不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様6社 URLアクセスした
弊社お客様0社 -
2022/12/08
※2022/12/08 更新
マルウェア感染させると考えられるURLを検知(2022/12/08)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://103[.]133[.]110[.]147/outlook/vbc[.]exe hxxp://ewsdghmrhfuier[.]ga/yy/BVGGFRF[.]exe hxxp://ewsdghmrhfuier[.]ga/yy/hodd[.]exe |
Formbook |
| URL | hxxp://103[.]151[.]125[.]88/outlook/[.]csrss[.]exe hxxp://163[.]123[.]142[.]197/outlook/[.]win32[.]exe hxxp://208[.]67[.]105[.]148/osburn/five/fre[.]php hxxp://drinz[.]us/FILAZ/QU/coosaza[.]php |
LokiBot |
| URL | hxxp://172[.]86[.]75[.]144/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll hxxp://172[.]86[.]75[.]144/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll hxxp://172[.]86[.]75[.]144/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll hxxp://172[.]86[.]75[.]144/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll hxxp://172[.]86[.]75[.]144/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll hxxp://172[.]86[.]75[.]144/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll hxxp://172[.]86[.]75[.]144/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll |
RecordBreaker |
| URL | hxxp://185[.]104[.]115[.]33/lyla/versionl[.]exe | PrivateLoader |
| URL | hxxp://185[.]246[.]220[.]210/Yfmndxfzjlz[.]png hxxp://208[.]67[.]105[.]179/bolingozx[.]exe |
Snake Keylogger |
| URL | hxxp://185[.]246[.]221[.]143/pl2[.]exe | CloudEyE |
| URL | hxxp://198[.]46[.]174[.]162/pakii[.]exe hxxp://207[.]167[.]64[.]143/newnew[.]exe hxxp://23[.]95[.]122[.]232/pay[.]exe hxxp://ewsdghmrhfuier[.]ga/yy/HvGJoP[.]exe hxxp://fumiduer[.]tk/fonts/cVLrNwBcEnr8[.]dwp hxxp://fumiduer[.]tk/fonts/qQdCidiSDbbqpK88[.]deploy hxxp://fumiduer[.]tk/scss/jettfhbrJonUAyQcH202[.]emz hxxp://stpindo[.]co[.]id/ck12[.]txt |
Agent Tesla |
| URL | hxxp://23[.]94[.]231[.]161/118/vbc[.]exe hxxp://eisnt[.]com/ahu-punjab/Fgxogd[.]bmp |
SmokeLoader |
| URL | hxxp://31[.]41[.]244[.]188/lego/MS-office%20(x64)00000345678[.]exe | Amadey |
| URL | hxxp://31[.]41[.]244[.]253/miha/wish[.]exe hxxp://62[.]204[.]41[.]6/newlege[.]exe hxxps://nassarplastic[.]com/wp-content/config_40[.]ps1 |
RedLine Stealer |
| URL | hxxp://5[.]196[.]153[.]51/files/Adsme[.]exe | LgoogLoader |
| URL | hxxp://abibiall[.]com/lancer/get[.]php hxxp://abibiall[.]com/test1/get[.]php |
STOP |
| URL | hxxp://andex[.]biz/pic/indexc[.]php hxxp://chai-design[.]com/d[.]htm?oabZvRk7sq7yDLM1AKA6bILvQxXpTtpyB4kvnKjMPx hxxp://chai-design[.]com/m[.]htm?wXjGYZHrZMwnz2F7g4MsCG9kF4fZ7wIM5ygsBvwtwH hxxp://chai-design[.]com/r[.]htm?MaLtg2pgY1H1wnLWWinuRboygAvv3RmGn9k7qiPdH5 hxxp://krismencia[.]com/blog/wp-content/themes/yoko/js/ads2[.]php hxxp://mgm-berlin[.]de/gal044254195/ads2[.]php hxxp://mstrainingnow[.]com/default[.]php?RPrIdrz6UkYNjRYsGi4AcLbpjxlcCrOMpZ hxxp://neuromedgroup[.]com/default[.]php?FMexgur5Kcs2WNQnqSR6UOCsaMlycHR8hv hxxp://salomao[.]com/logs/ads2[.]php hxxp://samymedia[.]de/a[.]htm?tH6CWZKr2agpWlYucg9nLM6d2NjNrO9AkTosOxEfUiKsu hxxp://samymedia[.]de/u[.]htm?wsf9S3KkLWhL7ocu4IoxiIH69HKVoXhj9xwFPrpI7j2kd hxxp://samymedia[.]de/v[.]htm?D7zr6qCB4q6u4wbkrc86a4IJl3zsKOscliH75gPMU8Wda hxxp://televisionhunter[.]com/pizda/gate[.]php hxxp://vorteilsempfehlungen[.]de/m[.]htm?dfoCLd5zFo9XUWisqYQemoVZLm1hXdepvX hxxp://vorteilsempfehlungen[.]de/q[.]htm?YVoXGzpEevHE9waCOiwcK16fRZRxzj9oLs hxxp://vorteilsempfehlungen[.]de/w[.]htm?CpCwOGUpBGLoGUM6V5S6HbSFBzKlgjJxwT hxxp://www[.]annbcrafts[.]com/wp-content/themes/twentytwelve/inc/functions/ads2[.]php hxxp://www[.]racesearch[.]co[.]uk/wp-content/themes/mystile/mystile/functions/includes/ads2[.]php |
Pony |
| URL | hxxp://ewsdghmrhfuier[.]ga/yy/GHDDSDFDFH[.]exe hxxp://ewsdghmrhfuier[.]ga/yy/GSDFHHDFDF[.]exe hxxp://ewsdghmrhfuier[.]ga/yy/HH[.]exe hxxp://ewsdghmrhfuier[.]ga/yy/HHhGTGKJ[.]exe hxxp://ewsdghmrhfuier[.]ga/yy/NHgPKOL[.]exe |
AsyncRAT |
| URL | hxxp://ewsdghmrhfuier[.]ga/yy/NHyGGGH[.]exe | Remcos |
| URL | hxxp://gowqnco[.]com/dan/dah[.]jpg hxxp://gowqnco[.]com/dan/dam[.]txt |
Ave Maria |
| URL | hxxp://qalkaw22[.]top/gate[.]php | CryptBot |
| URL | hxxps://1ad2f[.]diary[.]lojjh[.]com/subscribeEvent | FAKEUPDATES |
