不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2023/04/06
※2023/04/06 更新
マルウェア感染させると考えられるURLを検知(2023/04/06)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://77[.]91[.]124[.]242/games/category/Plugins/clip64[.]dll | Amadey |
| URL | hxxp://198[.]12[.]123[.]17:2402/Vre | Vjw0rm |
| URL | hxxp://respekt5569[.]com/downloads/toolspub1[.]exe | SmokeLoader |
| URL | hxxp://77[.]91[.]124[.]242/DSC01491/fotocr14[.]exe hxxp://77[.]91[.]124[.]242/DSC01491/foto0145[.]exe hxxp://193[.]233[.]20[.]29/DSC01491/fotocr14[.]exe |
RedLine Stealer |
| URL | hxxp://62[.]109[.]8[.]21/Vmline_lowLongpoll[.]php hxxp://51[.]161[.]64[.]200/Dle7Wp/ProtonUniversalUpdate/tracklowApi/2to/PythonTrafficDump/08/external/8/LowRequestDumpUploads/Geo2/4Pollgeo2/authtesttemporary[.]php hxxp://92[.]63[.]104[.]240/generator/program/mobilecoredemo/Prefantiplugin/demohtopPref/htopcore/messageCamPython/htop/poolWar/Pythonbinbootprogram/CampoolAutosystem/external_Securepacket[.]php |
DCRat |
| URL | hxxp://103[.]175[.]16[.]13/inst5[.]exe hxxp://103[.]175[.]16[.]13/inst1[.]exe |
BumbleBee |
| URL | hxxp://45[.]12[.]253[.]77:8889/is-ready | WSHRAT |
| URL | hxxps://graficalevi[.]com[.]br/0p6P/ hxxps://propertynear[.]co[.]uk/QyYWyp/ hxxps://agtendelperu[.]com/FPu0Fa/ hxxps://chimpcity[.]com/h7e/ hxxps://capitalperurrhh[.]com/vQ1iQg/ hxxps://centerkick[.]com/IC5EQ8/ hxxp://rosewoodlaminates[.]com/hea/ hxxps://kmphi[.]com/FWovmB/ hxxps://theshirtsummit[.]com/MwBGSm/ hxxps://qldheritage[.]com[.]au/iau/iau[.]php hxxps://smartzoneapp[.]com/easx/easx[.]php hxxps://toptruckparts[.]com[.]au/se/se[.]php hxxps://twaabat[.]com/met/met[.]php hxxps://performpracticesolutions[.]com/ode/ode[.]php hxxps://prolocosviluppagropoli[.]it/ui/ui[.]php hxxps://rclfirst[.]com/te/te[.]php hxxps://rotaryclubprilep[.]org[.]mk/tsei/tsei[.]php hxxps://storepalcos[.]com/iise/iise[.]php hxxps://rahamahdata[.]com[.]ng/qda/qda[.]php hxxps://nidanhospital[.]com/lolu/lolu[.]php hxxps://sillonblue[.]net/tetv/tetv[.]php hxxps://utilitytopup[.]com/utqr/utqr[.]php hxxps://phavevtunet[.]com/uque/uque[.]php hxxps://turkbilisim[.]org/elip/elip[.]php hxxps://trasportisodano[.]it/pee/pee[.]php hxxps://uqaabish[.]com/ree/ree[.]php hxxps://oam[.]org[.]mz/et/et[.]php hxxps://sarsturismo[.]com[.]ar/ca/ca[.]php hxxps://zaiudoitech[.]com[.]ng/oe/oe[.]php hxxps://solarcash[.]net/too/too[.]php hxxps://teezah[.]com[.]ng/lr/lr[.]php hxxps://xparkstore[.]com/do/do[.]php hxxps://yuniqtelecoms[.]com/lmie/lmie[.]php hxxps://pabletelecom[.]com/si/si[.]php hxxps://ticketdata[.]com[.]ng/cml/cml[.]php hxxps://thekingofpersia[.]com/em/em[.]php hxxps://tunstelecom[.]com/rii/rii[.]php hxxps://tupoint[.]com/ssun/ssun[.]php hxxps://zakirpansar[.]com/evl/evl[.]php hxxps://sajadhawari[.]com[.]np/unie/unie[.]php hxxps://zenithfinanceinvestment[.]com/re/re[.]php hxxps://pradeeptours[.]com/ie/ie[.]php hxxps://sama-beauty[.]com/iie/iie[.]php hxxps://shoparenaconnect[.]com/miep/miep[.]php hxxps://viralwg[.]com/rlp/rlp[.]php hxxps://massimomagni[.]com/niai/niai[.]php hxxps://naochicleaningservices[.]co[.]uk/fri/fri[.]php hxxps://applykro[.]com/ip/ip[.]php hxxps://business-magazin[.]org/iam/iam[.]php hxxps://blazegist[.]com/deqo/deqo[.]php hxxps://insuranceconne3ct[.]com/cqom/cqom[.]php hxxps://albasheerenterprises[.]com/letq/letq[.]php hxxps://icondude[.]com/itt/itt[.]php hxxps://albabfinancial[.]com[.]ng/tme/tme[.]php hxxps://jettdrive[.]delivery/enss/enss[.]php hxxps://andandoenluz[.]com/tuse/tuse[.]php hxxps://keerthispices[.]com[.]au/em/em[.]php hxxps://helpcommunity[.]net/tcdm/tcdm[.]php hxxps://dataislife[.]com[.]ng/sdl/sdl[.]php hxxps://globalmuonline[.]com[.]br/lio/lio[.]php hxxps://adeshgroup[.]com[.]ng/lap/lap[.]php hxxps://digiedots[.]com/nrm/nrm[.]php hxxps://gofigure2[.]org/pei/pei[.]php hxxps://archilabrimini[.]com/rmpb/rmpb[.]php hxxps://airaidtravels[.]com/xs/xs[.]php hxxps://arhconsultores[.]com/siue/siue[.]php hxxps://ezfixapp[.]com/tfa/tfa[.]php hxxps://laotrafm[.]com/see/see[.]php hxxps://cheerfulenterprise[.]com[.]ng/eott/eott[.]php hxxps://gladtidings[.]com[.]ng/aole/aole[.]php hxxps://concept-grp[.]com/mga/mga[.]php hxxps://jajoosurgical[.]com/erpa/erpa[.]php hxxps://carservice-kuw[.]com/is/is[.]php hxxps://mups-journal[.]com/rm/rm[.]php hxxps://kansaite[.]com/ain/ain[.]php hxxps://amnakhanfitness[.]com/eet/eet[.]php hxxps://biasharasolutions[.]com/peu/peu[.]php hxxps://flexolabel[.]net/raa/raa[.]php hxxps://grassrootssportsstarcic[.]org/tlv/tlv[.]php hxxps://laraibserver[.]com/tci/tci[.]php hxxps://imrgroup[.]com[.]my/iadl/iadl[.]php hxxps://adelaidetooling[.]com[.]au/uqa/uqa[.]php hxxps://mirhab[.]com[.]ng/es/es[.]php hxxps://lowplug[.]com/gn/gn[.]php hxxps://jraydata[.]com/fp/fp[.]php hxxps://iglesiacvc[.]org/to/to[.]php hxxps://fafotech[.]com/etet/etet[.]php hxxps://makeduconsult[.]com/daut/daut[.]php hxxps://naijabillsplug[.]com/evl/evl[.]php hxxps://acpak[.]com[.]pk/lob/lob[.]php hxxps://actionhomerehab[.]com[.]au/ot/ot[.]php hxxp://cabletv-offer[.]com/ool/ool[.]php hxxp://tsngrouptz[.]com/lua/lua[.]php hxxp://corevisionapps[.]com/oi/oi[.]php hxxps://abdallasub[.]com[.]ng/qmui/qmui[.]php hxxp://chembitumen[.]com/la/la[.]php hxxp://5ginternetprovider[.]com/sn/sn[.]php hxxp://sarswatisansthan[.]com/oq/oq[.]php hxxp://tvcable[.]org/eolo/eolo[.]php hxxp://solom[.]net/eot/eot[.]php hxxp://commediaacademy[.]com/uuq/uuq[.]php hxxp://actusdegeek[.]com/tsa/tsa[.]php hxxp://quinlanattorneys[.]com/rr/rr[.]php hxxp://smsbuzzbd[.]com/ca/ca[.]php hxxp://goldeneagleaa[.]com/tu/tu[.]php hxxps://baladnahalal[.]com/mmpp/mmpp[.]php hxxps://pedagogianaempresa[.]com[.]br/mu/mu[.]php hxxps://sosvakfi[.]org/qol/qol[.]php hxxps://sesbarkod[.]com/uc/uc[.]php hxxps://valueworx[.]com/rm/rm[.]php hxxps://yohannacolumnainvestments[.]com/esq/esq[.]php hxxps://robertomarino-architetto[.]it/doan/doan[.]php hxxps://wheelchairtransfers[.]it/oi/oi[.]php hxxps://sterlingdata[.]com[.]ng/it/it[.]php hxxps://opencartturkey[.]com/atse/atse[.]php hxxps://pppl[.]com[.]bd/rvei/rvei[.]php hxxps://smarklab[.]com[.]ar/oiim/oiim[.]php hxxps://proppart[.]com/uaip/uaip[.]php hxxps://pilanengenharia[.]com[.]br/stoe/stoe[.]php hxxps://phagros[.]com/dim/dim[.]php hxxps://zeal-boxing[.]com/lp/lp[.]php hxxps://seamsimpossible[.]com[.]au/sdsi/sdsi[.]php hxxps://uncommondata[.]com[.]ng/noid/noid[.]php hxxp://thephenol[.]com/ost/ost[.]php hxxps://pcmaker[.]com[.]ar/nia/nia[.]php hxxps://shinseiindia[.]com/uni/uni[.]php hxxps://patrick-heindl[.]com/mm/mm[.]php hxxps://ozdata[.]com[.]ng/odom/odom[.]php hxxps://rightpathacademy[.]com[.]ng/sedt/sedt[.]php hxxps://texcoconnect[.]com[.]ng/scru/scru[.]php hxxps://tvakira[.]com/aa/aa[.]php hxxps://prohouseconcepts[.]com/dga/dga[.]php hxxps://piyanuchsingha[.]com/teut/teut[.]php hxxps://viralebu[.]com/rae/rae[.]php hxxps://uniqueenterprise[.]com[.]ng/iqau/iqau[.]php hxxps://thealphajacket[.]com/ia/ia[.]php hxxps://xoparelojes[.]com/iad/iad[.]php hxxps://paulididataservice[.]com[.]ng/aa/aa[.]php hxxps://valampurihotel[.]com/te/te[.]php hxxp://wishposh[.]net/bn/bn[.]php hxxps://weblancebd[.]com/ult/ult[.]php hxxps://tripplevtelecom[.]com/uaq/uaq[.]php hxxps://skilsol[.]com/sei/sei[.]php hxxps://pdstore[.]com[.]ng/or/or[.]php hxxps://shedexstore[.]com/etu/etu[.]php hxxps://spikemobile[.]com[.]ng/sav/sav[.]php hxxp://veggyscambodia[.]com/nue/nue[.]php hxxp://techronenergy[.]com/cuat/cuat[.]php hxxp://tecnidigitalvzla[.]com/eimo/eimo[.]php hxxps://injazco[.]com/iat/iat[.]php hxxps://muffinarts[.]com/uotu/uotu[.]php hxxps://bsgenx[.]com/temt/temt[.]php hxxps://dawah-m[.]org[.]sa/dt/dt[.]php hxxps://flexsubs[.]com[.]ng/ut/ut[.]php hxxps://endoberg[.]com/eiqu/eiqu[.]php hxxps://estidameh[.]com/uno/uno[.]php hxxps://dataking[.]com[.]ng/sts/sts[.]php hxxps://icialsace[.]fr/idn/idn[.]php hxxps://drjoaquimneves[.]com[.]br/queu/queu[.]php hxxps://caritascatanduva[.]org[.]br/ga/ga[.]php hxxps://cadaps[.]com[.]au/ut/ut[.]php hxxps://lakebrillac[.]co[.]uk/ceui/ceui[.]php hxxps://autoeletricaajax[.]com[.]br/qn/qn[.]php hxxp://gurtek[.]com[.]tr/exi/exi[.]php hxxp://insimetsas[.]com/rl/rl[.]php hxxps://jukuntv[.]org/eqau/eqau[.]php hxxps://actualidadesneuro[.]com/ql/ql[.]php hxxps://hawaiivtmaps[.]com/tlve/tlve[.]php hxxps://cytopharma-cdmo[.]com/or/or[.]php hxxps://hasa[.]org[.]af/nu/nu[.]php hxxps://irisysventures[.]com/scid/scid[.]php hxxps://howtechblogging[.]com/ete/ete[.]php hxxps://al-ihsandata[.]com[.]ng/st/st[.]php hxxps://ateamlogistics[.]com[.]au/de/de[.]php hxxps://abduldataservice[.]com/aolr/aolr[.]php hxxps://aujaradatasub[.]com[.]ng/od/od[.]php hxxps://inxpressfranchises[.]com/pa/pa[.]php hxxps://exotictopup[.]com/bise/bise[.]php hxxps://ecomprince[.]com/teb/teb[.]php hxxps://cica[.]com[.]co/stai/stai[.]php hxxps://devoexpc[.]com/utta/utta[.]php hxxp://grupo-ersa[.]com/tt/tt[.]php hxxps://entropylearningplatform[.]it/id/id[.]php hxxps://csrnovacrnja[.]org[.]rs/tum/tum[.]php hxxps://abadata[.]com[.]ng/milr/milr[.]php hxxps://irsabou[.]org/seuo/seuo[.]php hxxps://bsdataplug[.]com/eae/eae[.]php hxxp://petrosalar-kohsar[.]com/suoi/suoi[.]php hxxps://agbedagbinglobalworld[.]com/nuci/nuci[.]php hxxps://motocustomers[.]com/id/id[.]php hxxps://joezias[.]com/ea/ea[.]php hxxps://jayblog[.]com[.]ng/ui/ui[.]php hxxp://adlcodetool[.]com/saii/saii[.]php hxxp://glamsum[.]com/mism/mism[.]php hxxps://inplainsight[.]uk/ide/ide[.]php hxxps://goldpeg[.]com/usl/usl[.]php hxxp://agencycobra[.]com/oec/oec[.]php hxxps://bodastuyyo[.]com/tt/tt[.]php hxxps://angelface[.]com[.]sg/to/to[.]php hxxp://lh4designs[.]com/ie/ie[.]php hxxps://biellabusiness[.]it/splm/splm[.]php hxxps://africastories[.]net/uso/uso[.]php hxxps://entropy4fad[.]it/nv/nv[.]php hxxps://emmydata[.]com/ti/ti[.]php hxxps://gruastranservis[.]com/eaoe/eaoe[.]php hxxp://acaipurim[.]com[.]br/bca/bca[.]php hxxps://gwts[.]com[.]ng/db/db[.]php hxxps://draytonpark[.]com[.]au/sie/sie[.]php hxxp://engaje360[.]com/nne/nne[.]php hxxps://chimico[.]co[.]uk/lu/lu[.]php hxxps://nhahangdimai[.]com/di/di[.]php hxxps://aljradatvehicles[.]co[.]uk/mt/mt[.]php hxxps://digitsquare[.]com[.]ng/cm/cm[.]php hxxps://caimere[.]com/laiu/laiu[.]php hxxp://newronio[.]net/bn/bn[.]php hxxp://121directmarketing[.]com/uim/uim[.]php hxxps://mellowavecapital[.]com/ilum/ilum[.]php hxxps://firstclassexpress[.]net/aer/aer[.]php hxxps://msdata[.]com[.]ng/ucqt/ucqt[.]php hxxps://nakabugatelecom[.]com/at/at[.]php hxxps://hammanadata[.]com/iin/iin[.]php hxxps://bharatmehra[.]com/ta/ta[.]php hxxps://gbolahtelecoms[.]com/xi/xi[.]php hxxps://mbertoni[.]org[.]py/ui/ui[.]php hxxps://glinsdatang[.]com/uon/uon[.]php hxxps://bizztechguide[.]com/amou/amou[.]php hxxp://hphc[.]org[.]in/emi/emi[.]php hxxp://antena1sj[.]com[.]ar/nm/nm[.]php hxxps://eskco-op[.]com[.]au/ld/ld[.]php hxxps://meeask[.]com/ou/ou[.]php hxxps://heyhearts[.]com/lnma/lnma[.]php hxxps://happyshop24[.]com[.]bd/vt/vt[.]php hxxp://aguaxaca[.]com/lro/lro[.]php hxxp://onerkapi[.]com/naq/naq[.]php hxxps://actuwalya[.]com/aat/aat[.]php hxxps://nalmaconigeria[.]com/tq/tq[.]php hxxps://datastatresearch[.]org/tosu/tosu[.]php hxxps://halabsaray[.]com[.]tr/olr/olr[.]php hxxps://ecotrippers[.]net/fneu/fneu[.]php hxxps://kebabsinverguenza[.]com/ou/ou[.]php hxxp://onercelikkapi[.]com/cma/cma[.]php hxxps://dreamclubpugs[.]com/oosr/oosr[.]php hxxp://goldxtracanada[.]com/eon/eon[.]php hxxp://internetcabletvproviders[.]com/rloo/rloo[.]php hxxps://crystaltouchdatang[.]com/lid/lid[.]php hxxps://mishaeldatahub[.]com/uuer/uuer[.]php hxxps://domyhomeworkhelper[.]com/inos/inos[.]php hxxps://awoofdata[.]com/spi/spi[.]php hxxp://mapledesignandbuild[.]co[.]uk/euar/euar[.]php hxxp://sillonanalytics[.]com/net/net[.]php hxxp://iejaimesalazarrobledo[.]com/oqta/oqta[.]php hxxps://valueventures[.]com[.]ng/aqu/aqu[.]php hxxps://sswaziri[.]com[.]ng/aitm/aitm[.]php hxxps://zayndata[.]com/utut/utut[.]php hxxps://sirauwalpapasub[.]com/erog/erog[.]php hxxps://vtulinks[.]com/ttm/ttm[.]php hxxps://quizzafrica[.]com/hlme/hlme[.]php hxxps://imeandikwa[.]net/en/en[.]php hxxps://heavyequipmentplanet[.]com/eo/eo[.]php hxxps://gearclouds[.]com/eael/eael[.]php hxxps://mattcrowndata[.]com/idii/idii[.]php hxxps://qurannama[.]com/erts/erts[.]php hxxps://digitalartperu[.]com/ttis/ttis[.]php hxxps://galockwood[.]co[.]uk/tm/tm[.]php hxxp://blastenterprises[.]com[.]au/mfp/mfp[.]php hxxps://aprendemanualidades123[.]com/tlet/tlet[.]php hxxp://cabletvpromobundle[.]com/ised/ised[.]php hxxps://abduldatas[.]com/lu/lu[.]php hxxp://wilddiscoverysyria[.]com/ip/ip[.]php hxxps://aasulydata[.]com/es/es[.]php hxxp://dramis[.]net/pta/pta[.]php hxxp://bsdbd[.]com/aqau/aqau[.]php hxxp://growfurtherllc[.]com/mn/mn[.]php hxxp://yescocer[.]com/alpe/alpe[.]php hxxp://leadersrealestate[.]com[.]pk/ias/ias[.]php hxxps://insourcecod[.]com/auqm/auqm[.]php hxxps://declassictelecoms[.]com/qsn/qsn[.]php hxxps://digitaler-insider[.]com/mir/mir[.]php hxxps://royalgarmentepz[.]com/uas/uas[.]php hxxps://easymovin[.]com/nqsn/nqsn[.]php hxxp://pkitsole[.]com/des/des[.]php hxxp://gude[.]com[.]mx/eism/eism[.]php hxxp://192[.]95[.]55[.]65/vodka[.]dat hxxp://45[.]66[.]248[.]25/vodka[.]dat hxxp://95[.]179[.]162[.]104/vodka[.]dat hxxp://162[.]19[.]130[.]46/vodka[.]dat hxxp://51[.]254[.]78[.]3/vodka[.]dat hxxp://45[.]95[.]18[.]115/vodka[.]dat hxxps://wimodestyclothing[.]com/lbd/lbd[.]php hxxps://womensbright[.]com/roo/roo[.]php hxxps://nationalsculpture[.]org/lnu/lnu[.]php hxxps://topgomabusiness[.]net/dcii/dcii[.]php hxxps://tiroler-insider[.]com/rsdu/rsdu[.]php hxxps://novaredesolucoes[.]com[.]br/qsa/qsa[.]php hxxps://notaria16sjr[.]com/iquo/iquo[.]php hxxps://dorianneweil[.]com/mib/mib[.]php hxxps://24handelsmagazin[.]com/istt/istt[.]php hxxps://demo[.]com[.]ng/iatl/iatl[.]php hxxps://f2gtech[.]com/ieg/ieg[.]php hxxps://greatnessdata[.]com/to/to[.]php hxxps://blastwholesale[.]com[.]au/nci/nci[.]php hxxps://aevp[.]org/ls/ls[.]php hxxp://vicantopsl[.]com/vei/vei[.]php hxxps://eddiebeartv[.]com/moev/moev[.]php hxxps://easylifeart[.]com/ae/ae[.]php hxxp://ivsa[.]com[.]mx/itp/itp[.]php hxxp://internetcabletvprovider[.]com/pit/pit[.]php hxxp://rcproyectosyconsultoria[.]com/dot/dot[.]php hxxp://ppublications[.]com/eaie/eaie[.]php hxxp://desafiodebarrancos[.]com/ies/ies[.]php hxxp://dordorianconcept[.]com/iuoa/iuoa[.]php |
QakBot |
| URL | hxxp://163[.]123[.]142[.]141/cc[.]exe | Rhadamanthys |
| URL | hxxp://chuyqe32[.]top/gate[.]php | CryptBot |
| URL | hxxp://101[.]43[.]215[.]118:9090/ptj hxxp://43[.]155[.]75[.]235:8880/include/template/isx[.]php hxxp://a[.]bwvwvwv[.]cf:8880/wp08/wp-includes/dtcla[.]php hxxp://62[.]204[.]41[.]45:8092/dot[.]gif hxxp://101[.]34[.]23[.]227:3306/push hxxp://43[.]136[.]81[.]234/wp08/wp-includes/dtcla[.]php hxxps://39[.]98[.]157[.]4:8089/IE9CompatViewList[.]xml hxxp://175[.]178[.]42[.]176:9999/updates[.]rss hxxps://47[.]100[.]180[.]123:3004/ptj hxxp://43[.]143[.]234[.]105:801/push hxxp://149[.]129[.]72[.]37:2580/cm hxxp://120[.]48[.]12[.]88:20000/visit[.]js hxxp://5[.]8[.]18[.]112/visit[.]js hxxp://104[.]244[.]79[.]172/match hxxps://81[.]70[.]253[.]205:54321/ca hxxp://124[.]221[.]160[.]162:7777/pixel hxxps://16[.]163[.]57[.]134/owa/ hxxps://aller-retour[.]lu/api/v1/Update hxxp://101[.]43[.]127[.]45:8080/j[.]ad hxxp://120[.]48[.]101[.]48/pixel hxxp://182[.]61[.]52[.]93:10001/ca hxxp://121[.]40[.]127[.]134:5555/ca hxxp://www[.]oldboys[.]top/dpixel hxxps://43[.]155[.]75[.]235/wp06/wp-includes/po[.]php hxxp://123[.]249[.]41[.]238/dpixel hxxps://39[.]98[.]157[.]4:8888/activity hxxp://195[.]123[.]234[.]101/Make/v8[.]01/Sharepoint hxxps://195[.]123[.]234[.]101/Make/v8[.]01/Sharepoint hxxps://119[.]23[.]61[.]52:8098/push hxxps://139[.]224[.]207[.]208:58443/match hxxps://23[.]81[.]246[.]2/Link/v7[.]32/JQ0FXNOH0H hxxps://cahapowowo[.]com/Link/v7[.]32/JQ0FXNOH0H hxxp://114[.]132[.]64[.]28:9999/clemente/details hxxp://120[.]24[.]44[.]58/j[.]ad hxxp://124[.]223[.]80[.]198:666/pixel hxxp://bgn[.]sc[.]cn:9019/activity hxxps://www[.]bgvipmanager[.]com/_/scs/mail-static/_/js/ hxxps://173[.]232[.]146[.]178/jquery-3[.]3[.]1[.]min[.]js hxxp://150[.]158[.]213[.]111:8012/ga[.]js hxxp://139[.]198[.]155[.]226:8080/image/ hxxp://47[.]87[.]138[.]83:8899/updates[.]rss hxxp://129[.]226[.]223[.]182/owa/ hxxp://143[.]92[.]58[.]56/MicrosoftUpdate/ShellEx/KB242742/default[.]aspx hxxp://lo[.]tkkls[.]ml:2086/pixel hxxps://94[.]232[.]46[.]19/build/v2[.]02/3X028QONH hxxp://173[.]232[.]146[.]178/jquery-3[.]3[.]1[.]min[.]js hxxps://89[.]147[.]109[.]10/g[.]pixel hxxp://45[.]79[.]34[.]136:81/visit[.]js hxxps://1[.]117[.]243[.]253:7777/en_US/all[.]js hxxp://103[.]234[.]72[.]91:9988/activity hxxps://47[.]97[.]186[.]43/www/handle/doc hxxps://121[.]36[.]61[.]57:11443/updates hxxps://114[.]134[.]188[.]233/visit[.]js hxxp://103[.]90[.]160[.]144:8082/c/msdownload/update/others/2020/10/29136388_ hxxp://eurodevservices[.]com/ml hxxp://121[.]4[.]111[.]221:1111/ca hxxp://172[.]67[.]137[.]136/zOMGAPT hxxp://104[.]21[.]78[.]213/zOMGAPT hxxp://119[.]91[.]204[.]77:8888/dpixel hxxps://139[.]198[.]155[.]226:8443/image/ hxxps://mecezom[.]biz/modcp[.]css hxxp://129[.]226[.]223[.]182/www/handle/doc hxxps://143[.]92[.]58[.]56/MicrosoftUpdate/ShellEx/KB242742/default[.]aspx hxxp://152[.]67[.]208[.]210/activity |
Cobalt Strike |
| URL | hxxp://192[.]3[.]179[.]147/x[.][.][.][.]xx[.][.][.][.][.][.][.]doc | Formbook |
| URL | hxxp://0x21[.]in:8000/_az/ | Azorult |
| URL | hxxp://64[.]227[.]48[.]212/?page_id=6518979865 hxxp://202[.]55[.]132[.]183/82/vbc[.]exe hxxp://solefex[.]com/cream/five/fre[.]php hxxp://202[.]55[.]132[.]183/81/vbc[.]exe |
LokiBot |
| URL | hxxp://79[.]137[.]197[.]61/auth hxxp://41[.]216[.]182[.]181/auth hxxp://45[.]15[.]156[.]158/auth |
Aurora Stealer |
| URL | hxxp://185[.]106[.]94[.]102:5000/login hxxp://185[.]106[.]94[.]73:5000/login hxxp://128[.]140[.]3[.]146:5000/login hxxp://94[.]142[.]138[.]10:5000/login hxxp://89[.]23[.]96[.]140:5000/login hxxp://82[.]115[.]223[.]194:1000/login hxxp://82[.]115[.]223[.]186:5000/login hxxp://82[.]115[.]223[.]71:0/login hxxp://80[.]85[.]241[.]24:5000/login hxxp://78[.]153[.]130[.]24:5000/login hxxp://45[.]82[.]153[.]136:5000/login hxxp://45[.]15[.]157[.]139:5000/login hxxp://45[.]15[.]156[.]242:5000/login hxxp://45[.]15[.]156[.]137:5000/login hxxp://37[.]220[.]87[.]48:3000/login |
TitanStealer |
| URL | hxxp://208[.]67[.]105[.]179/activatezx[.]exe | Agent Tesla |
| URL | hxxp://www[.]acrobat-adobe[.]com/nmAfUliC/Txkbrexik[.]dat | PureCrypter |
| URL | hxxp://65[.]108[.]209[.]36/2358d131c82bf789[.]php | Stealc |
| URL | hxxp://119[.]180[.]227[.]24:42918/Mozi[.]m | Mozi |
