不正URLへのアクセス、不正メールの受信

メール受信した
弊社お客様0社 URLアクセスした
弊社お客様63社

2023/10/10
※2023/10/10 更新
マルウェア感染させると考えられるURLを検知（2023/10/10）

■IoC（※1）



Type:
IOC:
Signature:


URL
hxxps://45[.]66[.]230[.]22/java_done[.]exe
hxxps://45[.]66[.]230[.]22/payload[.]exe
Nanocore RAT


URL
hxxp://192[.]3[.]95[.]131/270/HTMLc[.]exe
hxxps://45[.]66[.]230[.]22/setup[.]exe
hxxp://192[.]3[.]95[.]131/280/HTMLC[.]EXE
hxxp://103[.]182[.]16[.]23/250/1/UFX[.]txt
hxxp://103[.]182[.]16[.]23/250/2/HTMLcc[.]vbs
hxxp://103[.]182[.]16[.]23/250/2/UFG[.]txt
hxxp://103[.]182[.]16[.]23/250/1/html[.]vbs
hxxp://103[.]182[.]16[.]23/250/3/UXO[.]txt
hxxp://103[.]182[.]16[.]23/250/3/HtmlCent[.]vbs
hxxp://103[.]182[.]16[.]23/250/3/ioi0OIOoi0IOIOIoi0OIOIioI0IOioi0000%23%23%23%23%23%23%23%23%23%23%23%23%23%2300ioi0ioiOI0oioiOIOI0ioIOIOI00%23%23%23%23%23%23%23%23%23%23%23%23%23%23000[.]doc
hxxp://103[.]182[.]16[.]23/250/1/IOI0OIOoioi0ooooi00IOIOoi0OoI00IIoioi0000%23%23%23%23%23%23%23%23%23%23%23%23%23%23000oi0ioio0OIOI0ioooI0IOioiOI0ioII%23%23%23%23%23%23%23%23%23%23%23%23%2300000000[.]doc
hxxp://103[.]182[.]16[.]23/250/2/i0ioi0o0IOoiio00I00oOOo0i0I0IOIOI0OIOIo00%23%23%23%23%23%23%23%23%23%23%23%23%23%2300i0ioio0OIOI0iooIO0iiooio0%23%23%23%23%23%23%23%23%23%23%23%23%23%23000000[.]doc
hxxp://193[.]42[.]33[.]63/hhreexploit[.]vbs
hxxp://193[.]42[.]33[.]63/x[.]x[.]x[.]x[.]doc
hxxp://79[.]110[.]48[.]52/bkop[.]vbs
hxxp://81[.]161[.]229[.]226/vacxopl[.]vbs
hxxp://79[.]110[.]48[.]52/nicko[.]vbs
hxxp://185[.]255[.]114[.]43/HZbByPcBFnmt213[.]bin
hxxp://94[.]156[.]161[.]167/tl/eg6667[.]txt
hxxp://94[.]156[.]161[.]167/tl/ig5443[.]txt
hxxp://107[.]175[.]3[.]22/330/audiodgs[.]exe
hxxps://www[.]tt22[.]in/cs
hxxp://107[.]175[.]3[.]22/UHO/1/i0ioiioi0oioioI0IOIOOI0OIOI0i0ioo00%23%23%23%23%23%23%23%23%23%23%23%23%23%2300i0ioii0ioi0oioi0oiooio0000%23%23%23%23%23%23%23%23%23%23%23%23%23%2300000[.]doc
hxxp://107[.]175[.]3[.]22/236/sihost[.]exe
Agent Tesla


URL
hxxp://weaselplacerif[.]fun/api
hxxps://uc2dde06dfda4495703517a59e75[.]dl[.]dropboxusercontent[.]com/cd/0/get/CFBsEw-8VyzEP4r_NtLikSy3Ex4hGsPYLg6Xs96H-bYY5pUmBDLv5xyg3FtcDQSrd52RMssE5yua4_GHP6ouaOh-erLw1Ud6MXeYZLFHkijGES9InMLw-6BTi_bzrcOHB9IKkY8wS65iFLo6BlJaEeuc/file?dl=1
hxxp://noisemakjelly[.]fun/api
hxxp://artificialleath[.]fun/api
hxxp://firmpanacewa[.]fun/api
hxxp://npskudlu[.]com/cllip[.]exe
hxxp://begonblom[.]fun/api
hxxp://thuspulllig[.]fun/api
hxxp://cameponceowa[.]site/api
hxxp://decorhighsa[.]pw/api
hxxp://destroyevensusp[.]fun/api
hxxp://blingaspireojhau[.]online/api
hxxp://81[.]161[.]229[.]219/files/document[.]pdf
hxxp://81[.]161[.]229[.]219/files/deluxe_crypted[.]exe
hxxp://bytecloudasa[.]website/api
hxxp://pedigreeprotone[.]fun/api
hxxp://nursepridespan[.]fun/api
hxxp://orgstekomnw[.]pw/api
hxxps://alwassataimmo[.]com/12/cutchapter[.]exe
hxxp://manguvorpmi[.]pw/api
hxxp://hawsteamjoak[.]fun/api
hxxps://alwassataimmo[.]com/12/formeremploy[.]exe
hxxp://crossmuchscandta[.]pw/api
Lumma Stealer


URL
hxxps://mohasanteck[.]com/am/?08304421
hxxps://shankarmaharaj[.]com/num/?28054421
hxxps://hudaibiahcollege[.]com/eaup/?31234421
hxxps://rawdah-mlhm[.]com/iin/?29134421
hxxps://pineheightsystems[.]com[.]ng/ei/?17204421
hxxps://transmilez[.]com/isup/?47204421
hxxps://med-care[.]co/qoiu/?39104421
hxxps://roexperts[.]in/rep/?06154421
hxxps://florotek[.]com/utat/?43254421
hxxps://mobilefixer[.]in/rat/?23104421
hxxps://kcims[.]org/ua/?12204421
hxxps://taxicentral[.]ir/qll/?72534421
hxxps://mudratherapy[.]in/eqa/?35304421
hxxps://constitutionalsanctuarycity[.]org/eit/?68434421
hxxps://kapaass[.]com/mn/?69634421
hxxps://kevinpharmachem[.]com/su/?96334421
hxxps://med-care[.]co/qoiu/?94334421
hxxps://masterschoolkandana[.]site/sort/?29334421
hxxps://novpara[.]capital/se/?78334421
hxxps://motherteresacharitablesociety[.]com/sati/?00304421
hxxps://arosalmasayif[.]com/rc/?26154421
hxxps://webdesigninhull[.]co[.]uk/tei/?38204421
hxxps://raffaelamarescalco[.]it/uisc/?61104421
hxxps://aliandcompany[.]pk/saii/?09204421
hxxps://nahitahukuk[.]com/qaq/?87234421
hxxps://thenostalgistfilm[.]com/mis/?57304421
hxxps://learnstuffs[.]com/eoun/?07134421
hxxps://jlsangola[.]com/quc/?16104421
hxxps://desarrollosprogramas[.]com/ttsa/?74434421
hxxps://fouredgefm[.]com/iemt/?66134421
hxxps://nexspace[.]co[.]th/uii/?95204421
hxxps://scholarshiplug[.]com/uun/?71254421
hxxps://masterschoolkandana[.]site/sort/?00304421
hxxps://geetabeautyhub[.]in/pt/?39434421
hxxps://flatfeecorp[.]co/or/?78134421
hxxps://rodriyt[.]com/qi/?07304421
hxxps://fit-decor[.]com/fas/?51254421
hxxps://europe-garage-automobile[.]com/atu/?38134421
hxxps://norcantec[.]com[.]ar/umn/?13334421
hxxps://teachenglishonline[.]org/eaom/?00234421
hxxps://technopark[.]com[.]pk/ma/?79034421
hxxps://rodeate[.]com/uee/?53334421
hxxps://mostlynonsensical[.]com/rb/?35034421
hxxps://brandpacker[.]net/oel/?20924421
hxxps://arigopay[.]com/pamr/?71134421
hxxps://spertual[.]site/umd/?67334421
hxxps://nahitahukuk[.]com/qaq/?67734421
hxxps://topdailystory[.]com/ste/?29634421
hxxps://hudaibiahcollege[.]com/eaup/?00134421
hxxps://futurefoodfarms[.]com[.]ng/gmss/?54234421
hxxps://sppflash[.]com[.]ar/utsv/?43334421
hxxps://drmurtazashomoeopathy[.]in/bman/?46034421
hxxps://twingalleria[.]com/ec/?39134421
hxxps://wedoit[.]global/arp/?68334421
hxxps://my-lynk[.]com/niu/?68734421
hxxps://geetabeautyhub[.]in/pt/?90134421
hxxps://fouredgefm[.]com/iemt/?72034421
hxxps://drmurtazashomoeopathy[.]in/bman/?74034421
hxxps://ko2labs[.]com/isa/?03134421
hxxps://miammiam[.]sg/rina/?02334421
hxxps://nahitahukuk[.]com/qaq/?51034421
hxxps://gazisupershop[.]com/ae/?95634421
hxxps://hudaibiahcollege[.]com/eaup/?11034421
hxxps://zeytouni[.]net/dl/?67634421
hxxps://trysupplements[.]online/rr/?66234421
hxxps://kcims[.]org/ua/?42234421
hxxps://adz[.]biz[.]id/rt/?37034421
hxxps://servicecustomercare[.]com/seip/?19634421
hxxps://mweimall[.]co[.]ke/cu/?31234421
hxxps://promediol[.]com/it/?00034421
hxxps://lpexpert[.]site/qtqu/?63924421
hxxps://med-care[.]co/qoiu/?68034421
hxxps://strategy180[.]com[.]au/amsn/?70234421
hxxps://theconsulting[.]io/iidt/?79034421
hxxps://nexspace[.]co[.]th/uii/?63234421
hxxps://trysupplements[.]online/rr/?65134421
hxxps://casagilapizaco[.]mx/it/?13634421
hxxps://mostlynonsensical[.]com/rb/?67924421
hxxps://taxitransferskeri[.]com/rit/?19534421
hxxps://metalfiber[.]com[.]pe/put/?31734421
hxxps://europe-garage-automobile[.]com/atu/?40134421
hxxps://servicecustomercare[.]com/seip/?49924421
hxxps://beseen-bla[.]com/troi/?71824421
hxxps://onlinegratuitycalculator[.]com/eta/?25824421
hxxps://supremeelevator[.]com/msti/?94924421
hxxps://hooverrepairservicecenterauthorized[.]com/mrrs/?61034421
hxxps://antarperu[.]com[.]pe/uqe/?23924421
hxxps://hudaibiahcollege[.]com/eaup/?12034421
hxxps://mortgage-application-form[.]com/bem/?13924421
hxxps://khalimoff[.]com/std/?20924421
hxxps://portleon[.]com/uh/?61924421
hxxps://easyfitautoglass[.]co[.]za/iqat/?16434421
hxxps://geetabeautyhub[.]in/pt/?11924421
hxxps://geetabeautyhub[.]in/pt/?38824421
hxxps://metalfiber[.]com[.]pe/put/?78824421
hxxps://saurcool[.]com/nt/?19924421
hxxps://garimaenterprises[.]co[.]in/se/?65924421
hxxps://desertandbloom[.]com/uq/?64924421
hxxps://lionaiassistant[.]com/vde/?47624421
hxxps://packline[.]org/eoor/?76434421
hxxps://norcantec[.]com[.]ar/umn/?65034421
hxxps://hudaibiahcollege[.]com/eaup/?48134421
hxxps://clinicsmilekraft[.]com/uees/?66034421
hxxps://beautyforwellness[.]com/ti/?34924421
hxxps://teravonsolar[.]com/is/?13134421
hxxps://futurefoodfarms[.]com[.]ng/gmss/?31824421
hxxps://brilliant-solutions[.]ae/it/?24034421
hxxps://i-techsolutions[.]co[.]ke/amr/?56134421
hxxps://ezejiamatufoundation[.]com/etr/?65924421
hxxps://xirconhomes[.]com[.]au/oelu/?09924421
hxxps://culturadireitoesociedade[.]com[.]br/ts/?86334421
hxxps://culturadireitoesociedade[.]com[.]br/ts/?11034421
hxxps://ikhsoyod[.]mn/ums/?03724421
hxxps://futurefoodfarms[.]com[.]ng/gmss/?74824421
hxxps://gfs-ae[.]com/sd/?85334421
hxxps://mostlynonsensical[.]com/rb/?00834421
hxxps://myprojectssydney[.]com[.]au/iest/?18434421
hxxps://europe-garage-automobile[.]com/atu/?62034421
hxxps://metalfiber[.]com[.]pe/put/?78724421
hxxps://hermanaluzangelica[.]com/qe/?20824421
hxxps://arosalmasayif[.]com/rc/?73834421
hxxps://shopnovinplus[.]com/uon/?05924421
hxxps://ezejiamatufoundation[.]com/etr/?34724421
hxxps://naun[.]com[.]br/ur/?69034421
hxxps://beseen-bla[.]com/troi/?44824421
hxxps://vertical-gardener[.]com/cqlu/?06724421
hxxps://i-techsolutions[.]co[.]ke/amr/?24824421
hxxps://twingalleria[.]com/ec/?97624421
hxxps://allazeez[.]in/ue/?21634421
hxxps://pakistanroof[.]com/ps/?76234421
hxxps://ezejiamatufoundation[.]com/etr/?28054421
hxxps://tsmedia[.]id/atso/?63824421
hxxps://adast-alfn[.]com/suai/?22634421
hxxps://nexspace[.]co[.]th/uii/?87824421
hxxps://mostlynonsensical[.]com/rb/?48534421
hxxps://mallasprogalv[.]com/ia/?96924421
hxxps://rshm[.]co[.]in/eaii/?03734421
hxxps://norcantec[.]com[.]ar/umn/?68724421
hxxps://oximedbolivia[.]com/turn/?00034421
hxxps://pakistanroof[.]com/ps/?80434421
hxxps://shriganapathisourses[.]com/cor/?22434421
hxxps://adast-alfn[.]com/suai/?42434421
hxxps://flatfeecorp[.]co/or/?88624421
hxxps://thestandpoint[.]ca/catm/?71134421
hxxps://brasigncertificacao[.]com[.]br/ates/?69634421
hxxps://plawers[.]com/TOA/
Pikabot


URL
hxxps://saurcool[.]com/nt/
hxxps://garimaenterprises[.]co[.]in/se/
hxxps://mallasprogalv[.]com/ia/
hxxps://jobhunt88[.]com/ad/
hxxps://qastoman[.]com/du/
hxxps://englishnet[.]com[.]mx/qe/
hxxps://lavaliosa[.]com[.]mx/di/
hxxps://needzsolutions[.]com/oeiu/
hxxps://agriformexico[.]com/fc/
hxxps://rshm[.]co[.]in/eaii/
hxxps://nowapsiindia[.]com/eoas/
hxxps://alphamgt[.]com[.]ng/solr/
hxxps://onlinegratuitycalculator[.]com/eta/
hxxps://mcbsistemas[.]com[.]br/al/
hxxps://akpoazaagroup[.]com/qnr/
hxxps://clinicsmilekraft[.]com/uees/
hxxps://itscnf[.]com/rs/
hxxps://abouthealthupdates[.]us/atic/
hxxps://wizzardz-solutions[.]com/ar/
hxxps://geetabeautyhub[.]in/pt/
hxxps://antarperu[.]com[.]pe/uqe/
hxxps://novpara[.]capital/se/
hxxps://skillerszone[.]com/eexe/
hxxps://celestialthaispa[.]com/pt/
hxxps://astroheenasharma[.]in/efmr/
hxxps://mobilefixer[.]in/rat/
hxxps://aviorify[.]com/ie/
hxxps://wagonslearning[.]in/uiqq/
hxxps://pehspl[.]co[.]in/td/
hxxps://gazisupershop[.]com/ae/
hxxps://amshesp[.]com/rooe/
hxxps://xirconhomes[.]com[.]au/oelu/
hxxps://bandafourhead[.]com[.]br/oiai/
hxxps://futurefoodfarms[.]com[.]ng/gmss/
hxxps://pseventer[.]com/di/
hxxps://gfs-ae[.]com/sd/
hxxps://ptferubbers[.]com/uua/
hxxps://nexspace[.]co[.]th/uii/
hxxps://broadwayevents[.]co[.]za/oeii/
hxxps://standartbud[.]net/turo/
hxxps://pmsarkarijob[.]com/cm/
hxxps://facturial[.]es/equ/
hxxps://kimandclak-ltd[.]com/lam/
hxxps://naun[.]com[.]br/ur/
hxxps://mortgage-application-form[.]com/bem/
hxxps://drmurtazashomoeopathy[.]in/bman/
hxxps://constitutionalsanctuarycity[.]org/eit/
hxxps://ongoing[.]website/stsa/
hxxps://arigopay[.]com/pamr/
hxxps://4am[.]health/ate/
hxxps://yagneek[.]com/sm/
hxxps://dollar2023[.]com/esd/
hxxps://salaammaharashtra[.]in/mqu/
hxxps://digitalsafecertificadora[.]com[.]br/eeta/
hxxps://freguesiadabeleza[.]com[.]br/auf/
hxxps://loganwritersfestival[.]com[.]au/umco/
hxxps://lpexpert[.]site/qtqu/
hxxps://shriganapathisourses[.]com/cor/
hxxps://excelliaschool[.]edu[.]in/ior/
hxxps://europe-garage-automobile[.]com/atu/
hxxps://provfin[.]com[.]au/ea/
hxxps://i-techsolutions[.]co[.]ke/amr/
hxxps://wagonsskillfoundation[.]com/ameu/
hxxps://vbnexcod[.]co[.]in/ri/
hxxps://conceptloop[.]net/rdm/
hxxps://twafcreative[.]com/iqui/
hxxps://chetanaenterprises-nx[.]com/tide/
hxxps://currylounge[.]ca/rtum/
hxxps://cinecreativofilmschool[.]com/issn/
hxxps://desarrollosprogramas[.]com/ttsa/
hxxps://fouredgefm[.]com/iemt/
hxxps://adast-alfn[.]com/suai/
hxxps://liegefelicio[.]com[.]br/qgl/
hxxps://demandehypothecaire[.]ca/uq/
hxxps://casagilapizaco[.]mx/it/
hxxps://sallybdran[.]co[.]il/uem/
hxxps://want2beme[.]com/acm/
hxxps://jobvortex[.]com/si/
hxxps://learnstuffs[.]com/eoun/
hxxps://bamboom[.]com[.]co/eq/
hxxps://buyshyhub[.]com/tu/
hxxps://zeytouni[.]net/dl/
hxxps://kapaass[.]com/mn/
hxxps://sppflash[.]com[.]ar/utsv/
hxxps://kevinpharmachem[.]com/su/
hxxps://simplyvisit[.]co[.]uk/tpae/
hxxps://casadebill[.]org/it/
hxxps://theconsulting[.]io/iidt/
hxxps://mostlynonsensical[.]com/rb/
hxxps://allazeez[.]in/ue/
hxxps://forextradings[.]net/vt/
hxxps://medrexmedicaltrding[.]tw/taub/
hxxps://technopark[.]com[.]pk/ma/
hxxps://hermanaluzangelica[.]com/qe/
hxxps://cheaptravelservice[.]us/is/
hxxps://nahitahukuk[.]com/qaq/
hxxps://icg-egy[.]net/det/
hxxps://portleon[.]com/uh/
hxxps://angelesescobar[.]cl/uure/
hxxps://lucreindia[.]com/mte/
hxxps://radiancegroup[.]info/teu/
hxxps://bellepreviews[.]com/tute/
hxxps://topdailystory[.]com/ste/
hxxps://kernel-ec[.]com/oore/
hxxps://aakashfertilitycentre[.]in/qsp/
hxxps://radhagobindrefrigeration[.]com/is/
hxxps://aquatickidsglobalschool[.]com/et/
hxxps://zahra-nejati[.]ir/uaq/
hxxps://teravonsolar[.]com/is/
hxxps://funsaef[.]org/ips/
hxxps://beautyforwellness[.]com/ti/
hxxps://psservicesindia[.]com/doet/
hxxps://assuredservice[.]co[.]in/ln/
hxxps://queenbbridals[.]ng/rt/
hxxps://norcantec[.]com[.]ar/umn/
hxxps://shopnovinplus[.]com/uon/
hxxps://mweimall[.]co[.]ke/cu/
hxxps://drawbox[.]pt/etue/
hxxps://poonamcoatings[.]com/tio/
hxxps://alfa-omega-pty[.]com/as/
hxxps://benaamedia[.]com/siui/
hxxps://norvik[.]ug/gteu/
hxxps://medigest[.]in/uaeq/
hxxps://buyproductnow[.]online/dol/
hxxps://urhobodaily[.]com/oue/
hxxps://rawdah-mlhm[.]com/iin/
hxxps://fit-decor[.]com/fas/
hxxps://packline[.]org/eoor/
hxxps://med-care[.]co/qoiu/
hxxps://flatfeecorp[.]co/or/
hxxps://shreekalastudioz[.]com/est/
hxxps://thestandpoint[.]ca/catm/
hxxps://kejriwalyojana[.]com/qoua/
hxxps://uniquemanufacture[.]co[.]in/eo/
hxxps://oximedbolivia[.]com/turn/
hxxps://khalimoff[.]com/std/
hxxps://promediol[.]com/it/
hxxps://pakistanroof[.]com/ps/
hxxps://stjohnsdamoh[.]co[.]in/er/
hxxps://tingolazodeportes[.]com/re/
hxxps://nbsdevelopments[.]com/na/
hxxps://brilliant-solutions[.]ae/it/
hxxps://desertandbloom[.]com/uq/
hxxps://petholickw[.]com/lm/
hxxps://rapidskinandhairclinic[.]com/iaol/
hxxps://realestateimpact[.]us/laoo/
hxxps://sparespace[.]in/lli/
hxxps://saiffastners[.]com/mqdo/
hxxps://ikhsoyod[.]mn/ums/
hxxps://medicionacustica[.]cl/eio/
hxxps://olimartesser[.]com[.]br/iuts/
hxxps://olympicscientific[.]ca/ee/
hxxps://mastersite[.]fun/dsso/
hxxps://technopus[.]com/ate/
hxxps://websfy[.]com/sa/
hxxps://arosalmasayif[.]com/rc/
hxxps://fairwayslogistics[.]org/il/
hxxps://akla[.]com[.]pk/oua/
hxxps://spertual[.]site/umd/
hxxps://metalfiber[.]com[.]pe/put/
hxxps://hooverrepairservicecenterauthorized[.]com/mrrs/
hxxps://newspaperman[.]in/arp/
hxxps://yushanmedia[.]com[.]np/taiq/
hxxps://easyfitautoglass[.]co[.]za/iqat/
hxxps://beseen-bla[.]com/troi/
hxxps://rodeate[.]com/uee/
hxxps://airtaceuropa[.]com/trqa/
hxxps://kcims[.]org/ua/
hxxps://hypothequeswestisland[.]ca/aim/
hxxps://priceclub[.]online/ln/
hxxps://organicfoodslahore[.]com/tsa/
hxxps://adz[.]biz[.]id/rt/
hxxps://servicecustomercare[.]com/seip/
hxxps://miammiam[.]sg/rina/
hxxps://strategy180[.]com[.]au/amsn/
hxxps://jekinformatica[.]com[.]br/pi/
hxxps://gpexpatservices[.]com/ain/
hxxps://buzzbt[.]io/blio/
hxxps://shalife[.]in/luoi/
hxxps://pusadurbanbank[.]com/id/
hxxps://vulturetv[.]com/tau/
hxxps://maxcelulares[.]com[.]br/ie/
hxxps://courageousmefoundation[.]org/tuni/?1
hxxps://ecosing[.]com/qc/?1
hxxps://grocerycorridor[.]com/aso/?1
hxxps://harsiddhindustries[.]com/leo/?1
hxxps://katsuamber[.]site/pg/?1
hxxps://kidsneedsbd[.]com/trs/?1
hxxps://nasa2000[.]com[.]mx/mia/?1
hxxps://owe[.]org[.]af/oled/?1
hxxps://palpa[.]ps/otle/?1
hxxps://rtp-kapuas88[.]com/snr/?1
hxxps://sebifan[.]ro/srti/?1
hxxps://tepor[.]it/lqas/?1
hxxps://therapyhealstrauma[.]com/paqe/?1
hxxps://uniget[.]com[.]br/let/?1
hxxps://wirkaleufu[.]cl/do/?1
hxxps://wpconversionking[.]com/acu/?1
hxxps://xpertmarketing[.]mx/bea/?1
hxxps://babycaresms[.]com/dso/?1
hxxps://camerazone[.]lk/dlv/?1
hxxps://aarzu[.]com[.]pk/rebr/?1
hxxps://xavierliras[.]com/lgtv/?1
hxxps://xavierliras[.]com/lgtv/
DarkGate


URL
hxxps://www[.]alliancegold[.]com[.]ec/download/Uzcfllcvmp[.]vdf
hxxp://mail[.]treeoflifeadventures[.]com/wp-content/plugins/70d5e28f51c1438d94e3e6dc84b95311/xt/mmd/shell/shedremko2[.]1[.]exe
hxxp://193[.]26[.]115[.]174:222/2[.]txt
hxxp://mail[.]treeoflifeadventures[.]com/wp-content/plugins/70d5e28f51c1438d94e3e6dc84b95311/xt/mmd/shell/shekinga2[.]1[.]exe
Remcos


URL
hxxps://legalny[.]com[.]pl/comments[.]php
hxxps://lewispublishing[.]org/comments[.]php
hxxps://local[.]silly-beer[.]com/comments[.]php
hxxps://manfredfohringer[.]de/comments[.]php
hxxps://marketstrategiesmgmt[.]com/comments[.]php
GootLoader


URL
hxxps://gta-fportal[.]com/Game
hxxps://mynameisnull[.]site/config/
hxxps://gta-fportal[.]com/Game/?e=73661
hxxps://mynameisnull[.]site/config/-1001228456341
hxxps://mynameisnull[.]site/api/
hxxps://mynameisnull[.]site/api/-1001228456341
hxxp://edalat-shan[.]com/c/app[.]apk
hxxps://saham-cs[.]skcarriages[.]com/sahamedalat[.]apk
hxxps://saham-b[.]skcarriages[.]com/sahamedalat[.]apk
hxxps://sbijanr[.]xyz/microb2/main[.]php?get=sms
hxxps://sbijanr[.]xyz/microb2/main[.]php
hxxps://sbijanr[.]xyz/microb2
hxxps://hamyar-mahak[.]site/Basic
hxxps://saham-d[.]skcarriages[.]com/sahamedalat[.]apk
hxxps://saham-pa[.]skcarriages[.]com/sahamedalat[.]apk
hxxps://saham-vn[.]skcarriages[.]com/sahamedalat[.]apk
hxxps://ed[.]sahamiru[.]hair/%F0%9D%90%9C%E2%80%8C%E2%80%8C/dex[.]apk
hxxps://remote[.]mynameiszeus[.]site/api/-1001832626536
hxxps://remote[.]mynameiszeus[.]site/api/
hxxps://remote[.]mynameislusi[.]site/api/-1001830809790
hxxps://remote[.]mynameislusi[.]site/config/-1001830809790
hxxps://remote[.]mynameislusi[.]site/api/
hxxps://remote[.]mynameislusi[.]site/config/
hxxps://a[.]mynameisbasil[.]site/api/
hxxps://a[.]mynameisbasil[.]site/api/-1001739572410
hxxps://mmdapks[.]click/dead/web[.]txt
hxxps://mmdapks[.]click/dead/log[.]php
hxxps://mmdapks[.]click/dead
hxxps://remote[.]mynameislusi[.]site/api/-1001921881932
hxxps://remote[.]mynameislusi[.]site/config/-1001921881932
hxxps://sdmbyo[.]xyz/api/-1001942487619
hxxps://sdmbyo[.]xyz/api/
hxxps://connhandle[.]lat/esf/esf[.]php
hxxps://connhandle[.]lat/esf/
hxxps://connhandle[.]lat/esf/esf[.]php?h=
hxxps://cmakeapp[.]com/esf/strawberry[.]php
hxxps://cmakeapp[.]com/[.][.][.]
hxxps://cmakeapp[.]com/esf/
hxxps://cmakeapp[.]com/esf/grape[.]php
hxxps://saeasmekldlkj[.]click/saeed
hxxps://ssd-vip[.]website/matin/log[.]php
hxxps://ssd-vip[.]website/matin/web[.]txt
IRATA


URL
hxxps://residencialcasabrasileira[.]com/111[.]php
hxxps://fablane[.]com/cdn/qzwewmrqqgqnaww[.]php
hxxps://nmbvcxzasedrt[.]com/ZgbN19Mx
hxxps://fablane[.]com/cdn-js/minlen[.]php
hxxps://nmbvcxzasedrt[.]com/vvmd54/
hxxps://nmbvcxzasedrt[.]com/lander/chrome_1695206714/_index[.]php
hxxps://wsexdrcftgyy191[.]com/vvmd54/
hxxps://wsexdrcftgyy191[.]com/ZgbN19Mx
hxxps://wsexdrcftgyy191[.]com/lander/chrome_1695206714/_index[.]php
hxxps://scripts[.]asi[.]services/cX458IXVf9TcXk/nhNa+y0nWDAAY7JxpQFgRZT9/nUk=
hxxps://ghost[.]blueecho88[.]com/O1K1D0Bw1mZfcI89DGCZLUg70S0BZYA8An6XfRlol2FQP9thST3ULUY=
hxxps://ghost[.]blueecho88[.]com/uI+ovsOty9fcrZKMj7uEnMvmzJyCuJmJi7mZkpr9ioSa5cTMwunJxMH8z9fW7c7fwf7DnMU=
hxxps://ghost[.]blueecho88[.]com/9cQh7I7mQoWR5hvewvYNzoatRc7P8hLdxf0TwNe2A9bXo1GPlKdGlJiyU5qNqE+OhrEDkQ==
hxxps://ghost[.]blueecho88[.]com/Ew7j5GgsgI13LNnWJD3PxmBnh8YpOdbRITvSyDF8wd4xeJGWfnyKgn1lho54ZoSDdGHBmQ==
hxxps://ghost[.]blueecho88[.]com/AGh0V3tKFz5kSk5lN1tYdXMBEHU6XkRjMV1HeyIaVm0iEBgkYQUSOHgBBSF6Ag0+Yx0DOWNKCQ==
hxxps://content[.]garretttrails[.]org/mzXaf+AXuRb/F+BNrQf2XekX4F3hXvgC
hxxps://profit[.]3stepsprofit[.]com/w9oh4Eb+nJcoTBIGMhP1HSKoyd5j5dB+uXnmyjIya18=
hxxps://ghost[.]blueecho88[.]com/0WXHA6pHpGq1R/0x5lfrIaIMoyHrU/Qz413+L/MX5TnzDrJ5qRKoZrkVsGywR7o=
hxxp://lfbmjjcanenfllj[.]top/1[.]php?s=515
hxxps://configuratorpro[.]com/cdn-js/minlen[.]php
hxxps://configuratorpro[.]com/cdn/qzwewmrqqgqnaww[.]php
hxxps://antiqueglossary[.]com/111[.]php
hxxps://xfhfv[.]2023[.]ebeenj[.]com/editContent
hxxps://sxsq[.]2023[.]ebeenj[.]com/editContent
hxxps://zhlr[.]2023[.]ebeenj[.]com/editContent
hxxps://lsa[.]2023[.]ebeenj[.]com/editContent
hxxps://poa[.]2023[.]ebeenj[.]com/editContent
hxxps://cbi[.]layout[.]oystergardens[.]us/editContent
hxxps://dmq[.]layout[.]oystergardens[.]us/editContent
hxxps://wwsvf[.]layout[.]oystergardens[.]us/editContent
hxxps://mroqy[.]layout[.]oystergardens[.]us/editContent
hxxps://xtw[.]layout[.]oystergardens[.]us/editContent
FAKEUPDATES


URL
hxxp://91[.]103[.]252[.]146/fafe12c571213745/msvcp140[.]dll
hxxp://91[.]103[.]252[.]146/fafe12c571213745/sqlite3[.]dll
hxxp://91[.]103[.]252[.]146/fafe12c571213745/vcruntime140[.]dll
hxxp://91[.]103[.]252[.]146/fafe12c571213745/softokn3[.]dll
hxxp://91[.]103[.]252[.]146/fafe12c571213745/mozglue[.]dll
hxxp://91[.]103[.]252[.]146/fafe12c571213745/nss3[.]dll
hxxp://91[.]103[.]252[.]146/fafe12c571213745/freebl3[.]dll
hxxp://5[.]42[.]65[.]39/bed95ea4798a5204[.]php
hxxp://5[.]42[.]65[.]80/ship[.]exe
hxxp://95[.]216[.]187[.]218/cf2bf91a3641f615[.]php
hxxp://dominiczachary[.]top/e9c345fc99a4e67e[.]php
hxxp://45[.]9[.]74[.]80/zinda[.]exe
hxxp://79[.]137[.]192[.]18/minda[.]exe
Stealc


URL
hxxp://85[.]209[.]11[.]78/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll
hxxp://85[.]209[.]11[.]78/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll
hxxp://85[.]209[.]11[.]78/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll
hxxp://85[.]209[.]11[.]78/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll
hxxp://85[.]209[.]11[.]78/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll
hxxp://85[.]209[.]11[.]78/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll
hxxp://85[.]209[.]11[.]78/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll
hxxp://45[.]15[.]156[.]141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140[.]dll
hxxp://45[.]15[.]156[.]141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140[.]dll
hxxp://45[.]15[.]156[.]141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3[.]dll
hxxp://45[.]15[.]156[.]141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue[.]dll
hxxp://45[.]15[.]156[.]141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3[.]dll
hxxp://45[.]15[.]156[.]141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3[.]dll
hxxp://45[.]15[.]156[.]141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3[.]dll
hxxp://77[.]91[.]68[.]78/lend/lnstalIer[.]exe
RecordBreaker


URL
hxxp://185[.]225[.]74[.]144/files/get4[.]exe
Coinminer


URL
hxxps://cdn[.]discordapp[.]com/attachments/1138093608747143333/1159527975616790618/fotha0925877[.]exe?ex=65315994&is=651ee494&hm=3ef25bde629919d016980588cc12e912244bb46930e942dd8eb1b373ba687cf7&
Lu0Bot


URL
hxxp://sentrex219[.]xyz/777/mtxrI8N[.]exe
hxxp://sentrex219[.]xyz/777/mtx56po[.]exe
Phobos


URL
hxxp://77[.]91[.]68[.]78/lend/trafico[.]exe
hxxp://77[.]91[.]68[.]52/fuza/nano[.]exe
hxxp://185[.]216[.]70[.]222/two0710[.]exe
hxxp://77[.]91[.]68[.]78/lend/asca1ex123111[.]exe
hxxp://77[.]91[.]68[.]78/lend/buildtest[.]exe
hxxp://77[.]91[.]68[.]78/lend/cats[.]exe
hxxp://185[.]216[.]70[.]222/trafico[.]exe
hxxp://77[.]91[.]68[.]78/lend/build9999[.]exe
hxxp://77[.]91[.]68[.]78/lend/build1111[.]exe
RedLine Stealer


URL
hxxp://146[.]56[.]118[.]82:443/wITI
hxxp://45[.]207[.]27[.]79:8080/ca
hxxp://20[.]237[.]62[.]65:4444/ga[.]js
hxxp://81[.]161[.]229[.]129/match
hxxp://47[.]94[.]130[.]42:88/en_US/all[.]js
hxxp://5[.]101[.]0[.]241/dpixel
hxxp://5[.]101[.]0[.]245/activity
hxxp://5[.]101[.]0[.]241/__utm[.]gif
hxxp://5[.]101[.]0[.]245/pixel[.]gif
hxxps://120[.]25[.]167[.]104/jquery-3[.]3[.]1[.]min[.]js
hxxp://82[.]156[.]161[.]35/load
hxxp://121[.]4[.]154[.]20:81/__utm[.]gif
hxxp://124[.]222[.]149[.]52:9999/cm
hxxp://124[.]220[.]180[.]112:84/pixel[.]gif
hxxps://firefox[.]org[.]cn:8443/jquery-3[.]3[.]1[.]min[.]js
hxxp://119[.]23[.]229[.]180:8090/match
hxxp://82[.]157[.]154[.]247/updates[.]rss
hxxp://43[.]138[.]235[.]42/__utm[.]gif
hxxp://116[.]205[.]241[.]185:50000/updates[.]rss
hxxps://119[.]45[.]188[.]119:8443/jquery-3[.]3[.]1[.]min[.]js
hxxp://47[.]74[.]25[.]100:7777/fwlink
hxxp://101[.]6[.]15[.]130:9090/ga[.]js
hxxp://82[.]156[.]136[.]99:8087/updates[.]rss
hxxp://106[.]75[.]214[.]55/IE9CompatViewList[.]xml
hxxp://123[.]60[.]140[.]76:8000/match
hxxp://118[.]31[.]34[.]136:9988/load
hxxp://101[.]46[.]91[.]89:4444/en_US/all[.]js
hxxp://124[.]223[.]62[.]233/dot[.]gif
hxxp://8[.]140[.]198[.]4/cx
hxxp://8[.]130[.]121[.]136:8888/en_US/all[.]js
hxxp://8[.]134[.]154[.]168:6666/load
hxxp://39[.]107[.]233[.]55/pixel
hxxps://acornservices[.]org/ex4600[.]html
hxxp://82[.]156[.]4[.]204/push
hxxp://101[.]43[.]13[.]21:9999/visit[.]js
hxxp://60[.]204[.]171[.]143/cx
hxxp://43[.]140[.]199[.]163:8090/__utm[.]gif
hxxp://101[.]43[.]70[.]206:8888/ga[.]js
hxxp://139[.]9[.]93[.]128/IE9CompatViewList[.]xml
hxxps://helloone[.]accountants[.]monster:8443/index[.]jsp
hxxps://43[.]138[.]235[.]42/IE9CompatViewList[.]xml
hxxp://185[.]162[.]235[.]241/ptj
hxxp://117[.]72[.]35[.]30:2222/updates[.]rss
hxxp://152[.]136[.]116[.]44:8032/jquery-3[.]3[.]1[.]min[.]js
hxxp://72[.]44[.]69[.]115:8001/ca
hxxp://119[.]23[.]52[.]84:3333/fwlink
hxxps://51[.]250[.]16[.]184/updates[.]rss
hxxp://81[.]71[.]68[.]50:8099/search/
hxxps://79[.]110[.]62[.]156/c/msdownload/update/others/2020/10/29136388_
hxxps://upcls[.]online/c/msdownload/update/others/2020/10/29136388_
hxxp://116[.]205[.]189[.]199:6666/jd/
hxxp://45[.]152[.]64[.]178:8086/j[.]ad
hxxps://211[.]149[.]146[.]23:10443/api/getit
hxxp://103[.]146[.]158[.]207/dpixel
hxxp://165[.]22[.]225[.]110/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
hxxp://124[.]71[.]130[.]71/fwlink
hxxp://101[.]43[.]13[.]21:9998/IE9CompatViewList[.]xml
hxxp://124[.]222[.]149[.]52:4444/IE9CompatViewList[.]xml
hxxp://175[.]178[.]150[.]86/ca
hxxp://124[.]220[.]224[.]87:5555/ga[.]js
hxxp://1[.]12[.]60[.]132:5555/load
hxxp://121[.]4[.]50[.]245:8010/visit[.]js
hxxp://122[.]9[.]136[.]39:7777/dot[.]gif
hxxps://124[.]70[.]141[.]123/jquery-3[.]3[.]1[.]min[.]js
hxxp://123[.]249[.]115[.]56:8083/updates[.]rss
hxxp://119[.]23[.]52[.]84:8000/j[.]ad
hxxp://1[.]117[.]79[.]251:88/load
hxxp://1[.]117[.]79[.]251:1234/push
hxxp://101[.]42[.]101[.]185:8008/__utm[.]gif
hxxp://110[.]42[.]192[.]76/dpixel
hxxp://60[.]204[.]202[.]16:9090/dpixel
hxxps://8[.]137[.]102[.]137/fwlink
hxxp://162[.]14[.]98[.]165/__utm[.]gif
hxxp://8[.]137[.]102[.]137:8085/pixel[.]gif
hxxp://8[.]137[.]102[.]137:3389/fwlink
hxxps://8[.]137[.]102[.]137:8086/visit[.]js
hxxp://35[.]235[.]86[.]69/cm
hxxp://45[.]207[.]27[.]79:8080/g[.]pixel
hxxps://exchange[.]thestarl[.]com/jquery-3[.]3[.]1[.]min[.]js
hxxps://submit-data[.]com/jquery-3[.]3[.]1[.]min[.]js
hxxp://www[.]wlndows[.]net:8080/jquery-3[.]3[.]1[.]min[.]js
hxxps://120[.]24[.]38[.]217:4433/fwlink
hxxp://147[.]78[.]47[.]134/_/scs/mail-static/_/js/
hxxp://43[.]139[.]107[.]237:10000/__utm[.]gif
hxxps://exchange[.]thestarl[.]com:2096/jquery-3[.]3[.]1[.]min[.]js
hxxp://175[.]178[.]99[.]133/ptj
hxxp://195[.]123[.]242[.]133/Devise/about/DAO9KDE3X
hxxps://195[.]123[.]242[.]133/Devise/about/DAO9KDE3X
hxxps://185[.]196[.]9[.]6/jquery-3[.]3[.]1[.]min[.]js
hxxps://api[.]0nedriveup[.]com/en_US/all[.]js
hxxp://8[.]130[.]128[.]97/ga[.]js
hxxps://103[.]39[.]78[.]153/cx
hxxp://120[.]26[.]46[.]50:8873/match
hxxp://8[.]130[.]128[.]97:8080/cx
hxxp://43[.]138[.]30[.]109:7524/push
hxxps://43[.]138[.]30[.]109:7777/__utm[.]gif
hxxp://124[.]220[.]215[.]247/fwlink
hxxps://139[.]199[.]180[.]136/activity
hxxps://8[.]130[.]125[.]172/__utm[.]gif
hxxp://134[.]209[.]104[.]32:465/bootstrap[.]min[.]js
hxxps://64[.]190[.]113[.]226/dot[.]gif
hxxps://91[.]149[.]237[.]92/en_US/all[.]js
hxxps://120[.]26[.]46[.]50:8879/dpixel
hxxp://8[.]137[.]102[.]137:8085/dpixel
hxxp://162[.]14[.]98[.]165/j[.]ad
hxxp://8[.]137[.]102[.]137:3389/j[.]ad
hxxp://43[.]139[.]107[.]237:10000/load
hxxp://43[.]138[.]30[.]109:8888/IE9CompatViewList[.]xml
hxxp://92[.]63[.]196[.]46:8092/en_US/all[.]js
hxxp://150[.]158[.]212[.]71/visit[.]js
hxxps://8[.]137[.]102[.]137:8086/en_US/all[.]js
hxxps://116[.]198[.]11[.]22/updates[.]rss
hxxp://58[.]144[.]198[.]69:7777/j[.]ad
hxxp://111[.]229[.]163[.]225/ga[.]js
hxxp://94[.]156[.]253[.]138/visit[.]js
hxxp://124[.]70[.]179[.]54:8888/fwlink
hxxp://91[.]149[.]237[.]92:23333/load
hxxp://8[.]130[.]128[.]97/load
hxxp://42[.]192[.]37[.]72:50055/pixel
hxxps://104[.]21[.]37[.]76:8443/pixel
hxxps://awda[.]updatecode[.]xyz:2087/cx
hxxp://91[.]149[.]237[.]92:2086/activity
hxxps://106[.]14[.]141[.]187:8443/match
hxxp://124[.]70[.]179[.]54:8888/match
hxxps://185[.]225[.]75[.]69:8443/IE9CompatViewList[.]xml
hxxp://123[.]207[.]5[.]159:89/push
hxxp://124[.]221[.]76[.]197/load
hxxps://124[.]221[.]76[.]197/activity
hxxps://91[.]149[.]237[.]92/ga[.]js
hxxps://172[.]67[.]191[.]252/ptj
hxxps://104[.]21[.]20[.]81/pixel
hxxps://106[.]15[.]190[.]195/include/template/isx[.]php
hxxp://121[.]36[.]224[.]175:8888/visit[.]js
hxxp://60[.]204[.]135[.]117/dpixel
hxxps://156[.]245[.]19[.]127:8443/j[.]ad
hxxps://165[.]227[.]141[.]64:4433/en_US/all[.]js
hxxps://79[.]110[.]62[.]125/jquery-3[.]3[.]1[.]min[.]js
hxxp://111[.]230[.]15[.]118:8089/push
hxxps://124[.]156[.]163[.]253/fwlink
hxxp://106[.]14[.]149[.]88:4545/fwlink
hxxp://msdn[.]ajax-microsoft[.]com/link/v3[.]22/4EN738VY
hxxps://115[.]159[.]115[.]41/visit[.]js
hxxp://150[.]158[.]161[.]38:8081/cx
Cobalt Strike


URL
hxxp://sentrex219[.]xyz/777/skxODnP[.]exe
hxxp://mkstat227[.]xyz/777/skxr65o[.]exe
hxxps://giyahgostar[.]com/perferendismollitia/i[.]exe
SystemBC


URL
hxxp://23[.]95[.]106[.]3/250/Tugksta[.]exe
hxxp://192[.]3[.]95[.]205/630/htmlc[.]exe
Formbook


URL
hxxp://96[.]9[.]208[.]32/bqCxhqN246[.]bin
hxxp://185[.]255[.]114[.]44/ROiOu148[.]bin
hxxp://103[.]106[.]67[.]20/PbGvXyKcGaJ94[.]bin
hxxp://185[.]255[.]114[.]43/blKLobYknXN39[.]bin
CloudEyE


URL
hxxp://communicalink[.]com/putty[.]exe
hxxp://hdstatusvideos[.]com/codice/Informazioni[.]zip
hxxp://evolve-adv[.]com/codice/Azienda[.]zip
hxxp://lavacolla[.]com/centro/index[.]php
hxxp://www[.]lotuskshetri[.]com[.]np/centro/index[.]php
hxxp://dichvuphanmem[.]net/centro/AiHgsdFWqAuOpkRyK
hxxp://srsorvete[.]com[.]br/centro/index[.]php
hxxp://mobile[.]covid-alzawraa-lab[.]com/centro/CUtJWdFWvzWMS
hxxp://arbitrag38[.]ru/centro/XgYONUGxxFSUsPIGr
hxxp://culinaria-passoapasso[.]artesanatodosucesso[.]com/centro/MWXRnPqWKjpu
hxxp://live[.]com[.]gt/codice/Cliente[.]zip
hxxp://lavacolla[.]com/codice/Documenti[.]zip
hxxp://lawtosuccess[.]com/codice/Documenti[.]zip
hxxp://proaug[.]com/centro/index[.]php
Gozi


URL
hxxp://171[.]22[.]28[.]208/download/rise/StealerClient_Sharp1[.]exe
hxxp://171[.]22[.]28[.]214/PolymodXT[.]exe
hxxp://194[.]169[.]175[.]144:8081/login
RisePro


URL
hxxp://galandskiyher4[.]com/downloads/toolspub2[.]exe
hxxps://onualituyrs[.]org/987123[.]exe
hxxps://admiretourism[.]com/tmp/index[.]php
hxxp://wirtshauspost[.]at/tmp/
hxxp://talesofpirates[.]net/tmp/
hxxp://soetegem[.]com/tmp/
hxxp://msktk[.]ru/tmp/
SmokeLoader


URL
hxxp://103[.]30[.]10[.]177/660/audiodg[.]exe
hxxp://202[.]55[.]134[.]71/sett/kung[.]exe
hxxps://moodelstore[.]tel/user/five/fre[.]php
hxxp://moodelstore[.]tel/user/five/fre[.]php
hxxp://185[.]216[.]71[.]207/_errorpages/evil1/five/fre[.]php
LokiBot


URL
hxxps://79[.]110[.]62[.]189/cafiii[.]jpg
hxxp://193[.]26[.]115[.]174:222/1[.]jpg
hxxp://193[.]26[.]115[.]174:222/1[.]xml
hxxps://upload[.]vina-host[.]com/CQOwGIT7vk/windows[.]exe
AsyncRAT


URL
hxxp://77[.]91[.]68[.]78/lend/Stealer[.]exe
Eternity


URL
hxxp://ji[.]fhauiehgha[.]com/m/ss47[.]exe
hxxp://aa[.]jaoaaoas11[.]com/m/zoeg4a5[.]exe
Fabookie


URL
hxxp://103[.]238[.]234[.]86/x86_64
hxxp://95[.]214[.]25[.]116//Yboats[.]i686
hxxp://95[.]214[.]25[.]116//Yboats[.]arm7
Bashlite


URL
hxxp://cncdevelopment[.]org/b9djs2g/index[.]php
Amadey


URL
hxxp://193[.]37[.]70[.]233/L1nc0In[.]php
hxxps://textbin[.]net/raw/cgeahsl8f7
DCRat


URL
hxxp://179527[.]com/386
hxxp://179527[.]com/mips
hxxp://179527[.]com/aarch64
hxxp://179527[.]com/mips64
hxxp://179527[.]com/mipsel
hxxp://179527[.]com/mips64el
hxxp://179527[.]com/arm7
hxxp://179527[.]com/arm6
hxxp://179527[.]com/arm5
hxxp://179527[.]com/amd64
hxxp://179527[.]com/linux
Kaiji


URL
hxxp://216[.]238[.]110[.]110:8080/downloader[.]vbs
Raccoon


URL
hxxp://zdv[.]life/public/gate
Luca Stealer


URL
hxxp://94[.]228[.]162[.]50/book[.]zip
hxxp://168[.]119[.]115[.]218/archieve[.]zip
hxxp://49[.]13[.]86[.]44:27015/archieve[.]zip
Vidar


URL
hxxps://pasteio[.]com/raw/xZetAwydE0XA
VoidRAT




※1「i-FILTER」アクセスログを検索し端末を特定してください
    不要なアクセスを避けるため、一部変更しております。


■製品対応状況（※2）
▽i-FILTER（※3）
・[脅威情報サイト]カテゴリでブロック可能

※2 ブロックの可否は各製品の設定によるため、実際の結果はアクセスログを参照してください。
※3 暗号化された通信の場合は、SSL Adapterの設定を「利用」にする必要があります。