不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様1社 -
2023/12/25
※2023/12/25 更新
マルウェア感染させると考えられるURLを検知(2023/12/25)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://jewelassertivebop[.]fun/api hxxp://77[.]91[.]124[.]172/files/lumtru[.]exe hxxp://tablesockartfinewa[.]pw/api hxxp://claimpassivedebatw[.]pw/api hxxp://makeexpectentrypon[.]pw/api hxxp://cupaffordcathedralk[.]fun/api hxxp://kitchenfootballkiw[.]fun/api hxxps://agedelayglacierwe[.]pw/api |
Lumma Stealer |
| URL | hxxp://184[.]105[.]191[.]94/sh4 hxxp://184[.]105[.]191[.]94/i686 hxxp://184[.]105[.]191[.]94/armv5l hxxp://184[.]105[.]191[.]94/armv6l hxxp://184[.]105[.]191[.]94/sparc hxxp://184[.]105[.]191[.]94/armv4l hxxp://184[.]105[.]191[.]94/powerpc hxxp://184[.]105[.]191[.]94/mipsel hxxp://184[.]105[.]191[.]94/mips hxxp://184[.]105[.]191[.]94/x86 hxxp://184[.]105[.]191[.]94/i586 hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]spc hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]ppc hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]arm5 hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]mips hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]mpsl hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]sh4 hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]arm7 hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]x86 hxxp://37[.]44[.]238[.]75/mont/[.]nekoisdaddy[.]arm |
Bashlite |
| URL | hxxp://146[.]70[.]79[.]70/esOLzYTZpUkXTW71[.]bin hxxp://146[.]70[.]79[.]70/pOPACIBBn112[.]bin hxxp://98[.]126[.]19[.]29/s/etopt[.]exe hxxp://212[.]162[.]149[.]96/QqvtYg99[.]bin hxxp://212[.]162[.]149[.]96/COCxX30[.]bin hxxp://212[.]162[.]149[.]96/ipzTQSFvKWw244[.]bin hxxp://146[.]70[.]79[.]52/yNnBFnpiRtL190[.]bin hxxp://212[.]162[.]149[.]96/tztWU243[.]bin |
CloudEyE |
| URL | hxxp://86[.]48[.]18[.]223:666/files/m[.]jpg hxxp://185[.]81[.]157[.]213:222/70x1[.]txt hxxp://185[.]81[.]157[.]213:222/78[.]jpg hxxp://185[.]81[.]157[.]213:222/T2Gen[.]txt hxxp://185[.]81[.]157[.]213:222/x4[.]jpg hxxp://185[.]81[.]157[.]213:222/T2[.]jpg hxxp://185[.]81[.]157[.]213:222/9k[.]jpg hxxp://185[.]81[.]157[.]213:222/T2Ge[.]txt hxxp://185[.]81[.]157[.]213:222/595[.]txt hxxp://193[.]34[.]212[.]17/Doc[.]iso hxxp://51[.]89[.]212[.]151:222/dd[.]jpg hxxp://51[.]89[.]212[.]151:222/333z[.]txt hxxps://cdn[.]discordapp[.]com/attachments/1187867044465619116/1187868651739693227/2HDBEW[.]exe hxxps://cdn[.]discordapp[.]com/attachments/1187867044465619116/1187868646656192584/1FHAHW[.]exe hxxps://cdn[.]discordapp[.]com/attachments/1187867044465619116/1187868658756767855/3POHFE[.]exe hxxps://cdn[.]discordapp[.]com/attachments/1187867044465619116/1187868664230330460/4BHREBQW[.]exe hxxps://cdn[.]discordapp[.]com/attachments/1187867044465619116/1187868670282694656/5HWYVCB[.]exe |
AsyncRAT |
| URL | hxxps://artemis[.]community/gallery/jaKY8ETX3ZZLjueg[.]ps1 | Remcos |
| URL | hxxp://degarmen[.]com/neuvo/4ygvd[.]exe hxxp://degarmen[.]com/neuvo/nigown[.]exe hxxp://91[.]92[.]254[.]27/myn[.]txt hxxps://artemis[.]community/gallery/RLvT9SwCp1PDm4p5[.]ps1 hxxp://91[.]92[.]253[.]245/5hkld[.]js hxxp://91[.]92[.]253[.]245/4satry[.]js hxxp://91[.]92[.]253[.]245/nigxo[.]js hxxp://212[.]162[.]149[.]96/jTUdENoc176[.]bin hxxp://91[.]92[.]242[.]81/OZY[.]exe hxxp://91[.]92[.]242[.]81/OYZ[.]exe hxxp://91[.]92[.]242[.]81/HTR[.]exe hxxp://91[.]92[.]241[.]90/SDC[.]exe hxxp://198[.]46[.]174[.]147/3470/wlanext[.]exe hxxp://198[.]46[.]174[.]147/2360/wlanext[.]exe hxxp://82[.]118[.]21[.]69/yiy/IMG_7005_21603pdf[.]exe hxxp://91[.]92[.]241[.]241/dns[.]exe hxxp://china[.]dhabigroup[.]top/_errorpages/thedresszx[.]exe |
Agent Tesla |
| URL | hxxps://cdn[.]discordapp[.]com/attachments/1187648312384421941/1187648365522079784/LISTE_22_12_2023[.]PDF[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187637488823582763/1187638080329494558/URUN_SIPARISLERI[.]22[.]12[.]2023[.]DOC[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187626155952570441/1187629433012617277/SIPARISLER_22_12_2023[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187626155952570441/1187626305538244608/urun_listesi_22[.]12[.]2023[.]xls[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187617714731237419/1187618340903071744/siparisler_22[.]12[.]2023[.]pdf[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187280255124246551/1187280592363081789/21[.]12[.]2023_siparis[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187329247891701780/1187329535042125844/siparis_21[.]12[.]2023[.]docx[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187284030345986111/1187284401172779028/siparis_listesi[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187298855579029557/1187299669487927296/Siparisler_21[.]12[.]2023_Persembe[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187289706254311428/1187290243066503218/Liste_21[.]12[.]2023[.]pdf[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187340391649923099/1187342419742687272/PERSEMBE_SIPARIS_LISTESI[.]DOCX[.]jar? hxxps://cdn[.]discordapp[.]com/attachments/1187309667496505427/1187309709603110973/Siparis_listesi_21[.]12[.]xlsx[.]jar hxxps://cdn[.]discordapp[.]com/attachments/1187672150425993258/1187672298296197202/SIPARIS__22_12_2023[.]PNG[.]jar |
AdWind |
| URL | hxxp://45[.]145[.]228[.]157:7890/M1po hxxps://139[.]129[.]207[.]45/cm hxxp://15[.]205[.]128[.]169/activity hxxp://120[.]27[.]148[.]91:88/api/3 hxxp://120[.]78[.]156[.]73:12345/dot[.]gif hxxp://47[.]112[.]137[.]119:88/ca hxxp://metersphere[.]zenmen[.]cloud:88/match hxxp://107[.]174[.]245[.]122/pixel[.]gif hxxp://45[.]207[.]38[.]139:8088/cm hxxp://8[.]142[.]5[.]148/visit[.]js hxxp://139[.]224[.]188[.]165/dot[.]gif hxxp://47[.]112[.]137[.]119/g[.]pixel hxxp://147[.]78[.]47[.]183:82/__utm[.]gif hxxps://111[.]229[.]142[.]238:88/c/msdownload/update/others/2022/03/29136388_ hxxp://147[.]78[.]47[.]183:81/dpixel hxxps://111[.]19[.]244[.]41/pixeqe1el[.]gif hxxp://43[.]139[.]92[.]184/image/ hxxp://47[.]115[.]203[.]204:81/ca hxxp://101[.]37[.]117[.]0:8080/load hxxp://106[.]52[.]244[.]189:81/ptj hxxp://15[.]205[.]128[.]169:82/match hxxp://110[.]42[.]213[.]232/IE9CompatViewList[.]xml hxxp://101[.]201[.]224[.]75:2333/activity hxxp://annualraises2023[.]zip/visit[.]js hxxp://103[.]143[.]248[.]179:81/ga[.]js hxxp://36[.]140[.]95[.]168:8089/api/vs/V1/V2/ASA/qw hxxp://154[.]12[.]22[.]114:9090/updates hxxp://121[.]37[.]21[.]229:6666/pixel hxxp://windows[.]dns-supports[.]online:8880/api/3 hxxp://www[.]emohack[.]xyz:8080/api/vs/V1/V2/ASA/qw hxxp://139[.]155[.]153[.]109:5555/visit[.]js hxxp://124[.]221[.]145[.]245:8086/IE9CompatViewList[.]xml hxxp://198[.]98[.]48[.]31:8099/api/x hxxp://47[.]109[.]102[.]98/dpixel hxxps://45[.]155[.]249[.]148/match hxxps://104[.]238[.]131[.]176:8088/promote/v6[.]71/PY3V1RNWVXU5 hxxps://gertefin[.]com:5236/compose/v2[.]85/CIEU4A5V4T5 hxxps://conectmeto[.]net/reactivate/robotics/6JMNBRXRQKFK hxxps://service-azqy7lup-1303896379[.]sh[.]tencentapigw[.]com/api/x hxxps://37[.]1[.]204[.]197:48443/Alert/install/S0RMGIZY hxxp://lindacolor[.]com/Test/v3[.]56/NJ4PFEOSIGF hxxp://8[.]130[.]113[.]224:81/push hxxps://47[.]106[.]235[.]23/www/handle/doc hxxp://147[.]78[.]47[.]183:82/fwlink hxxp://147[.]78[.]47[.]183:81/g[.]pixel hxxp://182[.]160[.]6[.]136:50000/dot[.]gif hxxp://103[.]185[.]249[.]231:18080/activity hxxp://3[.]94[.]121[.]196:4433/c/msdownload/update/others/2022/11/lvJH6WKebIxYOP5aqCjtB hxxp://139[.]129[.]207[.]45:9090/activity hxxp://117[.]73[.]13[.]170:9999/visit[.]js hxxp://47[.]94[.]221[.]227/ptj hxxp://121[.]37[.]215[.]238/j[.]ad hxxp://123[.]249[.]101[.]92/pixel[.]gif hxxp://150[.]158[.]139[.]244:4321/activity hxxp://113[.]250[.]188[.]15:8599/4xdM hxxps://8[.]130[.]113[.]224:8443/dot[.]gif hxxp://117[.]73[.]13[.]170:8888/9tVZ hxxps://16[.]171[.]114[.]230/download/file[.]log hxxps://117[.]73[.]13[.]170:8888/Mo6k hxxps://113[.]250[.]188[.]15:8599/4xdM hxxps://117[.]73[.]13[.]170:8888/9tVZ hxxp://47[.]109[.]102[.]98/AkMd hxxp://47[.]109[.]102[.]98/wk9B hxxps://49[.]232[.]2[.]50/jquery[.]js hxxps://47[.]109[.]102[.]98/AkMd hxxp://120[.]79[.]154[.]38:8889/f7lT hxxp://193[.]117[.]208[.]148/Screensaver[.]exe hxxp://121[.]36[.]230[.]220:1433/ajax/jquery/jquery-3[.]6[.]4[.]min[.]js hxxp://193[.]117[.]208[.]148/Recorder[.]exe hxxp://43[.]139[.]120[.]183/hRl7 hxxp://193[.]117[.]208[.]148/Journal[.]exe hxxp://124[.]222[.]127[.]154:60542/NSyC hxxp://43[.]139[.]92[.]184/Kkt3 hxxp://139[.]224[.]188[.]165/QQAz hxxp://94[.]156[.]64[.]100/rundll64[.]exe hxxp://121[.]4[.]59[.]117:60020/Ze9e hxxps://47[.]109[.]102[.]98/wk9B hxxp://60[.]204[.]232[.]46/V9Uy hxxp://139[.]224[.]188[.]165/MpMS hxxp://152[.]136[.]128[.]162:12345/6Lnm hxxps://47[.]109[.]102[.]98/M3cz hxxp://conectmeto[.]net/reactivate/robotics/6JMNBRXRQKFK hxxp://septcntr[.]com/annotate/project/48Q040IJC hxxps://107[.]173[.]148[.]236:13715/abc/def/ hxxps://104[.]233[.]170[.]126/download/20/ZO2XY7A4BOWU hxxps://121[.]41[.]0[.]213/j[.]ad hxxp://erihudeg[.]com/Validate/Account/KDIKPCOYWU hxxp://121[.]41[.]0[.]213:88/dpixel |
Cobalt Strike |
| URL | hxxp://195[.]35[.]25[.]136/UpdateCheck[.]exe hxxp://195[.]35[.]25[.]136/Testing[.]dot |
Havoc |
| URL | hxxp://shell[.]websitebuilderaustralia[.]net[.]au/payload hxxp://shells[.]nesco-alkes[.]com/payload |
Hydra |
| URL | hxxps://adanacamasiryikama[.]com/BDs19Ul/0[.]17061133165068715[.]dat hxxps://mexicopostalcode[.]com/51h6Kn/0[.]10488555301618846[.]dat hxxps://kartvizitfiyatlari[.]com/rLhb/0[.]5991546204420577[.]dat hxxps://ucakbiletsorgulama[.]com/U14/0[.]44170515690096146[.]dat hxxps://adanacigkoftesiparis[.]com/ViUbB/0[.]45625095726666564[.]dat hxxps://phonefixers[.]com[.]au/6pw4/ hxxps://growthxmedia[.]co/myh/ hxxps://akbarmappiare[.]com/wickx/ hxxps://plastiboxgm[.]com/xch/ hxxps://triphutt[.]com/qrbt/ hxxps://marumat[.]in/snhu/ hxxps://media360vision[.]com/yttjt/ hxxps://globaltravelevent[.]com/mdmb/ hxxps://planet4[.]info/7rms/ hxxps://celinemorreparis[.]fr/u2ofp/ hxxps://electre[.]org/u9ah/ hxxps://acmecmb[.]com/oykfa/ hxxps://panaderialaoncevalpo[.]cl/7nz3/ hxxps://luizsoaresadv[.]com/2kk/ hxxps://ritafreshfood[.]com/nx1/ hxxps://dimelabs[.]io/cog/ hxxps://martescorts[.]com/s2zj/ hxxps://lesamisduvelo[.]fr/o9ax/ hxxps://roseserver[.]ir/oyfsa/ hxxps://theagency786[.]com/spw/ hxxps://finmug[.]co[.]ke/drxh/ hxxps://avd[.]asia/1zii8/ hxxps://funscience[.]in/ybj3/ hxxps://sigmatoolings[.]com/gmjf/ hxxps://inverex[.]net/szl/ hxxps://matoshribed[.]co[.]in/zuk0/ hxxps://parsnikanco[.]com/rstz/ hxxps://acpmpackers[.]com/fcn/ hxxps://baharat[.]ma/q99cz/ hxxps://glaucireis[.]com[.]br/a18n/ hxxps://clickfilmess[.]com[.]br/civy/ hxxps://thobilem[.]co[.]za/0gno7/ hxxps://assistante-maternelle-reims[.]com/glxko/ hxxps://koguri[.]org/k4y7/ hxxps://min4tabalong[.]sch[.]id/ubv6/ hxxps://trackmarketing[.]net/ksji/ hxxps://magigraph[.]fr/8xlot/ hxxps://dogumahazirlikegitimi[.]org/idzv2/ hxxps://cryptoroyal[.]org/nvk/ hxxps://meinkleinesseminarhaus[.]it/etr4/ hxxps://trigsberita[.]com/w2he/ hxxps://allon4mexico[.]com/zcco/ hxxps://judomogimirim[.]com[.]br/t95d/ hxxps://rainbowconfort[.]com/eof/ hxxps://gaiapeyzaj[.]com[.]tr/fba8p/ hxxps://columbine[.]ir/y6kxr/ hxxps://tbox-project[.]com/jptor/ hxxps://cityups[.]net/fini/ hxxps://luxjay-group[.]com/vhi/ hxxps://oisrec[.]com/xsf6/ hxxps://manishved[.]in/hilud/ hxxps://consultexpressly[.]co[.]uk/fmdq/ hxxps://saibabacartransport[.]com/osihj/ hxxps://albarakagroupom[.]com/ovk/ hxxps://saferelocationpackers[.]com/5xnf/ hxxps://1et[.]uk/ning/ hxxps://ipc[.]com[.]pk/ryo/ hxxps://mycmontero[.]com/vyufu/ hxxps://linearcomunicacao[.]com/bbps/ hxxps://dionesh[.]com/g0u/ hxxps://eterapist[.]com/i6x/ hxxps://sevenhillscricketclub[.]com/txp/ hxxps://puntograficobb[.]com/aqprf/ hxxps://herbalhills[.]pk/zvq8b/ hxxps://noneo[.]tech/zl5k/ hxxps://tstore[.]tn/gmm/ hxxps://quieressermisocio[.]com/ptyji/ hxxps://gdlmainhub[.]com/zyw/ hxxps://verticallis[.]com[.]br/mufk/ hxxps://meshart[.]org/voe1/ hxxps://gualpantes[.]com[.]co/39q/ hxxps://robipower[.]com/ziy/ hxxps://centremedicalmorepont[.]ch/axp/ hxxps://amaxtravel[.]com/n2i/ hxxps://concept4arc[.]com/zrmb/ hxxps://pmcpak[.]com/kgp8h/ hxxps://sunudigicom[.]com/h3a47/ hxxps://prosima[.]com[.]tr/ldlu2/ hxxps://bongomin[.]com/ptujo/ hxxps://wishes247[.]in/oc5w7/ hxxps://pimpmypooch[.]ie/rbo/ hxxps://erudicaoinvestimentos[.]com[.]br/cbyi2/ hxxps://theracksys[.]com/ttf/ hxxps://solattoy[.]com/sstwv/ hxxps://peppersion[.]com[.]sg/nhc/ hxxps://aimdaddy[.]com/avwcf/ hxxps://derigoandina[.]cl/r34ss/ hxxps://zarbafeh[.]shop/hzg/ hxxps://ifiveapps[.]com/pw3xu/ hxxps://tech-arcanist[.]com/gvrq/ hxxps://tlssupplies[.]com/b3nf/ hxxps://sudesteservicos[.]com[.]br/c7bf/ hxxps://unitycargocare[.]com/dfqy/ hxxps://starphonefix[.]com/xx45i/ hxxps://eventosllacolen[.]cl/opdww/ hxxps://alntech[.]com[.]br/vk3ll/ hxxps://botanicainternacionaldelamor[.]com/lpy/ hxxps://messat[.]com[.]tr/p5tbs/ hxxps://cocolight[.]co[.]tz/x1mqo/ hxxps://amejan[.]in/evnz/ hxxps://behrangmusic[.]com/3qh7/ hxxps://fineloveshop[.]fr/iln/ hxxps://riage[.]fr/2gc/ hxxps://palermoforever[.]eu/srx/ hxxps://sandiegoloanpro[.]com/dcur/ hxxps://microturners[.]co[.]in/hppl/ hxxps://asiansportssalem[.]com/flpwa/ hxxps://cloudfly[.]com[.]pe/zfk/ hxxps://motigroup[.]net/jf4t/ hxxps://lindenprofessionalservices[.]com/uk6zq/ hxxps://montefeltrodiesel[.]com[.]br/glse/ hxxps://quick-ez[.]com/0yr2z/ hxxps://eksad[.]com/8bt6/ hxxps://turkbilisim[.]org/54a/ hxxps://ludiakama[.]be/7wk/ hxxps://flexoz[.]com[.]au/0fier/ hxxps://benchmarkcell[.]com/vpan/ hxxps://fxtransportation[.]com/yat/ hxxps://madridadm[.]com[.]br/jhg/ hxxps://alhanallc[.]com/lsghd/ hxxps://nidomanitas[.]com/ihb/ hxxps://mystyle[.]si/xysl/ hxxps://vmaj[.]com/zwkci/ hxxps://awefulthoughts[.]com/fcb6f/ hxxps://allon4dentalimplants[.]org/yxuz/ hxxps://kongosafaris[.]com/d64c/ hxxps://hicophc[.]com/mrk/ hxxps://lacetsneon[.]com/flh/ hxxps://sagksa[.]com/osk/ hxxps://goldorart[.]com/2qv/ hxxps://nataliairani[.]com/vwkm/ hxxps://avitechsolutionsltd[.]com/bnug/ hxxps://tipstar-recycling[.]com/xyxk/ hxxps://pawsonthecoast[.]com[.]au/coawu/ hxxps://manif-invitation[.]com/mag/ hxxps://tesanopalacehostel[.]com/3djaa/ hxxps://neochic-properties[.]com/agvnw/ hxxps://otilonaija[.]com/kfpp/ hxxps://islandbagelbar[.]com/4hb/ hxxps://globetrading2000[.]com/ova/ hxxps://viraje3d[.]com/jilmf/ hxxps://al-ishraqshop[.]com/a96eu/ hxxps://sndcoe[.]ac[.]in/s9dj4/ hxxps://cafedesmots[.]com/xfv7/ hxxps://pimientossupremos[.]com/kfths/ hxxps://dartagnan-capitals[.]com/wgsta/ hxxps://esecentro1[.]gov[.]co/fvmx/ hxxps://lakenaivasharesort[.]co[.]ke/uia/ hxxps://cityjunkremovallogistics[.]com/ij1xy/ hxxps://cigaretteelectroniqueparis[.]fr/qji/ hxxps://smokvap[.]fr/kfbn4/ hxxps://sonrisethefilm[.]com/yzx/ hxxps://bagelsonthemain[.]com/lgfsm/ hxxps://dearninsurance[.]in/dkg/ hxxps://arsiteku[.]com/auiku6/ hxxps://cartage[.]fr/abnm/ hxxps://bttgn[.]com/qkdfpm/ hxxps://briopharmatech[.]com/8erh/ hxxps://cest-carre[.]fr/sawv/ hxxps://alhuda-uae[.]com/owz/ hxxps://buildingclustercompany[.]com/dwp/ hxxps://carragheen[.]com/c34rsh/ hxxps://avaluosypropiedadeshomy[.]co/kzwx/ hxxps://calibrationservicesas[.]com/edoqt/ hxxps://chaucatotoursperu[.]com/mlrsg/ hxxps://myartfric[.]media/e0r/ hxxps://inkoprima[.]com/cfbw/ hxxps://hia-aiml[.]com/feb/ hxxps://nahdahypermarket[.]com/yhk0bz/ hxxps://smashelevators[.]com/s0vf/ hxxps://rrclassic[.]in/62u5v0/ hxxps://clinicaferrazsp[.]com[.]br/brd/ hxxps://kreonsoccer23[.]hu/qzbgl/ hxxps://laiaramosescort[.]com/ahdas/ hxxps://morioxforextrade[.]com/voutt/ hxxps://cotedivoirepatrimoine[.]com/zaoj/ hxxps://elmagic[.]org/hd4/ hxxps://slicebywyt[.]ae/eutrfn/ hxxps://fkfleagues[.]com/2t2kql/ hxxps://studiorosellabuoncristiani[.]it/p5gfvp/ hxxps://waldorfenergy[.]com/ksjj7l/ hxxps://hamrahansystem[.]com/4xe3cx/ hxxps://hotelava[.]ir/w2q1fs/ hxxps://drgourley[.]com/oyg1xu/ hxxps://trainersground[.]com/dkbq/ hxxps://supermaxx[.]com[.]ph/qdwda/ hxxps://hiperajans[.]com/lq0vpc/ hxxps://geosummit[.]co[.]ke/2w63dv/ hxxps://mrdigito[.]org/r1lhy/ hxxps://cpcef[.]fr/85t/ hxxps://daneenbukshfs[.]ae/hbicv/ hxxps://modernprecast[.]com/ta/ hxxps://matoshriiti[.]com/rcxpg6/ hxxps://ibremp[.]org[.]br/h5tsjl/ hxxps://flome[.]be/m8939n/ hxxps://stjamesschool[.]co[.]in/ekr4wj/ hxxps://vnrevents[.]com/ogiudo/ hxxps://vitorcorrea[.]com/tnwl/ hxxps://yedyed[.]tn/3cbbev/ hxxps://tuzlanskimaraton[.]com/woq/ hxxps://gptplan[.]ro/wcrsfz/ hxxps://robotkar[.]ir/zxlltg/ hxxps://flexiautosiskola[.]hu/hpufor/ hxxps://studio-fitmumfrance-aix[.]fr/kif7q/ hxxps://t-a-a[.]org/ae38k/ hxxps://sevrage-tabagique-pratique[.]com/u342rz/ hxxps://extraincomeforeducators[.]com/bibnwf/ hxxps://gileadcross[.]com/nkwzrw/ hxxps://profassistance[.]com/9wdvgn/ hxxps://temes-tw[.]co/8nlxv/ hxxps://cityplacecigar[.]com/tydn/ hxxps://ekitag[.]com/rueu/ hxxps://codepostalpro[.]com/lo1woa/ hxxps://nineplanetsolar[.]shop/jc54dq/ hxxps://vidpublicidad[.]net/vwfpnr/ hxxps://georgianaivan[.]ro/hdnrd/ hxxps://elegantusedu[.]com[.]au/n7zqnp/ hxxps://fornudkaza[.]ao/7gov/ hxxps://sayapparels[.]com/w3mycv/ hxxps://mobilidadeurbanaassessoria[.]com[.]br/bqkm/ hxxps://stemmanuelhospital[.]com[.]ng/2jqx/ hxxps://mq-lounge[.]com/ia1hbs/ hxxps://codemark[.]co/ynyzge/ hxxps://maryamhospital[.]org/dkrcq8/ hxxps://marvelouswriters[.]com/wf01bu/ hxxps://hostingholics[.]com/lqwxxs/ hxxps://lightdigital-consult[.]cd/e4yg9z/ hxxps://sivall[.]pe/v1k7zk/ hxxps://kaooriginal[.]com/6malq/ hxxps://delhicrimepressnews[.]com/ubebv3/ hxxps://gkrickshaw[.]in/f4jy78/ hxxps://mhrmpcoop[.]com[.]ph/bqad/ hxxps://dailylivechat[.]com/1y5j/ hxxps://digitalpinki[.]com/fjvu/ hxxps://sionurb[.]com/muzlcu/ hxxps://smartcommtech[.]com/zjoxi/ hxxps://silvertribebyajewels[.]com/0vpx/ hxxps://vgreenmedia[.]com/qzy/ hxxps://entermarket[.]co[.]th/oxx8lw/ hxxps://ecocarstraders[.]co[.]za/tev/ hxxps://wafastore[.]pk/xwnzzv/ hxxps://meraom[.]lt/oiu/ |
Pikabot |
| URL | hxxp://164[.]155[.]231[.]101:16/lve5[.]exe hxxp://164[.]155[.]231[.]101:16/lve[.]exe hxxp://104[.]37[.]185[.]125:3001/launcher/ |
Ghost RAT |
| URL | hxxps://raw[.]githubusercontent[.]com/CatGamesYT/TerrariaSetup/main/Terraria[.]rar hxxps://github[.]com/CatGamesYT/TerrariaSetup/raw/main/Terraria[.]rar |
NjRAT |
| URL | hxxps://tempfiles[.]ninja/d/JkwaB8AEt8zv7sam/Nwa3IuWS0lbkxVTMkCFwEidboaB4BqiH hxxps://tempfiles[.]ninja/d/QRytJ02tkY5HG6uu/aykGagLgQiR92bSIE8Hk5f3YocUUytAs hxxps://tempfiles[.]ninja/d/kaF3En7P34yGT4kg/5LXXtdeLc0knc9cOIJx4txaC5eVhVqMb |
Mars Stealer |
| URL | hxxp://arthemo[.]com/bahamasvps/coreserver/gate[.]php | Pony |
| URL | hxxp://15[.]204[.]49[.]148/files/Rby1[.]exe hxxp://95[.]216[.]72[.]17/cdc8cb4ba5f9dfaa[.]php hxxp://5[.]42[.]65[.]54/4ea69013b92ecb73[.]php hxxp://5[.]42[.]65[.]54/ac00d8f1005beeac/nss3[.]dll hxxp://95[.]216[.]72[.]17/6e94d367d628da31/softokn3[.]dll hxxp://5[.]42[.]65[.]54/ac00d8f1005beeac/sqlite3[.]dll hxxp://95[.]216[.]72[.]17/6e94d367d628da31/freebl3[.]dll hxxp://95[.]216[.]72[.]17/6e94d367d628da31/sqlite3[.]dll hxxp://95[.]216[.]72[.]17/6e94d367d628da31/vcruntime140[.]dll hxxp://95[.]216[.]72[.]17/6e94d367d628da31/msvcp140[.]dll hxxp://5[.]42[.]65[.]54/ac00d8f1005beeac/softokn3[.]dll hxxp://5[.]42[.]65[.]54/ac00d8f1005beeac/freebl3[.]dll hxxp://5[.]42[.]65[.]54/ac00d8f1005beeac/mozglue[.]dll hxxp://95[.]216[.]72[.]17/6e94d367d628da31/mozglue[.]dll hxxp://95[.]216[.]72[.]17/6e94d367d628da31/nss3[.]dll hxxp://5[.]42[.]65[.]54/ac00d8f1005beeac/msvcp140[.]dll hxxp://5[.]42[.]65[.]54/ac00d8f1005beeac/vcruntime140[.]dll hxxp://5[.]42[.]65[.]125/288c47bbc1871b42239df19ff4df68f076[.]exe |
Stealc |
| URL | hxxps://milosrcrdos1821klmas[.]net/SBJjZWU1Y2UxAsH1/ hxxps://62[.]122[.]184[.]165/SBJjZWU1Y2UxAsH1/ hxxps://milosrcrdos1821klmas[.]com/SBJjZWU1Y2UxAsH1/ hxxps://milosrcrdos1821klmas[.]site/SBJjZWU1Y2UxAsH1/ hxxps://milosrcrdos1822klmas[.]net/SBJjZWU1Y2UxAsH1/ hxxps://milosrcrdos1822klmas[.]com/SBJjZWU1Y2UxAsH1/ hxxps://milosrcrdos1822klmas[.]site/SBJjZWU1Y2UxAsH1/ hxxps://gozneajans[.]com/OGQyMDU0MzE1MWJj/ hxxps://blackeuro[.]com[.]tr/OGQyMDU0MzE1MWJj/ hxxps://karamelsepetikanas[.]com/OGQyMDU0MzE1MWJj/ hxxps://denerinselektirik[.]com[.]tr/OGQyMDU0MzE1MWJj/ hxxps://karadajanskal[.]com/OGQyMDU0MzE1MWJj/ hxxps://topchanov[.]live/ZTZkNTJjNTkwYzk3/ |
Coper |
| URL | hxxp://www[.]bcmnursing[.]com/QubpyznbC7neo[.]exe | Nanocore RAT |
| URL | hxxps://otpa[.]settings[.]oysterfloats[.]org/editContent hxxps://jakj[.]settings[.]oysterfloats[.]org/editContent hxxps://lqhx[.]settings[.]oysterfloats[.]org/editContent hxxps://smmp[.]sync[.]oystergardens[.]club/editContent |
FAKEUPDATES |
| URL | hxxps://15[.]204[.]49[.]148/files/InstallSetup2[.]exe | SmokeLoader |
| URL | hxxp://012782m[.]dccrk[.]top/videocpuProtect[.]php hxxp://315615cm[.]nyashtech[.]top/providerexternalPythonLowprocessorbigloadserverdatalifeuploads[.]php hxxp://736134cm[.]nyashland[.]top/jspacketprocesslongpollApiBigloadBaseCdntemporary[.]php hxxp://194[.]110[.]248[.]41/6JsUpdateuniversal/defaultbase/95base4/Central8Low/Processjs/default/privateGeouploads/Wpgamewp/Voiddb7/FlowerUpdateauth8/ProcessDle/Update/privatemariadbJavascriptprotect/downloads9/voiddb/Multiserver3/BetterAuthDump/Api5game/ImagevmpythonJavascript_linuxFlowerUniversalTemp[.]php hxxp://213[.]226[.]100[.]235/php/sqlimageDump/Proton/ToLocalExternal/TrafficUploads/Httpdownloads/ProcessBigloadlongpollUploads/videoTraffic/36ServerPipe/videowindowsTraffic[.]php |
DCRat |
| URL | hxxp://fresh1[.]ironoreprod[.]top/_errorpages/B13zx[.]exe | LokiBot |
| URL | hxxp://cbinr[.]com/forum/index[.]php hxxp://rimakc[.]ru/forum/index[.]php |
Amadey |
| URL | hxxp://208[.]115[.]233[.]154:10000/psaux[.]exe | Sliver |
