmBL hxxps://paste[.]ee/d/ougGo hxxps://paste[.]ee/d/6gQs6 hxxp://172[.]245[.]123[.]8/80090/createdveryhdimagestoview[.]png hxxp://172[.]245[.]123[.]8/80090/uh/createdbeautifulimagesentireplacestounderstandhowmuchbeautiuflthingsiamdoingwithimsheisbeautiuflandverybeautifulgirltounderstand___sheismygirlmygirl[.]doc	Agent Tesla
URL	hxxp://139[.]59[.]1[.]92/kub54[.]exe	SmokeLoader
URL	hxxp://194[.]59[.]30[.]95/fd1[.]exe hxxp://147[.]45[.]50[.]86/Downloads/Invoice[.]pdf[.]lnk hxxps://invoiceinformations[.]com/InvoiceInfo/windefragsvc[.]exe	Venom RAT
URL	hxxp://194[.]59[.]30[.]95/msfiler[.]exe hxxp://194[.]59[.]30[.]95/msmng2[.]exe hxxp://157[.]254[.]165[.]243:3001/www/password[.]txt[.]lnk hxxps://invoiceinformations[.]com/InvoiceInfo/Evernote-Invoice	AsyncRAT
URL	hxxp://157[.]254[.]165[.]243:3001/www/shared[.]vbs hxxp://45[.]62[.]170[.]4:8080/Adobe[.]vbs	Zeus
URL	hxxp://183[.]81[.]33[.]83/cuh[.]x32 hxxp://183[.]81[.]33[.]83/cuh[.]arm6 hxxp://183[.]81[.]33[.]83/cuh[.]arm5 hxxp://183[.]81[.]33[.]83/cuh[.]ppc hxxp://183[.]81[.]33[.]83/cuh[.]sh4 hxxp://183[.]81[.]33[.]83/cuh[.]sparc hxxp://183[.]81[.]33[.]83/cuh[.]arm7 hxxp://183[.]81[.]33[.]83/cuh[.]ppc440 hxxp://183[.]81[.]33[.]83/cuh[.]arm4 hxxp://183[.]81[.]33[.]83/cuh[.]m68k hxxp://103[.]153[.]69[.]151/a-r[.]m-4[.]ISIS hxxp://103[.]153[.]69[.]151/m-p[.]s-l[.]ISIS hxxp://103[.]153[.]69[.]151/s-h[.]4-[.]ISIS hxxp://103[.]153[.]69[.]151/a-r[.]m-7[.]ISIS hxxp://103[.]153[.]69[.]151/a-r[.]m-5[.]ISIS hxxp://103[.]153[.]69[.]151/m-i[.]p-s[.]ISIS hxxp://103[.]153[.]69[.]151/a-r[.]m-6[.]ISIS hxxp://103[.]153[.]69[.]151/p-p[.]c-[.]ISIS hxxp://103[.]153[.]69[.]151/x-8[.]6-[.]ISIS	Bashlite
URL	hxxps://frsk[.]xyz/Up/b hxxps://frpk[.]xyz/Up/b hxxps://frjk[.]xyz/Up/b hxxps://frgk[.]xyz/Up/b hxxps://frsk[.]xyz/Up hxxps://frpk[.]xyz/Up hxxps://frjk[.]xyz/Up hxxps://frgk[.]xyz/Up	ACR Stealer
URL	hxxp://101[.]42[.]35[.]39/adminstor[.]exe hxxp://shuiwujc4[.]cn/%E5%90%8D%E5%8D%95%E5%86%8C%E7%BB%88%E7%AB%AF[.]exe	Ghost RAT
URL	hxxp://45[.]204[.]80[.]87/!@O180_DoubleSFlow_NOP[.]exe hxxp://45[.]204[.]80[.]87/@O59_ST_8PCH[.]exe hxxp://45[.]204[.]80[.]87/@O59_ST_8PGree[.]exe	Orcus RAT
URL	hxxp://122[.]51[.]6[.]232:8080/shell[.]exe hxxp://195[.]26[.]254[.]79/xmrig/xmrig_linux2 hxxp://195[.]26[.]254[.]79/xmrig/xmrig_win32 hxxp://139[.]162[.]180[.]73/xmrig/xmrig_linux2 hxxp://139[.]162[.]180[.]73/xmrig/xmrig_win32 hxxp://172[.]105[.]29[.]23/xmrig/xmrig_linux2 hxxp://172[.]105[.]29[.]23/xmrig/xmrig_win32 hxxp://5[.]42[.]96[.]78/files/file200un[.]exe hxxp://139[.]162[.]180[.]73:1338/xmrig/xmrig_win32 hxxp://139[.]162[.]180[.]73:1338/xmrig/xmrig_linux2 hxxp://172[.]105[.]29[.]23:1338/xmrig/xmrig_linux2 hxxp://78[.]142[.]18[.]164:1338/xmrig/xmrig_linux2 hxxp://195[.]26[.]254[.]79:1338/xmrig/xmrig_linux2 hxxp://78[.]142[.]18[.]164:1338/xmrig/xmrig_win32 hxxp://172[.]105[.]29[.]23:1338/xmrig/xmrig_win32 hxxp://195[.]26[.]254[.]79:1338/xmrig/xmrig_win32	Coinminer
URL	hxxp://79[.]132[.]193[.]215:8000/client[.]exe hxxps://pasteio[.]com/download/xcxWvykfm30a	Quasar RAT
URL	hxxp://3[.]17[.]159[.]152/artifact-64[.]exe hxxp://146[.]70[.]79[.]36:8888/artifact[.]exe hxxp://fileshare[.]sasepab[.]com/artifact[.]exe hxxp://3[.]17[.]159[.]152/artifact[.]exe hxxp://fileshare[.]sasepab[.]com/artifact-64[.]exe hxxp://111[.]229[.]239[.]195:2222/artifact[.]exe hxxp://111[.]229[.]239[.]195:2222/payload[.]ps1 hxxps://helloboy[.]shop/functionalStatus/M2m9ioDW7RSEqasWcw04yAC hxxps://vip8806[.]mom/jquery-3[.]3[.]1[.]min[.]js hxxps://www[.]testabcdtest[.]xyz:8443/jquery-3[.]3[.]1[.]min[.]js hxxp://49[.]234[.]58[.]158:8080/vendorReact[.]dc6a29[.]chunk[.]js hxxps://43[.]139[.]160[.]164:7443/ptj hxxps://94[.]103[.]86[.]181/updates[.]rss hxxp://47[.]116[.]187[.]27:7777/visit[.]js hxxp://103[.]39[.]109[.]3:8080/j[.]ad hxxps://360[.]wangli[.]cyou/dot[.]gif hxxp://120[.]27[.]158[.]236:81/fwlink hxxps://service-izlolzm0-1318382624[.]gz[.]tencentapigw[.]com[.]cn/api/x hxxp://118[.]31[.]116[.]9/jquery-3[.]3[.]1[.]min[.]js hxxp://103[.]116[.]247[.]207:443/ZsCM hxxp://38[.]181[.]44[.]106:2345/jquery-3[.]3[.]1[.]min[.]js hxxp://47[.]101[.]181[.]195/jquery-3[.]3[.]1[.]min[.]js hxxp://3[.]208[.]96[.]244/Meeting/32251816/ hxxp://3[.]208[.]96[.]244/functionalStatus hxxp://3[.]17[.]159[.]152/gotomeeting[.]exe hxxp://fileshare[.]sasepab[.]com/gotomeeting[.]exe hxxp://124[.]220[.]148[.]63:8889/cm hxxp://124[.]220[.]148[.]63:9000/push hxxps://23[.]95[.]65[.]198/dot[.]gif hxxps://85[.]203[.]42[.]194/dpixel hxxp://47[.]113[.]191[.]88/jquery-3[.]3[.]1[.]min[.]js hxxp://124[.]221[.]95[.]96:8080/fwlink hxxps://47[.]93[.]40[.]122:8443/api/auth/v1/log hxxp://117[.]72[.]72[.]128/ca hxxps://152[.]136[.]174[.]196/IE9CompatViewList[.]xml hxxp://1[.]180[.]235[.]137/Docs hxxp://42[.]202[.]173[.]171/Docs hxxp://123[.]129[.]194[.]160/Docs hxxp://117[.]27[.]246[.]96/Docs hxxp://125[.]211[.]192[.]21/Docs hxxp://117[.]180[.]231[.]141/Docs hxxp://113[.]62[.]127[.]124/Docs hxxp://116[.]207[.]181[.]183/Docs hxxp://14[.]119[.]106[.]190/Docs hxxp://47[.]243[.]26[.]247:5000/include/template/isx[.]php hxxp://111[.]231[.]140[.]197:3333/__utm[.]gif hxxp://43[.]153[.]222[.]28:433/j[.]ad hxxps://43[.]134[.]23[.]107/j[.]ad hxxps://43[.]153[.]222[.]28:4545/cx hxxp://148[.]135[.]72[.]115:88/dot[.]gif hxxp://www[.]chinamobile[.]live/push hxxps://service-3c8gl60w-1320366142[.]gz[.]tencentapigw[.]com[.]cn/api/x hxxp://47[.]108[.]153[.]69:7777/g[.]pixel hxxp://123[.]57[.]85[.]206:50000/j[.]ad hxxp://81[.]70[.]232[.]50/download/20/ZO2XY7A4BOWU hxxp://124[.]220[.]148[.]63:8888/fwlink hxxps://47[.]243[.]26[.]247:5001/updates[.]rss hxxp://124[.]220[.]148[.]63:9001/__utm[.]gif hxxps://101[.]200[.]120[.]13/IE9CompatViewList[.]xml hxxps://192[.]227[.]232[.]151/j[.]ad hxxp://45[.]136[.]14[.]91:7777/pixel hxxps://io[.]cy789[.]ml:2087/updates[.]rss hxxp://101[.]37[.]31[.]139:6650/pixel hxxps://162[.]14[.]70[.]154:9443/jquery-3[.]3[.]1[.]min[.]js hxxp://service-5hq806dl-1305010017[.]sh[.]tencentapigw[.]com/api/x	Cobalt Strike
URL	hxxp://47[.]120[.]32[.]125/reverse[.]exe hxxp://79[.]132[.]193[.]215:8000/reverse[.]exe hxxp://79[.]132[.]193[.]215:8000/64[.]exe hxxps://34[.]143[.]198[.]6/reverse[.]exe hxxps://linux[.]sun-asterisk[.]info/reverse[.]exe hxxp://6[.]198[.]143[.]34[.]bc[.]googleusercontent[.]com/reverse[.]exe hxxp://34[.]143[.]198[.]6/reverse[.]exe	Metasploit
URL	hxxp://111[.]229[.]239[.]195:2222/ms[.]exe	Meterpreter
URL	hxxp://128[.]199[.]107[.]104:1337/WeaponGadgets/VFTRACE[.]dll hxxp://128[.]199[.]107[.]104:1337/Lab5/2023%E5%8F%B0%E7%A9%8D%E9%9B%BB%E6%96%B9%E9%87%9D%E8%88%87%E5%B0%8D%E7%AD%96%E5%8D%80%E5%9F%9F%E6%B2%BB%E7%90%86%E5%95%8F%E9%A1%8C[.]exe	HyperBro
URL	hxxps://www[.]rockcreekdds[.]com/wp-content/1[.]hta hxxp://savoystocks[.]com/awybcwjc hxxp://savoystocks[.]com/yrorantd	DarkGate
URL	hxxp://5[.]42[.]96[.]7/lend/crypted333[.]exe	Lumma Stealer
URL	hxxp://185[.]172[.]128[.]61/pub11[.]exe	Amadey
URL	hxxps://pricelessdesign[.]com/full-scope-contracting hxxp://urbedu[.]live/what-is-the-difference-between-sla-ola-and-underpinning-contracts hxxp://burleys[.]ca/2023/05/23/what-is-an-enterprise-agreements hxxp://trustadvisorygroup[.]com/2022/12/11/what-tint-is-legal-in-new-mexico	GootLoader
URL	hxxps://polikarbonad[.]xyz/bvxny6R6 hxxps://polikarbonad[.]xyz/8OtaBr/ hxxps://d1x9q8w2e4[.]xyz/8OtaBr/ hxxps://d1x9q8w2e4[.]xyz/bvxny6R6	ClearFake
URL	hxxp://198[.]12[.]81[.]162/81116/smss[.]exe hxxp://192[.]3[.]216[.]156/71120/smss[.]exe hxxp://192[.]3[.]216[.]156/xampp/uhg/weneverneedtokissflowersbeausetheyarebeautifulandverybeautifulforentirethingswhenisawtheflowersfromtheheartitscuteverypuppy__lovingflowersbeauty[.]doc hxxps://incolab[.]ro/LTDUXcCJFmPIIlE181[.]bin hxxp://185[.]149[.]146[.]54/ReurgingGleek[.]exe	Formbook
URL	hxxp://89[.]105[.]198[.]134/244cbe83570df263[.]php hxxp://185[.]172[.]128[.]159/dl[.]php hxxp://185[.]172[.]128[.]170/7043a0c6a68d9c65[.]php hxxp://94[.]156[.]67[.]48/324hj23k4jh423kjh4g423[.]exe	Stealc
URL	hxxp://144[.]126[.]134[.]25:8080/yak[.]cmd hxxp://144[.]126[.]134[.]25:8080/bas[.]bat hxxp://144[.]126[.]134[.]25:8080/yak[.]exe hxxp://144[.]126[.]134[.]25:5000/basbasbas[.]bat hxxp://144[.]126[.]134[.]25:5000/bas[.]bat hxxp://144[.]126[.]134[.]25:5000/a[.]bat hxxp://5[.]206[.]227[.]248/xampp/gns/sheismybeautifulwifewholovedalotmesheisagreatgirlunderstandthethingstogetmebackifeellikesheisgoodbutunluckyshenot___mylittleheartsheisgreat[.]doc	DBatLoader
URL	hxxp://dvaverif[.]ru:3001/www/shared[.]vbs hxxp://dvaverif[.]ru:3001/www/password[.]txt[.]lnk hxxp://dvaverif[.]ru/xw/shared[.]exe hxxp://sunridemanagement[.]com:3001/www/password[.]txt[.]lnk hxxp://sunridemanagement[.]com/xw/shared[.]exe hxxp://sunridemanagement[.]com:3001/www/shared[.]vbs	XWorm
URL	hxxp://24[.]152[.]38[.]50/Update[.]msi	Ousaban
URL	hxxps://paste[.]ee/d/WoBkZ/0 hxxps://paste[.]ee/d/qV0Wl hxxps://ranchoboscardin[.]com[.]br/dc/Sabellarian[.]xtp hxxps://joccupationalscience[.]org/df/Vivianite[.]psp hxxps://ranchoboscardin[.]com[.]br/dc/PsPyggxVUPQVS252[.]bin hxxp://mobiera[.]ro/Skaldyrsalaternes[.]pcz hxxp://107[.]173[.]58[.]73/BKetDvGYq0[.]bin hxxp://185[.]222[.]58[.]62/XstAM114[.]bin hxxp://46[.]183[.]222[.]32/JdJMiNqOzODx24[.]bin hxxp://46[.]183[.]222[.]32/amtEDCTjQadgLql191[.]bin hxxp://46[.]183[.]222[.]32/DbRxzRPH136[.]bin hxxp://107[.]174[.]20[.]236/IckNkYjXCzkr78[.]bin hxxp://107[.]174[.]20[.]236/mldJhOZvDN136[.]bin hxxp://107[.]174[.]20[.]236/bVFYjCEB211[.]bin hxxp://107[.]174[.]20[.]236/TKVpBqAzn12[.]bin hxxps://incolab[.]ro/Korrelationerne[.]java hxxps://cadenaderegalos[.]com/qAXgRWcSLetOt215[.]bin hxxps://cadenaderegalos[.]com/Latissimus51[.]qxd	CloudEyE
URL	hxxp://ehzwq[.]shop/BL134/index[.]php	Azorult
URL	hxxp://5[.]42[.]67[.]23/dl[.]php?pub=mixten/	GCleaner

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

標的型攻撃対策
i-FILTER・m-FILTER

DigitalArts@Cloud

ご購入前のお問い合わせ

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

標的型攻撃対策i-FILTER・m-FILTER

DigitalArts@Cloud

ご購入前のお問い合わせ

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

標的型攻撃対策
i-FILTER・m-FILTER