不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様0社 -
2023/11/20
※2023/11/20 更新
マルウェア感染させると考えられるURLを検知(2023/11/20)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://mouseblock[.]pw/api hxxps://cdn[.]discordapp[.]com/attachments/1149095701733724203/1174025624365584404/Chlen[.]exe hxxp://zamesblack[.]fun/api hxxp://bezstpool[.]pw/api hxxp://steycools[.]pw/api hxxp://knittinprophec[.]pw/api hxxp://194[.]49[.]94[.]120/TrueCrypt_ypAWBs[.]exe hxxps://cdn[.]discordapp[.]com/attachments/1174371145454211074/1175209617601605832/Lwsecure_beta[.]exe |
Lumma Stealer |
| URL | hxxp://194[.]49[.]94[.]154/66860/need[.]exe hxxp://194[.]49[.]94[.]120/TrueCrypt_KlHkcF[.]exe hxxp://194[.]49[.]94[.]120/TrueCrypt_vlBfql[.]exe |
RedLine Stealer |
| URL | hxxp://185[.]196[.]9[.]186/bins/arm5 hxxp://185[.]196[.]9[.]186/bins/arm4 hxxp://188[.]166[.]67[.]116/fuckjewishpeople[.]mpsl hxxp://188[.]166[.]67[.]116/fuckjewishpeople[.]x86 hxxp://188[.]166[.]67[.]116/fuckjewishpeople[.]sparc hxxp://188[.]166[.]67[.]116/fuckjewishpeople[.]ppc hxxp://188[.]166[.]67[.]116/fuckjewishpeople[.]arm7 hxxp://188[.]166[.]67[.]116/fuckjewishpeople[.]mips hxxp://89[.]190[.]156[.]159/bins/x86 hxxp://89[.]190[.]156[.]159/x86 |
Bashlite |
| URL | hxxps://194[.]33[.]191[.]201/ZDIxMjJmY2NlZmE5/ hxxps://91[.]92[.]251[.]4/NmM2YjMyYjE4MmMx/ hxxps://185[.]192[.]246[.]251/NzI1OGM2YjI0NDE5/ hxxps://91[.]92[.]244[.]72/NmM2YjMyYjE4MmMx/ |
Coper |
| URL | hxxp://69[.]174[.]100[.]3/NOKoRSIS107[.]bin hxxp://69[.]174[.]100[.]3/KIrdrfjqvEVNuWi175[.]bin hxxp://69[.]174[.]100[.]3/rjWwHjAqwNivkz7[.]bin hxxp://69[.]174[.]100[.]3/qUcPiHhMRvOsLQGVeSmajJOAyEXI203[.]bin hxxp://69[.]174[.]100[.]3/zCdVTxyFvoZpJ130[.]bin |
CloudEyE |
| URL | hxxp://185[.]196[.]9[.]161/Aaezheyu[.]exe hxxp://89[.]208[.]105[.]5/minup[.]exe hxxp://89[.]208[.]105[.]5/500strim[.]exe |
zgRAT |
| URL | hxxps://gons19cl[.]top/build[.]exe hxxps://49[.]13[.]94[.]153/vcruntime140[.]dll hxxps://49[.]13[.]94[.]153/msvcp140[.]dll hxxps://49[.]13[.]94[.]153/nss3[.]dll hxxps://49[.]13[.]94[.]153/softokn3[.]dll hxxps://89[.]38[.]135[.]11/softokn3[.]dll hxxps://89[.]38[.]135[.]11/freebl3[.]dll hxxps://89[.]38[.]135[.]11/nss3[.]dll hxxps://89[.]38[.]135[.]11/vcruntime140[.]dll hxxps://116[.]202[.]189[.]41/mozglue[.]dll hxxps://116[.]202[.]189[.]41/nss3[.]dll hxxps://49[.]12[.]119[.]148/softokn3[.]dll hxxps://49[.]12[.]119[.]148/nss3[.]dll hxxps://78[.]47[.]61[.]97/mozglue[.]dll hxxps://167[.]235[.]143[.]166/softokn3[.]dll hxxps://167[.]235[.]143[.]166/msvcp140[.]dll hxxps://78[.]47[.]61[.]97/softokn3[.]dll hxxps://116[.]202[.]189[.]41/softokn3[.]dll hxxps://78[.]47[.]61[.]97/vcruntime140[.]dll hxxps://167[.]235[.]143[.]166/nss3[.]dll hxxps://78[.]47[.]61[.]97/nss3[.]dll hxxps://49[.]12[.]119[.]148/vcruntime140[.]dll hxxps://49[.]12[.]119[.]148/freebl3[.]dll hxxps://78[.]47[.]61[.]97/freebl3[.]dll hxxps://167[.]235[.]143[.]166/mozglue[.]dll hxxps://49[.]13[.]94[.]153/freebl3[.]dll hxxps://167[.]235[.]143[.]166/vcruntime140[.]dll hxxps://49[.]13[.]94[.]153/mozglue[.]dll hxxps://49[.]12[.]119[.]148/mozglue[.]dll hxxps://78[.]47[.]61[.]97/msvcp140[.]dll hxxps://116[.]202[.]189[.]41/vcruntime140[.]dll hxxps://116[.]202[.]189[.]41/msvcp140[.]dll hxxps://116[.]202[.]189[.]41/freebl3[.]dll hxxps://49[.]12[.]119[.]148/msvcp140[.]dll hxxps://167[.]235[.]143[.]166/freebl3[.]dll hxxps://89[.]38[.]135[.]11/sqlite3[.]dll hxxps://89[.]38[.]135[.]11/mozglue[.]dll hxxps://89[.]38[.]135[.]11/msvcp140[.]dll hxxps://gons2cl[.]top/build[.]exe |
Vidar |
| URL | hxxps://134[.]175[.]121[.]178/ptj hxxp://110[.]41[.]130[.]42:60001/jquery-3[.]3[.]1[.]min[.]js hxxp://43[.]130[.]70[.]58:8001/updates[.]rss hxxp://115[.]159[.]64[.]94/dpixel hxxp://45[.]227[.]255[.]189/dz hxxp://45[.]32[.]110[.]254:81/ca hxxp://39[.]108[.]104[.]62/list/hx28/config[.]php hxxp://aspmx5[.]googlemail[.]clsr[.]ca/activity hxxp://47[.]116[.]25[.]208/updates[.]rss hxxps://38[.]6[.]177[.]100/load hxxp://mricossoftmanager[.]info:8080/siteindex/c/ hxxp://39[.]100[.]84[.]221:53/mall_100_100[.]html hxxp://43[.]129[.]230[.]195:1433/ga[.]js hxxp://47[.]97[.]6[.]61/ptj hxxp://124[.]70[.]154[.]188/activity hxxp://43[.]130[.]70[.]58:8033/fwlink hxxp://47[.]92[.]203[.]152/j[.]ad hxxp://101[.]42[.]22[.]120:8000/j[.]ad hxxps://134[.]209[.]164[.]110/da hxxp://162[.]14[.]209[.]70:6666/dpixel hxxp://82[.]157[.]69[.]161:8099/push hxxp://43[.]138[.]188[.]41:5555/cm hxxp://powellfamilydentist[.]com:8080/nv[.]js hxxps://20[.]250[.]1[.]56/inquiry/v7[.]40/573P2JWK hxxps://206[.]189[.]20[.]119/cx hxxp://101[.]43[.]64[.]49:8000/ga[.]js hxxp://121[.]40[.]243[.]103:8080/push hxxp://92[.]63[.]196[.]45:81/ca hxxp://47[.]94[.]221[.]227/push hxxp://8[.]219[.]229[.]99/api/3 hxxp://150[.]158[.]139[.]244:4321/g[.]pixel hxxps://18[.]185[.]64[.]250/ca hxxp://150[.]158[.]50[.]177:7779/IE9CompatViewList[.]xml hxxp://110[.]41[.]11[.]72/pixel[.]gif hxxp://104[.]245[.]213[.]48/updates[.]rss hxxp://52[.]198[.]192[.]145:8082/cx hxxp://39[.]100[.]84[.]221:8888/mall_100_100[.]html hxxp://42[.]194[.]249[.]55/j[.]ad hxxp://82[.]157[.]57[.]66:6666/ga[.]js hxxp://117[.]50[.]162[.]183:8001/g[.]pixel hxxp://43[.]136[.]174[.]84:9999/dot[.]gif hxxp://23[.]95[.]14[.]229/pixel[.]gif hxxp://14[.]225[.]19[.]116:49153/pixel hxxp://43[.]132[.]146[.]67/dpixel hxxp://47[.]101[.]170[.]17:9898/ptj hxxps://112[.]74[.]74[.]125/IE9CompatViewList[.]xml hxxps://208[.]87[.]206[.]205/visit[.]js |
Cobalt Strike |
| URL | hxxp://45[.]95[.]147[.]236/download/xmrig[.]i686 hxxp://45[.]95[.]147[.]236/download/xmrig[.]arm7 hxxp://135[.]181[.]11[.]36/api/endpoint[.]php |
XMRig |
| URL | hxxp://194[.]49[.]94[.]210/fks/index[.]php hxxp://5[.]42[.]65[.]80/brandrock[.]exe |
SmokeLoader |
| URL | hxxp://194[.]49[.]94[.]154/trend/home[.]exe | PrivateLoader |
| URL | hxxps://mysupreme[.]com[.]my/npae/ hxxps://sukava[.]com/uoo/ hxxps://tungna[.]com/uill/ hxxps://ob[.]ae/qult/ hxxps://new[.]ob[.]ae/aun/ hxxps://jamaicaplumbingsupplies[.]com/llo/ hxxps://jenningscustomhomes[.]com/ps/ hxxps://tribunadeparnaiba[.]com/tao/ hxxps://thequeue[.]info/ei/ hxxps://sunuplaza[.]com/codm/ hxxps://baisakhihotels[.]com/lie/ hxxps://gwo-training[.]vn/ui/ hxxps://industrialoutlook[.]in/cplu/ hxxps://ashokd[.]com[.]np/mie/ hxxps://desdeelsentir[.]cl/erdu/ hxxps://ttc[.]edu[.]sg/emqr/ hxxps://galerija-boja[.]hr/nuqm/ hxxps://digitalvast[.]com/utd/ hxxps://handmaidscatholicschoolibadan[.]com/eap/ hxxps://bossajazzbrasil[.]com/eisu/ hxxps://ismartsocial[.]com/aa/ hxxps://story2kids[.]com/iets/ hxxps://fikweb[.]com[.]br/aeut/ hxxps://procurement[.]njc[.]gov[.]ng/el/ hxxps://mscat[.]pe/siqd/ hxxps://pintureriastokyo[.]com/mmi/ hxxps://luterlab[.]com[.]br/utim/ hxxp://ecocarstraders[.]co[.]za/xate/ hxxps://tumusicaapp[.]com/user/ hxxp://levantateelshow[.]com/anm/ hxxps://kalaiyatv[.]com/ipu/ hxxps://zmelectronique[.]com/eo/ hxxps://allenlaw[.]my/us/ hxxp://expeditionarystories[.]co/sdsq/ hxxps://shadedbsa[.]com[.]au/ioe/ hxxps://seatapps[.]ma/id/ hxxps://ecocarstraders[.]co[.]za/xate/ hxxp://neuropraxisrehab[.]com/rer/ hxxps://yongkang[.]vn/aer/ hxxp://supplyhook[.]net/qonr/ hxxp://megamound[.]com/sn/ hxxps://supplyhook[.]net/qonr/ hxxps://winpeforum[.]com/insx/ hxxp://gnettecnologia[.]com[.]br/san/ hxxps://kmcpokhara[.]edu[.]np/leih/ hxxp://satnet[.]ma/leit/ hxxps://seeprime[.]tv/apl/ hxxp://furrytalesdogwalker[.]co[.]uk/et/ hxxps://infaccocr[.]com/eoru/ hxxps://dambbel[.]ir/it/ hxxps://intercambiocristiano[.]com/se/ hxxps://epsol[.]cl/amt/ hxxps://global[.]edu[.]my/omoo/ hxxp://suitesejecutivasmonterrey[.]com/iau/ hxxps://thebeechesgarage[.]co[.]uk/ue/ hxxps://isamu[.]co[.]tz/eteo/ hxxp://fmrockzarate[.]com[.]ar/ut/ hxxp://mecsekenergetika[.]hu/tss/ hxxps://omniblendaustralia[.]com[.]au/oed/ hxxps://grahamelderpainting[.]co[.]uk/usd/ hxxp://dotarte[.]com[.]co/sl/ hxxp://howtomake[.]live/stt/ hxxps://expaceos[.]com/ae/ hxxps://recoveryoptions[.]com[.]au/ii/ hxxp://optradigital[.]com/epb/ hxxps://atrox[.]pk/miqi/ hxxp://mistspring[.]com/qtae/ hxxp://webdesigntm[.]eu/iao/ hxxp://tmhairboutique[.]co[.]uk/ism/ hxxp://migos[.]com[.]tw/on/ hxxps://migos[.]com[.]tw/on/ hxxps://tfciltd[.]com/pae/ hxxp://sgpolyerp[.]in/qs/ hxxps://prestigehouse1[.]net/aur/ hxxp://royalrang[.]com/cli/ hxxps://diliganz[.]lk/ed/ hxxps://buyfon[.]ir/mu/ hxxp://jumabar[.]co[.]uk/etra/ hxxps://fmrockzarate[.]com[.]ar/ut/ hxxp://vinatora[.]com/ou/ hxxps://nwblockpavinglandscaping[.]co[.]uk/uc/ hxxps://royalrang[.]com/cli/ hxxps://soyparaiso[.]com/rnmu/ hxxps://kghealthtech[.]com/teas/ hxxps://furrytalesdogwalker[.]co[.]uk/et/ hxxps://optradigital[.]com/epb/ hxxps://blushingtonbeauty[.]co[.]uk/ls/ hxxps://priorityhomewarranty[.]com/cqip/ hxxps://examcenter[.]ng/aet/ hxxps://limpopocitrus[.]co[.]za/tul/ hxxps://erpunique[.]com/mnau/ hxxps://medicalbrasil[.]com[.]br/ump/ hxxp://restaurant1[.]online/xr/ hxxps://dgmobilewelding[.]co[.]uk/rlq/ hxxps://tad24[.]ir/acuq/ hxxps://expeditionarystories[.]co/sdsq/ hxxps://kondisioner[.]az/ee/ hxxps://defendamazon[.]com[.]br/atu/ hxxps://unicomg[.]com/ira/ hxxp://global[.]edu[.]my/omoo/ hxxps://indmed[.]in/taqt/ hxxps://drtemelkovski[.]mk/ipr/ hxxp://lowestoftcarsandcommercial[.]co[.]uk/at/ hxxp://zmelectronique[.]com/eo/ hxxps://petertiohk[.]com/uavs/ hxxp://erpunique[.]com/mnau/ hxxps://rootsschools[.]edu[.]pk/tqr/ hxxps://miradamaga[.]cl/nsml/ hxxp://medicalbrasil[.]com[.]br/ump/ hxxps://neuropraxisrehab[.]com/rer/ hxxps://gorgorcity[.]com/uo/ hxxps://ab-pensiones[.]com/fpr/ hxxp://dsrtc-chanka[.]gob[.]pe/nt/ hxxps://crucialpsicologia[.]cl/ft/ hxxp://napcloud[.]in/ear/ hxxp://element5[.]mx/iaum/ hxxp://kghealthtech[.]com/teas/ hxxps://cms-mercedes[.]site/ei/ hxxp://tad24[.]ir/acuq/ hxxp://tumusicaapp[.]com/user/ hxxp://omal[.]in/iu/ hxxps://thobilem[.]co[.]za/is/ hxxp://thebeechesgarage[.]co[.]uk/ue/ hxxp://opal[.]rw/aeu/ hxxps://hassanacademy[.]edu[.]pk/cre/ hxxps://screeninghive[.]com/uue/ hxxp://pintureriastokyo[.]com/mmi/ hxxp://examcenter[.]ng/aet/ hxxps://ejstowing[.]com/omt/ hxxps://sgpolyerp[.]in/qs/ hxxps://consulting-azimut[.]net/nsso/ hxxp://ntnc[.]org[.]np/lio/ hxxp://ttt[.]com[.]bo/roo/ hxxps://venturesnepal[.]com/qe/ hxxps://omal[.]in/iu/ hxxp://miradamaga[.]cl/nsml/ hxxps://lowestoftcarsandcommercial[.]co[.]uk/at/ hxxps://casadelteatro[.]org[.]co/prm/ hxxps://dotarte[.]com[.]co/sl/ hxxps://tmhairboutique[.]co[.]uk/ism/ hxxps://rtt[.]com[.]co/lssl/ hxxps://djbaccess[.]co[.]uk/td/ hxxps://hseqinternational[.]com/au/ hxxps://webdesigntm[.]eu/iao/ hxxps://ttt[.]com[.]bo/roo/ hxxp://nwblockpavinglandscaping[.]co[.]uk/uc/ hxxp://winwinchapter[.]com/rm/ hxxps://coderscrowd[.]net/na/ hxxp://mscat[.]pe/siqd/ hxxp://morenahotel[.]com/ipic/ hxxp://mataranibio[.]com/ct/ hxxp://shadedbsa[.]com[.]au/ioe/ hxxps://smashcomunicaciones[.]com/at/ hxxp://patmypets[.]com/hto/ hxxp://jandjtowingliverpool[.]com[.]au/esoe/ hxxp://soon[.]ae/ep/ hxxps://lakesidegarden[.]net/al/ hxxps://restaurant1[.]online/xr/ hxxp://indmed[.]in/taqt/ hxxp://haidertour[.]com/lnqu/ hxxp://kalaiyatv[.]com/ipu/ hxxp://vclrendering[.]co[.]uk/olqi/ hxxps://apweslk[.]com/reeu/ hxxp://venturesnepal[.]com/qe/ hxxps://aiff[.]jo/qlq/ hxxps://napcloud[.]in/ear/ hxxp://gorgorcity[.]com/uo/ hxxp://hassanacademy[.]edu[.]pk/cre/ hxxp://ejstowing[.]com/omt/ hxxps://jumabar[.]co[.]uk/etra/ hxxps://morenahotel[.]com/ipic/ hxxps://portal[.]lpp[.]org[.]pk/eaic/ hxxps://rebuild[.]mk/lnul/ hxxps://iskillsjr[.]com/qam/ hxxp://expaceos[.]com/ae/ hxxps://satnet[.]ma/leit/ hxxps://levantateelshow[.]com/anm/ hxxps://patmypets[.]com/hto/ hxxp://rootsschools[.]edu[.]pk/tqr/ hxxps://skaphe[.]com[.]co/ln/ hxxps://tumail[.]org/umeo/ hxxps://eighttimeseight[.]com/aalo/ hxxps://mecsekenergetika[.]hu/tss/ hxxps://neoporter[.]com[.]br/in/ hxxps://mistspring[.]com/qtae/ hxxps://spbinan[.]com/etve/ hxxps://newheightsoverseas[.]com/sev/ hxxps://aquafixpropertymaintenance[.]co[.]uk/em/ hxxps://winwinchapter[.]com/rm/ hxxp://tufaulupamojardc[.]org/mgd/ hxxps://ringadoctor[.]com/mu/ hxxps://gnettecnologia[.]com[.]br/san/ hxxp://prodamp[.]com[.]au/qoq/ hxxps://globocia[.]com[.]br/tp/ hxxps://viaverde[.]com[.]ar/es/ hxxps://childrenshealthintl[.]org/ng/ hxxps://mcnamaratowing[.]com/roau/ hxxp://kmcpokhara[.]edu[.]np/leih/ hxxps://daumay[.]org[.]vn/ulpi/ hxxp://ringadoctor[.]com/mu/ hxxps://computernetworkteam[.]com/qete/ hxxps://dsrtc-chanka[.]gob[.]pe/nt/ hxxps://element5[.]mx/iaum/ hxxp://linksumuthokirtp[.]info/ep/ hxxp://prestigehouse1[.]net/aur/ hxxps://megamound[.]com/sn/ hxxps://icphs[.]edu[.]pk/slp/ hxxp://square4dnb[.]com/epec/ hxxp://urmiadesign[.]ir/ano/ hxxp://icphs[.]edu[.]pk/slp/ hxxps://profitlabforbeautybosses[.]com/sc/ hxxp://petertiohk[.]com/uavs/ hxxp://topitltd[.]com/oeui/ hxxp://recoveryoptions[.]com[.]au/ii/ hxxp://infaccocr[.]com/eoru/ hxxps://aih-group[.]com/eioa/ hxxps://prodamp[.]com[.]au/qoq/ hxxps://aimfireandsecurity[.]com/gtl/ hxxps://budapestmorgen[.]hu/llma/ hxxps://topitltd[.]com/oeui/ hxxp://santamariaviajesyturismo[.]com/eb/ hxxps://santamariaviajesyturismo[.]com/eb/ hxxps://mataranibio[.]com/ct/ hxxps://suitesejecutivasmonterrey[.]com/iau/ hxxp://iskillsjr[.]com/qam/ hxxps://haidertour[.]com/lnqu/ hxxps://partotaprayan[.]ir/iapd/ hxxp://neoporter[.]com[.]br/in/ hxxps://soon[.]ae/ep/ hxxps://urmiadesign[.]ir/ano/ hxxps://vclrendering[.]co[.]uk/olqi/ hxxps://jandjtowingliverpool[.]com[.]au/esoe/ hxxps://securecashapp[.]com/ce/ hxxp://thobilem[.]co[.]za/is/ hxxps://square4dnb[.]com/epec/ hxxps://ntnc[.]org[.]np/lio/ hxxp://yongkang[.]vn/aer/ hxxps://tufaulupamojardc[.]org/mgd/ hxxps://vinatora[.]com/ou/ hxxps://opal[.]rw/aeu/ hxxps://howtomake[.]live/stt/ hxxp://winpeforum[.]com/insx/ hxxp://newheightsoverseas[.]com/sev/ hxxps://asipl[.]live/od/ hxxps://linksumuthokirtp[.]info/ep/ hxxp://grahamelderpainting[.]co[.]uk/usd/ hxxp://seeprime[.]tv/apl/ hxxp://tfciltd[.]com/pae/ hxxp://allenlaw[.]my/us/ hxxp://cms-mercedes[.]site/ei/ hxxp://aimfireandsecurity[.]com/gtl/ hxxp://buyfon[.]ir/mu/ hxxp://aquafixpropertymaintenance[.]co[.]uk/em/ hxxp://dgmobilewelding[.]co[.]uk/rlq/ hxxp://budapestmorgen[.]hu/llma/ hxxp://computernetworkteam[.]com/qete/ hxxp://blushingtonbeauty[.]co[.]uk/ls/ hxxp://djbaccess[.]co[.]uk/td/ hxxp://diliganz[.]lk/ed/ hxxp://aih-group[.]com/eioa/ hxxp://defendamazon[.]com[.]br/atu/ hxxp://crucialpsicologia[.]cl/ft/ hxxp://coderscrowd[.]net/na/ hxxp://casadelteatro[.]org[.]co/prm/ hxxp://childrenshealthintl[.]org/ng/ hxxp://dambbel[.]ir/it/ hxxp://aiff[.]jo/qlq/ hxxp://apweslk[.]com/reeu/ hxxp://daumay[.]org[.]vn/ulpi/ hxxp://atrox[.]pk/miqi/ hxxp://asipl[.]live/od/ |
Pikabot |
| URL | hxxps://api[.]telegram[.]org/bot6565359783:AAG2zIARUkK55VUKAM347GkqYi6XrFUBqOs/ hxxps://cdn[.]discordapp[.]com/attachments/954517784224727123/958956296688795699/devmode[.]exe hxxps://cdn[.]discordapp[.]com/attachments/1174960246595276815/1174962550971047986/AWB_Ref[.]5839077413pdf[.]7z hxxp://91[.]92[.]246[.]47/afkjox[.]txt |
Agent Tesla |
| URL | hxxps://hds[.]caching[.]oysterfloats[.]com/editContent hxxps://imruf[.]caching[.]oysterfloats[.]com/editContent hxxps://gnreb[.]caching[.]oysterfloats[.]com/editContent hxxps://bdrd[.]novelty[.]akibacreative[.]com/editContent |
FAKEUPDATES |
| URL | hxxps://girlsmacktalk[.]com/enelverfactura/?hash=user@domain[.]com | Mekotio |
| URL | hxxps://gons20cl[.]top/build[.]exe hxxp://giuliotoro[.]icu/40d570f44e84a454[.]php |
Stealc |
| URL | hxxp://www[.]swiftguaranteedb[.]com/dftyh/lokinew/fre[.]php hxxps://www[.]swiftguaranteedb[.]com/dftyh/lokinew/fre[.]php hxxps://miners-gold[.]com/deddd/lokinew/fre[.]php hxxp://miners-gold[.]com/deddd/lokinew/fre[.]php hxxps://acutbank[.]com/ddddd/lokinew/fre[.]php |
LokiBot |
| URL | hxxps://muzzumilruheel[.]com/update[.]exe | RecordBreaker |
| URL | hxxp://103[.]30[.]76[.]56:8000/explorer[.]exe | Quasar RAT |
| URL | hxxps://gobo18cl[.]top/build[.]exe hxxp://185[.]196[.]9[.]161/v1[.]exe |
Mars Stealer |
| URL | hxxp://109[.]107[.]190[.]135/Trhcdbhtd[.]exe hxxp://185[.]196[.]9[.]161/Chjirossjr[.]exe |
Coinminer |
| URL | hxxps://saham[.]schwaldfamily[.]org/dex[.]apk hxxp://ir[.]xevcsau[.]wiki/Maeishati/app[.]apk |
IRATA |
