不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様23社
URLアクセスした
弊社お客様35社
-
2022/01/28
※2022/02/09 更新
01/26から発生していたマルウェア(Emotet)に感染させると考えられるメールの受信・URLアクセスを検知
メール及び添付ファイルを開かないでください
■IoC
添付ファイルハッシュ値:
03b4e9481ca495d1daaadb038dd3d20ca467467d24625234c9c50720f92c2047
066788e61730a6ffb47c803f5e5941f3985e85ee9bda3b9875abfd557e92f4b4
066896aa42e939731a2ca76a173870fe5a43877c780f579709622f5ff3b469d4
097e10a10fddb3bfba40ec406265b8f55c7edc55d3187b87fc5c0c84631278d9
0a916b494809abd2c2746f3bf3f396c0f685b4e18de787e67f8c99218e1f6970
0aeb1fed2a92309d35b4c1ee2f5a18ad9594fd5382f4ab9fe6fa431e9a426548
0ba4cf1b7e88c512fc1ffa966be6a5edca8012f992927c04e6399f3c7c6eec89
0cce7ccfd9419f3709d66fe83d54693f44c3d44b36f3d631765e8f994e12af24
0dffd50f5e61eaed6623498e1215b1d4d9c16910e996a25231fc9732ea5735c9
10e63e85fc8f494077c176c1a291b09d96d46994bbf2133275e97f3f767bad4c
112f16ad264f80c62a1e9a8990c8d50ac3c94b522a14999d503edc625a64fb48
13aee6b48dde5d6a9891f18d0efbced7a0c82ddcbc67cb0cfd90e6921645db46
18570590017219d42fdfe278b8985dd2fc496d1855b4305399e767c5c91656b5
19feb5494a4375c8b868ed3b54d4b5f74d4d3057756703a37de9ba1fbbc69da0
1dca0a81eef620d779edfac572ffbcbae0fd03f1e4ec7a6b72e11f7250ed7211
1e772cf172997a0354cb86d07d61cdf8f42698b44516ae22b85f66c141039813
1effbf14fde0089a76191676c3055f933a55062930126f74d59d922e4c5a2f0a
2131e95c8791079ad0259a4bdaf2808c807414fe0d8fd7bf1b6e605b87b640bf
24621be79c165e2e79ae4a5d2fa2a3b4225169bbd3f82aa18169289aa04f855c
2587ab7ac28c07f615519e9780d2620f0a9d28a3551ee82c4f57e3c3658b2291
2610113541d71c24aea21ddcb8760a6f22932858b9c7261d70e9b9d1ca281468
2861dffba9437cffb8cf8fe9cf25bef9088d984a2f2bcd08e7c060c43d4d0b9f
2931e81cfc64c3114c5f3850dc07e4eadb673300620b78061d9de76954f179b4
2c9b1b744810484899fff02950b68c9b3ddfa2a42dd62f868f3b26312d513677
321e113899cfa2bf884852c905e8797923f9c851f334fec2115baf3784b3a35d
33ea1060cbc52a220ee30bafa5255a8641a0ee999f9a004017dc8807d5c2ce3b
36e3b2e2c5615c7fd03a6b14cc2b268eeb4cc4c10dc91971cf5c80d4e9898371
37404b09b76752dcf5ddc237c1c67601e9dcad7cc59254b38a8c1068c01b410c
37c0f4cf2c83c57eae218b6292b476bfa2cb4e9857ebd1e9aaf5a80012a86dba
3e1d672a005672ee35177bef7f288cf8628ec46e6d7ef7cb37b758a5912142c4
3f20b9a4834bce630614234fd2c9c85a13ebe1c6557cac49933b27b69e636229
3f55555302774e38ed6dea3e740d3c0c0dc308e59af3b13213e4b380b12d8bea
415445300be722050251901d83f089457e998629d4d22a495a36de62694e6250
41fbded43ad4a13a1ac0a92b76ecc4617201b2407619f8fc8fd722631cac7a72
462f7a70cf687bdc8773ce48ae3373cc0dc49ba84df3ddc5d43ad411dd1f3a56
4ca179a7796fd923e9aecd50499587938c2fd2251701adb8c7b8d84324721d15
4ca38cb904928214d2517cd67b9a8c75e8f0a3fecd0b2b9e5bd369fc30c32476
515815b5284482014f2d2f993e183407b0c31d2c9af33808c11eba2e50393b17
5181c7e282193b5822c25e816e1c51c0d8b75d0501eca97610e9d3b369fa5a57
560bde5a9ff5c931cb20752e16cfcc229f04e44e61cf803999ef8eb6b0c1d325
58d8f18495f55180f6578494d06d1edcff0ed755ba63db8cd480d49e8f2e1ad5
5919bc6ea61484b6e21c646a663ddfac4202b18525bb681df11a17892b015169
5c40affbdab1c4f902f8652cc47897069ddcd93f05dbadf6a48757a01beee561
5cead2b659fae3212e495edc498fc8342e39473e1418c355a74a8c2af19dc22b
678d2066ee111966df22de7d9f2277b32cdc76a140c8e085251280da3c84c959
68b255b320cf76232029923fb1323a15012e9a11d8e169ca06e731755988a12a
6a203d3da049093f452f87b3f3decf743363d301d735a3d7bbe60d46dda2d9a7
6abd01eab4160780119114ab6014bce760a98cccdea7d65d67be9cfc17fbcc0b
6ac6f3a188532b61863c064994f3099ec204dff8e70670b8597614499b1f4aad
6afb6c5f1d91d2e534fbb8b80193c0998b5c2a9ef729c94f9d1ac1b88d576a34
6b32973a21458da19f323113c844829ae83447d22a0fbd9b4a52cd6bd02d585e
6e657a598ea97fd2d27eb15610351e725f3f45d6e66b3e29fcdebc769b62771c
6ed3b7af6111af3247a44ca14e17855833a68efcf4cd1024f8e413fb8c65351b
700d7aa9e0c06198905026f44712dd21de249a6d73aab541096c9f0ecbccc13f
7412096591f0ffa9451385d123e663ee960d4180306e05cf875c37bccc43bdc1
7416877c38f82b291d1bc7e708adbe2c082365aca829b95c174a27599a73525d
776a882ce6b435a999253213ccd6ba21036ae22a3ffedd380612bca93b1a2ed0
7baad57292096e727858dad64ce2cbaf7a36ede0957be5f99215882b23c9ca93
804fb8fa781db986f2305b55024e064ab0d93138af07aa338fd92edb0303af05
846d9630f9e9f07e14d74dbc7ee643245690710c4f7ed345554ddeda5e49373d
85da4a59bbf2d6320814c040dd5b564550aaa8ea4067e2329bce4a7033cde5d8
89550b6c76049ebe2c54af38fefec30081d7afc67ae814e5ec49a9b489444d92
8965b4940d02b3ab5f62a28ead37c5a09c6792ab218163556ff500faa78017a0
8e182cb49a0fb2d2fb1f178cc996a4fa249c01192268a36e6f3629c0298a2c94
8e434b66fb2e02be5d7bb02f061520644f8145a951100ae29d181bcc1a6c1f5e
91d72f43f4bce265362749058b615eee80a8a457de922dda6fadf43ce6fdcd6d
927955e904a715049421bdf3494921ff6b476c85fbdc2b5984245d963b958257
96be10744ed268bca70a89cf79f749e8170e0c7e1ea96307153c5de88921685b
9909268b9d3f63361dfecbd9f164036e9e760d6b108499e8a662f656ccabcee4
9b9814b4fa8db5e97e082dfbc5a1c6a43da7b110fe4aea7fd5a2e2103802598f
9be974d7841eee54d14406e1e74b40dd2014d500bdd742ffc4ca34d45a54a939
a0fcfa8c5f18fb8555a889bde0452593aafda877b58ae6316d949761834aaa4e
a29e8412c419b19b439acd7557222e28d15b275c3bdfe5329304934620637388
a5199ad59b3c0f98bd4158e74d8e9771204df6e00876f36f7d4552b5b914533f
a8351a5c5480c8df09a3f5bee8d6618e875a0f416f343a7732ec370121490d3d
aa5586e516474c7257e4e87006be41636bba6cbfce2b39837e44b9935b9093cc
aa869d45ed9c6426bae9958f4efc33cc0f5f7c10bdbf40b50b8454eee61fa59e
aaef37cf3d014caa6859f19d641a0cfbc18750bb43f34b33deb4559a738fb993
abd29a85ece6d92b103c65d2f5257f4bf042d727ee7fc1e20655659454da75d6
afd680e4897e0f55e9836e814824983c85ef3e82c2d26d1b3ed138b492fb076b
b2b24497206ad1267683b6c1b2fe92a55cad6f45d8c47ebb1d397476c811fcfa
bae80ced7d65c3bf0490b65de2a2609093e57e7fe3c351f5b0e60801b2e03a4b
bc0b9d48fb3f1230b3142c42c80c75d6dcd78883dfa9a8093fee2d10a121ee96
bcad7d52cdd4196e253f8bcb1e48801885989e85dbbc6c3503f5527967e6d0cb
bce09279602c8290b680e4c82580e5838c0275036ffb3f0fe523556d180854da
c2a740755ad98d7dec6427f5cc9e467112556a72ad373c3c67b4f0769592f77d
c411bcb3766f22a4e14d3a8d8936467820bc31f204a4653520b04752d2daaa52
c5855cef4e9e7edd9df7389c866d55d03a0223cef8f4fb21b3c774a2602ee721
c692ea146600e6a4bab40e6b5282ff3a6fad69bbb49867fdf3e9bf8c45d37d3d
c6ef2f8b45f877af110f0216dd391005455d13a6dc296690e37a1376631314d1
cc6847e5b41a434acf474bfde9116d5f814ad3ecf517de270f3147f06ebd177d
cdba2ccd88f232a0a74be68eb2221d729da163cd859521a81e6133aebd3b8504
ce0ca275487620b7570f192280ef9bc2e94dc151445c2b9007be9a8835d38f24
ce4c252a80ad5bd609c28205b4a37ca7f241b6f047a37027ccb72bf31246dd82
ceb1664750ec8087235667b2bb17463146e7f152c8d0775716e4f61b21e042cb
cf01c80f3889925d93dec0eb13666f4a2d7b4651f3689638fe405fe5741fdc58
d56f05e65b45998042a8240d6b7db2f132662bb4cc4dbea52ce85136bbb1e86a
d81a49af839fd5fc62a9c4ce78ed1274f6e30a259f015cea1b4e6307229d308a
d86f2b52555375fef7404e404f3683f9609a71264eab10e89388e97124093104
d96775a50795a0a2bbe10fcf13b4837916263d6271fb190bd3a7387d53b8ec2a
d999e1fdb43591b98dcf924d8ebd090a66691e262bebd5cd25fb03858a0e1536
d9a92969220e4e02b77f73e7b9ac41c1290516b81f58e6f204a44dc3db4feffb
dbdbd82df28bbddb08eb2346d872704d174d0c26f92324420d3feff72ed8b4ec
e0d77fbae73bff8b034102639de274dc42caf6f89f0cc852782fa1eea618f672
e3fa20cfd4120ee9e0b8ccc3fcea5d979513221687935997d4e529642a5a50a5
eb1bb0ac3d363860f1b5876c04891343bf6d8ca54be00b20e7f0029f0b16a510
ebc8306e1953122b8cd6f1b2c6abb5e401ca7a9ff2432fafc2beade3a61b9285
efe7b22ad09ec3a8c3ec1531576a3ca562c819e7dcdb7193ace01dab0d5c2fe8
f198db827c2fbd1b98da2ac24ec2a527f53bb0e941084ae3cc5c1300a036149e
f1d1945cd45b6cda04aab17f810dfeaaaf78691d873067b837461a6896ba856f
f44c80172ac8a6327ee8fda0f53549ab737cc8c6597b5cc8d20fb21055977258
f8db1b93e419fa8d2bab688771870bf327018930b3fc6b72fe0c106faf2f61ea
fbfbb4d4a068d0e8f4a8fc7c97eba835f75231f2da0551e6d336c8cc6d89fc1f
fcd5b7c96317f357dcfd5c62e041a7925e20826e6f8bc80dee332c1370b45602
fd4974654d820a254e947c42139a0c937674623df793ae97cceabcbc3c432df4
fd8e4fb0619d2e9c88a80090d9bfd0d3d47fe6e531d6ff0161ec2ce2074663c8
fff13a5439098e7ff8313adb89d6a6c6be70867e6d77389c70589eab0834d5f1
※メールアーカイブにて検索が可能です。
※「添付ファイルハッシュ値」は弊社で観測したすべての情報を掲載しております。
通信先一覧:
hxxp://91[.]240[.]118[.]168/fe/f[.]html
hxxp://91[.]240[.]118[.]168/fe/f[.]png
hxxps://alfacolor[.]net/alfacolor[.]net/95o1/
hxxp://la-source-du-tapis[.]com/cgi-bin/scz0RtC/
hxxp://danahousecare[.]com/wp-content/cache/nenpNzUTJU1vuGUUD/
hxxp://oyerhof[.]de/wp-admin/acxxrv5aMZSdf/
hxxp://vinayaabeautystudio[.]com/Fox-C/TzyMkoijwffjQH/
hxxp://fardatech[.]com/wp-admin/css/RE69Qc20c5A/
hxxp://www[.]tucstar-development[.]com/phpRechnung/1Ip54zh9gl/
hxxp://1skt[.]com/z/fRLF9NYqcXxnRYh/
hxxp://dcs-nets[.]com/b/NEc/
hxxp://bilgisayarmarmara[.]net/enhamper/b8pD0/
hxxp://91[.]240[.]118[.]168/se/s[.]html
hxxp://91[.]240[.]118[.]168/se/s[.]png
hxxp://unifiedpharma[.]com/wp-content/5arxM/
hxxp://hotelamerpalace[.]com/Fox-C404/LEPqPJpt4Gbr8BHAn/
hxxps://connecticutsfinestmovers[.]com/Fox-C/mVwOqxT17gVWaE8E/
hxxp://icfacn[.]com/runtime/n7qA2YStudp/
hxxps://krezol-group[.]com:443/images/PmLGLKYeCBs5d/
hxxp://ledcaopingdeng[.]com/wp-includes/Qq39yj7fpvk/
hxxp://autodiscover[.]karlamejia[.]com/wp-admin/hcdnVlRIiwvTVrJjJEE/
hxxps://crmweb[.]info:443/bitrix/rc9XjtwF/
hxxp://accessunited-bank[.]com/admin/hzIgVwq8btak/
hxxp://pigij[.]com/wp-admin/MVW5/
hxxp://artanddesign[.]one/wp-content/uploads/A2cZL7/
hxxp://strawberry[.]kids-singer[.]net/assets_c/WAdvNT84Dmu/
hxxps://eleccom[.]shop:443/services/AEjSDj/
hxxps://izocab[.]com/nashi-klienty/B5SC/
hxxp://91[.]240[.]118[.]168/zzx/ccv/fe[.]html
hxxp://91[.]240[.]118[.]168/zzx/ccv/fe[.]png
hxxps://www[.]yeald[.]finance/wp-admin/1WgPRm/
hxxp://sneakadream[.]com/wp-content/pccmAOq/
hxxps://umanostudio[.]com/wp-admin/n1LG7aJnptBlQkC/
hxxps://weddingbandsirelandjbk[.]com/hgsynt2/o/
hxxps://getcode[.]info/wp-content/QDx8b5j/
hxxps://falah[.]org[.]pk/vegasvulkan1000[.]falah[.]org[.]pk/ZBRx4QuUXfLH/
hxxps://chochungcuhanoi[.]com/wp-content/cyE2u0cnolP/
hxxps://allaagency[.]ro/wp-admin/7/
hxxp://tattooblog[.]cn/wp-includes/KJLv/
hxxps://palankhir[.]hu/tools/GJRNhZHz/
hxxp://masboni[.]com/wp-admin/3zUQl/
hxxps://tanquessepticos[.]com/wp-admin/ApVVbl1fQ0/
hxxp://starspeedng[.]com/One-File/U3Trml/
hxxp://91[.]240[.]118[.]168/oo/aa/se[.]html
hxxp://91[.]240[.]118[.]168/oo/aa/se[.]png
hxxp://farmmash[.]com/edh2fa/g2Q7Qbgs/
hxxp://karensgardentips[.]com/cgi-bin/hfpv/
hxxp://centrobilinguelospinos[.]com/wp-admin/w8528qkQnMPLDUc/
hxxp://unitedhorus[.]com/wp-content/m3oxVSV2uYW2rbh/
hxxp://vldispatch[.]com/licenses/JE6Ol2dfhrk/
hxxp://il-piccolo-principe[.]com/wp-content/Ua9GvD7acXnDz/
hxxp://hardstonecap[.]com/well-known/ps9kNMgc6/
hxxp://3-fasen[.]com/wp-content/3Bl0hBbW/
hxxp://baldcover[.]com/wp-admin/oRwkRUWpbJ55/
hxxp://tastedonline[.]com/cgi-bin/GOHSO621KlmM6m/
hxxp://wencollection[.]com/wp-admin/pY6t2bVC0QWEpk7Q/
hxxp://tombet[.]net/jmaruk/fd8sVaiAcwcsfMdONH/
hxxp://91[.]240[.]118[.]168/vvv/ppp/fe[.]html
hxxp://91[.]240[.]118[.]168/vvv/ppp/fe[.]png
hxxp://ayoobeducationaltrust[.]in/cms/LmOOeDnNo0dh4vkN/
hxxp://lynsmithgroup[.]com/hftm2i2/KZIFwjmwWI1sy/
hxxp://curvygirlsboutique[.]com/jfertl/Ge49zcIzb8KWwXFFk/
hxxp://thesocialagent[.]net/b/MO5AKqJ9Ty9lE/
hxxp://bawelnianka[.]cfolks[.]pl/wp-content/Ttv/
hxxp://test[.]dreamcityorlando[.]com/t0mmx/xBBXi/
hxxp://huculek[.]futurehost[.]pl/images/6Dbbmo6xEQDD/
hxxp://test[.]valestudios[.]com/wp-content/aPvW7ApNbRY4ZGP/
hxxp://crm[.]compracasaenhouston[.]com/hs4d8a/c0s13I/
hxxp://sellin[.]app/wp-admin/S2cDPYXNKEnT/
hxxp://cmit[.]valestudios[.]com/wp-admin/RueGJ41A/
hxxp://91[.]240[.]118[.]172/gg/ff/fe[.]html
hxxp://91[.]240[.]118[.]172/gg/ff/fe[.]png
hxxp://hostfeeling[.]com/wp-admin/4XsjtOT7cFHvBV3HZ/
hxxp://jurnalpjf[.]lan[.]go[.]id/assets/iM/
hxxp://it-o[.]biz/bitrix/xoDdDe/
hxxp://bimesarayenovin[.]ir/wp-admin/G1pYGL/
hxxp://gardeningfilm[.]com/wp-content/pcMVUYDQ3q/
hxxp://daisy[.]sukoburu-secure[.]com/8plks/v8lyZTe/
hxxps://property-eg[.]com/mlzkir/97v/
hxxp://totalplaytuxtla[.]com/sitio/DgktL3zd/
hxxp://maxtdeveloper[.]com/okw9yx/Gc28ZX/
hxxp://www[.]inablr[.]com/elenctic/fMFtRrbsEX1gXu3Z1M/
hxxp://activetraining[.]sytes[.]net/libraries/8s/
hxxps://gudangtasorichina[.]com/wp-content/GG01c/
hxxp://91[.]240[.]118[.]172/cc/vv/fe[.]html
hxxp://91[.]240[.]118[.]172/cc/vv/fe[.]png
hxxp://weezual[.]fr/ju9c/twEHJDCvNwGimD/
hxxp://mycloud[.]suplitecmo[.]com/Fox-CCFS/zBdGqiyW1HTZD2j/
hxxp://michaelcrompton[.]co[.]uk/wp-admin/G/
hxxps://www[.]belajarngaji[.]shop/wp-admin/zVhSqHo7Fi2ulNeN1/
hxxps://lambayeque[.]apiperu[.]net[.]pe/assets/whnYzDBLH/
hxxp://chupahfashion[.]com/eh6bwxk/bowptl/F2sib90zZsqJ44/bQ8VXS/
hxxps://hekmat20[.]com/wp-includes/7/
hxxp://sep[.]dfwsolar[.]club/hzh3v/zCUz44VgIrN/
hxxp://ancyh[.]xyz/assets/Pcxv1k5/
hxxp://danahousecare[.]com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/
hxxp://firstfitschool[.]com/83wg6z/9TRIk5HsoTQiiVWoX/
hxxp://stancewheels[.]com/wp-admin/bbL1MAzNvohHH/
hxxp://journeypropertysolutions[.]com/cterq/FoPrW8qKzgIj3E8m/
※「i-FILTER」アクセスログを検索し端末を特定してください
※「通信先一覧」は不要なアクセスを避けるため、一部変更しております。
■製品対応状況
▽m-FILTER
・偽装レベル2以上で隔離可能
・本文偽装判定(URL不一致 / イメージリンク)で判定(部分的に有効)
・添付ファイル偽装判定(添付ファイルマクロ)で判定
・送信元偽装判定(送信元認証失敗 / 送信元メールアドレス詐称 / メールアドレスの不一致 / 不正ドメイン)で判定(部分的に有効)
▽i-FILTER
・[脅威情報サイト]カテゴリでブロック可能なよう対処済み
・ダウンロードフィルターでブロック可能
※暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。
※ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。