サイバーリスク情報提供 Dアラート 特許取得済み

不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様0 URLアクセスした
弊社お客様2
2024/02/22
※2024/02/22 更新
マルウェア感染させると考えられるURLを検知(2024/02/22) 
■IoC(※1)





Type:
IOC:
Signature:




URL
hxxps://skv[.]members[.]openarmscv[.]com/editContent
hxxps://ccsfc[.]members[.]openarmscv[.]com/editContent
hxxps://ccmk[.]members[.]openarmscv[.]com/editContent
hxxps://gzj[.]members[.]openarmscv[.]com/editContent
hxxp://posiit[.]com/get_file
hxxp://peeriosity[.]com/shared-services/j[.]js?
hxxp://posiit[.]com/cookies
hxxp://soundsend[.]com/traffic?uuid=
hxxp://chrome[.]freegeneratorai[.]com/intl/en/chrome/next-steps[.]html
hxxp://phpsearch[.]com/api/get_file_drop?offer=Chrome
hxxp://student-voice[.]com/api/set_v_2_new_uuid
hxxp://soundsend[.]com/?offer=Chrome
hxxps://mjxef[.]members[.]openarmscv[.]com/editContent
hxxps://wwk[.]members[.]openarmscv[.]com/editContent
hxxps://ads-quantum[.]com/cdn-vs/cache[.]php
hxxps://ads-quantum[.]com/cache/ezrgqnaww[.]php
hxxps://zej[.]members[.]openarmscv[.]com/editContent
hxxps://aphqj[.]members[.]openarmscv[.]com/editContent		
FAKEUPDATES




URL
hxxp://185[.]91[.]127[.]233/m-6[.]8-k[.]SNOOPY
hxxp://185[.]91[.]127[.]233/a-r[.]m-4[.]SNOOPY
hxxp://185[.]91[.]127[.]233/p-p[.]c-[.]SNOOPY
hxxp://185[.]91[.]127[.]233/x-8[.]6-[.]SNOOPY
hxxp://185[.]91[.]127[.]233/a-r[.]m-6[.]SNOOPY
hxxp://185[.]91[.]127[.]233/m-i[.]p-s[.]SNOOPY
hxxp://185[.]91[.]127[.]233/a-r[.]m-7[.]SNOOPY
hxxp://185[.]91[.]127[.]233/x-3[.]2-[.]SNOOPY
hxxp://185[.]91[.]127[.]233/a-r[.]m-5[.]SNOOPY
hxxp://185[.]91[.]127[.]233/s-h[.]4-[.]SNOOPY
hxxp://185[.]91[.]127[.]233/m-p[.]s-l[.]SNOOPY
hxxp://185[.]91[.]127[.]233/i-5[.]8-6[.]SNOOPY		
Bashlite




URL
hxxp://147[.]45[.]47[.]35/bDjkb2xSd/Plugins/clip64[.]dll
hxxp://147[.]45[.]47[.]35/bDjkb2xSd/Plugins/cred64[.]dll
hxxp://15[.]204[.]49[.]148/files/un[.]config[.]CfgEncFile
hxxp://15[.]204[.]49[.]148/files/2UN[.]config[.]CfgEncFile
hxxp://15[.]204[.]49[.]148/files/1UN[.]config[.]CfgEncFile		
Amadey




URL
hxxps://api[.]telegram[.]org/bot6731075855:AAFv2p-1odBHhSo9d28EfpRNYUd7GsORa8A/
hxxp://23[.]94[.]148[.]10/8080/ORR[.]txt
hxxps://kalnet[.]top/pages/legacyzx[.]exe
hxxps://paste[.]ee/d/JPr4M
hxxp://23[.]94[.]148[.]10/8080/oceanfishgood[.]vbs
hxxp://23[.]94[.]148[.]10/gh/dasleodasgoodtohearthathappinessgoodforeveryonegoodtogoforupdationvalidatetheupdationgoodfortogoforgood[.]doC
hxxps://api[.]telegram[.]org/bot7013847015:AAGJ9U6sgMmsBCQ0DNkHT8DYuslAtpiqCbA/
hxxps://api[.]telegram[.]org/bot6900011672:AAGYn3MKegYd1zTjvCLgpKWqQCU6dnOO61A/
hxxps://paste[.]ee/d/Gvp3u
hxxps://keskollc[.]top/pages/peterzx[.]exe
hxxp://goupbuy[.]com/dd/dd[.]exe
hxxps://keskollc[.]top/pages/newzx[.]exe
hxxp://172[.]245[.]214[.]91/tuesdayfileafternoon[.]vbs
hxxp://172[.]245[.]214[.]91/afternooniwalkupfromtheunclesunrisetoentereverywherefasterthanprevioustoenterpcfast[.]doC
hxxps://jialm[.]online/jO0tVWkVaK8UcUQmax[.]exe		
Agent Tesla




URL
hxxps://83[.]97[.]73[.]254/YzI4MGFhZjI2MmM5/
Coper




URL
hxxps://nrf2station[.]com/01u1w1[.]php?id=1
hxxps://fumicenter[.]com/w8rcye[.]php?id=1
hxxps://terravilla[.]fr/ui610y[.]php?id=1
hxxps://u3faktory[.]com/jz0tno[.]php?id=1
hxxps://traidinnovation[.]com/o2pmcb[.]php?id=1
hxxps://401cssabatino[.]com/sk5w8b[.]php?id=1
hxxps://ourzanzibar-portal[.]com/wdswbw[.]php?id=1
hxxps://www[.]alroaaacademy[.]com/s1btpl[.]php?id=1		
WikiLoader




URL
hxxps://amassmodel[.]top/pages/catzx[.]exe
Nanocore RAT




URL
hxxp://whitemansearch[.]shop/ClassroomEc[.]exe
Rhadamanthys




URL
hxxps://rourtmanjsdadhfakja[.]com/a
hxxp://rourtmanjsdadhfakja[.]com/kclddtnk
hxxps://rourtmanjsdadhfakja[.]com/jggmrogs
hxxps://rourtmanjsdadhfakja[.]com/pkfbetex
hxxps://computersupportexperts[.]com/css/cab/1%20(8)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(28)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(56)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(66)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(43)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(103)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(57)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(88)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(46)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(53)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(6)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(30)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(19)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(95)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(50)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(41)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(34)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(63)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(65)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(82)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(64)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(36)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(101)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(51)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(25)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(20)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(87)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(23)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(96)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(39)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(60)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(104)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(3)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(45)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(38)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(77)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(5)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(32)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(52)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(62)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(107)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(12)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(80)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(22)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(9)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(58)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(78)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(44)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(55)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(89)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(93)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(92)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(105)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(18)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(29)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(85)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(61)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(67)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(26)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(68)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(4)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(71)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(81)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(86)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(1)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(90)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(49)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(2)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(91)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(97)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(37)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(70)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(99)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(106)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(42)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(74)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(79)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(54)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(69)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(108)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(27)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(76)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(75)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(83)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(21)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(16)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(48)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(40)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(35)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(17)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(10)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(72)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(33)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(102)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(84)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(100)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(98)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(94)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(11)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(7)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(15)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(47)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(13)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(24)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(31)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(73)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(59)[.]vbs
hxxps://computersupportexperts[.]com/css/cab/1%20(14)[.]vbs		
DarkGate




URL
hxxps://mayanboats[.]com/wp-content/uploads/svc[.]exe
Azorult




URL
hxxps://buy-dnd[.]shop/pixel[.]gif
hxxps://81[.]19[.]138[.]57:4443/fwlink
hxxp://104[.]21[.]80[.]122:8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
hxxp://www[.]nkbiky[.]cn:8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
hxxp://www[.]ynpuning[.]cn:8080/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
hxxp://62[.]204[.]41[.]104:9090/beacon[.]exe
hxxp://62[.]204[.]41[.]104:9090/oci[.]dll
hxxp://34[.]168[.]39[.]155/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
hxxp://116[.]62[.]130[.]96:5555/IE9CompatViewList[.]xml
hxxps://1[.]117[.]60[.]33/g[.]pixel
hxxp://94[.]156[.]69[.]227/fwlink
hxxp://47[.]108[.]153[.]69:7777/pixel
hxxp://124[.]70[.]180[.]22:89/pixel
hxxp://116[.]62[.]130[.]96:4444/pixel[.]gif
hxxp://47[.]122[.]24[.]43:443/_/static/plugins/jquery/jquery[.]cookie[.]js
hxxp://68[.]183[.]111[.]170/dpixel
hxxps://185[.]196[.]10[.]62/ptj
hxxps://104[.]234[.]240[.]6/en_US/all[.]js
hxxp://152[.]136[.]100[.]26/pixel
hxxps://101[.]42[.]228[.]86/visit[.]js
hxxps://8[.]142[.]5[.]148/cm
hxxps://182[.]23[.]67[.]109/__utm[.]gif
hxxp://service-bvvdi136-1317500845[.]gz[.]tencentapigw[.]com/cx
hxxps://www[.]nbcnews[.]site/sm[.]css
hxxp://123[.]20[.]56[.]214:7777/ga[.]js
hxxp://134[.]122[.]75[.]115:26/activity
hxxps://134[.]122[.]75[.]115:444/IE9CompatViewList[.]xml
hxxps://43[.]138[.]212[.]90:14443/jquery-3[.]3[.]1[.]min[.]js
hxxps://218[.]94[.]206[.]222/jquery-3[.]3[.]1[.]min[.]js
hxxps://121[.]17[.]123[.]105/jquery-3[.]3[.]1[.]min[.]js
hxxps://116[.]211[.]153[.]240/jquery-3[.]3[.]1[.]min[.]js
hxxps://223[.]68[.]136[.]206/jquery-3[.]3[.]1[.]min[.]js
hxxps://61[.]159[.]80[.]241/jquery-3[.]3[.]1[.]min[.]js
hxxps://112[.]28[.]231[.]110/jquery-3[.]3[.]1[.]min[.]js
hxxps://120[.]39[.]197[.]231/jquery-3[.]3[.]1[.]min[.]js
hxxps://139[.]162[.]155[.]161/g[.]pixel
hxxps://193[.]168[.]173[.]45/en_US/all[.]js
hxxp://68[.]183[.]111[.]170/ca
hxxps://68[.]183[.]111[.]170/load		
Cobalt Strike




URL
hxxp://969727cm[.]nyashsens[.]top/externalserverTrackWordpresspublicprivate[.]php
hxxp://102822cm[.]nyashsens[.]top/GeoGeneratorwp[.]php		
DCRat




URL
hxxps://woodfeetumhblefepoj[.]shop/api
Lumma Stealer




URL
hxxp://141[.]98[.]11[.]208/x86[.]nn
MooBot




URL
hxxp://91[.]92[.]246[.]192/129edec4272dc2c8[.]php
hxxps://transfer[.]sh/get/PcxgCOQatq/MugRealistic[.]exe		
Stealc




URL
hxxp://rowtechequipments[.]com/iz/GmXqgExpUzCakBKX138[.]bin
hxxp://rowtechequipments[.]com/iz/Colmanh[.]pfb
hxxp://rowtechequipments[.]com/ud/avZfJWkxajgaFRZka1[.]bin
hxxp://rowtechequipments[.]com/ud/KmnYxrmEnquhScW82[.]bin
hxxp://rowtechequipments[.]com/ud/Kryb[.]hhp
hxxp://rowtechequipments[.]com/ud/Englobin[.]asi
hxxp://103[.]183[.]115[.]241/NguxStoiauhccvQclG223[.]bin
hxxp://103[.]77[.]243[.]121/HixanpxbsHI5[.]bin		
CloudEyE




URL
hxxps://sempersim[.]su/c1/fre[.]php
LokiBot




URL
hxxp://116[.]72[.]22[.]117:39137/Mozi[.]m
Mozi




URL
hxxp://def[.]bestsup[.]su/data/pdf/june[.]exe
hxxp://en[.]bestsup[.]su/data/pdf/may[.]exe
hxxp://budubed[.]com/search/?q=67e28dd86554fa2a495aa4197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978a071ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923b6f8bfb13c3e896
hxxp://bdtzxdp[.]com/search/?q=67e28dd8390bf679470afe4d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa45e8889b5e4fa9281ae978a771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ef714c4ed96923a		
Socks5 Systemz




URL
hxxp://www[.]pdfexplorerplugin[.]com/q1
XWorm






※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況(※2)
▽i-FILTER(※3)
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。

※ 特許取得済み(特許6716051号)/ Webサイトの改ざんの検知において特許を取得

「Dアラート」よりも詳細な情報に加え、適切な対処方法もご案内する
「i-FILTER@Cloud Dアラート発信レポートサービス」というオプションもご用意しております

「Dアラート発信レポートサービス」
▲「i-FILTER@Cloud Dアラート配信レポートサービス」の詳細はこちらから
イベント・セミナー情報