不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様10社 -
2023/09/19
※2023/09/19 更新
マルウェア感染させると考えられるURLを検知(2023/09/19)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxps://mindshot[.]cl/tmp/index[.]php hxxps://api-alajman[.]com/tmp/index[.]php hxxps://www[.]cotomac[.]com/tmp/index[.]php hxxp://5[.]42[.]65[.]80/rockss[.]exe hxxps://centroestudiosmtudela[.]com/tmp/index[.]php hxxps://nebraska-pizza[.]com/search[.]php hxxps://alaska-ships[.]com/search[.]php hxxp://66[.]85[.]156[.]93/ku923[.]exe hxxp://79[.]137[.]192[.]18/mar3[.]exe |
SmokeLoader |
| URL | hxxps://goamiev[.]com/Customers hxxps://goamiev[.]com/business |
Gozi |
| URL | hxxps://43[.]138[.]77[.]115:4431/fwlink hxxp://123[.]249[.]115[.]56:8082/pixel[.]gif hxxp://175[.]27[.]221[.]235/ca hxxps://45[.]76[.]219[.]29/IE9CompatViewList[.]xml hxxp://23[.]94[.]122[.]130/Complete/pr/H6TCQRWR hxxp://5[.]101[.]0[.]245/cx hxxp://159[.]223[.]132[.]255/owa/EH4Wxdz2PBdBMdlj6GgzG35tC7Z-PnqUFodwBNx hxxp://81[.]161[.]229[.]129/dot[.]gif hxxp://81[.]161[.]229[.]129:8010/activity hxxps://micrusroft[.]com/api/3 hxxp://45[.]142[.]122[.]208/cx hxxps://image[.]bitget[.]works/_/scs/mail-static/_/js/ hxxp://101[.]43[.]96[.]246/IE9CompatViewList[.]xml hxxps://175[.]178[.]237[.]218/updates[.]rss hxxps://101[.]43[.]96[.]246:8443/j[.]ad hxxp://146[.]56[.]42[.]196:8001/pixel[.]gif hxxp://1[.]94[.]26[.]40/load hxxp://8[.]130[.]128[.]97/match hxxp://47[.]101[.]170[.]17:8888/pixel hxxp://82[.]157[.]169[.]10:7999/cx hxxps://194[.]156[.]98[.]197/IE9CompatViewList[.]xml hxxps://cs45upb230906[.]iqiyid[.]com:2053/en_US/all[.]js hxxp://8[.]141[.]161[.]11:6666/fwlink hxxps://178[.]62[.]79[.]36/push hxxps://39[.]107[.]250[.]164/azure/api/v2/userinfo/get hxxps://43[.]142[.]184[.]93/fwlink hxxps://www[.]5cq[.]com/an[.]js hxxp://81[.]68[.]152[.]129:8081/eo[.]js hxxp://121[.]37[.]202[.]214/index/ hxxps://43[.]136[.]90[.]47:8443/verifyCode hxxp://223[.]247[.]128[.]176:8081/load hxxp://5[.]101[.]0[.]245/match hxxps://upbetanetworks[.]org:757/modules[.]html hxxps://121[.]37[.]202[.]214/index/ hxxp://185[.]11[.]61[.]85/IE9CompatViewList[.]xml hxxps://194[.]135[.]17[.]31/dot[.]gif hxxp://111[.]231[.]31[.]198:443/OIvO hxxp://124[.]222[.]64[.]203/match hxxp://119[.]29[.]145[.]4:8888/ptj hxxp://81[.]71[.]132[.]192/pixel[.]gif hxxp://150[.]158[.]181[.]243:8011/en_US/all[.]js hxxps://api[.]0nedriveup[.]com/match hxxp://8[.]130[.]128[.]97/ptj hxxp://82[.]115[.]223[.]34/cx hxxp://175[.]24[.]235[.]158:6060/ptj hxxp://154[.]221[.]17[.]44:2090/ptj hxxp://124[.]71[.]212[.]123:9999/ga[.]js hxxps://123[.]253[.]33[.]28/www/handle/doc hxxps://156[.]245[.]19[.]127:8443/en_US/all[.]js hxxp://39[.]101[.]72[.]224:8080/dot[.]gif hxxp://118[.]24[.]128[.]43/en_US/all[.]js hxxps://103[.]19[.]190[.]102/jquery-3[.]3[.]1[.]min[.]js hxxps://147[.]78[.]47[.]135/_/scs/mail-static/_/js/ hxxp://8[.]130[.]128[.]97:8080/load hxxps://zx[.]regsvrsvc[.]com/r_config hxxps://as[.]regsvrsvc[.]com/tab_home_active hxxps://qw[.]regsvrsvc[.]com/r_config hxxp://43[.]143[.]132[.]119/visit[.]js hxxp://20[.]237[.]12[.]116:8080/jquery-3[.]3[.]1[.]min[.]js hxxps://1[.]14[.]15[.]35/zOMGAPT hxxps://dejiwive[.]org/tab_shop[.]html hxxps://146[.]56[.]118[.]82/ga[.]js hxxp://123[.]207[.]20[.]16:5555/ga[.]js hxxp://59[.]110[.]235[.]230:9090/api/x hxxp://101[.]34[.]46[.]239/ca hxxp://devopspdx[.]com/nd[.]html hxxps://mortgagetf[.]com/tab_shop_active hxxps://13[.]124[.]248[.]90/cm hxxps://110[.]41[.]174[.]148/cx hxxp://13[.]124[.]248[.]90:12345/j[.]ad hxxps://101[.]133[.]128[.]248/test/v5[.]08/5CCAZJYAPM90 hxxps://devopspdx[.]com/links hxxp://31[.]44[.]184[.]232/ga[.]js hxxp://www[.]test9977[.]tk:2096/fwlink hxxps://185[.]11[.]61[.]85/visit[.]js hxxp://www[.]test9977[.]tk:2095/dpixel hxxps://ext[.]cdninternal[.]cloud/jquery-3[.]3[.]1[.]min[.]js hxxps://proxy[.]cdninternal[.]cloud/jquery-3[.]3[.]1[.]min[.]js hxxp://upbetanetworks[.]org:1080/dz hxxp://1[.]14[.]15[.]35/zOMGAPT hxxps://150[.]158[.]45[.]62/fwlink hxxps://175[.]178[.]3[.]16/jquery-3[.]3[.]1[.]min[.]js hxxp://8[.]140[.]135[.]23:8099/ca hxxp://152[.]136[.]171[.]6/dist/css/bootstrap[.]min[.]css hxxps://39[.]106[.]141[.]58/jquery-3[.]3[.]1[.]min[.]js hxxp://124[.]221[.]246[.]87:8888/cx hxxp://119[.]45[.]118[.]187:8880/api/3 hxxp://47[.]92[.]30[.]165/mall_100_100[.]html hxxp://192[.]3[.]103[.]77:3333/ca hxxps://c1[.]flashjick[.]top/api/3 hxxp://101[.]132[.]118[.]252:60010/jquery-3[.]3[.]1[.]min[.]js hxxp://47[.]111[.]19[.]173:8090/dpixel hxxps://42[.]193[.]101[.]234/pixel hxxp://123[.]249[.]8[.]30:9999/cm hxxps://34[.]150[.]32[.]61/pixel[.]gif hxxp://82[.]156[.]135[.]7/image/ hxxp://122[.]51[.]97[.]82:8888/IE9CompatViewList[.]xml hxxp://47[.]115[.]219[.]93:8809/match hxxp://119[.]3[.]253[.]250:8001/load hxxp://42[.]193[.]101[.]234/dpixel hxxps://64[.]27[.]23[.]140/push hxxp://24[.]199[.]101[.]0/visit[.]js hxxp://139[.]155[.]154[.]67:8089/en_US/all[.]js hxxp://124[.]220[.]215[.]247/updates[.]rss hxxp://175[.]24[.]235[.]158:6060/load hxxp://150[.]158[.]45[.]62/j[.]ad hxxp://123[.]207[.]5[.]159:89/load hxxp://43[.]138[.]62[.]36:7001/pixel[.]gif hxxps://111[.]231[.]22[.]61/ptj hxxps://119[.]45[.]62[.]86:8443/owa/ hxxps://utilityupdate[.]com/c/msdownload/update/others/2020/10/29136388_ hxxp://www[.]test9977[.]tk:2096/ca hxxp://www[.]gdstictk[.]buzz/pixel hxxp://64[.]227[.]18[.]171:8087/messages/C0527B0NM hxxps://123[.]12[.]213[.]187/static/js/jquery-3[.]3[.]1[.]min[.]js hxxps://183[.]61[.]188[.]11/static/js/jquery-3[.]3[.]1[.]min[.]js hxxps://219[.]151[.]137[.]57/static/js/jquery-3[.]3[.]1[.]min[.]js hxxp://82[.]115[.]223[.]34/en_US/all[.]js hxxp://47[.]99[.]177[.]59:5555/activity hxxp://47[.]96[.]174[.]24:88/visit[.]js hxxp://1[.]13[.]158[.]52:8099/activity hxxps://139[.]155[.]154[.]67/cx hxxps://43[.]153[.]222[.]28/__utm[.]gif hxxp://43[.]138[.]62[.]36:7001/IE9CompatViewList[.]xml hxxps://192[.]144[.]220[.]12:55555/j[.]ad hxxp://213[.]142[.]159[.]117/sigara[.]aspx hxxps://107[.]189[.]13[.]227/IE9CompatViewList[.]xml hxxp://124[.]71[.]1[.]66/cm hxxp://101[.]42[.]170[.]233:6666/ca hxxps://82[.]157[.]57[.]66/cm hxxp://62[.]234[.]29[.]194:9999/push hxxp://124[.]223[.]15[.]17:9999/cx hxxp://120[.]79[.]64[.]164:8888/audiencemanager[.]js hxxp://43[.]138[.]212[.]90:8089/jquery-3[.]3[.]1[.]min[.]js hxxps://nexgenemi[.]com/index[.]get/files/ajaxonly/load |
Cobalt Strike |
| URL | hxxp://194[.]180[.]48[.]72/18/hkcmd[.]exe hxxp://194[.]180[.]48[.]72/19/hkcmd[.]exe hxxp://194[.]180[.]48[.]72/60/igccu[.]exe hxxp://79[.]110[.]48[.]52/kenpol[.]vbs hxxp://103[.]183[.]115[.]28/M189T/wininit[.]exe hxxp://192[.]3[.]108[.]47/399/4/TiWorker[.]hta |
Formbook |
| URL | hxxp://94[.]156[.]161[.]167/KGT[.]vbs hxxp://94[.]156[.]161[.]167/UDH[.]vbs hxxp://194[.]180[.]49[.]211/D/Okk[.]txt hxxp://194[.]180[.]49[.]211/D/hamoriggin[.]txt hxxps://dlink[.]caesarsgroup[.]top/_errorpages/dlink/[.]%20[.]/obizx[.]exe hxxp://94[.]156[.]161[.]167/tl/ch63469[.]txt hxxp://193[.]42[.]33[.]63/fridayyyyFile[.]vbs hxxp://79[.]110[.]48[.]52/afk[.]vbs hxxp://94[.]156[.]161[.]167/HNL[.]vbs hxxp://79[.]110[.]48[.]52/nigazxbb[.]vbs hxxp://185[.]28[.]39[.]18:7777/185[.]28[.]39[.]18/meccazx[.]exe hxxp://192[.]3[.]176[.]153/312/TiWorker[.]exe hxxp://80[.]76[.]51[.]248/nigaxb[.]txt hxxp://185[.]28[.]39[.]18:7777/185[.]28[.]39[.]18/obizx[.]exe |
Agent Tesla |
| URL | hxxps://ilpiccolocampo[.]it/blog[.]php hxxps://imago-dp[.]com/blog[.]php hxxps://informatyczny[.]expert/blog[.]php |
GootLoader |
| URL | hxxp://5[.]42[.]65[.]80/Rocks[.]exe | Amadey |
| URL | hxxp://107[.]189[.]4[.]239/ZmYfQBiw[.]exe hxxp://128[.]140[.]120[.]34:27015/htdocs[.]zip hxxp://195[.]201[.]121[.]147/htdocs[.]zip hxxp://179[.]43[.]155[.]157/kKgodZZ[.]zip hxxp://tamk2op[.]top/build[.]exe hxxp://78[.]47[.]79[.]33/data[.]zip hxxp://78[.]47[.]74[.]49:10088/data[.]zip |
Vidar |
| URL | hxxp://ji[.]alie3ksgbb[.]com/m/esgla2i5[.]exe hxxp://ji[.]alie3ksgcc[.]com/m/opaa37[.]exe hxxp://ji[.]fhauiehgha[.]com/m/etty27[.]exe hxxp://ji[.]alie3ksgbb[.]com/m/ss29 hxxps://lightyearsaheads[.]com/mar2[.]exe hxxp://ji[.]alie3ksgdd[.]com/m/ss41[.]exe |
Fabookie |
| URL | hxxp://77[.]91[.]68[.]78/lend/deluxe_crypted[.]exe hxxps://ig-alajman[.]com/tmp/index[.]php hxxp://77[.]91[.]68[.]78/lend/19flbanzy[.]exe hxxps://karalaray[.]com/1[.]exe hxxp://171[.]22[.]28[.]222/1[.]exe hxxp://77[.]91[.]68[.]78/lend/1[.]exe |
RedLine Stealer |
| URL | hxxp://178[.]236[.]247[.]24/Belphegor_crypto[.]exe hxxp://94[.]142[.]138[.]20/version_s/upd[.]exe hxxp://markuschop[.]fun/api |
Lumma Stealer |
| URL | hxxps://subirfact[.]com/desktopditor[.]exe hxxp://64[.]188[.]13[.]135/VuigJjNLdL224[.]bin |
Remcos |
| URL | hxxps://selfam[.]dachhost[.]top/[.]rem hxxps://selfam[.]dachhost[.]top/[.]rem/rat[.]php hxxps://drepwer-phontestmans[.]sbs/remote/O4jg38vlQYkU hxxps://drepwer-phontestmans[.]sbs/remote hxxps://irwebhocks[.]online/files/?file_id=2DF5CGU010 hxxp://webclinetzero[.]cloud/remote/Receiver[.]php hxxp://webclinetzero[.]cloud//remote hxxp://webclinetzero[.]cloud/remote hxxp://webclinetzero[.]cloud/remote/V0JUrgiquQle hxxp://webclinetzero[.]cloud//remote/V0JUrgiquQle/request[.]php hxxp://webclinetzero[.]cloud/remote/V0JUrgiquQle/request[.]php hxxp://webclinetzero[.]cloud//remote/V0JUrgiquQle hxxps://irwebhocks[.]online/files hxxp://webclinetzero[.]cloud//remote/Receiver[.]php hxxp://webrequest[.]tech//remote/V0JUrgiquQle/request[.]php hxxp://webrequest[.]tech/remote/V0JUrgiquQle/request[.]php hxxp://webrequest[.]tech//remote/V0JUrgiquQle hxxp://webrequest[.]tech/remote/V0JUrgiquQle hxxp://webrequest[.]tech//remote hxxp://webrequest[.]tech/remote hxxp://webrequest[.]tech/remote/Receiver[.]php hxxp://webrequest[.]tech//remote/Receiver[.]php hxxps://jormnegaran[.]tk/data/1002063447/payment/adZ46cT5/game/send[.]php hxxps://jormnegaran[.]tk/data/1002063447/payment/adZ46cT5/Mellat[.]php hxxps://jormnegaran[.]tk/data/1002063447/payment/adZ46cT5/game/index[.]php hxxps://uploads[.]dachhost[.]top/khalvat/url[.]txt hxxps://uploads[.]dachhost[.]top/khalvat hxxps://uploads[.]dachhost[.]top/khalvat/rat[.]php hxxps://trpihgram[.]space/Game/?e=25685 hxxps://trpihgram[.]space/Game |
IRATA |
| URL | hxxp://18[.]228[.]137[.]45/9FAD56F1275408163AF75D3DCB67/macapa[.]pdf | Metamorfo |
| URL | hxxps://krc[.]workout[.]oystergardener[.]net/editContent hxxps://krafttopia[.]net/cdn/wds[.]min[.]php hxxps://krafttopia[.]net/cdn/zwewmrqqgqnaww[.]php hxxps://faseries[.]com/111[.]php hxxps://kld[.]workout[.]oystergardener[.]net/editContent hxxps://nulah[.]2023[.]ebeenj[.]com/editContent hxxps://uvqe[.]2023[.]ebeenj[.]com/editContent hxxps://vcrwtttywuuidqioppn1[.]com/vvmd54/ hxxps://vcrwtttywuuidqioppn1[.]com/ZgbN19Mx hxxps://vcrwtttywuuidqioppn1[.]com/lander/chrome/_index[.]php hxxps://lbymv[.]2023[.]ebeenj[.]com/editContent hxxps://greedyclowns[.]org/NTPm2fKs hxxps://sioaiuhsdguywqgyuhuiqw[.]org/lander/chrome/_index[.]php hxxps://sioaiuhsdguywqgyuhuiqw[.]org/vvmd54/ hxxps://sioaiuhsdguywqgyuhuiqw[.]org/ZgbN19Mx hxxps://mansaentertainment[.]com/cdn/wds[.]min[.]php hxxps://mansaentertainment[.]com/cdn/zwewmrqqgqnaww[.]php hxxps://pixelbase[.]com/111[.]php |
FAKEUPDATES |
| URL | hxxp://184[.]164[.]75[.]36/ZAVogKTdbvFvA15[.]bin hxxp://74[.]84[.]150[.]168/ploIZYQOFseZlftJJsUDT207[.]bin hxxp://85[.]195[.]105[.]126/rvvdShAkAwp157[.]bin |
CloudEyE |
| URL | hxxp://171[.]22[.]28[.]221/9e226a84ec50246d/nss3[.]dll hxxp://171[.]22[.]28[.]221/9e226a84ec50246d/msvcp140[.]dll hxxp://171[.]22[.]28[.]221/9e226a84ec50246d/freebl3[.]dll hxxp://171[.]22[.]28[.]221/9e226a84ec50246d/sqlite3[.]dll hxxp://171[.]22[.]28[.]221/9e226a84ec50246d/mozglue[.]dll hxxp://171[.]22[.]28[.]221/9e226a84ec50246d/vcruntime140[.]dll hxxp://171[.]22[.]28[.]221/9e226a84ec50246d/softokn3[.]dll hxxp://45[.]155[.]250[.]218/a8ed39255f1c5109[.]php hxxp://galandskiyher2[.]com/downloads/toolspub3[.]exe hxxp://galandskiyher2[.]com/downloads/toolspub2[.]exe hxxp://85[.]209[.]11[.]51/fefb4a458e1dc58b[.]php hxxp://85[.]209[.]11[.]51/5db65a39eefecd5d/freebl3[.]dll hxxp://85[.]209[.]11[.]51/5db65a39eefecd5d/mozglue[.]dll hxxp://85[.]209[.]11[.]51/5db65a39eefecd5d/nss3[.]dll hxxp://85[.]209[.]11[.]51/5db65a39eefecd5d/vcruntime140[.]dll hxxp://85[.]209[.]11[.]51/5db65a39eefecd5d/sqlite3[.]dll hxxp://85[.]209[.]11[.]51/5db65a39eefecd5d/msvcp140[.]dll hxxp://85[.]209[.]11[.]51/5db65a39eefecd5d/softokn3[.]dll hxxp://45[.]15[.]157[.]211/aebba6766a94d98b[.]php hxxp://45[.]15[.]157[.]211/6d44dd0da6f70e60/nss3[.]dll hxxp://45[.]15[.]157[.]211/6d44dd0da6f70e60/sqlite3[.]dll hxxp://45[.]15[.]157[.]211/6d44dd0da6f70e60/freebl3[.]dll hxxp://45[.]15[.]157[.]211/6d44dd0da6f70e60/softokn3[.]dll hxxp://45[.]15[.]157[.]211/6d44dd0da6f70e60/msvcp140[.]dll hxxp://45[.]15[.]157[.]211/6d44dd0da6f70e60/vcruntime140[.]dll hxxp://45[.]15[.]157[.]211/6d44dd0da6f70e60/mozglue[.]dll hxxp://45[.]155[.]250[.]218/92bfcbf4e12ebf6e/sqlite3[.]dll hxxp://45[.]155[.]250[.]218/92bfcbf4e12ebf6e/nss3[.]dll hxxp://45[.]155[.]250[.]218/92bfcbf4e12ebf6e/msvcp140[.]dll hxxp://45[.]155[.]250[.]218/92bfcbf4e12ebf6e/freebl3[.]dll hxxp://45[.]155[.]250[.]218/92bfcbf4e12ebf6e/mozglue[.]dll hxxp://45[.]155[.]250[.]218/92bfcbf4e12ebf6e/vcruntime140[.]dll hxxp://45[.]155[.]250[.]218/92bfcbf4e12ebf6e/softokn3[.]dll hxxp://78[.]47[.]166[.]143/f6a046f8befb95a1[.]php hxxp://christopherantonio[.]top/e9c345fc99a4e67e[.]php |
Stealc |
| URL | hxxp://gentexlog238[.]xyz/777/mtx5FW9[.]exe hxxp://gentexlog238[.]xyz/777/mtxB06s[.]exe hxxp://gentexlog238[.]xyz/777/mtxjP0F[.]exe hxxp://gentexlog238[.]xyz/777/mtx8oKv[.]exe hxxp://mkstat227[.]xyz/777/mtxSt15[.]exe |
Phobos |
| URL | hxxp://128[.]199[.]11[.]249/minerxd[.]exe hxxp://128[.]199[.]11[.]249/deliver[.]exe hxxp://o-smoze[.]com/netTime[.]exe |
Coinminer |
| URL | hxxp://fficial[.]oilrig[.]sbs/_errorpages/official/five/fre[.]php hxxp://official[.]oilrig[.]sbs/_errorpages/official/five/fre[.]php |
LokiBot |
| URL | hxxp://mail[.]treeoflifeadventures[.]com/wp-content/plugins/70d5e28f51c1438d94e3e6dc84b95311/xt/mmd/shell/UMLrjk2KC4fpJg5[.]exe hxxp://mail[.]treeoflifeadventures[.]com/wp-content/plugins/70d5e28f51c1438d94e3e6dc84b95311/xt/mmd/shell/u1S4ZLAEvK7pLe4neo[.]exe |
Nanocore RAT |
| URL | hxxp://lrvsd[.]shop/MOP341/index[.]php hxxp://ruiw[.]shop/RL341/index[.]php hxxp://185[.]28[.]39[.]18:7777/asiamandarin[.]buzz/deval/index[.]php |
Azorult |
| URL | hxxp://103[.]75[.]197[.]126:555/cGRSy_LGo1QYvBm9fGEo5QboyqxZqWHGVNOnxfWsHQHfCbgSq-RTjQ642mngBe8EAbJX9VCZPqtXbFnwObAEqOm5_Fzbs1-odo8ZZ7DTZkE8s7Z0rcw-3JU6XpFDTLbu2BXUXYz | Metasploit |
| URL | hxxp://37[.]49[.]230[.]139/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll hxxp://37[.]49[.]230[.]139/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll hxxp://37[.]49[.]230[.]139/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll hxxp://37[.]49[.]230[.]139/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll hxxp://37[.]49[.]230[.]139/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll hxxp://37[.]49[.]230[.]139/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll hxxp://37[.]49[.]230[.]139/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll hxxp://89[.]23[.]98[.]212/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll hxxp://89[.]23[.]98[.]212/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll hxxp://89[.]23[.]98[.]212/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll hxxp://89[.]23[.]98[.]212/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll hxxp://89[.]23[.]98[.]212/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll hxxp://89[.]23[.]98[.]212/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll hxxp://89[.]23[.]98[.]212/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll |
RecordBreaker |
| URL | hxxp://185[.]63[.]191[.]134/vmrequestdle[.]php hxxp://375230cm[.]nyashnyash[.]top/nyashsupport[.]php hxxp://77[.]91[.]68[.]78/lend/build1234dolla[.]exe hxxp://rocketchange[.]xyz/060d00f2[.]php |
DCRat |
| URL | hxxp://37[.]17[.]172[.]72/x86 hxxp://37[.]17[.]172[.]72/i686 hxxp://37[.]17[.]172[.]72/armv5l hxxp://5[.]206[.]224[.]174/rebirth[.]x86 hxxp://5[.]206[.]224[.]174/rebirth[.]mpsl hxxp://5[.]206[.]224[.]174/rebirth[.]spc hxxp://5[.]206[.]224[.]174/rebirth[.]arm5 |
Bashlite |
| URL | hxxp://amx285t[.]xyz/rh111[.]exe | Rhadamanthys |
| URL | hxxp://154[.]53[.]50[.]79:8081/Invoice_88737[.]lnk hxxp://44[.]203[.]122[.]41/AnyDesk[.]exe hxxp://44[.]203[.]122[.]41/Archevod_XWorm[.]exe hxxp://44[.]203[.]122[.]41/ClickMe[.]lnk hxxp://44[.]203[.]122[.]41/Magic_Stage[.]ps1 hxxp://44[.]203[.]122[.]41/Cmstp[.]bat hxxp://44[.]203[.]122[.]41/M[.]ps1 hxxp://44[.]203[.]122[.]41/Arch_scam[.]ps1 hxxp://159[.]69[.]11[.]30:8080/payload[.]zip hxxp://50[.]114[.]203[.]104:5000/XClient[.]bat |
XWorm |
| URL | hxxp://zochao[.]com:2351/gnindfth hxxp://zochao[.]com:2351/msizckgnyuh hxxp://zochao[.]com:2351/zckgnyuh |
DarkGate |
| URL | hxxp://194[.]169[.]175[.]133:8081/login hxxp://171[.]22[.]28[.]214:8081/login hxxp://168[.]119[.]230[.]141:8081/login hxxp://194[.]169[.]175[.]123:8081/login hxxp://5[.]42[.]79[.]238:8081/login hxxp://194[.]169[.]175[.]117:8081/login hxxp://79[.]110[.]62[.]11:8081/login hxxp://198[.]23[.]174[.]185:8081/login hxxp://194[.]169[.]175[.]249:8081/login hxxp://194[.]169[.]175[.]128:8081/login hxxp://171[.]22[.]28[.]243:8081/login hxxp://77[.]105[.]147[.]123:8081/login |
RisePro |
| URL | hxxp://mkstat227[.]xyz/777/skx88cS[.]exe hxxp://mkstat227[.]xyz/777/skxTclh[.]exe |
SystemBC |
| URL | hxxp://77[.]91[.]68[.]78/lend/crypt1234[.]exe | zgRAT |
| URL | hxxp://171[.]22[.]28[.]208/download/rise/StealerClient_Cpp1[.]exe | PrivateLoader |
| URL | hxxp://185[.]28[.]39[.]18:7777/185[.]28[.]39[.]18/sandshoezx[.]exe | XpertRAT |
| URL | hxxp://v-kolgotkah[.]ru/gate[.]php | Pony |
| URL | hxxps://hndcakewalkers[.]com/update1[.]exe | Raccoon |
| URL | hxxps://pasteio[.]com/raw/xAzjgXPOUmza hxxps://pasteio[.]com/raw/xdvH1JhfSHdv |
VoidRAT |
| URL | hxxps://pasteio[.]com/raw/xf9FaSPBixkT | NjRAT |
