不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2023/04/25
※2023/04/25 更新
マルウェア感染させると考えられるURLを検知(2023/04/25)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://104[.]156[.]227[.]195/~blog/?p=6151643 hxxp://104[.]156[.]227[.]195/~blog/?p=2123672169 hxxp://104[.]156[.]227[.]195/~blog/?p=78405647195 |
LokiBot |
| URL | hxxp://116[.]203[.]220[.]83:11111/install[.]zip hxxp://95[.]217[.]246[.]227/datapack[.]zip hxxp://116[.]203[.]2[.]149:11111/datapack[.]zip |
Vidar |
| URL | hxxp://82[.]117[.]255[.]127/c2sock | Lumma Stealer |
| URL | hxxp://103[.]155[.]81[.]71/0000213/vbc[.]exe hxxp://api[.]seeingoholidays[.]com/wp-includes/shedume2[.]1[.]exe |
Formbook |
| URL | hxxps://upload-wefiles[.]com/download/toba22bbc[.]exe | Agent Tesla |
| URL | hxxps://sijasibawo[.]network/Generate/v2[.]3/KAM25EAL hxxps://sijasibawo[.]network/Multiply/Creatives/SXJZPOZDD1V1 hxxps://soyojogala[.]co/Dev/firewall/K1P2HTNUU hxxps://soyojogala[.]co/collect/v4/9J1JN0CKNT hxxps://hufoxapom[.]us/Undo/dav/40NP476YQP hxxps://hufoxapom[.]us/calculate/v3[.]3/9AIEC05QK8H8 hxxp://124[.]223[.]64[.]4:8887/load hxxps://119[.]91[.]153[.]107:4433/push hxxp://1[.]15[.]186[.]229:85/push hxxp://120[.]78[.]189[.]210:9030/www/handle/doc hxxps://82[.]157[.]17[.]183:9008/cm hxxp://43[.]138[.]60[.]225/fwlink hxxps://124[.]222[.]143[.]27:10443/visit[.]js hxxp://114[.]116[.]67[.]8/g[.]pixel hxxp://www[.]shazambatman[.]xyz:8880/IE9CompatViewList[.]xml hxxp://175[.]178[.]242[.]75:50001/dpixel hxxps://39[.]101[.]76[.]59:4433/cx hxxp://119[.]91[.]153[.]107:123/load hxxps://www[.]vmproxy[.]click/j[.]ad hxxp://8[.]140[.]37[.]238:9090/j[.]ad hxxp://111[.]161[.]66[.]138:4214/dpixel hxxp://107[.]172[.]206[.]62/j[.]ad hxxp://47[.]120[.]2[.]120/fwlink hxxps://124[.]70[.]199[.]215/fwlink hxxps://107[.]172[.]206[.]62/__utm[.]gif hxxps://185[.]225[.]73[.]127:3389/visit[.]js hxxps://119[.]91[.]153[.]107:4443/pixel[.]gif hxxps://101[.]42[.]154[.]198:8008/ca hxxp://124[.]223[.]93[.]144:8001/IE9CompatViewList[.]xml hxxp://124[.]70[.]199[.]215:888/cm hxxps://47[.]100[.]249[.]61/dpixel hxxps://192[.]144[.]220[.]12:55555/IE9CompatViewList[.]xml hxxps://360[.]penw2iieel[.]tk:2096/api/3 hxxp://47[.]245[.]117[.]155/push hxxps://47[.]100[.]187[.]102:4433/updates hxxps://129[.]226[.]92[.]29:1234/g[.]pixel hxxp://45[.]201[.]245[.]153/visit[.]js hxxp://124[.]222[.]24[.]208:44321/IE9CompatViewList[.]xml hxxp://82[.]157[.]238[.]73/ptj hxxp://cs[.]hacker[.]wang:1000/match hxxp://162[.]14[.]73[.]248:8080/activity hxxp://42[.]193[.]252[.]92:8063/j[.]ad hxxp://45[.]32[.]56[.]170:50050/pixel hxxps://101[.]42[.]228[.]131/push hxxp://23[.]95[.]44[.]80:18443/www/handle/doc hxxp://139[.]155[.]76[.]138:8888/pixel hxxps://47[.]98[.]216[.]22/__utm[.]gif hxxps://43[.]159[.]38[.]188:60001/metro91/admin/1/ppptp[.]jpg hxxp://1[.]14[.]16[.]229:9033/j[.]ad hxxps://23[.]94[.]43[.]73:44333/updates[.]rss hxxp://114[.]67[.]227[.]19:10086/cx hxxps://192[.]252[.]181[.]106/visit[.]js hxxp://121[.]37[.]184[.]64/c/msdownload/update/others/2022/03/29136388_ hxxps://www[.]rainclv[.]com/detect/v3[.]33/EZZF2Q31RFAY hxxp://1[.]14[.]16[.]229/dpixel hxxps://121[.]37[.]184[.]64/c/msdownload/update/others/2022/03/29136388_ hxxp://121[.]40[.]119[.]94:9912/pixel hxxp://82[.]156[.]10[.]244:8888/ga[.]js hxxps://207[.]148[.]65[.]2/wp08/wp-includes/dtcla[.]php hxxps://1[.]14[.]16[.]229/dpixel hxxp://139[.]9[.]190[.]31:8080/activity |
Cobalt Strike |
| URL | hxxp://193[.]3[.]19[.]154/DSC01402/foto0174[.]exe | RedLine Stealer |
| URL | hxxp://193[.]233[.]134[.]115/shared/Ruzvelt[.]exe | SmokeLoader |
| URL | hxxps://bimboophoto[.]com/A29JTL/2 hxxps://floraisdovale[.]com[.]br/tXUi3I/2 hxxps://manaracapital[.]com/vwWj/2 hxxps://keratinforhair[.]com/Ytb9w9/2 hxxps://logswalker[.]com/aF8HY9p/2 hxxps://sikkimlottery[.]club/K9h627/2 hxxps://amenezes[.]com/eFfNW/2 hxxps://keratinforhair[.]com/Ytb9w9 hxxps://amenezes[.]com/eFfNW hxxps://manaracapital[.]com/vwWj hxxps://floraisdovale[.]com[.]br/tXUi3I hxxps://sikkimlottery[.]club/K9h627 hxxps://logswalker[.]com/aF8HY9p hxxps://triasacorporation[.]com/pEp/per[.]zip hxxps://grupoac[.]mx/pEp/per[.]zip hxxps://hazara[.]edu[.]pk/pEp/per[.]zip hxxps://expensiveproperties[.]ro/pEp/per[.]zip hxxps://imccorporativo[.]com[.]mx/pEp/per[.]zip hxxps://glitzzygal[.]com/pEp/per[.]zip hxxps://has-komerc[.]com/pEp/per[.]zip hxxps://hyundai[.]iq/pEp/per[.]zip hxxp://brande[.]ae/pEp/per[.]zip hxxp://evertechproducts[.]com/pEp/per[.]zip hxxp://fundaciongranamigo[.]org/pEp/per[.]zip hxxp://garogradba[.]mk/pEp/per[.]zip hxxp://evirtual[.]gestalt[.]app/pEp/per[.]zip hxxp://hoteltilamas[.]com/pEp/per[.]zip hxxp://foursides[.]net/pEp/per[.]zip hxxp://famousmusicvideos[.]com/pEp/per[.]zip hxxp://friendsofsclarc[.]org/pEp/per[.]zip hxxp://fullscreen[.]co[.]rs/pEp/per[.]zip hxxp://greendxb[.]ae/pEp/per[.]zip hxxp://heartwarmer[.]me/pEp/per[.]zip hxxp://globeexpress[.]com/pEp/per[.]zip hxxp://gecopakistan[.]com/pEp/per[.]zip hxxp://grupolahe[.]com/pEp/per[.]zip hxxp://aafabrics[.]com/pEp/per[.]zip hxxp://hayatinnovations[.]com/pEp/per[.]zip hxxp://rioxunto[.]com/pEp/per[.]zip hxxp://hghbd[.]com/pEp/per[.]zip hxxp://gauravimage[.]com/pEp/per[.]zip hxxp://g7conet[.]com/pEp/per[.]zip hxxp://factoriesinlebanon[.]com/pEp/per[.]zip hxxp://teach[.]edu[.]vn/pEp/per[.]zip hxxp://houseremovallondon[.]co[.]uk/pEp/per[.]zip hxxp://fmc[.]mrlane[.]co/pEp/per[.]zip hxxp://fastnaccurate[.]com/pEp/per[.]zip hxxp://albania360[.]al/pEp/per[.]zip hxxp://ahmadwiremeshindustries[.]com/pEp/per[.]zip hxxp://fonij[.]cm/pEp/per[.]zip hxxp://globalinnervision[.]com/pEp/per[.]zip hxxp://g-soft[.]online/pEp/per[.]zip hxxp://flowshipping[.]com/pEp/per[.]zip hxxp://gwm[.]com[.]np/pEp/per[.]zip hxxp://triasacorporation[.]com/pEp/per[.]zip hxxp://hyundai[.]iq/pEp/per[.]zip hxxp://imccorporativo[.]com[.]mx/pEp/per[.]zip hxxp://hazara[.]edu[.]pk/pEp/per[.]zip hxxp://has-komerc[.]com/pEp/per[.]zip hxxp://grupoac[.]mx/pEp/per[.]zip hxxp://greenbox[.]click/pEp/per[.]zip hxxp://glitzzygal[.]com/pEp/per[.]zip hxxp://expensiveproperties[.]ro/pEp/per[.]zip hxxp://brandleysinternational[.]com/mep/eavoluptates[.]php hxxp://dealcityafrica[.]com/rld/temporeest[.]php hxxps://cert-indme[.]com/umdm/liberosaepe[.]php hxxps://1haiti[.]com/ua/laborequi[.]php hxxps://besturdunovelsland[.]com/ai/suntcupiditate[.]php hxxps://geomin[.]com[.]mx/iauf/repellendusrerum[.]php hxxps://dutchladycanspinandwin[.]com/uaic/temporibussuscipit[.]php hxxps://frekansgayrimenkul[.]com/au/ipsamimpedit[.]php hxxps://aaaassociates[.]com/tiic/placeatsit[.]php hxxps://brbpakistan[.]net/btea/suntiure[.]php hxxps://buildersoncall[.]com/nrob/perspiciatisnihil[.]php hxxps://themesofwp[.]com/olp/distinctioveniam[.]php hxxps://smatwaresystems[.]com/efu/insed[.]php hxxp://stegoblog[.]it/ui/autemenim[.]php hxxps://kelidtelecoms[.]com/ia/expeditavoluptatem[.]php hxxps://audan[.]org/ep/enimnemo[.]php hxxps://affordthatstock[.]com/au/sitpraesentium[.]php hxxps://mj-service[.]co[.]uk/ss/essevoluptatum[.]php hxxps://swift-topup[.]com/iu/sednihil[.]php hxxps://wptckylm[.]org/iet/erroripsam[.]php hxxps://faramaren[.]com/ntel/providentut[.]php hxxps://techforguru[.]com/oue/nemoenim[.]php hxxps://wpwebdevbd[.]com/issi/aquibusdam[.]php hxxps://warnmat[.]com/nto/quiculpa[.]php hxxps://digitalsolutioncare[.]com/iuse/utvoluptas[.]php hxxps://globalscienceheritage[.]org/bee/temporefacilis[.]php hxxps://rantexgarments[.]com/smt/quidemiste[.]php hxxps://yahstube[.]org/mr/providenteaque[.]php hxxps://royaltiles[.]com[.]au/edta/quasipsum[.]php hxxps://howtosocial[.]it/cx/etrepellendus[.]php hxxps://redaksigsitv[.]com/rrer/quamiste[.]php hxxps://kargodata[.]com/pur/mollitiareprehenderit[.]php hxxps://longbeach-hurghada[.]com/ue/laborumreiciendis[.]php hxxps://hardtexsac[.]com/omur/aspernaturmolestiae[.]php hxxps://naturaldesenvolvimento[.]com[.]br/rc/laboriosamitaque[.]php hxxps://thedudie[.]com/etut/quodmolestiae[.]php hxxp://narkar[.]org/vilf/doloribuspraesentium[.]php hxxp://stangsgarage[.]com/lo/idautem[.]php hxxps://bankiafinancesec[.]com/uaaq/teneturfugit[.]php hxxps://gulailstudio[.]com/dia/sitvitae[.]php hxxps://amnakhanfitness[.]com/qtui/repellendusnon[.]php hxxps://abuylike[.]com/ra/dignissimosfugiat[.]php hxxps://designexpertsinc[.]com/iaic/quaedolor[.]php hxxps://askemiratilawyers[.]com/etut/estest[.]php hxxps://amenezes[.]com/ei/quoanimi[.]php hxxps://cmmaxivida[.]com/rso/cumquequia[.]php hxxps://datastatresearch[.]org/osgs/consequunturest[.]php hxxps://dinaseithigal[.]com/ei/facerequod[.]php hxxps://facilityprint[.]com[.]br/ttes/nonsimilique[.]php hxxps://drsampoornayoga[.]com/osi/fugitquod[.]php hxxps://christwaygm[.]org/ve/liberoinventore[.]php hxxps://tenants[.]com/ua/quiillum[.]php hxxps://suarasumsel[.]net/uros/situnde[.]php hxxps://sellersdot[.]com/on/quiporro[.]php hxxps://tourismtripbelitung[.]net/ii/errorconsequatur[.]php hxxps://superkon[.]com[.]mx/iams/istein[.]php hxxps://uts[.]com[.]pk/pni/officiasequi[.]php hxxps://valparts[.]com[.]py/oni/utdistinctio[.]php hxxps://weddingcakesbylaurice[.]com/ioiq/etofficia[.]php hxxps://thevenusjewellers[.]com/nmdu/recusandaedolores[.]php hxxps://wa3i-center[.]com/ifis/atquae[.]php hxxps://universalgrouptrading[.]com/ti/iureipsum[.]php hxxps://totaldatasales[.]com/sbca/iustosit[.]php hxxps://skysportplus[.]com/uate/magnamex[.]php hxxps://xpertssol[.]com/but/veniamsunt[.]php hxxps://shyamsundarpathak[.]com/cete/voluptasamet[.]php hxxps://transformationarkhub[.]com/rte/aliquamincidunt[.]php hxxps://scmsgroup[.]org/tvia/optiocorrupti[.]php hxxps://thehr-hrms[.]com/seie/veniamlaboriosam[.]php hxxps://foodgalla[.]com/dl/fugitlabore[.]php hxxps://bastidoresdapolitica[.]com/ntn/aliasest[.]php hxxps://peterwriter[.]net/ip/aperiamquis[.]php hxxps://onlinenachrichten24[.]com/qoa/fugiatdolor[.]php hxxps://pointblanknews[.]com/us/sedet[.]php hxxps://keiko[.]com[.]ar/evm/liberoconsequatur[.]php hxxps://infojeck[.]com/ta/utreiciendis[.]php hxxps://ganishdata[.]com/mqet/innon[.]php hxxps://linkserveruniv[.]com/iuom/ametnumquam[.]php hxxps://metrokalteng[.]com/ile/consequaturrerum[.]php hxxps://brandedparfum[.]com/po/velnisi[.]php hxxps://kitssap[.]com/itdl/similiqueaut[.]php hxxps://infoinsect[.]com/do/autnon[.]php hxxps://inowunderstand[.]com/tans/distinctiosit[.]php hxxps://mikeysdata[.]com/empt/repudiandaeautem[.]php hxxps://electronictone[.]com/osi/distinctiotempore[.]php hxxps://cliqtrading[.]com/acfi/quosit[.]php hxxps://enfoqueocupacional[.]com[.]ve/aet/quasconsequatur[.]php hxxps://amirsuhail[.]com/nuo/exercitationema[.]php hxxps://coffeesolutions[.]com[.]mx/fm/quiitaque[.]php hxxps://akessebrempong[.]com/sau/adipisciut[.]php hxxps://fursanrcompany[.]com/uaqm/aliquidmollitia[.]php hxxps://blacklisthackers[.]com/tet/optionulla[.]php hxxp://silverspearest[.]com/obra/rerumveritatis[.]php hxxps://bodybuildingsupplementzone[.]com/eeo/cupiditateculpa[.]php hxxps://bondima[.]com/tpl/autquod[.]php hxxp://productoratextil[.]com[.]ar/la/nonplaceat[.]php hxxps://nosah-store[.]com/erd/nisiofficia[.]php hxxps://martaconectacontuser[.]com/nv/idvoluptates[.]php hxxp://progressiveurgentcarest[.]com/ii/possimusvoluptas[.]php hxxps://ehfaf[.]org/mis/cumqueeos[.]php hxxps://ccsi-oims[.]net/uqu/eligendiatque[.]php hxxps://abiyear94data[.]com/lab/sedquidem[.]php hxxps://fashionandsourcing[.]com/cpu/sintet[.]php hxxps://gartenofbanban[.]com/ol/idet[.]php hxxps://saveoninsurancerates[.]com/oae/illumtotam[.]php hxxps://envirotoolgroup[.]com/rrt/rerumculpa[.]php hxxps://gslog[.]com[.]my/osti/repellatvoluptatum[.]php hxxps://eagleuhd[.]com/ere/eosquos[.]php hxxps://huluflixz[.]com/elt/nequequisquam[.]php hxxps://magicaltechnologiesllc[.]com/sm/iustoanimi[.]php hxxps://etorkizunaikastola[.]org/tauq/molestiaedolorem[.]php hxxps://datadoctor[.]com[.]ng/sqi/sitet[.]php hxxps://harpsimplified[.]com/uut/autemperferendis[.]php hxxps://bsngr[.]com/ati/voluptatemdebitis[.]php hxxps://amsol[.]com[.]pk/ait/estratione[.]php hxxps://florian-steiner[.]com/li/consequaturaut[.]php hxxps://bommyadiya[.]com[.]ng/tdsi/nullaplaceat[.]php hxxps://puskopalarmada2[.]com/aq/voluptasut[.]php hxxps://inversionesperdomourbina[.]com/eted/verocumque[.]php hxxps://jamaicanflavour[.]com/mqd/fugitincidunt[.]php hxxps://refisimplified[.]com/eu/officiaquas[.]php hxxps://letango[.]com[.]ng/mso/animinostrum[.]php hxxps://ispmakina[.]com[.]tr/spae/voluptatibusaliquid[.]php hxxps://inventcrafts[.]com/uonn/nonofficia[.]php hxxps://rebanapasuruanjatim[.]com/um/accusamusillo[.]php hxxps://naranon[.]net[.]br/am/doloribusquisquam[.]php hxxps://roaatraining[.]com/re/veniamaliquam[.]php hxxps://pioneernepal[.]com/ale/rationeexercitationem[.]php hxxps://ponnopaben[.]com/tuu/maioreset[.]php hxxps://iobootcamp[.]com/emut/eosest[.]php hxxps://christellegirard[.]com/tnuu/autaliquam[.]php hxxps://cvialpiura4[.]com/stoe/nemoex[.]php hxxps://grupo-fortsport[.]com/asa/etconsequatur[.]php hxxp://theluxehausltd[.]com/os/eahic[.]php hxxps://johnfargfx[.]com/eot/ipsadolorem[.]php hxxp://steccoyasociados[.]com/ii/reprehenderitomnis[.]php hxxps://agadirexcursion[.]com/pqau/inciduntqui[.]php hxxps://nsinfraprojects[.]com/iii/impeditcorporis[.]php hxxps://alexishospitality[.]com/us/abet[.]php hxxps://dermahair[.]com[.]co/ddlm/sintdolores[.]php hxxps://qopetllc[.]com/ocre/illoaccusamus[.]php hxxps://coolcivilengineering[.]com/be/quidolor[.]php hxxps://100miye[.]com/snau/pariaturassumenda[.]php hxxps://pearltechs[.]com[.]ng/de/nisisequi[.]php hxxps://dentalclinicbhubaneswar[.]com/st/cumqueperspiciatis[.]php hxxps://fintechprogrammers[.]com/vnt/dictasaepe[.]php hxxp://shurian[.]org/la/sitaccusamus[.]php hxxps://maguiremasonryinc[.]com/ni/teneturexplicabo[.]php hxxps://promocodediary[.]com/art/exfugit[.]php hxxp://autoparkinsa[.]com/lotu/oditinventore[.]php hxxp://maisonbergerph[.]com/eia/eumerror[.]php hxxp://ebonydaters[.]com/ue/dolorqui[.]php hxxp://cuoresociale[.]it/ooec/nesciuntvoluptas[.]php hxxp://brisbanetech[.]com[.]ng/eror/estquidem[.]php hxxp://curiousmindhub[.]com/ns/dolorumofficiis[.]php hxxp://11mburgers[.]com/tup/veleos[.]php hxxp://convenioatribuna[.]com[.]br/eu/idillum[.]php hxxp://hitechchemco[.]com/is/involuptatem[.]php hxxp://928610[.]org/onas/nisiducimus[.]php hxxp://mustaqeemtechnology[.]com/ia/nonmolestias[.]php hxxp://nobelosgb[.]com/lrd/necessitatibusdeleniti[.]php |
QakBot |
| URL | hxxp://91[.]235[.]234[.]235/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll hxxp://91[.]235[.]234[.]235/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll hxxp://91[.]235[.]234[.]235/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll hxxp://91[.]235[.]234[.]235/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll hxxp://91[.]235[.]234[.]235/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll hxxp://91[.]235[.]234[.]235/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll hxxp://91[.]235[.]234[.]235/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll |
RecordBreaker |
| URL | hxxps://ugv[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout hxxps://ddf[.]cloudid[.]teacherhamish[.]com/gotoCheckout hxxps://uaa[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout hxxps://grp[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout hxxps://pje[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout hxxps://cpi[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout hxxps://jes[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout hxxps://sbu[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout |
FAKEUPDATES |
| URL | hxxp://abescasualgrill[.]info/forum/viewtopic[.]php | Pony |
| URL | hxxp://myserveur855[.]cc/8bmeVwqx/index[.]php | Amadey |
| URL | hxxps://fortniteprouniversity[.]com/wp-content/uploads/Donald2[.]exe | N-W0rm |
