D アラート情報｜サイバーリスク情報提供サービス「D アラート」

不正URLへのアクセス、不正メールの受信

メール受信した 弊社お客様0社 URLアクセスした 弊社お客様2社: 2024/02/16
※2024/02/16 更新
マルウェア感染させると考えられるURLを検知（2024/02/16）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxp://185[.]196[.]8[.]56/baitedupdate[.]exe
Coinminer


URL
hxxp://91[.]92[.]252[.]34/osxar6
hxxp://91[.]92[.]252[.]34/osxi586
hxxp://91[.]92[.]252[.]34/osxms
hxxp://91[.]92[.]252[.]34/osxsh
hxxp://91[.]92[.]252[.]34/osx86
hxxp://91[.]92[.]252[.]34/osxar4
hxxp://91[.]92[.]252[.]34/osxppc
hxxp://91[.]92[.]252[.]34/osxi686
hxxp://91[.]92[.]252[.]34/osxar5
hxxp://91[.]92[.]252[.]34/osxm68k
hxxp://91[.]92[.]252[.]34/osxml
Tsunami


URL
hxxp://dlink[.]metallc[.]top/pages/virginzx[.]exe
hxxp://dlink[.]metallc[.]top/pages/peterzx[.]exe
hxxps://discord[.]com/api/webhooks/1205052881326186517/ua5IHU71JsYLWOylpvGBCVf_Q3GJ_58FXGa5rqKJNHUBkf8zLs2RWlHkEYmxRpJ_ZgqU
hxxps://delp-heizungsbau[.]de/DT9[.]txt
hxxps://syjks[.]org/uKNKCRuBiw3EJbjkon[.]exe
Agent Tesla


URL
hxxp://103[.]183[.]115[.]241/KZRTRTwAZCp74[.]bin
hxxp://103[.]183[.]115[.]241/tWUrBcfmt90[.]bin
hxxp://96[.]47[.]233[.]26/rlkOnjvkfxACwHHhNBIuBfEVob254[.]bin
hxxp://103[.]183[.]115[.]241/ApHzyvF60[.]bin
CloudEyE


URL
hxxp://80[.]66[.]89[.]102/poll8trafficcpu/gameFlowerLocal/update/CpugeneratorTotrack/Testpipe/Secure/DatalifeCpu/Uploads5/93Image0/downloadsProton6/providercpuSqlflowerasynclocaluploads[.]php
hxxp://372451cm[.]nyashtech[.]top/geoLongpollbaselinuxTraffictrackdatalifeTemporary[.]php
hxxp://109[.]107[.]182[.]163/aaaad/httppacketcpubigloadGeneratorWordpressprivateTemporary[.]php
hxxp://88888cl[.]nyashtyan[.]top/nyashsupport[.]php
hxxp://159[.]89[.]17[.]81/Polltrack2/traffic3/6Datalife9/Line0Api/PrivateVmApi/Wpwindows6/Server3Image/FlowerWindowsWindows/WordpressPublicTest/MariadbAsyncwordpress/1Sql/phpTrackTestTemporary/Http/8Eternal0/httpapiDefaultCdn[.]php
hxxp://386958cm[.]nyashsens[.]top/vmDleCentral[.]php
DCRat


URL
hxxps://185[.]11[.]61[.]219/YWRmZmU3ODRmY2Q4/
hxxps://usdtzshlavkovavolvo[.]com/MGQ4MDE1ZDk3Nzc1/
hxxps://domnicaa[.]top/ZTZkNTJjNTkwYzk3/
hxxps://mine-495834[.]xyz/NmE4NzY2MmIzMTM2/
hxxps://feeeleen[.]top/ZTZkNTJjNTkwYzk3/
hxxps://mine-495834[.]info/NmE4NzY2MmIzMTM2/
hxxps://mine-495834[.]org/NmE4NzY2MmIzMTM2/
hxxps://mine-495834[.]net/NmE4NzY2MmIzMTM2/
hxxps://mine-495834[.]com/NmE4NzY2MmIzMTM2/
Coper


URL
hxxps://grantallardserver[.]com/data[.]php
hxxps://casinovipclubs[.]com/cdn-vs/cache[.]php
hxxps://casinovipclubs[.]com/cache/ezrgqnaww[.]php
hxxps://snackfunp[.]com/GdL7ghmQ
hxxps://gspiceyl[.]com/HH3w6zC6
hxxps://hmhsd[.]day[.]50adayplan[.]com/editContent
hxxps://shizk[.]day[.]50adayplan[.]com/editContent
FAKEUPDATES


URL
hxxps://transfer[.]sh/get/WD631pf02G/msword[.]zip
hxxps://transfer[.]sh/get/YqLLdAKXyI/c[.]bat
XWorm


URL
hxxps://transfer[.]sh/get/BueNjNJbg7/perl[.]exe
hxxps://45[.]15[.]156[.]174/index[.]php/s/CefFzEEyLoFNDRw/download/yava[.]exe
hxxps://transfer[.]sh/get/4Y5LoRCqsQ/Google%20Web%20update[.]exe
hxxps://transfer[.]sh/get/KFB585VJjT/hfghhfd[.]exe
hxxps://transfer[.]sh/get/DmHoEO9kbG/c[.]exe
hxxps://github[.]com/perecrestock/joker1488/raw/main/1488_packlab[.]exe
hxxps://transfer[.]sh/get/xhprrYqt4S/@MaloyLZT_packlab[.]exe
RedLine Stealer


URL
hxxp://15[.]204[.]38[.]209/files/File300un[.]exe
LgoogLoader


URL
hxxps://42[.]3[.]121[.]142/updates
hxxp://120[.]24[.]179[.]84/j[.]ad
hxxp://42[.]193[.]16[.]213:9981/pixel[.]gif
hxxps://saturnexa[.]com/produce/editorial/YDPOBKJG
Cobalt Strike


URL
hxxp://94[.]228[.]162[.]3/auth/login
hxxp://5[.]182[.]87[.]145/auth/login
hxxp://147[.]45[.]75[.]185/auth/login
hxxp://2[.]56[.]109[.]134/auth/login
hxxp://5[.]42[.]73[.]251/auth/login
hxxp://147[.]45[.]40[.]196/auth/login
hxxp://147[.]45[.]40[.]99/auth/login
hxxp://5[.]182[.]86[.]194/auth/login
hxxp://212[.]113[.]116[.]110/auth/login
hxxp://103[.]241[.]72[.]56/auth/login
hxxp://139[.]180[.]191[.]68/auth/login
Meduza Stealer


URL
hxxps://api[.]telegram[.]org/bot5358754228:AAE42HAGW1bzIPxU7iVRC_96iDuHcwSjjVo/sendMessage?chat_id=5556872222
hxxps://llllllllllllllllllllllllllll[.]site/Abotihy[.]exe
Phemedrone Stealer


URL
hxxps://llllllllllllllllllllllllllll[.]site/Client[.]exe
NjRAT


URL
hxxps://llllllllllllllllllllllllllll[.]site/Build[.]exe
DBatLoader


URL
hxxps://miosecurezza[.]com/Financial_access
hxxps://cdn[.]discordapp[.]com/attachments/1063900897270304770/1207265114458161172/4_npp[.]8[.]6[.]portable[.]x64[.]zip?ex=65df0441&is=65cc8f41&hm=d50d965ba1160c4938036ae1fe0c112aab97f4aa193b8c0af2c8084b3f541320&
hxxps://miosecurezza[.]com/additional_details
hxxps://www[.]joannamalecka[.]pl/wp-content/themes/twentytwenty/u7arje[.]php?id=1
hxxps://mediterraneaclean[.]com/wp-content/themes/twentythirteen/hcslmt[.]php?id=1
hxxps://mesabierta[.]org/wp-content/themes/twentytwentyone/nhdxtk[.]php?id=1
hxxps://miguelkhoury[.]com/web/wp-content/themes/twentytwenty/ayboiw[.]php?id=1
hxxps://www[.]itechatglance[.]com/wp-content/themes/twentytwentyone/tb9ayt[.]php?id=1
hxxps://wiseloose[.]com/wp-content/themes/twentytwentyone/sfodyf[.]php?id=1
hxxps://www[.]bianca-maria-roth[.]de/wp-content/themes/twentytwentyone/dyyxgt[.]php?id=1
hxxps://elperiodicopanama[.]com/elperiodico/wp-content/themes/twentytwentyfour/ahkmwa[.]php?id=1
hxxps://aquatest[.]it/wp-content/themes/hub/bbpress/ny9jlw[.]php?id=1
WikiLoader


URL
hxxps://nalmotor[.]com/lnTu//MgTQgEGHuDBSuZkVxOuIkH/A82E
CryptBot


URL
hxxps://emtelcommunications[.]com/tempate[.]exe
zgRAT


URL
hxxps://realponti[.]com/wfE/SdQ
hxxps://globalpanelinc[.]com/wnx/fGb
Pikabot


URL
hxxps://github[.]com/thecoolest63/frms/raw/main/Client_450[.]exe
AsyncRAT


URL
hxxp://116[.]213[.]42[.]19:8010/libc010url[.]exe
YoungLotus


URL
hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0904-355f-b107-1d1adef9f9fa
hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0902-335a-b5ea-cb36ceb34a2b
hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0900-3289-a6cd-362bac037c0c
hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0901-32da-92dc-d6bc77bc9e34
hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0903-3410-838e-a4f52d7bfbdf
Laplas


URL
hxxp://103[.]195[.]236[.]98/a-r[.]m-4[.]SNOOPY
hxxp://103[.]195[.]236[.]98/m-i[.]p-s[.]SNOOPY
Bashlite




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

Type:	IOC:	Signature:
URL	hxxp://185[.]196[.]8[.]56/baitedupdate[.]exe	Coinminer
URL	hxxp://91[.]92[.]252[.]34/osxar6 hxxp://91[.]92[.]252[.]34/osxi586 hxxp://91[.]92[.]252[.]34/osxms hxxp://91[.]92[.]252[.]34/osxsh hxxp://91[.]92[.]252[.]34/osx86 hxxp://91[.]92[.]252[.]34/osxar4 hxxp://91[.]92[.]252[.]34/osxppc hxxp://91[.]92[.]252[.]34/osxi686 hxxp://91[.]92[.]252[.]34/osxar5 hxxp://91[.]92[.]252[.]34/osxm68k hxxp://91[.]92[.]252[.]34/osxml	Tsunami
URL	hxxp://dlink[.]metallc[.]top/pages/virginzx[.]exe hxxp://dlink[.]metallc[.]top/pages/peterzx[.]exe hxxps://discord[.]com/api/webhooks/1205052881326186517/ua5IHU71JsYLWOylpvGBCVf_Q3GJ_58FXGa5rqKJNHUBkf8zLs2RWlHkEYmxRpJ_ZgqU hxxps://delp-heizungsbau[.]de/DT9[.]txt hxxps://syjks[.]org/uKNKCRuBiw3EJbjkon[.]exe	Agent Tesla
URL	hxxp://103[.]183[.]115[.]241/KZRTRTwAZCp74[.]bin hxxp://103[.]183[.]115[.]241/tWUrBcfmt90[.]bin hxxp://96[.]47[.]233[.]26/rlkOnjvkfxACwHHhNBIuBfEVob254[.]bin hxxp://103[.]183[.]115[.]241/ApHzyvF60[.]bin	CloudEyE
URL	hxxp://80[.]66[.]89[.]102/poll8trafficcpu/gameFlowerLocal/update/CpugeneratorTotrack/Testpipe/Secure/DatalifeCpu/Uploads5/93Image0/downloadsProton6/providercpuSqlflowerasynclocaluploads[.]php hxxp://372451cm[.]nyashtech[.]top/geoLongpollbaselinuxTraffictrackdatalifeTemporary[.]php hxxp://109[.]107[.]182[.]163/aaaad/httppacketcpubigloadGeneratorWordpressprivateTemporary[.]php hxxp://88888cl[.]nyashtyan[.]top/nyashsupport[.]php hxxp://159[.]89[.]17[.]81/Polltrack2/traffic3/6Datalife9/Line0Api/PrivateVmApi/Wpwindows6/Server3Image/FlowerWindowsWindows/WordpressPublicTest/MariadbAsyncwordpress/1Sql/phpTrackTestTemporary/Http/8Eternal0/httpapiDefaultCdn[.]php hxxp://386958cm[.]nyashsens[.]top/vmDleCentral[.]php	DCRat
URL	hxxps://185[.]11[.]61[.]219/YWRmZmU3ODRmY2Q4/ hxxps://usdtzshlavkovavolvo[.]com/MGQ4MDE1ZDk3Nzc1/ hxxps://domnicaa[.]top/ZTZkNTJjNTkwYzk3/ hxxps://mine-495834[.]xyz/NmE4NzY2MmIzMTM2/ hxxps://feeeleen[.]top/ZTZkNTJjNTkwYzk3/ hxxps://mine-495834[.]info/NmE4NzY2MmIzMTM2/ hxxps://mine-495834[.]org/NmE4NzY2MmIzMTM2/ hxxps://mine-495834[.]net/NmE4NzY2MmIzMTM2/ hxxps://mine-495834[.]com/NmE4NzY2MmIzMTM2/	Coper
URL	hxxps://grantallardserver[.]com/data[.]php hxxps://casinovipclubs[.]com/cdn-vs/cache[.]php hxxps://casinovipclubs[.]com/cache/ezrgqnaww[.]php hxxps://snackfunp[.]com/GdL7ghmQ hxxps://gspiceyl[.]com/HH3w6zC6 hxxps://hmhsd[.]day[.]50adayplan[.]com/editContent hxxps://shizk[.]day[.]50adayplan[.]com/editContent	FAKEUPDATES
URL	hxxps://transfer[.]sh/get/WD631pf02G/msword[.]zip hxxps://transfer[.]sh/get/YqLLdAKXyI/c[.]bat	XWorm
URL	hxxps://transfer[.]sh/get/BueNjNJbg7/perl[.]exe hxxps://45[.]15[.]156[.]174/index[.]php/s/CefFzEEyLoFNDRw/download/yava[.]exe hxxps://transfer[.]sh/get/4Y5LoRCqsQ/Google%20Web%20update[.]exe hxxps://transfer[.]sh/get/KFB585VJjT/hfghhfd[.]exe hxxps://transfer[.]sh/get/DmHoEO9kbG/c[.]exe hxxps://github[.]com/perecrestock/joker1488/raw/main/1488_packlab[.]exe hxxps://transfer[.]sh/get/xhprrYqt4S/@MaloyLZT_packlab[.]exe	RedLine Stealer
URL	hxxp://15[.]204[.]38[.]209/files/File300un[.]exe	LgoogLoader
URL	hxxps://42[.]3[.]121[.]142/updates hxxp://120[.]24[.]179[.]84/j[.]ad hxxp://42[.]193[.]16[.]213:9981/pixel[.]gif hxxps://saturnexa[.]com/produce/editorial/YDPOBKJG	Cobalt Strike
URL	hxxp://94[.]228[.]162[.]3/auth/login hxxp://5[.]182[.]87[.]145/auth/login hxxp://147[.]45[.]75[.]185/auth/login hxxp://2[.]56[.]109[.]134/auth/login hxxp://5[.]42[.]73[.]251/auth/login hxxp://147[.]45[.]40[.]196/auth/login hxxp://147[.]45[.]40[.]99/auth/login hxxp://5[.]182[.]86[.]194/auth/login hxxp://212[.]113[.]116[.]110/auth/login hxxp://103[.]241[.]72[.]56/auth/login hxxp://139[.]180[.]191[.]68/auth/login	Meduza Stealer
URL	hxxps://api[.]telegram[.]org/bot5358754228:AAE42HAGW1bzIPxU7iVRC_96iDuHcwSjjVo/sendMessage?chat_id=5556872222 hxxps://llllllllllllllllllllllllllll[.]site/Abotihy[.]exe	Phemedrone Stealer
URL	hxxps://llllllllllllllllllllllllllll[.]site/Client[.]exe	NjRAT
URL	hxxps://llllllllllllllllllllllllllll[.]site/Build[.]exe	DBatLoader
URL	hxxps://miosecurezza[.]com/Financial_access hxxps://cdn[.]discordapp[.]com/attachments/1063900897270304770/1207265114458161172/4_npp[.]8[.]6[.]portable[.]x64[.]zip?ex=65df0441&is=65cc8f41&hm=d50d965ba1160c4938036ae1fe0c112aab97f4aa193b8c0af2c8084b3f541320& hxxps://miosecurezza[.]com/additional_details hxxps://www[.]joannamalecka[.]pl/wp-content/themes/twentytwenty/u7arje[.]php?id=1 hxxps://mediterraneaclean[.]com/wp-content/themes/twentythirteen/hcslmt[.]php?id=1 hxxps://mesabierta[.]org/wp-content/themes/twentytwentyone/nhdxtk[.]php?id=1 hxxps://miguelkhoury[.]com/web/wp-content/themes/twentytwenty/ayboiw[.]php?id=1 hxxps://www[.]itechatglance[.]com/wp-content/themes/twentytwentyone/tb9ayt[.]php?id=1 hxxps://wiseloose[.]com/wp-content/themes/twentytwentyone/sfodyf[.]php?id=1 hxxps://www[.]bianca-maria-roth[.]de/wp-content/themes/twentytwentyone/dyyxgt[.]php?id=1 hxxps://elperiodicopanama[.]com/elperiodico/wp-content/themes/twentytwentyfour/ahkmwa[.]php?id=1 hxxps://aquatest[.]it/wp-content/themes/hub/bbpress/ny9jlw[.]php?id=1	WikiLoader
URL	hxxps://nalmotor[.]com/lnTu//MgTQgEGHuDBSuZkVxOuIkH/A82E	CryptBot
URL	hxxps://emtelcommunications[.]com/tempate[.]exe	zgRAT
URL	hxxps://realponti[.]com/wfE/SdQ hxxps://globalpanelinc[.]com/wnx/fGb	Pikabot
URL	hxxps://github[.]com/thecoolest63/frms/raw/main/Client_450[.]exe	AsyncRAT
URL	hxxp://116[.]213[.]42[.]19:8010/libc010url[.]exe	YoungLotus
URL	hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0904-355f-b107-1d1adef9f9fa hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0902-335a-b5ea-cb36ceb34a2b hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0900-3289-a6cd-362bac037c0c hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0901-32da-92dc-d6bc77bc9e34 hxxp://ww25[.]searchseedphase[.]online/bot/regex?subid1=20240216-0903-3410-838e-a4f52d7bfbdf	Laplas
URL	hxxp://103[.]195[.]236[.]98/a-r[.]m-4[.]SNOOPY hxxp://103[.]195[.]236[.]98/m-i[.]p-s[.]SNOOPY	Bashlite

※ 特許取得済み（特許6716051号）/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」 — ▲「i-FILTER@Cloud Ｄアラート配信レポートサービス」の詳細はこちらから

不正URLへのアクセス、不正メールの受信

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Ｄアラート発信レポートサービス」というオプションもご用意しております