D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様9社: 2024/08/29
※2024/08/29 更新
マルウェア感染させると考えられるURLを検知（2024/08/29）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://rabtbts[.]nl/xWPsMkPkUNnLXecsnJ70[.]bin
hxxp://46[.]183[.]220[.]65/xJmDAdFZQDfPJ162[.]bin
hxxp://91[.]92[.]255[.]202/hrNwOeQEH127[.]bin
hxxp://cpanel-adminhost[.]com/Stevns179[.]mix
hxxp://cpanel-adminhost[.]com/wWdnBiepyw166[.]bin
hxxps://ibbco[.]com[.]sa/wp-admin/html/Venders[.]fla
hxxp://tricotexbacau[.]ro/wp-admin/users/Fredeliggrende[.]qxd
hxxps://ibbco[.]com[.]sa/wp-admin/include/Lderbrynjes[.]pfb
hxxp://cpanel-adminhost[.]com/Caricatured[.]emz
hxxp://ibbco[.]com[.]sa/wp-admin/include/Lderbrynjes[.]pfb
hxxp://ibbco[.]com[.]sa/wp-admin/html/Venders[.]fla
hxxp://cpanel-adminhost[.]com/Lderbrynjes[.]pfb
hxxp://tricotexbacau[.]ro/wp-includes/img/Nondiscontinuance[.]mix
hxxps://tricotexbacau[.]ro/wp-includes/img/Nondiscontinuance[.]mix
hxxps://tricotexbacau[.]ro/wp-admin/img/Yoldring[.]java
hxxp://tricotexbacau[.]ro/wp-admin/img/Yoldring[.]java
hxxp://cpanel-adminhost[.]com/Andenklasseskupeen[.]asi
hxxps://tricotexbacau[.]ro/wp-admin/users/Fredeliggrende[.]qxd
hxxp://cpanel-adminhost[.]com/Yoldring[.]java
hxxps://192[.]210[.]214[.]138/420/IGCupdation[.]vbs
hxxp://cpanel-adminhost[.]com/aZdBZliddkT187[.]bin
hxxp://ibbco[.]com[.]sa/wp-admin/html/rUyXhhdzSqTq87[.]bin
hxxp://cpanel-adminhost[.]com/rUyXhhdzSqTq87[.]bin
hxxps://192[.]210[.]214[.]138/xampp/eno/IEnetworkudpate[.]hta
hxxp://192[.]210[.]214[.]138/420/IGCupdation[.]vbs
hxxp://192[.]210[.]214[.]138/xampp/eno/IEnetworkudpate[.]hta
hxxp://avocaldoperu[.]com/Jouse3[.]png
hxxps://avocaldoperu[.]com/Jouse2[.]png
hxxp://avocaldoperu[.]com/Jouse2[.]png
hxxps://avocaldoperu[.]com/Jouse3[.]png
hxxps://avocaldoperu[.]com/Jouse1[.]png
hxxp://avocaldoperu[.]com/Jouse1[.]png
hxxps://avocaldoperu[.]com/Jouse4[.]png
hxxp://avocaldoperu[.]com/Jouse4[.]png
hxxp://103[.]77[.]246[.]15/Sinkable[.]chm
CloudEyE


URL
hxxp://45[.]80[.]158[.]31/g9bkfkWf/Plugins/clip64[.]dll
hxxp://45[.]80[.]158[.]31/g9bkfkWf/Plugins/cred64[.]dll
hxxp://31[.]41[.]244[.]11/mine/random[.]exe?/
hxxp://185[.]215[.]113[.]26/exbuild[.]exe
hxxp://185[.]215[.]113[.]13/inc/Amadey[.]exe
hxxp://154[.]216[.]18[.]223/anon[.]exe
Amadey


URL
hxxps://ajsdiaolke[.]shop/endpoint
ClearFake


URL
hxxp://921773cm[.]n9sh[.]top/providerExternalimageVideojsPacketprocessorDefaultDbLinux[.]php
hxxp://185[.]106[.]93[.]197/phpHttp3/3JsProviderRequest/Game/Default6/Better/8Windows28/privateTo/Line/ProcessGame2/httplowjsExternal/6Public42/HttpTrafficPacket/0/PhpjavascriptjsdleUploadsdownloads[.]php
hxxp://92[.]63[.]98[.]227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal[.]php
hxxp://426314cm[.]n9sh[.]top/vmupdateAuthsqlDbAsyncTrackDlecentralDownloads[.]php
DCRat


URL
hxxp://60[.]205[.]2[.]78:1234/wMHQ
hxxp://60[.]205[.]2[.]78:1234/en1Y
hxxp://47[.]99[.]72[.]48:9898/cm
Cobalt Strike


URL
hxxp://customkids[.]com/forum/viewtopic[.]php
hxxp://buzztag[.]com/forum/viewtopic[.]php
hxxp://dharmaking[.]info/forum/viewtopic[.]php
hxxp://dharmaking[.]net/forum/viewtopic[.]php
Pony


URL
hxxps://provisionfusni[.]shop/api
hxxp://147[.]45[.]44[.]104/malesa/66cdfc485c6f9_instruction[.]exe
hxxp://147[.]45[.]44[.]104/yuop/66ce1679b8344_Main[.]exe
hxxp://147[.]45[.]44[.]104/yuop/66cca0b083a5e_Yietgld[.]exe
hxxps://excavtaionps[.]shop/api
hxxps://consideratisiqw[.]shop/api
hxxps://extorteauhhwigw[.]shop/api
Lumma Stealer


URL
hxxps://79[.]137[.]205[.]215/9b6ab5e6833f57f95b/51c8n5q3[.]6jdtu
hxxps://79[.]137[.]205[.]215/9b6ab5e6833f57f95b/shiteboq[.]wdve1
Rhadamanthys


URL
hxxps://apocalypsecheats[.]fun/app/%D0%90pocaly%D1%80s%D0%B5[.]zip
Apocalypse


URL
hxxp://147[.]45[.]44[.]104/prog/66ce111e6839c_vsfdki[.]exe
hxxp://147[.]45[.]44[.]104/prog/66ce1115726ee_vjweiq15[.]exe
hxxps://samiulhoquetonmoy[.]com/vsfdki[.]exe
hxxps://samiulhoquetonmoy[.]com/saofewk[.]exe
hxxp://147[.]45[.]44[.]104/prog/66ce111bac8dc_saofewk[.]exe
hxxp://147[.]45[.]44[.]104/prog/66cccdb75f6aa_sfsjae[.]exe
hxxp://147[.]45[.]44[.]104/prog/66cf329d43179_vijwe15[.]exe
hxxp://147[.]45[.]44[.]104/prog/66cf81753addd_vsldqfs15[.]exe
Vidar


URL
hxxp://209[.]74[.]95[.]136/gol1[.]exe
hxxp://209[.]74[.]95[.]136/XClient[.]exe
hxxp://154[.]216[.]17[.]134/Edge/PENDXGKW[.]exe
XWorm


URL
hxxp://147[.]45[.]44[.]104/yuop/66ce162f61921_crypted[.]exe
hxxp://147[.]45[.]44[.]104/malesa/66cf54ea92102_ddd[.]exe
hxxp://147[.]45[.]47[.]253/072aacac8f68fd5f[.]php
Stealc


URL
hxxp://147[.]45[.]44[.]104/malesa/66ce0aa740197_1112[.]exe
Meduza Stealer


URL
hxxp://www[.]qqqmy[.]com/GMBuild/V1[.]1[.]exe
Ghost RAT


URL
hxxps://drmadhurao[.]com/cdn-vs/download[.]php
hxxps://drmadhurao[.]com/cdn-vs/data[.]php
hxxps://drmadhurao[.]com/cdn-vs/main[.]php
hxxps://drmadhurao[.]com/cdn-vs/original[.]js
hxxps://vrh[.]contest[.]printondemandmerchandise[.]com/orderReview
hxxps://lgbt[.]contest[.]printondemandmerchandise[.]com/orderReview
hxxps://agu[.]contest[.]printondemandmerchandise[.]com/orderReview
hxxps://pllcj[.]contest[.]printondemandmerchandise[.]com/orderReview
FAKEUPDATES


URL
hxxp://147[.]45[.]44[.]104/yuop/66cf56ae6e345_ColeusesWalkathon[.]exe
RedLine Stealer


URL
hxxp://209[.]74[.]95[.]136/0101001010/Fone[.]exe
hxxp://209[.]74[.]95[.]136/00x0x000x00x00x0x0x/ibero[.]bat
Sliver


URL
hxxp://154[.]216[.]17[.]244/wzd
hxxp://154[.]216[.]17[.]244/gs
PerlBot


URL
hxxp://154[.]216[.]17[.]244/min
hxxp://154[.]216[.]17[.]244/gsm[.]sh
Coinminer


URL
hxxp://al-hayyat[.]com/umgDMMsanR160[.]bin
hxxps://al-hayyat[.]com/umgDMMsanR160[.]bin
Formbook




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxp://rabtbts[.]nl/xWPsMkPkUNnLXecsnJ70[.]bin hxxp://46[.]183[.]220[.]65/xJmDAdFZQDfPJ162[.]bin hxxp://91[.]92[.]255[.]202/hrNwOeQEH127[.]bin hxxp://cpanel-adminhost[.]com/Stevns179[.]mix hxxp://cpanel-adminhost[.]com/wWdnBiepyw166[.]bin hxxps://ibbco[.]com[.]sa/wp-admin/html/Venders[.]fla hxxp://tricotexbacau[.]ro/wp-admin/users/Fredeliggrende[.]qxd hxxps://ibbco[.]com[.]sa/wp-admin/include/Lderbrynjes[.]pfb hxxp://cpanel-adminhost[.]com/Caricatured[.]emz hxxp://ibbco[.]com[.]sa/wp-admin/include/Lderbrynjes[.]pfb hxxp://ibbco[.]com[.]sa/wp-admin/html/Venders[.]fla hxxp://cpanel-adminhost[.]com/Lderbrynjes[.]pfb hxxp://tricotexbacau[.]ro/wp-includes/img/Nondiscontinuance[.]mix hxxps://tricotexbacau[.]ro/wp-includes/img/Nondiscontinuance[.]mix hxxps://tricotexbacau[.]ro/wp-admin/img/Yoldring[.]java hxxp://tricotexbacau[.]ro/wp-admin/img/Yoldring[.]java hxxp://cpanel-adminhost[.]com/Andenklasseskupeen[.]asi hxxps://tricotexbacau[.]ro/wp-admin/users/Fredeliggrende[.]qxd hxxp://cpanel-adminhost[.]com/Yoldring[.]java hxxps://192[.]210[.]214[.]138/420/IGCupdation[.]vbs hxxp://cpanel-adminhost[.]com/aZdBZliddkT187[.]bin hxxp://ibbco[.]com[.]sa/wp-admin/html/rUyXhhdzSqTq87[.]bin hxxp://cpanel-adminhost[.]com/rUyXhhdzSqTq87[.]bin hxxps://192[.]210[.]214[.]138/xampp/eno/IEnetworkudpate[.]hta hxxp://192[.]210[.]214[.]138/420/IGCupdation[.]vbs hxxp://192[.]210[.]214[.]138/xampp/eno/IEnetworkudpate[.]hta hxxp://avocaldoperu[.]com/Jouse3[.]png hxxps://avocaldoperu[.]com/Jouse2[.]png hxxp://avocaldoperu[.]com/Jouse2[.]png hxxps://avocaldoperu[.]com/Jouse3[.]png hxxps://avocaldoperu[.]com/Jouse1[.]png hxxp://avocaldoperu[.]com/Jouse1[.]png hxxps://avocaldoperu[.]com/Jouse4[.]png hxxp://avocaldoperu[.]com/Jouse4[.]png hxxp://103[.]77[.]246[.]15/Sinkable[.]chm	CloudEyE
URL	hxxp://45[.]80[.]158[.]31/g9bkfkWf/Plugins/clip64[.]dll hxxp://45[.]80[.]158[.]31/g9bkfkWf/Plugins/cred64[.]dll hxxp://31[.]41[.]244[.]11/mine/random[.]exe?/ hxxp://185[.]215[.]113[.]26/exbuild[.]exe hxxp://185[.]215[.]113[.]13/inc/Amadey[.]exe hxxp://154[.]216[.]18[.]223/anon[.]exe	Amadey
URL	hxxps://ajsdiaolke[.]shop/endpoint	ClearFake
URL	hxxp://921773cm[.]n9sh[.]top/providerExternalimageVideojsPacketprocessorDefaultDbLinux[.]php hxxp://185[.]106[.]93[.]197/phpHttp3/3JsProviderRequest/Game/Default6/Better/8Windows28/privateTo/Line/ProcessGame2/httplowjsExternal/6Public42/HttpTrafficPacket/0/PhpjavascriptjsdleUploadsdownloads[.]php hxxp://92[.]63[.]98[.]227/Voiddb/public/TempbaseProcess/Db6centrallongpoll/publicWordpress/wordpress/Universalsqlvoiddbpipe/local/3public/Line/Packet/CentrallongpollTestLinux/Wordpress/vm8/ProtonDb/TrackGeoCentral/async/Authvoiddbdb/tempimage9/imageCpuLocal[.]php hxxp://426314cm[.]n9sh[.]top/vmupdateAuthsqlDbAsyncTrackDlecentralDownloads[.]php	DCRat
URL	hxxp://60[.]205[.]2[.]78:1234/wMHQ hxxp://60[.]205[.]2[.]78:1234/en1Y hxxp://47[.]99[.]72[.]48:9898/cm	Cobalt Strike
URL	hxxp://customkids[.]com/forum/viewtopic[.]php hxxp://buzztag[.]com/forum/viewtopic[.]php hxxp://dharmaking[.]info/forum/viewtopic[.]php hxxp://dharmaking[.]net/forum/viewtopic[.]php	Pony
URL	hxxps://provisionfusni[.]shop/api hxxp://147[.]45[.]44[.]104/malesa/66cdfc485c6f9_instruction[.]exe hxxp://147[.]45[.]44[.]104/yuop/66ce1679b8344_Main[.]exe hxxp://147[.]45[.]44[.]104/yuop/66cca0b083a5e_Yietgld[.]exe hxxps://excavtaionps[.]shop/api hxxps://consideratisiqw[.]shop/api hxxps://extorteauhhwigw[.]shop/api	Lumma Stealer
URL	hxxps://79[.]137[.]205[.]215/9b6ab5e6833f57f95b/51c8n5q3[.]6jdtu hxxps://79[.]137[.]205[.]215/9b6ab5e6833f57f95b/shiteboq[.]wdve1	Rhadamanthys
URL	hxxps://apocalypsecheats[.]fun/app/%D0%90pocaly%D1%80s%D0%B5[.]zip	Apocalypse
URL	hxxp://147[.]45[.]44[.]104/prog/66ce111e6839c_vsfdki[.]exe hxxp://147[.]45[.]44[.]104/prog/66ce1115726ee_vjweiq15[.]exe hxxps://samiulhoquetonmoy[.]com/vsfdki[.]exe hxxps://samiulhoquetonmoy[.]com/saofewk[.]exe hxxp://147[.]45[.]44[.]104/prog/66ce111bac8dc_saofewk[.]exe hxxp://147[.]45[.]44[.]104/prog/66cccdb75f6aa_sfsjae[.]exe hxxp://147[.]45[.]44[.]104/prog/66cf329d43179_vijwe15[.]exe hxxp://147[.]45[.]44[.]104/prog/66cf81753addd_vsldqfs15[.]exe	Vidar
URL	hxxp://209[.]74[.]95[.]136/gol1[.]exe hxxp://209[.]74[.]95[.]136/XClient[.]exe hxxp://154[.]216[.]17[.]134/Edge/PENDXGKW[.]exe	XWorm
URL	hxxp://147[.]45[.]44[.]104/yuop/66ce162f61921_crypted[.]exe hxxp://147[.]45[.]44[.]104/malesa/66cf54ea92102_ddd[.]exe hxxp://147[.]45[.]47[.]253/072aacac8f68fd5f[.]php	Stealc
URL	hxxp://147[.]45[.]44[.]104/malesa/66ce0aa740197_1112[.]exe	Meduza Stealer
URL	hxxp://www[.]qqqmy[.]com/GMBuild/V1[.]1[.]exe	Ghost RAT
URL	hxxps://drmadhurao[.]com/cdn-vs/download[.]php hxxps://drmadhurao[.]com/cdn-vs/data[.]php hxxps://drmadhurao[.]com/cdn-vs/main[.]php hxxps://drmadhurao[.]com/cdn-vs/original[.]js hxxps://vrh[.]contest[.]printondemandmerchandise[.]com/orderReview hxxps://lgbt[.]contest[.]printondemandmerchandise[.]com/orderReview hxxps://agu[.]contest[.]printondemandmerchandise[.]com/orderReview hxxps://pllcj[.]contest[.]printondemandmerchandise[.]com/orderReview	FAKEUPDATES
URL	hxxp://147[.]45[.]44[.]104/yuop/66cf56ae6e345_ColeusesWalkathon[.]exe	RedLine Stealer
URL	hxxp://209[.]74[.]95[.]136/0101001010/Fone[.]exe hxxp://209[.]74[.]95[.]136/00x0x000x00x00x0x0x/ibero[.]bat	Sliver
URL	hxxp://154[.]216[.]17[.]244/wzd hxxp://154[.]216[.]17[.]244/gs	PerlBot
URL	hxxp://154[.]216[.]17[.]244/min hxxp://154[.]216[.]17[.]244/gsm[.]sh	Coinminer
URL	hxxp://al-hayyat[.]com/umgDMMsanR160[.]bin hxxps://al-hayyat[.]com/umgDMMsanR160[.]bin	Formbook

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております