不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様4社 -
2025/02/07
※2025/02/07 更新
マルウェア感染させると考えられるURLを検知(2025/02/07)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxps://firestormsite[.]xyz/MzZkNTliNTU4NDhl/ hxxps://whisperingvale[.]xyz/YTE5MzQ1ZWRkZjY1/ |
Coper |
| URL | hxxp://83[.]217[.]208[.]130/xfiles/trip[.]mp4 hxxp://80[.]64[.]30[.]238/trip[.]psd hxxps://updatetroubleunloaded[.]shop/b313d4a4588bd2e7bc9ece877caba58a[.]xll hxxps://check[.]esscv[.]tech/gkcxv[.]google hxxps://check[.]uhxkj[.]space/gkcxv[.]google hxxps://check[.]smfd[.]ink/gkcxv[.]google hxxps://check[.]popp[.]ink/gkcxv[.]google hxxps://check[.]alku[.]ink/gkcxv[.]google hxxps://check[.]amda[.]ink/gkcxv[.]google hxxps://check[.]lolp[.]ink/gkcxv[.]google hxxps://check[.]bxayj[.]site/gkcxv[.]google hxxps://check[.]mmjdh[.]site/gkcxv[.]google hxxps://check[.]owacq[.]site/gkcxv[.]google hxxps://check[.]cvdub[.]site/gkcxv[.]google hxxps://check[.]edmer[.]site/gkcxv[.]google |
ClearFake |
| URL | hxxp://94[.]156[.]177[.]155/ukr/client2[.]exe hxxp://88[.]151[.]192[.]52/ukr/client[.]exe hxxp://88[.]151[.]192[.]50/paxy[.]hta[.]mp4 |
SmokeLoader |
| URL | hxxp://45[.]90[.]12[.]129/Simps/armv4l hxxp://103[.]188[.]83[.]11/nshksh4 |
Bashlite |
| URL | hxxp://www[.]weddingseopro[.]com/n8it/ hxxp://www[.]weytek[.]com/n8it/ hxxp://www[.]winnerjourney[.]com/n8it/ hxxp://www[.]xe9b5mzzqzez5t[.]life/n8it/ hxxp://www[.]xuemengyc[.]com/n8it/ hxxp://www[.]xyypjq[.]xyz/n8it/ hxxp://www[.]ydshine[.]com/n8it/ hxxp://www[.]ziyuechloezhang[.]com/n8it/ hxxp://www[.]sporerindividual[.]com/n8it/ hxxp://www[.]strongdigits[.]com/n8it/ hxxp://www[.]syzbf15[.]xyz/n8it/ hxxp://www[.]taketherubbishout00001136[.]xyz/n8it/ hxxp://www[.]tfnor[.]com/n8it/ hxxp://www[.]thesleepercar[.]com/n8it/ hxxp://www[.]trickwaves[.]com/n8it/ hxxp://www[.]triplatin[.]com/n8it/ hxxp://www[.]untilfun[.]com/n8it/ hxxp://www[.]vandorainvestmentpartners[.]com/n8it/ hxxp://www[.]vertex-modal[.]com/n8it/ hxxp://www[.]onlinecryptoarbitrage[.]com/n8it/ hxxp://www[.]overworld[.]site/n8it/ hxxp://www[.]pettigestudio[.]com/n8it/ hxxp://www[.]pickleballgiant[.]info/n8it/ hxxp://www[.]plaquepsoriasismedcareus[.]com/n8it/ hxxp://www[.]presumablye[.]com/n8it/ hxxp://www[.]reversedwarbler[.]com/n8it/ hxxp://www[.]riosenpodo[.]quest/n8it/ hxxp://www[.]sculpturen[.]xyz/n8it/ hxxp://www[.]shamesupportclock[.]life/n8it/ hxxp://www[.]shopcycles3[.]com/n8it/ hxxp://www[.]signalcharlie[.]store/n8it/ hxxp://www[.]goldendtatedermatology[.]com/n8it/ hxxp://www[.]ike-design[.]com/n8it/ hxxp://www[.]impossiblemachinelearning[.]com/n8it/ hxxp://www[.]informasivalid[.]com/n8it/ hxxp://www[.]khaijd[.]com/n8it/ hxxp://www[.]learniebee[.]com/n8it/ hxxp://www[.]leogaeofkingdoms[.]com/n8it/ hxxp://www[.]lookloc[.]xyz/n8it/ hxxp://www[.]mevst[.]com/n8it/ hxxp://www[.]modellinghacks[.]com/n8it/ hxxp://www[.]onlinecoursesin[.]com/n8it/ hxxp://www[.]doubledotts[.]com/n8it/ hxxp://www[.]driveubertexas[.]com/n8it/ hxxp://www[.]dynamicmetalbuildings[.]com/n8it/ hxxp://www[.]e-volutionsf[.]com/n8it/ hxxp://www[.]edmontonfoundationrepair[.]net/n8it/ hxxp://www[.]electrosle[.]xyz/n8it/ hxxp://www[.]fimacusa[.]net/n8it/ hxxp://www[.]findkode[.]com/n8it/ hxxp://www[.]foodieonline[.]club/n8it/ hxxp://www[.]gdpyy[.]com/n8it/ hxxp://www[.]gfgoldgroup[.]com/n8it/ hxxp://www[.]0532sme[.]com/n8it/ hxxp://www[.]360-nft[.]com/n8it/ hxxp://www[.]areowed[.]site/n8it/ hxxp://www[.]battene[.]com/n8it/ hxxp://www[.]bienvenidomiami[.]com/n8it/ hxxp://www[.]coloradopadelclub[.]com/n8it/ hxxp://www[.]corefina[.]com/n8it/ hxxp://www[.]crossfitlaquila[.]com/n8it/ hxxp://www[.]cybitt[.]com/n8it/ hxxp://www[.]de7secondenglimlach[.]com/n8it/ hxxp://www[.]directbizlending[.]xyz/n8it/ hxxp://www[.]directoriobid[.]com/n8it/ hxxp://87[.]120[.]120[.]56/crypt/laser[.]exe hxxp://198[.]46[.]174[.]146/xampp/fb/fbgoodforsweetgirlvoiceniceforhear[.]txt hxxp://198[.]46[.]174[.]146/xampp/fb/fbgoodforsweetgirlvoiceniceforhearsa[.]gIF hxxp://198[.]46[.]174[.]146/xampp/fb/seno/fbgoodforsweetgirlvoiceniceforhearsagirlscute[.]hta hxxp://87[.]120[.]120[.]56/crypt/code[.]exe hxxp://87[.]120[.]120[.]56/crypt/giania[.]exe hxxp://87[.]120[.]120[.]56/crypt/laserrr[.]exe |
Formbook |
| URL | hxxp://83[.]217[.]208[.]130/xfiles/VIDA[.]mp3 hxxps://updatetroubleunloaded[.]shop/b313d4a4588bd2e7bc9ece877caba58a[.]png |
Vidar |
| URL | hxxps://eteherealpath[.]top/api hxxps://freshideastop[.]top/api hxxps://cablecrossedi[.]shop/api hxxps://tramplyfinej[.]click/api hxxps://murmurloude[.]click/api hxxps://decorateballz[.]click/api hxxps://testyhurriedo[.]click/api hxxps://pattyruralk[.]click/api hxxps://avangerresi[.]click/api hxxps://baoilkye[.]click/api hxxps://sockethingej[.]click/api hxxps://gleamingvisir[.]click/api hxxps://enlargeywuz[.]click/api hxxps://hookylucnh[.]click/api hxxps://thronethurd[.]click/api hxxps://jitteryresuqi[.]click/api hxxps://leeryspcieu[.]click/api hxxps://applyeasyhz[.]click/api hxxps://hissbringer[.]click/api hxxps://hopersmarter[.]click/api hxxps://insultfragie[.]click/api hxxps://implodehosu[.]click/api hxxps://scarpsniffy[.]click/api hxxps://libraryuehd[.]click/api hxxps://twinnylogy[.]click/api hxxps://boredbeliev[.]click/api hxxps://ethnicchos[.]click/api hxxps://noticesulk[.]click/api hxxps://applicatinyh[.]cyou/api hxxps://capturefann[.]cyou/api hxxps://canva5-belief[.]cyou/api hxxps://shelterryhsbj[.]cyou/api hxxps://playerjur[.]cyou/api hxxps://shatt3rhelpfu[.]cyou/api hxxps://kicky-tap[.]sbs/api hxxps://clusterbry[.]cyou/api hxxps://currentyelcktv[.]cyou/api hxxps://warmwhearts[.]cloud/api hxxps://curiousbereeze[.]top/api hxxps://pixelpottato[.]top/api hxxps://gleefuhlcloud[.]top/api hxxps://nomadsgpirit[.]top/api |
Lumma Stealer |
| URL | hxxp://caymanluxurycars[.]com/81v2 hxxp://barleyjack[.]com/rvb2 |
XWorm |
| URL | hxxp://94[.]232[.]249[.]56/MRMUxKtBj196[.]bin hxxp://iq[.]bjvfle7[.]bar/pol[.]bin hxxp://85[.]209[.]128[.]216/iMXIYvZOpN37[.]bin |
CloudEyE |
| URL | hxxp://217[.]160[.]163[.]113/453/wecc/seethebewtthingstodothebestwayofgreatnessgod[.]hta hxxp://217[.]160[.]163[.]113/453/seethebewtthingstodothebestwayofgreatnessgod[.]txt hxxp://198[.]46[.]174[.]146/xampp/kb/sheismybestgirlwholovesmebestwithgirlfirstnightgo[.]gIF hxxp://198[.]46[.]174[.]146/xampp/kb/kbgoodsigiinforroseflowersgood[.]txt hxxp://217[.]160[.]163[.]113/312/wcec/creatingbestthingswithgreatnewsgivenmebestthigns[.]hta hxxp://198[.]46[.]174[.]146/xampp/kb/cute/sheismybestgirlwholovesmebestwithgirlfirstnightgoood[.]hta |
Remcos |
| URL | hxxp://454431cm[.]n9sh[.]top/VmHttpCpuapiProtectdefaultTestwordpressuploads[.]php hxxp://976794cm[.]shnyash[.]ru/processorbigloadAsyncdatalifeDownloads[.]php hxxp://045849cm[.]shnyash[.]ru/defaultDbtest[.]php hxxp://192592cm[.]shnyash[.]ru/WindowsTestUploadsdownloads[.]php |
DCRat |
| URL | hxxp://87[.]120[.]120[.]56/crypt/GRAW[.]exe hxxp://91[.]202[.]233[.]169/Tak/Reg/Marz/ENVS/DG[.]txt hxxp://91[.]202[.]233[.]169/Tak/Reg/Marz/ENVS/VM[.]txt |
AsyncRAT |
| URL | hxxp://171[.]15[.]186[.]170:1957/WK[.]exe | Coinminer |
| URL | hxxps://divexpo[.]com/7y6t[.]js hxxps://divexpo[.]com/js[.]php hxxp://banhiaanlmdhahh[.]top/1[.]php hxxps://parkerlabs[.]top/work/original[.]js hxxps://parkerlabs[.]top/work/index[.]php hxxps://parkerlabs[.]top/work/file[.]php hxxps://parkerlabs[.]top/work/222[.]zip hxxps://ceo[.]cowholesaling[.]com/profileLayout |
FAKEUPDATES |
| URL | hxxp://195[.]20[.]18[.]146/killsof | Rhadamanthys |
| URL | hxxps://apworsindos[.]com/test/ hxxps://reminasolirol[.]com/test/ |
Latrodectus |
| URL | hxxp://195[.]20[.]18[.]146/o645ykmujnyhtbgrvfecdwx | PureLogs Stealer |
| URL | hxxps://info-regionsapproval[.]com/myATT_sign_en[.]apk hxxps://priv[.]host/myATT_sign_en[.]apk hxxps://et-int[.]me/myATT_sign_en[.]apk hxxp://securewireless[.]sbs/myATT_sign_en[.]apk hxxps://securewireless[.]sbs/myATT_sign_en[.]apk hxxps://91[.]212[.]166[.]16/myATT_sign_en[.]apk |
SpyNote |
| URL | hxxp://gliempleo[.]com/front[.]php | Satacom |
| URL | hxxp://219[.]155[.]223[.]181:43144/Mozi[.]m | Mozi |
