D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様22社: 2025/02/20
※2025/02/20 更新
マルウェア感染させると考えられるURLを検知（2025/02/20）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://94[.]156[.]177[.]41/scc2/five/fre[.]php
hxxp://94[.]156[.]177[.]41/scc2/five/PvqDq929BSx_A_D_M1n_a[.]php
hxxp://ddrtot[.]shop/New/PWS/PvqDq929BSx_A_D_M1n_a[.]php
hxxp://94[.]156[.]177[.]41/alpha/five/PvqDq929BSx_A_D_M1n_a[.]php
LokiBot


URL
hxxp://backupdocscloud[.]site/part/out1[.]msi
hxxp://55780[.]netorder[.]online/hard/setup4709[.]msi
hxxp://31[.]192[.]232[.]28:8080/hard/setup4709[.]msi
hxxp://31[.]192[.]232[.]28:8080/update/Shipment-100032573[.]lnk
hxxp://5[.]181[.]3[.]225:8080/box/setupis[.]msi
hxxp://cloudfiltres[.]com:8080/box/setupis[.]msi
hxxp://cloudfiltres[.]com:8080/docu/Form%20I-21[.]pdf[.]lnk
MetaStealer


URL
hxxps://check[.]dndbv[.]icu/gkcxv[.]google
hxxps://ly[.]backingatop[.]shop/bdc3be5bddda548dec3c2d88464a698627ac9447aae650d4[.]wks
hxxps://check[.]nqzhn[.]icu/gkcxv[.]google
hxxps://check[.]uoeoe[.]online/gkcxv[.]google
hxxps://check[.]aoyoe[.]online/gkcxv[.]google
hxxps://check[.]yyaye[.]online/gkcxv[.]google
hxxps://check[.]oaaye[.]online/gkcxv[.]google
hxxps://check[.]iuyou[.]online/gkcxv[.]google
hxxps://check[.]euuio[.]online/gkcxv[.]google
hxxps://check[.]iuuuu[.]online/gkcxv[.]google
hxxps://check[.]oaoii[.]online/gkcxv[.]google
hxxps://check[.]uyeio[.]online/gkcxv[.]google
ClearFake


URL
hxxp://91[.]193[.]18[.]94/file1
hxxp://finansovayadopomoga[.]fun/Downloads/KrustyPaper[.]pdf[.]lnk
hxxps://thrheeff[.]com/Downloads/KrustyPaper[.]pdf[.]lnk
hxxp://dopomogavidoon-ua[.]info/Downloads/KrustyPaper[.]pdf[.]lnk
hxxp://iodggev[.]com/Downloads/KrustyPaper[.]pdf[.]lnk
hxxp://doorwooden[.]online/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://nmvhf[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://doorwooden[.]online/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://nmvhf[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://ukrulruabank[.]pro/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://ukrulruabank[.]pro/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://ukrbord-uacom[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://www[.]viplataukraine[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://www[.]viplataukraine[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://historli[.]ru/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://www[.]ukr-gov-idua[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://www[.]ukr-gov-idua[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://uacert-onukr[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://uacert-onukr[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://historli[.]ru/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://uaonline-savukr[.]xyz/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://uaonline-savukr[.]xyz/Downloads/KrustyPaperjre[.]pdf[.]lnk
hxxp://ukrbord-uacom[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk
hxxp://fu-asufa[.]top/Downloads/KrustyPaper[.]pdf[.]lnk
hxxp://sdoolksd[.]com/Downloads/KrustyPaper[.]pdf[.]lnk
Emmenhtal


URL
hxxps://szshenyao[.]com/5q3e[.]js
hxxps://szshenyao[.]com/js[.]php
hxxps://digdonger[.]org/87cbLkDcE4fkKWG3pSE6sMsUgO3VtJTu61O5dV8Jon1
hxxps://onlinelas[.]com/5q8u[.]js
hxxps://onlinelas[.]com/js[.]php
hxxps://bongdat7[.]site/work/file[.]php
hxxps://bongdat7[.]site/work/original[.]js
hxxps://bongdat7[.]site/work/index[.]php
hxxps://experiments[.]autoblogging[.]ai/22222[.]zip
hxxps://apiexplorerzone[.]com/cKxDXshtxehIvuHjdk6snOKnBGNM3qpOcIzOAO8CJWm
hxxps://rapiddevapi[.]com/M3P2n8Uaz6wsh7s2fgSRwIiSadn4Wz1fNsRbVwXrW
FAKEUPDATES


URL
hxxps://moonlitbreeze[.]xyz/MDQyZTc1MjU5MjZi/
hxxps://emberhorizon[.]xyz/YWVhNmM2OTc3MzZi/
Coper


URL
hxxp://198[.]46[.]177[.]136/xampp/konno/ko/sweetbabygirllovedmeperfectlygivemebestloverever[.]hta
Remcos


URL
hxxp://185[.]29[.]8[.]3/kxFOeEYHVi234[.]bin
CloudEyE


URL
hxxp://powerinyou[.]org/1437587258/aaa111[.]php
hxxp://776437cm[.]nyanyash[.]ru/videoline_gameMultiAsyncTestdlePublicdownloads[.]php
hxxp://cherniychay[.]ru/ImagevideoProtectuniversalTrackLocal[.]php
DCRat


URL
hxxps://growthinsightit[.]com/images/runtimesssl[.]jpg
hxxps://kismetguzelim[.]com/sek[.]txt
hxxp://87[.]120[.]120[.]56/crypt/laser[.]ps1
Formbook


URL
hxxps://arameiup[.]sbs/api
hxxp://dfreamwave[.]cyou/api
Lumma Stealer


URL
hxxps://api[.]telegram[.]org/bot7967054436:AAEM9PFKBirZzrcJ_AQreC9wDTN-AOtN0uM/sendMessage?chat_id=5007084465
hxxps://api[.]telegram[.]org/bot8041256307:AAGam3kL48795R3YlIMnfOOfK-_9BlCA7qg/sendMessage?chat_id=2135869667
hxxps://api[.]telegram[.]org/bot7932652060:AAGfWzT7VuDRopXDARov5b0y9nd_QzIJ2iU/sendMessage?chat_id=2135869667
Snake Keylogger


URL
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1Framework[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1Execute[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]bat_[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1method[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1load[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1runpe[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1msg[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]vbs[.]txt
hxxp://45[.]40[.]96[.]159:8080/TaxDocument/Retum%20off%20Organization%20Exempt%20From%20Income%20Tax[.]pdf%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Adobe%20Acrobat%20Document[.]lnk
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1xx[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1invoke[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1type[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]ps1_[.]txt
hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]vbs_[.]txt
AsyncRAT


URL
hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/softokn3[.]dll
hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/mozglue[.]dll
hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/msvcp140[.]dll
hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/freebl3[.]dll
hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/sqlite3[.]dll
hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/nss3[.]dll
hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/vcruntime140[.]dll
Stealc


URL
hxxps://tynifinilam[.]com/test/
hxxps://horetimodual[.]com/test/
Latrodectus


URL
hxxp://65[.]20[.]102[.]41/cloud/500[.]ocx
hxxp://65[.]20[.]102[.]41/cloud/6512521[.]ocx
hxxp://65[.]20[.]102[.]41/cloud/Document_52105[.]lnk
hxxp://65[.]20[.]102[.]41/cloud/Document[.]lnk
hxxp://65[.]20[.]102[.]41/cloud/6512523[.]ocx
VenomLNK


URL
hxxp://142[.]11[.]229[.]180/nc[.]exe
Metasploit


URL
hxxps://bitbucket[.]org/trafficbinghub/softhubich/downloads/helper[.]exe
Quasar RAT


URL
hxxp://222[.]141[.]36[.]141:53156/Mozi[.]m
Mozi




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxp://94[.]156[.]177[.]41/scc2/five/fre[.]php hxxp://94[.]156[.]177[.]41/scc2/five/PvqDq929BSx_A_D_M1n_a[.]php hxxp://ddrtot[.]shop/New/PWS/PvqDq929BSx_A_D_M1n_a[.]php hxxp://94[.]156[.]177[.]41/alpha/five/PvqDq929BSx_A_D_M1n_a[.]php	LokiBot
URL	hxxp://backupdocscloud[.]site/part/out1[.]msi hxxp://55780[.]netorder[.]online/hard/setup4709[.]msi hxxp://31[.]192[.]232[.]28:8080/hard/setup4709[.]msi hxxp://31[.]192[.]232[.]28:8080/update/Shipment-100032573[.]lnk hxxp://5[.]181[.]3[.]225:8080/box/setupis[.]msi hxxp://cloudfiltres[.]com:8080/box/setupis[.]msi hxxp://cloudfiltres[.]com:8080/docu/Form%20I-21[.]pdf[.]lnk	MetaStealer
URL	hxxps://check[.]dndbv[.]icu/gkcxv[.]google hxxps://ly[.]backingatop[.]shop/bdc3be5bddda548dec3c2d88464a698627ac9447aae650d4[.]wks hxxps://check[.]nqzhn[.]icu/gkcxv[.]google hxxps://check[.]uoeoe[.]online/gkcxv[.]google hxxps://check[.]aoyoe[.]online/gkcxv[.]google hxxps://check[.]yyaye[.]online/gkcxv[.]google hxxps://check[.]oaaye[.]online/gkcxv[.]google hxxps://check[.]iuyou[.]online/gkcxv[.]google hxxps://check[.]euuio[.]online/gkcxv[.]google hxxps://check[.]iuuuu[.]online/gkcxv[.]google hxxps://check[.]oaoii[.]online/gkcxv[.]google hxxps://check[.]uyeio[.]online/gkcxv[.]google	ClearFake
URL	hxxp://91[.]193[.]18[.]94/file1 hxxp://finansovayadopomoga[.]fun/Downloads/KrustyPaper[.]pdf[.]lnk hxxps://thrheeff[.]com/Downloads/KrustyPaper[.]pdf[.]lnk hxxp://dopomogavidoon-ua[.]info/Downloads/KrustyPaper[.]pdf[.]lnk hxxp://iodggev[.]com/Downloads/KrustyPaper[.]pdf[.]lnk hxxp://doorwooden[.]online/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://nmvhf[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://doorwooden[.]online/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://nmvhf[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://ukrulruabank[.]pro/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://ukrulruabank[.]pro/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://ukrbord-uacom[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://www[.]viplataukraine[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://www[.]viplataukraine[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://historli[.]ru/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://www[.]ukr-gov-idua[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://www[.]ukr-gov-idua[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://uacert-onukr[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://uacert-onukr[.]com/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://historli[.]ru/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://uaonline-savukr[.]xyz/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://uaonline-savukr[.]xyz/Downloads/KrustyPaperjre[.]pdf[.]lnk hxxp://ukrbord-uacom[.]com/Downloads/KrustyPaperbot1[.]pdf[.]lnk hxxp://fu-asufa[.]top/Downloads/KrustyPaper[.]pdf[.]lnk hxxp://sdoolksd[.]com/Downloads/KrustyPaper[.]pdf[.]lnk	Emmenhtal
URL	hxxps://szshenyao[.]com/5q3e[.]js hxxps://szshenyao[.]com/js[.]php hxxps://digdonger[.]org/87cbLkDcE4fkKWG3pSE6sMsUgO3VtJTu61O5dV8Jon1 hxxps://onlinelas[.]com/5q8u[.]js hxxps://onlinelas[.]com/js[.]php hxxps://bongdat7[.]site/work/file[.]php hxxps://bongdat7[.]site/work/original[.]js hxxps://bongdat7[.]site/work/index[.]php hxxps://experiments[.]autoblogging[.]ai/22222[.]zip hxxps://apiexplorerzone[.]com/cKxDXshtxehIvuHjdk6snOKnBGNM3qpOcIzOAO8CJWm hxxps://rapiddevapi[.]com/M3P2n8Uaz6wsh7s2fgSRwIiSadn4Wz1fNsRbVwXrW	FAKEUPDATES
URL	hxxps://moonlitbreeze[.]xyz/MDQyZTc1MjU5MjZi/ hxxps://emberhorizon[.]xyz/YWVhNmM2OTc3MzZi/	Coper
URL	hxxp://198[.]46[.]177[.]136/xampp/konno/ko/sweetbabygirllovedmeperfectlygivemebestloverever[.]hta	Remcos
URL	hxxp://185[.]29[.]8[.]3/kxFOeEYHVi234[.]bin	CloudEyE
URL	hxxp://powerinyou[.]org/1437587258/aaa111[.]php hxxp://776437cm[.]nyanyash[.]ru/videoline_gameMultiAsyncTestdlePublicdownloads[.]php hxxp://cherniychay[.]ru/ImagevideoProtectuniversalTrackLocal[.]php	DCRat
URL	hxxps://growthinsightit[.]com/images/runtimesssl[.]jpg hxxps://kismetguzelim[.]com/sek[.]txt hxxp://87[.]120[.]120[.]56/crypt/laser[.]ps1	Formbook
URL	hxxps://arameiup[.]sbs/api hxxp://dfreamwave[.]cyou/api	Lumma Stealer
URL	hxxps://api[.]telegram[.]org/bot7967054436:AAEM9PFKBirZzrcJ_AQreC9wDTN-AOtN0uM/sendMessage?chat_id=5007084465 hxxps://api[.]telegram[.]org/bot8041256307:AAGam3kL48795R3YlIMnfOOfK-_9BlCA7qg/sendMessage?chat_id=2135869667 hxxps://api[.]telegram[.]org/bot7932652060:AAGfWzT7VuDRopXDARov5b0y9nd_QzIJ2iU/sendMessage?chat_id=2135869667	Snake Keylogger
URL	hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1Framework[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1Execute[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]bat_[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1method[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1load[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1runpe[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1msg[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]vbs[.]txt hxxp://45[.]40[.]96[.]159:8080/TaxDocument/Retum%20off%20Organization%20Exempt%20From%20Income%20Tax[.]pdf%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Adobe%20Acrobat%20Document[.]lnk hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1xx[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1invoke[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1type[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]ps1_[.]txt hxxps://casalomaminca[.]com/wp-content/uploads/2025/02/1tron[.]vbs_[.]txt	AsyncRAT
URL	hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/softokn3[.]dll hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/mozglue[.]dll hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/msvcp140[.]dll hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/freebl3[.]dll hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/sqlite3[.]dll hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/nss3[.]dll hxxp://62[.]164[.]130[.]69/16fcfdf0c5b3315a/vcruntime140[.]dll	Stealc
URL	hxxps://tynifinilam[.]com/test/ hxxps://horetimodual[.]com/test/	Latrodectus
URL	hxxp://65[.]20[.]102[.]41/cloud/500[.]ocx hxxp://65[.]20[.]102[.]41/cloud/6512521[.]ocx hxxp://65[.]20[.]102[.]41/cloud/Document_52105[.]lnk hxxp://65[.]20[.]102[.]41/cloud/Document[.]lnk hxxp://65[.]20[.]102[.]41/cloud/6512523[.]ocx	VenomLNK
URL	hxxp://142[.]11[.]229[.]180/nc[.]exe	Metasploit
URL	hxxps://bitbucket[.]org/trafficbinghub/softhubich/downloads/helper[.]exe	Quasar RAT
URL	hxxp://222[.]141[.]36[.]141:53156/Mozi[.]m	Mozi

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております