不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様1社 -
2025/01/30
※2025/01/30 更新
マルウェア感染させると考えられるURLを検知(2025/01/30)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://697548cm[.]nyashnyash[.]ru/JavascriptprotectWindowstrackdownloads[.]php hxxp://788464cm[.]shnyash[.]ru/_multidefaultDbwindows[.]php hxxp://194[.]59[.]186[.]65/uploads/67976d8857ec2_9826376324[.]exe |
DCRat |
| URL | hxxps://healthyrecipesonline[.]biz/api hxxps://titlewoundyb[.]cyou/api hxxps://sustainablelivingtips[.]biz/api hxxps://absetnoodi[.]top/api hxxps://smiteattacekr[.]org/api hxxps://rollinsccred[.]biz/api hxxps://greatrabbid[.]biz/api hxxps://stematockeoff[.]shop/api hxxps://innerkomen[.]com/api |
Lumma Stealer |
| URL | hxxp://221[.]0[.]241[.]233:52988/Mozi[.]m hxxp://112[.]248[.]142[.]156:42033/Mozi[.]m |
Mozi |
| URL | hxxps://solve[.]rywi[.]org/awjsx[.]captcha hxxps://solve[.]yiie[.]org/awjsx[.]captcha hxxps://solve[.]uayy[.]org/awjsx[.]captcha hxxps://solve[.]eyuy[.]org/awjsx[.]captcha |
ClearFake |
| URL | hxxp://198[.]251[.]82[.]160:2075/b/mips hxxp://198[.]251[.]82[.]160:2075/s/mipsel hxxp://198[.]251[.]82[.]160:2075/t/mipsel hxxp://198[.]251[.]82[.]160:2075/b/mipsel hxxp://198[.]251[.]82[.]160:2075/t/mips hxxp://198[.]251[.]82[.]160:2075/s/mips |
Kaiji |
| URL | hxxp://23[.]94[.]80[.]230/xampp/uhg/sheismybestgirlevermadewithgreatchanceformegivemebest[.]hta | Remcos |
| URL | hxxps://piloferstaf[.]com/test/ hxxps://ypredoninen[.]com/test/ |
Latrodectus |
| URL | hxxps://akmcons[.]com/6d2k[.]js hxxps://akmcons[.]com/js[.]php hxxps://vwi[.]trial[.]buyintercomsonline[.]com/merchantServices hxxps://uybd[.]static[.]buyweatherstriponline[.]com/merchantServices hxxps://patientlo[.]top/work/original[.]js hxxps://patientlo[.]top/work/index[.]php hxxps://patientlo[.]top/work/upl[.]php hxxps://fakenotesandclonedcards[.]com/folder[.]zip |
FAKEUPDATES |
| URL | hxxps://app-antiriciclaggio-mps[.]com/app/MPS2[.]0[.]apk hxxps://avastpm[.]com/Avastavv[.]apk hxxps://nationwideavast[.]com/Avastavv[.]apk hxxp://nationwideavast[.]com/Avastavv[.]apk hxxps://commavast[.]com/Avastavv[.]apk hxxp://commavast[.]com/Avastavv[.]apk hxxps://avastxp[.]com/Avastavv[.]apk hxxps://www[.]avastsp[.]com/Avastavv[.]apk hxxp://updatemyacc[.]com/Avastavv[.]apk hxxps://avastax[.]com/Avastavv[.]apk hxxps://avastvx[.]com/Avastavv[.]apk hxxps://avastuo[.]com/Avastavv[.]apk hxxp://avastnw[.]com/Avastavv[.]apk hxxp://avastga[.]com/Avastavv[.]apk hxxps://avastnw[.]com/Avastavv[.]apk hxxp://avastxp[.]com/Avastavv[.]apk hxxps://avastpn[.]com/Avastavv[.]apk hxxps://avastcsm[.]com/Avastavv[.]apk hxxps://avastme[.]com/Avastavv[.]apk hxxps://avastpr[.]com/Avastavv[.]apk hxxp://avastpr[.]com/Avastavv[.]apk hxxps://it-mediolanumbanca[.]com/app/Mediolanum2[.]0[.]apk |
SpyNote |
| URL | hxxps://chromeupd-mo[.]com/Chrome/install/Chrome[.]apk | Coper |
| URL | hxxps://dl[.]dropboxusercontent[.]com/scl/fi/3br2y8fin0jqgrunrq3mf/cjfansgmlans1-f[.]txt?rlkey=rxnknu51ncb5xgnj2lyxu0xyu&st=ohfmyo4p&dl=0 hxxps://dl[.]dropboxusercontent[.]com/scl/fi/nanwt6elsuxziz05hnlt4/cjfansgmlans1-x[.]txt?rlkey=l6gzro1rswkqbk6tinxnkuylv&st=iv78c1cg&dl=0 |
Kimsuky |
| URL | hxxp://94[.]38[.]23[.]2/ldr[.]sh?b0f895_admin hxxp://121[.]78[.]147[.]213:8080/js/s[.]rar hxxp://194[.]38[.]23[.]2/sys[.]exe |
Coinminer |
| URL | hxxp://89[.]197[.]154[.]116/File[.]exe hxxp://39[.]105[.]8[.]82:12345/02[.]08[.]2022[.]exe hxxp://38[.]146[.]27[.]55/02[.]08[.]2022[.]exe hxxp://47[.]238[.]68[.]246:1234/02[.]08[.]2022[.]exe hxxp://47[.]74[.]54[.]68:7701/02[.]08[.]2022[.]exe hxxp://54[.]169[.]53[.]156/02[.]08[.]2022[.]exe hxxp://149[.]88[.]74[.]68/02[.]08[.]2022[.]exe hxxp://156[.]243[.]244[.]27/02[.]08[.]2022[.]exe hxxp://54[.]255[.]180[.]238:8080/02[.]08[.]2022[.]exe hxxp://111[.]231[.]144[.]159:4444/02[.]08[.]2022[.]exe hxxp://156[.]243[.]244[.]27:8080/02[.]08[.]2022[.]exe hxxp://49[.]234[.]38[.]224:81/02[.]08[.]2022[.]exe hxxp://154[.]204[.]56[.]71:1111/02[.]08[.]2022[.]exe hxxp://142[.]171[.]32[.]77:22701/02[.]08[.]2022[.]exe hxxp://154[.]204[.]34[.]21:8081/02[.]08[.]2022[.]exe hxxp://47[.]83[.]218[.]121:81/02[.]08[.]2022[.]exe hxxp://121[.]43[.]227[.]196:89/02[.]08[.]2022[.]exe hxxp://38[.]55[.]239[.]26/02[.]08[.]2022[.]exe hxxp://121[.]43[.]227[.]196:88/02[.]08[.]2022[.]exe hxxp://47[.]113[.]217[.]92:28888/02[.]08[.]2022[.]exe hxxp://101[.]43[.]46[.]181:7799/02[.]08[.]2022[.]exe hxxp://152[.]136[.]159[.]25:4455/02[.]08[.]2022[.]exe hxxp://42[.]192[.]195[.]221:65222/02[.]08[.]2022[.]exe hxxp://31[.]59[.]186[.]9/02[.]08[.]2022[.]exe hxxp://92[.]51[.]2[.]17:84/02[.]08[.]2022[.]exe hxxp://13[.]59[.]108[.]33/02[.]08[.]2022[.]exe |
Cobalt Strike |
| URL | hxxp://89[.]197[.]154[.]116/Debug[.]exe hxxp://89[.]197[.]154[.]116/Transfer3[.]exe |
Meterpreter |
| URL | hxxp://89[.]197[.]154[.]116/Bugs[.]exe hxxp://89[.]197[.]154[.]116/Transfer2[.]exe |
Metasploit |
| URL | hxxp://89[.]197[.]154[.]116/mimikatz[.]exe | MimiKatz |
| URL | hxxps://panel[.]subdeew[.]site/m68k hxxp://193[.]17[.]183[.]121/x86 |
Bashlite |
| URL | hxxps://github[.]com/XCocGT/priv1/raw/refs/heads/main/Microsoft_Hardware_Launch[.]exe hxxps://github[.]com/Qwuxu/ghjtdfghnfg/raw/refs/heads/main/lastest[.]exe hxxps://github[.]com/akumaheo/heoe/raw/refs/heads/main/heo[.]exe hxxps://github[.]com/UnknownHat8353/Virus/raw/refs/heads/main/Server[.]exe hxxps://github[.]com/EluwnkaQuxi/elcio/raw/refs/heads/main/Server1[.]exe hxxps://github[.]com/monkey958/sdasd/raw/refs/heads/main/856[.]exe hxxps://github[.]com/Qwuxu/ghjtdfghnfg/raw/refs/heads/main/newest[.]exe hxxps://github[.]com/Impar0/tryyy/raw/refs/heads/main/client[.]exe hxxps://github[.]com/mentaliczz/BloxflipPredictor-V2/raw/refs/heads/main/Bloxflip%20Predictor[.]exe hxxps://github[.]com/ff245185/payload/raw/refs/heads/main/Fast%20Download[.]exe hxxps://github[.]com/raz233/rgdgdrg/raw/refs/heads/main/Client[.]exe hxxps://github[.]com/AhmedK97/Xwqd21WaDdqwdv/raw/refs/heads/main/Server[.]exe hxxps://github[.]com/Toxicxz/Fnaf-1/raw/refs/heads/main/fusca%20game[.]exe hxxps://github[.]com/orospuccocugu/aaaaaa/raw/refs/heads/main/enai2[.]exe hxxps://github[.]com/TheAirBlow/theairblow/raw/refs/heads/main/njrat[.]exe hxxps://github[.]com/Qwuxu/ghjtdfghnfg/raw/refs/heads/main/joiner[.]exe hxxps://github[.]com/XCocGT/priv1/raw/refs/heads/main/testme[.]exe hxxps://github[.]com/ymykaliymy/ymy/raw/refs/heads/main/sela[.]exe hxxps://github[.]com/Grozniy1/folder/raw/refs/heads/main/444[.]exe hxxps://github[.]com/nxrecxxil/syndicate/raw/refs/heads/main/main[.]exe hxxps://github[.]com/trafunny/Malware-File/raw/refs/heads/main/njrat[.]exe hxxps://github[.]com/Qwuxu/ghjtdfghnfg/raw/refs/heads/main/startup[.]exe hxxps://github[.]com/Qwuxu/ghjtdfghnfg/raw/refs/heads/main/cnct[.]exe hxxps://github[.]com/KREveDko3221/porno/raw/refs/heads/main/mos%20ssssttttt[.]exe hxxps://github[.]com/AlNyak/Test/raw/refs/heads/main/testingg[.]exe hxxps://github[.]com/PaketPK/trojan/raw/refs/heads/main/njSilent[.]exe hxxps://github[.]com/ItsChanGat/Test/raw/refs/heads/main/system[.]exe |
NjRAT |
| URL | hxxp://us-east-1[.]tixte[.]net/uploads/venom[.]likes[.]cash/ntoskrnl[.]exe hxxps://upload[.]vina-host[.]com/get/GRytS2eE3z/eo[.]exe hxxps://upload[.]vina-host[.]com/get/IFmqapLNrp/Client-built[.]exe hxxps://upload[.]vina-host[.]com/get/edI4wqIhYr/rektupp[.]exe hxxp://193[.]160[.]130[.]9:8000/virus_to_test_on_hybrid_analyse[.]exe hxxp://81[.]161[.]238[.]80/svchosts[.]exe hxxps://github[.]com/LuisPhantom/Vemom/raw/refs/heads/main/svhost[.]exe hxxps://github[.]com/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/Java32[.]exe hxxps://github[.]com/RiseMe-origami/g/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/Hapor2023/quasar/raw/refs/heads/main/x[.]exe hxxps://github[.]com/tezx11/imgui/raw/refs/heads/main/RuntimeBroker[.]exe hxxps://github[.]com/AI-Scanner/bin/raw/refs/heads/main/test[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/vanilla[.]exe hxxps://github[.]com/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/Java[.]exe hxxps://github[.]com/imaeewy/about-me/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/honkshefter/sundshefter/raw/refs/heads/main/stub[.]exe hxxps://github[.]com/Hapor2023/quasar/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/skibidi[.]exe hxxps://github[.]com/TheRealAstro666/LOLZ/raw/refs/heads/main/built[.]exe hxxps://github[.]com/andresberejno/aaaaaaa/raw/refs/heads/main/Client-base[.]exe hxxps://github[.]com/sesafvr/ayo/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/tezx11/imgui/raw/refs/heads/main/example_win32_dx11[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/jignesh[.]exe hxxps://github[.]com/AI-Scanner/bin/raw/refs/heads/main/SGVP%20Client%20program[.]exe hxxps://github[.]com/aspdasdksa2/callback/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/TheRealAstro666/LOLZ/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/cctv-security/rev/raw/main/Client-built[.]exe hxxps://github[.]com/FelikzIG/WDT/raw/refs/heads/main/CollosalLoader[.]exe hxxps://github[.]com/imaeewy/about-me/raw/refs/heads/main/discord[.]exe hxxps://github[.]com/EarthSetup/firtshopacc/raw/refs/heads/main/Runtime%20Broker[.]exe hxxps://github[.]com/XerusSploit/Neverlose-Loader/raw/refs/heads/main/Neverlose%20Loader[.]exe hxxps://github[.]com/M4HVH2/dwadwa/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/skibidisigmer/FNcleanerV2/releases/download/CleanerV2/CleanerV2[.]exe hxxps://github[.]com/jaaaaaaaaaaaaaaaaa/im-not-hosting-malware-here/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/1337Breaker1337/password/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/AzureRex/napewnonievoiderhook/raw/refs/heads/main/sharpmonoinjector[.]exe hxxps://github[.]com/EarthSetup/firtshopacc/raw/refs/heads/main/Registry[.]exe hxxps://github[.]com/XerusSploit/Spectrum/raw/refs/heads/main/spectrum[.]exe hxxps://github[.]com/dzonicar12332/voidddwareee/raw/refs/heads/main/voidware_loader[.]exe hxxps://github[.]com/AI-Scanner/bin/raw/refs/heads/main/SGVP%20Client%20System[.]exe hxxps://github[.]com/LuisPhantom/Vemom/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/sleepysnz/skibidi/raw/refs/heads/main/CondoGenerator[.]exe hxxps://github[.]com/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/lmao[.]exe hxxps://github[.]com/LuisPhantom/Vemom/raw/refs/heads/main/MMO%201[.]exe hxxps://github[.]com/Hapor2023/quasar/raw/refs/heads/main/fud2[.]exe hxxps://github[.]com/bonsko216/1/raw/refs/heads/main/RuntimeBroker[.]exe hxxps://github[.]com/Kami32X/discord/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/leemurray751/testing/raw/refs/heads/main/testingfile[.]exe hxxps://github[.]com/Faokun1/aaa/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/1434orz[.]exe hxxps://github[.]com/bill-net98/qusar/raw/refs/heads/main/client[.]exe hxxps://github[.]com/Brucegang123/Bat-Automation-TEST/raw/main/Servers[.]exe hxxps://github[.]com/ValOfficial/Client-follower/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/LuisPhantom/Vemom/raw/refs/heads/main/Money[.]exe hxxps://github[.]com/AzureRex/napewnonievoiderhook/raw/refs/heads/main/seksiak[.]exe hxxps://github[.]com/Xevioo/XevioHub/raw/refs/heads/main/CritScript[.]exe hxxps://github[.]com/nakuss/dwdwadwa/raw/main/Client-built[.]exe hxxps://github[.]com/biseo0/Neue/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/mpy66/nix/raw/refs/heads/main/discordupdate[.]exe hxxps://github[.]com/biseo0/Neue/raw/main/Client-built[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/negarque[.]exe hxxps://github[.]com/BlazedBottle/rat/raw/refs/heads/main/Client-built-Playit[.]exe hxxps://github[.]com/tellersins/uzump/raw/refs/heads/main/vopthsef[.]exe hxxps://github[.]com/swagkarna/test1/raw/refs/heads/main/payload[.]exe hxxps://github[.]com/unix-cmd/dev/raw/refs/heads/main/installer[.]exe hxxps://github[.]com/aspdasdksa2/callback/raw/main/Client-built[.]exe hxxps://github[.]com/horiffy/Sentil/raw/refs/heads/main/Sentil[.]exe hxxps://github[.]com/zls2024/not-download/raw/refs/heads/main/Discord[.]exe hxxps://github[.]com/imaeewy/about-me/raw/refs/heads/main/installer[.]exe[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/runtimebroker[.]exe hxxps://github[.]com/AI-Scanner/bin/raw/refs/heads/main/SGVP%20Client%20Users[.]exe hxxps://github[.]com/fhebngndsg/thefunny/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/ballshot/payload/raw/refs/heads/main/Client-built[.]exe hxxps://github[.]com/Hapor2023/quasar/raw/refs/heads/main/injector[.]exe hxxps://github[.]com/bormasina/test/raw/refs/heads/main/defender64[.]exe hxxps://github[.]com/TOP-executors/JJsploit/releases/download/v2[.]1[.]0/JJSPLOIT[.]V2[.]exe hxxps://github[.]com/StuKit/svhoste/raw/refs/heads/main/svhoste[.]exe hxxps://github[.]com/VideoXfrx/CrealStealer/raw/refs/heads/main/Creal[.]exe hxxps://github[.]com/Legendary-BYPASS/Trash/releases/download/1/Client[.]exe |
Quasar RAT |
| URL | hxxps://github[.]com/topg6565767677/discord/raw/refs/heads/main/discord[.]exe hxxps://github[.]com/Sulfux29/CustomRPCC/releases/download/discord/MSystem32[.]exe |
Nanocore RAT |
| URL | hxxps://github[.]com/AnshuOp0001/aaaaaaa/raw/refs/heads/main/Client[.]exe hxxps://github[.]com/vash0001/Discord/raw/refs/heads/main/Discord2[.]exe hxxps://github[.]com/JackedMicheal/ccenty/raw/refs/heads/main/CrSpoofer[.]exe hxxps://github[.]com/altabross/FUD-BATCH/raw/refs/heads/main/Client[.]exe hxxps://github[.]com/orospuccocugu/aaaaaa/raw/refs/heads/main/anne[.]exe hxxps://github[.]com/jackyz777/activebypass/raw/refs/heads/main/Discord[.]exe hxxps://github[.]com/Realmastercoder69/daww/raw/refs/heads/main/Loader[.]exe hxxps://github[.]com/heysama/afsgdhzx/raw/refs/heads/main/AsyncClient[.]exe hxxps://github[.]com/Babskai/vir-s/raw/refs/heads/main/AsyncClient[.]exe hxxps://github[.]com/heysama/afsgdhzx/raw/main/AsyncClient[.]exe hxxps://github[.]com/cfedss/exe/raw/refs/heads/main/Solara_Protect[.]exe hxxps://github[.]com/vash0001/Discord/raw/refs/heads/main/Discord3[.]exe hxxps://github[.]com/andresberejno/aaaaaaa/raw/refs/heads/main/File[.]exe hxxps://github[.]com/vash0001/Discord/raw/main/Discordd[.]exe hxxps://github[.]com/vash0001/Discord/raw/refs/heads/main/Discord[.]exe hxxps://github[.]com/vash0001/Discord/raw/refs/heads/main/Discordd[.]exe hxxps://github[.]com/ducminh23/ddosv1/raw/refs/heads/main/ddosziller[.]exe hxxps://github[.]com/vash0001/Discord/raw/main/Discord2[.]exe hxxps://github[.]com/venkovisual/Loli-Mod/raw/refs/heads/main/AsyncClient[.]exe hxxps://github[.]com/williamreport/lwpath/raw/refs/heads/main/main[.]exe |
AsyncRAT |
| URL | hxxps://github[.]com/peroxic/peroxic/releases/download/1/demon[.]bin | Havoc |
| URL | hxxps://github[.]com/woord02/nigga/raw/refs/heads/main/MajesticExec[.]exe hxxps://github[.]com/AI-Scanner/bin/raw/refs/heads/main/Program-loader[.]bin hxxps://github[.]com/zefordk/ikeya/raw/refs/heads/main/shellcodeAny[.]bin hxxps://github[.]com/New-Codder/test/raw/refs/heads/main/shellcodeAny[.]bin hxxps://github[.]com/AI-Scanner/bin/raw/refs/heads/main/Uesr-loader[.]bin hxxps://github[.]com/thanhtung19944/ok-/raw/refs/heads/main/Thunn[.]bin hxxps://github[.]com/thanhtung19944/ok-/raw/refs/heads/main/outping[.]bin hxxps://github[.]com/RanjitGandhi2/fff/raw/refs/heads/main/101[.]bin hxxps://github[.]com/razidvb/myfiles/raw/refs/heads/main/loader[.]bin hxxps://github[.]com/RanjitGandhi2/fff/raw/refs/heads/main/play[.]bin hxxps://github[.]com/RanjitGandhi2/fff/raw/refs/heads/main/mera[.]bin hxxps://github[.]com/stezxyz/svchost[.]exe/raw/refs/heads/main/XClient[.]bin hxxps://github[.]com/New-Codder/test/raw/refs/heads/main/2[.]bin hxxps://github[.]com/RanjitGandhi2/fff/raw/refs/heads/main/bao[.]bin hxxps://github[.]com/SHOWQA/xt/raw/refs/heads/main/shellcodeAny[.]bin hxxps://github[.]com/thanhtung19944/ok-/raw/refs/heads/main/need[.]bin hxxps://github[.]com/RanjitGandhi2/fff/raw/refs/heads/main/cool[.]bin hxxps://github[.]com/RanjitGandhi2/fff/raw/refs/heads/main/thong[.]bin hxxps://github[.]com/denispazin/uploads/raw/refs/heads/main/1735500131[.]bin hxxps://github[.]com/New-Codder/test/raw/refs/heads/main/3[.]bin hxxps://github[.]com/New-Codder/test/raw/refs/heads/main/1[.]bin |
donut_injector |
