サイバーリスク情報提供 Dアラート 特許取得済み

不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様0 URLアクセスした
弊社お客様1
2024/08/22
※2024/08/22 更新
マルウェア感染させると考えられるURLを検知(2024/08/22) 
■IoC(※1)





Type:
IOC:
Signature:




URL
hxxp://147[.]45[.]44[.]104/malesa/66bb9d818245b_MoonDescribing[.]exe
hxxp://185[.]215[.]113[.]19/inc/seo[.]exe
hxxp://185[.]215[.]113[.]16/inc/seo[.]exe		
Vidar




URL
hxxps://siscorp[.]mx/jaliwYuqe[.]exe
hxxp://185[.]215[.]113[.]16/inc/crypted8888[.]exe
hxxp://185[.]215[.]113[.]19/inc/crypted8888[.]exe		
Mars Stealer




URL
hxxp://185[.]215[.]113[.]13/inc/js[.]exe
hxxp://185[.]215[.]113[.]19/inc/js[.]exe
hxxp://185[.]215[.]113[.]16/inc/js[.]exe
hxxp://185[.]215[.]113[.]13/inc/cookie250[.]exe
hxxp://185[.]215[.]113[.]19/inc/cookie250[.]exe
hxxp://147[.]45[.]44[.]104/yuop/66c4c6a2204b0_crypted[.]exe		
RedLine Stealer




URL
hxxp://147[.]45[.]228[.]97/3_Dle/dumpDatalifeUniversal/pipe_requestLowBaseasyncdatalifelocalPrivate[.]php
hxxp://509349cm[.]n9sh[.]top/LinelinuxWindowsFlowerDle[.]php
hxxp://pw190[.]castledev[.]ru/ProcessBigloadDbWindowsWp[.]php
hxxp://120555cm[.]n9sh[.]top/ProviderVmLine[.]php
hxxp://248810cm[.]n9sh[.]top/ExternalpollPacketgameServerDefaultGeneratorUniversaluploads[.]php		
DCRat




URL
hxxp://185[.]215[.]113[.]19/inc/Vn70wVxW[.]exe
hxxp://185[.]215[.]113[.]16/inc/Vn70wVxW[.]exe		
MetaStealer




URL
hxxp://185[.]215[.]113[.]19/inc/DiskUtility[.]exe
hxxp://185[.]215[.]113[.]16/inc/DiskUtility[.]exe		
XWorm




URL
hxxp://147[.]45[.]44[.]104/yuop/66bf6d1018bb1_deskman[.]exe
hxxp://147[.]45[.]44[.]104/yuop/66c08d2750ada_PilotEdit[.]exe
hxxps://abandonnyskop[.]shop/api
hxxps://miracledzmnqwui[.]shop/api
hxxp://147[.]45[.]44[.]131/files/098[.]exe
hxxp://147[.]45[.]44[.]131/files/421[.]exe		
Lumma Stealer




URL
hxxp://193[.]233[.]232[.]86/api/crazyfish[.]php
hxxp://45[.]133[.]1[.]107/server[.]txt		
PrivateLoader




URL
hxxp://154[.]216[.]18[.]222/simulators/ioqjWeKazzLuiTHfd[.]exe
MASS Logger




URL
hxxps://servr-jkt[.]com/Lacertidae[.]cur
hxxps://solarcity[.]ro/update/MhPInSitbcrVzL189[.]bin
hxxp://107[.]172[.]31[.]122/xampp/noc/mydreamudpate[.]hta
hxxps://voineasa[.]ro/contents/Tilbjeligere[.]dwp
hxxps://servr-jkt[.]com/Tilbjeligere[.]dwp
hxxps://voineasa[.]ro/contents/NWnWu72[.]bin		
CloudEyE




URL
hxxp://192[.]3[.]111[.]148/200/WRCX[.]txt
hxxp://192[.]3[.]111[.]148/200/yummybutterbuneatingsweetnessgood[.]tIF
hxxps://veldom[.]mk/OLD/mmm[.]txt
hxxps://voineasa[.]ro/contents/hdnQSeddqloQmmjxBimXjTwJ75[.]bin
hxxp://192[.]3[.]193[.]155/xampp/uhg/inetcloud[.]hta
hxxp://192[.]3[.]193[.]155/M1908T/csrss[.]exe
hxxp://45[.]90[.]89[.]50/224/kno/yummybuttercakeaddedchocolatewithsugarandotherthingswhichmakecakewillbehappyentireprocesshappeneingwithnew___yummybuttercakebun[.]doc
hxxp://198[.]46[.]174[.]158/xampp/myu/mu/creambutterbunwhichtastyandyummywithentirethingsentirelevelcreammilkedbutterbunverytastywithentireprocesswhichneedtoknow____creamyummybuttercake[.]doc
hxxp://192[.]3[.]64[.]158/366/cn/yummycakewithbutterbunwhichverycreamyandyummutastewhichcreatedyummythingschocolatebutterbungood________yummycakerichbutter[.]doc
hxxp://198[.]46[.]174[.]158/xampp/knox/kn/yummybutterbunmilkychocolatemethodusetomakebutterbuncreamyandyoummytastewithherewhichreallynice______yummybutterbuncreamymilk[.]doc
hxxp://198[.]46[.]174[.]158/xampp/myu/weknowsmoothbuttersmoothbun[.]tIF
hxxp://198[.]46[.]174[.]158/xampp/knox/sweetyummybutterbunherehave[.]tIF
hxxp://192[.]3[.]64[.]158/366/coupecakebutterbuncakecreamyyum[.]tIF
hxxp://45[.]90[.]89[.]50/224/mugcackecholocatebutterburnmix[.]tIF
hxxp://82[.]197[.]64[.]93/112/nco/butteryummycakechocolatebunreallyyummytoeatwithsweetlipsitsreallynicefoodwhichicanfeeltogivemylovershelovebutterbun____yummysweetbutterbun[.]doc
hxxp://82[.]197[.]64[.]93/112/niceworkofyummybutterbun[.]tIF
hxxp://107[.]175[.]92[.]71/334/butteryummychocolatebunhere[.]tIF
hxxp://107[.]175[.]92[.]71/xampp/ndc/IEcacheNet[.]hta		
Remcos




URL
hxxp://154[.]216[.]18[.]222/simulators/lOpkseAloegPhxxAcv[.]exe
hxxp://154[.]216[.]18[.]222/simulators/lOpkseAloegPhxxAcv[.]doc
hxxps://soyjak[.]download/f[.]php?h=2v4AG0ZE&d=1		
Snake Keylogger




URL
hxxps://synergyinnovationsgroup[.]com/jkwuoppDK223[.]bin
hxxp://192[.]3[.]243[.]159/351/jhi_service[.]exe		
Agent Tesla




URL
hxxp://65[.]38[.]121[.]145/file[.]pdf[.]lnk
QakBot




URL
hxxp://104[.]248[.]205[.]66/index[.]php/pages?id=281164463123697
LokiBot




URL
hxxp://198[.]46[.]174[.]158/xampp/MNT/yummybutterbunverysweet[.]tIF
hxxp://198[.]46[.]174[.]158/xampp/MNT/gb/weneedtocreatenewthingswithbutteryummymilkchocolateburnwhichtrulyyummyandhoneymilkveryncietasterichtastewithits________yummyhoneymilkcakehere[.]doc
hxxp://192[.]3[.]111[.]148/xampp/kbv/kv/yummysilkybutterbuncamewithchocolatefalovrwhicheverygirllovesthechocolatebuttersmoothbunheristhebuninformation________sheismygirlalways[.]doc
hxxp://192[.]3[.]111[.]148/xampp/kbv/yummysweetbutterbunlipsonher[.]tIF		
Formbook




URL
hxxp://185[.]215[.]113[.]19/inc/channel[.]exe
hxxp://185[.]215[.]113[.]16/inc/channel[.]exe		
CryptBot




URL
hxxp://14[.]154[.]16[.]118:36330/Mozi[.]m
hxxp://221[.]15[.]189[.]31:60664/Mozi[.]m
hxxp://103[.]203[.]72[.]53:45573/Mozi[.]m
hxxp://117[.]206[.]75[.]216:55393/Mozi[.]m		
Mozi




URL
hxxp://5[.]59[.]248[.]206/hidakibest[.]ppc
hxxp://5[.]59[.]248[.]206/hidakibest[.]sparc
hxxp://5[.]59[.]248[.]206/hidakibest[.]x86
hxxp://botnet[.]checkgdv[.]click/bot[.]x86_64
hxxp://botnet[.]checkgdv[.]click/bot[.]mips
hxxp://botnet[.]checkgdv[.]click/bot[.]m68k
hxxp://botnet[.]checkgdv[.]click/bot[.]arm5
hxxp://botnet[.]checkgdv[.]click/bot[.]arm
hxxp://botnet[.]checkgdv[.]click/bot[.]mpsl
hxxp://176[.]123[.]1[.]32/botirc[.]arm
hxxp://176[.]123[.]1[.]32/botirc[.]i686
hxxp://176[.]123[.]1[.]32/botirc[.]x86
hxxp://176[.]123[.]1[.]32/botirc[.]mips
hxxp://176[.]123[.]1[.]32/botirc[.]arm7
hxxp://176[.]123[.]1[.]32/botirc[.]m68k
hxxp://176[.]123[.]1[.]32/botirc[.]mpsl
hxxp://176[.]123[.]1[.]32/botirc[.]ppc
hxxp://176[.]123[.]1[.]32/botirc[.]sh4
hxxp://176[.]123[.]1[.]32/botirc[.]arm5
hxxp://176[.]123[.]1[.]32/botirc[.]arm6		
Bashlite




URL
hxxps://iprotosample[.]com/cdn-vs/original[.]js
hxxps://iprotosample[.]com/cdn-vs/main[.]php
hxxps://iprotosample[.]com/cdn-vs/download[.]php
hxxps://cppp[.]sponsor[.]printondemandagency[.]com/orderReview
hxxps://ouht[.]sponsor[.]printondemandagency[.]com/orderReview
hxxps://bel[.]donors[.]eucharisticjesus[.]net/orderReview
hxxps://giwep[.]sponsor[.]printondemandagency[.]com/orderReview
hxxps://hgw[.]guide[.]borden-carleton[.]ca/orderReview		
FAKEUPDATES




URL
hxxp://botnet[.]checkgdv[.]click/bot[.]ppc
hxxp://botnet[.]checkgdv[.]click/bot[.]sh4		
MooBot




URL
hxxp://8[.]134[.]12[.]90:7778/3Btt
Cobalt Strike




URL
hxxps://dirtyniggers[.]forsale/lnk[.]bat
hxxps://dirtyniggers[.]forsale/droplnk[.]bat
hxxps://dirtyniggers[.]forsale/ML[.]bat
hxxps://dirtyniggers[.]forsale/i[.]bat
hxxps://dirtyniggers[.]forsale/MLDROP[.]bat		
Quasar RAT




URL
hxxp://194[.]116[.]214[.]153/6b0f5eaa14a7f807/msvcp140[.]dll
hxxp://194[.]116[.]214[.]153/6b0f5eaa14a7f807/freebl3[.]dll
hxxp://194[.]116[.]214[.]153/6b0f5eaa14a7f807/softokn3[.]dll
hxxp://185[.]196[.]9[.]140/9574584b66fd42a8/vcruntime140[.]dll
hxxp://194[.]116[.]214[.]153/6b0f5eaa14a7f807/mozglue[.]dll
hxxp://194[.]116[.]214[.]153/6b0f5eaa14a7f807/vcruntime140[.]dll
hxxp://185[.]196[.]9[.]140/9574584b66fd42a8/msvcp140[.]dll
hxxp://194[.]116[.]214[.]153/6b0f5eaa14a7f807/sqlite3[.]dll
hxxp://185[.]196[.]9[.]140/9574584b66fd42a8/freebl3[.]dll
hxxp://194[.]116[.]214[.]153/6b0f5eaa14a7f807/nss3[.]dll
hxxp://185[.]196[.]9[.]140/9574584b66fd42a8/nss3[.]dll
hxxp://185[.]196[.]9[.]140/9574584b66fd42a8/sqlite3[.]dll
hxxp://185[.]196[.]9[.]140/9574584b66fd42a8/softokn3[.]dll
hxxp://185[.]196[.]9[.]140/9574584b66fd42a8/mozglue[.]dll
hxxp://31[.]41[.]244[.]9/steam/random[.]exe
hxxp://31[.]41[.]244[.]12/num/random[.]exe
hxxp://31[.]41[.]244[.]9/num/random[.]exe
hxxp://31[.]41[.]244[.]10/steam/random[.]exe
hxxp://31[.]41[.]244[.]10/num/random[.]exe
hxxp://31[.]41[.]244[.]12/steam/random[.]exe
hxxp://185[.]196[.]9[.]140/c3f845711fab35f8[.]php		
Stealc




URL
hxxps://nexipay-app[.]icu/NexiToken[.]apk
Joker




URL
hxxp://network[.]irc6[.]xyz/botirc[.]mips
hxxp://network[.]irc6[.]xyz/botirc[.]arm
hxxp://network[.]irc6[.]xyz/mips
hxxp://network[.]irc6[.]xyz/botirc[.]arm7
hxxp://network[.]irc6[.]xyz/bot[.]mips
hxxp://network[.]irc6[.]xyz/x86
hxxp://network[.]irc6[.]xyz/arm7
hxxp://network[.]irc6[.]xyz/botirc[.]i686
hxxp://network[.]irc6[.]xyz/botirc[.]x86
hxxp://network[.]irc6[.]xyz/arm
hxxp://network[.]irc6[.]xyz/bins[.]sh
hxxp://network[.]irc6[.]xyz/botirc[.]ppc
hxxp://network[.]irc6[.]xyz/l
hxxp://network[.]irc6[.]xyz/g
hxxp://network[.]irc6[.]xyz/u
hxxp://network[.]irc6[.]xyz/b
hxxp://network[.]irc6[.]xyz/a
hxxp://network[.]irc6[.]xyz/botirc[.]arm6
hxxp://network[.]irc6[.]xyz/botirc[.]mpsl
hxxp://network[.]irc6[.]xyz/botirc[.]arm5
hxxp://network[.]irc6[.]xyz/botirc[.]sh4
hxxp://network[.]irc6[.]xyz/botirc[.]m68k
hxxp://176[.]123[.]1[.]32/l
hxxp://176[.]123[.]1[.]32/u
hxxp://176[.]123[.]1[.]32/x86
hxxp://176[.]123[.]1[.]32/mips
hxxp://176[.]123[.]1[.]32/arm
hxxp://176[.]123[.]1[.]32/a
hxxp://176[.]123[.]1[.]32/bot[.]mips
hxxp://176[.]123[.]1[.]32/b
hxxp://176[.]123[.]1[.]32/arm7
hxxp://176[.]123[.]1[.]32/g
hxxp://176[.]123[.]1[.]32/bins[.]sh		
Kaiten




URL
hxxp://31[.]41[.]244[.]12/mine/random[.]exe
hxxp://31[.]41[.]244[.]9/mine/random[.]exe
hxxp://31[.]41[.]244[.]10/mine/random[.]exe
hxxp://31[.]41[.]244[.]11/mine/random[.]exe		
Amadey




URL
hxxp://31[.]41[.]244[.]9/cost/random[.]exe
hxxp://31[.]41[.]244[.]12/cost/random[.]exe
hxxp://31[.]41[.]244[.]10/cost/random[.]exe		
Babadeda






※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況(※2)
▽i-FILTER(※3)
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

※ 特許取得済み(特許6716051号)/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Dアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」
▲「i-FILTER@Cloud Dアラート配信レポートサービス」の詳細はこちらから
イベント・セミナー情報