不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2023/04/21
※2023/04/21 更新
マルウェア感染させると考えられるURLを検知(2023/04/21)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://192[.]3[.]202[.]72/blessed[.]exe hxxp://208[.]67[.]105[.]179/secatlaszx[.]exe hxxp://107[.]175[.]202[.]201/60/vbc[.]exe hxxp://107[.]175[.]202[.]201/23/vbc[.]exe hxxps://107[.]175[.]202[.]201/50/vbc[.]exe hxxp://35[.]182[.]32[.]110/97/vbc[.]exe |
Agent Tesla |
| URL | hxxp://208[.]67[.]105[.]179/kimzx[.]exe hxxp://208[.]67[.]105[.]179/nellyzx[.]exe hxxp://208[.]67[.]105[.]179/offbinzx[.]exe hxxp://103[.]189[.]202[.]201/0000213/vbc[.]exe hxxp://103[.]189[.]202[.]201/winCloud10/vbc[.]exe hxxp://103[.]189[.]202[.]201/wd1406/vbc[.]exe |
Formbook |
| URL | hxxp://cstutorial[.]in/cxa/p44T2tO6lcBdWwJ[.]exe | NjRAT |
| URL | hxxp://metacarpusget[.]top/c043bcd0ba06ae1d/sqlite3[.]dll hxxp://metacarpusget[.]top/c043bcd0ba06ae1d/nss3[.]dll hxxp://metacarpusget[.]top/c043bcd0ba06ae1d/msvcp140[.]dll hxxp://metacarpusget[.]top/c043bcd0ba06ae1d/freebl3[.]dll hxxp://metacarpusget[.]top/c043bcd0ba06ae1d/softokn3[.]dll hxxp://metacarpusget[.]top/c043bcd0ba06ae1d/mozglue[.]dll hxxp://metacarpusget[.]top/c043bcd0ba06ae1d/vcruntime140[.]dll hxxps://getgym[.]top/office_sync[.]exe |
Stealc |
| URL | hxxp://101[.]42[.]20[.]25:443/__utm[.]gif hxxp://82[.]157[.]110[.]128/admin[.]js hxxps://38[.]105[.]168[.]110:5443/j[.]ad hxxp://31[.]44[.]184[.]63/visit[.]js hxxp://216[.]83[.]45[.]170/ca hxxps://mynewoa[.]shqianxinn[.]tk:2087/jqueryjs/jquery-3[.]3[.]1[.]min[.]js hxxps://webtoolsmedia[.]com/tab_home hxxp://116[.]204[.]121[.]193/j[.]ad hxxps://42[.]202[.]144[.]230:8443/pixel[.]gif hxxp://42[.]202[.]144[.]230:8088/cx hxxp://1[.]13[.]156[.]222:8877/dpixel hxxp://107[.]172[.]78[.]188:81/updates[.]rss hxxp://43[.]247[.]164[.]188/IE9CompatViewList[.]xml hxxps://45[.]207[.]49[.]206:2080/dot[.]gif hxxps://82[.]157[.]110[.]128/r-arrow[.]css hxxp://82[.]157[.]110[.]128/r-arrow[.]css hxxps://360[.]penw2iieel[.]tk:8443/api/3 hxxps://code[.]cdn-js[.]ecmot[.]com/j[.]ad hxxps://image[.]cdn[.]ecmot[.]com/g[.]pixel hxxp://103[.]146[.]179[.]70:800/match hxxp://1[.]15[.]40[.]248/g[.]pixel hxxp://47[.]96[.]151[.]215/wp06/wp-includes/po[.]php hxxps://msdn[.]ajax-microsoft[.]com:8443/link/v3[.]22/4EN738VY hxxps://47[.]96[.]151[.]215/wp06/wp-includes/po[.]php hxxps://settingdata[.]com/ce[.]js hxxp://47[.]94[.]130[.]42:88/api/x hxxp://139[.]144[.]44[.]74/en_US/all[.]js hxxp://103[.]149[.]200[.]79:8080/en_US/all[.]js hxxp://18[.]181[.]171[.]173:8080/load hxxp://103[.]234[.]72[.]186:8081/image/ hxxp://fensisup[.]shop:8011/updates[.]rss hxxp://43[.]156[.]67[.]216:55555/pixel hxxp://134[.]175[.]236[.]248:10443/updates[.]rss hxxps://175[.]178[.]118[.]27/load hxxp://47[.]97[.]51[.]213:8008/j[.]ad hxxp://82[.]157[.]63[.]216:5712/jquery-3[.]3[.]1[.]min[.]js hxxps://106[.]53[.]74[.]135/fwlink hxxp://47[.]115[.]203[.]251:8080/activity hxxp://43[.]143[.]184[.]22:801/__utm[.]gif hxxp://106[.]54[.]81[.]238:3389/push hxxp://1[.]13[.]249[.]191:30010/j[.]ad hxxps://47[.]100[.]249[.]61/j[.]ad hxxp://103[.]149[.]91[.]175:8011/load hxxp://8[.]218[.]176[.]6:8080/visit[.]js hxxp://43[.]135[.]157[.]199:6000/en_US/all[.]js hxxps://160[.]20[.]147[.]178/terminate/sessions/S7K6MNS8 hxxps://lubidex[.]xyz/terminate/sessions/S7K6MNS8 hxxps://139[.]144[.]44[.]74/IE9CompatViewList[.]xml hxxp://fazehotafa[.]com:443/ak[.]css hxxp://esfxe[.]com:4444/link/formal[.]mpeg hxxp://onefile[.]icu:443/risk[.]ico hxxp://194[.]165[.]16[.]64:443/risk[.]ico hxxps://194[.]165[.]16[.]64/lease hxxps://194[.]165[.]16[.]64/risk[.]ico hxxps://onefile[.]icu/lease hxxps://onefile[.]icu/risk[.]ico hxxps://23[.]108[.]57[.]245/adapt/travel/H0E8ARYWK hxxps://fawirocizu[.]org/adapt/travel/H0E8ARYWK hxxp://47[.]115[.]203[.]251/ga[.]js |
Cobalt Strike |
| URL | hxxp://185[.]225[.]74[.]227/ppc hxxp://185[.]225[.]74[.]227/sh4 hxxp://185[.]225[.]74[.]227/mipsel hxxp://185[.]225[.]74[.]227/mips hxxp://185[.]225[.]74[.]227/co hxxp://185[.]225[.]74[.]227/dss hxxp://185[.]225[.]74[.]227/i686 hxxp://185[.]225[.]74[.]227/dc hxxp://185[.]225[.]74[.]227/arm61 hxxp://185[.]225[.]74[.]227/586 hxxp://185[.]225[.]74[.]227/m68k hxxp://188[.]166[.]218[.]175/p-p[.]c-[.]AXIS hxxp://188[.]166[.]218[.]175/a-r[.]m-5[.]AXIS hxxp://188[.]166[.]218[.]175/m-p[.]s-l[.]AXIS hxxp://188[.]166[.]218[.]175/a-r[.]m-6[.]AXIS hxxp://188[.]166[.]218[.]175/s-h[.]4-[.]AXIS hxxp://188[.]166[.]218[.]175/a-r[.]m-4[.]AXIS hxxp://188[.]166[.]218[.]175/m-6[.]8-k[.]AXIS hxxp://188[.]166[.]218[.]175/m-i[.]p-s[.]AXIS hxxp://188[.]166[.]218[.]175/x-3[.]2-[.]AXIS hxxp://188[.]166[.]218[.]175/i-5[.]8-6[.]AXIS hxxp://188[.]166[.]218[.]175/a-r[.]m-7[.]AXIS |
Bashlite |
| URL | hxxp://85[.]217[.]144[.]143/files/haddd[.]exe hxxp://116[.]203[.]7[.]73/install[.]zip hxxp://116[.]203[.]15[.]24/install[.]zip |
Vidar |
| URL | hxxps://famileai[.]com/php/upsoft/milmonjey[.]txt | Laplas |
| URL | hxxp://208[.]67[.]105[.]148/kudi/five/fre[.]php hxxp://104[.]156[.]227[.]195/~blog/?p=935655688088695 hxxp://185[.]246[.]220[.]85/zang1/five/fre[.]php |
LokiBot |
| URL | hxxp://188[.]120[.]246[.]49/gamelinuxtemporary[.]php hxxp://37[.]220[.]87[.]84/Multiproton7External/ProviderPublicLinux/externalEternaltoProcessordatalife[.]php hxxp://whatipedia[.]org/CpuUpdateTrack[.]php hxxp://92[.]63[.]97[.]158/authDefaultwordpressPipe/_Universal0/asyncProtonPipeprovider/poll8pipeGame/ProcessSecureuploads2/eternalSecure0/1/cdn7/PrivateProcessorVm/0/GeneratorDump/5/uploads/Temp9Provider/imageFlower[.]php |
DCRat |
| URL | hxxp://195[.]201[.]81[.]165/loadaddr | NetDooka |
| URL | hxxp://fygaoy42[.]top/gate[.]php | CryptBot |
| URL | hxxps://pausterbaik[.]xyz/wicd/sister[.]zip hxxps://dxbott[.]ae/wicd/sister[.]zip hxxps://design19[.]pk/wicd/sister[.]zip hxxps://eventstream[.]asia/pEp/per[.]zip hxxps://theplazahotelresort[.]com/pEp/per[.]zip hxxp://104[.]156[.]232[.]97/aO03psmvtKQUf9B5[.]dat hxxp://104[.]238[.]190[.]98/aSxBaqnfj98wzv[.]dat hxxp://51[.]222[.]96[.]42/aSxBaqnfj98w[.]dat hxxp://ganadiando[.]com/pEp/per[.]zip hxxp://hungrydolphin[.]net/pEp/per[.]zip hxxps://capsimports[.]shop/hrSDh/9I4x30B hxxps://utilimixnatal[.]com[.]br/DJ9c/Z6WyZHVIQPb hxxps://dst[.]co[.]tz/AsZWuUl/EF7nfGzsTqJ hxxps://redbook[.]cloud/9OGzNH/5RxAW7 hxxps://lojalz14[.]com[.]br/8jJ3b/swYRZ hxxps://veley[.]co/5xxk2L/VcQV2PkWe hxxp://209[.]182[.]225[.]14/aO03psmvtK[.]dat hxxp://135[.]125[.]177[.]90/aO03psmvtKQUf[.]dat hxxp://45[.]59[.]170[.]43/aO03psmvtKQ[.]dat hxxp://fastmarketplace[.]co[.]ke/pEp/per[.]zip hxxp://grafishark[.]hu/pEp/per[.]zip hxxp://theplazahotelresort[.]com/pEp/per[.]zip hxxp://eventstream[.]asia/pEp/per[.]zip hxxps://yorgengalvis[.]com/qt/veltempore[.]php hxxps://zaheeruddinconsultants[.]com/mimu/modiid[.]php hxxps://forzafert[.]com[.]br/qeda/veldolorem[.]php hxxps://martpoa[.]com/rl/modiqui[.]php hxxps://piggybankadvisor[.]com/nv/dictaearum[.]php hxxps://gurnoorphotography[.]com/sa/etfugiat[.]php hxxps://humdatasell[.]com/erum/dolorvoluptatem[.]php hxxps://previsoracolonia[.]com/cetl/minusipsam[.]php hxxps://inspiruseducation[.]net/snl/occaecatiincidunt[.]php hxxps://mscs-bcsir[.]com/ucns/corruptioptio[.]php hxxps://dietitianareejchaudary[.]com/oie/aliasiusto[.]php hxxps://ftconsultores[.]com[.]mx/uiur/insed[.]php hxxps://edenbeachresorts[.]com/dr/quiaimpedit[.]php hxxps://reallynotrocketscience[.]com/mt/consequaturqui[.]php hxxps://plumbinghours[.]com/no/velaliquid[.]php hxxps://omcvn[.]org/ru/reprehenderitvero[.]php hxxps://valleyaccounts[.]com/imnq/sedadipisci[.]php hxxps://mbinfogv[.]com[.]br/lbqo/utincidunt[.]php hxxps://fastnet[.]net[.]ec/er/architectoquis[.]php hxxps://orcasdental[.]com/quao/excepturiet[.]php hxxps://esthydata[.]com/st/totamprovident[.]php hxxps://theplazahotelresort[.]com/ess/etnihil[.]php hxxps://lasustechgist[.]com[.]ng/eoaa/voluptatemsit[.]php hxxps://lubbockrvparktx[.]com/fgu/voluptatesrerum[.]php hxxps://aadf[.]org[.]br/ip/inminima[.]php hxxps://abdinconsult[.]com/omrn/autemconsequatur[.]php hxxp://modiranesarmaye[.]com/ri/nonlaudantium[.]php hxxps://bmbpakistan[.]com/ili/velitplaceat[.]php hxxps://alicontainers[.]com/mi/temporedolorem[.]php hxxps://arpareco[.]com[.]ar/fe/solutadolorum[.]php hxxps://designfication[.]com/rdq/minusvel[.]php hxxps://all4insurances[.]com/elmx/harumet[.]php hxxps://coolcivilengineering[.]com/icse/autincidunt[.]php hxxp://globalsoulconnexion[.]com/ei/sitaut[.]php hxxps://barakatpharmacy[.]com/rcne/istemaiores[.]php hxxp://121directmarketing[.]com/ooal/saepeconsectetur[.]php hxxp://gurumm[.]com/pEp/per[.]zip hxxps://reveltonhotels[.]com/tcpa/quidemexplicabo[.]php hxxps://villabohol[.]com/mi/liberovelit[.]php hxxps://sofrekhanebaran[.]com/ipt/istenobis[.]php hxxps://softwareworlddesign[.]com/ipia/sitlibero[.]php hxxps://smimarketing[.]co[.]uk/ivte/quisaspernatur[.]php hxxps://rahasports[.]com/ua/consequatura[.]php hxxps://saifullahtoqeer[.]com/aea/solutaofficia[.]php hxxps://tecnolibre[.]net/etnd/sitquidem[.]php hxxps://spectrumservicesllc[.]com/uea/velest[.]php hxxps://sahityaclasses[.]com/ixia/nemodicta[.]php hxxps://olandbinaryinvestment[.]com/mu/eanulla[.]php hxxps://tauheedgroup[.]com/raee/doloresvoluptatem[.]php hxxps://jibolasquare[.]com/erd/mollitianesciunt[.]php hxxps://earningadvice[.]com/sir/idnam[.]php hxxps://ppgfans[.]com/umv/etmolestias[.]php hxxps://rotaniz[.]com/et/idautem[.]php hxxps://facilityprint[.]com[.]br/fae/voluptatemsit[.]php hxxps://studiopsicologiaroma[.]com/erne/blanditiisnisi[.]php hxxps://ondaserrano[.]com/am/enimid[.]php hxxps://safvoip[.]com/to/voluptatemcorporis[.]php hxxps://scmsgroup[.]org/ss/facerenon[.]php hxxps://gecopakistan[.]com/miie/autpossimus[.]php hxxps://viralebu[.]com/brlm/magninesciunt[.]php hxxps://r-stechnologies[.]com/spr/eossunt[.]php hxxps://sealfoxasphaltfl[.]com/cap/explicaboillo[.]php hxxps://dgngastro[.]com/umnl/fugiataliquid[.]php hxxps://4buildapp[.]com/un/solutaomnis[.]php hxxps://alghreef[.]com/utn/quisquia[.]php hxxps://artesurface[.]com/dena/utdolores[.]php hxxps://bryllisinternational[.]com/pnmi/cumrerum[.]php hxxps://actionhomerehab[.]com[.]au/ea/nemoeaque[.]php hxxps://astrovardaan[.]com/ui/voluptasodit[.]php hxxps://cilgpan[.]com[.]ng/iauc/quasinulla[.]php hxxps://buildersoncall[.]com/eun/quiaaut[.]php hxxp://treelogitech[.]com/atbu/suscipitratione[.]php hxxp://shineart[.]com[.]my/ir/dignissimosatque[.]php hxxps://denbyte[.]com/smr/voluptatesnostrum[.]php hxxps://apcoorsac[.]com/eq/distinctioperspiciatis[.]php hxxps://circularmatters[.]com/rp/nostrummolestiae[.]php hxxps://codelinkinfotech[.]com/qui/rerumautem[.]php hxxps://desverse[.]co[.]uk/liu/earumrem[.]php hxxps://digitalpostoffice[.]com[.]bd/camt/quonisi[.]php hxxp://humanittareinteligence[.]com[.]br/pEp/per[.]zip hxxps://usog-ge[.]com/aet/iuresaepe[.]php hxxps://varanet[.]fr/vi/sitlaboriosam[.]php hxxps://wetravellebanon[.]com/tn/etveniam[.]php hxxps://w15w[.]com/su/quivoluptatibus[.]php hxxps://switchsub[.]com/ue/delenitireprehenderit[.]php hxxps://samemzowears[.]com/nmee/explicaboab[.]php hxxps://sithland[.]com/iqs/saepetenetur[.]php hxxps://tajal[.]com[.]sa/nn/ipsamquam[.]php hxxps://rogerskimathi[.]com/este/doloresdolor[.]php hxxps://youstylezcollections[.]com/roa/adipisciofficiis[.]php hxxps://villedeniamey[.]org/stau/iustorem[.]php hxxps://sandsdalen[.]com/ue/impeditet[.]php hxxps://yamehsystems[.]com/otp/perferendiscumque[.]php hxxps://sawabash-sd[.]com/pmiu/ametomnis[.]php hxxps://springbancorp[.]com/cau/eosrem[.]php hxxps://starlinksdigital[.]com/ta/etipsam[.]php hxxps://warnmat[.]com/est/quiillum[.]php hxxps://trustme[.]com[.]ng/qusq/repellendusasperiores[.]php hxxps://shayambabapackaging[.]com/el/quosea[.]php hxxps://shaheenpipe[.]com/mcu/addoloribus[.]php hxxps://tatileague[.]org/urq/quopariatur[.]php hxxps://tupnet[.]com[.]br/mulb/temporein[.]php hxxps://aboutbusiness[.]us/saa/index[.]php hxxps://bsinesssoft[.]com/oad/quaerataut[.]php hxxps://natrajdallmill[.]com/llii/autaut[.]php hxxps://domelift[.]com/ciis/rerumaliquid[.]php hxxps://buahati[.]com/oqsu/cumquehic[.]php hxxps://akampaventures[.]com/tu/quaesequi[.]php hxxps://buildcon[.]net/brau/doloressed[.]php hxxps://myanmarlogisticsinstitute[.]com/opt/similiquevoluptates[.]php hxxps://cafeterasprofesionales[.]com[.]mx/iu/aliquideius[.]php hxxps://piefconference[.]com/apr/exercitationemet[.]php hxxps://niv-studio[.]com/pr/index[.]php hxxps://protocolbd[.]com/pi/beataeamet[.]php hxxps://eminashville[.]com/ims/etexpedita[.]php hxxps://dinaseithigal[.]com/tied/istemagnam[.]php hxxps://222mlms[.]com/vole/explicaboet[.]php hxxps://manahprojetos[.]com[.]br/ar/quaequas[.]php hxxps://diagramconstruction[.]com/cs/etneque[.]php hxxps://dahirhassan[.]com/tr/doloresomnis[.]php hxxps://marketani[.]com/ists/nihilmolestiae[.]php hxxps://codesurf[.]it/icta/delenitivelit[.]php hxxps://blackwatermedical[.]co[.]uk/pi/erroripsa[.]php hxxps://jutsolarenergy[.]com/quii/utalias[.]php hxxps://optimizeservicesbd[.]com/rc/consequaturea[.]php hxxp://nexuschemsys[.]com/ua/estmollitia[.]php hxxps://andrazstok[.]com/isn/autnumquam[.]php hxxps://lenergy[.]fr/mel/estquos[.]php hxxps://capstoneradioug[.]com/oaer/dolornulla[.]php hxxps://fintechprogrammers[.]com/eep/commodiqui[.]php hxxps://kassstudio[.]com/uc/quiasoluta[.]php hxxps://coopronda[.]com[.]br/llue/perferendisprovident[.]php hxxps://demo[.]gwm[.]com[.]np/xtmm/exid[.]php hxxps://cafeterassuperautomaticas[.]com[.]mx/iceu/autest[.]php hxxps://maderasintiynova[.]com/vsnl/quiquidem[.]php hxxps://redlogstudio[.]com/ttid/consequaturassumenda[.]php hxxps://legalhighcannabis[.]com/olr/laudantiumanimi[.]php hxxps://demogoruntule[.]com/us/repellata[.]php hxxps://reparacioncreperas[.]com[.]mx/ism/molestiaset[.]php hxxps://crowentertainment[.]org/ep/remconsequatur[.]php hxxps://muzicvue[.]org/aitq/eosaut[.]php hxxps://grupombgyn[.]com[.]br/ias/voluptatibusenim[.]php hxxps://pitanguinet[.]com[.]br/cic/laboriosamillo[.]php hxxps://pearl-kw[.]com/pia/temporavoluptatum[.]php hxxp://binmahboob[.]com/qci/placeatvoluptate[.]php hxxps://nurad-x[.]com/med/velid[.]php hxxp://centigenph[.]com/odm/utconsequatur[.]php hxxps://doctorzoya[.]com/ui/quidemnemo[.]php hxxps://banglatools[.]com/tsa/iureaut[.]php hxxps://roaatraining[.]com/mqe/etillum[.]php hxxps://400-sy[.]com/tmsa/nemodoloremque[.]php hxxps://marasmllc[.]com/qore/laborequas[.]php hxxps://avtocar[.]org/atp/quiquidem[.]php hxxps://exemplarywriters[.]com/aler/cumnihil[.]php hxxps://performpracticesolutions[.]com/ifif/nihilminima[.]php hxxps://bestitbazar[.]com/re/utqui[.]php hxxps://mitrapasal[.]com/uaut/aliquamqui[.]php hxxps://dpixchange[.]com/nio/utet[.]php hxxps://ns[.]com[.]pk/aao/etaut[.]php hxxp://visionbuldana[.]org/iodm/dignissimosaut[.]php hxxps://gayatrirathore[.]com/asa/distinctiovoluptatum[.]php hxxp://trotinet[.]com[.]mk/dr/consequaturet[.]php hxxps://armieaccessori[.]com/al/eumvoluptates[.]php hxxps://chcco[.]net/id/nonnesciunt[.]php hxxp://therapyhasnobounds[.]com/ui/laborumsit[.]php hxxps://petitpawspa[.]com/ebta/eumalias[.]php hxxps://dataprogate[.]com/um/namducimus[.]php hxxps://marketsbestrading[.]com/iopu/dictaea[.]php hxxps://oplexxlifestyle[.]com/nri/index[.]php hxxps://meeyahbundle[.]com/umu/ipsamneque[.]php hxxps://jbpips[.]com/rte/utqui[.]php hxxps://bola168king[.]com/oteq/numquammodi[.]php hxxps://ccddfe[.]com/nque/infugit[.]php hxxps://takwinp[.]com/iiee/dictaaperiam[.]php hxxps://t3naturals[.]com/oiti/eiusab[.]php hxxps://succeedsolar[.]com/eaq/architectoeos[.]php hxxps://pokhrelrajat[.]com[.]np/tb/cumquia[.]php hxxps://skylight[.]com[.]ng/oeq/eanemo[.]php hxxps://formazione-bassareggiana[.]it/er/porropraesentium[.]php hxxps://fabiobertiart[.]it/iv/voluptatemet[.]php hxxps://oesdenizcilik[.]com/tdu/etaccusantium[.]php hxxps://erayyigit[.]com/rd/uteligendi[.]php hxxps://eastpooja[.]com[.]my/uoi/ullamquos[.]php hxxps://hansgross[.]com[.]pe/uarq/nequeautem[.]php hxxps://flowshipping[.]com/ters/nesciuntquidem[.]php hxxps://cortexeg[.]com/et/autmolestiae[.]php hxxps://madenlebanon[.]com/ce/dolorquas[.]php hxxps://conciergehomesng[.]com/onte/laudantiumcorporis[.]php hxxps://hustle2otoken[.]com/reup/consecteturreprehenderit[.]php hxxps://optimussub[.]com/lia/voluptatemmaxime[.]php hxxps://hrnews24[.]com/ut/etsit[.]php hxxps://hufaznashdata[.]com[.]ng/agra/hicquia[.]php hxxps://brave-blog[.]see[.]com[.]py/rsco/autemaut[.]php hxxps://emmanuelnnah[.]org[.]ng/se/dolormolestias[.]php hxxps://cognicen[.]com/uid/enimeum[.]php hxxps://pestworld2018[.]org/nmi/iustoautem[.]php hxxps://forza[.]com[.]br/ram/hicdolorem[.]php hxxps://jktradingcompany[.]com/vin/sunttenetur[.]php hxxps://karnavatiengineering[.]com/msnr/cumest[.]php hxxps://banglanetbd[.]com/se/eased[.]php hxxp://nccsl[.]org/uids/cupiditateesse[.]php hxxp://zedzahidul[.]com/uio/consequunturculpa[.]php hxxps://audan[.]org/so/quiatemporibus[.]php hxxps://all4iptv[.]com/eo/autemaliquam[.]php hxxps://applacatintools[.]com/qba/voluptatemest[.]php hxxps://abebiconcept[.]com/ntts/undenulla[.]php hxxp://tashdidhmim[.]com/uu/adipiscidistinctio[.]php hxxps://acedata[.]com[.]ng/uunn/quidolore[.]php hxxps://goldenbook[.]ae/pEp/per[.]zip hxxp://forskolin[.]info/pEp/per[.]zip hxxp://harshaauto[.]co[.]in/pEp/per[.]zip hxxps://greenbox[.]click/pEp/per[.]zip hxxp://expresspaisa[.]com/pEp/per[.]zip hxxp://goldenbook[.]ae/pEp/per[.]zip hxxps://fitnessguru[.]pk/pEp/per[.]zip hxxps://dst[.]co[.]tz/AsZWuUl/fYKvYOSHms hxxps://glasnostindia[.]co[.]in/pEp/per[.]zip hxxps://utilimixnatal[.]com[.]br/DJ9c/CMciV8e hxxps://capsimports[.]shop/hrSDh/ZmwKDLMK hxxps://globalhandicraftscenter[.]org/pEp/per[.]zip hxxps://eurofinancesplus[.]com/pEp/per[.]zip hxxps://lojalz14[.]com[.]br/8jJ3b/jVevH0TTsz hxxps://redbook[.]cloud/9OGzNH/aOTqBD hxxps://veley[.]co/5xxk2L/O0Xrd hxxp://grantsofamerica[.]com/pEp/per[.]zip hxxp://grandarcbuilders[.]com/pEp/per[.]zip hxxp://glasnostindia[.]co[.]in/pEp/per[.]zip hxxp://globalhandicraftscenter[.]org/pEp/per[.]zip hxxp://fitnessguru[.]pk/pEp/per[.]zip hxxp://eurofinancesplus[.]com/pEp/per[.]zip |
QakBot |
| URL | hxxps://usb[.]directory/usb[.]exe | AsyncRAT |
| URL | hxxp://141[.]98[.]82[.]243:443/extremal/shelter[.]mpeg | Metasploit |
| URL | hxxp://specialblue[.]pm/dF30Hn4m/index[.]php hxxp://193[.]201[.]9[.]240/live/games/Login[.]php hxxp://212[.]113[.]119[.]255/joomla/Login[.]php |
Amadey |
| URL | hxxps://vubc[.]reseller[.]wonderfulworldblog[.]com/gotoCheckout | FAKEUPDATES |
