D アラート情報｜サイバーリスク情報提供サービス「D アラート」

1月

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様5社: 2025/01/08
※2025/01/08 更新
マルウェア感染させると考えられるURLを検知（2025/01/08）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://38[.]134[.]189[.]10/x-3[.]2-[.]Sakura
hxxp://38[.]134[.]189[.]10/m-6[.]8-k[.]Sakura
hxxp://38[.]134[.]189[.]10/a-r[.]m-6[.]Sakura
hxxp://38[.]134[.]189[.]10/a-r[.]m-4[.]Sakura
hxxp://38[.]134[.]189[.]10/p-p[.]c-[.]Sakura
hxxp://38[.]134[.]189[.]10/Sakura[.]sh
Bashlite


URL
hxxp://117[.]222[.]116[.]8:38088/Mozi[.]m
hxxp://46[.]227[.]184[.]209:44913/Mozi[.]m
Mozi


URL
hxxp://storestitch[.]com/blog/wp-rss[.]php
hxxp://newlinkname[.]com/search[.]php
hxxp://blogstrng[.]com/hotlink/imgs[.]php
hxxp://blogstrng[.]com/hotlink/pic[.]php
Pony


URL
hxxps://sputnik-1985[.]com/api
hxxps://parkywatter[.]cfd/api
hxxps://twistforcepo[.]cfd/api
hxxps://beattalkerz[.]cyou/api
hxxps://monkeycutte[.]cyou/api
hxxps://fairiespar[.]cyou/api
hxxps://skinfuzzerz[.]cyou/api
hxxps://bitbucket[.]org/maybebe1/chromiums/downloads/321[.]exe
hxxps://bitbucket[.]org/maybebe1/chromiums/downloads/asd[.]exe
hxxps://bitbucket[.]org/maybebe1/chromiums/downloads/LummaC2[.]exe
Lumma Stealer


URL
hxxp://45[.]15[.]157[.]217/cbb264a91564bd6c[.]php
hxxps://65[.]109[.]226[.]91/d59bbb0059c11725/sqlite3[.]dll
hxxps://91[.]215[.]85[.]213/d1c0c3851212ede5/sqlite3[.]dll
Stealc


URL
hxxp://172[.]245[.]123[.]11/tpm/fre[.]php
hxxp://94[.]156[.]177[.]41/mars/five/fre[.]php
hxxp://94[.]156[.]177[.]41/mars/five/PvqDq929BSx_A_D_M1n_a[.]php
LokiBot


URL
hxxp://amazonenviro[.]com/245_Aiymwhpjxsg
DBatLoader


URL
hxxp://45[.]125[.]67[.]168/stelin/Crawl[.]exe
Coinminer


URL
hxxp://85[.]209[.]11[.]15/q/45[.]png
hxxps://github[.]com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK[.]exe
AsyncRAT


URL
hxxps://pursyst[.]com/8k4r[.]js
hxxps://pursyst[.]com/js[.]php
hxxps://pablogutierrez[.]life/work/index[.]php
hxxps://pablogutierrez[.]life/work/download[.]php
hxxps://pablogutierrez[.]life/work/original[.]js
hxxps://aiiqinga[.]life/work/original[.]js
hxxps://aiiqinga[.]life/work/index[.]php
hxxps://aiiqinga[.]life/work/download[.]php
hxxps://luoli8[.]life/bbbb[.]zip
hxxp://jjdgdeffjimfgne[.]top/1[.]php
hxxps://preisefurmaannerpillen[.]life/work/index[.]php
hxxps://preisefurmaannerpillen[.]life/work/download[.]php
hxxps://jdcdn[.]life/work/download[.]php
hxxps://jdcdn[.]life/work/index[.]php
hxxps://jdcdn[.]life/work/original[.]js
hxxps://preisefurmaannerpillen[.]life/work/original[.]js
hxxps://islonline[.]org/j[.]js
hxxps://onobote[.]org/work/original[.]js
hxxps://onobote[.]org/work/index[.]php
hxxps://onobote[.]org/work/download[.]php
hxxps://myunfiltered[.]org/work/original[.]js
hxxps://myunfiltered[.]org/work/index[.]php
hxxps://myunfiltered[.]org/work/download[.]php
hxxps://channelsafrica[.]org/work/original[.]js
hxxps://channelsafrica[.]org/work/index[.]php
hxxps://channelsafrica[.]org/work/download[.]php
hxxps://peeranalytics[.]org/work/original[.]js
hxxps://peeranalytics[.]org/work/index[.]php
hxxps://teddyatuluku[.]org/work/original[.]js
hxxps://peeranalytics[.]org/work/download[.]php
hxxps://teddyatuluku[.]org/download[.]php
hxxps://teddyatuluku[.]org/work/index[.]php
hxxps://www[.]denoyabsplace[.]theeyef[.]org/work/original[.]js
hxxps://www[.]denoyabsplace[.]theeyef[.]org/work/index[.]php
hxxps://akwaabafoundation[.]org/work/download[.]php
hxxps://akwaabafoundation[.]org/work/index[.]php
hxxps://akwaabafoundation[.]org/work/original[.]js
hxxps://www[.]denoyabsplace[.]theeyef[.]org/work/download[.]php
hxxps://treasurelight[.]org/work/original[.]js
hxxps://treasurelight[.]org/work/index[.]php
hxxps://treasurelight[.]org/work/download[.]php
hxxps://dspsng[.]theeyef[.]org/work/original[.]js
hxxps://dspsng[.]theeyef[.]org/work/download[.]php
hxxps://dspsng[.]theeyef[.]org/work/index[.]php
hxxps://light247[.]org/work/index[.]php
hxxps://doggonechannel[.]org/work/download[.]php
hxxps://light247[.]org/work/download[.]php
hxxps://doggonechannel[.]org/work/original[.]js
hxxps://doggonechannel[.]org/work/index[.]php
hxxps://engratiaatuluku[.]org/work/original[.]js
hxxps://engratiaatuluku[.]org/work/index[.]php
hxxps://engratiaatuluku[.]org/work/download[.]php
hxxps://theivorypalace[.]org/work/original[.]js
hxxps://theivorypalace[.]org/work/download[.]php
hxxps://theivorypalace[.]org/work/index[.]php
hxxps://cultural-auxiliaries[.]org/work/original[.]js
hxxps://cultural-auxiliaries[.]org/work/index[.]php
hxxps://cultural-auxiliaries[.]org/work/download[.]php
hxxps://luqmanedu[.]org/work/original[.]js
hxxps://luqmanedu[.]org/work/index[.]php
hxxps://luqmanedu[.]org/work/download[.]php
hxxps://rccgloveinaction[.]org/work/original[.]js
hxxps://rccgloveinaction[.]org/work/download[.]php
hxxps://rccgloveinaction[.]org/work/index[.]php
hxxps://leapleadershipinstitute[.]org/work/original[.]js
hxxps://leapleadershipinstitute[.]org/work/index[.]php
hxxps://cqnc[.]org/work/original[.]js
hxxps://cqnc[.]org/work/download[.]php
hxxps://cqnc[.]org/work/index[.]php
hxxps://pelpay[.]org/work/original[.]js
hxxps://pelpay[.]org/work/index[.]php
hxxps://pelpay[.]org/work/download[.]php
hxxps://light247[.]org/work/original[.]js
hxxps://islonline[.]org/m[.]js
FAKEUPDATES


URL
hxxps://myguyapp[.]com/msword[.]zip
Remcos


URL
hxxps://junewiener[.]com/updater2[.]php
Satacom


URL
hxxp://www[.]sumiyuki[.]co[.]jp/js/test[.]exe
Gandcrab


URL
hxxps://45[.]157[.]233[.]162/servus
hxxp://45[.]157[.]233[.]162/servus
hxxps://webhook[.]my/servus
XWorm


URL
hxxp://dragon-rp[.]com/L1nc0In[.]php
DCRat


URL
hxxps://github[.]com/thomson101/XHP/releases/download/Release/Steanings[.]exe
hxxp://31[.]41[.]244[.]10/lana/same[.]exe
hxxp://31[.]41[.]244[.]10/mel/none[.]exe
RedLine Stealer


URL
hxxps://github[.]com/apoxyies/deeneme/raw/refs/heads/main/RuntimeBroker[.]exe
hxxps://upload[.]vina-host[.]com/get/GiyAuOmtEV/uu[.]exe
Quasar RAT


URL
hxxp://77[.]90[.]22[.]45/Server1[.]exe
NjRAT


URL
hxxp://47[.]92[.]166[.]33:6666/02[.]08[.]2022[.]exe
hxxp://47[.]121[.]190[.]121:81/02[.]08[.]2022[.]exe
hxxp://8[.]141[.]95[.]197:6688/02[.]08[.]2022[.]exe
hxxp://103[.]243[.]25[.]70:6666/02[.]08[.]2022[.]exe
hxxp://209[.]141[.]54[.]131:5555/02[.]08[.]2022[.]exe
hxxp://113[.]44[.]79[.]187:8803/02[.]08[.]2022[.]exe
hxxp://152[.]32[.]240[.]71/02[.]08[.]2022[.]exe
hxxp://123[.]57[.]230[.]183:8891/02[.]08[.]2022[.]exe
hxxp://47[.]242[.]37[.]176:5433/02[.]08[.]2022[.]exe
hxxp://116[.]196[.]92[.]13:9095/02[.]08[.]2022[.]exe
hxxp://47[.]242[.]37[.]176:8080/02[.]08[.]2022[.]exe
hxxp://85[.]31[.]47[.]148/02[.]08[.]2022[.]exe
hxxp://93[.]113[.]25[.]206/02[.]08[.]2022[.]exe
Cobalt Strike


URL
hxxp://45[.]61[.]185[.]69:20722/b/mipsel
Kaiji




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxp://38[.]134[.]189[.]10/x-3[.]2-[.]Sakura hxxp://38[.]134[.]189[.]10/m-6[.]8-k[.]Sakura hxxp://38[.]134[.]189[.]10/a-r[.]m-6[.]Sakura hxxp://38[.]134[.]189[.]10/a-r[.]m-4[.]Sakura hxxp://38[.]134[.]189[.]10/p-p[.]c-[.]Sakura hxxp://38[.]134[.]189[.]10/Sakura[.]sh	Bashlite
URL	hxxp://117[.]222[.]116[.]8:38088/Mozi[.]m hxxp://46[.]227[.]184[.]209:44913/Mozi[.]m	Mozi
URL	hxxp://storestitch[.]com/blog/wp-rss[.]php hxxp://newlinkname[.]com/search[.]php hxxp://blogstrng[.]com/hotlink/imgs[.]php hxxp://blogstrng[.]com/hotlink/pic[.]php	Pony
URL	hxxps://sputnik-1985[.]com/api hxxps://parkywatter[.]cfd/api hxxps://twistforcepo[.]cfd/api hxxps://beattalkerz[.]cyou/api hxxps://monkeycutte[.]cyou/api hxxps://fairiespar[.]cyou/api hxxps://skinfuzzerz[.]cyou/api hxxps://bitbucket[.]org/maybebe1/chromiums/downloads/321[.]exe hxxps://bitbucket[.]org/maybebe1/chromiums/downloads/asd[.]exe hxxps://bitbucket[.]org/maybebe1/chromiums/downloads/LummaC2[.]exe	Lumma Stealer
URL	hxxp://45[.]15[.]157[.]217/cbb264a91564bd6c[.]php hxxps://65[.]109[.]226[.]91/d59bbb0059c11725/sqlite3[.]dll hxxps://91[.]215[.]85[.]213/d1c0c3851212ede5/sqlite3[.]dll	Stealc
URL	hxxp://172[.]245[.]123[.]11/tpm/fre[.]php hxxp://94[.]156[.]177[.]41/mars/five/fre[.]php hxxp://94[.]156[.]177[.]41/mars/five/PvqDq929BSx_A_D_M1n_a[.]php	LokiBot
URL	hxxp://amazonenviro[.]com/245_Aiymwhpjxsg	DBatLoader
URL	hxxp://45[.]125[.]67[.]168/stelin/Crawl[.]exe	Coinminer
URL	hxxp://85[.]209[.]11[.]15/q/45[.]png hxxps://github[.]com/legendary6911331/zakaz8/releases/download/safasf/AsyncClientGK[.]exe	AsyncRAT
URL	hxxps://pursyst[.]com/8k4r[.]js hxxps://pursyst[.]com/js[.]php hxxps://pablogutierrez[.]life/work/index[.]php hxxps://pablogutierrez[.]life/work/download[.]php hxxps://pablogutierrez[.]life/work/original[.]js hxxps://aiiqinga[.]life/work/original[.]js hxxps://aiiqinga[.]life/work/index[.]php hxxps://aiiqinga[.]life/work/download[.]php hxxps://luoli8[.]life/bbbb[.]zip hxxp://jjdgdeffjimfgne[.]top/1[.]php hxxps://preisefurmaannerpillen[.]life/work/index[.]php hxxps://preisefurmaannerpillen[.]life/work/download[.]php hxxps://jdcdn[.]life/work/download[.]php hxxps://jdcdn[.]life/work/index[.]php hxxps://jdcdn[.]life/work/original[.]js hxxps://preisefurmaannerpillen[.]life/work/original[.]js hxxps://islonline[.]org/j[.]js hxxps://onobote[.]org/work/original[.]js hxxps://onobote[.]org/work/index[.]php hxxps://onobote[.]org/work/download[.]php hxxps://myunfiltered[.]org/work/original[.]js hxxps://myunfiltered[.]org/work/index[.]php hxxps://myunfiltered[.]org/work/download[.]php hxxps://channelsafrica[.]org/work/original[.]js hxxps://channelsafrica[.]org/work/index[.]php hxxps://channelsafrica[.]org/work/download[.]php hxxps://peeranalytics[.]org/work/original[.]js hxxps://peeranalytics[.]org/work/index[.]php hxxps://teddyatuluku[.]org/work/original[.]js hxxps://peeranalytics[.]org/work/download[.]php hxxps://teddyatuluku[.]org/download[.]php hxxps://teddyatuluku[.]org/work/index[.]php hxxps://www[.]denoyabsplace[.]theeyef[.]org/work/original[.]js hxxps://www[.]denoyabsplace[.]theeyef[.]org/work/index[.]php hxxps://akwaabafoundation[.]org/work/download[.]php hxxps://akwaabafoundation[.]org/work/index[.]php hxxps://akwaabafoundation[.]org/work/original[.]js hxxps://www[.]denoyabsplace[.]theeyef[.]org/work/download[.]php hxxps://treasurelight[.]org/work/original[.]js hxxps://treasurelight[.]org/work/index[.]php hxxps://treasurelight[.]org/work/download[.]php hxxps://dspsng[.]theeyef[.]org/work/original[.]js hxxps://dspsng[.]theeyef[.]org/work/download[.]php hxxps://dspsng[.]theeyef[.]org/work/index[.]php hxxps://light247[.]org/work/index[.]php hxxps://doggonechannel[.]org/work/download[.]php hxxps://light247[.]org/work/download[.]php hxxps://doggonechannel[.]org/work/original[.]js hxxps://doggonechannel[.]org/work/index[.]php hxxps://engratiaatuluku[.]org/work/original[.]js hxxps://engratiaatuluku[.]org/work/index[.]php hxxps://engratiaatuluku[.]org/work/download[.]php hxxps://theivorypalace[.]org/work/original[.]js hxxps://theivorypalace[.]org/work/download[.]php hxxps://theivorypalace[.]org/work/index[.]php hxxps://cultural-auxiliaries[.]org/work/original[.]js hxxps://cultural-auxiliaries[.]org/work/index[.]php hxxps://cultural-auxiliaries[.]org/work/download[.]php hxxps://luqmanedu[.]org/work/original[.]js hxxps://luqmanedu[.]org/work/index[.]php hxxps://luqmanedu[.]org/work/download[.]php hxxps://rccgloveinaction[.]org/work/original[.]js hxxps://rccgloveinaction[.]org/work/download[.]php hxxps://rccgloveinaction[.]org/work/index[.]php hxxps://leapleadershipinstitute[.]org/work/original[.]js hxxps://leapleadershipinstitute[.]org/work/index[.]php hxxps://cqnc[.]org/work/original[.]js hxxps://cqnc[.]org/work/download[.]php hxxps://cqnc[.]org/work/index[.]php hxxps://pelpay[.]org/work/original[.]js hxxps://pelpay[.]org/work/index[.]php hxxps://pelpay[.]org/work/download[.]php hxxps://light247[.]org/work/original[.]js hxxps://islonline[.]org/m[.]js	FAKEUPDATES
URL	hxxps://myguyapp[.]com/msword[.]zip	Remcos
URL	hxxps://junewiener[.]com/updater2[.]php	Satacom
URL	hxxp://www[.]sumiyuki[.]co[.]jp/js/test[.]exe	Gandcrab
URL	hxxps://45[.]157[.]233[.]162/servus hxxp://45[.]157[.]233[.]162/servus hxxps://webhook[.]my/servus	XWorm
URL	hxxp://dragon-rp[.]com/L1nc0In[.]php	DCRat
URL	hxxps://github[.]com/thomson101/XHP/releases/download/Release/Steanings[.]exe hxxp://31[.]41[.]244[.]10/lana/same[.]exe hxxp://31[.]41[.]244[.]10/mel/none[.]exe	RedLine Stealer
URL	hxxps://github[.]com/apoxyies/deeneme/raw/refs/heads/main/RuntimeBroker[.]exe hxxps://upload[.]vina-host[.]com/get/GiyAuOmtEV/uu[.]exe	Quasar RAT
URL	hxxp://77[.]90[.]22[.]45/Server1[.]exe	NjRAT
URL	hxxp://47[.]92[.]166[.]33:6666/02[.]08[.]2022[.]exe hxxp://47[.]121[.]190[.]121:81/02[.]08[.]2022[.]exe hxxp://8[.]141[.]95[.]197:6688/02[.]08[.]2022[.]exe hxxp://103[.]243[.]25[.]70:6666/02[.]08[.]2022[.]exe hxxp://209[.]141[.]54[.]131:5555/02[.]08[.]2022[.]exe hxxp://113[.]44[.]79[.]187:8803/02[.]08[.]2022[.]exe hxxp://152[.]32[.]240[.]71/02[.]08[.]2022[.]exe hxxp://123[.]57[.]230[.]183:8891/02[.]08[.]2022[.]exe hxxp://47[.]242[.]37[.]176:5433/02[.]08[.]2022[.]exe hxxp://116[.]196[.]92[.]13:9095/02[.]08[.]2022[.]exe hxxp://47[.]242[.]37[.]176:8080/02[.]08[.]2022[.]exe hxxp://85[.]31[.]47[.]148/02[.]08[.]2022[.]exe hxxp://93[.]113[.]25[.]206/02[.]08[.]2022[.]exe	Cobalt Strike
URL	hxxp://45[.]61[.]185[.]69:20722/b/mipsel	Kaiji

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております