不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様10社 -
2024/06/24
※2024/06/24 更新
マルウェア感染させると考えられるURLを検知(2024/06/24)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://47[.]115[.]203[.]204:8080/load hxxps://47[.]108[.]142[.]204/search/ hxxps://scam[.]cuntcloud[.]com/_/scs/mail-static/_/js/ hxxp://154[.]31[.]25[.]27:83/jquery-3[.]3[.]1[.]min[.]js hxxp://124[.]70[.]77[.]173/maps/overlaybfpr hxxp://47[.]113[.]107[.]52:8099/dpixel hxxps://185[.]196[.]8[.]107/IE9CompatViewList[.]xml hxxp://194[.]156[.]99[.]171/aaaaaaaaa hxxp://38[.]147[.]186[.]101/pixel[.]gif hxxp://admin[.]eneroco[.]com:2082/ca hxxp://101[.]35[.]173[.]226:8099/api/x hxxps://smtp2[.]servicebio[.]com/sys/ui/js/base[.]js hxxps://mailgate[.]servicebio[.]com/sys/ui/js/base[.]js hxxps://authsmtp[.]servicebio[.]com/sys/ui/js/base[.]js hxxps://www2[.]servicebio[.]com/sys/ui/js/base[.]js hxxps://www[.]kuromipg[.]im/sys/ui/js/base[.]js hxxps://china-yqs[.]com/sys/ui/js/base[.]js hxxp://1[.]117[.]79[.]251:8000/__utm[.]gif hxxps://38[.]207[.]176[.]115/pixel hxxps://ww2[.]jji[.]cz:8443/api/3 hxxps://8[.]222[.]156[.]244/api/3 hxxp://8[.]138[.]150[.]198/ga[.]js hxxp://134[.]122[.]75[.]115:23/j[.]ad hxxps://106[.]55[.]102[.]97/dpixel hxxps://101[.]35[.]141[.]80:8443/updates[.]rss hxxp://49[.]232[.]129[.]71:7777/dot[.]gif hxxps://104[.]214[.]168[.]71/cx hxxp://47[.]92[.]205[.]12:8888/ga[.]js hxxps://43[.]153[.]222[.]28:4545/IE9CompatViewList[.]xml hxxp://134[.]122[.]75[.]115:26/cx hxxps://134[.]122[.]75[.]115:444/pixel hxxps://43[.]138[.]218[.]97/__utm[.]gif hxxps://8[.]138[.]23[.]74/safebrowsing/fp/GU4wkyZltJvwEtFp-NJnW hxxp://79[.]124[.]40[.]106:81/__utm[.]gif hxxps://sydnc[.]net/functionalStatus/kUZTARMhqB9CLZlPFu1kZG2-FzAoT hxxps://120[.]78[.]155[.]42/__utm[.]gif hxxps://ongmanibeimeihong[.]cdnaliyun[.]top/match hxxps://123[.]207[.]66[.]117:8443/introduction/edr hxxp://47[.]108[.]142[.]204/search/ hxxp://1[.]14[.]18[.]173/search/ hxxp://134[.]122[.]130[.]181:443/jquery-3[.]3[.]2[.]slim[.]min[.]js hxxp://122[.]51[.]68[.]179/visit[.]js hxxp://116[.]114[.]20[.]180:8088/aaPK hxxp://120[.]78[.]155[.]42/cx hxxp://101[.]35[.]141[.]80:10088/match hxxps://blacksys[.]deltadefenses[.]com:8443/updates[.]rss hxxps://cs1[.]dbgblack[.]com/Link/shit/CLYX4HG2ZI hxxps://104[.]214[.]168[.]71/g[.]pixel hxxp://89[.]116[.]128[.]246/push hxxp://ww2[.]jji[.]cz:8880/api/3 hxxp://43[.]143[.]58[.]212/verchk/verchk_ hxxp://185[.]201[.]226[.]192:4001/cm hxxp://185[.]117[.]0[.]43:8887/fwlink hxxp://175[.]178[.]88[.]48:7777/api/getit hxxp://106[.]54[.]198[.]187/load hxxp://103[.]36[.]196[.]60:9999/s/search/goods/details[.]html hxxp://106[.]54[.]236[.]42:3306/Claim/v5[.]6/ZZ1QB9MLS hxxps://asevn[.]com/config hxxps://103[.]122[.]164[.]98/divide/mail/SUVVJRQO8QRC hxxp://120[.]25[.]190[.]37/jquery-3[.]3[.]1[.]min[.]js hxxp://8[.]137[.]76[.]34:9999/pixel hxxp://121[.]37[.]156[.]225/match hxxp://jkbs168[.]top:443/ga[.]js hxxp://8[.]138[.]150[.]198/__utm[.]gif hxxp://43[.]136[.]218[.]157:8888/cx hxxps://185[.]243[.]242[.]44/ca hxxp://113[.]125[.]179[.]13:8111/pixel hxxp://172[.]93[.]189[.]41/jquery-3[.]3[.]1[.]min[.]js hxxps://121[.]37[.]206[.]148:8443/index[.]jsp hxxps://atlasanimationstudios[.]com/List/v5[.]29/A1JX1Z0KT4 hxxp://188[.]166[.]210[.]23/cm hxxps://128[.]140[.]1[.]57/jquery-3[.]3[.]1[.]min[.]js hxxps://www[.]e-enroll-benefits[.]com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxp://8[.]217[.]137[.]245:50000/__utm[.]gif hxxps://81[.]71[.]18[.]114:50002/ca hxxps://124[.]223[.]15[.]17/ca hxxps://43[.]153[.]222[.]28:4545/__utm[.]gif hxxp://43[.]153[.]222[.]28:433/load hxxp://43[.]138[.]30[.]109:8888/push hxxp://111[.]67[.]195[.]152:3333/activity |
Cobalt Strike |
| URL | hxxp://94[.]156[.]79[.]86/Havnefogedeners[.]aaf hxxp://94[.]156[.]79[.]86/LGgSgwOVjO73[.]bin hxxp://78[.]108[.]216[.]105/Blockhead[.]prm hxxp://65[.]108[.]125[.]169/mEBiBADRqTywaSMissP10[.]bin hxxp://194[.]59[.]31[.]187/Foreshortening[.]asd hxxp://194[.]59[.]31[.]187/Misadding63[.]chm hxxp://194[.]59[.]31[.]187/qIhAHFOAiEsskXbtso16[.]bin |
CloudEyE |
| URL | hxxps://dukeenergyltd[.]top/alphaa[.]scr hxxps://dukeenergyltd[.]top/alphaa[.]doc |
LokiBot |
| URL | hxxp://23[.]95[.]235[.]16/5656/nom/noha[.]doc | Agent Tesla |
| URL | hxxps://www[.]btini[.]net/article[.]php hxxps://www[.]cap-berriat[.]com/article[.]php hxxps://www[.]celinecuypers[.]be/article[.]php |
GootLoader |
| URL | hxxp://192[.]227[.]173[.]64/xampp/kobo/cvf/kissingisbestforcatwalkonthebesttimetounderstandhowmuchimportnattounderstandthecatgreat__parrtowillflywayawfromthrtree___greatcachingtree[.]doC hxxp://192[.]227[.]173[.]64/xampp/kobo/wecreatedimagestogetmepicture[.]gif hxxp://185[.]172[.]128[.]116/1[.]exe |
SmokeLoader |
| URL | hxxp://77[.]91[.]77[.]80/lend/deep[.]exe hxxp://77[.]91[.]77[.]82/lend/deep[.]exe hxxp://77[.]91[.]77[.]81/lend/deep[.]exe |
XWorm |
| URL | hxxps://jml[.]pages[.]microcloud360[.]com/editContent hxxps://ndas8m92[.]shop/endpoint hxxps://uqysu[.]pages[.]microcloud360[.]com/editContent hxxps://chemsentinel[.]com/cdn-vs/cache[.]php hxxp://chemsentinel[.]com/cdn-vs/33per[.]php hxxps://fgmze[.]pages[.]microcloud360[.]com/editContent hxxps://mpth[.]pages[.]microcloud360[.]com/editContent |
FAKEUPDATES |
| URL | hxxp://118[.]31[.]46[.]10:2259/s[.]exe hxxp://81[.]71[.]147[.]158/02[.]exe hxxp://81[.]71[.]147[.]158/cmd[.]exe hxxp://89[.]23[.]100[.]37/KR6nDu9fLhop1bFe[.]exe |
Quasar RAT |
| URL | hxxps://penisware[.]com/venom/penisware2[.]exe | Venom RAT |
| URL | hxxp://5[.]42[.]104[.]211/0e4bf4a2e8ab9cc8/vcruntime140[.]dll hxxp://5[.]42[.]104[.]211/0e4bf4a2e8ab9cc8/nss3[.]dll hxxp://5[.]42[.]104[.]211/0e4bf4a2e8ab9cc8/mozglue[.]dll hxxp://5[.]42[.]104[.]211/0e4bf4a2e8ab9cc8/sqlite3[.]dll hxxp://5[.]42[.]104[.]211/0e4bf4a2e8ab9cc8/softokn3[.]dll hxxp://5[.]42[.]104[.]211/0e4bf4a2e8ab9cc8/msvcp140[.]dll hxxp://5[.]42[.]104[.]211/0e4bf4a2e8ab9cc8/freebl3[.]dll hxxp://77[.]91[.]77[.]82/trash/simon[.]exe |
Stealc |
| URL | hxxps://penisware[.]com/venom/scchost[.]exe | NjRAT |
| URL | hxxp://23[.]95[.]235[.]16/xampp/kob/ks/kll[.]doc | Remcos |
| URL | hxxp://175[.]107[.]3[.]153:49117/Mozi[.]m hxxp://59[.]89[.]2[.]40:41218/Mozi[.]m |
Mozi |
| URL | hxxps://sailorshelfquids[.]shop/api hxxps://composepayyersellew[.]shop/api hxxps://latesttributedowps[.]shop/api hxxp://bingowin[.]bet/images/pic15[.]exe hxxp://77[.]91[.]77[.]80/lend/taskweaker[.]exe hxxp://77[.]91[.]77[.]82/lend/taskweaker[.]exe hxxp://77[.]91[.]77[.]81/lend/taskweaker[.]exe |
Lumma Stealer |
| URL | hxxp://185[.]172[.]128[.]116/Mb3GvQs8/index[.]php hxxp://94[.]228[.]166[.]74/online/dl/0x3fg[.]exe hxxp://o7labs[.]top/online/dl/0x3fg[.]exe |
Amadey |
| URL | hxxp://195[.]3[.]223[.]218/0Eternalrequest/HttpWpTemp/bossesgeneratesBMW[.]php hxxp://212[.]57[.]118[.]94/windows/tempDle/Php/BigloadhttpAuth/cpuServer/Secureexternal18/Temp/DatalifeVm/0/Datalifetemporaryjavascript3/6Dump/PhpdownloadsMariadbGeo/temporary3/Packet/8/Default5Proton/LinejslongpollUniversalCentraluploadstemporary[.]php hxxp://82[.]146[.]46[.]5/asynccentral/PythonProcesseternal/542/Generator/JsSql[.]php |
DCRat |
| URL | hxxps://45[.]76[.]55[.]148/_uecRF-rE1mCi4OK52eXyA9-i2584cVh-QxIL hxxps://103[.]43[.]18[.]230/_-4iC1Ai554cFh0Xek-AugfMDAGzX3T_TPxLGmdPUIvKmkBC9Xu1smNmqYoUDvu-7A6cZl_LyfJKf2TMOqk-__ |
Metasploit |
| URL | hxxp://192[.]210[.]150[.]58/709070/gui[.]exe | Formbook |
| URL | hxxps://execresource[.]ltd/df/ENC hxxps://ryruhuu3[.]xyz/8OtaBr/ hxxps://ryruhuu3[.]xyz/bvxny6R6 hxxps://execresource[.]ltd/df/BLUE hxxps://mdasidy72[.]mom/endpoint hxxps://weoleycastletaxis[.]co[.]uk/chao/baby/cow[.]html hxxps://weoleycastletaxis[.]co[.]uk/chao/baby/omgsoft[.]zip |
ClearFake |
| URL | hxxps://360[.]asesoriaenfarmacias[.]com/Jhacc[.]dat hxxps://360[.]asesoriaenfarmacias[.]com/Rwnpjrqq[.]vdf |
PureCrypter |
| URL | hxxps://mamudoilekeyfyap[.]com/YzBlNzk4NmVlZDA0/ hxxps://mamudoiledostadogru[.]com/YzBlNzk4NmVlZDA0/ hxxps://sigaracokhojdur1[.]com/YzBlNzk4NmVlZDA0/ hxxps://dertlikaygisiz04[.]com/YzBlNzk4NmVlZDA0/ hxxps://kaygisizamamutlu04[.]com/YzBlNzk4NmVlZDA0/ hxxps://aglayancivciv3[.]com/YjNlM2ZhMjlhNjNi/ hxxps://benyemekyememihtiyar2[.]com/YjNlM2ZhMjlhNjNi/ hxxps://aciktimlanb3en51[.]com/YTkzZjFhNDE3YmRm/ hxxps://kebapyokmulaaan51[.]com/YTkzZjFhNDE3YmRm/ hxxps://sinirlicivciv[.]com/YjNlM2ZhMjlhNjNi/ hxxps://sirma5sodaas[.]com/YTkzZjFhNDE3YmRm/ hxxps://bardaktakolakeyf34[.]com/YTkzZjFhNDE3YmRm/ hxxps://cehennemiyasiyoz251[.]com/YTkzZjFhNDE3YmRm/ hxxps://gurcistanlicruel331144[.]com/YTkzZjFhNDE3YmRm/ hxxps://benkolaicmemihtiyar51[.]com/YjNlM2ZhMjlhNjNi/ hxxps://mutlucivciv25[.]com/YjNlM2ZhMjlhNjNi/ hxxps://basgaan24[.]com/YTkzZjFhNDE3YmRm/ hxxps://hayatsuic24[.]com/YTkzZjFhNDE3YmRm/ hxxps://sirmasokahojdurloo34[.]com/YTkzZjFhNDE3YmRm/ hxxps://sirmaicinmutluolun[.]com/YTkzZjFhNDE3YmRm/ hxxps://bibertursusu3424[.]com/YTkzZjFhNDE3YmRm/ hxxps://selambasgann2[.]com/YTkzZjFhNDE3YmRm/ |
Coper |
| URL | hxxps://66[.]225[.]254[.]182/reg[.]jpg hxxps://66[.]225[.]254[.]182/vd[.]txt hxxps://45[.]92[.]1[.]13/kns[.]jpg hxxps://45[.]92[.]1[.]13/vrt[.]txt hxxps://23[.]94[.]126[.]49/jack[.]jpg hxxps://23[.]94[.]126[.]49/boy[.]txt hxxps://94[.]156[.]8[.]181//4ib[.]jpg hxxps://94[.]156[.]8[.]181//ant[.]txt hxxps://94[.]156[.]8[.]181//i4[.]txt hxxps://94[.]156[.]8[.]181//ib4[.]jpg hxxps://94[.]156[.]8[.]181//v[.]txt hxxps://94[.]156[.]8[.]181//x[.]txt hxxps://206[.]53[.]55[.]147/xx[.]jpg hxxps://206[.]53[.]55[.]147/b6843[.]txt |
AsyncRAT |
| URL | hxxp://221[.]158[.]86[.]16:7762/svchost[.]exe | Ghost RAT |
| URL | hxxp://91[.]92[.]242[.]179/serieta[.]exe hxxp://91[.]92[.]242[.]179/BuildTotale[.]exe hxxp://185[.]172[.]128[.]116/FirstZ[.]exe hxxp://bingowin[.]bet/images/pic1[.]exe hxxp://o7labs[.]top/online/dl/uYtF[.]exe |
Coinminer |
| URL | hxxps://45[.]61[.]131[.]143:8443/a[.]zip | MimiKatz |
| URL | hxxp://77[.]91[.]77[.]82/lend/ama[.]exe hxxp://77[.]91[.]77[.]80/lend/ama[.]exe hxxp://77[.]91[.]77[.]81/lend/ama[.]exe |
RedLine Stealer |
