不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様4社 -
2026/04/20
※2026/04/20 更新
マルウェア感染させると考えられるURLを検知(2026/04/20)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://62[.]60[.]226[.]159/nk[.]exe | SmokeLoader |
| URL | hxxps://decrnoj[.]club/xxx hxxps://pomflgf[.]vu/help hxxps://carytui[.]vu/caccc hxxps://mushxhb[.]best/info hxxps://genugsq[.]best/main hxxps://ulmudhw[.]shop/create hxxps://strikql[.]shop/owner hxxps://longmbx[.]click/manifest |
Lumma Stealer |
| URL | hxxps://antekmakina[.]com[.]tr/bots[.]php?data= hxxps://antekmakina[.]com[.]tr/bots[.]php?page= hxxps://dgskofgjsdkfgm[.]pro/goog[.]js hxxps://difftells[.]com/L3Cfeb hxxps://install-claude[.]com/install[.]ps1 hxxps://gemini-console[.]com/install[.]ps1 |
IClickFix |
| URL | hxxps://microservisetrue[.]vip/fwefwe324234234rgeffwehtrwyrhtrhtqwfqwd31443wefefwwfer3232fewwefwefwefqgrqwtherergqefwefqweqfwqf32fefwsda/uploads/EFewefwewFEW342234423234feWEEFWWefewefweffewwefEWF[.]php?file=333[.]exe hxxps://bigblograin[.]bond/files/FAvFf4V3[.]exe hxxps://mygoodblog[.]sbs/files/FAvFf4V3[.]exe hxxps://mygoodblog[.]cyou/files/FAvFf4V3[.]exe hxxps://beacon-mysummitfcu[.]org/files/FAvFf4V3[.]exe hxxps://productionmaza[.]sbs/files/FAvFf4V3[.]exe hxxp://158[.]94[.]210[.]248/files/FAvFf4V3[.]exe hxxps://goodgoodmoon[.]bond/files/FAvFf4V3[.]exe hxxp://mygoodblog[.]bond/files/FAvFf4V3[.]exe hxxps://biggestchlen[.]xyz/files/FAvFf4V3[.]exe hxxps://krempie[.]xyz/files/FAvFf4V3[.]exe hxxps://bigbadwolf[.]click/files/FAvFf4V3[.]exe hxxp://brukva[.]shop/files/FAvFf4V3[.]exe hxxps://bestwebchlen[.]cyou/files/FAvFf4V3[.]exe hxxps://microblob[.]bond/files/FAvFf4V3[.]exe hxxps://mygoodblog[.]bond/files/FAvFf4V3[.]exe hxxps://sirata[.]asia/files/FAvFf4V3[.]exe hxxp://myverifhouse[.]sbs/files/FAvFf4V3[.]exe hxxp://allplanetssame[.]cfd/files/FAvFf4V3[.]exe hxxps://mrazotalog[.]lol/files/FAvFf4V3[.]exe hxxps://myverifhouse[.]sbs/files/FAvFf4V3[.]exe hxxps://brukva[.]shop/files/FAvFf4V3[.]exe hxxps://productionmaza[.]cyou/files/FAvFf4V3[.]exe hxxps://antongandon[.]club/files/FAvFf4V3[.]exe hxxps://allplanetssame[.]cfd/files/FAvFf4V3[.]exe hxxp://bigboysclub[.]cyou/files/FAvFf4V3[.]exe hxxps://productionmaza[.]cfd/files/FAvFf4V3[.]exe hxxp://cloudflare-check[.]cfd/files/FAvFf4V3[.]exe hxxp://myverifyblog[.]sbs/files/FAvFf4V3[.]exe hxxps://158[.]94[.]210[.]248/files/FAvFf4V3[.]exe hxxps://mybiggestjoy[.]bond/files/FAvFf4V3[.]exe hxxps://mymicroblog[.]lat/files/FAvFf4V3[.]exe hxxps://cloudflare-check[.]cfd/files/FAvFf4V3[.]exe hxxp://mybiggestjoy[.]bond/files/FAvFf4V3[.]exe hxxp://mrazotalog[.]lol/files/FAvFf4V3[.]exe hxxp://denegnet[.]click/files/FAvFf4V3[.]exe hxxp://blatnoitovar[.]xyz/files/FAvFf4V3[.]exe hxxp://mymicroblog[.]lat/files/FAvFf4V3[.]exe hxxps://diddyparty[.]click/files/FAvFf4V3[.]exe hxxp://etokrol[.]lol/files/FAvFf4V3[.]exe hxxps://bigboysclub[.]cyou/files/FAvFf4V3[.]exe hxxps://blatnoitovar[.]xyz/files/FAvFf4V3[.]exe hxxps://merengagoi[.]bond/files/FAvFf4V3[.]exe hxxps://myverifyblog[.]sbs/files/FAvFf4V3[.]exe hxxp://productionmaza[.]cyou/files/FAvFf4V3[.]exe hxxps://etokrol[.]lol/files/FAvFf4V3[.]exe hxxps://gooddogshop[.]click/files/FAvFf4V3[.]exe hxxp://diddyparty[.]click/files/FAvFf4V3[.]exe hxxps://denegnet[.]click/files/FAvFf4V3[.]exe hxxp://productionmaza[.]cfd/files/FAvFf4V3[.]exe hxxps://blobtop[.]sbs/files/FAvFf4V3[.]exe hxxp://ts[.]bhaaratkeeshakti[.]vip/fwefwe324234234rgeffwehtrwyrhtrhtqwfqwd31443wefefwwfer3232fewwefwefwefqgrqwtherergqefwefqweqfwqf32fefwsda/uploads/EFewefwewFEW342234423234feWEEFWWefewefweffewwefEWF[.]php?file=333[.]exe |
Vidar |
| URL | hxxps://bandgarms[.]com/DGSOAFYJKXROATIQSWNZ hxxps://screenshot[.]finance/MSI_131810[.]png |
XWorm |
| URL | hxxps://everycarebd[.]com/image222[.]png hxxps://everycarebd[.]com/image77490p[.]png hxxps://everycarebd[.]com/imagecdg09[.]png hxxps://everycarebd[.]com/image09iug0[.]png hxxps://corwineagles[.]com/masse[.]png hxxps://everycarebd[.]com/imagepoiuy0[.]png hxxps://everycarebd[.]com/imageiuyre99[.]png hxxps://everycarebd[.]com/imageven098[.]png hxxps://everycarebd[.]com/imagesddff00[.]png hxxps://everycarebd[.]com/imagehola21[.]png hxxps://everycarebd[.]com/imageYYYY1[.]png hxxps://everycarebd[.]com/imagelokoko222[.]png hxxps://everycarebd[.]com/imagefresk090[.]png hxxps://solar-sanat[.]net/imagedan73[.]png hxxps://corwineagles[.]com/desk[.]png hxxps://zorvex[.]life/Ao/images[.]png hxxps://allsydevs[.]com/wp-admin/image[.]png hxxps://www[.]shcgroup-vn[.]com/image[.]png hxxps://everycarebd[.]com/imagecopy777[.]png hxxps://everycarebd[.]com/image099[.]png hxxps://insureongo[.]net/armistixconp[.]zip |
PureRAT |
| URL | hxxp://62[.]60[.]226[.]159/spd[.]exe | BlankGrabber |
| URL | hxxps://github[.]com/hopeinfully/Silentum-Spoofer/raw/refs/heads/main/Silentum_Spoofer[.]exe hxxps://raw[.]githubusercontent[.]com/hopeinfully/Silentum-Spoofer/refs/heads/main/Silentum_Spoofer[.]exe hxxps://github[.]com/mixteens/FiveM-Spoofer/raw/refs/heads/main/CFXBypass[.]exe hxxps://raw[.]githubusercontent[.]com/mixteens/FiveM-Spoofer/refs/heads/main/CFXBypass[.]exe hxxps://raw[.]githubusercontent[.]com/jahredip/Silentum-Spoofer/refs/heads/main/Silentum_Spoofer[.]exe hxxps://github[.]com/jahredip/Silentum-Spoofer/raw/refs/heads/main/Silentum_Spoofer[.]exe hxxps://raw[.]githubusercontent[.]com/trustnobodys/FiveM-Spoofer/refs/heads/main/CFXBypass[.]exe hxxps://github[.]com/trustnobodys/FiveM-Spoofer/raw/refs/heads/main/CFXBypass[.]exe hxxps://github[.]com/atteriss/Silentum-Spoofer/raw/refs/heads/main/Silentum_Spoofer[.]exe hxxps://raw[.]githubusercontent[.]com/atteriss/Silentum-Spoofer/refs/heads/main/Silentum_Spoofer[.]exe hxxps://raw[.]githubusercontent[.]com/fornessa/Silentum-Spoofer/refs/heads/main/Silentum_Spoofer[.]exe hxxps://goldspins[.]club/gate hxxps://github[.]com/fornessa/Silentum-Spoofer/raw/refs/heads/main/Silentum_Spoofer[.]exe hxxps://github[.]com/landeliur/FiveM-Spoofer/raw/refs/heads/main/CFXBypass[.]exe hxxps://raw[.]githubusercontent[.]com/landeliur/FiveM-Spoofer/refs/heads/main/CFXBypass[.]exe |
SantaStealer |
| URL | hxxps://api[.]telegram[.]org/bot8515322474:AAHGZdgLy7ycjAJmhh4Ut2a8pcZtHPCIh2U/sendMessage?chat_id=5229075943 hxxps://api[.]telegram[.]org/bot8525025862:AAH0P4DSwyHm90tqc8Dni0Yz87j3g_viE6U/sendMessage?chat_id=7629232865 hxxps://banglabillboard[.]com/assets/images/knSkgpc[.]txt hxxps://officials[.]ink/image[.]png hxxps://vault88x[.]secure-efficient2[.]su/MSI_133213[.]png hxxps://vault88x[.]secure-efficient2[.]su/img_151624[.]png hxxps://krikadoo[.]com/wordpress/update[.]ps1 hxxps://banglabillboard[.]com/assets/images/iFmkhdg[.]txt hxxps://walnuthillcounseling[.]com/wp-admin/network/wp-includes/pol/assets/css/update[.]ps1 hxxps://vault88x[.]secure-efficient2[.]su/img_071936[.]png |
Stealerium |
| URL | hxxp://176[.]65[.]148[.]173/mips hxxp://176[.]65[.]148[.]203/bins/xnxnxnxnxnxnxnxnarmv7lxnxn hxxp://176[.]65[.]148[.]173/x86_64 hxxp://65[.]87[.]7[.]5/mipsel hxxp://65[.]87[.]7[.]5/hik/h[.]lspm hxxp://85[.]11[.]167[.]21/m68k hxxp://85[.]11[.]167[.]21/mipsel hxxp://85[.]11[.]167[.]21/ppc hxxp://85[.]11[.]167[.]21/i686 hxxp://85[.]11[.]167[.]21/arm61 hxxp://85[.]11[.]167[.]21/586 hxxp://85[.]11[.]167[.]21/dss hxxp://85[.]11[.]167[.]21/sh4 hxxp://85[.]11[.]167[.]21/co hxxp://65[.]87[.]7[.]5/arc hxxp://65[.]87[.]7[.]5/rhombus hxxp://65[.]87[.]7[.]5/hik/h[.]cra hxxp://65[.]87[.]7[.]5/circle hxxp://85[.]11[.]167[.]21/sex[.]sh hxxp://85[.]11[.]167[.]21/dc hxxp://85[.]11[.]167[.]21/mips hxxp://89[.]190[.]156[.]34/Demon[.]sparc hxxp://89[.]190[.]156[.]34/Demon[.]arm7 hxxp://89[.]190[.]156[.]34/Demon[.]arm6 hxxp://89[.]190[.]156[.]34/bins[.]sh hxxp://89[.]190[.]156[.]34/Demon[.]mips hxxp://176[.]65[.]139[.]115/FBI[.]sh4 hxxp://176[.]65[.]139[.]115/FBI[.]i686 hxxp://176[.]65[.]139[.]115/FBI[.]arm6 hxxp://176[.]65[.]139[.]115/FBI[.]x86 hxxp://176[.]65[.]139[.]115/FBI[.]arm7 hxxp://176[.]65[.]139[.]115/FBI[.]arm5 hxxp://176[.]65[.]139[.]115/FBI[.]mpsl hxxp://176[.]65[.]139[.]115/FBI[.]ppc hxxp://176[.]65[.]139[.]115/FBI[.]mips hxxp://176[.]65[.]134[.]30/mips |
Bashlite |
| URL | hxxp://172[.]245[.]95[.]30/12/img_175349[.]png hxxp://172[.]245[.]95[.]30/12/metrokingsformebetter[.]hta hxxps://genghis[.]yzz[.]me/MSI_095825[.]png hxxp://66[.]63[.]170[.]76/89/img_211914[.]png hxxp://104[.]238[.]189[.]239/img/optimized_MSI[.]png hxxp://66[.]63[.]170[.]76/89/givemebestthingswithbetterwithgreat[.]hta |
Remcos |
| URL | hxxps://sfunited[.]club/rrliha[.]vmp[.]msi | Loda |
| URL | hxxp://quebecsereinhalcyon[.]com/c | DeerStealer |
| URL | hxxp://www[.]vame[.]be/csi/update[.]ps1 | Formbook |
| URL | hxxp://144[.]172[.]95[.]54/wem/fmhdAkc[.]txt | Snake Keylogger |
| URL | hxxps://248bestmoon[.]click/files/runtime[.]bin | Coinminer |
| URL | hxxps://pewweepor092[.]com/gate/ledger-asar hxxps://pewweepor092[.]com/gate/atomic-asar hxxps://pewweepor092[.]com/gate/exodus-asar hxxps://pewweepor092[.]com/gate/ledgerlive-asar hxxps://pewweepor092[.]com/gate hxxps://pewweepor092[.]com/gate/trezor-asar hxxps://pewweepor092[.]com/gate/chunk |
AMOS |
| URL | hxxps://xrplnode[.]dev/xrpl[.]php hxxps://xrplnode[.]dev/install |
NetSupportManager RAT |
| URL | hxxps://cwrtwright[.]com/g hxxps://cwrtwright[.]com/t hxxps://cwrtwright[.]com/file[.]js |
KongTuke |
| URL | hxxps://rzdwkgtc[.]chernichco5t[.]digital/?ublib=WUZlbCTAjNOluybN | ClearFake |
| URL | hxxp://62[.]60[.]226[.]159/np[.]exe | Neutrino |
