不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様8社 -
2023/09/22
※2023/09/22 更新
マルウェア感染させると考えられるURLを検知(2023/09/22)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://zsin2[.]ebnsina[.]top/_errorpages/zsin2/five/fre[.]php hxxp://evil2[.]simcoes[.]top/_errorpages/evil2/five/fre[.]php hxxp://fresh1[.]edtagproducts[.]buzz/_errorpages/fresh1/five/fre[.]php hxxp://ugopounds[.]caesarsgroup[.]top/_errorpages/ugopounds/five/fre[.]php hxxp://185[.]216[.]71[.]207/_errorpages/space/five/fre[.]php |
LokiBot |
| URL | hxxps://fc[.]ftimedica[.]com/netTime[.]exe | Coinminer |
| URL | hxxps://lminoeubybyvq[.]com/ZgbN19Mx hxxps://lminoeubybyvq[.]com/vvmd54/ hxxps://lminoeubybyvq[.]com/lander/chrome_1695206714/_index[.]php hxxps://syir[.]2023[.]ebeenj[.]com/editContent hxxps://rzt[.]2023[.]ebeenj[.]com/editContent hxxps://xhwni[.]2023[.]ebeenj[.]com/editContent hxxps://nkp[.]2023[.]ebeenj[.]com/editContent hxxps://lunh[.]2023[.]ebeenj[.]com/editContent |
FAKEUPDATES |
| URL | hxxp://193[.]42[.]33[.]63/7RVuMkLvXuAoxru[.]exe hxxp://198[.]46[.]178[.]152/88/Runtime[.]txt hxxp://81[.]161[.]229[.]145/money[.]exe hxxp://81[.]161[.]229[.]147/ANYI[.]exe hxxp://185[.]28[.]39[.]18:7777/185[.]28[.]39[.]18/spacezx[.]exe hxxp://berkshirebrewers[.]com/tree1/Ickine[.]prm hxxp://berkshirebrewers[.]com/tree/FNizoqbIRP35[.]bin |
Agent Tesla |
| URL | hxxp://whirlwindprojects[.]com/donkG148[.]bin hxxp://185[.]255[.]114[.]30/BPVBMfBuvJqO205[.]bin hxxp://170[.]130[.]172[.]66/W209T/wininit[.]exe hxxp://194[.]180[.]48[.]211/zarath/ClgRRi242[.]bin hxxp://194[.]180[.]48[.]211/ray/BdNnKAT84[.]bin hxxp://194[.]180[.]48[.]211/frog/dnsJRjnsci193[.]sea hxxp://194[.]180[.]48[.]211/zarath/nnUZPAKgeThwygwKG104[.]bin hxxp://194[.]180[.]48[.]211/nini/Leekish[.]vbs hxxp://194[.]180[.]48[.]211/nini/EAbsGhbSQL10[.]aca |
CloudEyE |
| URL | hxxp://77[.]91[.]124[.]231/new/foto7447[.]exe hxxp://77[.]91[.]124[.]231/smo/kus[.]exe |
RedLine Stealer |
| URL | hxxp://192[.]3[.]101[.]8/89/TiWorker[.]exe | Formbook |
| URL | hxxp://159[.]75[.]161[.]167/ga[.]js hxxps://42[.]192[.]89[.]33/recite/v9[.]52/6FCQ3UVD9 hxxps://190[.]211[.]252[.]251/owa/ hxxps://upcloudser[.]online/owa/ hxxps://igo0gle[.]com/produce/v5[.]96/17NUIT3F7W hxxp://igo0gle[.]com/produce/v5[.]96/17NUIT3F7W hxxps://109[.]205[.]56[.]206/dpixel hxxp://121[.]37[.]135[.]169/ga[.]js hxxp://111[.]230[.]57[.]184:6666/IE9CompatViewList[.]xml hxxps://45[.]77[.]169[.]140/jquery-3[.]3[.]1[.]min[.]js hxxp://124[.]70[.]53[.]30:8000/__utm[.]gif hxxps://cs45upb230906[.]iqiyid[.]com:2053/cm hxxps://114[.]115[.]185[.]41/load hxxps://43[.]139[.]67[.]239/IE9CompatViewList[.]xml hxxps://devopspdx[.]com/mobile-ipad-home hxxp://81[.]161[.]229[.]129/j[.]ad hxxp://45[.]66[.]230[.]113:120/match hxxps://43[.]138[.]30[.]109:7777/fwlink hxxps://18[.]204[.]142[.]71/CWoNaJLBo/VTNeWw11212/ hxxps://123[.]249[.]104[.]83:2053/IE9CompatViewList[.]xml hxxps://111[.]231[.]22[.]61/g[.]pixel hxxp://82[.]115[.]223[.]34/updates[.]rss hxxp://43[.]138[.]30[.]109:7524/cx hxxps://42[.]192[.]137[.]198:8443/dpixel hxxp://directdefense[.]consulting/cm hxxps://31[.]24[.]227[.]218/j[.]ad hxxp://5[.]181[.]80[.]82:8080/apiv8/getStatus hxxps://qocmkassa[.]store/jquery-3[.]3[.]1[.]min[.]js hxxp://190[.]211[.]252[.]251/owa/ hxxp://upcloudser[.]online/owa/ |
Cobalt Strike |
| URL | hxxp://91[.]103[.]252[.]146/1d9e38415ea54afa[.]php | Stealc |
| URL | hxxp://diixuoo[.]info/single[.]php | TeamSpy |
| URL | hxxp://74[.]84[.]150[.]168/qYuKcr174[.]bin hxxp://94[.]156[.]253[.]194/412/Runtime[.]txt |
Remcos |
| URL | hxxp://89[.]23[.]107[.]169:4000/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll hxxp://89[.]23[.]107[.]169:4000/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll hxxp://89[.]23[.]107[.]169:4000/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll hxxp://89[.]23[.]107[.]169:4000/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll hxxp://89[.]23[.]107[.]169:4000/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll hxxp://89[.]23[.]107[.]169:4000/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll hxxp://89[.]23[.]107[.]169:4000/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll hxxp://94[.]142[.]138[.]221/file/1[.]exe |
RecordBreaker |
| URL | hxxps://pasteio[.]com/raw/xH83htkkdwIx hxxps://pasteio[.]com/raw/xW0ycn294KpX hxxps://pasteio[.]com/raw/xtQy5ZgqUvof hxxps://pasteio[.]com/raw/xRFAY9aW1yUs hxxps://pasteio[.]com/raw/xwmy1oaJ1ZKs |
VoidRAT |
| URL | hxxp://176[.]113[.]115[.]81/9kdmSxq/index[.]php | Amadey |
| URL | hxxps://ikwilvanmijnpoloaf[.]nl/blog[.]php hxxps://images[.]cjp[.]mx/blog[.]php |
GootLoader |
| URL | hxxps://toohami[.]com/pata/ hxxps://radiozocalo[.]com[.]mx/ve/ hxxps://prodigoradio[.]com[.]co/dome/ hxxps://mikdi[.]com[.]co/ai/ hxxps://unasd[.]org/iaus/ hxxps://acumenvaluers[.]co[.]ke/os/ hxxps://transporteglobalconfort[.]com/ti/ hxxps://takabplast[.]com/tstn/ hxxps://hmasloscabos[.]mx/aaaq/ hxxps://choaluoi[.]com/lmu/ hxxps://evomart[.]com[.]bd/st/ hxxps://suratpeo[.]go[.]th/isua/ hxxp://dhtech[.]ae/dqo/ hxxps://ncsinternationalcollege[.]com/unsi/ hxxps://cosmositsolutions[.]net/nms/ hxxps://maharanirestaurant[.]ca/uim/ hxxps://rastreamentos[.]me/ea/ hxxps://grandiose[.]academy/iq/ hxxps://gomaspureglow[.]com[.]br/br/ hxxps://hfd[.]com[.]tr/tm/ hxxps://preneurlab[.]digital/nus/ hxxps://hawaharadio[.]com/iald/ hxxps://shopwinner[.]com[.]br/rsr/ hxxps://superdreadi[.]com/mlr/ hxxps://showglass[.]com[.]ng/axd/ hxxps://hunter-g[.]com/eein/ hxxps://gsrhrservices[.]com/to/ hxxps://minargusa[.]com/ume/ hxxps://viphydraulics[.]net/uss/ hxxps://mpcel[.]net/iups/ hxxps://weavelinens[.]com/eimn/ hxxps://sgedigital[.]com[.]br/uie/ hxxps://pantherradio[.]media/eua/ hxxps://peckertele[.]com[.]ng/aid/ hxxps://igcar[.]eu/uutp/ hxxps://ltiacademy[.]co[.]uk/nnet/ hxxps://signatureescortservice[.]com/san/ hxxps://minidoctor[.]org/irv/ hxxps://co-create2071[.]org/tas/ hxxps://wintexbd[.]com/blo/ hxxps://ofc[.]ai/sdet/ hxxps://pfs-jenin[.]org/tr/ hxxps://cemvasm[.]com/bind/ hxxps://expertsinteriors[.]com/eqr/ hxxps://hondamardan[.]com[.]pk/teae/ hxxps://rocksecuritymw[.]com/mios/ hxxps://brandwebdemo[.]digital/eaea/ hxxps://rbstrafegopago[.]com[.]br/uu/ hxxps://alraeid[.]com/edus/ hxxps://unitedusedfurniture[.]com/beq/ hxxps://myrescue[.]ke/aa/ hxxps://cosmosiit[.]com/oseu/ hxxps://tanhaenterprise[.]com/tda/ hxxps://appapi[.]store/et/ hxxps://wcmtelecom[.]tv/mne/ hxxps://cpm[.]com[.]py/eifr/ hxxps://dhtech[.]ae/dqo/ hxxps://inzpect[.]com/rie/ hxxps://perfectprintoficial[.]com/ium/ hxxps://aperasolarlightltd[.]com/qr/ hxxps://beautifullike[.]com/erm/ hxxps://asiaprofessionals[.]net/illn/ hxxps://true-hrm[.]com/pciu/ hxxps://herseyfikir[.]com[.]tr/itt/ hxxps://elnadahospitals[.]com/qla/ hxxps://axecapital[.]ro/hi/ hxxps://shikhana[.]com/od/ hxxps://michelleolatoksspecialist[.]com/es/ hxxps://nihmarschools[.]com/itns/ hxxps://askmrzsparkles[.]com/mntn/ hxxps://healthwizapp[.]com/qur/ hxxps://nganhangsovn[.]com/moba/ hxxps://vtektv[.]com/mq/ hxxps://artnneslie[.]com/aqv/ hxxps://hunil[.]com/eea/ hxxp://minidoctor[.]org/irv/ hxxps://visitorspolicy[.]com/mup/ hxxps://devcsv[.]online/miod/ hxxps://midiajcbdigital[.]com[.]br/ast/ hxxps://schoolkandanastore[.]store/mimp/ hxxps://lowcostbeer[.]com/pisa/ hxxps://mebleroni[.]com/ti/ hxxps://printingpoint[.]co/iaof/ hxxps://tanscarattorneys[.]co[.]tz/rter/ hxxps://techzero[.]com[.]br/utl/ hxxps://sictalks[.]com/sslc/ hxxps://refurbtechnologies[.]com/tba/ hxxps://capitaltechnology[.]online/ue/ hxxps://dostai[.]com/nim/ hxxps://winstonandfriendz[.]ca/ueiq/ hxxps://101degrees[.]net/uiff/ hxxps://ajpglobalshoppin[.]com/mii/ hxxps://vivianecerqueira[.]adv[.]br/ecut/ hxxps://pollx[.]in/bp/ hxxps://haytham[.]site/its/ hxxps://siagtrading[.]com/muuu/ hxxps://nia-dbrowntestserver[.]com[.]ng/ts/ hxxps://brij[.]world/nmsr/ hxxps://m-handcraft[.]lk/do/ hxxps://aeic-usa[.]com/iegb/ hxxps://superdreadiswag[.]com/frs/ hxxps://normacsales[.]com/uap/ hxxps://ledscreen[.]africa/dcil/ hxxps://founders[.]net[.]au/ooal/ hxxps://landscapersindubai[.]com/aa/ hxxps://dna-do-gamer[.]com/uni/ hxxps://grgoptim[.]com/dpr/ hxxps://mikopo[.]gva[.]co[.]tz/tqi/ hxxps://jhenaidahpoly[.]gov[.]bd/ninh/ hxxps://bligevale[.]co[.]zw/vr/ hxxps://journeotravel[.]com/ii/ hxxps://asaawy[.]com/ipa/ hxxps://adalatirin[.]site/td/ hxxps://t15clothing[.]com/ser/ hxxps://isbmaintenance[.]com/iu/ hxxps://internationalsweetfactory[.]com/sodq/ hxxps://themotorsnews[.]com/raqt/ hxxps://ziflitestudio[.]com/ia/ hxxps://smahrec[.]com/iat/ hxxps://signswarehouse[.]co[.]uk/idcn/ hxxps://mpcel[.]com/nste/ hxxps://aksharagalam[.]com/or/ hxxps://youth[.]digital/tv/ hxxps://emergingpakistan[.]com[.]pk/usei/ hxxps://onetabmusic[.]com/dim/ hxxps://grupowcm[.]com[.]br/tnie/ hxxps://kaliganjcentralcollege[.]com/nea/ hxxps://raaj[.]ltd/re/ hxxps://gsrglobal[.]org/uae/ hxxps://onlineearnway[.]com/aumn/ hxxps://blackshine[.]lk/doer/ hxxps://pteacademic79plus[.]com/umai/ hxxps://ontechrio[.]com/fg/ hxxps://givemerank[.]com/ena/ hxxps://lapicaflora[.]com/vae/ hxxps://rtppedangdewa[.]com/ei/ hxxps://minhkhangcomputer[.]vn/tr/ hxxps://samehelsadat[.]com/cs/ hxxps://anpicacolombia[.]co/ob/ hxxps://basicwear-international[.]eu/mest/ hxxps://maxconsultancyfze[.]com/uoo/ hxxps://hikeytrends[.]com/uate/ hxxps://whitehouseline[.]com/qum/ hxxps://onlyariel[.]com/agim/ hxxps://kroznis[.]rs/nima/ hxxps://gloacademic[.]com/iust/ hxxps://yellowstone[.]com[.]mm/asc/ hxxps://ajpglobalshopping[.]com/ruv/ hxxps://co0peuch[.]website/oenm/ hxxps://mwei[.]africa/cit/ hxxps://kelotecnologia[.]com/qiun/ hxxps://kalismprivateltd[.]co[.]uk/eptl/ hxxps://monsteriptv[.]nu/ia/ hxxps://citizensviews[.]com/dtea/ hxxps://eurogeotex[.]com/en/ hxxps://millennialradio[.]es/sed/ hxxps://hmas[.]mx/relo/ hxxps://globalhi-tech[.]sg/prm/ hxxps://thekhancept[.]com/uqsi/ hxxps://ethnos[.]org[.]br/edor/ hxxps://tenis-de-masa[.]com/pu/ hxxps://shenergi[.]com/issd/ hxxps://revitalhcare[.]com/at/ hxxps://goldenyieldfarms[.]com/erd/ hxxps://elegantstudio[.]com[.]ng/umuu/ hxxps://evomart[.]store/net/ hxxps://mweimall[.]co[.]ke/srle/ hxxps://yellowtechs[.]com/uied/ hxxps://kangaroo[.]agency/eca/ hxxps://quantumleadershipinc[.]com/iais/ hxxps://organicfoodslahore[.]com/ien/ hxxps://deroze[.]net/uigi/ hxxps://sirishareddy[.]info/ma/ hxxps://cadinova[.]ma/tis/ hxxps://colorfuldestinationsindia[.]com/tep/ hxxps://keestroke[.]co[.]ke/re/ hxxps://osamaconstruction99[.]com/psgt/ hxxps://mizhar[.]me/iaiu/ hxxps://igcar[.]cat/crs/ hxxps://k-sharq[.]com/uiei/ hxxps://elburro[.]net/ofm/ hxxps://humanrecruitasia[.]com/tei/ hxxps://alrehabdevelopments[.]com/tei/ hxxp://igcar[.]es/rear/ hxxps://hosurallproperty[.]com/coam/ hxxps://corehost[.]host/on/ hxxps://mpcelmobile[.]com[.]br/dm/ hxxps://atlantadevelopers[.]lk/usrb/ hxxps://arsetgraphia[.]eu/tose/ hxxps://sisolucaoeducacional[.]com/aan/ hxxps://igcar[.]es/rear/ hxxps://tec-tronicss[.]com/pur/ hxxps://bebidasjerusalem[.]com[.]br/uuo/ hxxps://royalstiqqy[.]com/tc/ hxxps://usinadevendas[.]com[.]br/ul/ hxxps://mytexasviprewards[.]com/stai/ hxxps://medsure[.]com[.]br/nma/ hxxps://abeokutasportsclub[.]org/lote/ hxxps://zuper[.]com[.]bd/doti/ |
DarkGate |
