D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様3社: 2024/12/18
※2024/12/18 更新
マルウェア感染させると考えられるURLを検知（2024/12/18）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxps://ytluo[.]sectors[.]bowentaxlaw[.]com/merchantServices
hxxps://taktlat[.]xyz/work/yyy[.]zip
hxxps://taktlat[.]xyz/work/original[.]js
hxxps://taktlat[.]xyz/work/download[.]php
hxxps://taktlat[.]xyz/work/index[.]php
hxxps://selmanc[.]com/h4ba4[.]js
hxxps://selmanc[.]com/js[.]php
hxxp://shd9inbjz4[.]top/1[.]php
hxxps://bladyburger[.]online/work/original[.]js
hxxps://bladyburger[.]online/work/index[.]php
hxxps://bladyburger[.]online/work/download[.]php
hxxps://bladyburger[.]online/work/yyy[.]zip
hxxps://zmreb[.]patent[.]international-med[.]com/editContent
hxxps://qyf[.]sectors[.]bowentaxlaw[.]com/merchantServices
FAKEUPDATES


URL
hxxp://117[.]255[.]94[.]40:45790/Mozi[.]m
hxxp://123[.]14[.]67[.]120:48386/Mozi[.]m
Mozi


URL
hxxp://147[.]45[.]126[.]69/Downloads/InvoiceNr274728[.]pdf[.]lnk
hxxp://185[.]215[.]113[.]16/inc/alex12344[.]exe
hxxp://89[.]169[.]13[.]138/buildtagu[.]exe
hxxp://89[.]169[.]13[.]138/gwergwerg[.]exe
hxxp://89[.]169[.]13[.]138/shop[.]exe
hxxps://portal-klarna[.]live/kunde2637252/rechnungsportal/invoice12468251[.]html
hxxps://danojeo[.]shop/api
hxxps://xohivao[.]shop/api
hxxps://nykidio[.]shop/api
hxxps://sibyree[.]shop/api
hxxps://klarnaportal[.]live/kunde2637252[.]zip
hxxp://89[.]169[.]13[.]138/seoboosss[.]exe
hxxps://klarnaportal[.]live/kunde2637252/rechnungsportal/invoice12468251[.]html
hxxps://ingreem-eilish[.]biz/api
hxxps://pixelstory[.]shop/api
Lumma Stealer


URL
hxxps://ig2c[.]icu/ZtySvRyz/Blusterer[.]deploy
hxxps://ig2c[.]icu/JvCarekj/NywxkpRVdifOOuG4[.]bin
hxxps://163[.]123[.]142[.]193//purchase%20order%20006-2024%20gia-av%20rev%201_pdf[.]zip
hxxps://163[.]123[.]142[.]193//PURCHASE%20ORDER%20006-2024%20GIA-AV%20Rev%201_pdf[.]exe
CloudEyE


URL
hxxp://23[.]95[.]235[.]29/439/weareusinggoodcompaniesforgifitingbesthingsformetoget[.]tIF
hxxp://74[.]208[.]80[.]248/43/gfcc/seethebestmethodwithgreatnessgoodnewsgreatdaygivenme[.]hta
hxxp://23[.]95[.]235[.]29/439/wse/sweetnesswithgreatnessiwthbestthingswithmebackickmegreatthings[.]hta
hxxp://107[.]172[.]44[.]175/90/jcc/creamypisagreatattitudewithgreatthingsentiretimegivenmr[.]hta
hxxp://23[.]95[.]235[.]29/118/sup/greatnicefeatureswithsupercodebnaturalthingsinlineforgiven[.]hta
hxxps://192[.]3[.]179[.]166/75/ecome[.]exe
hxxp://myguyapp[.]com/bo[.]js
hxxps://myguyapp[.]com/2023_Company_Data[.]js
hxxps://192[.]3[.]179[.]166/76/ecome[.]exe
hxxps://myguyapp[.]com/f[.]pdf
hxxps://172[.]245[.]142[.]60/466/wcc/matchingwithbestthingstobegreatforentirelifegivenmebestthignsevergive[.]hta
hxxp://myguyapp[.]com/c[.]bat
hxxps://myguyapp[.]com/c[.]bat
hxxps://myguyapp[.]com/bo[.]js
hxxp://myguyapp[.]com/c2[.]hta
hxxp://myguyapp[.]com/c2[.]bat
hxxp://myguyapp[.]com/msword[.]zip
hxxp://myguyapp[.]com/f[.]pdf
Remcos


URL
hxxp://172[.]245[.]123[.]12/233/createdbestthingswithenergylevelgoodforbusinesspuropse[.]tIF
hxxp://172[.]245[.]123[.]12/233/eec/createdbetterthingswithgreatnressgivenmebackwithnice[.]hta
Formbook


URL
hxxp://93[.]176[.]52[.]107/Quas_Brout_ncrypt[.]exe
hxxps://189[.]241[.]217[.]195/Client-builtlocal[.]exe
hxxps://189[.]241[.]217[.]195/local[.]exe
hxxps://189[.]241[.]217[.]195/Client-built[.]exe
hxxp://154[.]90[.]62[.]248/wHk4tMu9XpWA/nj[.]exe
hxxp://93[.]176[.]52[.]107/Quas_Autre_ncrypt[.]exe
Quasar RAT


URL
hxxp://188[.]81[.]134[.]196/resources/js/info2R[.]txt/
hxxp://89[.]169[.]13[.]138/minerpad[.]exe
hxxp://194[.]38[.]23[.]2/ldr[.]ps1
hxxp://87[.]120[.]125[.]254/aarch64
hxxp://87[.]120[.]125[.]254/arm7
Coinminer


URL
hxxp://hacker[.]kygtps[.]live/bns/bot[.]arm7
hxxp://37[.]44[.]238[.]73/update[.]sh
Bashlite


URL
hxxp://185[.]215[.]113[.]16/inc/n5hl9mgl[.]exe
hxxp://185[.]215[.]113[.]16/inc/jwnv23gb[.]exe
CryptBot


URL
hxxp://e4l4[.]com/chromedriver[.]exe
hxxp://e4l4[.]com/libccc[.]zip[.]tar
hxxp://e4l4[.]com/zddtxxyxb[.]zip
hxxp://e4l4[.]com/xc[.]zip
hxxp://e4l4[.]com/vmpwn[.]7z
hxxp://e4l4[.]com/without_hook[.]zip
hxxp://e4l4[.]com/TinyNote[.]zip
hxxp://e4l4[.]com/ez_kiwi[.]zip
hxxp://e4l4[.]com/musl-dbgsym_1[.]2[.]2-1_amd64[.]ddeb
hxxp://e4l4[.]com/eznoted2b1405e[.]zip
hxxp://e4l4[.]com/pig[.]zip
hxxp://e4l4[.]com/husk[.]zip
hxxp://e4l4[.]com/Out-EncryptedScript[.]ps1
hxxp://e4l4[.]com/unicorn/include/unicorn/platform[.]h
hxxp://e4l4[.]com/ez_kiwi
hxxp://e4l4[.]com/unicorn/include/unicorn/arm[.]h
hxxp://e4l4[.]com/unicorn/include/unicorn/riscv[.]h
hxxp://e4l4[.]com/unicorn-2[.]0[.]0rc7[.]dist-info/WHEEL
hxxp://e4l4[.]com/unicorn-2[.]0[.]0rc7[.]dist-info/top_level[.]txt
hxxp://e4l4[.]com/zddtxxyxb[.]py
hxxp://e4l4[.]com/without_hook[.]py
hxxps://47[.]254[.]74[.]170/02[.]08[.]2022[.]exe
hxxp://e4l4[.]com/unicorn-2[.]0[.]0rc7[.]dist-info/RECORD
hxxp://e4l4[.]com/getdesc[.]py
hxxp://e4l4[.]com/putong[.]py
hxxp://e4l4[.]com/test[.]py
hxxp://e4l4[.]com/unicorn/include/unicorn/x86[.]h
hxxp://e4l4[.]com/TinyNote[.]py
hxxp://e4l4[.]com/vip[.]py
hxxp://e4l4[.]com/unicorn/include/unicorn/ppc[.]h
hxxp://47[.]254[.]74[.]170/02[.]08[.]2022[.]exe
hxxp://e4l4[.]com/husk[.]py
hxxp://e4l4[.]com/ez_kiwi[.]py
hxxp://e4l4[.]com/%E8%AF%BE%E4%BB%B6-%E7%AC%AC6%E8%AF%BE%E6%97%B6-910%E7%AB%A0%E8%8A%82[.]pptx
hxxp://e4l4[.]com/2022%E7%BD%91%E9%BC%8E%E6%9D%AF%E5%8D%8A%E5%86%B3%E8%B5%9B[.]7z
hxxp://e4l4[.]com/%E5%89%AF%E6%9C%AC21[.]3%E8%93%9D%E9%98%9F%E6%8A%A4%E7%BD%91%E9%9D%A2%E8%AF%95%E8%B5%84%E6%96%99210303[.]xlsx
Cobalt Strike


URL
hxxps://167[.]250[.]49[.]155/bin/billi_e58d74e455634dc695ed8a7b8b320325[.]exe
hxxps://167[.]250[.]49[.]155/bin/billi_e58d74e455634dc695ed8a7b8b320325[.]exe[.]dom_1[.]exe
hxxps://167[.]250[.]49[.]155/bin/billi_e58d74e455634dc695ed8a7b8b320325[.]exe[.]dom_2[.]exe
hxxp://176[.]122[.]27[.]90:9999/sup[.]exe
hxxp://176[.]122[.]27[.]90:9999/sys[.]exe
hxxp://176[.]122[.]27[.]90:9999/elf[.]exe
hxxp://45[.]43[.]36[.]223/m
hxxp://45[.]43[.]36[.]223/3344[.]bin
Meterpreter


URL
hxxp://92[.]127[.]156[.]174:8880/master[.]exe
hxxps://167[.]250[.]49[.]155/bin/Win32/mimikatz[.]exe
hxxps://167[.]250[.]49[.]155/bin/Win32/mimilib[.]dll
hxxps://167[.]250[.]49[.]155/bin/Win32/mimidrv[.]sys
MimiKatz


URL
hxxp://93[.]176[.]52[.]107/Nan_Brout_ncrypt[.]exe
Nanocore RAT


URL
hxxps://154[.]197[.]69[.]165//xclient[.]exe
XWorm


URL
hxxps://154[.]197[.]69[.]165//crss[.]exe
hxxp://144[.]91[.]79[.]54/0210/v
hxxps://195[.]179[.]227[.]207/x[.]jpg
hxxp://144[.]91[.]79[.]54/1608/s
hxxp://144[.]91[.]79[.]54/1109/H5ys7pe6WpHYUbNjgyl6[.]txt
hxxp://updatee-facebok[.]com/davivienda/img/lemotiv[.]png
hxxp://144[.]91[.]79[.]54/2210/89ney51qJ6QoGvfpvOp4[.]txt
hxxps://207[.]231[.]111[.]82/lossless%20scaling[.]zip
hxxp://updatee-facebok[.]com/davivienda/img/error[.]jpeg
hxxp://updatee-facebok[.]com/davivienda/img/Logo-Davivienda-Blanco[.]png
hxxp://updatee-facebok[.]com/davivienda/img/Vigilado[.]png
hxxp://144[.]91[.]79[.]54/2508/QurgSbVreupOYX9A01xP[.]txt
hxxp://144[.]91[.]79[.]54/2508/QQ0NDdlJvE5FbkXRGQQA[.]txt
hxxp://144[.]91[.]79[.]54/2108/IjPIGIOclbcWbIDBK0SR[.]txt
hxxp://144[.]91[.]79[.]54/2509/v
hxxp://updatee-facebok[.]com/davivienda/img/campana[.]jpeg
hxxp://144[.]91[.]79[.]54/1608/v
hxxp://updatee-facebok[.]com/davivienda/img/davivienda-fondo1[.]jpg
hxxp://144[.]91[.]79[.]54/2108/r
hxxp://144[.]91[.]79[.]54/0911/pxiepnyTGwLDhznKmpkI[.]txt
hxxp://144[.]91[.]79[.]54/1211/instant
hxxp://144[.]91[.]79[.]54/1109/s
hxxp://144[.]91[.]79[.]54/1109/r
hxxps://45[.]135[.]232[.]38/sostener[.]vbs
hxxp://144[.]91[.]79[.]54/2009/file
hxxp://144[.]91[.]79[.]54/d/s44
hxxp://144[.]91[.]79[.]54/2108/JKa7EBhstDKjrdLBK21t[.]txt
hxxp://144[.]91[.]79[.]54/2009/r
hxxp://144[.]91[.]79[.]54/0911/s
hxxp://144[.]91[.]79[.]54/2508/WnXQwNa9xZRgXnHhacfe[.]txt
hxxp://144[.]91[.]79[.]54/2009/v
hxxp://144[.]91[.]79[.]54/0911/r
hxxp://updatee-facebok[.]com/bancolombia/img/icono[.]jpg
hxxp://updatee-facebok[.]com/bancolombia/img/logo_sve[.]gif
hxxp://updatee-facebok[.]com/davivienda/script/script[.]js
hxxp://144[.]91[.]79[.]54/2108/file
hxxp://144[.]91[.]79[.]54/2509/r
hxxp://144[.]91[.]79[.]54/2508/b15XM0jm9zZmZCn8Y57g[.]txt
hxxp://144[.]91[.]79[.]54/1211/cn
hxxp://updatee-facebok[.]com/davivienda/img/candado[.]jpeg
hxxp://updatee-facebok[.]com/davivienda/img/icon[.]jpg
hxxp://updatee-facebok[.]com/bancolombia/img/itemb[.]jpg
hxxp://updatee-facebok[.]com/bancolombia/img/favicon[.]ico
hxxp://144[.]91[.]79[.]54/1211/file
hxxp://updatee-facebok[.]com/davivienda/img/signo[.]jpeg
hxxp://updatee-facebok[.]com/davivienda/img/compartir[.]jpeg
hxxp://144[.]91[.]79[.]54/1608/r
hxxp://updatee-facebok[.]com/bancolombia/img/sucursal[.]jpg
hxxp://updatee-facebok[.]com/bancolombia/cop%C3%ADa
hxxp://updatee-facebok[.]com/davivienda/img/campana2[.]jpeg
hxxp://updatee-facebok[.]com/davivienda/img/llave[.]jpeg
hxxp://144[.]91[.]79[.]54/2509/s
hxxp://144[.]91[.]79[.]54/2509/file
hxxp://updatee-facebok[.]com/bancolombia/img/logo[.]jpg
hxxp://144[.]91[.]79[.]54/2108/PryNp1lge1KPfaSIbCL8[.]txt
hxxp://144[.]91[.]79[.]54/1109/YtZuZggaddetWFPmpqje[.]txt
hxxp://144[.]91[.]79[.]54/1109/file
hxxps://updatee-facebok[.]com/sostener[.]vbs
hxxp://144[.]91[.]79[.]54/0911/file
hxxp://144[.]91[.]79[.]54/d/r44
hxxp://144[.]91[.]79[.]54/2108/Hmv3stFLgUX49v1BfDVw[.]txt
hxxp://144[.]91[.]79[.]54/1109/v
hxxp://144[.]91[.]79[.]54/2108/v
hxxps://144[.]91[.]79[.]54/2508/s
hxxp://144[.]91[.]79[.]54/1211/4O9EihfOAsGAXbFkfD5H[.]txt
hxxp://144[.]91[.]79[.]54/2508/2SrkxNyHDKvfkzNJFSvX[.]txt
hxxp://144[.]91[.]79[.]54/2508/PnRy4fqEtkSjOr3dfaEn[.]txt
hxxp://144[.]91[.]79[.]54/2108/s
hxxp://updatee-facebok[.]com/davivienda/styles/style[.]css
hxxp://updatee-facebok[.]com/bancolombia/tokeninvalido/style[.]css
hxxp://updatee-facebok[.]com/bancolombia/script[.]js
hxxp://144[.]91[.]79[.]54/0911/cn
hxxp://updatee-facebok[.]com/bancolombia/style[.]css
hxxp://144[.]91[.]79[.]54/0210/r
hxxp://144[.]91[.]79[.]54/0311/r
hxxp://144[.]91[.]79[.]54/0311/FxYjkpf3otcMickMShv6[.]txt
hxxp://144[.]91[.]79[.]54/0210/s
hxxp://144[.]91[.]79[.]54/0311/file
hxxp://144[.]91[.]79[.]54/0311/s
hxxp://144[.]91[.]79[.]54/0210/file
hxxp://103[.]20[.]102[.]62/DC999[.]bat
hxxp://103[.]20[.]102[.]62/DC2111BAT[.]bat
hxxp://103[.]20[.]102[.]62/5511[.]bat
hxxps://66[.]225[.]254[.]246/xxx[.]jpg
hxxps://66[.]225[.]254[.]246/x[.]jpg
AsyncRAT


URL
hxxp://165[.]232[.]186[.]159:9000/powercat-v2[.]0/powercat[.]ps1
PowerCat


URL
hxxp://65[.]20[.]104[.]217:8080/docs/Requirements[.]lnk
hxxp://65[.]20[.]104[.]217:8080/docs/Requirements[.]pdf
QakBot


URL
hxxps://api[.]telegram[.]org/bot6398266815:AAHsI6E2fxSDRjUIFWFTj-ZFBkT9Dm19_Mo/
Agent Tesla


URL
hxxps://zut2[.]shop/Up
ACR Stealer


URL
hxxps://adonlinekeyferfad[.]com/MWQxMmUxNmEyYmU4/
Coper


URL
hxxps://my-vidar[.]ru/auth/login?ddosprotected=1
hxxps://vidar[.]red/auth/login?ddosprotected=2
hxxps://vidar[.]red/auth/login?ddosprotected=1
hxxps://vidar[.]red/auth/login?ddosprotected=0
hxxps://vidar[.]news/auth/login/?ddosprotected=2
hxxps://my-vidar[.]ru/auth/login?ddosprotected=2
hxxps://my-vidar[.]ru/auth/login?ddosprotected=1/
hxxp://138[.]124[.]60[.]133/din[.]exe
Vidar


URL
hxxps://192[.]3[.]220[.]6/web/w8[.]jar
STRRAT


URL
hxxp://89[.]169[.]13[.]138/3[.]exe
Phemedrone Stealer


URL
hxxp://31[.]41[.]244[.]11/files/unique3/random[.]exe
Rhadamanthys


URL
hxxp://89[.]23[.]98[.]165/build/amella[.]exe
hxxp://185[.]215[.]113[.]16/inc/Dynpvoy[.]exe
hxxp://185[.]215[.]113[.]209/inc/Dynpvoy[.]exe
hxxps://lol[.]7hacks[.]click/ellaam[.]exe
Amadey


URL
hxxps://github[.]com/cavxsy/crazy[.]spoofer/raw/refs/heads/main/loader[.]exe
RedLine Stealer


URL
hxxps://dogirafer[.]com/test/
hxxps://proliforetka[.]com/test/
Latrodectus


URL
hxxps://syncme[.]life/lavita[.]php
hxxps://muuxxu[.]com:8817/intel[.]php
hxxps://cronoze[.]com:8817/intel[.]php
Brute Ratel C4




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxps://ytluo[.]sectors[.]bowentaxlaw[.]com/merchantServices hxxps://taktlat[.]xyz/work/yyy[.]zip hxxps://taktlat[.]xyz/work/original[.]js hxxps://taktlat[.]xyz/work/download[.]php hxxps://taktlat[.]xyz/work/index[.]php hxxps://selmanc[.]com/h4ba4[.]js hxxps://selmanc[.]com/js[.]php hxxp://shd9inbjz4[.]top/1[.]php hxxps://bladyburger[.]online/work/original[.]js hxxps://bladyburger[.]online/work/index[.]php hxxps://bladyburger[.]online/work/download[.]php hxxps://bladyburger[.]online/work/yyy[.]zip hxxps://zmreb[.]patent[.]international-med[.]com/editContent hxxps://qyf[.]sectors[.]bowentaxlaw[.]com/merchantServices	FAKEUPDATES
URL	hxxp://117[.]255[.]94[.]40:45790/Mozi[.]m hxxp://123[.]14[.]67[.]120:48386/Mozi[.]m	Mozi
URL	hxxp://147[.]45[.]126[.]69/Downloads/InvoiceNr274728[.]pdf[.]lnk hxxp://185[.]215[.]113[.]16/inc/alex12344[.]exe hxxp://89[.]169[.]13[.]138/buildtagu[.]exe hxxp://89[.]169[.]13[.]138/gwergwerg[.]exe hxxp://89[.]169[.]13[.]138/shop[.]exe hxxps://portal-klarna[.]live/kunde2637252/rechnungsportal/invoice12468251[.]html hxxps://danojeo[.]shop/api hxxps://xohivao[.]shop/api hxxps://nykidio[.]shop/api hxxps://sibyree[.]shop/api hxxps://klarnaportal[.]live/kunde2637252[.]zip hxxp://89[.]169[.]13[.]138/seoboosss[.]exe hxxps://klarnaportal[.]live/kunde2637252/rechnungsportal/invoice12468251[.]html hxxps://ingreem-eilish[.]biz/api hxxps://pixelstory[.]shop/api	Lumma Stealer
URL	hxxps://ig2c[.]icu/ZtySvRyz/Blusterer[.]deploy hxxps://ig2c[.]icu/JvCarekj/NywxkpRVdifOOuG4[.]bin hxxps://163[.]123[.]142[.]193//purchase%20order%20006-2024%20gia-av%20rev%201_pdf[.]zip hxxps://163[.]123[.]142[.]193//PURCHASE%20ORDER%20006-2024%20GIA-AV%20Rev%201_pdf[.]exe	CloudEyE
URL	hxxp://23[.]95[.]235[.]29/439/weareusinggoodcompaniesforgifitingbesthingsformetoget[.]tIF hxxp://74[.]208[.]80[.]248/43/gfcc/seethebestmethodwithgreatnessgoodnewsgreatdaygivenme[.]hta hxxp://23[.]95[.]235[.]29/439/wse/sweetnesswithgreatnessiwthbestthingswithmebackickmegreatthings[.]hta hxxp://107[.]172[.]44[.]175/90/jcc/creamypisagreatattitudewithgreatthingsentiretimegivenmr[.]hta hxxp://23[.]95[.]235[.]29/118/sup/greatnicefeatureswithsupercodebnaturalthingsinlineforgiven[.]hta hxxps://192[.]3[.]179[.]166/75/ecome[.]exe hxxp://myguyapp[.]com/bo[.]js hxxps://myguyapp[.]com/2023_Company_Data[.]js hxxps://192[.]3[.]179[.]166/76/ecome[.]exe hxxps://myguyapp[.]com/f[.]pdf hxxps://172[.]245[.]142[.]60/466/wcc/matchingwithbestthingstobegreatforentirelifegivenmebestthignsevergive[.]hta hxxp://myguyapp[.]com/c[.]bat hxxps://myguyapp[.]com/c[.]bat hxxps://myguyapp[.]com/bo[.]js hxxp://myguyapp[.]com/c2[.]hta hxxp://myguyapp[.]com/c2[.]bat hxxp://myguyapp[.]com/msword[.]zip hxxp://myguyapp[.]com/f[.]pdf	Remcos
URL	hxxp://172[.]245[.]123[.]12/233/createdbestthingswithenergylevelgoodforbusinesspuropse[.]tIF hxxp://172[.]245[.]123[.]12/233/eec/createdbetterthingswithgreatnressgivenmebackwithnice[.]hta	Formbook
URL	hxxp://93[.]176[.]52[.]107/Quas_Brout_ncrypt[.]exe hxxps://189[.]241[.]217[.]195/Client-builtlocal[.]exe hxxps://189[.]241[.]217[.]195/local[.]exe hxxps://189[.]241[.]217[.]195/Client-built[.]exe hxxp://154[.]90[.]62[.]248/wHk4tMu9XpWA/nj[.]exe hxxp://93[.]176[.]52[.]107/Quas_Autre_ncrypt[.]exe	Quasar RAT
URL	hxxp://188[.]81[.]134[.]196/resources/js/info2R[.]txt/ hxxp://89[.]169[.]13[.]138/minerpad[.]exe hxxp://194[.]38[.]23[.]2/ldr[.]ps1 hxxp://87[.]120[.]125[.]254/aarch64 hxxp://87[.]120[.]125[.]254/arm7	Coinminer
URL	hxxp://hacker[.]kygtps[.]live/bns/bot[.]arm7 hxxp://37[.]44[.]238[.]73/update[.]sh	Bashlite
URL	hxxp://185[.]215[.]113[.]16/inc/n5hl9mgl[.]exe hxxp://185[.]215[.]113[.]16/inc/jwnv23gb[.]exe	CryptBot
URL	hxxp://e4l4[.]com/chromedriver[.]exe hxxp://e4l4[.]com/libccc[.]zip[.]tar hxxp://e4l4[.]com/zddtxxyxb[.]zip hxxp://e4l4[.]com/xc[.]zip hxxp://e4l4[.]com/vmpwn[.]7z hxxp://e4l4[.]com/without_hook[.]zip hxxp://e4l4[.]com/TinyNote[.]zip hxxp://e4l4[.]com/ez_kiwi[.]zip hxxp://e4l4[.]com/musl-dbgsym_1[.]2[.]2-1_amd64[.]ddeb hxxp://e4l4[.]com/eznoted2b1405e[.]zip hxxp://e4l4[.]com/pig[.]zip hxxp://e4l4[.]com/husk[.]zip hxxp://e4l4[.]com/Out-EncryptedScript[.]ps1 hxxp://e4l4[.]com/unicorn/include/unicorn/platform[.]h hxxp://e4l4[.]com/ez_kiwi hxxp://e4l4[.]com/unicorn/include/unicorn/arm[.]h hxxp://e4l4[.]com/unicorn/include/unicorn/riscv[.]h hxxp://e4l4[.]com/unicorn-2[.]0[.]0rc7[.]dist-info/WHEEL hxxp://e4l4[.]com/unicorn-2[.]0[.]0rc7[.]dist-info/top_level[.]txt hxxp://e4l4[.]com/zddtxxyxb[.]py hxxp://e4l4[.]com/without_hook[.]py hxxps://47[.]254[.]74[.]170/02[.]08[.]2022[.]exe hxxp://e4l4[.]com/unicorn-2[.]0[.]0rc7[.]dist-info/RECORD hxxp://e4l4[.]com/getdesc[.]py hxxp://e4l4[.]com/putong[.]py hxxp://e4l4[.]com/test[.]py hxxp://e4l4[.]com/unicorn/include/unicorn/x86[.]h hxxp://e4l4[.]com/TinyNote[.]py hxxp://e4l4[.]com/vip[.]py hxxp://e4l4[.]com/unicorn/include/unicorn/ppc[.]h hxxp://47[.]254[.]74[.]170/02[.]08[.]2022[.]exe hxxp://e4l4[.]com/husk[.]py hxxp://e4l4[.]com/ez_kiwi[.]py hxxp://e4l4[.]com/%E8%AF%BE%E4%BB%B6-%E7%AC%AC6%E8%AF%BE%E6%97%B6-910%E7%AB%A0%E8%8A%82[.]pptx hxxp://e4l4[.]com/2022%E7%BD%91%E9%BC%8E%E6%9D%AF%E5%8D%8A%E5%86%B3%E8%B5%9B[.]7z hxxp://e4l4[.]com/%E5%89%AF%E6%9C%AC21[.]3%E8%93%9D%E9%98%9F%E6%8A%A4%E7%BD%91%E9%9D%A2%E8%AF%95%E8%B5%84%E6%96%99210303[.]xlsx	Cobalt Strike
URL	hxxps://167[.]250[.]49[.]155/bin/billi_e58d74e455634dc695ed8a7b8b320325[.]exe hxxps://167[.]250[.]49[.]155/bin/billi_e58d74e455634dc695ed8a7b8b320325[.]exe[.]dom_1[.]exe hxxps://167[.]250[.]49[.]155/bin/billi_e58d74e455634dc695ed8a7b8b320325[.]exe[.]dom_2[.]exe hxxp://176[.]122[.]27[.]90:9999/sup[.]exe hxxp://176[.]122[.]27[.]90:9999/sys[.]exe hxxp://176[.]122[.]27[.]90:9999/elf[.]exe hxxp://45[.]43[.]36[.]223/m hxxp://45[.]43[.]36[.]223/3344[.]bin	Meterpreter
URL	hxxp://92[.]127[.]156[.]174:8880/master[.]exe hxxps://167[.]250[.]49[.]155/bin/Win32/mimikatz[.]exe hxxps://167[.]250[.]49[.]155/bin/Win32/mimilib[.]dll hxxps://167[.]250[.]49[.]155/bin/Win32/mimidrv[.]sys	MimiKatz
URL	hxxp://93[.]176[.]52[.]107/Nan_Brout_ncrypt[.]exe	Nanocore RAT
URL	hxxps://154[.]197[.]69[.]165//xclient[.]exe	XWorm
URL	hxxps://154[.]197[.]69[.]165//crss[.]exe hxxp://144[.]91[.]79[.]54/0210/v hxxps://195[.]179[.]227[.]207/x[.]jpg hxxp://144[.]91[.]79[.]54/1608/s hxxp://144[.]91[.]79[.]54/1109/H5ys7pe6WpHYUbNjgyl6[.]txt hxxp://updatee-facebok[.]com/davivienda/img/lemotiv[.]png hxxp://144[.]91[.]79[.]54/2210/89ney51qJ6QoGvfpvOp4[.]txt hxxps://207[.]231[.]111[.]82/lossless%20scaling[.]zip hxxp://updatee-facebok[.]com/davivienda/img/error[.]jpeg hxxp://updatee-facebok[.]com/davivienda/img/Logo-Davivienda-Blanco[.]png hxxp://updatee-facebok[.]com/davivienda/img/Vigilado[.]png hxxp://144[.]91[.]79[.]54/2508/QurgSbVreupOYX9A01xP[.]txt hxxp://144[.]91[.]79[.]54/2508/QQ0NDdlJvE5FbkXRGQQA[.]txt hxxp://144[.]91[.]79[.]54/2108/IjPIGIOclbcWbIDBK0SR[.]txt hxxp://144[.]91[.]79[.]54/2509/v hxxp://updatee-facebok[.]com/davivienda/img/campana[.]jpeg hxxp://144[.]91[.]79[.]54/1608/v hxxp://updatee-facebok[.]com/davivienda/img/davivienda-fondo1[.]jpg hxxp://144[.]91[.]79[.]54/2108/r hxxp://144[.]91[.]79[.]54/0911/pxiepnyTGwLDhznKmpkI[.]txt hxxp://144[.]91[.]79[.]54/1211/instant hxxp://144[.]91[.]79[.]54/1109/s hxxp://144[.]91[.]79[.]54/1109/r hxxps://45[.]135[.]232[.]38/sostener[.]vbs hxxp://144[.]91[.]79[.]54/2009/file hxxp://144[.]91[.]79[.]54/d/s44 hxxp://144[.]91[.]79[.]54/2108/JKa7EBhstDKjrdLBK21t[.]txt hxxp://144[.]91[.]79[.]54/2009/r hxxp://144[.]91[.]79[.]54/0911/s hxxp://144[.]91[.]79[.]54/2508/WnXQwNa9xZRgXnHhacfe[.]txt hxxp://144[.]91[.]79[.]54/2009/v hxxp://144[.]91[.]79[.]54/0911/r hxxp://updatee-facebok[.]com/bancolombia/img/icono[.]jpg hxxp://updatee-facebok[.]com/bancolombia/img/logo_sve[.]gif hxxp://updatee-facebok[.]com/davivienda/script/script[.]js hxxp://144[.]91[.]79[.]54/2108/file hxxp://144[.]91[.]79[.]54/2509/r hxxp://144[.]91[.]79[.]54/2508/b15XM0jm9zZmZCn8Y57g[.]txt hxxp://144[.]91[.]79[.]54/1211/cn hxxp://updatee-facebok[.]com/davivienda/img/candado[.]jpeg hxxp://updatee-facebok[.]com/davivienda/img/icon[.]jpg hxxp://updatee-facebok[.]com/bancolombia/img/itemb[.]jpg hxxp://updatee-facebok[.]com/bancolombia/img/favicon[.]ico hxxp://144[.]91[.]79[.]54/1211/file hxxp://updatee-facebok[.]com/davivienda/img/signo[.]jpeg hxxp://updatee-facebok[.]com/davivienda/img/compartir[.]jpeg hxxp://144[.]91[.]79[.]54/1608/r hxxp://updatee-facebok[.]com/bancolombia/img/sucursal[.]jpg hxxp://updatee-facebok[.]com/bancolombia/cop%C3%ADa hxxp://updatee-facebok[.]com/davivienda/img/campana2[.]jpeg hxxp://updatee-facebok[.]com/davivienda/img/llave[.]jpeg hxxp://144[.]91[.]79[.]54/2509/s hxxp://144[.]91[.]79[.]54/2509/file hxxp://updatee-facebok[.]com/bancolombia/img/logo[.]jpg hxxp://144[.]91[.]79[.]54/2108/PryNp1lge1KPfaSIbCL8[.]txt hxxp://144[.]91[.]79[.]54/1109/YtZuZggaddetWFPmpqje[.]txt hxxp://144[.]91[.]79[.]54/1109/file hxxps://updatee-facebok[.]com/sostener[.]vbs hxxp://144[.]91[.]79[.]54/0911/file hxxp://144[.]91[.]79[.]54/d/r44 hxxp://144[.]91[.]79[.]54/2108/Hmv3stFLgUX49v1BfDVw[.]txt hxxp://144[.]91[.]79[.]54/1109/v hxxp://144[.]91[.]79[.]54/2108/v hxxps://144[.]91[.]79[.]54/2508/s hxxp://144[.]91[.]79[.]54/1211/4O9EihfOAsGAXbFkfD5H[.]txt hxxp://144[.]91[.]79[.]54/2508/2SrkxNyHDKvfkzNJFSvX[.]txt hxxp://144[.]91[.]79[.]54/2508/PnRy4fqEtkSjOr3dfaEn[.]txt hxxp://144[.]91[.]79[.]54/2108/s hxxp://updatee-facebok[.]com/davivienda/styles/style[.]css hxxp://updatee-facebok[.]com/bancolombia/tokeninvalido/style[.]css hxxp://updatee-facebok[.]com/bancolombia/script[.]js hxxp://144[.]91[.]79[.]54/0911/cn hxxp://updatee-facebok[.]com/bancolombia/style[.]css hxxp://144[.]91[.]79[.]54/0210/r hxxp://144[.]91[.]79[.]54/0311/r hxxp://144[.]91[.]79[.]54/0311/FxYjkpf3otcMickMShv6[.]txt hxxp://144[.]91[.]79[.]54/0210/s hxxp://144[.]91[.]79[.]54/0311/file hxxp://144[.]91[.]79[.]54/0311/s hxxp://144[.]91[.]79[.]54/0210/file hxxp://103[.]20[.]102[.]62/DC999[.]bat hxxp://103[.]20[.]102[.]62/DC2111BAT[.]bat hxxp://103[.]20[.]102[.]62/5511[.]bat hxxps://66[.]225[.]254[.]246/xxx[.]jpg hxxps://66[.]225[.]254[.]246/x[.]jpg	AsyncRAT
URL	hxxp://165[.]232[.]186[.]159:9000/powercat-v2[.]0/powercat[.]ps1	PowerCat
URL	hxxp://65[.]20[.]104[.]217:8080/docs/Requirements[.]lnk hxxp://65[.]20[.]104[.]217:8080/docs/Requirements[.]pdf	QakBot
URL	hxxps://api[.]telegram[.]org/bot6398266815:AAHsI6E2fxSDRjUIFWFTj-ZFBkT9Dm19_Mo/	Agent Tesla
URL	hxxps://zut2[.]shop/Up	ACR Stealer
URL	hxxps://adonlinekeyferfad[.]com/MWQxMmUxNmEyYmU4/	Coper
URL	hxxps://my-vidar[.]ru/auth/login?ddosprotected=1 hxxps://vidar[.]red/auth/login?ddosprotected=2 hxxps://vidar[.]red/auth/login?ddosprotected=1 hxxps://vidar[.]red/auth/login?ddosprotected=0 hxxps://vidar[.]news/auth/login/?ddosprotected=2 hxxps://my-vidar[.]ru/auth/login?ddosprotected=2 hxxps://my-vidar[.]ru/auth/login?ddosprotected=1/ hxxp://138[.]124[.]60[.]133/din[.]exe	Vidar
URL	hxxps://192[.]3[.]220[.]6/web/w8[.]jar	STRRAT
URL	hxxp://89[.]169[.]13[.]138/3[.]exe	Phemedrone Stealer
URL	hxxp://31[.]41[.]244[.]11/files/unique3/random[.]exe	Rhadamanthys
URL	hxxp://89[.]23[.]98[.]165/build/amella[.]exe hxxp://185[.]215[.]113[.]16/inc/Dynpvoy[.]exe hxxp://185[.]215[.]113[.]209/inc/Dynpvoy[.]exe hxxps://lol[.]7hacks[.]click/ellaam[.]exe	Amadey
URL	hxxps://github[.]com/cavxsy/crazy[.]spoofer/raw/refs/heads/main/loader[.]exe	RedLine Stealer
URL	hxxps://dogirafer[.]com/test/ hxxps://proliforetka[.]com/test/	Latrodectus
URL	hxxps://syncme[.]life/lavita[.]php hxxps://muuxxu[.]com:8817/intel[.]php hxxps://cronoze[.]com:8817/intel[.]php	Brute Ratel C4

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております