不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様45社
URLアクセスした
弊社お客様9社
-
2022/03/08
※2022/03/15 更新
03/08から発生していたマルウェア(Emotet)に感染させると考えられるメールの受信・URLアクセスを検知
メール及び添付ファイルを開かないでください
■IoC
添付ファイルハッシュ値:
014468c9863cd1086a1c8535b6764e4b743d1e7c3c7d74a0fc944ebac0fdcbdf
01fd2fc23f8ae873bc331db7b8de8d2d02e51f1d19e6bf0f57a08163e65e3548
02d8a98a8c1439a25fde5df60252bf13f57c563633ba98a050e200d2fb9cf621
04beda40a362a5ac24b6a66fad6ed7228c74ceda0dc69b5bfb576f469f8659d0
08238fce9c1812ed063f02411bd63fc7e3732aed04924a05b9f345623dbd414e
0a7774e364e62424e642c68bdb24c7f05d9e4892c06983d70b9082e3ea0a259b
0af2bcdddddcc2d7117d0c6427081ac0f378e5e9bca191cb32f265e33929dcd5
0b108e486e6b381023032afb042c3fe2cd8e9c4b10001bfe5b44811476515cb4
0b6aff3095d1c11aa78a458ec583cee43b79179c6301ef0336215190478a53b1
16cf8d8dce4e562ee42a83d7f5c71bcc9b15c586be2235bf8936bca1265452fd
16f0e8f915ee9b23542952460e99822b93ea1a9b3eb7fbdfcb147395fffed680
16fc00ae52342a8f902529a1f459f926188bfe253bcba2c8a7dd2fa21ccd2a79
17b18e74188f57b5441f1464a0e310203c794435caf3d084462e483d006671c6
1c2ef4dea8772135b6338292b61774d13f9a75818b9d2759fd712c50ea070bad
1cf9db3a050c63694a8503096ebe0e0c7a4c7e269a114c76378ddd303a91c959
1e7e7e835fc36a78e51d28fc7fcb1d0bab806022f140f0da11f9c91a10e93145
1f313533fe3ea0815e5a904724db3a3634aed911595331962eb4928eafa51db4
22cb223e492b4aaaf4412f65ab6b95034f5a35917373fdd34b545e1a773171e4
285eedd2f300ad3ee98e71530f76c84fb7c8153c44466dc2d694f7e03abe682a
28f87fbae19d10feb7dcd5d43f6918a16f982eb0e06dac135c5c1d7b0aa9f13e
2a4b708976b73ce90b51d73db95ba16c1655cf79ab3f9825e52a7cddd52d0774
2a721e2013f9d79b643cdcca56229a3ecbe227608f1d418b6be7ec75cebfd131
2aa24230e8d5aacc1738191870836dfb04b34f103ef038ac7869d30baec122aa
2ba3a730ce96a7ada9ab94f9971f86f62a8615a508db1656a574491008b1e867
3124607bf93e68a7f473f60c60f77ab41a71c7361eda7147a5a0a0a6ac584354
3588284acdc23d5b235576077deadbc1d4f302f5c8f21c9b253a472caf4b81bd
3821fca696161286c8b4af365d0dad97f44d6a57c9566684502684b1e8b0fd09
38af25669e6d99296141f7ec8fd6e9dbac0541bfdaf77452861b729ffa2abeca
3a2c31f07118b819cc3cff400036cb27a73c5cdd827645ffd54580cad5eeddcd
3c1ef073f20bc32089cf36a19806e7cee2c244fdd4f77302ee5426195bfed7fa
3c6acb4e494b889f881ec4707fd9f0e28a40841e39369bb0503ebbcd54b07223
3ecc7d3da01fa9a3bcdcf0e5f19c38e510feef8cae0650a600a6aac7c1b885e4
40e7d12de41a2f0173f4ef9656eda46d982550e3b4fbe963857db7c0d49971d7
410767f920446f0890ddf8f439e9b372c4e2940d3067b8679b7f67aaf48b2294
4496096b02867eb8219fc9872ae64692b09d5817a49960a07eb7645088a0ac6e
4711810ba38862757e1d65304a1db4edd7ba9aff195c56470f3a6c45201081bb
4975e462211dc8d65ed30d657cfdb3769059fe76f3d0c06f8af0c4a8b5c61128
498f9ad08b0df60f37aca3bd6c37c12dc5db2cad5acb20667b981b72912d5407
4b5d0e31782abed70e10282efaa36cb5ddfae3db959f7e8fd1a11ff161c9c981
4bf9e171b7a39da7c071ae0369eeb12f3ebdbc4cbefc6fa22aa633eccb33149e
4f2c586d740db8c55d9ef3ce40ea97ff97e74a97bc5b9a9a866898d71da03cf8
500b29874aac5f41b105d853c9979a1c59f77a7b87012c980adb537ff060c393
500c8e1aaece5b5b8d80f1ab925c57d17f2e739aed359b0e55bed67dc7f9dd7e
522f304f718b478da9cbff1767a347a9e9f36d2c6690b8b552db15c98311e5f4
54b8d5dc78dfe41013734cb2340795fa74a21215644b26a4bf2ebb9e927a2952
5591faaf59660bfdccc1e94555e4a11399ccc1e32fe3420f1359207f92da8bba
55f2a42a9009f5fcdd40ff238cdb7569074c9535d23d68011230ae56aa581feb
56d770074ddfa99e7d06dbe889f47d205da84d4e85f3b7386e489155754aeb10
5e8c61314d2710b322d384afa9805a191deaacc39d47fa942187855abeb6e4a2
5fe640266249e3161f3aa21eb4b6a818142dcedae6dbc177408a74561d457541
658a66d47934fcb1da6ef34d2ff45e41f878820ff262cba3f7b7876e85523d48
66b163cf62dc08e20d230c18ff70cc81e43928d521f72b8a84ce659680be6b3a
66e3964973424f572f31e8aca45c631520a02eb59e1f239f34dc12d53eb3a27a
66efadbf12d90ff1897d8c39e36c45270e4d8bc4ef53f6292cbddded2feadecc
6a231e557b3b80740dfdeaaaacb9f61efed56ff7228e1b7d039c53fde2b8e4fe
6e59d76cc7098296d7381807f407c61b726b74c2f428c59273b1bd02c4153c36
6fafa563470b32181cbc4eca52e870fb908e5a6ba9fa7576bf9531a33577668b
71a9f3a2edff361eca54434a98a754d28a2cb5d2011b8a3b7f69d33bd74bc44c
71fc38d9cd6c675f752f0fc4b94d0f78bce9a950ab1df579487a4a31b97066f8
74f07cda5f037504d4d6c080498c0e2f7478ab0bb4e8d8b9ee8648950209ddee
775f3ed4b830a360e90bd646a9b804a045ca1f2fe65e1dd858d09c7023e62268
77957aca266def454f90d8c1fbec0bd7789588d0637b58707cd7c8b9b7324919
7b5741af98a9731060ef3d87882ff07a4b37fd82a8688216c9c5a5db12418c0f
7ef0513ecdf6ae02fe813e5635528dfc0a583a6dc23b5961c4aa09a69cc9db67
7fb6cff0225c09573d55636db4e5b75258d493a7bab6aee003d6df380eee44f4
816d0b2366d0e2b4b5f79fb8dde9e08c1f6e6e7634cfb931acfec721c791fe80
820dff5b2e576a760db47dd81362ac3e8989446ad8523211306738c5b444f03c
8268a653923e78a09293e62a4c3066da390217a23d06d06671ac7e0ca130b8ce
829fb68c690fb18c57c83da92513b4c45df6d89d48d7555cc6bd5008cd8423c4
84cf7b934e6f80aeefa141d7597d147af2e9dfde8bd1766e1e2c0b2f799c5390
8807740f69a0681ba0a86de0541dfe6b10a1a65d163dc006581eb0239b5b460c
89d8e44b756417a3f63e6250f12b4ee54ac36bb2a2a400b9d33df6dcc1654bd4
8b002626c6bd850aa29f1314ba33cf89bfee6c1db4ffdf0dff39e876e608d554
8c160ee4370e5ffd20a6ef9b4ea659f1c83ef42006a4e8065e00398aa845e206
8c9c4727cc802ca4848e888c9c7f5f0b0420be988df35f49b700f3b20567c14c
8e24a0d4e0af47b9dc2c9db80ac7ba63565e2c32928f5e570350c0ca51970924
8ecf137318dc2c24fe9a7497f02fd14bb84e2fc3e87e132c94652508236a8396
8f353a1eb1d2a4166c70dcac7257533ea4eea0b73ee52d66c176cb472bb46b26
8f361a0341bd79a1178fb427ac84416c5f4a5a13c323ab315428b60f66444cc1
924e9f752555d675acdb30649ee316fcc7fad43a36188cf84506e26f8ec12a88
93096c134d2e309f11c5c91db02d99d8a6bf68ddd448bf21e5ec1e467d115f67
96c56c8cb371c105ceeb82a431eefce8f409a6c9e417cc88e860f2d4a7701684
9710bcaaed6b6455654b501592bd0564eefc9cb244136625f685b51bc9fc8a62
974cc8f1ff129c5bad4d980a533fbfd9ba47e30c0eb0e447ec7296c8eab2cdfa
97eca52a49fe3d877a383fd0438015f2b2625929d8484760133efba599237a75
98259d283830e9c870524956db328d49c9cd97b28065024dd2bfbadf451b5d2f
9fe4efdc3a137725c1e919c8ddea7438bb6b50a38e2446cf0adb905b8f22ee59
a0cbd3de4f893d376772bc1de057e5f385efb78fd4e29e0fa84dbeaed91e5059
a14b3f18e840d8b180a94d90e234528c2d467247044faa9e5e7538ab9bfb4b3a
a226e00340048de5ab2e138b83f722375a49b7088195b20a78325ab3fd0c1b94
a588deb21b9bb9f00c2955f80023fa71b83fdae505b64e35224e5649d80f5a75
a641435cc1f28d6bad0b83881381125e7e840df8516b01afda4e5e655d1cf3b1
a81df718291e6b1cca4bd7858236c9db2cabea4f70bee4e10935f8c078eac95f
a8d80f91bd34799b7f8685310488ea31bf25c54baf6e8eb4f8547d46a6366cdb
a902d54d73c048a83d6fcc582ece1418f8dfe2a5606dac4543be10a3ea1c96cf
a909b645725a3c61bdd09880adca6b72335cbb6606eeb4e0623162d3a4220c2e
ab9d91689a8441c63974551ace71a2c235157f779f6ee57daa67fa9a4815613c
b08987db464b4d51cfcbfc5d9d552185dfa4c3f89f46233156b236b4134e009d
b1ee976f9173d554dc8f567040ead2968bdf988612e633a3863da49e5bb47db9
b6c039d1e61e9ad83e39d817f2da579fd9cab391ebfceffc4a5240220072d662
b7cbff3166981fa6ffb28413c8a6b73c0720dbbf4bd8f80b70d5399b7fea3fe8
b8eb6d029ab98063a8ca4678036257d831d1be076464cd3fd7938e78aab12fc6
bb9dd59d4528ee054551a8f3e38e1adf4ab5bdb38d59d925ac4a7a26db038f92
bbe486594cb7d814cd466444c0ee5f18dce0eed7efe88102730a4a383edf0090
bde47eb83851131de62d08fd0e880fa297d61eec1f385a9af3c5cd7b59aa463c
be4fd70c1c4288cf7636b057ea920140665478d01b05b8160073b717962db8e8
be89a61677bce7673da46155cc7adfed291e8800e4bc78daa634dbf8fb997f10
bf7a667edbcf828006e4d537728010e09c18576e85abbb53305d7fe256c4e70a
c4803b864f98d8cc08d9652822b696d2861a66b6860354c82c181aeb96f91ff1
c6136a06a4f8a8c8a5836739b8f74b37aa7162a81cc5173c8489fcf1e8555fc8
cb95a901039af90e3affe61e3d0303e80c0018772c705a373ae46ab79a1d59c1
ce69e565bfb9fbf0efd24c477349c727253f7b95527f203be9d32833c7175d5b
dfc7b92a11d2529e166f88c340d8df0457962f2fb268f99f7cba04949de44276
e09aa1b6599cd2a9420094958beaffa53b711cb2071805a84a5b4299b90485c9
e26b08ee982e1aa17bb45a5c64efa3297670974e5da44e33604bf14337c01d15
e3e0525f42d7253f6600ff291ce57c874586c19f519801514ef55dfd77d03d88
e5340fa1f7868d376bbc43654fe22c675c5a9b613153c083e9d40fb14a0d8568
e59e35e699a13541fb5b3cd967e12de921aa4f3264112b92c32353c68bd14f60
e6258c415892ce214ec9a79d1113fe529baf5fdeb31649425d16951c72f3a857
e78328a2fc43c93c67efb0ef535fa65cacb1ccffffe26cdca48847a597bd9f17
e79849c2a2e7e28a3020903f6f11c7b82f30620c24b2b04ae391f7cdb600f4eb
e8135bfcb534260a5956b2ac3d3a04c26300ac079c533b00ba125695edd8d5a4
e9b9980d2d19947018afbe81c243a4bb19570ae63e2ac3ff03cc63a0bc61c2d7
eb17cf8ff647310c03286d60b1a7a0569971ebea8f2717b1ed5f20d3c4cb69c3
ebc8e5220a17423fd6fe489d384fd360fb6e32d1bb4fb54d59923eb42c878ea8
ee66f01a0a468c4139892b187b483ae38414c00fc7da35c87ff0061932303a96
f2958d8fd4ee234b8c4c600151c6547ccd3bad80dddc3294f341ca6df9f38249
f69e5e93b7f5d084d299964d9d9e31aaf9da3b7ba81a33fa910fd42cb616d525
f7c3f50815cfdc33d75408ce3e84b463332456f0f994900ff3d3e8468d4d0aff
f86188c0afe0349722375589408baea655067d0962f75a476311633cc125979c
f91c19ce79cbd47d17c3f1aaa4eedc7a0266db4816fe8236a69247a66ba55390
fa3f05cc38b6a611eedb8f4615f2fa6fca9b2f6d7dea0e478f1722dc32b86139
fdcb005370da956d5e2ccdeb29991d456c707ca2d808a99200976cb44c09834e
ff673fefffdefdf626ae8500467a1d0a8763daca1d12ae4a7edd20f28607e54e
※メールアーカイブにて検索が可能です。
※「添付ファイルハッシュ値」は弊社で観測したすべての情報を掲載しております。
通信先一覧:
hxxp://henrysfreshroast[.]com/OevI7Yy0i6YShxFl/
hxxp://www[.]ajaxmatters[.]com/c7g8t/nnzJJ1rKFD2P/
hxxp://aopda[.]org/wp-content/uploads/5oTAVJyjDFOllX2uE/
hxxps://winnieswondersaviary[.]com/wp-content/mxPfty43IionmElgK3h/
hxxp://1000paginas[.]com/tienda/vWtT/
hxxp://crm[.]techopesolutions[.]com/b48om9p6/vquxKuTvTj/
hxxp://sorathlions[.]com/tmp/bfJrKD4g0bJL73qw/
hxxp://www[.]invest-moon[.]com/wp-admin/2PbOcXXyFr4oFoogAA/
hxxp://narsanatanaokulu[.]com/wp-includes/reZNtZ53IH/
hxxps://ramijabali[.]com/licenses/WQu8ZS0qQNGp/
hxxp://support[.]techopesolutions[.]com/gq2z3/yt7TquOtSLXXeade/
hxxp://blog[.]centerking[.]top/wp-includes/YvwIBPBq/
hxxp://suleyera[.]com/components/CNGhltc5v2K6/
hxxp://sociallysavvyseo[.]com/PinnacleDynamicServices/pRlYMzvfuu5B/
hxxp://moveit[.]savvyint[.]com/config/DsfssbO7BYG/
hxxps://schwizer[.]net/styled/D0MG/
hxxp://shabeerpv[.]atwebpages[.]com/css/ww6if1YAsMpjpuGz/
hxxp://shimal[.]atwebpages[.]com/wp-content/xkaRkHr/
hxxp://www[.]agretto[.]com/Template/ziasuz5w8pS08Gm2/
hxxp://www[.]agnesleung[.]com/raw[.]backup/j4ry/
hxxps://lifebotl[.]com/Response/WllkQWM/
hxxps://livejagat[.]com/h/SjpRvD/
hxxp://185[.]187[.]70[.]35/wordpress_bo/srvoaI2MBFc/
hxxp://188[.]166[.]245[.]112/sipadu/eFi8UiJETZiK1FB/
hxxp://103[.]85[.]95[.]5/v1/uploads/87DtpAEZULSccOn/
hxxp://www[.]ajaxmatters[.]com/c7g8t/kYHGlphIEPNOImddm1/
hxxp://henrysfreshroast[.]com/0Rq5zobAZB/
hxxp://185[.]210[.]144[.]149/app/1BKfC3id6jsiH0MC/
hxxp://13cuero[.]com/wp-admin/ff5srrfTNsCju6sD3/
hxxp://45[.]76[.]178[.]115/sample_sticker/tihOPhaF1l0V/
hxxp://abinsk[.]com/cgi-bin/fm63rXkG5Y/
hxxp://academicinst[.]com/wp-includes/44ZVeVQBkeOG/
※「i-FILTER」アクセスログを検索し端末を特定してください
※「通信先一覧」は不要なアクセスを避けるため、一部変更しております。
■製品対応状況
▽m-FILTER
・偽装レベル2以上で隔離可能
・添付ファイル偽装判定(添付ファイルマクロ)で判定
▽i-FILTER
・[脅威情報サイト]カテゴリでブロック可能なよう対処済み
・ダウンロードフィルターでブロック可能
※暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。
※ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。