| A | B | C | D | E | F | G | H | I | J | K | L | M | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | 日付/date | 件名/subject | 送信元メールアドレス /Source mail address | メール記載 不審なリンク先URL /In-mail link or Attachment | 不審なリンク先URLからDLされるファイル or メールに添付されているファイル /Files downloaded from in-mail link or Files attached to mail | マルウェア/malware | 備考・参考情報/Remarks · Reference | |||||||
2 | ファイル名/file name | Virustotal結果&Hybrid-analysis結果 /Virustotal Result & Hybrid-analysis Result | Hash値(MD5) | Hash値(SHA-256) | マルウェアDL先URL/Malware download destination URL ※ファイルDL後、マルウェアをDLする際の通信先 | マルウェアDL先IPアドレス /Malware download destination IP | Hash値(SHA-256) | Virustotal結果&Hybrid-analysis結果 //Virustotal Result & Hybrid-analysis Result | ||||||
3 | 2019/10/10 | 現在のバージョン 一覧 情報 リマインダー ドキュメント Read Urgent New List Service General 最後のオプション メッセージを繰り返す 一覧 助けて コメント | 不明 | 添付 | (※)_10102019.doc (※).doc (※):任意の数字列、文字列\ | https://www.virustotal.com/gui/file/c461e4fa357bcf2a2d9638e28711e177143a688675eb23a99295b8868f03e845/details https://www.virustotal.com/gui/file/ce2e6e21e48a05808a066b20bf233ba3963336ce10d272e9b4589eec9de0c57a/detection https://www.virustotal.com/gui/file/fb847e82ace6fa7c71a842b528ac6c6854cb62edc6b3e168522900507d261c67/detection https://www.virustotal.com/gui/file/d83997e478df2c6fb110487f2456e8174b3ed5de8e3d7d09a91cb50f025c9805/detection https://www.virustotal.com/gui/file/da3298b69575a28bdf0e8f807c3968902b949ab5184d891bd8d30274e79c6157/detection https://www.virustotal.com/gui/file/b30f1fd09bd273e81121a512243511aff9534a5aeb4ded398b14f3e58b10f45f/detection | 0f5c3c10bbc1ad7b56f7555819d119e4 c1e6e54bd0f8926d72fd0371d54c2cb0 f2494f6411472efb8836fafb6458ff1a e9018ee5ec58b965bacc131fbd65b17a 50b5148523ed7df17b8e5028b319775b 8e76d75e8283b22b13b9db74732744de | c461e4fa357bcf2a2d9638e28711e177143a688675eb23a99295b8868f03e845 ce2e6e21e48a05808a066b20bf233ba3963336ce10d272e9b4589eec9de0c57a fb847e82ace6fa7c71a842b528ac6c6854cb62edc6b3e168522900507d261c67 d83997e478df2c6fb110487f2456e8174b3ed5de8e3d7d09a91cb50f025c9805 da3298b69575a28bdf0e8f807c3968902b949ab5184d891bd8d30274e79c6157 b30f1fd09bd273e81121a512243511aff9534a5aeb4ded398b14f3e58b10f45f | www.winzerhof-kridlo[.]com | 166.62.27[.]148 | 0ceb1ab2bc03b840c03b5fcaba8397ee8d0f3877b73fff22e7bc50ab5c596821 205e75b54f67ac0d99445adde7a91e94c56cfb5c4995878327027159f5562027 a1d4243b1e2380d5fc9d26ea036bd00c39f09cdcdfc1a3d2b699b5fc15cf29a0 0ceb1ab2bc03b840c03b5fcaba8397ee8d0f3877b73fff22e7bc50ab5c596821 | https://www.virustotal.com/gui/file/0ceb1ab2bc03b840c03b5fcaba8397ee8d0f3877b73fff22e7bc50ab5c596821/details https://www.virustotal.com/gui/file/205e75b54f67ac0d99445adde7a91e94c56cfb5c4995878327027159f5562027/details https://www.virustotal.com/gui/file/a1d4243b1e2380d5fc9d26ea036bd00c39f09cdcdfc1a3d2b699b5fc15cf29a0/details https://www.virustotal.com/gui/file/0ceb1ab2bc03b840c03b5fcaba8397ee8d0f3877b73fff22e7bc50ab5c596821/details | https://www.cc.uec.ac.jp/blogs/news/2019/10/20191010malwaremail.html 参考Tweet https://twitter.com/bomccss/status/1182090573416562689?s=20 https://twitter.com/58_158_177_102/status/1182149387989860352 | |
4 | 2019/09/27 | 現在のバージョン 一覧 情報 リマインダー ドキュメント Read Urgent New List Service General 最後のオプション メッセージを繰り返す 一覧 助けて 20190927 | 不明 | 添付 | (※).doc (※):任意の数字列、文字列 | https://www.virustotal.com/gui/file/16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1/detection https://www.virustotal.com/gui/file/1bca357b280ea92f2d7924c979aa02c0cfbe749a7cfcfe20a7d87250caef2229/detection https://www.virustotal.com/gui/file/1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732/detection https://www.virustotal.com/gui/file/7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0/detection https://www.virustotal.com/gui/file/afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd/detection | e87861c87bf97c152e8b1e095a72eba9 ee73e410bf60cff673e07a9d4e2dd110 8c3fa6da9f29e30b9ea92d806a0cbfc7 4aca10c6bf0b687b68e906101a57bc94 ca008b28325c9ba9d764ad30627de02d | 16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1 1bca357b280ea92f2d7924c979aa02c0cfbe749a7cfcfe20a7d87250caef2229 1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732 7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0 afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd | themodifiedzone[.]com limitsno[.]at/g32.bin myhomesitter[.]fun/images/ cloud-start[.]at/images/ mashallah[.]at/images/ | 18.217.99[.]164 | https://www.cc.uec.ac.jp/blogs/news/2019/09/20190927malwaremail.html ▼参考Tweet https://twitter.com/58_158_177_102/status/1177377062446743553?s=20 https://twitter.com/bomccss/status/1177381593477869568?s=20 | |||
5 | 2019/08/10 | Fw:Jin'in sakugen | 不明 | 添付 | Outlook_win10_zip.zip 2019-08-09.js pictures/incoming-email-icon.png | https://www.virustotal.com/gui/file/bfe057e08c0611616723f482bc52e30d73cf8a10847c24b704286765d2cae2bb/detection https://www.virustotal.com/gui/file/39b0db9ea4e466e16ffc1b315285141e5f5276b21f05d9be1e8ca401c75cb190/detection https://www.hybrid-analysis.com/sample/39b0db9ea4e466e16ffc1b315285141e5f5276b21f05d9be1e8ca401c75cb190?environmentId=100 https://www.virustotal.com/gui/file/9d939827550052750d53cad77e1ae7dc39e558fc502b8f8d9c92c53ccd99788c/detection | 26214198c785b5e58d89b371e6215db4 ab36e9913e1d6f5b26fe17d5c91935be 25cbb13749b77acd67dea6ac1f28e99e | bfe057e08c0611616723f482bc52e30d73cf8a10847c24b704286765d2cae2bb 39b0db9ea4e466e16ffc1b315285141e5f5276b21f05d9be1e8ca401c75cb190 9d939827550052750d53cad77e1ae7dc39e558fc502b8f8d9c92c53ccd99788c | hxxps://hobby-l0bby[.]com/aloten.bin | 195.123.226[.]45 | 170fb5a85a4ced558e24377594d9e6c6bf6d7427bc807b00c68af07b8e80f730 | https://www.virustotal.com/gui/file/170fb5a85a4ced558e24377594d9e6c6bf6d7427bc807b00c68af07b8e80f730/detection | https://www.cc.uec.ac.jp/blogs/news/2019/08/20190810malwaremail.html https://app.any.run/tasks/0394d7db-f7bd-4733-a128-9aaab2dda428/ https://app.any.run/tasks/b9bb5378-6325-4e14-a05c-90bf8cdd3b17/ 参考Tweet https://twitter.com/bomccss/status/1160106180812800000?s=20 | |
6 | 2019/07/16 | 支払文書 請求書詳細 添付請求書 | 不明 | 添付 | Invoice-(※).js (※):任意の数字列 | https://www.virustotal.com/gui/file/dd4afda4907659ce887a6316f35d4cb47470588334d32bf7a3c99984960e2fb2/detection https://www.virustotal.com/gui/file/d217261f6b23c97e06c0740d2c0b22ec11f9e8642d93a833369cc9787889ae2c/detection https://www.virustotal.com/gui/file/f6a93f3d835bdedb818f6a40f0869e3c5610695ef207cd8511bd9fd765662654/detection https://www.virustotal.com/gui/file/6abc5b917f4b6f5d5ef50ebd11a68fdbf005fe209e969a4f2d3d93787970a640/detection https://www.virustotal.com/gui/file/dffda9fbab7074b80ed8cc27e69f9aea8ae8f920e56c119cac88f6a831f86133/detection | a16ca30180844413dbdeeb79e115631e 412b8b20401348383085f052392d5e29 1c31de6fdf73580c374dad53d0782f64 1c1a3f6f7adf86817d1da4b1f7850791 9fa1eb79778d54103196980a06c98713 | dd4afda4907659ce887a6316f35d4cb47470588334d32bf7a3c99984960e2fb2 d217261f6b23c97e06c0740d2c0b22ec11f9e8642d93a833369cc9787889ae2c f6a93f3d835bdedb818f6a40f0869e3c5610695ef207cd8511bd9fd765662654 6abc5b917f4b6f5d5ef50ebd11a68fdbf005fe209e969a4f2d3d93787970a640 dffda9fbab7074b80ed8cc27e69f9aea8ae8f920e56c119cac88f6a831f86133 | hxxp://bibicity[.]ru/little.bin ▼C2 marcoplfind[.]at/images | 複数 | ▼参考Tweet https://twitter.com/58_158_177_102/status/1150932578062352384 https://twitter.com/bomccss/status/1150945022738460673 https://app.any.run/tasks/f05bd547-10c8-4333-b31e-fc77750cfda0/ https://app.any.run/tasks/e1ef1ff0-3971-4bcc-af3d-e91b9058566a/ | |||
7 | 2019/06/28 | 見積仕様サンプル | 不明 | 添付 | 発注書 - 仕様設計_pdf.rar 発注書 - 仕様設計_pdf.exe | https://www.virustotal.com/gui/file/630198a5b1a6a8068b17c4050f887d1a6d2d5c1945ebf2b72dcf1a6185eb0b9d/detection https://www.hybrid-analysis.com/sample/630198a5b1a6a8068b17c4050f887d1a6d2d5c1945ebf2b72dcf1a6185eb0b9d?environmentId=100 | b1454b83b750e15654ee562ab3c9e413 | 630198a5b1a6a8068b17c4050f887d1a6d2d5c1945ebf2b72dcf1a6185eb0b9d | ▼C2通信先 filmmagapp[.]ir/nusoap/nusoap/nusoap/nusoap/Panel/five/fre.php | https://app.any.run/tasks/b9c2fd5f-53f4-400f-83fd-d024ea2083cb/ ▼参考Tweet https://twitter.com/58_158_177_102/status/1144433076560224257 | ||||
8 | 2019/06/19 | Fw: | 不明 | 添付 | 1.doc.rar/1.doc.js 1.doc.zip/1.doc.js 19062019.doc.zip/19062019.doc.js M.doc.zip/M.doc.js New.doc.zip/New.doc.js new.zip/new.js | https://www.virustotal.com/gui/file/cf47c37195f0142f32b6ba21dfdf82b0d7396e222b16990f869bb5d369cecd34/detection https://www.virustotal.com/gui/file/916c5423976f271200a4d6833f28a9e855c2de6bec925cab18758d5d85fa8ac3/detection https://www.virustotal.com/gui/file/e4d9fffcfef56774a64ef084440864edb7cb57a013dd66a87064851b8601a1b1/detection | 3dabb24e4215f8d0a79df21969e93506 2832df6db2b33a193bcf35f90420e71c a26416000e0ed3a9942bb0c7c824c538 361d58b9b566cd2601fbe7b716929002 | cf47c37195f0142f32b6ba21dfdf82b0d7396e222b16990f869bb5d369cecd34 916c5423976f271200a4d6833f28a9e855c2de6bec925cab18758d5d85fa8ac3 9edfe3b9bace6ffb2f4d4402687b1ffc915f65ca22798dc85db0af3d271484a4 e4d9fffcfef56774a64ef084440864edb7cb57a013dd66a87064851b8601a1b1 | hxxp://bibicity[.]ru/x.exe | 複数 | b6222295c6c682aeb9079ac8dc975605d21e5215cd2b881012a208e084e5f508 | https://www.virustotal.com/gui/file/b6222295c6c682aeb9079ac8dc975605d21e5215cd2b881012a208e084e5f508/detection https://www.hybrid-analysis.com/sample/b6222295c6c682aeb9079ac8dc975605d21e5215cd2b881012a208e084e5f508?environmentId=100 | https://www.cc.uec.ac.jp/blogs/news/2019/06/201906190900malwaremail.html https://bomccss.hatenablog.jp/entry/2019/06/28/140319 https://app.any.run/tasks/1613f807-e2c1-48c4-9dde-a2306d3794f3/ ▼参考Tweet https://twitter.com/abel1ma/status/1141132433170956289 https://twitter.com/bomccss/status/1141161885003239424 | |
9 | 2019/06/17 | Re: 請求書の送付 ご案内[お支払い期限:06月18日] 請求書の件です。 契約書雛形のご送付 Re: 請求書送付のお願い FW: 請求書を送信致します。 請求書送付 | 不明 | 添付 | (※)_0001.xls (※)_(※)_00(※).xls (※):任意の数字列 | https://www.virustotal.com/gui/file/ba788469a01a0d131659d6e851ef3f6c568444960e09a4b2f260478b801a2e63/detection https://www.hybrid-analysis.com/sample/ba788469a01a0d131659d6e851ef3f6c568444960e09a4b2f260478b801a2e63/5d072f98038838ba3b3666ac https://www.virustotal.com/gui/file/0f6fdc6c9d0181616920be9e10316bdbd97c324892db9bb87ab8b9a8a8f60ead/detection https://www.hybrid-analysis.com/sample/0f6fdc6c9d0181616920be9e10316bdbd97c324892db9bb87ab8b9a8a8f60ead?environmentId=100 | cb367d83173184b3fdf99ddf0f19670b e59186518fc96dccbe58974654648c31 | ba788469a01a0d131659d6e851ef3f6c568444960e09a4b2f260478b801a2e63 0f6fdc6c9d0181616920be9e10316bdbd97c324892db9bb87ab8b9a8a8f60ead | ▼ステガノグラフィの通信先 hxxps://images2.imgbox[.]com/fb/a9/wH2ykZbz_o.png ・情報送信 hxxps://timenard.top/uploads/d2.php | 複数 | 0eaa4c797ede1afd32f2cfce63999cb3b375773f4805cd42e006f5d805985091 | https://www.virustotal.com/gui/file/0eaa4c797ede1afd32f2cfce63999cb3b375773f4805cd42e006f5d805985091/detection | https://www.cc.uec.ac.jp/blogs/news/2019/06/20196171600malwaremail.html https://bomccss.hatenablog.jp/entry/2019/06/28/140304 https://www.jc3.or.jp/topics/v_log/201906.html#d20190617 https://www.jc3.or.jp/topics/v_log/201906.html#d20190617b https://www.jc3.or.jp/topics/v_log/201906.html#d20190617c ▼参考Tweet https://twitter.com/bomccss/status/1140501996362817541 https://twitter.com/58_158_177_102/status/1140509569443086336 https://twitter.com/tmmalanalyst/status/1140527343988948993 ▼ステガノ画像 https://urlscan.io/result/c62f0ed0-c381-4225-a279-c6848f71cc30 https://app.any.run/tasks/fee2c560-32cb-4463-8027-3de2408e5cda/ | |
10 | 2019/06/17 | Fw:Jin'in sakugen Fw: | 不明 | 添付 | New http://Document.doc.zip / New Document.doc.js http://1.zip / 1.js | https://www.virustotal.com/gui/file/ee8866c237cdee19877ffc4f5aa612de74760f55706635527add43343ca23022/detection | 4363ad34c962dc1a0e874bdcc660947d 73669c4880ff23156051a01a39f1ee93 489336a1868b27067dd520cae803e54e | 50243a4797aa906ba25de58dcc39468f822af68e228c0d5f89b69f416e63d7d5 d3b72598c0aa0c5d0e32ce0854f69d3b9de8a33bacf0581352984f1dec6617e1 ee8866c237cdee19877ffc4f5aa612de74760f55706635527add43343ca23022 | hxxp://mondaydrem[.]ru/x.doc hxxp://interruption[.]ru/jd/t32.bin | 複数 | 0eaa4c797ede1afd32f2cfce63999cb3b375773f4805cd42e006f5d805985091 | https://www.virustotal.com/gui/file/0eaa4c797ede1afd32f2cfce63999cb3b375773f4805cd42e006f5d805985091/detection | https://www.cc.uec.ac.jp/blogs/news/2019/06/201906171045malwaremail.html https://bomccss.hatenablog.jp/entry/2019/06/28/140250 ▼参考Tweet https://twitter.com/abel1ma/status/1140419988370538496 https://twitter.com/bomccss/status/1140435885948669953 | |
11 | 2019/06/12 | Fw: | 不明 | 添付 | http://1.doc.zip / 1.doc.vbs http://info.zip / info.js | https://www.virustotal.com/gui/file/56d136e6303d8697fc71736d0d39fb83028eeaebbd66f69b6ab40ef7e80201d1/detection | c1161e4447126215ae32928d0e735f03 | 56d136e6303d8697fc71736d0d39fb83028eeaebbd66f69b6ab40ef7e80201d1 | hxxp://elievarsen[.]ru/1.doc C2 hxxp://marcoplfind[.]at/ | https://app.any.run/tasks/50168d8a-0a6b-47f8-8b6d-2ed6f2ba37c2/ https://bomccss.hatenablog.jp/entry/2019/06/28/140234 ▼参考Tweet https://twitter.com/abel1ma/status/1138609374283198466 https://twitter.com/58_158_177_102/status/1138616318557507584 https://twitter.com/bomccss/status/1138620211140030464 | ||||
12 | 2019/06/05 | 請求番号: (※) 決済確定のお知らせ 個人負担分ご案内 6月ご請求書 【おいくらご請求書の送付】2019年6月 5月分 請求書の件 (5月分)請求書の送付 請求書の送付 (※):任意の数字列 | 不明 | 添付 | ご請求書(2019年5月).xls | https://www.virustotal.com/gui/file/4f69c789843bb75617156dc7714c912f072a16d4eaf66a0ec5e69cbe6af5fe7f/detection https://www.hybrid-analysis.com/sample/4f69c789843bb75617156dc7714c912f072a16d4eaf66a0ec5e69cbe6af5fe7f?environmentId=100 | 1216b873e0564174095552d3f955adc1 | 4f69c789843bb75617156dc7714c912f072a16d4eaf66a0ec5e69cbe6af5fe7f | hxxps://firedron[.]top/uploads/IMG0065.jpg C2 ( #ursnif ) hxxps://paderson[.]top | 複数 | e55e3c3295a79b9e5ba3dd3436a6e87da3ec9d1a55fd5c31064cf4862a7582d8 | https://www.virustotal.com/gui/file/e55e3c3295a79b9e5ba3dd3436a6e87da3ec9d1a55fd5c31064cf4862a7582d8/detection | https://www.cc.uec.ac.jp/blogs/news/2019/06/201906051600malwaremail.html https://www.jc3.or.jp/topics/v_log/201906.html#d20190605b https://bomccss.hatenablog.jp/entry/2019/06/28/140217 ▼参考Tweet https://twitter.com/abel1ma/status/1136157903038033921 https://twitter.com/bomccss/status/1136161728994000897 https://twitter.com/58_158_177_102/status/1136162140283236352 https://twitter.com/tmmalanalyst/status/1136171324789813248 https://twitter.com/sugimu_sec/status/1136174175255650304 | |
13 | 2019/06/04 | Fw: | 不明 | 添付 | 1.zip /1.vbs document.zip/New document.vb | https://www.virustotal.com/gui/file/5ebf4bd25d3fb2d24a6d5388c35ac4530faf385e9d97a438538e3859e3c73a57/detection https://www.virustotal.com/gui/file/53ab1831b5a6908bb96ec8468375d23df0a700c37cbc77209e8ce9b02d8ea6a8/detection | f6fb7839eae68de1bbac786f2e07978f 8ae8935cd62800da163235662d2e2b98 2b030a995be13daaad326a4033e273a6 | 5ebf4bd25d3fb2d24a6d5388c35ac4530faf385e9d97a438538e3859e3c73a57 53ab1831b5a6908bb96ec8468375d23df0a700c37cbc77209e8ce9b02d8ea6a8 192f0c60efe93c4ac343a5f5687ce90a27de134d1abf1c74d22e2e3b1350fcb0 | hxxp://big-partynew[.]ru/1.doc hxxp://adonis-medicine.at/images/英数 hxxp://11totalzaelooop11[.]club/jd/t32.bin | 複数 | ac05f3d359c0e6f71cd541bcb2bfc70a0f2c60d76536246bcddada1012382f30 | https://www.virustotal.com/gui/file/ac05f3d359c0e6f71cd541bcb2bfc70a0f2c60d76536246bcddada1012382f30/detection | https://www.cc.uec.ac.jp/blogs/news/2019/06/201906041100malwaremail.html https://bomccss.hatenablog.jp/entry/2019/06/28/140200 ▼参考Tweet https://twitter.com/abel1ma/status/1135700763978547200 https://twitter.com/tmmalanalyst/status/1135715039174750208 https://twitter.com/58_158_177_102/status/1135719285102338048 https://twitter.com/bomccss/status/1135721813869072384 https://app.any.run/tasks/d2e5aa48-7520-4622-9de9-ef8549e7c50e/ https://app.any.run/tasks/d9c00372-f5da-4cd8-a50d-b7473e4ee33e/ https://app.any.run/tasks/b59c9642-aec4-49e1-8ed9-91c8cd019c22/ | |
14 | 2019/06/03 | Fw: | 不明 | 添付 | doc.zip / doc.js 1.zip / 1.js document.doc.js | https://www.virustotal.com/gui/file/02638eda5874939a760e16e51e1645008b71eec3dc0311df98ed2049bfecc6e3/detection https://www.hybrid-analysis.com/sample/02638eda5874939a760e16e51e1645008b71eec3dc0311df98ed2049bfecc6e3/5cf470f40288383c07f8f3f2 https://www.virustotal.com/gui/file/0a4fbfccdbea014427290c45c89b34fc039a3f88af69af41cb66687be0148574/detection https://www.virustotal.com/gui/file/1bafa2c4e72355736a60fcc1635e647a50219ce1f66abd7b528bf80405ac7176/detection | 3ade11c3d80fa1522a2a2c6462c3e0fe db08cf7cf4b8c0806ebb902484a6cf39 49a3d0e17db026acd45d119fe6007071 | 02638eda5874939a760e16e51e1645008b71eec3dc0311df98ed2049bfecc6e3 0a4fbfccdbea014427290c45c89b34fc039a3f88af69af41cb66687be0148574 1bafa2c4e72355736a60fcc1635e647a50219ce1f66abd7b528bf80405ac7176 | hxxp://big-partynew[.]ru/1.doc hxxp://adonis-medicine.at/images/英数 hxxp://11totalzaelooop11[.]club/jd/t32.bin | 複数 | 69b3a060ec4e5d3b0f2c46a9633b52dff9349e78815432181558ebec99238975 ff2aa9bd3b9b3525bae0832d1e2b7c6dfb988dc7add310088609872ad9a7e714 | https://www.virustotal.com/gui/file/69b3a060ec4e5d3b0f2c46a9633b52dff9349e78815432181558ebec99238975/details https://www.virustotal.com/gui/file/ff2aa9bd3b9b3525bae0832d1e2b7c6dfb988dc7add310088609872ad9a7e714/details | https://bomccss.hatenablog.jp/entry/2019/06/28/140140 ▼参考Tweet https://twitter.com/abel1ma/status/1135334745942810624 https://twitter.com/catnap707/status/1135335625282838528 https://twitter.com/bomccss/status/1135353132156743680 https://app.any.run/tasks/09c0bd11-864d-41d5-85b2-9344baa1d360 | |
15 | 2019/05/30 | ▼件名① 0[数字4桁]発注分 5/30送り状No報告 5月請求書の件 FW: 【重要連絡】 FW: 【(株) . 】 お支払案内書 ▼件名② 注文書の件 納品書フォーマットの送付 申請書類の提出 請求データ送付します 立替金報告書の件です。 ▼件名③ 0[数字4桁]発注分 お支払案内書 5月請求書の件 5/30送り状No報告 FW: 【(株) . 】 FW: 【重要連絡】 | 不明 | 添付 | ▼件名①の添付ファイル 請求書_(※).xls ▼件名②の添付ファイル D O C 00(※)2019(※).xls ▼件名③の添付ファイル 30052019(※).xls (※):任意の数字列 | https://www.virustotal.com/#/file/6f1bcd419a827a9dbdbfef3dfd228d75fdb9844a58f62c9d7a1584dbfb18046a/detection https://www.hybrid-analysis.com/sample/6f1bcd419a827a9dbdbfef3dfd228d75fdb9844a58f62c9d7a1584dbfb18046a?environmentId=100 https://www.virustotal.com/#/file/75d36c18778804666ea78c47498ea7e4e29e788d36866bcbd35db32d64ba2fc5/details https://www.hybrid-analysis.com/sample/75d36c18778804666ea78c47498ea7e4e29e788d36866bcbd35db32d64ba2fc5?environmentId=100 https://www.virustotal.com/#/file/042af9f28133aedbd4cb819eec856ccfb9efcf25976aac3ff479d589d9db26bf/detection https://www.hybrid-analysis.com/sample/042af9f28133aedbd4cb819eec856ccfb9efcf25976aac3ff479d589d9db26bf?environmentId=100 | cf00bd9418747f34c75aaa6bd37aa6d1 69cb26bc94e1e6f9f2a815853fb705c9 c1d4fdec8d5b569e45b82fdfa9e4d82b | 6f1bcd419a827a9dbdbfef3dfd228d75fdb9844a58f62c9d7a1584dbfb18046a 75d36c18778804666ea78c47498ea7e4e29e788d36866bcbd35db32d64ba2fc5 042af9f28133aedbd4cb819eec856ccfb9efcf25976aac3ff479d589d9db26bf | berdiset[.]top/uploads/QuotaManager hxxps://berdist[.]top/uploads/orders.rar C2 paderson[.]top/images/ | 5.8.88[.]24 | 79fca0988013c19b6bff7d664a033a454e447c3efffebff72a8f913cadd246be | https://www.virustotal.com/#/file/79fca0988013c19b6bff7d664a033a454e447c3efffebff72a8f913cadd246be/detection | https://www.cc.uec.ac.jp/blogs/news/2019/05/201905301620malwaremail.html https://www.jc3.or.jp/topics/v_log/201905.html#d20190530c https://www.jc3.or.jp/topics/v_log/201905.html#d20190530b https://bomccss.hatenablog.jp/entry/2019/06/02/225911 ▼参考Tweet https://twitter.com/abel1ma/status/1133982675977379840 https://twitter.com/bomccss/status/1133985313766891521 https://twitter.com/58_158_177_102/status/1133987926088404992 https://app.any.run/tasks/1e4ea053-75b6-4786-ab67-8f87df942bd0/ | |
16 | 2019/05/27 | ▼件名① 2019ご請求の件 Re: 2019ご請求の件 指定請求書 -指定請求書 Re:指定請求書 Fwd:指定請求書 注文書、請書及び請求書のご送付 Fw:注文書、請書及び請求書のご送付 Fwd:注文書、請書及び請求書のご送付 Re:注文書、請書及び請求書のご送付 RE:注文書、請書及び請求書のご送付 FW: 【再送】2019/2 仮版下送付】 【電話未確認】 ▼件名② (修正依頼) 修正版 出荷明細添付 券類発注書 発注分 追加 紙看板送付の件 ▼件名③ 写真添付 写真送付の件 | 不明 | 添付 | ▼件名①の添付ファイル 5.((※))-(※).xls ▼件名②の添付ファイル D O C N.(※) 2019_05.XLS ▼件名③の添付ファイル 2019_(※)_(※).xls (※):任意の数字列 | https://www.virustotal.com/#/file/531f1134ab8e3cdab18c02af57cd6e64843e696dece9aef0aa88910f3914b0c7/details https://www.hybrid-analysis.com/sample/531f1134ab8e3cdab18c02af57cd6e64843e696dece9aef0aa88910f3914b0c7?environmentId=100 https://www.virustotal.com/#/file/cb0b8a2c1ca33d89a2181e58a0948bd88f478a39af45d0b54c53913cd89a5aba/detection https://www.hybrid-analysis.com/sample/cb0b8a2c1ca33d89a2181e58a0948bd88f478a39af45d0b54c53913cd89a5aba?environmentId=100 https://www.virustotal.com/#/file/da8ed41834d775e686ce129518e23b9e5f6fb74dc0a55f66d2242862566a3cf0/detection https://www.hybrid-analysis.com/sample/da8ed41834d775e686ce129518e23b9e5f6fb74dc0a55f66d2242862566a3cf0?environmentId=100 | ddc0e90b30930442bed9360c81b89f96 e248de626ccf3853a5435a7014c2cdb5 f0adb76786ba07cd5bbd4a7fae1e8519 | 531f1134ab8e3cdab18c02af57cd6e64843e696dece9aef0aa88910f3914b0c7 cb0b8a2c1ca33d89a2181e58a0948bd88f478a39af45d0b54c53913cd89a5aba da8ed41834d775e686ce129518e23b9e5f6fb74dc0a55f66d2242862566a3cf0 | hxxps://paterdonga[.]com/uploads/HelpPanelS hxxps://paterdonga[.]com/uploads/sony.rar | 5.188.60[.]30 | 6d0728bb6e334f39e683f192d8e2c56b4b13f301263f8b33483c5be038145a65 | https://www.virustotal.com/#/file/6d0728bb6e334f39e683f192d8e2c56b4b13f301263f8b33483c5be038145a65/analysis/ | https://www.cc.uec.ac.jp/blogs/news/2019/05/201905271710malwaremail.html https://www.jc3.or.jp/topics/v_log/201905.html#d20190528 https://www.jc3.or.jp/topics/v_log/201905.html#d20190527c https://www.jc3.or.jp/topics/v_log/201905.html#d20190527b https://bomccss.hatenablog.jp/entry/2019/06/02/222745 ▼参考Tweet https://twitter.com/bomccss/status/1132909640860164097 https://twitter.com/58_158_177_102/status/1132914389974052864 https://twitter.com/sugimu_sec/status/1132916726574641153 https://twitter.com/tmmalanalyst/status/1132932052708282369 https://app.any.run/tasks/369bfef9-226f-44d4-8f37-b21efce10e31/ https://app.any.run/tasks/4cb6c0aa-c752-45b6-9c8f-855e691768e1/ https://app.any.run/tasks/8d861812-8a43-4573-830b-7f09c98c8980/ | |
17 | 2019/05/22 | Fw: | 不明 | 添付 | 1.doc.rar 1.doc.vbs | https://www.virustotal.com/#/file/f570a4423a9233cc114704769869308ddcfdd52e9e4376c4632370f6016f96e6/detection | 36f5665d1553becacbbb2561e0bfd458 | f570a4423a9233cc114704769869308ddcfdd52e9e4376c4632370f6016f96e6 | wex-notdead[.]ru | 複数 | e48a698a3b778afeb0aab38e3311e5644af17c2fb58b06e03b9de3a23922d13c | https://www.virustotal.com/#/file/e48a698a3b778afeb0aab38e3311e5644af17c2fb58b06e03b9de3a23922d13c/detection | https://bomccss.hatenablog.jp/entry/2019/05/30/132439 ▼参考Tweet https://twitter.com/abel1ma/status/1130983620666056706 https://twitter.com/bomccss/status/1130999889343574016 https://twitter.com/tmmalanalyst/status/1131025658119770113 | |
18 | 2019/05/21 | Fw: | 不明 | 添付 | (※).zip (※).js (※).vbs (※):任意の数字列 | https://www.hybrid-analysis.com/sample/4bb88ad92c9ebecff56fafcb3cd32a5234a54d6673b20be254a81094ae6acdd3/5ce3418a038838a072b87dd9 https://www.hybrid-analysis.com/sample/7929bdbb45f749fe47f2d8160adb5ebf94f939d10d73b2a7ab7a8c7d1e4edacb/5ce344a0028838c046784654 | 6ebd75968c02fbd4f283a4e170c6c358 c3479e1403f77146fb0e58f296f1d50f | 4bb88ad92c9ebecff56fafcb3cd32a5234a54d6673b20be254a81094ae6acdd3 7929bdbb45f749fe47f2d8160adb5ebf94f939d10d73b2a7ab7a8c7d1e4edacb | hxxp://www.binance-forever[.]ru/x[.]doc hxxp://adonis-medicine[.]at/images/~ | 複数 | 74843b188abbd998b2f77c1cec4444b551dff65381016112454d8f764c05542c | https://www.virustotal.com/#/file/74843b188abbd998b2f77c1cec4444b551dff65381016112454d8f764c05542c/detection https://www.hybrid-analysis.com/sample/74843b188abbd998b2f77c1cec4444b551dff65381016112454d8f764c05542c?environmentId=100 | https://bomccss.hatenablog.jp/entry/2019/05/30/132417 ▼参考Tweet https://twitter.com/abel1ma/status/1130626783080882177 https://twitter.com/catnap707/status/1130628913405710337 https://twitter.com/58_158_177_102/status/1130630378085965824 https://twitter.com/bomccss/status/1130653079576047616 https://app.any.run/tasks/19befd79-761f-403d-9b66-1c65a99557e4/ https://app.any.run/tasks/bc8ed2a8-db62-4c26-8353-334269b74bcf/ | |
19 | 2019/05/08 | Fw: | 不明 | 添付 | 1.doc.rar 1.doc.js | https://www.virustotal.com/#/file/1a7f51ba6717e468e0b63ee8980857ccc4753259a33a4aa70751e4bb91ed9bb7/detection https://www.hybrid-analysis.com/sample/1a7f51ba6717e468e0b63ee8980857ccc4753259a33a4aa70751e4bb91ed9bb7 https://www.virustotal.com/#/file/8c0ef645333dc452e5706684ccdc7c18dad991a63833149d4296710bf7ab6f3f/detection https://www.hybrid-analysis.com/sample/8c0ef645333dc452e5706684ccdc7c18dad991a63833149d4296710bf7ab6f3f?environmentId=100 https://www.virustotal.com/#/file/3b188f565b4bee7973c00b1ab9699b5116f2be488ce400c23bd15abdc17e68f4/detection https://www.virustotal.com/#/file/353fa5978b8fe75195660cf32e6321554535a107c8ddb4044674cb3b7b210b96/detection https://www.hybrid-analysis.com/sample/353fa5978b8fe75195660cf32e6321554535a107c8ddb4044674cb3b7b210b96?environmentId=100 | 9265b6409869fc8533677adcb107898f 1632c1dec230f1a50bd9ff4ed78289e2 1bcab18e3e62604eb108eaa4dfd4d338 b14a887d8a202c936d19bdfe74dfd408 | 1a7f51ba6717e468e0b63ee8980857ccc4753259a33a4aa70751e4bb91ed9bb7 8c0ef645333dc452e5706684ccdc7c18dad991a63833149d4296710bf7ab6f3f 3b188f565b4bee7973c00b1ab9699b5116f2be488ce400c23bd15abdc17e68f4 353fa5978b8fe75195660cf32e6321554535a107c8ddb4044674cb3b7b210b96 | hxxp://registry-cloud[.]ru/x[.]exe ▼ursnif C2 hxxp://11totalzaelooop11[.]club/jd/t32.bin hxxp://adonis-medicine[.]at/images/ | 複数 | ef5d61c73ae869e203ad1f7451ad7cdfad411a617290d91322ef8831d59fa0a2 | https://www.virustotal.com/#/file/ef5d61c73ae869e203ad1f7451ad7cdfad411a617290d91322ef8831d59fa0a2/detection | https://www.cc.uec.ac.jp/blogs/news/2019/05/201905081500malwaremail.html https://bomccss.hatenablog.jp/entry/2019/05/30/132349 ▼参考Tweet https://twitter.com/abel1ma/status/1125974359909101568 https://twitter.com/catnap707/status/1125977291060695042 https://twitter.com/catnap707/status/1125977868574515205 https://twitter.com/catnap707/status/1125980179489116160 https://twitter.com/58_158_177_102/status/1125983819478097921 https://twitter.com/bomccss/status/1125985782697582592 https://app.any.run/tasks/07b1e1a7-b452-4704-859c-f6d0c7dbe9e4 https://otx.alienvault.com/pulse/5cd25d32dc0543761fc0a84f | |
20 | 2019/05/07 | (有償)注文書 FW:(通知) RE: 通関 【訂正版】 建材発注書です 転送された画像 - From: 【2019年5月】請求額のご連絡 | 不明 | 添付 | (※)2019年5月.xls (※).xls (※):任意の数字列 | https://www.virustotal.com/#/file/5cb85d5bc7bc3eb44c747915f1b26a8bd923d32a5290424eeccb64e750b0fbe9/detection https://www.hybrid-analysis.com/sample/5cb85d5bc7bc3eb44c747915f1b26a8bd923d32a5290424eeccb64e750b0fbe9?environmentId=120 https://www.virustotal.com/#/file/2052b1c9455383827cc6d14da43249fd2172e6bdd82e1b782383391ac36baceb/detection https://www.hybrid-analysis.com/sample/2052b1c9455383827cc6d14da43249fd2172e6bdd82e1b782383391ac36baceb/5cd149b00388388a49c9f095 https://www.virustotal.com/#/file/9594fd5f94e1e6c6414e9158d00435fcc6c674735b6fa7f74b6e3c65507efe2c/detection | 498382fdc72dd468f1e4e5e3417f943e 1678c448ae0f7530fe2fa8d47bf5d9a3 e6350bcd799e54b78aa927ff9440942a | 5cb85d5bc7bc3eb44c747915f1b26a8bd923d32a5290424eeccb64e750b0fbe9 2052b1c9455383827cc6d14da43249fd2172e6bdd82e1b782383391ac36baceb 9594fd5f94e1e6c6414e9158d00435fcc6c674735b6fa7f74b6e3c65507efe2c | ▼ステガノグラフィの通信先 hxxps:// images2.imgbox[.]com/1b/a6/9pJo30dK_o.png hxxps://i.imgur[.]com/47xDq9v.png ▼bebloh C2 donersonma[.]com ▼ursnif C2 lidersonef[.]com/images/ | 5.188.60[.]27 5.188.60[.]35 | f440d9d94b5bd99437ae0959679bc4c21e7fd7352af6894e9017d171a110ddc8 | https://www.virustotal.com/#/file/f440d9d94b5bd99437ae0959679bc4c21e7fd7352af6894e9017d171a110ddc8/detection | https://www.jc3.or.jp/topics/v_log/201905.html#d20190507a https://www.jc3.or.jp/topics/v_log/201905.html#d20190507b https://www.cc.uec.ac.jp/blogs/news/2019/05/201905071615malwaremail.html https://bomccss.hatenablog.jp/entry/2019/05/30/132322 ▼参考Tweet https://twitter.com/58_158_177_102/status/1125661659203231745 https://twitter.com/bomccss/status/1125662803652534272 https://twitter.com/SugitaMuchi/status/1125668038735306752 https://twitter.com/abel1ma/status/1125675105487470594 ▼ステガノグラフィの画像 https://urlscan.io/result/14031655-d430-492e-a9b0-d8a705817685 https://app.any.run/tasks/868d2631-fe21-4a13-9b73-35f39d4c2fbd https://app.any.run/tasks/3b5dc859-7c08-4111-b398-9fa0667c4bfe https://otx.alienvault.com/pulse/5cd2456dc67339fac5b58c13 | |
21 | 2019/04/25 | Re: | 不明 | 添付 | (※).zip (※).js (※):任意の数字列 | https://www.virustotal.com/#/file/985ddf4d7f6c521b946cd62bcf621d7f3f4e78e8c2164c02351f9cb9eb7e3a64/detection https://www.virustotal.com/#/file/fd94742984aa544e655443fa4dad758288aaec94a0a10a9049c65d7387a7079a/detection https://www.virustotal.com/#/file/ba1fd6dd130d91182f9d0eb9e0c542b0982b87b4213bed08d0ccbd7827074f5c/detection https://www.hybrid-analysis.com/sample/fd94742984aa544e655443fa4dad758288aaec94a0a10a9049c65d7387a7079a?environmentId=120 | ab1a59246bc57aba72f266669b975d3b d57272d3a3b2d3815b5e17a7582848cd 0a940d03b77d951e2ccf07073c31eff7 | 985ddf4d7f6c521b946cd62bcf621d7f3f4e78e8c2164c02351f9cb9eb7e3a64 fd94742984aa544e655443fa4dad758288aaec94a0a10a9049c65d7387a7079a ba1fd6dd130d91182f9d0eb9e0c542b0982b87b4213bed08d0ccbd7827074f5c | hxxp://news-medias[.]ru/report.exe ■C2 hxxp://adonis-medicine.[a]t/images/~ | 複数 | 84a469121b3178ce52b18421e26efe685eac3b04c7306dfed433ed496c155c6d | https://www.virustotal.com/#/file/84a469121b3178ce52b18421e26efe685eac3b04c7306dfed433ed496c155c6d/detection | ▼参考Tweet https://twitter.com/tmmalanalyst/status/1121240340571099136 https://twitter.com/abel1ma/status/1121240393020928000 https://twitter.com/catnap707/status/1121246315474587648 https://twitter.com/bomccss/status/1121263998681276422 https://app.any.run/tasks/8fa71135-ecc2-437a-b172-764df12a8145 | |
22 | 2019/04/23 | NO-[(※)] 4/1-4/23発注 Re: (ご連絡) Re: お見積書ご依頼の件 [数字]購入依頼 【(※)】_発注 サービス請求書 出演順の確認のお願い 支払明細通知書 支払請求書 書類の件(※) 確認依頼 買取のご相談 運賃請求書の件 の陳述書 デスクトップ画像 写真 写真添付 支払い 画像 Fwd: 領収書添付させていただきます。 (※):任意の数字列 | 不明 | 添付 | (※)【封筒発注書・御見積書】.xls Doc_2019_(※).XLS (※):任意の数字列 | https://www.virustotal.com/#/file/9b6d27972b15e662c6a350e61b4a5418f8b1f466d28c57955b8c54e69ad8c735/detection https://www.hybrid-analysis.com/sample/9b6d27972b15e662c6a350e61b4a5418f8b1f466d28c57955b8c54e69ad8c735?environmentId=100 https://www.virustotal.com/#/file/7e503e168abecacb59aefada69b3642f1befddcc46d2df3e52e7979a1db75280/detection https://www.virustotal.com/#/file/1f23a246d4723c658e27f2175a2e4b075960e1df862a3d33f54364ee93f2d960/details https://www.hybrid-analysis.com/sample/1f23a246d4723c658e27f2175a2e4b075960e1df862a3d33f54364ee93f2d960?environmentId=100 | 1639bdddd81883d0e2ef413658f7b532 93c91b9a19708eeba6091c8199b58ce0 6f023dbef727ad7dacd7bcb2234b5967 | 9b6d27972b15e662c6a350e61b4a5418f8b1f466d28c57955b8c54e69ad8c735 7e503e168abecacb59aefada69b3642f1befddcc46d2df3e52e7979a1db75280 1f23a246d4723c658e27f2175a2e4b075960e1df862a3d33f54364ee93f2d960 | ▼ステガノグラフィの通信先 images2.imgbox[.]com/0a/66/PiqR9adi_o.png i65.tinypic[.]com/24eu7t1.png | https://www.jc3.or.jp/topics/v_log/201904.html#d20190423b https://www.jc3.or.jp/topics/v_log/201904.html#d20190423c https://www.jc3.or.jp/topics/v_log/201904.html#d20190423d https://www.jc3.or.jp/topics/v_log/201904.html#d20190424a https://www.cc.uec.ac.jp/blogs/news/2019/04/201904231545malwaremail.html ▼参考Tweet https://twitter.com/58_158_177_102/status/1120587264860381184 https://twitter.com/bomccss/status/1120585373925556224 https://twitter.com/abel1ma/status/1120590603136319489 ▼ステガノグラフィの画像 https://urlscan.io/result/ec245aab-0af3-4828-8ba3-9a72db1e3ef1 https://urlscan.io/result/460d7fa7-3434-4dba-80c0-702f2abf5d9f | ||||
23 | 2019/04/18 | Fw: Fax Jin'in sakugen | 添付 | document.zip / document.js newdoocument.doc.zip / newdoocument.doc.js doc.doc.zip /doc.doc.js | https://www.virustotal.com/#/file/21a11540298e4213077395cc5c8c4c52f52daea34760e088da8ef3fe0349341c/detection https://www.virustotal.com/#/file/c5b6298fe7b111ff8da613091289b550a5773048491dfb914410b7e800767b8a/detection https://www.virustotal.com/#/file/eb252e984ea45f9143d1c2b74fc5c503b5e29f8c13687a34927901788ccd7e24/detection https://www.hybrid-analysis.com/sample/eb252e984ea45f9143d1c2b74fc5c503b5e29f8c13687a34927901788ccd7e24?environmentId=100 https://www.hybrid-analysis.com/sample/21a11540298e4213077395cc5c8c4c52f52daea34760e088da8ef3fe0349341c/5cb7d7e20288389b40780b3a | f722903db64e18425d8b7798e9691307 4b7e316815b22642ba212ba9dd5bb810 4514e41f436c1f2ed68202eaea2a7c74 | 21a11540298e4213077395cc5c8c4c52f52daea34760e088da8ef3fe0349341c c5b6298fe7b111ff8da613091289b550a5773048491dfb914410b7e800767b8a eb252e984ea45f9143d1c2b74fc5c503b5e29f8c13687a34927901788ccd7e24 | hxxp://news-medias[.]ru/report.exe | 複数 | 2a453d8932de56f19f64053c55d441046df197dadad6b328875c85adbaf42fcc | https://www.virustotal.com/#/file/2a453d8932de56f19f64053c55d441046df197dadad6b328875c85adbaf42fcc/detection https://www.hybrid-analysis.com/sample/2a453d8932de56f19f64053c55d441046df197dadad6b328875c85adbaf42fcc?environmentId=100 | https://www.cc.uec.ac.jp/blogs/news/2019/04/20190418malwaremail.html ▼参考Tweet https://twitter.com/bomccss/status/1118703609066078208 https://twitter.com/abel1ma/status/1118704539199102979 | ||
24 | 2019/04/17 | 4月分 発注のお願い 請求書送付 ・ご契約金計算書 【添付書類】 【返信回答分】: FW: 【4月17日付】 FW: 【重要】 Fw: 納品書の修正の件 RE: お見積りの件 備品発注依頼書の送付 注依頼書の送付 | 不明 | 添付 | (※)株式会社(※).xls 新規 ドキュメントMicrosoft Excel(※).xls (※):任意の数字列 (※)(*).xls (※):任意の数字列 (*):任意のアルファベット | https://www.virustotal.com/#/file/d903c93164561ee4135920fba5d81f8b43d4586bfeef120aea8d87e6bcb17906/detection https://www.hybrid-analysis.com/sample/d903c93164561ee4135920fba5d81f8b43d4586bfeef120aea8d87e6bcb17906?environmentId=100 https://www.virustotal.com/#/file/17c7c60f81e7fec52fde305710670af7e7712834da3343e83ca45d82c8f63c78/detection https://www.virustotal.com/#/file/e12690fcab618fdec5f0337b8d1cf5cc9e72516ab1fa134ea7bf4b46f3a9c43c/detection https://www.hybrid-analysis.com/sample/e12690fcab618fdec5f0337b8d1cf5cc9e72516ab1fa134ea7bf4b46f3a9c43c?environmentId=120 | 63b5238b6889b5e665588dc4a8be43a6 fe01f55a59470fe9b56e6441eaaba2a2 05a1f73307956f4c50e11938e4ebe58d | d903c93164561ee4135920fba5d81f8b43d4586bfeef120aea8d87e6bcb17906 17c7c60f81e7fec52fde305710670af7e7712834da3343e83ca45d82c8f63c78 e12690fcab618fdec5f0337b8d1cf5cc9e72516ab1fa134ea7bf4b46f3a9c43c | ■bebloh pidobrake[.]com ▼ステガノグラフィの通信先 hxxps://i.imgur[.]com/Vyjnb0D.png hxxps://images2.imgbox[.]com/35/1c/s6iNsHg3_o.png hxxp:///ipunedtos[.]com/uploads/copies.rar | 5.188.231[.]189 | 08c73257797658dc869ff08f7287d415637fd8da13ba992b09f15faf904cc49a | https://www.virustotal.com/#/file/08c73257797658dc869ff08f7287d415637fd8da13ba992b09f15faf904cc49a/detection | https://www.cc.uec.ac.jp/blogs/news/2019/04/201904171650malwaremail.html https://www.jc3.or.jp/topics/v_log/201904.html#d20190417c https://www.jc3.or.jp/topics/v_log/201904.html#d20190417b https://www.jc3.or.jp/topics/v_log/201904.html#d20190418a https://www.jc3.or.jp/topics/v_log/201904.html#d20190418b ▼参考Tweet https://twitter.com/abel1ma/status/1118410956109836288 https://twitter.com/58_158_177_102/status/1118416496886071297 https://twitter.com/bomccss/status/1118417703125938176 https://twitter.com/SugitaMuchi/status/1118427820160454656 https://app.any.run/tasks/3344bc60-be30-47ed-80db-8b0a656b0135 https://app.any.run/tasks/2888f349-e52a-4982-8b75-ae1a1e913fe1 ▼ステガノグラフィの画像 https://urlscan.io/result/f78b9e47-4b1f-48d9-9680-61dd2a9efd3b/ https://urlscan.io/result/deb9bc5e-fb4f-4972-bcb1-fdabe5aa7bc7 | |
25 | 2019/04/17 | Fw: Fw: staff reduction | 不明 | 添付 | document.zip / document.js newdoocument.doc.zip / newdoocument.doc.js doc.doc.zip /doc.doc.js | https://www.virustotal.com/#/file/dc751dfa7a9e79b054edacbaaeddd7b925a17bae2f46078ae647dd70eefd693b/detection https://www.virustotal.com/#/file/473c5c266e29c45fb602abc3170b2f7a7ad8f4ab37c5aad689156c09f6546643/detection https://www.hybrid-analysis.com/sample/473c5c266e29c45fb602abc3170b2f7a7ad8f4ab37c5aad689156c09f6546643?environmentId=100 | 777a51ad40994b2776b0a97848158ed2 ded511e29369f7acb6eda285b028aca9 | dc751dfa7a9e79b054edacbaaeddd7b925a17bae2f46078ae647dd70eefd693b 473c5c266e29c45fb602abc3170b2f7a7ad8f4ab37c5aad689156c09f6546643 | hxxp://guebipk-mvd[.]ru/readx.exe | 複数 | 55488ce01710e4cd927b52f4a91c82dc6eba2325da70cb745599bbc864adae30 | https://www.virustotal.com/#/file/55488ce01710e4cd927b52f4a91c82dc6eba2325da70cb745599bbc864adae30/detection | ▼参考Tweet https://twitter.com/bomccss/status/1118312447050313728 https://twitter.com/abel1ma/status/1118328986331779072 https://app.any.run/tasks/23029dac-c9fa-42ee-9ee3-f0661276d506 https://app.any.run/tasks/0facf15f-0f12-4d93-866a-21a2caed97c2 | |
26 | 2019/04/16 | からの延滞請求書 サービス請求書 期限切れ請求書 請求書ステータスの更新 請求書 請求書の請求 | 不明 | 添付 | (※)_(※).doc (※):任意の数字列 | https://www.virustotal.com/#/file/94c595759b6415cf2b425f32194236b8d02e5d1f4a2399870b63f016480df6e7/detection https://www.virustotal.com/#/file/61c966fe80e7c16131ffb8c9fc58abad0e89705d575ec1016c4db578c3434a05/detection https://www.virustotal.com/#/file/57e601ceb23ca1be8b2a1dd44fb719c6a43885e3035c14265b8770dc009820db/detection https://www.virustotal.com/#/file/10103295f238be0472b32937b389e4bfdfb8e4b86359d1723672d58b8248de12/detection https://www.hybrid-analysis.com/sample/57e601ceb23ca1be8b2a1dd44fb719c6a43885e3035c14265b8770dc009820db?environmentId=100 https://www.hybrid-analysis.com/sample/94c595759b6415cf2b425f32194236b8d02e5d1f4a2399870b63f016480df6e7?environmentId=100 | f1ca1c12be7c2c2a7b1f5eb58be9bfae a41d35e0bee7e403e803363c40cc69cc d325943e4276fdcb75e378a81aba53e7 61466c73ec19fa8a684936603f06b75e | 94c595759b6415cf2b425f32194236b8d02e5d1f4a2399870b63f016480df6e7 61c966fe80e7c16131ffb8c9fc58abad0e89705d575ec1016c4db578c3434a05 57e601ceb23ca1be8b2a1dd44fb719c6a43885e3035c14265b8770dc009820db 10103295f238be0472b32937b389e4bfdfb8e4b86359d1723672d58b8248de12 | benitezcatering[.]com/wp-includes/oOOiL5/ dingesgang[.]com/wp-admin/rdZ/ easyneti[.]com/wp-content/4zI/ www.myhair4her[.]com/g9twdbi/AxU/ www.oscarolivas[.]com/wp-includes/w47 | 複数 | ddc1b2c1d484e30556ca560114a123d1e550f7a6e035cbcec5c8a06fcae65935 | https://www.virustotal.com/#/file/ddc1b2c1d484e30556ca560114a123d1e550f7a6e035cbcec5c8a06fcae65935/detection | ▼参考Tweet https://twitter.com/58_158_177_102/status/1118065938899668992 | |
27 | 2019/04/16 | Fw: | 不明 | 添付 | document.zip / document.js newdoocument.doc.zip / newdoocument.doc.js doc.doc.zip /doc.doc.js | https://www.virustotal.com/#/file/da955c3aa8d7c4173f3a4b41260c132ebd50ecd24c40f340f0ad0a8e0d9bde3b/detection https://www.virustotal.com/#/file/473c5c266e29c45fb602abc3170b2f7a7ad8f4ab37c5aad689156c09f6546643/detection https://www.hybrid-analysis.com/sample/473c5c266e29c45fb602abc3170b2f7a7ad8f4ab37c5aad689156c09f6546643/5cb53e8d038838ff0240c289 | 6d24d402bbe4ccff38ef4ea86955c605 ded511e29369f7acb6eda285b028aca9 | da955c3aa8d7c4173f3a4b41260c132ebd50ecd24c40f340f0ad0a8e0d9bde3b 473c5c266e29c45fb602abc3170b2f7a7ad8f4ab37c5aad689156c09f6546643 | 11totalzaelooop11[.]club/jd/t32.bin hxxp://guebipk-mvd[.]ru/readx.exe | 複数 | 79906eb8822c57340c9dd53059352a24c327b5bea44019623f2847d26abe4d5a cab3cc3cef5ab8dd40dfb83d25422bcbf9e3a7d424b0824ed6c756aebeaaf787 | https://www.virustotal.com/#/file/79906eb8822c57340c9dd53059352a24c327b5bea44019623f2847d26abe4d5a/detection https://www.hybrid-analysis.com/sample/79906eb8822c57340c9dd53059352a24c327b5bea44019623f2847d26abe4d5a?environmentId=100 https://www.virustotal.com/#/file/cab3cc3cef5ab8dd40dfb83d25422bcbf9e3a7d424b0824ed6c756aebeaaf787/detection | ▼参考Tweet https://twitter.com/abel1ma/status/1117961836375056384 https://app.any.run/tasks/f3bd5599-3699-4459-85d6-1e49784586a5 https://app.any.run/tasks/f4e43255-81ea-4eb9-9d53-25d44625f62b https://app.any.run/tasks/0543c458-936c-4777-a09c-620edcd34dfa | |
28 | 2019/04/15 | 読んでください 特別請求書 確認して承認してください。 [英字氏名]請求書を添付してください 請求書 の請求書 請求書の請求 注意事項:請求書 | 不明 | 添付 | (※)_(※).doc (※):任意の数字列 | https://www.virustotal.com/#/file/80a836c861b6a5d045d85aa9d3091035691b769ebdcd3b4de781f47c257049e7/detection https://www.hybrid-analysis.com/sample/80a836c861b6a5d045d85aa9d3091035691b769ebdcd3b4de781f47c257049e7?environmentId=100 https://www.virustotal.com/#/file/b9efa337bb020490860db5da805c1070416c28c3471cfc15cf10dad6e374baac/detection https://www.hybrid-analysis.com/sample/b9efa337bb020490860db5da805c1070416c28c3471cfc15cf10dad6e374baac?environmentId=100 https://www.virustotal.com/#/file/697892e7d72df8da7fe245e5a82fb5cc53f5a34deba8b4f794eafb62cdcdc4b4/detection https://www.hybrid-analysis.com/sample/697892e7d72df8da7fe245e5a82fb5cc53f5a34deba8b4f794eafb62cdcdc4b4?environmentId=100 https://www.virustotal.com/#/file/5a91b573157525fd97eb1adde4653a28f91c3b97fa28b30a3ddf45945c536b89/detection https://www.hybrid-analysis.com/sample/5a91b573157525fd97eb1adde4653a28f91c3b97fa28b30a3ddf45945c536b89?environmentId=100 | 929116540242d88367af42f66e1a0336 27605401f9d2948e6a86c98457485dd7 6F96482F2D2A78B02686EFBCFAE8138B 3AD0040B48E62E9CA22D52A68DE0966E | 80a836c861b6a5d045d85aa9d3091035691b769ebdcd3b4de781f47c257049e7 b9efa337bb020490860db5da805c1070416c28c3471cfc15cf10dad6e374baac 697892e7d72df8da7fe245e5a82fb5cc53f5a34deba8b4f794eafb62cdcdc4b4 5a91b573157525fd97eb1adde4653a28f91c3b97fa28b30a3ddf45945c536b89 | garammatka[.]com/cgi-bin/o569U/ hadrianjonathan[.]com/floorplans/vOec/ gamvrellis[.]com/MEDIA/heuMx/ warwickvalleyliving[.]com/images/wmGN/ rinconadarolandovera[.]com/calendar/5n5WY/ ▼通信先 ( C2 ) hxxp://88.215.2[.]29/ hxxp://187.137.162[.]145:443/ hxxp://65.49.60[.]163:443/ hxxp://45.33.35[.]103:8080 | 複数 | 9df200e21db8e6641818a865a3e492387e64d7b5050ae8710d5ab7ef7a897a91 | https://www.virustotal.com/#/file/9df200e21db8e6641818a865a3e492387e64d7b5050ae8710d5ab7ef7a897a91/detection | ▼参考Tweet https://twitter.com/58_158_177_102/status/1117697267194929154 https://twitter.com/bomccss/status/1117699624691650565 https://twitter.com/papa_anniekey/status/1117701864915517440 https://twitter.com/papa_anniekey/status/1117701864915517440 https://app.any.run/tasks/620abd44-7403-4c1c-880c-d811b133ce41 https://app.any.run/tasks/432bf798-b795-4f14-bb3e-a268f8798481 https://app.any.run/tasks/bd97488f-b5a7-494d-853d-5af1ac5ad84b https://app.any.run/tasks/eeaa4085-89cd-4de7-a5b5-e5673cd0a55d | |
29 | 2019/04/15 | Fw: Fw:HR Fw:list of employees to reduce | 不明 | 添付 | document.zip / document.js newdoocument.doc.zip / newdoocument.doc.js doc.doc.zip /doc.doc.js | https://www.virustotal.com/#/file/ae2502987bcd9ef5fd0a69c74eb229f10fa75f0c5ef9667b5086022c3dd8b0e4/detection https://www.virustotal.com/#/file/a903d07d638956c281699f6b461de14dc97198d8bfd25356eaaafb0eae663115/detection https://www.hybrid-analysis.com/sample/a8618b73af6706331e6e47d655bee5b0d08f3349ed7df70714c66296d000c1fc?environmentId=100 | 26060657c003eaee143e69ee5c32380c e29423faabc8cbe81c2485d4df3b8c91 bb1f6ba7497c8b8ebf96780e89589d52 | ae2502987bcd9ef5fd0a69c74eb229f10fa75f0c5ef9667b5086022c3dd8b0e4 a903d07d638956c281699f6b461de14dc97198d8bfd25356eaaafb0eae663115 a8618b73af6706331e6e47d655bee5b0d08f3349ed7df70714c66296d000c1fc | hxxp://instant-payments[.]ru/read.exe | 複数 | f5a5e7d86c3131b3f0a479fa55f35f8fa7c0ea7615b244752f96071156982071 | https://www.virustotal.com/#/file/f5a5e7d86c3131b3f0a479fa55f35f8fa7c0ea7615b244752f96071156982071/detection https://www.hybrid-analysis.com/sample/f5a5e7d86c3131b3f0a479fa55f35f8fa7c0ea7615b244752f96071156982071?environmentId=100 | https://bankingmalware.hatenablog.com/entry/2019/04/15/165434 ▼参考Tweet https://twitter.com/catnap707/status/1117631073574199298 https://twitter.com/abel1ma/status/1117631481419948033 https://twitter.com/58_158_177_102/status/1117632083688443904 https://twitter.com/bomccss/status/1117632578368884738 https://twitter.com/tmmalanalyst/status/1117637873165987842 https://app.any.run/tasks/195bee6a-f6b0-4edf-a3f4-41ec7040747b https://app.any.run/tasks/b254c863-1acd-41ac-bb40-65c8ed860ad6 | |
30 | 2019/04/12 | 請求書を添付してください あなたの請求書 サービス請求書 支払明細通知書 支払請求書 未請求書 毎月の請求書 注意事項:請求書 読んでください 特別請求書 期限切れ請求書 表示用の[英字氏名]アカウントの請求書 請求書[英字氏名] 請求書の請求 | 不明 | 添付 | (※)_(※).doc (※).doc (※)_2019_04_12.doc (※):任意の数字列 | https://www.virustotal.com/#/file/af77939a3206c6beeb32606423daeb8236413630ddd3846ac300d741d8809108/detection https://www.hybrid-analysis.com/sample/af77939a3206c6beeb32606423daeb8236413630ddd3846ac300d741d8809108?environmentId=100 https://www.virustotal.com/#/file/636c93930f056e403a2bdb2298f18c0b14542c0224fd0ba6ba3056d1367f9c75/detection https://www.hybrid-analysis.com/sample/636c93930f056e403a2bdb2298f18c0b14542c0224fd0ba6ba3056d1367f9c75?environmentId=100 https://www.virustotal.com/#/file/9bb3d3a40c0a57ee9a52bab10b2ec0efbf7d665238c421a68c266d356b81a671/detection https://www.hybrid-analysis.com/sample/9bb3d3a40c0a57ee9a52bab10b2ec0efbf7d665238c421a68c266d356b81a671?environmentId=100 https://www.virustotal.com/#/file/1eb3cc2781765f1c81bdef0390ba79fc2066fd1bd8ff5571baa64f4b0ca3441f/detection https://www.hybrid-analysis.com/sample/1eb3cc2781765f1c81bdef0390ba79fc2066fd1bd8ff5571baa64f4b0ca3441f?environmentId=100 https://www.virustotal.com/#/file/112278e446cc3c7f538089cae3eaf962b06218cae4bcd8fb9a0b493bc380507f/detection https://www.hybrid-analysis.com/sample/3044f43b040d476ac859f7f55a35f0e2332c86b60ae6703054b811e28ac61ed6?environmentId=100 https://www.virustotal.com/#/file/ef6ada5793d43fde8fe35d2228e7e4efaeec972120592708d53b7b4e040798cc/detection https://www.hybrid-analysis.com/sample/ef6ada5793d43fde8fe35d2228e7e4efaeec972120592708d53b7b4e040798cc?environmentId=100 https://www.virustotal.com/#/file/3044f43b040d476ac859f7f55a35f0e2332c86b60ae6703054b811e28ac61ed6/detection https://www.hybrid-analysis.com/sample/3044f43b040d476ac859f7f55a35f0e2332c86b60ae6703054b811e28ac61ed6?environmentId=100 | 48e6b0c0b0707045ff76094c64908532 6df1cef0a3ceeefe0045d48a1145a940 c8905bee9bf8c51132989d7ab0e2d445 ccd80c342a5ad41a1481cdfa79797075 b0b28e995ed8153abcd8bda599349623 049d89c4d62e5352a27f0682e6fa9cb3 60edd2ae9195b36042f4d156735ed161 | af77939a3206c6beeb32606423daeb8236413630ddd3846ac300d741d8809108 636c93930f056e403a2bdb2298f18c0b14542c0224fd0ba6ba3056d1367f9c75 9bb3d3a40c0a57ee9a52bab10b2ec0efbf7d665238c421a68c266d356b81a671 1eb3cc2781765f1c81bdef0390ba79fc2066fd1bd8ff5571baa64f4b0ca3441f 112278e446cc3c7f538089cae3eaf962b06218cae4bcd8fb9a0b493bc380507f ef6ada5793d43fde8fe35d2228e7e4efaeec972120592708d53b7b4e040798cc 3044f43b040d476ac859f7f55a35f0e2332c86b60ae6703054b811e28ac61ed6 | fumicolcali[.]com/wblev-6pox5-vpckk/4ih2 aussiescanners[.]com/forum/1IXQRH/ aussiescanners[.]com/cgi-sys/suspendedpage.cgi aussiescanners[.]com/forum/1IXQRH/ aussiescanners[.]com/26192RX/qW/ aupa[.]xyz/hJPug-2q3uyQ3NsqIgkO_tdeRPHsz-fF/dwvK/ aupa[.]xyz/forum/1IXQRH/ azedizayn[.]com/26192RX/qW/ sundarbonit[.]com/cgi-bin/mlEH/ 187.188.166[.]192/results/scripts/ringin/ | 31.172.86[.]183:8080 216.98.148[.]157:8080 187.188.166[.]192 | 25eb451e5c0208a7086ac6e89c0d22ac1d622d93cea5e1a37881f0eda2ced49e | https://www.virustotal.com/#/file/25eb451e5c0208a7086ac6e89c0d22ac1d622d93cea5e1a37881f0eda2ced49e/details | https://bomccss.hatenablog.jp/entry/2019/04/13/033005 https://bankingmalware.hatenablog.com/entry/2019/04/12/193744 https://bankingmalware.hatenablog.com/entry/2019/04/14/222814 ▼参考Tweet https://twitter.com/bomccss/status/1116592009265815553 https://twitter.com/58_158_177_102/status/1116608642621403136 https://twitter.com/gorimpthon/status/1116594132854566912 https://app.any.run/tasks/f06af0db-2dab-4b60-8b2b-5306f2f0608c https://app.any.run/tasks/5ca756d6-c7fa-4c4c-956b-5ef02fbd4ed2 https://app.any.run/tasks/e7702c62-99c3-4510-ba23-1f686276c7ba https://app.any.run/tasks/4e5bf1bf-060e-43f1-b02c-c365784cfb3d https://app.any.run/tasks/67d29087-f5d3-4f00-96ee-69e7aca2d832 | |
31 | 2019/04/10 | 4月分請求データ送付の件 6月度発注書送付 ご請求書を添付致しておりますので メールに添付された請求書デー 添付ファイルをご確認下さい。 | 不明 | 添付 | 「原本」・_(※).xls (※).「原本」・_(※).xls (※):任意の数字列 | https://www.virustotal.com/#/file/9dc6974b2e288fbeff404c6883cd1cf9ab4418b9f2bf43887f0ca5915d791a3d/detection https://www.hybrid-analysis.com/sample/9dc6974b2e288fbeff404c6883cd1cf9ab4418b9f2bf43887f0ca5915d791a3d?environmentId=100 https://www.virustotal.com/#/file/9de470efde8b4bea45fd849e80118fc3f68d1754910066442d7ffc0ad64e7e68/details https://www.hybrid-analysis.com/sample/9de470efde8b4bea45fd849e80118fc3f68d1754910066442d7ffc0ad64e7e68?environmentId=100 | 123ef5bc8d73a0e5747b4bb60c31d266 53824eb704a161a9e6bc437db64fd9d8 | 9dc6974b2e288fbeff404c6883cd1cf9ab4418b9f2bf43887f0ca5915d791a3d 9de470efde8b4bea45fd849e80118fc3f68d1754910066442d7ffc0ad64e7e68 | ▼C2アクセス先 ■bebloh omnifoxt[.]com ▼ステガノグラフィの通信先 hxxps://i.imgur[.]com/fC5Pcd2.png hxxps://images2.imgbox[.]com/b0/81/gHAGqQjt_o.png | 5.188.60[.]87 | 6a1d7d3ca8db53318373705a988967d3a46bd2656aab4a0e035374a38525594a | https://www.virustotal.com/#/file/6a1d7d3ca8db53318373705a988967d3a46bd2656aab4a0e035374a38525594a/detection | https://www.jc3.or.jp/topics/v_log/201904.html#d20190410 https://www.cc.uec.ac.jp/blogs/news/2019/04/201904101630malwaremail.html https://bomccss.hatenablog.jp/entry/2019/04/11/053014 https://bankingmalware.hatenablog.com/entry/2019/04/11/185324 ▼参考Tweet https://twitter.com/bomccss/status/1115886857475305474 https://twitter.com/abel1ma/status/1115889832704790529 https://twitter.com/58_158_177_102/status/1115890075236229120 https://twitter.com/harugasumi/status/1115898810834857984 https://twitter.com/SugitaMuchi/status/1115903308139565056 ▼ステガノグラフィの画像 https://urlscan.io/result/276c6eb7-712b-462e-be71-93822984efdc https://urlscan.io/result/0e4dbe0f-2c09-43b8-84ef-f5707b4292ca https://app.any.run/tasks/1f694df8-8770-465f-b736-4f94941a82d5 https://app.any.run/tasks/8c357b53-5a70-4c7b-870a-d954f7fe05b1 | |
32 | 2019/04/03 | 4月1日ご契約の件・初期費用のご請求書のご送付 RE: 【メール確認済】1/1 Re: 【再送】し依頼 【ご提出】 【連絡】2019.4.1 受注連絡 | 不明 | 添付 | 文書名 -scan-(※).xls (※):任意の数字列 | https://www.virustotal.com/#/file/a5294a62b4cd9eae6d53816f8335d4e4aa9e48e3947621383658ca595bea4da6/detection https://www.hybrid-analysis.com/sample/a5294a62b4cd9eae6d53816f8335d4e4aa9e48e3947621383658ca595bea4da6?environmentId=100 | 4e7768c1f32cf5da49f21bd81c2939f2 | a5294a62b4cd9eae6d53816f8335d4e4aa9e48e3947621383658ca595bea4da6 | ▼C2アクセス先 ■bebloh hxxps://gerdosan[.]com ■ursnif hxxps://sumeriun[.]com ▼通信先 ・stage1 hxxps://gerdosan[.]com/uploads/changed.pdf ・stage2 hxxps://images2.imgbox[.]com/c3/57/soU1A2HV_o.png hxxps://i.imgur.com/CPHK1L5[.]png | 5.8.88[.]205 | b4711b3330d0c54ed70ad1987d029e39e189f1fc4b95ae3843a6750b8a939cc8 7200d267e37d25bf3badb0c9b81e3054505b318a6e89bc228a701341d42ee7b0 | https://www.virustotal.com/#/file/b4711b3330d0c54ed70ad1987d029e39e189f1fc4b95ae3843a6750b8a939cc8/detection https://www.virustotal.com/#/file/7200d267e37d25bf3badb0c9b81e3054505b318a6e89bc228a701341d42ee7b0/detection | https://www.jc3.or.jp/topics/v_log/201904.html#d20190403b https://bomccss.hatenablog.jp/entry/2019/04/04/035229 https://bankingmalware.hatenablog.com/entry/2019/04/09/180239 https://app.any.run/tasks/b7b5f8b5-082d-48fa-8360-4b3763eb689a ▼参考Tweet https://twitter.com/bomccss/status/1113307083015720960 https://twitter.com/abel1ma/status/1113307623623786496 ▼通信先の画像 https://urlscan.io/result/3026d66d-c3d3-4e0d-8cbc-9bfe5cef69ce https://urlscan.io/result/623b9741-36b5-4eae-b1be-7832b604cd01 | |
33 | 2019/03/27 | ▼件名① 3月→ 3月の請求書を添付するので 【ご請求書】【ライフラインのご連絡先】 こちらの入金期日は3月15日の午後12時までと 請求書を添付いたします 郵送願います Faxください ▼件名② 写真送付の件 写真添付 | 不明 | 添付 | ▼件名①の添付ファイル名 201903.①._送付__(※).xls 20190327(※) (※).xls ▼件名②の添付ファイル名 2019年3月27日(※).xls (※)(*).xls (※):任意の数字列 (*):任意のアルファベット | https://www.virustotal.com/#/file/07395f413e04245a8f6cab5fa888c0f08878f07bac6ccc479aa89469bb443bd4/detection https://www.hybrid-analysis.com/sample/07395f413e04245a8f6cab5fa888c0f08878f07bac6ccc479aa89469bb443bd4?environmentId=120 https://www.virustotal.com/#/file/bdc6b56c659fefc41779bcd42064bc7ceae67a495407e786451747dea1539cc0/detection https://www.hybrid-analysis.com/sample/bdc6b56c659fefc41779bcd42064bc7ceae67a495407e786451747dea1539cc0?environmentId=100 https://www.virustotal.com/#/file/48bb5bc1399e43b0c07527a69935f6b2254686dbcfa544af4019e2ac1592baff/detection https://www.hybrid-analysis.com/sample/48bb5bc1399e43b0c07527a69935f6b2254686dbcfa544af4019e2ac1592baff?environmentId=100 https://www.virustotal.com/#/file/e2b647dc004532a5eaa72f29407fb06e4d3457596730814402602806fc8ab506/detection https://www.hybrid-analysis.com/sample/e2b647dc004532a5eaa72f29407fb06e4d3457596730814402602806fc8ab506?environmentId=100 | a47ca80dc480a9992e9a912e21668f72 1018500796dbc3dfac323f2510e598e7 faa225de2a679e0a28f2e5d384b1962c 4024b2481f4c6e80ed90de731ccf99ab | 07395f413e04245a8f6cab5fa888c0f08878f07bac6ccc479aa89469bb443bd4 bdc6b56c659fefc41779bcd42064bc7ceae67a495407e786451747dea1539cc0 48bb5bc1399e43b0c07527a69935f6b2254686dbcfa544af4019e2ac1592baff e2b647dc004532a5eaa72f29407fb06e4d3457596730814402602806fc8ab506 | onbraker[.]com podertan[.]com | 47.74.250[.]194 5.188.60[.]40 | a6fbfd13624dc34ff0dc1204d6eb7e9e1c12cbc2f3be37ca8dcb896ea7d9cef9 | https://www.virustotal.com/#/file/a6fbfd13624dc34ff0dc1204d6eb7e9e1c12cbc2f3be37ca8dcb896ea7d9cef9/detection | https://www.cc.uec.ac.jp/blogs/news/2019/03/20190327malwaremail.html https://www.jc3.or.jp/topics/v_log/201903.html#d20190328a https://www.jc3.or.jp/topics/v_log/201903.html#d20190328b https://bomccss.hatenablog.jp/entry/2019/03/28/032619 https://bomccss.hatenablog.jp/entry/2019/03/28/032619 https://app.any.run/tasks/6d5713b9-5cf9-4515-b4be-f2cb5d2970b8 ▼参考Tweet https://twitter.com/58_158_177_102/status/1110814560246587392 https://twitter.com/bomccss/status/1110823222591651841 https://twitter.com/abel1ma/status/1110830156770234369 https://twitter.com/harugasumi/status/1110835830732382208 https://twitter.com/SugitaMuchi/status/1110855600894672897 https://twitter.com/T2CERT/status/1111056321468497920 | |
34 | 20196/03/06 | 2019ご請求の件 【仮版下送付】 【電話未確認】 FW: 【再送】2019/2 Re: 2019ご請求の件 (※)指定請求書 (※)注文書、請書及び請求書のご送付 (※){Re: ,Fwd: , ,Fw: ,RE: , -}のいずれか | 不明 | 添付 | (※)_資料_(※).xls (※)_(※)_3.2019_3.xls 2019.(※)-(※).xls (※):任意の数字列 | https://www.virustotal.com/#/file/75a46329eed0e0a2948f4c5e35a3fda1e0f3a23d059ba019de33c654ff0e84fa/detection https://www.hybrid-analysis.com/sample/75a46329eed0e0a2948f4c5e35a3fda1e0f3a23d059ba019de33c654ff0e84fa?environmentId=100 https://www.virustotal.com/#/file/23e85ee19a2f46f4f462e72995b6a91616ea2f315908c1566c36cd0afc3aa200/detection https://www.hybrid-analysis.com/sample/23e85ee19a2f46f4f462e72995b6a91616ea2f315908c1566c36cd0afc3aa200?environmentId=100 https://www.virustotal.com/#/file/242e2204916bed88b609de716c73bbae757efb29dae863e66c5692682d47adc2/detection https://www.virustotal.com/#/file/66242a82beff9eedc3d61d04e8dc90369660f4d541269f40fdd1dd336f3ebd35/detection | c909568a2dce7a3214a6f2e131a74f9c 0ff3ba2b54f5cae7507b9a34a427d982 7e4d79738ac8797eda7f723aedaea336 485088239e67f783764bc23ede6188c1 | 75a46329eed0e0a2948f4c5e35a3fda1e0f3a23d059ba019de33c654ff0e84fa 23e85ee19a2f46f4f462e72995b6a91616ea2f315908c1566c36cd0afc3aa200 242e2204916bed88b609de716c73bbae757efb29dae863e66c5692682d47adc2 66242a82beff9eedc3d61d04e8dc90369660f4d541269f40fdd1dd336f3ebd35 | ▼C2アクセス先 baderson[.]com mopscat[.]com ▼ステガノグラフィの通信先 ・stage1 hxxps://mger[.]co/img/bycYJ.png hxxp://images2.imagebam[.]com/34/7d/0b/39d26e1152285004.png hxxps://images2.imgbox[.]com/aa/36/95SxVQiA_o.png hxxps://images2.imgbox[.]com/b7/02/ZuEIVn7e_o.png ・stage2 hxxps://i.postimg[.]cc/kn50Ph3h/6A.png hxxps://i.imgur[.]com/wRli0qz.png ・stage3 hxxps://images2.imgbox[.]com/25/39/dMnX3Y3Q_o.png hxxps://i.imgur[.]com/vwN9O7y.png | 多数 | 6badf0748ca6cbd4a1f1175dbb8a6dbbee1656c7086378418e1397bce025aa60 6847b98f36e96c3d967524811409e164746bea5ae021d44fbd6c7bfefe072582 | https://www.virustotal.com/#/file/6badf0748ca6cbd4a1f1175dbb8a6dbbee1656c7086378418e1397bce025aa60/detection https://www.hybrid-analysis.com/sample/6badf0748ca6cbd4a1f1175dbb8a6dbbee1656c7086378418e1397bce025aa60/5c7f92ec038838cb661f7314 https://www.virustotal.com/gui/file/6847b98f36e96c3d967524811409e164746bea5ae021d44fbd6c7bfefe072582/detection | https://www.jc3.or.jp/topics/v_log/201903.html#d20190306c https://www.jc3.or.jp/topics/v_log/201903.html#d20190306b https://www.cc.uec.ac.jp/blogs/news/2019/03/20190306malwaremail.html https://bomccss.hatenablog.jp/entry/2019/03/07/030925 https://app.any.run/tasks/2aa82cd3-7c60-4ada-b999-3b3504cab7e0 https://app.any.run/tasks/a2a7d5b1-c3e1-427d-89ba-881eabc85c83 ▼ステガノグラフィの画像 ・stage1 https://urlscan.io/result/cbb38f0d-db71-4180-a91a-014e54b7713e https://urlscan.io/result/6784ad45-c551-4928-b226-88485bb6a5c9 https://urlscan.io/result/9bec94c9-b5f0-4888-8a44-e4612e06535d ・stage2 https://urlscan.io/result/2a47932c-8f8e-4c14-bde3-876c97b8fc68 https://urlscan.io/result/28fe65e9-d806-488d-9f2f-3783ad7d423f ・stage3 https://urlscan.io/result/9536d6bb-f554-44d2-b2d8-fc8b07410269 https://urlscan.io/result/423767a8-67ad-4353-ba1b-a1608012b409 ▼参考Tweet https://twitter.com/58_158_177_102/status/1103203021758984194 https://twitter.com/abel1ma/status/1103197738710138882 https://twitter.com/bomccss/status/1103207249135075328 https://twitter.com/SugitaMuchi/status/1103225255575773185 https://twitter.com/catnap707/status/1103440462260559872 https://twitter.com/nao_sec/status/1103261384140177413 | |
35 | 2019/02/28 | 指定請求書 Fw:指定請求書 Fwd:指定請求書 RE:指定請求書 Re:指定請求書 -指定請求書 注文書、請書及び請求書のご送付 Fw:注文書、請書及び請求書のご送付 Fwd:注文書、請書及び請求書のご送付 RE:注文書、請書及び請求書のご送付 ※件名の先頭に、Re:、-、Fw:、Fwdも付与されている | 不明 | 添付 | (※)_(※)_(2019.2).xls (※):任意の数字列 | https://www.virustotal.com/#/file/21cc174826ce5e69aa60445f547b94bb0b544c5d66a01063e37abbfdc91a715f/detection | 6a9eda3eb0bfc222ab46725829faaec7 | 21cc174826ce5e69aa60445f547b94bb0b544c5d66a01063e37abbfdc91a715f | hxxps://benistora[.]com/uploads/audio.7z | 5.188.60[.]66 | A97787778AD5F369BEAFD12275B93F3919FAF4BDBD2CF7FC16D002D9AEE43E1D 0a374444049303e5d693bf3de4ec3735de2ab5aa6654229aaa2c95c4257a9508 | https://www.virustotal.com/#/file/a97787778ad5f369beafd12275b93f3919faf4bdbd2cf7fc16d002d9aee43e1d/detection https://www.virustotal.com/#/file/0a374444049303e5d693bf3de4ec3735de2ab5aa6654229aaa2c95c4257a9508/detection | https://www.jc3.or.jp/topics/v_log/201902.html#d20190228 https://www.cc.uec.ac.jp/blogs/news/2019/02/20190228malwaremail.html https://bomccss.hatenablog.jp/entry/2019/03/01/043247 https://app.any.run/tasks/1ed3b74d-6c89-45f0-a64b-a13331845dac ▼参考Tweet https://twitter.com/58_158_177_102/status/1101027107222650880 https://twitter.com/bomccss/status/1101029411229392897 | |
36 | 2019/02/26 | ▼件名①(14種類) 工程表 2/1 【追加】 クレームです。 確認事項とお願い 2月入金の残り RE: 【依頼】 【お願い】 添付用納品書 RE: 【発注分】 2/26 フォロー申請 Re: 再送 御見積書 2/26送り状 送り状番号ご{nnnn} ※nnnnは数字4桁 ▼件名②(2種類) (※)指定請求書 (※)注文書、請書及び請求書のご送付 (※){Re: ,Fwd: , ,Fw: ,RE: , -}のいずれか | 不明 | 添付 | ▼件名①の添付ファイル名 ***_(※)_2019_2_3.xls ▼件名②の添付ファイル名 [2019.2.26]_(※)_(※).xls (※):任意の数字列 ***:任意の英数字 | https://www.virustotal.com/#/file/2143421df567dc0d4c3c364cfc6be9cad3e529c29dd8e57b17d608bcd5246a4d/detection https://www.hybrid-analysis.com/sample/2143421df567dc0d4c3c364cfc6be9cad3e529c29dd8e57b17d608bcd5246a4d/5c74ebdf038838bc34a50f33 https://www.virustotal.com/#/file/71e059ceecb85b737531bd1981f77c95fa10a70cd17ff916d4736ead2eeb94f0/detection | e4261e92a0271d94f3f935b5e14f89c4 5f3c5a1f95d27a4a75d67bb733d26909 | 2143421df567dc0d4c3c364cfc6be9cad3e529c29dd8e57b17d608bcd5246a4d 71e059ceecb85b737531bd1981f77c95fa10a70cd17ff916d4736ead2eeb94f0 | hxxps://ipinfo.io/country →日本環境か確認するためか ▼C2アクセス先 olkerona[.]com mopscat[.]com ▼ステガノグラフィの通信先 ・stage1 hxxps://i.imgur[.]com/96vV0YR.png hxxp://oi65.tinypic[.]com/2z8thcz.jpg ・stage2 hxxps://i.postimg[.]cc/bv5dMcK6/J2.png hxxps://images2.imgbox[.]com/ff/22/6NkpoT2I_o.png | 多数 | ebb3fca571b3611cf9232a9a0210f27ae53ca222a15897282e2c5b5c9b3c9970 | https://www.virustotal.com/#/file/ebb3fca571b3611cf9232a9a0210f27ae53ca222a15897282e2c5b5c9b3c9970/detection https://www.hybrid-analysis.com/sample/ebb3fca571b3611cf9232a9a0210f27ae53ca222a15897282e2c5b5c9b3c9970?environmentId=100 | https://www.jc3.or.jp/topics/v_log/201902.html#d20190226c https://www.jc3.or.jp/topics/v_log/201902.html#d20190226b https://www.cc.uec.ac.jp/blogs/news/2019/02/20190226malwaremail.html https://app.any.run/tasks/5031e30c-dcd4-46d9-bc07-07f9454b9426 https://www.joesandbox.com/analysis/112961/0/html#vba-code https://bomccss.hatenablog.jp/entry/2019/02/27/043123 ▼ステガノグラフィの画像 stage1 https://urlscan.io/result/945574ec-9e70-4f1a-9d00-68ac8eaf6e9f https://urlscan.io/result/1cf48675-4459-408e-a212-0547169249b7 stage2 https://urlscan.io/result/9c808601-b28d-4ecf-be58-cb21a84b61d2 https://urlscan.io/result/67907b99-a5f6-49c7-9ae2-2a90874cfdcd ▼参考Tweet https://twitter.com/58_158_177_102/status/1100300013458997248 https://twitter.com/bomccss/status/1100300406041698304 https://twitter.com/itc_uec/status/1100320876438999041 https://twitter.com/nao_sec/status/1100314158698917888 https://twitter.com/catnap707/status/1100335933033861120 | |
37 | 2019/02/25 2019/02/26 2019/02/27 | Satoshi Tsumabuki! Takeru Sato! Haruma Miura! Miki Imai! Emi Hinouchi! Jin Akanishi! Takeshi Kitano! ※(日本の有名人の名前)! ※件名は140種類 | 不明 | 添付 | PIC(※)-jpg.ZIP PIC(※)-jpg.js (※)任意の数字列 | https://www.virustotal.com/#/file/ace25dd23f7279d9d85104105299ee521e4b47a90bd02b03d87d1e8b243cf89e/detection https://www.hybrid-analysis.com/sample/281abb96271ec6deb985352bb61d4e892dd0226330146fe200570f283ab19788?environmentId=120 | b52f53f6f9e1566b0032cda886c0bdd2 | ace25dd23f7279d9d85104105299ee521e4b47a90bd02b03d87d1e8b243cf89e 6d430589f311abf2cb1c2a7a38e82f002ae16df03672bca9b7a3598e58db3464 | hxxp://92.63.197[.]153/test.exe ▼2月28日設置 hxxp://92.63.197.153/2[.]exe | 92.63.197[.]153 | eda25a1bf559550dfd0b36c8e22f43e910486199149258ff34a0ebbd7bf56b17 b8327b87c89f3a42d0f36b2a12a7957868efaca25af5b5f8af85b387c425787d 243e3a984dd9734172d317c949479a75d3e962fb608cd44adaddd2ad59c6a311 28c2e4b1b800f869e7264553cc2e3e5666f88dc23e32a196e6a2e81096303b0c ▼2月28日設置 2[.]exe c225e260cda5f832cca97b6592c923cb65444213986fdac34451b1953c8bb872 | https://www.virustotal.com/#/file/eda25a1bf559550dfd0b36c8e22f43e910486199149258ff34a0ebbd7bf56b17/detection https://www.hybrid-analysis.com/sample/eda25a1bf559550dfd0b36c8e22f43e910486199149258ff34a0ebbd7bf56b17?environmentId=100 https://www.virustotal.com/#/file/b8327b87c89f3a42d0f36b2a12a7957868efaca25af5b5f8af85b387c425787d/detection https://www.virustotal.com/#/file/28c2e4b1b800f869e7264553cc2e3e5666f88dc23e32a196e6a2e81096303b0c/detection https://www.virustotal.com/#/file/243e3a984dd9734172d317c949479a75d3e962fb608cd44adaddd2ad59c6a311/detection ▼2月28日設置 2[.]exe https://www.virustotal.com/#/file/c225e260cda5f832cca97b6592c923cb65444213986fdac34451b1953c8bb872/detection | ※ランサムウェアGandCrab v5.2に感染させるようになっている https://www.joesandbox.com/analysis/112473/0/html https://app.any.run/tasks/caa2ad26-1a6a-4ff4-8d64-e2cfc8ffd6c5 https://app.any.run/tasks/d49ed4bf-2a87-4a33-9bcb-db757ff543a0 https://app.any.run/tasks/92bfde8d-f182-4375-80f7-2f9477a2c11a https://bomccss.hatenablog.jp/entry/2019/02/27/042405 ▼参考Tweet https://twitter.com/nao_sec/status/1099834030277636096 https://twitter.com/PINKSAWTOOTH/status/1099903037944938498 https://twitter.com/bomccss/status/1099841150582546432 https://twitter.com/abel1ma/status/1099841823353200640 https://twitter.com/catnap707/status/1099856403164889090 https://twitter.com/harugasumi/status/1099917637117591552 | |
38 | 2019/02/20 | Fw: Re: 添付ファイル このメールにはファイルを1件、添付しています 添付がコストです 【追加②】 回答: | 不明 | 添付 | 20190220(※)_(※)_書類.XLS (※)-(※)-20190220送付.xls Book(※).xls (※)任意の数字列 | https://www.virustotal.com/#/file/f143b542976786ffc045f3d8647bea4d0e480998d9a9f64452c5c839a0050a00/detection https://www.hybrid-analysis.com/sample/f143b542976786ffc045f3d8647bea4d0e480998d9a9f64452c5c839a0050a00?environmentId=100 https://www.virustotal.com/#/file/12bb1efaf22b0ebe0e9a203d6486f52c67c27fd151bb6cc92edc778b362e50d1/details https://www.hybrid-analysis.com/sample/12bb1efaf22b0ebe0e9a203d6486f52c67c27fd151bb6cc92edc778b362e50d1?environmentId=100 https://www.virustotal.com/#/file/7af5179363279d2907ebb4f08424985acb3fe7e52cc78291848dd0597f4aff65/detection https://www.hybrid-analysis.com/sample/7af5179363279d2907ebb4f08424985acb3fe7e52cc78291848dd0597f4aff65?environmentId=100 | af5972b35f87c7a458289f24dedd13c8 3808b2905a4f6abef12b7ce8a24e5c27 5993bab18e97b76ba5b3285c4124a87c | f143b542976786ffc045f3d8647bea4d0e480998d9a9f64452c5c839a0050a00 12bb1efaf22b0ebe0e9a203d6486f52c67c27fd151bb6cc92edc778b362e50d1 7af5179363279d2907ebb4f08424985acb3fe7e52cc78291848dd0597f4aff65 | hxxps://gamidron[.]com/StreamGame.rar hxxp://conesdarz[.]com/uploads/amadeus.zip hxxp://vedrunaccff[.]org/img/sm/Save.rar hxxps://papirson[.]com | 多数 | 4dc9adb9e4928db316f26238459d473d76a9914312eb2faff635da786015bc37 | https://www.virustotal.com/#/file/4dc9adb9e4928db316f26238459d473d76a9914312eb2faff635da786015bc37/detection https://www.hybrid-analysis.com/sample/4dc9adb9e4928db316f26238459d473d76a9914312eb2faff635da786015bc37?environmentId=100 | https://www.jc3.or.jp/topics/v_log/201902.html#d20190220 https://www.cc.uec.ac.jp/blogs/news/2019/02/20190220malwaremail.html https://bomccss.hatenablog.jp/entry/2019/02/27/040618 https://www.joesandbox.com/analysis/84379 https://app.any.run/tasks/e7d00595-f3de-4548-ad6c-b90e741cce87 ※マクロ内で、日本語環境かどうかをチェックしている ▼参考Tweet https://twitter.com/catnap707/status/1098144767831990272 https://twitter.com/catnap707/status/1098146491586105344 https://twitter.com/bomccss/status/1098147141342511105 https://twitter.com/bomccss/status/1098153086533554176 https://twitter.com/nao_sec/status/1098200474627371008 | |
39 | 2019/02/20 | 紙看板送付の件 | 不明 | 添付 | (※)_(※)_20190219.XLS (※)_(※)_20190219.doc (※)任意の数字列 | https://www.virustotal.com/#/file/6a7eb9a166510e72912e6b90a80f77b914a76aa9e2507d0e5472bcba036fc368/detection https://www.hybrid-analysis.com/sample/6a7eb9a166510e72912e6b90a80f77b914a76aa9e2507d0e5472bcba036fc368?environmentId=100 https://www.virustotal.com/#/file/cdcf99a113bb8c8a911c6dc95bb478bae22776d28eb9fda3ed30ca547a8c5920/detection https://www.hybrid-analysis.com/sample/cdcf99a113bb8c8a911c6dc95bb478bae22776d28eb9fda3ed30ca547a8c5920?environmentId=100 https://www.virustotal.com/#/file/f54cbb5ec9b44f825ece3c7e14f3591062228078346580bcea39fd5a04bcc40a/detection https://www.hybrid-analysis.com/sample/f54cbb5ec9b44f825ece3c7e14f3591062228078346580bcea39fd5a04bcc40a?environmentId=100 | d490573977cc6b42ba0b4325df953a7f 89d68b7c2ac984730dd8039c6ffc1b84 4CC5DE3D2BDDD7C89311FCCF3D1B51D9 | 6a7eb9a166510e72912e6b90a80f77b914a76aa9e2507d0e5472bcba036fc368 cdcf99a113bb8c8a911c6dc95bb478bae22776d28eb9fda3ed30ca547a8c5920 f54cbb5ec9b44f825ece3c7e14f3591062228078346580bcea39fd5a04bcc40a | hxxp://213.183.63[.]242/control hxxp://195.123.209[.]169/control | 213.183.63[.]242 195.123.209[.]169 | 84259a3c6fd62a61f010f972db97eee69a724020af39d53c9ed1e9ecefc4b6b6 6926aca37c180f7a0fd1c829ccb472ec2bad494f28b0c58d20e51b8c6630e2eb | https://www.virustotal.com/#/file/84259a3c6fd62a61f010f972db97eee69a724020af39d53c9ed1e9ecefc4b6b6/detection https://www.hybrid-analysis.com/sample/84259a3c6fd62a61f010f972db97eee69a724020af39d53c9ed1e9ecefc4b6b6?environmentId=100 https://www.virustotal.com/#/file/6926aca37c180f7a0fd1c829ccb472ec2bad494f28b0c58d20e51b8c6630e2eb/detection https://www.hybrid-analysis.com/sample/6926aca37c180f7a0fd1c829ccb472ec2bad494f28b0c58d20e51b8c6630e2eb/5c6cae257ca3e113f36a92a6 | https://bomccss.hatenablog.jp/entry/2019/02/27/035938 ※RATの『FlawedAmmyy』に感染させるばらまきメール https://app.any.run/tasks/5ceab4a0-5621-4232-814a-af3a15558ba1 https://app.any.run/tasks/3088f233-146f-4ff1-b2cc-2df846d6bdf5 https://app.any.run/tasks/4b12aa2d-ff90-4ef1-aa78-58f73d79704e ▼参考Tweet https://twitter.com/58_158_177_102/status/1098021344954920960 https://twitter.com/bomccss/status/1098026847399424005 https://twitter.com/James_inthe_box/status/1098027007772749824 https://twitter.com/James_inthe_box/status/1098034657998692352 | |
40 | 2019/02/18 | 20190218 2/18送り状No. 修正版 出荷明細添付 紙看板送付の件 券類発注書 (修正依頼) 2月分 発注分 追加 | 不明 | 添付 | (※)_2019年2月18.xls (※)_(※)_20190218.XLS (※)任意の数字列 | https://www.virustotal.com/#/file/75a46329eed0e0a2948f4c5e35a3fda1e0f3a23d059ba019de33c654ff0e84fa/detection https://www.hybrid-analysis.com/sample/75a46329eed0e0a2948f4c5e35a3fda1e0f3a23d059ba019de33c654ff0e84fa?environmentId=100 https://www.virustotal.com/#/file/6602f118eea649f863e5662671686a3ae5e1067e1c1bcbed829d7ba8ab3390f6/detection | c909568a2dce7a3214a6f2e131a74f9c a9dca658ba431a4123be8aa3f13284bc | 75a46329eed0e0a2948f4c5e35a3fda1e0f3a23d059ba019de33c654ff0e84fa 6602f118eea649f863e5662671686a3ae5e1067e1c1bcbed829d7ba8ab3390f6 | ▼C2アクセス先 panisdar[.]com papirson[.]com ▼ステガノグラフィの通信先 ・stage 1 hxxp://imagehosting[.]biz/images/2019/02/14/in1.png hxxp://images2.imagebam[.]com/f1/b1/50/dd7e561126561184.png hxxps://mger[.]co/img/w84vm.png hxxps://images2.imgbox[.]com/34/60/1Zc8BevK_o.png ・stage 2 hxxp://oi68.tinypic[.]com/2saxhrc.jpg hxxps://thumbsnap[.]com/i/aqiAmg1b.png?0214 hxxps://i.postimg[.]cc/0jFwGVb3/l1.png | 多数 | ▼bebloh d58b12393ade4f51e6917af9dcd1a032e17adf5933fc886be314ef094717ce02 ▼ursnif c797fa74ffc33103b9b5db3d5010d7926231afc49beb5d1e61f8a29723a7d142 | https://www.virustotal.com/#/file/d58b12393ade4f51e6917af9dcd1a032e17adf5933fc886be314ef094717ce02/detection https://www.hybrid-analysis.com/sample/d58b12393ade4f51e6917af9dcd1a032e17adf5933fc886be314ef094717ce02?environmentId=100 https://www.virustotal.com/#/file/c797fa74ffc33103b9b5db3d5010d7926231afc49beb5d1e61f8a29723a7d142/detection https://www.hybrid-analysis.com/sample/c797fa74ffc33103b9b5db3d5010d7926231afc49beb5d1e61f8a29723a7d142?environmentId=100 | https://www.jc3.or.jp/topics/v_log/201902.html#d20190218b https://www.jc3.or.jp/topics/v_log/201902.html#d20190219 https://www.cc.uec.ac.jp/blogs/news/2019/02/20190218malwaremail.html ▼ステガノグラフィの画像 stage1 https://urlscan.io/result/d13a477a-f629-4fe1-b3e0-61b255c61cfc/ https://urlscan.io/result/bffa0748-39ce-47dd-9542-9b6f0d0cbe60 https://urlscan.io/result/a5fa3c70-9edf-4811-ac01-d2e9132c1032 https://urlscan.io/result/c4950f58-e28d-4b5e-bd97-8f7197ddc341 stage2 https://urlscan.io/result/9741c9b2-10b7-49d7-8975-dc958a2703ef https://urlscan.io/result/44d88fbb-74c5-4c98-a920-86d4cb74aaed https://urlscan.io/result/91fc8153-67c2-49ae-bc9b-13b803084707 ▼参考Tweet https://twitter.com/bomccss/status/1097424433143111682 https://twitter.com/58_158_177_102/status/1097427635959824384 https://twitter.com/nao_sec/status/1097464661094522883 https://bomccss.hatenablog.jp/entry/2019/02/19/041553 | |
41 | 2019/02/14 | [宛先の社名 名前]様 Bill from [社名支店名 姓係長]殿 | 不明 | 添付 | ▼ファイル名(一部) eINVOICE_02142019(※).doc eform_02_14_19(※).doc eFILE_02142019(※).doc eInvoice_02_14_(※).doc eInvoice_02142019(※).doc eFile_02_14_19(※).doc eINVOICE_20190214(※).doc (※)任意の数字列 | https://www.virustotal.com/#/file/e6b79db99b399198a61b836acb552f49c58e491bebda5dc7125d2a3f8b798f1f/detection https://www.virustotal.com/#/file/646a4bfb639145a8babab15ee88b8ff1744e68dbbc59f9085d4e2321171873de/detection https://www.hybrid-analysis.com/sample/646a4bfb639145a8babab15ee88b8ff1744e68dbbc59f9085d4e2321171873de/5c64c69c7ca3e115683c8dc6 | e1606adcd91f2aec847f92544baf796d 5f70799017049196c8cd2b759b1f7f70 | e6b79db99b399198a61b836acb552f49c58e491bebda5dc7125d2a3f8b798f1f 646a4bfb639145a8babab15ee88b8ff1744e68dbbc59f9085d4e2321171873de | hxxp://gardenstrutturelegno[.]com/pafgY1kbyB hxxp://mhoment[.]com/LM20Ymp hxxp://extrashades[.]com/CfK0g0aQ4r hxxp://gandharaminerals[.]com/4J2ko2vsYO hxxp://baovevietnamtoancau[.]com/wp-admin/includes/uZ8bAUa52 | 多数 | 682b02b1f671242aef2744368015828cb0347f153c142e15da57ae01e3b4594a 61650df93fbe5a6b74b7abdf31fc96e3b7b30cdb70fccadf157af308233999ed | https://www.virustotal.com/#/file/682b02b1f671242aef2744368015828cb0347f153c142e15da57ae01e3b4594a/detection https://www.virustotal.com/#/file/61650df93fbe5a6b74b7abdf31fc96e3b7b30cdb70fccadf157af308233999ed/detection | ※emotetに感染させるばらまきメール(ばらまき範囲は限定されている模様) https://app.any.run/tasks/cb88a0b0-fd60-4ee8-8015-e5d37321f016 https://pastebin.com/PCNs3acd ▼参考Tweet https://twitter.com/58_158_177_102/status/1095912805574705152 https://twitter.com/papa_anniekey/status/1095920620469022721 | |
42 | 2019/02/11 | 営業 Re: 2月度 請求書 御見積書 請求書送付 営業 Fwd: Re: | 不明 | 添付 | 2019200(※).XLS (※)任意の数字列 | https://www.virustotal.com/#/file/964e9563a9cdcc8f99eb483f435fce2cfb97ac50cbd964cf6bc4ab93d42836fc/detection https://www.hybrid-analysis.com/sample/964e9563a9cdcc8f99eb483f435fce2cfb97ac50cbd964cf6bc4ab93d42836fc?environmentId=100 | f5b63206a07c8dd9b24c931ea5124212 | 964e9563a9cdcc8f99eb483f435fce2cfb97ac50cbd964cf6bc4ab93d42836fc | ▼bebloh(DL先) mimertonus[.]com ▼ursnif(DL先) opratony[.]com takerdown[.]com ▼ステガノグラフィの通信先 ・stage 1 hxxps://images2.imgbox[.]com/4e/0f/W29InkAb_o.png hxxps://i.imgur[.]com/55yIfKO.png ・stage 2 hxxps://images2.imgbox[.]com/b7/eb/6birmlgd_o.png hxxps://i.imgur[.]com/oHDtTtY.png ・stage 3 hxxp://5.188.231[.]206/uploads/orbit.mp4 | ▼bebloh(DL先) 5.188.231[.]206 ▼ursnif(DL先) 5.8.88[.]125 | ▼bebloh f16d99ed7cb068d119c1c7cf2bf3219f4bfdf3d1ea84f444fbf54d1e231661fb | https://www.virustotal.com/#/file/f16d99ed7cb068d119c1c7cf2bf3219f4bfdf3d1ea84f444fbf54d1e231661fb/detection https://www.hybrid-analysis.com/sample/f16d99ed7cb068d119c1c7cf2bf3219f4bfdf3d1ea84f444fbf54d1e231661fb?environmentId=100 | https://www.jc3.or.jp/topics/v_log/201902.html#d20190212 ▼ステガノグラフィの画像 ・stage 1 https://urlscan.io/result/e872d5ad-ba60-47d4-889e-b8a896e52afd https://urlscan.io/result/4f0e6e13-e27b-41ff-a19a-1dd057d00029 ・stage 2 https://urlscan.io/result/c32db31b-b38e-46e8-95c4-6f1686787fa8 https://urlscan.io/result/91289ae7-9e2c-4126-af96-fa8951ae77b6 ▼参考Tweet https://twitter.com/harugasumi/status/1094928164776624129 https://twitter.com/SugitaMuchi/status/1094943906427355136 https://twitter.com/nao_sec/status/1094953523219812354 https://twitter.com/AES256bit/status/1094984951273934848 https://twitter.com/bomccss/status/1094992378451046407 | |
43 | 2019/01/29、2019/01/31、2019/02/01 | :) :-) :* :-* ;) ;-) :D ;D Aya Ueto ;) Ayumi Hamasaki ;) Erika Sawajiri ;) Erika Toda ;) Hikaru Utada ;) Kyary Pamyu Pamyu ;) Kyoko Fukada ;) Maki Horikita ;) Misia ;) Namie Amuro ;) Nozomi Sasaki ;) Sheena Ringo ;) Yui Aragaki ;) Yuriko Yoshitaka ;) Do you like it? Do you like my photo? I love you! Just for you Keep it private! Love My photo My photo for you Our photo Photo of us Seen this photo? Take a look please You are my love Your opinion needed | 不明 | 添付 | PIC(※)2019-jpg.ZIP PIC(※)2019-jpg.js (※)任意の数字列 | https://www.virustotal.com/#/file/14d46aa43b911d005c8a905c1522630705d3da8bcf31b499cf289f765aa26c8d/detection https://www.hybrid-analysis.com/sample/9f076f33fa18ea7d27f0363652913ec84e2608a80a6af0842f67255409f4ae84?environmentId=100 | 4e078a8c2199250a98c8d81c185e8e0a | 14d46aa43b911d005c8a905c1522630705d3da8bcf31b499cf289f765aa26c8d | ▼ステータスコード:200 hxxp://92.63.197[.]153/krabler[.]exe hxxp://92.63.197[.]153/m/1[.]exe ▼ステータスコード:404 hxxp://92.63.197[.]153/m/2[.]exe hxxp://92.63.197[.]153/m/3[.]exe hxxp://92.63.197[.]153/m/4[.]exe hxxp://92.63.197[.]153/m/5[.]exe | 92.63.197[.]153 | ▼krabler.exe 743ff0555abe373292ad934ca945ecd46c9ae51071ecf161398c6403050221cd ▼1.exe 67054a687c4536a0f2a67c8a811923fb6dec67380876d6e8024b1c2dd640af0c | ▼krabler.exe https://www.virustotal.com/#/file/743ff0555abe373292ad934ca945ecd46c9ae51071ecf161398c6403050221cd/detection ▼1.exe https://www.virustotal.com/#/file/67054a687c4536a0f2a67c8a811923fb6dec67380876d6e8024b1c2dd640af0c/detection | ※ランサムウェアGandCrab v5.1に感染させるようになっている https://app.any.run/tasks/2aa27516-67f5-4198-880f-6460cb2be4e3 https://app.any.run/tasks/a9276d4f-0417-44c0-8a20-805a9ebea950 ▼参考Tweet https://twitter.com/abel1ma/status/1090041465575632896 | |
44 | 2019/01/28 | :) :* :-) :-* :D ;) ;* ;-) ;D Aya Ueto ;) Ayumi Hamasaki ;) Erika Sawajiri ;) Erika Toda ;) Hikaru Utada ;) Kyary Pamyu Pamyu ;) Kyoko Fukada ;) Maki Horikita ;) Misia ;) Namie Amuro ;) Nozomi Sasaki ;) Sheena Ringo ;) Yui Aragaki ;) Yuriko Yoshitaka ;) | 不明 | 添付 | PIC(※)2019-jpg.ZIP PIC(※)2019-jpg.js (※)任意の数字列 | https://www.virustotal.com/#/file/c347268dc766613ac50c191098ea4a3c8779524f809c6253c77a94556922a6e7/detection https://www.virustotal.com/#/file/1d279dcce0be6f05181902a59ede5af299d763cbb20d366cdbaaded918ae5cb1/detection https://www.hybrid-analysis.com/sample/1d279dcce0be6f05181902a59ede5af299d763cbb20d366cdbaaded918ae5cb1?environmentId=100 | 58f77ea1df6f2a45ff63c26b44fada84 d8e86ebf16014abd8bc39a87c80d7ae4 | c347268dc766613ac50c191098ea4a3c8779524f809c6253c77a94556922a6e7 1d279dcce0be6f05181902a59ede5af299d763cbb20d366cdbaaded918ae5cb1 | ▼ステータスコード:200 hxxp://92.63.197[.]153/blowjob[.]exe hxxp://92.63.197[.]153/krabler[.]exe hxxp://92.63.197[.]153/m/1[.]exe ▼ステータスコード:404 hxxp://92.63.197[.]153/m/2[.]exe hxxp://92.63.197[.]153/m/3[.]exe hxxp://92.63.197[.]153/m/4[.]exe hxxp://92.63.197[.]153/m/5[.]exe | 92.63.197[.]153 | ▼krabler.exe or blowjob.exe 743ff0555abe373292ad934ca945ecd46c9ae51071ecf161398c6403050221cd ▼1.exe 67054a687c4536a0f2a67c8a811923fb6dec67380876d6e8024b1c2dd640af0c | ▼krabler.exe or blowjob.exe https://www.virustotal.com/#/file/743ff0555abe373292ad934ca945ecd46c9ae51071ecf161398c6403050221cd/detection ▼1.exe https://www.virustotal.com/#/file/67054a687c4536a0f2a67c8a811923fb6dec67380876d6e8024b1c2dd640af0c/detection | ※ランサムウェアGandCrab v5.1に感染させるようになっている https://app.any.run/tasks/5d1d3f37-4341-40ef-b039-f1b6aa155cfe https://app.any.run/tasks/d017550a-9212-422a-bcfe-2860fa470f62 ▼参考Tweet https://twitter.com/harugasumi/status/1089793484632911872 https://twitter.com/58_158_177_102/status/1089804375147466753 https://twitter.com/abel1ma/status/1089809468005777408 | |
45 | 2019/01/27 2019/01/28 | :-* :* ;* ;) :) :-) ;-) :D ;D | 不明 | 添付 | PIC(※)2019-jpg.ZIP PIC(※)2019-jpg.js (※)任意の数字列 | https://www.virustotal.com/#/file/9f7bf148b50068d4ff6b92a99c843faa9716909c1d36a7cd537c30e82b115e96/detection https://www.virustotal.com/#/file/4cebbe7197d8846ede810af1cc2fb4d705be2e1a5cd9f5a761900994043d2394/detection https://www.virustotal.com/#/file/58477292be73eb6b785b24f80ad4c5f9d183f55db0cbd5b34c38b53480e2b627/detection https://www.hybrid-analysis.com/sample/810fb8ef49fb30fb38db39d81a0ee7ca1620ee3980ae7b7bb1673654731391ca?environmentId=100 https://www.virustotal.com/#/file/bdd0825fd6d04778ec393895d0feea426ccfa5f96ad2a0fbf1025d178911eac5/detection https://www.virustotal.com/#/file/621a79f25c3a5be64511b97c9a84fb10cfaa6d20a5eb9eddb1e8b76f2a9aec7d/detection https://www.hybrid-analysis.com/sample/24a686e6bda50706d7e010c8ecd4a5af006bc2b8a74095ccd0ca3925dd879b1b?environmentId=100 https://www.virustotal.com/#/file/c85f7db7fc2249be0e6e7fa4da0eca1269363a35d20fdc40f55ef06c74ac0e1b/detection | a302ac9d7b59b4a30d10d3f62fb0c12d 43344cce6500eb1f666bfe83ca7f3876 2bd578e9c6d10ec1f3930e0cfe290771 4cf96419578e1c538ccbc72aa1489382 185f1c9c309e3c9cd2e45e5cf4a32b79 | 9f7bf148b50068d4ff6b92a99c843faa9716909c1d36a7cd537c30e82b115e96 4cebbe7197d8846ede810af1cc2fb4d705be2e1a5cd9f5a761900994043d2394 58477292be73eb6b785b24f80ad4c5f9d183f55db0cbd5b34c38b53480e2b627 bdd0825fd6d04778ec393895d0feea426ccfa5f96ad2a0fbf1025d178911eac5 621a79f25c3a5be64511b97c9a84fb10cfaa6d20a5eb9eddb1e8b76f2a9aec7d 24a686e6bda50706d7e010c8ecd4a5af006bc2b8a74095ccd0ca3925dd879b1b c85f7db7fc2249be0e6e7fa4da0eca1269363a35d20fdc40f55ef06c74ac0e1b | ▼ステータスコード:200 hxxp://92.63.197[.]153/blowjob[.]exe hxxp://92.63.197[.]153/m/1[.]exe ▼ステータスコード:404 hxxp://92.63.197[.]153/m/2[.]exe hxxp://92.63.197[.]153/m/3[.]exe hxxp://92.63.197[.]153/m/4[.]exe hxxp://92.63.197[.]153/m/5[.]exe | 92.63.197[.]153 | ▼blowjob[.]exe ① 711a691cb3dbc151c34dfb05c72670ce724f97aeb28375777430cc16e784b72a ② dffc26736e57470e4c56e4adf3f0425080c43a136d0dd72c22075fde3efd2239 ▼1.exe ① 3ea16fdf81960c5bd56902d4ea7dd448fd07d6a6a56dd8ad8a234bad6209439c ② be0c8cdc1937d05242c672e3e61097dd1b48466839ac0a64e883d159a8df7343 ▼2.exe 9e3dad9d075c73dc68d76bdfee5a2400bb8da07094c1059544b434177a8789f0 | ▼blowjob[.]exe ① https://www.virustotal.com/#/file/711a691cb3dbc151c34dfb05c72670ce724f97aeb28375777430cc16e784b72a/detection https://www.hybrid-analysis.com/sample/711a691cb3dbc151c34dfb05c72670ce724f97aeb28375777430cc16e784b72a?environmentId=100 ② https://www.virustotal.com/#/file/dffc26736e57470e4c56e4adf3f0425080c43a136d0dd72c22075fde3efd2239/detection ▼1.exe ① https://www.virustotal.com/#/file/3ea16fdf81960c5bd56902d4ea7dd448fd07d6a6a56dd8ad8a234bad6209439c/detection https://www.hybrid-analysis.com/sample/3ea16fdf81960c5bd56902d4ea7dd448fd07d6a6a56dd8ad8a234bad6209439c?environmentId=100 ② https://www.virustotal.com/#/file/be0c8cdc1937d05242c672e3e61097dd1b48466839ac0a64e883d159a8df7343/detection ▼2.exe https://www.virustotal.com/#/url/33fa462592b309ad2a084dcf7697d8734dce3c70e8be078a8b1c5bf2496a5a22/detection https://www.virustotal.com/#/file/9e3dad9d075c73dc68d76bdfee5a2400bb8da07094c1059544b434177a8789f0/detection | ※ランサムウェアGandCrab v5.1に感染させるようになっている https://app.any.run/tasks/e81176d8-88fa-44f4-b13e-9eb32b765e0c https://app.any.run/tasks/fd860015-0b03-44fb-8610-f327773af6dd https://app.any.run/tasks/4a2eb51f-8489-4200-a727-d7f16eeeefc9 https://app.any.run/tasks/d1a4563a-697b-4f51-9af2-b3429893a96e ▼参考Tweet https://twitter.com/abel1ma/status/1089498324586000389 https://twitter.com/harugasumi/status/1089502626721349633 https://twitter.com/nao_sec/status/1089509737115217921 https://twitter.com/abel1ma/status/1089651175681445888 https://twitter.com/harugasumi/status/1089735448811851776 | |
46 | 2019/01/24 | 依頼 FW: 2日受注数 出資金請求書(2019年1月24日) RE: 20190124 FW: 2019注文 添付資料 | 不明 | 添付 | 20190124 D O C(※).XLS (※)任意の数字列 | https://www.virustotal.com/#/file/ed6701b3be01b5529db4e8196fa6351aa859655ee4c01ea8f67cc8d781424811/detection https://www.hybrid-analysis.com/sample/ed6701b3be01b5529db4e8196fa6351aa859655ee4c01ea8f67cc8d781424811?environmentId=100 | d71eaf0ad33a749b8fe3fb8dff56a474 | ed6701b3be01b5529db4e8196fa6351aa859655ee4c01ea8f67cc8d781424811 | i.imgur[.]com ropitana[.]com ▼ステガノグラフィの通信先 hxxps://i.imgur.com/ar2vFoS.png hxxps://images2.imgbox.com/f1/52/9dGwQ4Mn_o.png hxxps://i.postimg.cc/wgRWyQPd/MAIN2.png?dl=1 hxxps://image.frl/i/4sc06pucz57ewtzd.png hxxps://i.imgur.com/9Tf1m5c.png hxxps://images2.imgbox.com/2e/65/qGCb0Rja_o.png hxxps://i.postimg.cc/dwc1cP5D/doctor.png | 多数 | ▼bebloh情報 e57e81cf3859d6bd6b08c10a8a1492d3ccd758e4b8a0ca69e6f51d95f717d490 | ▼bebloh情報 https://www.virustotal.com/#/file/e57e81cf3859d6bd6b08c10a8a1492d3ccd758e4b8a0ca69e6f51d95f717d490/detection https://www.hybrid-analysis.com/sample/e57e81cf3859d6bd6b08c10a8a1492d3ccd758e4b8a0ca69e6f51d95f717d490?environmentId=100 | https://www.jc3.or.jp/topics/v_log/201901.html#d20190124b ▼ステガノグラフィの通信先をhttp://URLscan.io で見た結果 https://urlscan.io/result/a5183159-a324-4746-ab19-c55ef9183b5a https://urlscan.io/result/77abb29a-f952-438c-a9f1-b501e7c4035d https://urlscan.io/result/3d367491-55b9-4dc0-b252-3584abfd57a8 https://urlscan.io/result/b99aae8c-3a9a-47fa-9774-3a24e9771d27 https://urlscan.io/result/c96fc219-9849-4437-a988-96654d5e4950 https://urlscan.io/result/fb8a868d-0e11-4d79-b6f8-877140889f4a https://urlscan.io/result/9ebe116c-de21-4dc2-9ea9-f72acee4a169 ※本件の不審な添付ファイル「20190124 D O C(※).XLS (※)任意の数字列」では、日本語環境かの確認するコードが含まれているようです ⇒If digitt = 81 Then VisualSheet1 Else Application.Quit ▼参考Tweet https://twitter.com/nao_sec/status/1088406707863052298 https://twitter.com/bomccss/status/1088480913896292352 https://twitter.com/harugasumi/status/1088559195723489281 | |
47 | 2019/01/17 | 8-) 8) :-D :D :-) ;-) :) ;) :* | 不明 | 添付 | Love_You_(※)-2019-txt.zip Love_You_(※)-2019-txt.js (※)任意の数字列 | https://www.hybrid-analysis.com/sample/f5729d5b524472f2417d720e1781f705caf93458faf8d23d0ec9d35047ce3088?environmentId=100 https://www.hybrid-analysis.com/sample/21c3d4edd18719ef01eed7065e8f4b202e388a7a85a03e2ba97c9146ee5db2fc?environmentId=100 https://www.virustotal.com/#/file/8783b952147fef067e346decc7c5c62f40c44572a33cbec1f390c1e6d4430669/detection https://www.virustotal.com/#/file/236e901054e36dc47841a79dc9ad2437c54f542ead911a7a7282a833092064c8/detection | 5A59E6714F9D775B7DCDCFB9E7A3092C | E99B5D48331B835FA68E0B07B1DEBBDAD1EED39BF2353CE3365B9166BB861151 f5729d5b524472f2417d720e1781f705caf93458faf8d23d0ec9d35047ce3088 0b056a05bdfa6c62c5ddb73eb0af29ecf74fd2b3e2e8a41b13ee84f21102060a 8783b952147fef067e346decc7c5c62f40c44572a33cbec1f390c1e6d4430669 236e901054e36dc47841a79dc9ad2437c54f542ead911a7a7282a833092064c8 | ▼ステータスコード:200 hxxp://92.63.197[.]153/mcdonalds[.]exe hxxp://92.63.197[.]153/s/1[.]exe ▼ステータスコード:404 hxxp://92.63.197[.]153/s/2[.]exe hxxp://92.63.197[.]153/s/3[.]exe hxxp://92.63.197[.]153/s/4[.]exe hxxp://92.63.197[.]153/s/5[.]exe | 92.63.197[.]153 | ▼mcdonalds[.]exe 5df55a2d3f688735e0d530a7639dadac3817d4b3f2972276fb3b046d381a9121 ▼1.exe 39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9 ▼2.exe b507c6a07942e83dfec2bd3c272481128d5f5facb4d8eddeaa23f35b3ecc3c16 | ▼mcdonalds[.]exe https://www.virustotal.com/#/file/5df55a2d3f688735e0d530a7639dadac3817d4b3f2972276fb3b046d381a9121/detection https://www.hybrid-analysis.com/sample/5df55a2d3f688735e0d530a7639dadac3817d4b3f2972276fb3b046d381a9121?environmentId=100 ▼1.exe https://www.virustotal.com/#/file/39514226b71aebbe775aa14627c716973282cba201532df3f820a209d87f6df9/detection ▼2.exe https://www.virustotal.com/#/file/b507c6a07942e83dfec2bd3c272481128d5f5facb4d8eddeaa23f35b3ecc3c16/detection | ※ランサムウェアGandCrab v5.1に感染させるようになっている https://app.any.run/tasks/1d01c6ef-a17f-49ce-8401-3fff614d82cd https://app.any.run/tasks/4eaadfa4-5081-4f4d-bbb2-5cdbaa657ab3 https://app.any.run/tasks/251e70c6-d973-47a4-8f37-eb7853fcf7c8 | |
48 | 2019/01/13 | 8-) :-D :D :-) ;-) :) ;) :* Always thinking about you Felt in love with you! I love you Just for you! My letter just for you Please read and reply This is my love letter to you Wrote my thoughts down about you Wrote the fantasy about us down Wrote this letter for you You are my love! | 不明 | 添付 | Love_You_(※)-2019-txt.zip Love_You_(※)-2019-txt.js (※)任意の数字列 | https://www.virustotal.com/#/file/6fed2f4abda948a7dc6d74628e80d76d82a7930b0b1f2e64e40e91a3c3662512/detection https://www.virustotal.com/#/file/cfee2ec27f0344f709f20fa97e47501744c3567329e6b3fd3f2ed8cf12eae977/detection https://www.hybrid-analysis.com/sample/cfee2ec27f0344f709f20fa97e47501744c3567329e6b3fd3f2ed8cf12eae977?environmentId=100 https://www.virustotal.com/#/file/889ab15765126594f3c3e6fddb0f3a3df78bc57fc0a475b11f7fb96539274735/detection https://www.hybrid-analysis.com/sample/3846f9d0de41be599b63169bdddb53b3e7c61357317d1ca56ba1561b5d2feaf1?environmentId=100 | 6b3e4e3bcf927a24f639817708ff3102 58dd99c79b52b0aaf7541a1c6ab8142d 71176dfd3665e803ec2842cfb30b38f6 | cfee2ec27f0344f709f20fa97e47501744c3567329e6b3fd3f2ed8cf12eae977 889ab15765126594f3c3e6fddb0f3a3df78bc57fc0a475b11f7fb96539274735 6fed2f4abda948a7dc6d74628e80d76d82a7930b0b1f2e64e40e91a3c3662512 | hxxp://slpsrgpsrhojifdij[.]ru/krablin[.]exe hxxp://92.63.197[.]60/m/sexy[.]exe hxxp://92.63.197[.]48/3[.]exe | 92.63.197[.]48 185.46.212[.]88 92.63.197[.]60 | 4c0103c745fa6e173821035c304863d751bea9c073d19070d9ebf8685da95040 | ▼krablin[.]exe https://www.virustotal.com/#/file/4c0103c745fa6e173821035c304863d751bea9c073d19070d9ebf8685da95040/detection https://www.hybrid-analysis.com/sample/4c0103c745fa6e173821035c304863d751bea9c073d19070d9ebf8685da95040 ▼3.exe https://www.virustotal.com/#/file/09c0cf2355dc74e8f864f8186554fc227acf03c9f7f686acf5bfcfba3241bb34/detection https://www.hybrid-analysis.com/sample/09c0cf2355dc74e8f864f8186554fc227acf03c9f7f686acf5bfcfba3241bb34/5c3af1b07ca3e16f8e6a90a1 | ※今回から件名に『8-)』が追加 ※ペイロードのダウンロード元が前回等と異なる検体がばらまかれている(sexy.exe) | |
49 | 2019/01/11 | :* :) :-) :D :-D ;) ;-) Always thinking about you Felt in love with you! I love you Just for you! My letter just for you My love letter for you Please read and reply This is my love letter to you Wrote my thoughts down about you Wrote the fantasy about us down Wrote this letter for you You are my love! My Always You | 不明 | 添付 | Love_You_(※)-2019-txt.zip Love_You_(※)-2019-txt.js (※)任意の数字列 | https://www.virustotal.com/#/file/6e42ad9c545974ca943db43b964f4f0d8a36a028994dfa606118e2f14fc63532/detection https://www.virustotal.com/#/file/35dd169c8b7cc40f2afa23dc8b408b5881a854adfb65e8ac64ff6e6da63f9655/detection https://www.hybrid-analysis.com/sample/6f09742d4ba9e18e579653dcbf7c1f47c4da0f1957c98f69ff5ac6683ff2287c?environmentId=100 | 6dde1ca167ed67944fa5d13b86c6a343 62155339deb1349c9c512f5f2433163e | 6e42ad9c545974ca943db43b964f4f0d8a36a028994dfa606118e2f14fc63532 35dd169c8b7cc40f2afa23dc8b408b5881a854adfb65e8ac64ff6e6da63f9655 6f09742d4ba9e18e579653dcbf7c1f47c4da0f1957c98f69ff5ac6683ff2287c | hxxp://slpsrgpsrhojifdij[.]ru/krablin[.]exe hxxp://slpsrgpsrhojifdij[.]ru/1[.]exe hxxp://slpsrgpsrhojifdij[.]ru/2[.]exe hxxp://92.63.197[.]48/m/1[.]exe | 92.63.197[.]48 | 5e901677dad76c0dc21da659115b4d08e1e27c279c1cd038518ae1518646c306 | https://www.virustotal.com/#/file/5e901677dad76c0dc21da659115b4d08e1e27c279c1cd038518ae1518646c306/detection | ※最終的にはランサムウェアGandCrab v5.0.4に感染させるようになっている https://app.any.run/tasks/ec833126-294c-41d4-9410-b247fd18749c | |
50 | 2019/01/08 | :) :D ;) Always thinking about you Felt in love with you! I love you Just for you! My letter just for you My love letter for you Please read and reply This is my love letter to you Wrote my thoughts down about you Wrote the fantasy about us down Wrote this letter for you You are my love! | 不明 | 添付 | Love_You_(※)-2019-txt.zip Love_You_(※)-2019-txt.js (※)任意の数字列 | https://www.virustotal.com/#/file/d5e12ffd641f98a54b893a44ce4c9ba38ad94dd91064a2529e1a9e54961098cd/detection https://www.hybrid-analysis.com/sample/d5e12ffd641f98a54b893a44ce4c9ba38ad94dd91064a2529e1a9e54961098cd?environmentId=100 https://www.virustotal.com/#/file/25cef750de1e5df1eed63f7fdee03f32e845c57fcaa12e7a2fba69888600816a/detection https://www.hybrid-analysis.com/sample/25cef750de1e5df1eed63f7fdee03f32e845c57fcaa12e7a2fba69888600816a?environmentId=100 https://www.virustotal.com/#/file/07c8f8562a93e3c08f2e4100d67c6cd5 https://www.virustotal.com/#/file/112fd658ef94dbc4322bd523b2d2e9b9 https://www.virustotal.com/#/file/17ea3d2978d6a8565471a9a7ef9e73af https://www.virustotal.com/#/file/1d13d5181faf5d4b13dccd05cc9ebed3 https://www.virustotal.com/#/file/1e72a71a9afce9ba5c5ece90266074dc https://www.virustotal.com/#/file/5df4a8c9b9ea51246acfe26463ca6a54 https://www.virustotal.com/#/file/6695f7d846f3bd6abc645b3d7d6596f1 https://www.virustotal.com/#/file/8ad0576f4c6c190f395dd2f5a148bdba https://www.virustotal.com/#/file/b189d127cb65cb98a49e7e6902f2e5dd https://www.virustotal.com/#/file/b28d8fff7aead6206309637a2b8885ec https://www.virustotal.com/#/file/b8dc65f9dcdd0a2cae211833e8abd936 https://www.virustotal.com/#/file/d12899d75170de35eb8e404d7e5df539 https://www.virustotal.com/#/file/d729fa8ce988b93b472023fd820957d1 https://www.virustotal.com/#/file/e12819d422c8a526e7ec1d92862f7bfa https://www.virustotal.com/#/file/ed386cf9db6cab26e190c32675264cf5 | 5d92b42c4f84d5284028f512f49a2326 ca37924eeec025139b300ccee3d18792 07c8f8562a93e3c08f2e4100d67c6cd5 112fd658ef94dbc4322bd523b2d2e9b9 17ea3d2978d6a8565471a9a7ef9e73af 1d13d5181faf5d4b13dccd05cc9ebed3 1e72a71a9afce9ba5c5ece90266074dc 5df4a8c9b9ea51246acfe26463ca6a54 6695f7d846f3bd6abc645b3d7d6596f1 8ad0576f4c6c190f395dd2f5a148bdba b189d127cb65cb98a49e7e6902f2e5dd b28d8fff7aead6206309637a2b8885ec b8dc65f9dcdd0a2cae211833e8abd936 d12899d75170de35eb8e404d7e5df539 d729fa8ce988b93b472023fd820957d1 e12819d422c8a526e7ec1d92862f7bfa ed386cf9db6cab26e190c32675264cf5 | d5e12ffd641f98a54b893a44ce4c9ba38ad94dd91064a2529e1a9e54961098cd 25cef750de1e5df1eed63f7fdee03f32e845c57fcaa12e7a2fba69888600816a 1cb4bd03c77ffdcc4995d6175ae15f1cd5546eb1a8db08499f582be056b73e07 01f0c335a22e04719aca7af39ec90619abfd46a51f8344bb0e8b3fdc365beaed 3f82e5325319cc725e80fd03a08660ab774a77361c0b9f48fb612010bf98ac2b 8498bc74050c9294079d4e43e910693410a5c7718cb81a26144a0b1db405d567 ea8dd520ee6fbfb0a97454b3a5972378c649541b79048ba03315247659f367da ce3232b6a7b5823001fe1a87d2eef8dccc296d49c36d024a3dabc6e1b3ef2b38 06f98adb42000e436d2acc44bf8607a43a1a9c5345eaf1dc932108052b53bccc 1a99182d515a42f26841d8ff9c8a1b35e6b398e52bbc6d558bfff8fd4eaaef76 d491e8e3b8d3942a2b04937c9aff5008530bc79f88ebf929b7193937ac7f2864 5add2ea9ea81c953030bba306aee0f6c58c67dfc27bb8de5cfeff1acb8372464 ffe657fa081824fcd5842c013a38a72766555626f2319097ab8446d298dab3f0 d4cf63984527ca88b79fb63110a089e50bab65b50e7de020bc5f8e09a416971d 81eb6eb642552327d49439f3d0bca65c7b5856a9c52b447f899234cf03852f72 abc07d2027b87f5cddb0b328eed57512c9a522f6d69a1b43f7e636f14870300a d5989f2f9811106ec3f483819a2a21b88d89691af9572a08f327e1013b5e70e1 | hxxp://slpsrgpsrhojifdij[.]ru/krablin[.]exe | 92.63.197[.]48 | 4c0103c745fa6e173821035c304863d751bea9c073d19070d9ebf8685da95040 | https://www.virustotal.com/#/file/4c0103c745fa6e173821035c304863d751bea9c073d19070d9ebf8685da95040/detection https://www.hybrid-analysis.com/sample/4c0103c745fa6e173821035c304863d751bea9c073d19070d9ebf8685da95040 | ※最終的にはランサムウェアGandCrab v5.0.4とCoinmainerに感染させるようになっている https://app.any.run/tasks/d695dd79-e1ca-479d-9063-05972351c017 https://isc.sans.edu/diary/24512 | |
51 | 2019/01/01 ~2019/01/06 | ;-) :D) :-) ;) :D :) | 不明 | 添付 | IMG(※)_2018-JPG.zip (※)任意の数字列 | https://www.virustotal.com/#/file/29e7715ee8eb83a5eeed362b738f6f7d3a1a5d4d212bd51364a5b4afabeda38a/detection https://www.virustotal.com/#/file/c42022126b3ec7a61b05985c7d4d9ccc909db0b088f03eeaee2e2980a113227f/detection https://www.hybrid-analysis.com/sample/0754dfeba09ef3e30d46d85d83559b14fbd4b8e4b019a9f1f62ca129cde53864?environmentId=100 https://www.virustotal.com/#/file/98ff8d2ffd792a2d07eeed9c99397bea8022c3037f37a984a746d7a2d20e40c8/detection https://www.hybrid-analysis.com/sample/bae8ba38e521cc1d4177b0583a470fa3dd338e069f0f826d97e7a38228cd7ee8?environmentId=100 https://www.virustotal.com/#/file/6364b033c9f8349ffbbdf81c8cb0d126443701744d2dbdbeca5458cb1b016863/detection https://www.hybrid-analysis.com/sample/9ce508d17d14ab74fbaaea28ae980519e760346fc117bc9effd4066b806802f1?environmentId=100 https://www.hybrid-analysis.com/sample/03ff2e69bb279a9380edd42822788dba2b509c8430e5ed6c004d8c20db775d0e/5c2f448f7ca3e1405a372bb8 https://www.hybrid-analysis.com/sample/0ce33a32a2fea5d785829e5b64719b0b9777ed6de8dbca0ceefb9872be4857e0/5c2e47d07ca3e17e6071829c https://www.hybrid-analysis.com/sample/34d88669b80cf0f93c615a781dc683682f96cfcd8eced70aee2d74389f0dc69e/5c2e548e7ca3e11fc14b07c3 https://www.hybrid-analysis.com/sample/54cf852550a3478ab0e8930308d9826cbda496c1785ef1de4cb0e8ef482d152c/5c2e49b47ca3e17f966dabd1 https://www.hybrid-analysis.com/sample/5c021031b93d0acde48a275836fc156d3285082bfa0cdd16bd20f5a19a1a20b9/5c2e41867ca3e16b203a933a https://www.hybrid-analysis.com/sample/6c4312a2a8aba8dd4499fc39ca6fe1c099af421bb642a4872a0f226626cb6c42/5c2e3f3a7ca3e167fb2c0e45 https://www.hybrid-analysis.com/sample/8a68e5359170058ccf332e902e266423599900be8c51a0c73223451185167d91/5c2e44717ca3e1716e2f79cb https://www.hybrid-analysis.com/sample/9ce508d17d14ab74fbaaea28ae980519e760346fc117bc9effd4066b806802f1/5c2dfdfb7ca3e12fe800962d https://www.hybrid-analysis.com/sample/fe693a9241ef95fddbf982cf5ef664a2f6d9fe4449adfe32471998eb8d7d7c2f ※ファイルはその他複数あり | 533f093eb27fdff3564b438cdc774b7a 7897bcbb554fdab2aeb67905252a9427 ab8a7ac224f209fa8e66cd5a41ac74ac 78b431391218541847f3a5fa2e397b60 ※ファイルはその他複数あり | 29e7715ee8eb83a5eeed362b738f6f7d3a1a5d4d212bd51364a5b4afabeda38a c42022126b3ec7a61b05985c7d4d9ccc909db0b088f03eeaee2e2980a113227f 98ff8d2ffd792a2d07eeed9c99397bea8022c3037f37a984a746d7a2d20e40c8 6364b033c9f8349ffbbdf81c8cb0d126443701744d2dbdbeca5458cb1b016863 ※ファイルはその他複数あり | hxxp://92.63.197[.]48/m/tm.exe hxxp://92.63.197[.]48/m/mb.exe ↓ hxxp://92.63.197[.]48/m/1.exe ⇒ランサムウェアGandCrab v5.0.4 ※判明しているもののみ記載 | 92.63.197[.]48 ※判明しているもののみ記載 | 92edf8438fb1a64caaeed3f29e34974fa8855c92bca8f6d56316b5b722a8ec67 5154a51f2940554b9e3b3031193b50003fd7ef9ad050cefb553463e6cdaa6560 da61b72084316419626f6e181fba17688828206ac9e2028f30589e4724f15f89 c3dd0fa37af321000cef9b6654bbd766834540d3e0835e6fbd7e82e8e299f17b | https://www.virustotal.com/#/file/92edf8438fb1a64caaeed3f29e34974fa8855c92bca8f6d56316b5b722a8ec67/detection https://www.hybrid-analysis.com/sample/92edf8438fb1a64caaeed3f29e34974fa8855c92bca8f6d56316b5b722a8ec67/5c2c76de7ca3e129da23e4b7 https://www.virustotal.com/#/file/5154a51f2940554b9e3b3031193b50003fd7ef9ad050cefb553463e6cdaa6560/detection https://www.hybrid-analysis.com/sample/5154a51f2940554b9e3b3031193b50003fd7ef9ad050cefb553463e6cdaa6560?environmentId=100 https://www.virustotal.com/#/file/da61b72084316419626f6e181fba17688828206ac9e2028f30589e4724f15f89/detection https://www.hybrid-analysis.com/sample/da61b72084316419626f6e181fba17688828206ac9e2028f30589e4724f15f89/5c2c77767ca3e127e3501d6d https://www.virustotal.com/#/file/c3dd0fa37af321000cef9b6654bbd766834540d3e0835e6fbd7e82e8e299f17b/detection https://www.hybrid-analysis.com/sample/c3dd0fa37af321000cef9b6654bbd766834540d3e0835e6fbd7e82e8e299f17b/5c30ac387ca3e156e42cf0c3 | ※2019年1月1日~1月6日にばらまかれている模様 ※本文は『:)』のみ ※最終的にはランサムウェアGandCrab v5.0.4に感染させるようになっている ⇒現在(2019/01/04)GandCrab v5.0.4を復号するツールなし ⇒ランサムウェアのGandCrab(v5.0.2まで)の復号ツールはこちらからダウンロード出来ます。 https://www.nomoreransom.org/ja/decryption-tools.html#GandCrabV1V4andV5versions | |
52 | 2018/12/28 | Re: ヴィスト修正 | 不明 | 添付 | 原価請求書です(※).doc (※)任意の数字列 | https://www.virustotal.com/#/file/eebf28c47b1fda3f32cf8e28490d5b36ddbb01aeaa5ee119b8a6105d3079e061/detection https://www.hybrid-analysis.com/sample/eebf28c47b1fda3f32cf8e28490d5b36ddbb01aeaa5ee119b8a6105d3079e061/5c245be97ca3e159891610a4 | e3289ae9fd9b922b8381b704fa22c81a | eebf28c47b1fda3f32cf8e28490d5b36ddbb01aeaa5ee119b8a6105d3079e061 | hxxp://free.diegoalex[.]com/3289fkjsdfyu3[.]bin | 195.123.245[.]201 | 7accbf97c78c6f30df6031db55eba05fa746cc0941c960822b08a370b3bb878c | https://www.virustotal.com/#/file/7accbf97c78c6f30df6031db55eba05fa746cc0941c960822b08a370b3bb878c/detection https://www.hybrid-analysis.com/sample/7accbf97c78c6f30df6031db55eba05fa746cc0941c960822b08a370b3bb878c?environmentId=100 | https://www.jc3.or.jp/topics/v_log/201812.html#d20181228 ※12月27日の分が継続している可能性 | |
53 | 2018/12/27 | Re: ヴィスト修正 | 不明 | 添付 | 原価請求書です(※).doc (※)任意の数字列 | https://www.virustotal.com/#/file/12d82b089c31f4cc506552d870ac15cc478c28afe61373b9b467718acce33b00/detection https://www.hybrid-analysis.com/sample/3a2e9a8399595c2e821725e2eb0a95d6ea8ccf4863f49f72b8ecbdc12c4119a9/5c2457197ca3e14db01814b5 https://www.virustotal.com/#/file/3a2e9a8399595c2e821725e2eb0a95d6ea8ccf4863f49f72b8ecbdc12c4119a9/detection https://www.hybrid-analysis.com/sample/12d82b089c31f4cc506552d870ac15cc478c28afe61373b9b467718acce33b00?environmentId=100 | d9c3cfbd0fff8a2da127fe563a1ffd54 79840741ab330a8f83383d1ce7b3aea8 | 12d82b089c31f4cc506552d870ac15cc478c28afe61373b9b467718acce33b00 3a2e9a8399595c2e821725e2eb0a95d6ea8ccf4863f49f72b8ecbdc12c4119a9 | hxxp://free.diegoalex[.]com/3289fkjsdfyu3[.]bin | 195.123.245[.]201 | 7accbf97c78c6f30df6031db55eba05fa746cc0941c960822b08a370b3bb878c | https://www.virustotal.com/#/file/7accbf97c78c6f30df6031db55eba05fa746cc0941c960822b08a370b3bb878c/detection https://www.hybrid-analysis.com/sample/7accbf97c78c6f30df6031db55eba05fa746cc0941c960822b08a370b3bb878c?environmentId=100 | https://www.jc3.or.jp/topics/v_log/201812.html#d20181227 https://www.cc.uec.ac.jp/blogs/news/2018/12/20181227maiwaremail.html | |
54 | 2018/12/25 | 12月、原価請求書です。 | 不明 | 添付 | 原価請求書です(※).docx (※)任意の数字列 | https://www.virustotal.com/#/file/3c472af694729da1ecc95cf99158c50ffcf02a2e6948538c326ec8883ddb8c7b/detection https://www.hybrid-analysis.com/sample/3c472af694729da1ecc95cf99158c50ffcf02a2e6948538c326ec8883ddb8c7b?environmentId=100 https://www.virustotal.com/#/file/0d94117b669e9c102ecf754173c3fbf6ce19445d17eacf2882b323fb465b67be/detection https://www.virustotal.com/#/file/75ecc5845bec21b1fdf98680de180e0fc227d312f58c02dec7cc52c8ceaab1d7/detection | 4c33fdea71051db14e690efe94756b8c 67915b4ba1d2a9aaf0528bdbc1b8229a b644da18d0858198af8669a5feb876a6 | 3c472af694729da1ecc95cf99158c50ffcf02a2e6948538c326ec8883ddb8c7b 0d94117b669e9c102ecf754173c3fbf6ce19445d17eacf2882b323fb465b67be 75ecc5845bec21b1fdf98680de180e0fc227d312f58c02dec7cc52c8ceaab1d7 | hxxp://emotion.bethlapierre[.]com/8923rfj.bin | 31.170.107[.]162 | 0c3b5c7e013e67444f0aebb031eed7a2c4c9a06b8a2dd9401b9ec1be1a107afb | https://www.virustotal.com/#/file/0c3b5c7e013e67444f0aebb031eed7a2c4c9a06b8a2dd9401b9ec1be1a107afb/detection https://www.hybrid-analysis.com/sample/0c3b5c7e013e67444f0aebb031eed7a2c4c9a06b8a2dd9401b9ec1be1a107afb?environmentId=100 | https://www.cc.uec.ac.jp/blogs/news/2018/12/20181225maiwaremail.html https://www.jc3.or.jp/topics/virusmail.html | |
55 | 2018/12/24 | 8月、原価請求書です。 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? | |
56 | 2018/12/22 | Re: ヴィスト修正 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? ※2017年9月13日にばらまかれている内容と本文は同じ可能性大 ================== 今回の件名『Re: ヴィスト修正』の不審メールの本文情報からの推測ですが、 2017年9月13日にも同件名でばらまきがあったものの使い回しの様です。 その当時に添付されていた不審ファイルの情報を共有しておきます。 https://www.virustotal.com/#/file/40c8f6c67427e86b5f1e93923bb6f0ea3fe4a378c4a6be4287fc09bf536c5e97/detection https://www.virustotal.com/#/file/e5c821755bcd4a038ee1af940b2b32adf6d2629c60a39487c1ca8f468f5f64a4/detection https://www.virustotal.com/#/file/1ec564a978932a6cfefaa22e021e4c1a3af8909251edda2498e1b3f400defcb2/detection | |
57 | 2018/12/18 | [※]注文書の件 [※]申請書類の提出 [※]立替金報告書の件です。 [※]納品書フォーマットの送付 [※]請求データ送付します ※:次のいずれかの記号が入ります 「*」「-」「_」「|」「~」 | 不明 | 添付 | D O C [※].XLS ※:任意の数字列 | https://www.virustotal.com/#/file/fa5eb74adc22749ffd113ceaa71d23a693af55e605bea1354dc7d352303e9bff/detection https://www.hybrid-analysis.com/sample/fa5eb74adc22749ffd113ceaa71d23a693af55e605bea1354dc7d352303e9bff?environmentId=100 | 2c2545df2bbcd506bd09641ec97ca5ae | fa5eb74adc22749ffd113ceaa71d23a693af55e605bea1354dc7d352303e9bff | images2.imgbox[.]com/4a/4f/BlSALZQZ_o.png | 複数 | 1c0d4d80c2fe6013da2e4dd036ef5048db439155a19144aa88426d3528dbd53f | https://www.virustotal.com/#/file/1c0d4d80c2fe6013da2e4dd036ef5048db439155a19144aa88426d3528dbd53f/detection | https://www.jc3.or.jp/topics/virusmail.html https://www.cc.uec.ac.jp/blogs/news/2018/12/20181219.html | |
58 | 2018/12/13 | 【楽天市場】注文内容ご確認(自動配信メール) | rakuten_order[@]applesupport.cncntrte[.]com | hxxp://eu.kiraneproject[.]com/ 紐づくIPは下記IPアドレス 195.123.233[.]150 | 注文内容ご確認.zip 注文内容ご確認.lnk | https://www.virustotal.com/#/file/11acce4e568000b18e4957e4ef956d681839d8fd4da22346b7effc9161fb7bb0/detection https://www.hybrid-analysis.com/sample/11acce4e568000b18e4957e4ef956d681839d8fd4da22346b7effc9161fb7bb0 https://www.hybrid-analysis.com/sample/7e7bee88bdd25ab9cc402e8a14ee08615618c55c977993646c89ffd95bc90815?environmentId=100 https://www.virustotal.com/#/file/7e7bee88bdd25ab9cc402e8a14ee08615618c55c977993646c89ffd95bc90815/detection | 36806ed6ba0ef9261570476abea09b2b 0d43e1fd27f79e4eae009eb812bade65 | 11acce4e568000b18e4957e4ef956d681839d8fd4da22346b7effc9161fb7bb0 7e7bee88bdd25ab9cc402e8a14ee08615618c55c977993646c89ffd95bc90815 | hxxp://ktr.kiraneproject[.]com/pohaq/info[.]ps1 hxxp://ktr.kiraneproject[.]com/pohaq/fit[.]txt | 195.123.233[.]150 | 0207c06879fb4a2ddaffecc3a6713f2605cbdd90fc238da9845e88ff6aef3f85 | https://www.virustotal.com/#/file/0207c06879fb4a2ddaffecc3a6713f2605cbdd90fc238da9845e88ff6aef3f85/detection https://www.hybrid-analysis.com/sample/0207c06879fb4a2ddaffecc3a6713f2605cbdd90fc238da9845e88ff6aef3f85?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html | |
59 | 2018/12/11 | 【楽天市場】注文内容ご確認(自動配信メール) | 楽天市場 <rakuten_order@applesupport.shadidphotography.com> | hxxp://rth.cncntrte[.]com/ 紐づくIPは下記IPアドレス 195.123.217[.]77 | 注文内容ご確認.zip 注文内容ご確認.PDF.js 注文内容ご確認.js | https://www.virustotal.com/#/file/97e56c8eb502e7a8198421d2f5ff77fa44434c85df8fcdb6659a02932d19a661/detection https://www.hybrid-analysis.com/sample/e047fdc27c7468d6cecfcf5c758586ca855e4dd5cdae8a8688665f6aeb129c13?environmentId=100 https://www.virustotal.com/#/file/a606892ad38faa5c4f3810dd52a5282a873cbe8a0993a8530e28ea1065b1a584/detection https://www.hybrid-analysis.com/sample/a606892ad38faa5c4f3810dd52a5282a873cbe8a0993a8530e28ea1065b1a584?environmentId=100 https://www.virustotal.com/#/file/e828d07247267fca9d80000fa29cba7d7d7d29e0aaad1cb9c70455825de2ad7c/detection https://www.hybrid-analysis.com/sample/e828d07247267fca9d80000fa29cba7d7d7d29e0aaad1cb9c70455825de2ad7c/5c0f67ff7ca3e105b55dd93d | 34b06c408e46130bcde6c127ce361248 b58f6711d24b44cd7b00ee40f27330b1 9f111daecf1cb90c369b14bb4ddddad3 | 97e56c8eb502e7a8198421d2f5ff77fa44434c85df8fcdb6659a02932d19a661 a606892ad38faa5c4f3810dd52a5282a873cbe8a0993a8530e28ea1065b1a584 e828d07247267fca9d80000fa29cba7d7d7d29e0aaad1cb9c70455825de2ad7c | hxxp://fgyt.shadidphotography.com/789234[.]bin hxxp://re.ghostzero[.]la/ hxxp://yu.sxkoparty[.]com/ hxxp://nnmj.joshshadid[.]com/ | 195.123.217[.]77 | 4ddd8aef0e491daf102190488ab8004afc297169bb69fd40cbaa46b25f8390a6 | https://www.virustotal.com/#/file/4ddd8aef0e491daf102190488ab8004afc297169bb69fd40cbaa46b25f8390a6/detection | https://www.cc.uec.ac.jp/blogs/news/2018/12/20181211rakutenmalware.html https://www.jc3.or.jp/topics/virusmail.html https://twitter.com/tmmalanalyst/status/1072442761029267456 https://bomccss.hatenablog.jp/entry/2018/12/14/134301 | |
60 | 2018/12/05 | 【NTT-X Store】商品発送のお知らせ | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? | |
61 | 2018/12/04 | 【楽天市場】注文内容ご確認(自動配信メール) | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? | |
62 | 2018/11/29 | Your invoice from [会社名と人名] | 不明 | 添付 | Untitled-(※).doc ※:任意の数字列 | https://www.virustotal.com/#/file/dd850a2d509783d8550103d4ab78474d137fc6b64849f8c5f00638cb4dda1886/detection https://www.hybrid-analysis.com/sample/dd850a2d509783d8550103d4ab78474d137fc6b64849f8c5f00638cb4dda1886?environmentId=100 https://www.virustotal.com/#/file/31cbdc7401361fbaf59d08b79d2081527147f61d2b951de1a9477648e5b218a8/detection https://www.hybrid-analysis.com/sample/31cbdc7401361fbaf59d08b79d2081527147f61d2b951de1a9477648e5b218a8?environmentId=100 | 6eca8cd7dfaa8633f527bf714e64e431 d7cadb15f640c32df58881fb09a758f9 | dd850a2d509783d8550103d4ab78474d137fc6b64849f8c5f00638cb4dda1886 31cbdc7401361fbaf59d08b79d2081527147f61d2b951de1a9477648e5b218a8 | levifca[.]com/y0tYhnWQ mfpvision[.]com/yAkPNiSmm6 haganelectronics.rubickdesigns[.]com/C96xSAAy2q catairdrones[.]com/sMQ0n8nNun radio312[.]com/mp0NHN4cHX | 50.74.56[.]147:8080 81.18.134[.]18:8080 181.193.115[.]50 209.182.216[.]177:443 181.60.228[.]203:8080 190.191.88[.]126 186.20.225[.]65:8080 | 07089c9689dba0e609e8cb56a80975465220b49377608e902415832a09fd8184 68d27ee84a09414459cbd880214ddcfdf5a48f36ebe8d6b79389ac9a56a6836b | https://www.virustotal.com/#/file/07089c9689dba0e609e8cb56a80975465220b49377608e902415832a09fd8184/detection https://www.hybrid-analysis.com/sample/07089c9689dba0e609e8cb56a80975465220b49377608e902415832a09fd8184?environmentId=100 https://www.virustotal.com/#/file/68d27ee84a09414459cbd880214ddcfdf5a48f36ebe8d6b79389ac9a56a6836b/detection https://www.hybrid-analysis.com/sample/68d27ee84a09414459cbd880214ddcfdf5a48f36ebe8d6b79389ac9a56a6836b?environmentId=100 | https://twitter.com/58_158_177_102/status/1067969430326374400 | |
63 | 2018/11/27 | 不明(※実際にやりとりされている送受信メールに返信するかたちでばらまかれる) | 不明 | 添付 | ATT(※).doc ※:任意の数字列 | https://www.virustotal.com/#/file/d0d6557a1068b7519c1a7ce837b3e050114d7b6ae81214b205640bfd6252b3f8/detection https://www.hybrid-analysis.com/sample/d0d6557a1068b7519c1a7ce837b3e050114d7b6ae81214b205640bfd6252b3f8/5bfc97f47ca3e10c6a182d53 https://www.virustotal.com/#/file/25b375699ab3c9af2732c8382837226e93b94b08b2a15bd28fd7c31c3294273c/detection https://www.hybrid-analysis.com/sample/25b375699ab3c9af2732c8382837226e93b94b08b2a15bd28fd7c31c3294273c?environmentId=100 | 3bf814e9b77b52aebd3dd0de758f4800 1f93e9663b1d2aaa20f95d2352a18946 | d0d6557a1068b7519c1a7ce837b3e050114d7b6ae81214b205640bfd6252b3f8 25b375699ab3c9af2732c8382837226e93b94b08b2a15bd28fd7c31c3294273c | hxxp[:]//oxaggebrer[.]com/QIC/tewokl.php?l=vunx1.spr ”=vunx1~9”もアリ | 95.181.198[.]207 | 241c6152e9fa5d47158f4c4fb365de0acb521a49e562073595675a31db86491e | https://www.virustotal.com/#/file/241c6152e9fa5d47158f4c4fb365de0acb521a49e562073595675a31db86491e/detection https://www.hybrid-analysis.com/sample/241c6152e9fa5d47158f4c4fb365de0acb521a49e562073595675a31db86491e?environmentId=100 | https://twitter.com/NTTSec_JP/status/1067222660403195905 | |
64 | 2018/11/16 | 【NTT-X Store】商品発送のお知らせ | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? | |
65 | 2018/11/15 | 【NTT-X Store】商品発送のお知らせ | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? ※この件名は2017年10月6日ぶり ⇒https://www.jc3.or.jp/topics/v_log/201710.html#d20171006a | |
66 | 2018/11/15 | 【楽天市場】注文内容ご確認(自動配信メール) | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? | |
67 | 2018/11/14 | /発注-181112 支払依頼書 【連絡 ※請求書】 | 不明 | 添付 | (※)DOC20181114(※).doc ※:任意の数字列 | https://www.virustotal.com/#/file/8ed61abc371da7cf5ed2d8b9b7fdf20b8ca1b924c19fc9e8d50ca1feaccb6ae9/detection https://www.hybrid-analysis.com/sample/8ed61abc371da7cf5ed2d8b9b7fdf20b8ca1b924c19fc9e8d50ca1feaccb6ae9?environmentId=100 | bdd9fe7dae3fc4b751f17f13ec9d41b7 | 8ed61abc371da7cf5ed2d8b9b7fdf20b8ca1b924c19fc9e8d50ca1feaccb6ae9 | hxxp://niokrat.com/clifind[.]log C2:hxxps://abedirer[.]com / 149.129.243[.]34 | 多数あり | fb4077e5ef55027b2972e94fe54eca985dfb933702f09a640a799f31b2181834 | https://www.virustotal.com/#/file/fb4077e5ef55027b2972e94fe54eca985dfb933702f09a640a799f31b2181834/detection https://www.hybrid-analysis.com/sample/fb4077e5ef55027b2972e94fe54eca985dfb933702f09a640a799f31b2181834?environmentId=120 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/11/20/204650 | |
68 | 2018/11/10 | 【楽天市場】注文内容ご確認(自動配信メール) | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html ※ばらまきは広範囲で行われていない? https://twitter.com/catnap707/status/1062112039064166400 ※この件名は2018年7月5日ぶり | |
69 | 2018/11/06 | 注文書の件 申請書類の提出 立替金報告書の件です。 納品書フォーマットの送付 請求データ送付します | 不明 | 添付 | Doc06112018(数字).xls ※:任意の数字列 | https://www.virustotal.com/#/file/4095b31681f998c808b2e7338fa8adec82c9f5049df457c9f0c0fc562e2a48ab/detection https://www.hybrid-analysis.com/sample/4095b31681f998c808b2e7338fa8adec82c9f5049df457c9f0c0fc562e2a48ab?environmentId=100 | eadd4d15f9e23d579232aff07f9e988a | 4095b31681f998c808b2e7338fa8adec82c9f5049df457c9f0c0fc562e2a48ab | hxxps://images2.imgbox[.]com/90/f1/gat2MVsK_o.png ▼bebloh hxxp://olideron[.]com/connmouse C2: hxxps://pogertan.com ( 216.58.199[.]228 ) ▼ursnif hxxp://iglesiamistral[.]org/audio/ceeb/educat[.]exe ( 217.160.0[.]251 ) C2: hxxps://niperola[.]com ( 5.8.88[.]247 ) | 208.99.84[.]104 188.237.190[.]24 | ▼Bebloh 75ca5c2caf5216140f8e3e34160bdc64ce59d75fce1feeaa809ec18f01427783 ▼Ursnif dba40065b6efc6ae10e26ba608817ff04bdbc976e07016d78d0b4a63492e3ae4 | https://www.virustotal.com/#/file/75ca5c2caf5216140f8e3e34160bdc64ce59d75fce1feeaa809ec18f01427783/detection https://www.virustotal.com/#/file/dba40065b6efc6ae10e26ba608817ff04bdbc976e07016d78d0b4a63492e3ae4/detection | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/11/12/201654 | |
70 | 2018/11/06 | 10月5日日付の管理費請求書 10月課金請求リスト 10月請求書 郵送のご連絡 11月請求書連絡 【再送】30年10月分請求書 〜請求書11月1日〜 ご請求書 別注お支払いの件 請求書 | 不明 | 添付 | 20181106(数字).xls ※:任意の数字列 | https://www.virustotal.com/#/file/81e10dc5acf7b150591d147c1101fed72d90648f1ec40a20798836d07258b804/detection https://www.hybrid-analysis.com/sample/81e10dc5acf7b150591d147c1101fed72d90648f1ec40a20798836d07258b804/5be14bf67ca3e1677d6f4560 | 0edba7614266430b14768292a3c9ce02 | 81e10dc5acf7b150591d147c1101fed72d90648f1ec40a20798836d07258b804 | hxxps://images2.imgbox[.]com/90/f1/gat2MVsK_o.png ▼bebloh hxxp://olideron[.]com/connmouse C2: hxxps://pogertan.com ( 216.58.199[.]228 ) ▼ursnif hxxp://iglesiamistral[.]org/audio/ceeb/educat[.]exe ( 217.160.0[.]251 ) C2: hxxps://niperola[.]com ( 5.8.88[.]247 ) | 208.99.84[.]104 188.237.190[.]24 | ▼Bebloh 75ca5c2caf5216140f8e3e34160bdc64ce59d75fce1feeaa809ec18f01427783 ▼Ursnif dba40065b6efc6ae10e26ba608817ff04bdbc976e07016d78d0b4a63492e3ae4 | https://www.virustotal.com/#/file/75ca5c2caf5216140f8e3e34160bdc64ce59d75fce1feeaa809ec18f01427783/detection https://www.virustotal.com/#/file/dba40065b6efc6ae10e26ba608817ff04bdbc976e07016d78d0b4a63492e3ae4/detection | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/11/12/201654 | |
71 | 2018/11/01 | 【請求書、見積書送付】30/10-11 請求書送信のご連絡 RE: 10月分WO 10月請求書の件 再)ご請求書~ 預かり金依頼書の送付(追い金) 2018年10月度 御請求書 | 不明 | 添付 | -(※).xls ※:任意の数字列 | https://www.virustotal.com/#/file/bfe8ab19b3e3273999f7045651e745fad67690e314a5ae32a5f245c4576bc668/detection https://www.hybrid-analysis.com/sample/bfe8ab19b3e3273999f7045651e745fad67690e314a5ae32a5f245c4576bc668?environmentId=120 | e7fb10b7ba0d4f761ad323b88ed69689 1d15107e7ff9867bf904a2a4dc7d9f39 | c5e3ea84d2367239a3edff9074158e7af13b95edbc87d576c8d97e2536f3ba3a bfe8ab19b3e3273999f7045651e745fad67690e314a5ae32a5f245c4576bc668 | images2.imgbox[.]com martenod[.]com/ufolder ▼C2 hxxps://makarcheck[.]com IP: 47.254.153[.]36 | 多数あり | 4c603d763a2b79e36492413ff788e1dd795bc09c67b2f4eccad5f339ebe44e89 | https://www.virustotal.com/#/file/4c603d763a2b79e36492413ff788e1dd795bc09c67b2f4eccad5f339ebe44e89/detection | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/11/08/173353 | |
72 | 2018/11/01 | 立替金報告書の件です。 申請書類の提出 注文書の件 請求データ送付します 納品書フォーマットの送付 | 不明 | 添付 | (※)DOC20181101(※).xls ※:任意の数字列 | https://www.virustotal.com/#/file/c5e3ea84d2367239a3edff9074158e7af13b95edbc87d576c8d97e2536f3ba3a/detection https://www.hybrid-analysis.com/sample/c5e3ea84d2367239a3edff9074158e7af13b95edbc87d576c8d97e2536f3ba3a?environmentId=100 | e7fb10b7ba0d4f761ad323b88ed69689 | c5e3ea84d2367239a3edff9074158e7af13b95edbc87d576c8d97e2536f3ba3a | images2.imgbox[.]com martenod[.]com/ufolder ▼C2 hxxps://makarcheck[.]com IP: 47.254.153[.]36 | 多数あり | 4c603d763a2b79e36492413ff788e1dd795bc09c67b2f4eccad5f339ebe44e89 | https://www.virustotal.com/#/file/4c603d763a2b79e36492413ff788e1dd795bc09c67b2f4eccad5f339ebe44e89/detection | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/11/08/173353 | |
73 | 2018/10/30 | 10月請求書の件 2018年10月度 御請求書 RE: 10月分WO 【請求書、見積書送付】30/10-11 再)ご請求書〜 請求書送信のご連絡 預かり金依頼書の送付(追い金) | 不明 | 添付 | (※)請求書(2018年10月).xls ※:任意の数字列 20181030(※).xls ※:任意の数字列 | https://www.virustotal.com/#/file/cac15934c258df2a1cc9c5359004f655e40a51cee6a255892e7884b0210425e3/detection https://www.hybrid-analysis.com/sample/cac15934c258df2a1cc9c5359004f655e40a51cee6a255892e7884b0210425e3?environmentId=120 https://www.virustotal.com/#/file/f39618fbdbb3788fa9444c84522a069b867e3237567ddd722f5e9a42838a4371/detection https://www.hybrid-analysis.com/sample/f39618fbdbb3788fa9444c84522a069b867e3237567ddd722f5e9a42838a4371?environmentId=100 https://www.virustotal.com/#/file/8da48928f824f5f4da56c1bee55d1b8a42ee416bd3b1527bf88f2ea440c9285f/detection https://www.hybrid-analysis.com/sample/8da48928f824f5f4da56c1bee55d1b8a42ee416bd3b1527bf88f2ea440c9285f?environmentId=100 | dc8245e63d07da4c459aeb2c003f827e e5c72950358cb38b8a36223ee60b4635 819b894e1021764ba0a627342db77f71 | cac15934c258df2a1cc9c5359004f655e40a51cee6a255892e7884b0210425e3 f39618fbdbb3788fa9444c84522a069b867e3237567ddd722f5e9a42838a4371 8da48928f824f5f4da56c1bee55d1b8a42ee416bd3b1527bf88f2ea440c9285f | hxxp://image.ibb.co/jrDJv0/hp[.]png | 多数あり | 5741f50148717676588f5e6ae0df16b9323f2e266272f3aa420a266da50fffca | https://www.virustotal.com/#/file/5741f50148717676588f5e6ae0df16b9323f2e266272f3aa420a266da50fffca/detection | 外部通信は発生せず https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/11/08/015117 | |
74 | 2018/10/24 | 注文書の件 申請書類の提出 立替金報告書の件です。 納品書フォーマットの送付 請求データ送付します | 不明 | 添付 | DOC2410201810(※).xls ※:任意の数字列 | https://www.virustotal.com/#/file/54303e5aa05db2becbef0978baa60775858899b17a5d372365ba3c5b1220fd2e/detection https://www.hybrid-analysis.com/sample/54303e5aa05db2becbef0978baa60775858899b17a5d372365ba3c5b1220fd2e/5bd010b07ca3e1378f5527f3 | 445d3d5073e9939ad037556e24e05b37 | 54303e5aa05db2becbef0978baa60775858899b17a5d372365ba3c5b1220fd2e | hxxps://images2.imgbox[.]com/ca/88/A2ZSlW6S_o[.]png ↓ hxxp://pigertime.com/mksetting | 208.99.84.102 62.141.244.144 | 73da11127aa1da5538d153ba7f063c74fb90af46da581f098f179e1bb8371904 | https://www.virustotal.com/#/url/7149701fd4a4f2fc5f207d9b00c4df394ffc37d05516b4b7c11dbc4dd25fed1c/detection | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/10/26/194719 | |
75 | 2018/08/08 | ご請求額の通知 インボイス プロジェクト 写真 支払い 文書 請求・支払データ 資料 | 不明 | 添付 | (※).32.zip ※:任意の数字列 ↓ .iqy | https://www.virustotal.com/#/file/ed40b6d8bb352b9e645dcaf40094b3712ef5a5e4ae5505c6c576565d18e86209/detection https://www.virustotal.com/#/file/b52bf37f47e7991f26b3ecc679d9fc78037f950cbd63ac220ab06b5d5cf5dcfd/detection | feaab576309656fcaff1324b91d17ec9 c8100292be8e5dd627fd731f0c086a6e | ed40b6d8bb352b9e645dcaf40094b3712ef5a5e4ae5505c6c576565d18e86209 b52bf37f47e7991f26b3ecc679d9fc78037f950cbd63ac220ab06b5d5cf5dcfd | jiglid[.]com/exel ↓ jiglid[.]com/version ↓ jiglid[.]com/JP ↓ Bebloh ↓ Ursnif | 多数あり | 70f3bda067b9c3519c909da0b0fda85fcd45f84093f416520972d5b1387c5894 ↓ 8e7e90ca9812222ed762e6f6db677361aa0db526eca54b2a09fb1cfa41eed63f ↓ ▼Bebloh 0323da8293f583e42fd14ad7e997bb3ecc0a508fef9d486314f4d1a1d5c65f58 ↓ ▼Ursnif 87f0e03c2bb71d7fd620f5693700fca08eefe8f42803051a9d1c4f90e0c5fd57 | https://www.virustotal.com/#/file/0323da8293f583e42fd14ad7e997bb3ecc0a508fef9d486314f4d1a1d5c65f58/detection https://www.virustotal.com/#/file/87f0e03c2bb71d7fd620f5693700fca08eefe8f42803051a9d1c4f90e0c5fd57/detection https://www.hybrid-analysis.com/sample/87f0e03c2bb71d7fd620f5693700fca08eefe8f42803051a9d1c4f90e0c5fd57?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/08/10/033607 https://blog.trendmicro.com/trendlabs-security-intelligence/iqy-and-powershell-abused-by-spam-campaign-to-infect-users-in-japan-with-bebloh-and-ursnif/?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork | |
76 | 2018/08/07 | インボイス Re: 進捗 | 不明 | 添付 | 2018.08.07.xls | https://www.virustotal.com/#/file/ae2a04b491f6f19d737b2693b26f7a5d54c724b66d48620577dfbc21f38690b8/detection https://www.hybrid-analysis.com/sample/ae2a04b491f6f19d737b2693b26f7a5d54c724b66d48620577dfbc21f38690b8?environmentId=100 | e2707980305d7518ab41171c96d8ca48 | ae2a04b491f6f19d737b2693b26f7a5d54c724b66d48620577dfbc21f38690b8 | hxxp://jiglid[.]com/out | 多数あり | 821953a1d3e2b44cf2c79a6513c3f85e9603f5ab4f2d448a4d87136850643f26 | https://www.virustotal.com/#/file/821953a1d3e2b44cf2c79a6513c3f85e9603f5ab4f2d448a4d87136850643f26/detection | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/08/10/024215 | |
77 | 2018/08/07 | 注文書[※] ※:任意の数字列 | 不明 | 添付 | 注文書_office.xls | https://www.virustotal.com/#/file/324c2f02ac07b1610413d4f14a3f72b91bc322c1497ed01c15a5793192c1acd5/detection https://www.hybrid-analysis.com/sample/324c2f02ac07b1610413d4f14a3f72b91bc322c1497ed01c15a5793192c1acd5/5b694f307ca3e15c803bc169 | 58e702dd7c39ec64468f244d96e0ac43 | 324c2f02ac07b1610413d4f14a3f72b91bc322c1497ed01c15a5793192c1acd5 | hxxp://jiglid[.]com/out hxxp://jiglid[.]com/1.tmp | 多数あり | 821953a1d3e2b44cf2c79a6513c3f85e9603f5ab4f2d448a4d87136850643f26 | https://www.virustotal.com/#/file/821953a1d3e2b44cf2c79a6513c3f85e9603f5ab4f2d448a4d87136850643f26/detection | https://twitter.com/bomccss/status/1026741233173983232 https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/08/10/024215 | |
78 | 2018/08/07 | <要返信:FAX>営業○・出荷× | 不明 | 添付 | FAX[出荷].xls | https://www.hybrid-analysis.com/sample/d48a46e4a294755055ea59256450463b644236b32f62ecbb103b8f0337c4247c?environmentId=100 https://www.virustotal.com/#/file/8957623c094f3ccdec8102f37d72d39279ecaa6a00f61cfe0c16d34105401e21/detection https://www.hybrid-analysis.com/sample/8957623c094f3ccdec8102f37d72d39279ecaa6a00f61cfe0c16d34105401e21?environmentId=100 | d90ff73d19b98b51c60ec9ab61170676 | d48a46e4a294755055ea59256450463b644236b32f62ecbb103b8f0337c4247c 8957623c094f3ccdec8102f37d72d39279ecaa6a00f61cfe0c16d34105401e21 | hxxp://jiglid[.]com/out hxxp://jiglid[.]com/1.tmp | 多数あり | 821953a1d3e2b44cf2c79a6513c3f85e9603f5ab4f2d448a4d87136850643f26 | https://www.virustotal.com/#/file/821953a1d3e2b44cf2c79a6513c3f85e9603f5ab4f2d448a4d87136850643f26/detection | https://twitter.com/bomccss/status/1026741233173983232 https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/08/10/024215 | |
79 | 2018/08/06 | お世話になります ご確認ください 写真添付 写真送付の件 | 不明 | 添付 | (※).00000.iqy 8月・000000.iqy ※:ユーザー名 | https://www.virustotal.com/#/file/e9202586bd09cf9457025de2db62622b8d231de0f1ecc5d64ee71909c4c9c3a2/detection | ef9ea3ab606adf5bbeffc75b0dccdae2 | e9202586bd09cf9457025de2db62622b8d231de0f1ecc5d64ee71909c4c9c3a2 | hxxp://jiglid[.]com/sc4 ↓ hxxp://jiglid[.]com/sc4-2.dat ↓ hxxp://jiglid[.]com/ms.xlsx ↓ Bebloh ↓ Ursnif | 92.48.206[.]71 | fe89c50f242f54c09a4a8de3f3c3fd813e6dc41af59cf21ab669b05efedfd0c8 ↓ c5d706f09a79bde59257fab77c5406fba89d10efdb9e4941a8b3c1677da1c878 ↓ ▼Bebloh 5533187aeae5b20d0628496f2ee671704bc806b16f4ce8b92468e9db3343957b ↓ ▼Ursnif 9e6535f7cda29e64af7711347271776cbe1242f33c745c61b5320c84eda5bc7e | https://www.virustotal.com/#/file/c5d706f09a79bde59257fab77c5406fba89d10efdb9e4941a8b3c1677da1c878/detection https://www.virustotal.com/#/file/fe89c50f242f54c09a4a8de3f3c3fd813e6dc41af59cf21ab669b05efedfd0c8/detection https://www.virustotal.com/#/file/9e6535f7cda29e64af7711347271776cbe1242f33c745c61b5320c84eda5bc7e/detection https://www.hybrid-analysis.com/sample/9e6535f7cda29e64af7711347271776cbe1242f33c745c61b5320c84eda5bc7e?environmentId=100 https://www.virustotal.com/#/file/5533187aeae5b20d0628496f2ee671704bc806b16f4ce8b92468e9db3343957b/detection https://www.hybrid-analysis.com/sample/5533187aeae5b20d0628496f2ee671704bc806b16f4ce8b92468e9db3343957b?environmentId=100 | https://twitter.com/MalwareInfo_JP/status/1026378994780794882 https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/08/10/013314 https://blog.trendmicro.com/trendlabs-security-intelligence/iqy-and-powershell-abused-by-spam-campaign-to-infect-users-in-japan-with-bebloh-and-ursnif/?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork | |
80 | 2018/07/25 | 【重要】定期的なID・パスワード変更のお願い/コンピュータウイルスにご注意を | 楽天カード株式会社 <rakuten_card_information@freetoper.accountant> | nl.w2tbr[.]net/ 紐づくIPは全て下記IPアドレス 195.123.216[.]241 | もっと詳しくの情報はこちら.pdf.js | https://www.virustotal.com/#/file/b546fc2dbd804948bbece5a28508026eacf0ff971854d0c2c2fd279fb315e2f7/detection https://www.hybrid-analysis.com/sample/b546fc2dbd804948bbece5a28508026eacf0ff971854d0c2c2fd279fb315e2f7 | 163cfaeeb5fb5e460b318a7e82bc306c | b546fc2dbd804948bbece5a28508026eacf0ff971854d0c2c2fd279fb315e2f7 | hxxp://bn.arranliddel[.]com/0[.]bin | 195.123.216[.]241 | eaafc6a6ee5500c128475c60358ec7fabbff7a69b05b35a79707be728f60c2cc | https://www.virustotal.com/#/file/eaafc6a6ee5500c128475c60358ec7fabbff7a69b05b35a79707be728f60c2cc/detection https://www.hybrid-analysis.com/sample/eaafc6a6ee5500c128475c60358ec7fabbff7a69b05b35a79707be728f60c2cc?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://www.cc.uec.ac.jp/blogs/news/2018/07/20180725.html https://bomccss.hatenablog.jp/entry/2018/07/27/123238 | |
81 | 2018/07/18 | 取引情報が更新されました 【発注書受信】 備品発注依頼書の送付 依頼書を 送付しますので 発注依頼書 ㈱ 発注書 | 不明 | 添付 | Attach_201807※.zip ※:任意の数字列 | https://www.virustotal.com/#/file/732d23d9d9b53881ab9e183aec0ce5e28b47fe9f85868187796f45724967f419/detection ▼1-----.jpeg_.vbs https://www.virustotal.com/#/file/8431aa9312b1ac95a16fa3f14dba262db84c8817765516ca569ff06d6d898d5b/detection | 0bd2f91827e3f9e79f2867745d44bdc5 35560ede7b61d89a23f4c1498e2cf8ff | 732d23d9d9b53881ab9e183aec0ce5e28b47fe9f85868187796f45724967f419 8431aa9312b1ac95a16fa3f14dba262db84c8817765516ca569ff06d6d898d5b | hxxp://ravigel[.]com/os10.dat hxxp://ravigel[.]com/cert01.txt | 47.74.189[.]69 | https://www.jc3.or.jp/topics/virusmail.html | |||
82 | 2018/07/18 | 18/07 製造依頼 | 不明 | 添付 | 2018追加製造.xls | https://www.virustotal.com/#/file/a67f1f172d846bb7b2e82d2d9d423d0fe12292f2eb4c04e5341acffaa74c800c/detection https://www.hybrid-analysis.com/sample/a67f1f172d846bb7b2e82d2d9d423d0fe12292f2eb4c04e5341acffaa74c800c/5b4f040f7ca3e1353275a823 https://www.virustotal.com/#/file/e334f91c535aaf02404d898952cd93300daa9c6527790f6b0289885d09de4af3/detection https://www.hybrid-analysis.com/sample/e334f91c535aaf02404d898952cd93300daa9c6527790f6b0289885d09de4af3?environmentId=100 | 147590aa93ff42e4bda03d4745d165b9 4508cdd4ea3a98303d5b3fcbccd310ed | a67f1f172d846bb7b2e82d2d9d423d0fe12292f2eb4c04e5341acffaa74c800c e334f91c535aaf02404d898952cd93300daa9c6527790f6b0289885d09de4af3 | hxxp://ravigel[.]com/tvs1.dat | 47.74.189[.]69 | eaaed139138504fcac268c50a1bdc9d6b0f2715c794d68c47172fdac3bb7fdc2 | https://www.virustotal.com/#/file/eaaed139138504fcac268c50a1bdc9d6b0f2715c794d68c47172fdac3bb7fdc2/detection https://www.hybrid-analysis.com/sample/eaaed139138504fcac268c50a1bdc9d6b0f2715c794d68c47172fdac3bb7fdc2/5b4dcd4c7ca3e165f009a2f4 | https://bomccss.hatenablog.jp/entry/2018/07/19/024815 https://www.jc3.or.jp/topics/virusmail.html | |
83 | 2018/07/18 | のご注文ありがとうございます ダイレクトメール発注 | 不明 | 添付 | 2018_※_注文.zip ※:任意の数字列 | https://www.virustotal.com/#/file/f4ccdf38e3d8a735854f22719a67ddda8b3c39daf908d969d5dbb47ab7f58cd5/details ▼18.07.2018_00003994-33.vbs https://www.virustotal.com/#/file/add4b9ee57870da12862a3110600f08522169b0c5b9ffd4e3b496a1ce148688a/detection https://www.hybrid-analysis.com/sample/add4b9ee57870da12862a3110600f08522169b0c5b9ffd4e3b496a1ce148688a?environmentId=100 ▼18.07.2018_00003994.PDF https://www.virustotal.com/#/file/c7c2ab915b0ea3e081d19cecaf7bf6bfeed408c1aa7b3a4eb9d6e4e9cffa0647/detection https://www.hybrid-analysis.com/sample/c7c2ab915b0ea3e081d19cecaf7bf6bfeed408c1aa7b3a4eb9d6e4e9cffa0647?environmentId=100 | 427dac26d5478b29b110a167cde02a92 20c9a52088bc5063eb0f40cae6643c47 486679a37d967ba06e04f5b05431cb83 | f4ccdf38e3d8a735854f22719a67ddda8b3c39daf908d969d5dbb47ab7f58cd5 add4b9ee57870da12862a3110600f08522169b0c5b9ffd4e3b496a1ce148688a c7c2ab915b0ea3e081d19cecaf7bf6bfeed408c1aa7b3a4eb9d6e4e9cffa0647 | hxxp://ravigel[.]com/1cr.dat | 47.74.189[.]69 | 不明 | 不明 | https://www.jc3.or.jp/topics/virusmail.html | |
84 | 2018/07/18 | 7月 Fw: 資料 ご確認ください 上記書類を送付します。 表題の資料を送付いたします。 再送 申込書類の送付 資料添付します。 | 不明 | 添付 | ※_書類.zip ※:任意の数字列 | https://www.virustotal.com/#/file/2c8ae3926d7e360db377af091df803c18219921b5dd99a92da90a7bf8b61f8d2/detection ▼20180718_2.vbs https://www.virustotal.com/#/file/a270898758261e81d998bc42d0c87873f8a5d75cc1dae026edb30ecb0573f079/detection https://www.hybrid-analysis.com/sample/a270898758261e81d998bc42d0c87873f8a5d75cc1dae026edb30ecb0573f079?environmentId=100 ▼scan00007.pdf.bin https://www.virustotal.com/#/file/2b1aeb03f76153befdc5b4929e0ae77e07d71ee8d5b7bda6c64d891b900dcf03/detection https://www.hybrid-analysis.com/sample/2b1aeb03f76153befdc5b4929e0ae77e07d71ee8d5b7bda6c64d891b900dcf03?environmentId=100 | 0efcefb682d1bb39a8145692074e25a2 | 2c8ae3926d7e360db377af091df803c18219921b5dd99a92da90a7bf8b61f8d2 | hxxp://ravigel[.]com/1cr.dat | 47.74.189[.]69 | 06e233ee5db6bfdcf04b746436b84276c191f8fcb334c4550d5a67aacae94732 | https://www.virustotal.com/#/file/06e233ee5db6bfdcf04b746436b84276c191f8fcb334c4550d5a67aacae94732/detection | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/07/19/024221 | |
85 | 2018/07/18 | カード利用のお知らせ | 楽天カード株式会社 <info@mail.rakuten-card.co.jp> | pl.declarationvideo[.]com 紐づくIPは全て下記IPアドレス 185.14.31[.]229 | もっと詳しくの情報はこちら.pdf.js | https://www.virustotal.com/#/file/5b1664343ce74627b328e328011b572402325e8f40e06ea7f3e0fa313d75fbe0/detection https://www.hybrid-analysis.com/sample/5b1664343ce74627b328e328011b572402325e8f40e06ea7f3e0fa313d75fbe0/5b4ed7247ca3e1774520bb05 | fe50622e8d2ceaaef50bc998ed143be5 | 5b1664343ce74627b328e328011b572402325e8f40e06ea7f3e0fa313d75fbe0 | hxxp://cr.allweis[.]com/0.bin | 185.14.31[.]229 | 19364a84a5749747772af4239b5661d192ea11342e479ccd5e7086081e458745 | https://www.hybrid-analysis.com/sample/19364a84a5749747772af4239b5661d192ea11342e479ccd5e7086081e458745/5b4ed8657ca3e17d395cc73d | https://www.cc.uec.ac.jp/blogs/news/2018/07/20180705rakutencardmalware.html https://bomccss.hatenablog.jp/entry/2018/07/19/023410 | |
86 | 2018/07/17 | 7月 Fw: 資料 ご確認ください 上記書類を送付します。 表題の資料を送付いたします。 再送 申込書類の送付 資料添付します。 | 不明 | 添付 | ※_書類.zip ※:任意の数字列 | https://www.virustotal.com/#/file/f2bcc8995a036e778a0c196513ac8aba0c00c97ed2f57446a5d86465c4226083/detection https://www.hybrid-analysis.com/sample/f2bcc8995a036e778a0c196513ac8aba0c00c97ed2f57446a5d86465c4226083?environmentId=100 | 2f0e8d04619d3b2f20bc12a1ed7553ad | f2bcc8995a036e778a0c196513ac8aba0c00c97ed2f57446a5d86465c4226083 | hxxp://ravigel[.]com/less[.]dat hxxp://ravigel[.]com/fdds[.]bin | 47.74.189[.]69 | 06e233ee5db6bfdcf04b746436b84276c191f8fcb334c4550d5a67aacae94732 | https://www.virustotal.com/#/file/06e233ee5db6bfdcf04b746436b84276c191f8fcb334c4550d5a67aacae94732/detection | https://www.jc3.or.jp/topics/virusmail.html | |
87 | 2018/07/10 | 書類について 写真 写真送ります。 現場写真 見積書再送付致します 【至急】対応お願い致します 【その2】 | 不明 | 添付 | IMG_(※).zip ※:任意のユーザー名 | https://www.virustotal.com/#/file/4165270459a38ca8da6ab6ff7c7b1ecf29c13f6b602788738b8da2f0119ae56d/detection https://www.hybrid-analysis.com/sample/4165270459a38ca8da6ab6ff7c7b1ecf29c13f6b602788738b8da2f0119ae56d/5b446aec7ca3e131097bdf29 | 28c15d36e724b7c375fb52b10fd68942 | 4165270459a38ca8da6ab6ff7c7b1ecf29c13f6b602788738b8da2f0119ae56d | hxxp://giarie[.]com/sc2.dat hxxp://giarie[.]com/no.bin | 92.53.66[.]244 | 81d016e80fddb754b20702be0218c8351cb040e0d3a108a1d972a68c86de4ce9 cb173cf63219e4697e8a72929692d3cf629d9d15a9702724f7ffa8f19d03c31e | https://www.virustotal.com/#/file/81d016e80fddb754b20702be0218c8351cb040e0d3a108a1d972a68c86de4ce9/detection https://www.hybrid-analysis.com/sample/81d016e80fddb754b20702be0218c8351cb040e0d3a108a1d972a68c86de4ce9?environmentId=100 https://www.virustotal.com/#/file/cb173cf63219e4697e8a72929692d3cf629d9d15a9702724f7ffa8f19d03c31e/detection | https://bomccss.hatenablog.jp/entry/2018/07/10/211643 https://www.jc3.or.jp/topics/virusmail.html | |
88 | 2018/07/05 | 【楽天市場】注文内容ご確認(自動配信メール) | 楽天市場 <order@rakuten.co.jp> | 多数あり fj.therealityofyourgreatness[.]com 紐づくIPは全て下記IPアドレス 195.123.238[.]14 | もっと詳しくの情報はこちら.pdf.js | https://www.virustotal.com/#/file/48e97bd1819ba5562b297532608b6b3ae5bff2b2d7d3ec47a0221f3f5c55f58b/details https://www.hybrid-analysis.com/sample/48e97bd1819ba5562b297532608b6b3ae5bff2b2d7d3ec47a0221f3f5c55f58b?environmentId=100 | 872d618e313a5470d1da327d187f7da0 | 48e97bd1819ba5562b297532608b6b3ae5bff2b2d7d3ec47a0221f3f5c55f58b | hxxp://gq.takeitalyhome[.]com/032901[.]bin | 195.123.238[.]14 | a93182cdcde8030cac64378da0406c7f628486ec1cf41b6e49cf5a551c0ab837 | https://www.virustotal.com/#/file/a93182cdcde8030cac64378da0406c7f628486ec1cf41b6e49cf5a551c0ab837/detection https://www.hybrid-analysis.com/sample/a93182cdcde8030cac64378da0406c7f628486ec1cf41b6e49cf5a551c0ab837?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://www.cc.uec.ac.jp/blogs/news/2018/07/20180705rakutenmalware.html https://www.inoreader.com/article/3a9c6e7e5a43266d-2018075 | |
89 | 2018/07/04 | 【楽天カード】カードご請求金額のご案内 【速報版】カード利用のお知らせ(本人ご利用分) | 楽天カード株式会社 <info@mail.rakuten-card.co.jp> | 多数あり vi.dustyesky[.]com 紐づくIPは全て下記IPアドレス 195.123.238[.]14 | もっと詳しくの情報はこちら.PDF.js | https://www.virustotal.com/#/file/c94a4bc939685c10181aa25d548bd4aa93866d9ea6640ca6aa8b8f812bd1d62b/details https://www.hybrid-analysis.com/sample/c94a4bc939685c10181aa25d548bd4aa93866d9ea6640ca6aa8b8f812bd1d62b?environmentId=100 | ee558a26912166ad277eb50c1b7e4910 | c94a4bc939685c10181aa25d548bd4aa93866d9ea6640ca6aa8b8f812bd1d62b | hxxp://gq.takeitalyhome[.]com/032901[.]bin | 195.123.238[.]14 | a93182cdcde8030cac64378da0406c7f628486ec1cf41b6e49cf5a551c0ab837 | https://www.virustotal.com/#/file/a93182cdcde8030cac64378da0406c7f628486ec1cf41b6e49cf5a551c0ab837/detection https://www.hybrid-analysis.com/sample/a93182cdcde8030cac64378da0406c7f628486ec1cf41b6e49cf5a551c0ab837?environmentId=100 | https://www.cc.uec.ac.jp/blogs/news/2018/07/20180704.html https://www.jc3.or.jp/topics/virusmail.html https://www.inoreader.com/article/3a9c6e7e5a37a360-20180704 | |
90 | 2018/0703 | 写真送付の件 写真添付 | 不明 | 添付 | 2018.(※).写真.xls ※:任意のユーザー名 | https://www.virustotal.com/#/file/213cadcebaef97e5ef8d96d14f4d6a96bfc59f1273e100c7e86907cff81154c8/detection https://www.hybrid-analysis.com/sample/213cadcebaef97e5ef8d96d14f4d6a96bfc59f1273e100c7e86907cff81154c8?environmentId=100 | d0d62175f698bbc7e8e6a52b83c6132c | 213cadcebaef97e5ef8d96d14f4d6a96bfc59f1273e100c7e86907cff81154c8 | hxxp://cebtedota[.]com/03062018 | 95.179.138[.]241 161.117.9[.]13 46.21.248[.]199 | 2a3d33977c61cb3a40bcee22e804e602651a09911398a56765220e27aacdbc78 | https://www.virustotal.com/#/file/2a3d33977c61cb3a40bcee22e804e602651a09911398a56765220e27aacdbc78/detection https://www.hybrid-analysis.com/search?query=2a3d33977c61cb3a40bcee22e804e602651a09911398a56765220e27aacdbc78 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/07/27/095523 | |
91 | 2018/07/03 | イメージ送付 | 不明 | 添付 | IMG_※-※-A4.xls ※:任意の数字列 | https://www.virustotal.com/#/file/a2da8194ed5f8e0a2786a597b63b59231f506e91c77599d7cbc0d10d89d9db07/detection https://www.hybrid-analysis.com/sample/a2da8194ed5f8e0a2786a597b63b59231f506e91c77599d7cbc0d10d89d9db07/5b3b1c627ca3e14c580a5735 | 5ca205a335f71c0341a033f9be9aa1b1 | a2da8194ed5f8e0a2786a597b63b59231f506e91c77599d7cbc0d10d89d9db07 | hxxp://cebtedota[.]com/03062018 | 95.179.138[.]241 161.117.9[.]13 46.21.248[.]199 | 2a3d33977c61cb3a40bcee22e804e602651a09911398a56765220e27aacdbc78 | https://www.virustotal.com/#/file/2a3d33977c61cb3a40bcee22e804e602651a09911398a56765220e27aacdbc78/detection https://www.hybrid-analysis.com/search?query=2a3d33977c61cb3a40bcee22e804e602651a09911398a56765220e27aacdbc78 | https://www.jc3.or.jp/topics/virusmail.html https://twitter.com/bomccss/status/1014050975152128000 | |
92 | 2018/07/02 | 7月度発注書送付 注文書をお送りいたします invoice/証明書 | 不明 | 添付 | 注文書_(※).xls ※:任意の数字列 | https://www.virustotal.com/#/file/2459267409143a7723b6e0fea34ef8f4b4bc510ee37e48f422f3324d696aca18/detection https://www.hybrid-analysis.com/sample/2459267409143a7723b6e0fea34ef8f4b4bc510ee37e48f422f3324d696aca18/5b3969f57ca3e17ab96aedc4 | ba363a2829817240b59ef316c72a00b1 | 2459267409143a7723b6e0fea34ef8f4b4bc510ee37e48f422f3324d696aca18 | hxxp://cebtedota[.]com/csshead | 46.21.248[.]199 | 7c13b9ab1ce7fdeeb8fbb235ed593e4affdedf317a6b7eac06ca3a64ab62daba | https://www.virustotal.com/#/file/7c13b9ab1ce7fdeeb8fbb235ed593e4affdedf317a6b7eac06ca3a64ab62daba/detection https://www.hybrid-analysis.com/sample/7c13b9ab1ce7fdeeb8fbb235ed593e4affdedf317a6b7eac06ca3a64ab62daba/5b3954bc7ca3e1309c1bf888 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/07/27/094912 | |
93 | 2018/06/29 | 【速報版】カード利用のお知らせ(本人ご利用分) | 楽天カード株式会社 <info@mail.rakuten-card.co.jp> | 多数あり np.mylittlecleaver[.]com 紐づくIPは全て下記IPアドレス 45.125.65[.]69 | 楽天銀行の重要な情報.pdf.js | https://www.virustotal.com/#/file/d02c2f068b1e34a99fa31a66dd490c8025de1378470632af9c23853e66beb99f/detection https://www.hybrid-analysis.com/sample/d02c2f068b1e34a99fa31a66dd490c8025de1378470632af9c23853e66beb99f?environmentId=100 | d84076dcbff29804ddda7b1805b85184 | d02c2f068b1e34a99fa31a66dd490c8025de1378470632af9c23853e66beb99f | hxxps://fj.gueyprotein[.]com/200.bin | 45.125.65[.]69 | 8ad7ac0ffd6f3daeaefcda542a0cea93bf30f2855135965324b151a2c1a794ed | https://www.virustotal.com/#/file/8ad7ac0ffd6f3daeaefcda542a0cea93bf30f2855135965324b151a2c1a794ed/detection https://www.hybrid-analysis.com/sample/8ad7ac0ffd6f3daeaefcda542a0cea93bf30f2855135965324b151a2c1a794ed/5b35dc3b7ca3e1709d6fe03b | https://www.cc.uec.ac.jp/blogs/news/2018/06/20180629.html https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/07/27/094430 | |
94 | 2018/06/28 | ・写真 ・写真送付の件 ・写真添付 ・スナップ写真 ・添付写真あり ・写真送ります。 | 不明 | 添付 | ・(※)_写真①.xls ・(※)_(※)_写真①.xls ・_(※)_写真①.xls ・(※).xls ・(※)_写真.zip ※:任意の数字列 | https://www.virustotal.com/#/file/c152aa123ce01f9a01d21cd8074242c950d5c248c7a33b03c8557cf2246555a6/detection https://www.hybrid-analysis.com/sample/c152aa123ce01f9a01d21cd8074242c950d5c248c7a33b03c8557cf2246555a6?environmentId=100 https://www.hybrid-analysis.com/sample/333ce82ca7591c39a27be2ec07ea3e213e7876ee968d7d736733566883a160bc?environmentId=120 https://www.hybrid-analysis.com/sample/9413e035932981e809435205528fae36cbbfed87b5defc1731817aa0530e2247?environmentId=120 https://www.hybrid-analysis.com/sample/d013920c700e10b5bb87272d508a70a83fb3cabad005c6bce5e6ecbb3511cdef?environmentId=120 https://www.virustotal.com/#/file/c52d97af8390d6c1699928372aaa77862bffbcdad9ea6260b109801ba06f376f/details https://www.virustotal.com/#/file/00142dc3bb270d637e3d9c0316ef72bfc068c633833a773f1288a46aab0e8845/detection | 79adb26e77f97fb033433a265b5c842b f5139cdecc953a48dfe8a56b1d5274c1 2d9e42a61ed84ac5621dead7798042f3 7761daa3c88c20248de86727290dc7d6 4b3a7c7cf853208bfb24fa810c1d2563 | c152aa123ce01f9a01d21cd8074242c950d5c248c7a33b03c8557cf2246555a6 333ce82ca7591c39a27be2ec07ea3e213e7876ee968d7d736733566883a160bc 9413e035932981e809435205528fae36cbbfed87b5defc1731817aa0530e2247 d013920c700e10b5bb87272d508a70a83fb3cabad005c6bce5e6ecbb3511cdef c52d97af8390d6c1699928372aaa77862bffbcdad9ea6260b109801ba06f376f 00142dc3bb270d637e3d9c0316ef72bfc068c633833a773f1288a46aab0e8845 | hxxp://monde[.]at/realst | 47.74.148[.]105 47.74.145[.]66 | 8df2efce13a873cfde5a424b0d1c9bdc21056840644d8ee53fb843bfc6a9995e | https://www.virustotal.com/#/file/8df2efce13a873cfde5a424b0d1c9bdc21056840644d8ee53fb843bfc6a9995e/detection https://www.hybrid-analysis.com/sample/8df2efce13a873cfde5a424b0d1c9bdc21056840644d8ee53fb843bfc6a9995e?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/07/27/093836 | |
95 | 2018/06/26 | 【楽天カード】カードご請求金額のご案内 | 楽天カード株式会社 <info@mail.rakuten-card.co.jp> | 多数あり gy.nuecesbend[.]com 紐づくIPは全て下記IPアドレス 198.98.48[.]158 | もっと詳しくの情報はこちら.pdf.js | https://www.virustotal.com/#/file/3f057cd1cc91d243859526d4bf78270ed89ec54655e56d8d65bd4030db00a6b1/detection https://www.hybrid-analysis.com/sample/3f057cd1cc91d243859526d4bf78270ed89ec54655e56d8d65bd4030db00a6b1?environmentId=100 | 6776bf65314dbc70fb65bd1be70f8008 | 3f057cd1cc91d243859526d4bf78270ed89ec54655e56d8d65bd4030db00a6b1 | hxxps://gy.nuecesbend[.]com/0.bin | 198.98.48.158 | 41f89827217f8749bbd170fdebe998922f40ccf43225baef9395db8a70d056c4 | https://www.virustotal.com/#/file/41f89827217f8749bbd170fdebe998922f40ccf43225baef9395db8a70d056c4/detection https://www.hybrid-analysis.com/search?query=41f89827217f8749bbd170fdebe998922f40ccf43225baef9395db8a70d056c4 | https://www.cc.uec.ac.jp/blogs/news/2018/06/20180626.html https://bomccss.hatenablog.jp/entry/2018/07/27/093422 | |
96 | 2018/06/26 | ・注文書の送付(2018.06.26) ・注文書よろしくお願いします。 | 不明 | 添付 | (※).注文書(2018.06.26).xls ※:任意の数字列 | https://www.virustotal.com/#/file/12259d8b5c59d3268a2a105832bdf2e573c29ce7f089296113a99ef02cf66962/detection https://www.hybrid-analysis.com/sample/12259d8b5c59d3268a2a105832bdf2e573c29ce7f089296113a99ef02cf66962?environmentId=100 https://www.hybrid-analysis.com/sample/61a35081cf789d8fb750b7312a54d4b9137ee498b572be951b3d1a80d46cf3a3?environmentId=100 | 999c161893640a5f4175aa2fa06f2683 | 12259d8b5c59d3268a2a105832bdf2e573c29ce7f089296113a99ef02cf66962 | hxxp://gobertonis[.]com/note | 47.74.148[.]105 | 2cb254b33a9af6a024fcfa1da7365ee12c08f814163bece0d322895ecba7ba02 | https://www.virustotal.com/#/file/2cb254b33a9af6a024fcfa1da7365ee12c08f814163bece0d322895ecba7ba02/detection https://www.hybrid-analysis.com/sample/2cb254b33a9af6a024fcfa1da7365ee12c08f814163bece0d322895ecba7ba02?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/07/27/092101 | |
97 | 2018/06/25 | 【振込み確認書】18.06.14 | 不明 | 添付 | [DIGIT[1]}_【振込み確認書】18.06.14.xls | https://www.virustotal.com/#/file/a67ec026bfab756d4a8ae7eb6441c37db2075f5ccba4fbc54020e8551a28f8fb/details https://www.hybrid-analysis.com/sample/a67ec026bfab756d4a8ae7eb6441c37db2075f5ccba4fbc54020e8551a28f8fb?environmentId=100 | 54e012c297dd96ce698b7059f145520c | a67ec026bfab756d4a8ae7eb6441c37db2075f5ccba4fbc54020e8551a28f8fb | hxxp://gobertonis[.]com/photo | 47.74.148[.]105 | b2b1370ede349d538770309749f7197cdf0983b90bfb1aaf5e9483bfda7c5361 | https://www.virustotal.com/#/file/b2b1370ede349d538770309749f7197cdf0983b90bfb1aaf5e9483bfda7c5361/detection https://www.hybrid-analysis.com/sample/b2b1370ede349d538770309749f7197cdf0983b90bfb1aaf5e9483bfda7c5361?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html | |
98 | 2018/06/25 | ・メールに添付された請求書デー ・2018.6月分請求データ送付の件 ・6月度発注書送付 ・ご請求書を添付致しておりますので ・添付ファイルをご確認下さい。 | 不明 | 添付 | (※)_6月.xls ※:任意の数字列 | https://www.virustotal.com/#/file/78857f96c2216323344b2790391fe3207b137bcfe75ac795242cd515bddc13c8/detection https://www.hybrid-analysis.com/search?query=78857f96c2216323344b2790391fe3207b137bcfe75ac795242cd515bddc13c8 | 3bf6402f2bbf5c838913e80bb6dda532 | 78857f96c2216323344b2790391fe3207b137bcfe75ac795242cd515bddc13c8 | hxxp://gobertonis[.]com/photo | 47.74.148[.]105 | b2b1370ede349d538770309749f7197cdf0983b90bfb1aaf5e9483bfda7c5361 | https://www.virustotal.com/#/file/b2b1370ede349d538770309749f7197cdf0983b90bfb1aaf5e9483bfda7c5361/detection https://www.hybrid-analysis.com/sample/b2b1370ede349d538770309749f7197cdf0983b90bfb1aaf5e9483bfda7c5361?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/06/26/004218 | |
99 | 2018/06/14 | 【振込み確認書】18.06.14 | 不明 | 添付 | 【振込み確認書】18.06.14.xls | https://www.virustotal.com/#/file/b3612640b7f18c1fe0eb9f64ab82e27064aa4bdc76c629710c5cf8369fc75e06/detection https://www.hybrid-analysis.com/sample/b3612640b7f18c1fe0eb9f64ab82e27064aa4bdc76c629710c5cf8369fc75e06?environmentId=100 | 90aa0a85bc208286d3df4232bb7d784c | b3612640b7f18c1fe0eb9f64ab82e27064aa4bdc76c629710c5cf8369fc75e06 | hxxp://zeraum[.]com/mailout | 78.155.199[.]97 | 60bd3a3642cbd5025e150f48688f11702a92d9c16ff254c4d0e8f57fc4621cc7 | https://www.virustotal.com/#/file/60bd3a3642cbd5025e150f48688f11702a92d9c16ff254c4d0e8f57fc4621cc7/detection https://www.hybrid-analysis.com/sample/60bd3a3642cbd5025e150f48688f11702a92d9c16ff254c4d0e8f57fc4621cc7?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/06/26/003812 | |
100 | 2018/06/14 | (※)6月請求データ (※)6月度発注書送付 (※)2018.6月分請求データ送付の件 (※){Re: ,Re: Re: , ,Fwd: ,Fwd: Re:, .}のいずれか | 不明 | 添付 | (※).請求・支払データ.xls ※:任意の数字列 | https://www.virustotal.com/#/file/6aa670bd806c6c690e900931da4f3ff78efc967a058a939fc75bb866ccfc21a9/detection https://www.hybrid-analysis.com/sample/6aa670bd806c6c690e900931da4f3ff78efc967a058a939fc75bb866ccfc21a9?environmentId=100 https://www.virustotal.com/#/file/4a98b8cccf0d772df81587ed3076b094cad9a7b6d8c956b0019b56311b22574b/detection | acac6fa70567bcce801f07769b8da017 d03266913e72922117dbfef63b0b0292 | 6aa670bd806c6c690e900931da4f3ff78efc967a058a939fc75bb866ccfc21a9 4a98b8cccf0d772df81587ed3076b094cad9a7b6d8c956b0019b56311b22574b | hxxp://zeraum[.]com/mailout | 78.155.199[.]97 | 60bd3a3642cbd5025e150f48688f11702a92d9c16ff254c4d0e8f57fc4621cc7 | https://www.virustotal.com/#/file/60bd3a3642cbd5025e150f48688f11702a92d9c16ff254c4d0e8f57fc4621cc7/detection https://www.hybrid-analysis.com/sample/60bd3a3642cbd5025e150f48688f11702a92d9c16ff254c4d0e8f57fc4621cc7?environmentId=100 | https://www.jc3.or.jp/topics/virusmail.html https://bomccss.hatenablog.jp/entry/2018/06/26/004107 | |