不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様1社 -
2024/04/22
※2024/04/22 更新
マルウェア感染させると考えられるURLを検知(2024/04/22)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxps://universalmovies[.]top/TransactionSummary_910020049836765_110424045239[.]xlsx[.]exe hxxps://api[.]telegram[.]org/bot6106138581:AAE8QZewr7w5yxl_my_cCAc04_2TEFI_rlQ/ hxxps://api[.]telegram[.]org/bot7177134832:AAFZbBRZvrMTexyCCRWrTRyGHf8Nct0rg7g/ |
Agent Tesla |
| URL | hxxp://power[.]crazyfigs[.]top/style/070[.]exe hxxp://185[.]172[.]128[.]19/070[.]exe hxxp://ebuubtb[.]ua/search/?q=67e28dd8655bfa7a130da94c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978f371ea771795af8e05c644db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a648bff16c8ee96 hxxp://csswder[.]net/search/?q=67e28dd86b5ca721490da9197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a571ea771795af8e05c644db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffc14c0e892933b hxxp://csswder[.]net/search/?q=67e28dd86b5ca721490da9197c27d78406abdd88be4b12eab517aa5c96bd86ee9d864d815a8bbc896c58e713bc90c91936b5281fc235a925ed3e06d6bd974a95129070b617e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee969f3bca689f16 hxxp://ebzrnzo[.]ua/search/?q=67e28dd83a08f628140aae1d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c644db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a648bfe12c6ea94 hxxp://ezruusn[.]ua/search/?q=67e28dd83a5da32a155afd1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a271ea771795af8e05c644db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffc14c1ec93983c hxxp://ezruusn[.]ua/search/?q=67e28dd83a5da32a155afd1b7c27d78406abdd88be4b12eab517aa5c96bd86ee9d8e4e875a8bbc896c58e713bc90c91936b5281fc235a925ed3e01d6bd974a95129070b617e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee969f3ace699411 |
Socks5 Systemz |
| URL | hxxps://dejdl[.]register[.]arpsychotherapy[.]com/editContent hxxps://cuponerachilanga[.]com/help/zewmrgqnw[.]php hxxps://go8et[.]lol/data[.]php hxxps://cuponerachilanga[.]com/cdn-vs/cache[.]php hxxps://yedva[.]register[.]arpsychotherapy[.]com/editContent hxxps://lrl[.]register[.]arpsychotherapy[.]com/editContent hxxps://svif-venezuela[.]com/help/zewmrgqnw[.]php hxxps://svif-venezuela[.]com/cdn-vs/cache[.]php hxxps://svif-venezuela[.]com/data[.]php |
FAKEUPDATES |
| URL | hxxp://8[.]218[.]236[.]5:8062/j9sF hxxp://101[.]78[.]63[.]44/UphQey |
Metasploit |
| URL | hxxp://8[.]218[.]236[.]5:8062/g[.]pixel hxxp://43[.]138[.]222[.]123/ca hxxps://www[.]installbootstrap[.]com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books hxxps://149[.]104[.]24[.]217/jquery-3[.]7[.]0[.]min[.]js hxxps://8[.]130[.]34[.]85/match hxxp://23[.]94[.]169[.]124:8000/jsbhn[.]js hxxps://120[.]46[.]91[.]175/fwlink hxxps://23[.]94[.]169[.]124:8443/jsbhn[.]js hxxp://easthoolbook[.]com:443/sign[.]mpeg hxxp://47[.]120[.]39[.]182:63306/Gs3p hxxp://47[.]120[.]39[.]182:63306/cx hxxp://173[.]44[.]141[.]234/jquery-3[.]3[.]1[.]min[.]js hxxps://106[.]54[.]236[.]42/Claim/v5[.]6/ZZ1QB9MLS hxxp://172[.]247[.]189[.]234:8443/Claim/v5[.]6/ZZ1QB9MLS hxxps://109[.]120[.]178[.]253/__utm[.]gif hxxps://jxvtcm[.]cn/Complete/pr/H6TCQRWR hxxp://118[.]89[.]125[.]171:886/ZZv3 hxxp://106[.]54[.]236[.]42/Claim/v5[.]6/ZZ1QB9MLS hxxps://175[.]178[.]160[.]155:4443/Complete/pr/H6TCQRWR hxxps://47[.]116[.]33[.]203/fwlink hxxps://38[.]147[.]171[.]36/load hxxp://8[.]220[.]200[.]34:8089/jquery-3[.]3[.]1[.]min[.]js hxxp://156[.]247[.]14[.]253:5555/infected2[.]ps1 hxxp://156[.]247[.]14[.]253:5555/infect[.]ps1 hxxps://61[.]170[.]44[.]194/omp/api/micro_app/get_org_app hxxps://59[.]80[.]47[.]124/hrmregister/corpTrial/get_permission hxxps://111[.]6[.]56[.]138/omp/api/micro_app/get_org_app hxxps://183[.]232[.]189[.]148/omp/api/micro_app/get_org_app hxxps://111[.]51[.]156[.]247/omp/api/get_page_config hxxps://23[.]95[.]65[.]198/cm hxxps://23[.]94[.]169[.]124:8443/mylibs[.]js |
Cobalt Strike |
| URL | hxxp://91[.]202[.]233[.]180/g88sks2SaM/index[.]php | Amadey |
| URL | hxxp://legendsworld[.]in/vlxx[.]arm hxxp://legendsworld[.]in/vlxx[.]x86_64 hxxp://legendsworld[.]in/vlxx[.]mips hxxp://legendsworld[.]in/vlxx[.]x86 hxxp://legendsworld[.]in/vlxx[.]arm6 hxxp://legendsworld[.]in/vlxx[.]arm5 hxxp://legendsworld[.]in/vlxx[.]ppc hxxp://legendsworld[.]in/vlxx[.]spc hxxp://legendsworld[.]in/vlxx[.]mpsl hxxp://legendsworld[.]in/vlxx[.]sh4 hxxp://legendsworld[.]in/vlxx[.]m68k hxxp://legendsworld[.]in/vlxx[.]arm7 hxxp://14[.]225[.]219[.]227//vlxx[.]mips hxxp://14[.]225[.]219[.]227//vlxx[.]x86_64 hxxp://14[.]225[.]219[.]227//vlxx[.]arm7 hxxp://14[.]225[.]219[.]227//vlxx[.]arm5 hxxp://14[.]225[.]219[.]227//vlxx[.]x86 hxxp://14[.]225[.]219[.]227//vlxx[.]spc hxxp://14[.]225[.]219[.]227//vlxx[.]sh4 hxxp://14[.]225[.]219[.]227//vlxx[.]m68k hxxp://14[.]225[.]219[.]227//vlxx[.]mpsl hxxp://14[.]225[.]219[.]227//vlxx[.]ppc hxxp://14[.]225[.]219[.]227//vlxx[.]arm6 hxxp://14[.]225[.]219[.]227//vlxx[.]arm hxxp://14[.]225[.]219[.]227//c[.]sh hxxp://14[.]225[.]219[.]227//w[.]sh hxxp://14[.]225[.]219[.]227//wget[.]sh hxxp://bot[.]vptmedia[.]click/bulus[.]mips hxxp://proxy[.]heleh[.]vn/bulus[.]arm hxxp://proxy[.]heleh[.]vn/bulus[.]arm5 hxxp://bot[.]vptmedia[.]click/bulus[.]arm hxxp://proxy[.]heleh[.]vn/bulus[.]m68k hxxp://proxy[.]heleh[.]vn/bulus[.]mpsl hxxp://proxy[.]heleh[.]vn/bulus[.]arm7 hxxp://proxy[.]heleh[.]vn/bulus[.]arm6 hxxp://proxy[.]heleh[.]vn/bulus[.]ppc hxxp://proxy[.]heleh[.]vn/bulus[.]x86 hxxp://proxy[.]heleh[.]vn/bulus[.]sh4 hxxp://proxy[.]heleh[.]vn/bulus[.]mips hxxp://bot[.]vptmedia[.]click/bulus[.]arm7 hxxp://bot[.]vptmedia[.]click/bulus[.]ppc hxxp://proxy[.]heleh[.]vn/bulus[.]x86_64 hxxp://bot[.]vptmedia[.]click/bulus[.]arm5 hxxp://bot[.]vptmedia[.]click/bulus[.]m68k hxxp://bot[.]vptmedia[.]click/bulus[.]arm6 hxxp://bot[.]vptmedia[.]click/bulus[.]mpsl hxxp://bot[.]vptmedia[.]click/bulus[.]x86_64 hxxp://bot[.]vptmedia[.]click/bulus[.]x86 hxxp://bot[.]vptmedia[.]click/bulus[.]sh4 hxxp://net-killler[.]store/most-arm hxxp://net-killler[.]store/most-mips hxxp://net-killler[.]store/most-arm7 hxxp://net-killler[.]store/most-mpsl hxxp://net-killler[.]store/most-x86 hxxp://net-killler[.]store/a hxxp://net-killler[.]store/most-arm6 hxxp://net-killler[.]store/most-sh4 hxxp://net-killler[.]store/most-m68k hxxp://net-killler[.]store/and hxxp://net-killler[.]store/most-arm5 hxxp://net-killler[.]store/most-ppc hxxp://103[.]116[.]52[.]207/abc3[.]sh hxxp://103[.]116[.]52[.]207/abc1[.]sh hxxp://103[.]116[.]52[.]207/abc2[.]sh hxxp://5[.]182[.]210[.]52/bot[.]ppc hxxp://5[.]182[.]210[.]52/bot[.]arm7 hxxp://5[.]182[.]210[.]52/bot[.]sh4 hxxp://legendsworld[.]in/c[.]sh hxxp://legendsworld[.]in/w[.]sh hxxp://legendsworld[.]in/wget[.]sh hxxp://203[.]145[.]46[.]240/most-mips hxxp://203[.]145[.]46[.]240/most-x86 hxxp://203[.]145[.]46[.]240/most-arm7 hxxp://203[.]145[.]46[.]240/most-arm hxxp://203[.]145[.]46[.]240/most-arm6 hxxp://203[.]145[.]46[.]240/most-mpsl hxxp://203[.]145[.]46[.]240/most-m68k hxxp://203[.]145[.]46[.]240/most-sh4 hxxp://203[.]145[.]46[.]240/most-arm5 hxxp://bn[.]networkbn[.]click/condi/android hxxp://bn[.]networkbn[.]click/condi/killer hxxp://bn[.]networkbn[.]click/condi/b hxxp://103[.]167[.]88[.]226/condi/android hxxp://103[.]167[.]88[.]226/condi/b hxxp://103[.]167[.]88[.]226/condi/killer hxxp://aiko-network[.]tech/bot[.]sh4 hxxp://aiko-network[.]tech/bin hxxp://aiko-network[.]tech/bot[.]arm7 hxxp://aiko-network[.]tech/bot[.]mpsl hxxp://aiko-network[.]tech//bot[.]arm5 hxxp://aiko-network[.]tech/bot[.]arm6 hxxp://aiko-network[.]tech/bot[.]x86 hxxp://aiko-network[.]tech/bot[.]i486 hxxp://aiko-network[.]tech/bot[.]m68k hxxp://aiko-network[.]tech/bot[.]i686 hxxp://aiko-network[.]tech/bot[.]arm4 hxxp://aiko-network[.]tech/bot[.]ppc440fp hxxp://103[.]237[.]87[.]90//bot[.]x86_64 hxxp://103[.]237[.]87[.]90//bot[.]m68k hxxp://103[.]237[.]87[.]90//bot[.]arm6 hxxp://103[.]237[.]87[.]90//bot[.]mpsl hxxp://103[.]237[.]87[.]90//bot[.]ppc440fp hxxp://103[.]237[.]87[.]90//bot[.]arm7 hxxp://103[.]237[.]87[.]90//bot[.]arm5 hxxp://103[.]237[.]87[.]90//bot[.]mips hxxp://103[.]237[.]87[.]90//bot[.]x86 hxxp://103[.]237[.]87[.]90//bot[.]sh4 hxxp://103[.]237[.]87[.]90//bot[.]ppc hxxp://103[.]237[.]87[.]90/bin hxxp://103[.]237[.]87[.]90//bot[.]arm4 hxxp://103[.]237[.]87[.]90//bot[.]i486 hxxp://103[.]237[.]87[.]90//bot[.]i686 hxxp://93[.]123[.]85[.]91//bot[.]mips hxxp://93[.]123[.]85[.]91//bot[.]arm hxxp://93[.]123[.]85[.]91//bot[.]ppc hxxp://93[.]123[.]85[.]91//bot[.]x86 hxxp://93[.]123[.]85[.]91//bot[.]arm7 hxxp://93[.]123[.]85[.]91//bot[.]x86_64 hxxp://93[.]123[.]85[.]91//bot[.]mpsl hxxp://93[.]123[.]85[.]91//bot[.]spc hxxp://93[.]123[.]85[.]91//bot[.]arm6 hxxp://93[.]123[.]85[.]91//bot[.]arm5 hxxp://93[.]123[.]85[.]91//bot[.]m68k hxxp://93[.]123[.]85[.]91//bot[.]sh4 hxxp://93[.]123[.]85[.]91/bot[.]x86 hxxp://93[.]123[.]85[.]91/bot[.]ppc hxxp://93[.]123[.]85[.]91/bot[.]arm7 hxxp://93[.]123[.]85[.]91/bot[.]x86_64 hxxp://93[.]123[.]85[.]91/bot[.]sh4 hxxp://93[.]123[.]85[.]91/bot[.]m68k hxxp://93[.]123[.]85[.]91/bot[.]mpsl hxxp://93[.]123[.]85[.]91/bot[.]spc hxxp://103[.]237[.]87[.]90/android hxxp://103[.]237[.]87[.]90/killer hxxp://103[.]237[.]87[.]90/a hxxp://103[.]237[.]87[.]90/wget hxxp://103[.]237[.]87[.]90/and hxxp://103[.]237[.]87[.]90/telnet hxxp://aiko-network[.]tech/c[.]sh hxxp://aiko-network[.]tech/and hxxp://aiko-network[.]tech/android hxxp://aiko-network[.]tech/telnet hxxp://aiko-network[.]tech/a hxxp://aiko-network[.]tech/killer hxxp://aiko-network[.]tech/wget hxxp://103[.]237[.]87[.]90/c[.]sh hxxp://aiko-network[.]tech/wget[.]sh hxxp://103[.]237[.]87[.]90/wget[.]sh hxxp://aiko-network[.]tech/w[.]sh hxxp://103[.]237[.]87[.]90/w[.]sh hxxp://aiko-network[.]tech/bot[.]ppc |
MooBot |
| URL | hxxp://154[.]201[.]74[.]240:14867/windows[.]exe | Ghost RAT |
| URL | hxxps://github[.]com/SnusikOd/fac/raw/main/dfwa[.]exe hxxps://demonstationfukewko[.]shop/api hxxps://liabilitynighstjsko[.]shop/api hxxps://alcojoldwograpciw[.]shop/api hxxps://incredibleextedwj[.]shop/api hxxps://shortsvelventysjo[.]shop/api hxxps://shatterbreathepsw[.]shop/api hxxps://tolerateilusidjukl[.]shop/api hxxps://productivelookewr[.]shop/api hxxps://harassretunrstiwo[.]shop/api hxxp://public-ftp[.]com/img/logo3[.]jpg hxxp://5[.]42[.]65[.]64/files/UNIQ[.]file hxxps://strollheavengwu[.]shop/api hxxps://stripmarrystresew[.]shop/api hxxps://flowers4theworld[.]shop/current[.]exe hxxps://changeswithflowers[.]shop/current[.]exe |
Lumma Stealer |
| URL | hxxp://92[.]249[.]48[.]38/rebirth[.]arm6 hxxp://92[.]249[.]48[.]38/rebirth[.]arm7 hxxp://92[.]249[.]48[.]38/rebirth[.]arm4t hxxp://92[.]249[.]48[.]38/rebirth[.]ppc hxxp://92[.]249[.]48[.]38/rebirth[.]mips hxxp://92[.]249[.]48[.]38/rebirth[.]sh4 hxxp://92[.]249[.]48[.]38/rebirth[.]m68 hxxp://92[.]249[.]48[.]38/rebirth[.]arm5 hxxp://103[.]174[.]73[.]190/tajma[.]x86 hxxp://103[.]174[.]73[.]190/tajma[.]x86_64 hxxp://103[.]174[.]73[.]190/tajma[.]mips hxxp://103[.]174[.]73[.]190/tajma[.]arm5 hxxp://103[.]174[.]73[.]190/tajma[.]mpsl hxxp://103[.]174[.]73[.]190/tajma[.]arm7 hxxp://103[.]174[.]73[.]190/tajma[.]sh4 hxxp://103[.]174[.]73[.]190/tajma[.]arm6 hxxp://103[.]174[.]73[.]190/tajma[.]spc hxxp://103[.]174[.]73[.]190/tajma[.]m68k hxxp://103[.]174[.]73[.]190/tajma[.]arm hxxp://103[.]174[.]73[.]190/tajma[.]ppc hxxp://46[.]23[.]108[.]250/mpsl[.]nk hxxp://46[.]23[.]108[.]250/mpsl hxxp://85[.]204[.]116[.]161/mcmodpack hxxp://62[.]72[.]191[.]247/777ssbb31[.]ppc hxxp://62[.]72[.]191[.]247/777ssbb31[.]x86 hxxp://62[.]72[.]191[.]247/777ssbb31[.]arm6 hxxp://net-killer[.]verminteam[.]link/tajma[.]arm |
Bashlite |
| URL | hxxp://79[.]137[.]202[.]152/auth/login hxxp://109[.]120[.]176[.]38/auth/login hxxp://109[.]120[.]178[.]115/auth/login hxxp://79[.]137[.]197[.]154/auth/login hxxp://37[.]221[.]93[.]9/auth/login hxxp://svma[.]arcovip[.]com/auth/login hxxp://it13[.]intelvpn[.]site/auth/login hxxp://ftp[.]huboftest[.]ir/auth/login hxxp://mahdi[.]intelvpn[.]site/auth/login hxxp://sam[.]coinmarketcap-tm[.]ru/auth/login |
Meduza Stealer |
| URL | hxxp://94[.]156[.]71[.]108:1604/is-ready | WSHRAT |
| URL | hxxps://cdn[.]discordapp[.]com/attachments/1229040617276047393/1229042573927256137/BetaUnfrated[.]exe?ex=662e3e18&is=661bc918&hm=9b188f35c9e9ba60fe9ce6bd4a19237a112525fb3cf84551b02e331baa73614a& | Epsilon Stealer |
| URL | hxxps://pasteio[.]com/raw/xTQdr054IJr6 hxxps://pasteio[.]com/raw/xJG2pCXxLATI hxxps://pasteio[.]com/raw/xZjcRmAmhcER |
NjRAT |
| URL | hxxp://87[.]121[.]105[.]163/icjFpYDkBweqyeZ252[.]bin hxxp://87[.]121[.]105[.]163/Skabs[.]asd hxxp://www[.]oyoing[.]com/gnbc/ hxxp://www[.]megabet303[.]lol/gnbc/ hxxp://www[.]tyaer[.]com/gnbc/ hxxp://www[.]blueberry-breeze[.]com/bnz5/ hxxp://www[.]collegeclubapparel[.]com/bnz5/ |
Formbook |
| URL | hxxps://pasteio[.]com/raw/xnNcI6OenKJs | VoidRAT |
| URL | hxxps://pasteio[.]com/raw/xmo4WvZPV3Q0 hxxp://109[.]107[.]182[.]145/ExternalVm_CpuGameWindows[.]php hxxp://betabag[.]top/PipeJavascriptwordpress[.]php hxxp://minecrafthyipixel[.]xyz/voiddbProviderserver6/Auth/Uploads/CentralCentralLine/7Eternal/2_/Temp/ToUpdategameFlowerTemporary[.]php |
DCRat |
| URL | hxxps://pasteio[.]com/raw/xPvEDYX7g1YE hxxp://93[.]123[.]39[.]225/y[.]exe hxxps://185[.]216[.]70[.]70/ant[.]txt hxxps://185[.]216[.]70[.]70/4ib[.]jpg hxxps://185[.]216[.]70[.]70/v[.]txt hxxps://185[.]216[.]70[.]70/i4[.]txt hxxps://185[.]216[.]70[.]70/ib4[.]jpg hxxps://185[.]216[.]70[.]70/x[.]txt hxxp://87[.]120[.]84[.]126:222/cH5[.]txt hxxp://87[.]120[.]84[.]126:222/g[.]jpg hxxps://duckz[.]online/education/shield/MicrosoftService[.]exe |
AsyncRAT |
| URL | hxxp://94[.]156[.]65[.]182/tomthf/cvghx/five/fre[.]php | LokiBot |
| URL | hxxp://77[.]221[.]151[.]32/server/ww16/AppGate2103v01_16[.]exe hxxp://193[.]233[.]132[.]175/server/ww16/AppGate2103v01_16[.]exe |
PrivateLoader |
| URL | hxxp://193[.]233[.]132[.]234/files/file300un[.]exe hxxp://193[.]233[.]132[.]234/files/Uni400uni[.]exe hxxp://89[.]105[.]201[.]188/129edec4272dc2c8[.]php |
Stealc |
| URL | hxxp://go8et[.]lol/data[.]php hxxps://94[.]131[.]101[.]153/data[.]php hxxp://94[.]131[.]101[.]153/data[.]php |
NetSupportManager RAT |
| URL | hxxp://87[.]121[.]105[.]163/Tiraz[.]fla hxxps://drive[.]usercontent[.]google[.]com/download?id=1LeSKp_NATHTSuIiEfwVKpyaBUa7QMOGr&export=download hxxp://87[.]121[.]105[.]163/dFQwNyOh122[.]bin hxxp://87[.]121[.]105[.]163/Belyves242[.]hhk hxxp://87[.]121[.]105[.]163/Hamiform[.]pfm hxxp://87[.]121[.]105[.]163/Vddelbsbanerne[.]jpb hxxp://87[.]121[.]105[.]163/DtExZZndAxdvvlCKCcIVF127[.]bin hxxp://87[.]121[.]105[.]163/kvRPYpXycVNsTooeadG247[.]bin hxxp://87[.]121[.]105[.]163/Subtribes[.]inf |
CloudEyE |
| URL | hxxp://193[.]222[.]96[.]128:7287/15[.]bat hxxp://193[.]222[.]96[.]114:7287/[.]hta hxxp://193[.]222[.]96[.]114:7287/GoGi[.]bat hxxp://193[.]222[.]96[.]128:7287/[.]hta |
Venom RAT |
| URL | hxxp://193[.]222[.]96[.]20:7287/Security[.]apk hxxp://193[.]222[.]96[.]20:7287/SecurityPro[.]apk hxxp://193[.]222[.]96[.]20:7287/SecurityvPro[.]apk |
SpyNote |
| URL | hxxps://5[.]101[.]4[.]196:8443/login | DeimosC2 |
| URL | hxxp://23[.]95[.]60[.]75/144/WQDF[.]txt | Remcos |
| URL | hxxp://117[.]204[.]193[.]116:60392/Mozi[.]m hxxp://115[.]56[.]180[.]63:41783/Mozi[.]m |
Mozi |
| URL | hxxp://twizt[.]net/loadme[.]exe | Phorpiex |
| URL | hxxp://193[.]233[.]132[.]150/Calrasjl[.]exe | Vidar |
| URL | hxxps://discord[.]com/api/webhooks/1225910337656590376/EwVP3wlMQgDXxoBxwLhaflFWF2WGja-17Tz3uwtoNirVyl9iU_nVCUsOrUJN46JTk-_- | Umbral |
| URL | hxxp://93[.]123[.]39[.]223/atest/retf543[.]bat hxxp://93[.]123[.]39[.]223/atest/s%20-Zn--%20-S[.]exe hxxp://93[.]123[.]39[.]223/atest/754abcd6[.]bat |
XWorm |
| URL | hxxp://154[.]12[.]85[.]105/linux_mips hxxp://154[.]12[.]85[.]105/linux_386 hxxp://154[.]12[.]85[.]105/linux_amd64 hxxp://154[.]12[.]85[.]105/linux_mips64 hxxp://154[.]12[.]85[.]105/linux_arm7 hxxp://154[.]12[.]85[.]105/linux_arm6 hxxp://154[.]12[.]85[.]105/linux_mipsel hxxp://154[.]12[.]85[.]105/linux_arm5 hxxp://154[.]12[.]85[.]105/linux_mips64el hxxp://154[.]12[.]85[.]105/linux_aarch64 |
Kaiji |
