不正URLへのアクセス、不正メールの受信
-
メール受信した
弊社お客様0社 URLアクセスした
弊社お客様4社 -
2025/01/27
※2025/01/27 更新
マルウェア感染させると考えられるURLを検知(2025/01/27)
■IoC(※1)
| Type: | IOC: | Signature: |
|---|---|---|
| URL | hxxp://122[.]51[.]155[.]123:7070/j[.]ad hxxp://81[.]70[.]49[.]182/NM5VE1Jw hxxps://nvntrk[.]com/wp-includes/blocks/WinSCP_Setup[.]exe hxxp://117[.]72[.]104[.]72:4443/bSEc hxxp://118[.]24[.]79[.]238:8888/hcCO |
Cobalt Strike |
| URL | hxxp://ring1[.]ug/As73yhsyU34578hxxx/SDf565g/get[.]php | STOP |
| URL | hxxp://royalsailtravel[.]ru/Sacc/fre[.]php hxxp://royalsailtravel[.]ru/Sacc/PvqDq929BSx_A_D_M1n_a[.]php hxxps://royalsailtravel[.]ru/Sacc/PvqDq929BSx_A_D_M1n_a[.]php |
LokiBot |
| URL | hxxps://5[.]182[.]36[.]130/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3[.]dll hxxp://64[.]95[.]13[.]166/c262c2557c712ca5/nss3[.]dll hxxp://64[.]95[.]13[.]166/c262c2557c712ca5/msvcp140[.]dll hxxp://64[.]95[.]13[.]166/c262c2557c712ca5/mozglue[.]dll hxxp://64[.]95[.]13[.]166/c262c2557c712ca5/freebl3[.]dll hxxp://64[.]95[.]13[.]166/c262c2557c712ca5/sqlite3[.]dll hxxp://64[.]95[.]13[.]166/c262c2557c712ca5/vcruntime140[.]dll hxxp://64[.]95[.]13[.]166/c262c2557c712ca5/softokn3[.]dll hxxp://185[.]215[.]113[.]206/68b591d6548ec281/vcruntime140[.]dll? hxxp://stair585[.]com/779fb289f76f2873[.]php hxxp://stair585[.]com/eaaed93d3234132f/softokn3[.]dll hxxp://stair585[.]com/eaaed93d3234132f/sqlite3[.]dll hxxp://stair585[.]com/eaaed93d3234132f/vcruntime140[.]dll hxxp://unlikeget[.]top/f059ec3d7eb90876/freebl3[.]dll hxxp://unlikeget[.]top/f059ec3d7eb90876/mozglue[.]dll hxxp://unlikeget[.]top/f059ec3d7eb90876/msvcp140[.]dll hxxp://unlikeget[.]top/f059ec3d7eb90876/nss3[.]dll hxxp://unlikeget[.]top/f059ec3d7eb90876/softokn3[.]dll hxxp://unlikeget[.]top/f059ec3d7eb90876/sqlite3[.]dll hxxp://unlikeget[.]top/f059ec3d7eb90876/vcruntime140[.]dll hxxp://stair585[.]com/eaaed93d3234132f/freebl3[.]dll hxxp://stair585[.]com/eaaed93d3234132f/mozglue[.]dll hxxp://stair585[.]com/eaaed93d3234132f/msvcp140[.]dll hxxp://stair585[.]com/eaaed93d3234132f/nss3[.]dll hxxp://64[.]95[.]13[.]166/4c0eeee3a4b86b26[.]php hxxp://94[.]142[.]138[.]240/5bb6c0fcffd2a07e/sqlite3[.]dll hxxps://trumpclaim[.]org/file[.]mp3 hxxps://trumpclaim[.]org/5-58324124/ hxxp://193[.]233[.]134[.]93/2bbda8fbc3a204ca/vcruntime140[.]dll hxxps://116[.]203[.]125[.]44/55f8f885bc7c41c8/sqlite3[.]dll hxxp://fuckedserver[.]net/encrypthub/stealc/stealc[.]exe hxxp://193[.]233[.]134[.]93/2bbda8fbc3a204ca/sqlite3[.]dll hxxps://45[.]88[.]105[.]194/e63963e5b0d34020/sqlite3[.]dll hxxps://185[.]231[.]69[.]191/ec05bb5a9eb90166/sqlite3[.]dll hxxps://45[.]88[.]105[.]194/e63963e5b0d34020/vcruntime140[.]dll hxxps://185[.]231[.]69[.]191/ec05bb5a9eb90166/mozglue[.]dll hxxps://45[.]88[.]105[.]194/e63963e5b0d34020/mozglue[.]dll hxxps://185[.]231[.]69[.]191/ec05bb5a9eb90166/vcruntime140[.]dll hxxp://185[.]231[.]69[.]90/6dc3e672c67f076d[.]php hxxp://185[.]231[.]69[.]90/dd855692109225f0/sqlite3[.]dll hxxp://185[.]231[.]69[.]90/dd855692109225f0/freebl3[.]dll hxxp://185[.]231[.]69[.]90/dd855692109225f0/nss3[.]dll hxxp://185[.]231[.]69[.]90/dd855692109225f0/vcruntime140[.]dll hxxp://185[.]231[.]69[.]90/dd855692109225f0/msvcp140[.]dll hxxp://185[.]231[.]69[.]90/dd855692109225f0/mozglue[.]dll hxxp://185[.]231[.]69[.]90/dd855692109225f0/softokn3[.]dll |
Stealc |
| URL | hxxp://66[.]63[.]187[.]116/hidakibest[.]ppc hxxp://66[.]63[.]187[.]116/hidakibest[.]x86 hxxp://66[.]63[.]187[.]116/hidakibest[.]arm6 hxxp://66[.]63[.]187[.]116/hidakibest[.]mips hxxp://66[.]63[.]187[.]116/hidakibest[.]arm5 hxxp://66[.]63[.]187[.]116/hidakibest[.]arm7 hxxp://66[.]63[.]187[.]116/hidakibest[.]mpsl hxxp://160[.]22[.]78[.]157/x86 hxxp://89[.]32[.]41[.]31/mpsl hxxp://89[.]32[.]41[.]31/x86 hxxp://89[.]32[.]41[.]31/mips hxxp://89[.]32[.]41[.]31/arm7 hxxp://89[.]32[.]41[.]31/arm4 hxxp://89[.]32[.]41[.]31/arm6 hxxp://89[.]32[.]41[.]31/arm5 hxxp://87[.]120[.]112[.]166/mips hxxp://87[.]120[.]112[.]166/sh4 hxxp://87[.]120[.]112[.]166/mpsl |
Bashlite |
| URL | hxxps://resso-security[.]com/1-723628312/23748237478234-nightly[.]zip | HijackLoader |
| URL | hxxps://hamdickaros24[.]xyz/Y2VkNDY3OTIxNjc0/ hxxps://momocanlivekello[.]xyz/ZDBhYWRlZWY0ZjU3/ hxxps://asdkjshdakjshdkajs[.]hk/MTBiYTAyMTk0NzJj/ hxxps://askjhksajhkajhskajhsa[.]hk/MTBiYTAyMTk0NzJj/ hxxps://kokmokmokokmokmok[.]hk/MTBiYTAyMTk0NzJj/ hxxps://iuhiuhiuhiuhuihiuiuh[.]hk/MTBiYTAyMTk0NzJj/ hxxps://jtfersion[.]com/YWFiM2VkMmFmNWFh/ hxxps://kineomager[.]net/YWFiM2VkMmFmNWFh/ hxxps://aberinogerd[.]com/YWFiM2VkMmFmNWFh/ hxxps://nolevibanget[.]net/YWFiM2VkMmFmNWFh/ hxxps://gacisosh75[.]xyz/Y2VkNDY3OTIxNjc0/ hxxps://ravovifroz[.]xyz/Yjk5MjI3MDljYThi/ hxxps://xervilbraz[.]xyz/Yjk5MjI3MDljYThi/ hxxps://zoxapirvet[.]xyz/Yjk5MjI3MDljYThi/ hxxps://draxonovse[.]xyz/Yjk5MjI3MDljYThi/ hxxps://quvralexa[.]xyz/Yjk5MjI3MDljYThi/ hxxps://vorklixur[.]xyz/Yjk5MjI3MDljYThi/ hxxps://felmarixu[.]xyz/Yjk5MjI3MDljYThi/ hxxps://zopalikza[.]xyz/Yjk5MjI3MDljYThi/ hxxps://qurovikra[.]xyz/Yjk5MjI3MDljYThi/ hxxps://veltrixor[.]xyz/Yjk5MjI3MDljYThi/ hxxps://jovynexa[.]xyz/Yjk5MjI3MDljYThi/ hxxps://kraxilzen[.]xyz/Yjk5MjI3MDljYThi/ hxxps://lorvexas[.]xyz/Yjk5MjI3MDljYThi/ hxxps://zaromixu[.]xyz/Yjk5MjI3MDljYThi/ hxxps://karaakcan242[.]xyz/NTFkNjVmNTMyODdh/ hxxps://barcelonacokhojdur34[.]com/NTFkNjVmNTMyODdh/ hxxps://pejo106gtialsana34[.]com/NTFkNjVmNTMyODdh/ hxxps://reksonailemutluol434[.]com/NTFkNjVmNTMyODdh/ hxxps://cocolaickeyflen34[.]com/NTFkNjVmNTMyODdh/ hxxps://vodimuxuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://wuficokuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://gakotafuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://hopikemuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://xirizapuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://zuxogevuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://yivivijuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://rokaxazuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://zudoxoruzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://koyelexuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://zavoxoyuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://yamolomuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://rekoyipuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://fivimeyuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://mazomuyuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://xemahuruzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://hufogavuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://jemikohuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://yuhimacuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://zinoyoruzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://kipuyuluzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://povapenuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://gihuhoyuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://zexexexuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://xixezaguzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://fayifoyuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://rofemujuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://yunavoduzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://kozejiguzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://zevukohuzun[.]xyz/YkR3gK7i8pR2FJq0/ hxxps://xuheximuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://fepuvuyuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://zexomifuzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://hivuvuluzun[.]top/YkR3gK7i8pR2FJq0/ hxxps://wadufaguzun[.]top/YkR3gK7i8pR2FJq0/ |
Coper |
| URL | hxxp://182[.]117[.]2[.]241:44571/Mozi[.]m | Mozi |
| URL | hxxps://tuttlecombe[.]click/api hxxps://latechilderni[.]cyou/api hxxps://sharethewebs[.]click/must-clear-this-check[.]html hxxps://ghazaano[.]shop/Need-to-Pass-this-Stepv2[.]html hxxps://oliveroh[.]shop/pass-this-step-to-continue-s7[.]html hxxps://diamondrushed[.]com/play[.]html hxxps://googlsearchings[.]cfd/you-have-to-pass-this-step-2[.]html hxxps://sharethewebs[.]click/you-have-to-pass-this-step-2[.]html hxxps://iconcart[.]shop/must-clear-this-check-rii[.]html hxxps://googlsearchings[.]online/you-have-to-pass-this-step-2[.]html hxxps://kizmond[.]shop/myforwarding-path-gotov01[.]html hxxps://speedmastere[.]com/play[.]html hxxps://rezomof[.]shop/pass-this-step-to-continue-s7[.]html hxxps://luxeorbit[.]shop/you-have-to-pass-this-step-2[.]html hxxps://dokedok[.]shop/pass-this-step-to-go-next-riii1n[.]html hxxps://sharethewebs[.]cfd/must-clear-this-check[.]html hxxps://celebrationshub[.]shop/continue-to-browse[.]html hxxps://royaltyfree[.]pics/have-to-pass-this-step[.]html hxxps://cubesmatch[.]com/play[.]html hxxps://retrosome[.]shop/proceed-to-next-page-riii2[.]html hxxps://jazmina[.]shop/pass-this-step-to-go-next-riii2[.]html hxxps://norpor[.]shop/surfing-toward-next-pagev2[.]html hxxps://bestinthemarket[.]com/courses[.]html hxxps://edidos[.]shop/pass-this-step-to-go-further-riii1[.]html hxxps://joopshoop[.]shop/speedy-check-waitv111[.]html hxxp://195[.]66[.]213[.]9/private/html hxxps://tradersneez[.]click/api hxxps://sheayingero[.]shop/api hxxps://recessiowirs[.]click/api hxxps://thefashioniststop[.]top/api hxxps://scrayshutt[.]shop/api hxxps://coalliste[.]shop/api hxxps://fashiontrendsfe[.]click/api hxxps://numbercloudez[.]shop/api hxxps://endangeburen[.]shop/api hxxps://cn[.]klipkunefia[.]shop/api hxxps://learballe[.]shop/api hxxps://paleboreei[.]biz/api hxxps://desertedivi[.]cyou/api hxxps://pixelete[.]shop/rzy[.]mp3 hxxp://195[.]66[.]213[.]9/private/Document hxxp://147[.]45[.]44[.]131/infopage/vtqnbt[.]exe hxxps://climepunneddus[.]com/api hxxps://flockefaccek[.]org/api hxxps://guardeduppe[.]com/api hxxps://babberstalek[.]org/api hxxps://classyhelped[.]net/api hxxps://carrystuppeder[.]net/api hxxps://rebuildhurrte[.]com/api hxxp://emorista[.]org/libraries3[.]aspx hxxps://94[.]159[.]113[.]43/libraries3[.]aspx hxxp://94[.]159[.]113[.]43/libraries3[.]aspx hxxps://emorista[.]org/libraries3[.]aspx hxxps://uncledkoe[.]shop/api hxxps://cloudywalkj[.]click/api hxxps://progibitusdos[.]click/api hxxps://consisbelkju[.]cyou/api hxxps://accidenfaithyh[.]cyou/api hxxps://healsuperbusyz[.]cyou/api hxxps://leerborisup[.]shop/api hxxp://176[.]113[.]115[.]228/c[.]jpg hxxps://mustre[.]com[.]my/wp-content/images/pic26[.]jpg hxxps://armysmootevop[.]top/api hxxps://maerchen-beat-frei[.]ch/images/BQEHIQAG[.]exe hxxps://clockersspic[.]click/api hxxp://185[.]215[.]113[.]39/files/nickjonsong/random[.]exe hxxps://phobicharmno[.]shop/api |
Lumma Stealer |
| URL | hxxp://45[.]32[.]153[.]7/XClient[.]exe hxxp://85[.]31[.]47[.]24/files/acabandosemana[.]txt hxxp://85[.]31[.]47[.]24/files/empezamos[.]txt hxxp://92[.]255[.]57[.]155/b[.]jpg hxxp://87[.]120[.]116[.]179/files/viajes[.]txt hxxp://85[.]31[.]47[.]24/files/08012025[.]txt hxxp://85[.]31[.]47[.]24/files/bueno22[.]txt hxxp://85[.]31[.]47[.]24/files/guayabo[.]txt hxxp://85[.]31[.]47[.]24/files/cuilo[.]txt hxxps://api[.]telegram[.]org/bot7653235193:AAErxT3f2W-qzTimIvxT1DS_F7PBHDXW3fc/sendMessage hxxp://176[.]113[.]115[.]228/b[.]jpg hxxp://18[.]230[.]108[.]113/files/vapo[.]exe hxxp://18[.]230[.]108[.]113/vapo[.]exe hxxp://45[.]141[.]26[.]234/e[.]exe |
AsyncRAT |
| URL | hxxp://poloplus[.]ro/streamingimages/farmingbank[.]dll hxxp://85[.]31[.]47[.]24/files/arranquemoshoy[.]txt hxxp://85[.]31[.]47[.]24/files/MARTESVENTIUNO[.]txt hxxp://poloplus[.]ro/streamingimages/streamingblessings[.]bin hxxp://85[.]31[.]47[.]24/files/otraaavezjuu[.]txt hxxp://85[.]31[.]47[.]24/files/SEGURR[.]txt hxxp://poloplus[.]ro/streamingimages/farmingbank[.]txt hxxp://poloplus[.]ro/streamingimages/onestraminglines[.]bin hxxp://85[.]31[.]47[.]24/files/ENERO%2009[.]txt hxxp://85[.]31[.]47[.]24/files/ALGO[.]txt hxxp://poloplus[.]ro/streamingimages/farmingbank[.]bin hxxp://poloplus[.]ro/streamingimages/onestraminglines[.]txt hxxp://poloplus[.]ro/streamingimages/sslldd[.]txt hxxp://192[.]210[.]215[.]7/78/wq/niceworkingskillgivenbetterwayofbetterthings[.]hta hxxp://198[.]46[.]178[.]132/333/nicegirlfriendvideoentiretimeonbestthingstobe[.]gIF |
Remcos |
| URL | hxxps://re-botcheck[.]com/Capcha[.]html hxxps://booking[.]compltheroomchngnotific[.]com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDI hxxp://147[.]45[.]44[.]131/infopage/srqinsv[.]exe hxxp://185[.]208[.]159[.]240:8080/test[.]exe hxxp://185[.]215[.]113[.]39/files/5666444957/tYrnx75[.]exe |
XWorm |
| URL | hxxp://192[.]3[.]95[.]229/madamwebbbbbxxxxxxxx[.]txt | Agent Tesla |
| URL | hxxps://github[.]com/imperiska/lekers/raw/refs/heads/main/noyjhoadw[.]exe hxxp://147[.]45[.]44[.]131/infopage/tcsfq90[.]exe hxxps://github[.]com/TellerSins/uzump/raw/refs/heads/main/jmkykhjksefkyt[.]exe hxxp://5[.]252[.]155[.]72/1[.]exe hxxp://185[.]215[.]113[.]39/files/darkfarter/random[.]exe hxxp://185[.]215[.]113[.]39/files/6963001093/jrgXmS0[.]exe hxxp://185[.]215[.]113[.]39/files/7098980627/ugdKEDU[.]exe hxxp://185[.]215[.]113[.]39/files/Cyber_Yoda/random[.]exe hxxp://185[.]215[.]113[.]40/files/Cyber_Yoda/random[.]exe hxxp://185[.]215[.]113[.]40/files/6963001093/jrgXmS0[.]exe hxxp://185[.]215[.]113[.]40/files/7098980627/ugdKEDU[.]exe hxxp://185[.]215[.]113[.]40/files/darkfarter/random[.]exe |
Vidar |
| URL | hxxp://169[.]239[.]130[.]10/p[.]txt | XOR DDoS |
| URL | hxxps://solve[.]gyke[.]org/awjsx[.]captcha hxxps://solve[.]xgnv[.]org/awjsx[.]captcha |
ClearFake |
| URL | hxxp://ecmkkjcfdbjfbkf[.]top/1[.]php hxxps://cialispanettet[.]top/work/original[.]js hxxps://terrenalia[.]com/Trust[.]zip hxxps://cialispanettet[.]top/work/index[.]php hxxps://cialispanettet[.]top/work/files[.]php hxxps://sinobz[.]com/6g5f[.]js hxxps://sinobz[.]com/2l9j[.]js hxxps://sinobz[.]com/js[.]php hxxps://comtekinc[.]com/51w3[.]js hxxps://comtekinc[.]com/js[.]php |
FAKEUPDATES |
| URL | hxxp://185[.]102[.]115[.]7/api[.]zip hxxp://185[.]102[.]115[.]7/dep[.]md |
DanaBot |
| URL | hxxp://62[.]84[.]179[.]62/loclx[.]exe hxxp://62[.]84[.]179[.]62/villain[.]ps1 hxxp://62[.]84[.]179[.]62/demon[.]x64[.]exe |
Havoc |
| URL | hxxp://185[.]208[.]156[.]153:6656/Vre | Vjw0rm |
| URL | hxxps://teamfuels[.]com/modules/inc/get[.]php hxxp://forum[.]flasholr-app[.]com/wp-admin/src/upload[.]php |
Konni |
| URL | hxxp://kendallsuccess[.]com/front[.]php hxxp://stealthidea[.]monster/front[.]php |
Satacom |
| URL | hxxps://biteblob[.]com/Download/J4wO2GduKNJmX3/build[.]exe hxxp://159[.]65[.]122[.]137:8080/docs/config[.]json |
XMRig |
| URL | hxxps://icicirwd[.]com/api/user/step2 | AxBanker |
| URL | hxxp://157[.]173[.]120[.]37:8093/krankenhous[.]exe | Meterpreter |
| URL | hxxp://zenocore[.]net:8080/pdf/Dubai_LIV_Martine[.]lnk hxxp://208[.]76[.]223[.]60:8080/pdf/Dubai_LIV_Martine[.]lnk |
QakBot |
| URL | hxxps://destinystealer[.]com/Release[.]rar | StormKitty |
| URL | hxxp://176[.]123[.]1[.]211/dbDatalifeprivatecdn[.]php hxxp://pole4udes[.]ru/ExternalVideoTosecurePacketgeoApiServerWordpressdle[.]php hxxp://799615cm[.]nyashnyash[.]ru/linecpuProcessorLongpollProtectdbdatalifetempTemporary[.]php hxxp://188[.]120[.]225[.]2/ApidbdleCdntemporary[.]php hxxp://kreker[.]top/geoMultiWordpressUploads[.]php hxxp://uffyaa[.]ru/Phpjavascript_Test[.]php hxxp://94[.]250[.]249[.]125/0line/CentralLow9/_6to/TestProvidereternal8/tempVideoJavascript3/Test/2wpImageDump/PacketAuthserverDatalifeTemp[.]php |
DCRat |
| URL | hxxp://cutlej02[.]top/download[.]php?file=wapude[.]exe | CryptBot |
| URL | hxxp://185[.]208[.]159[.]240:8080/Update[.]exe | PureCrypter |
| URL | hxxps://emorista[.]org/sysfixsync/kernel-patches/january-2025/index[.]php | Matanbuchus |
| URL | hxxp://45[.]144[.]225[.]57/server[.]txt hxxp://185[.]215[.]113[.]39/files/unique1/random[.]exe hxxp://185[.]215[.]113[.]40/files/unique1/random[.]exe |
PrivateLoader |
| URL | hxxp://18[.]230[.]108[.]113/files/traf[.]exe hxxp://18[.]230[.]108[.]113/files/sel1[.]exe |
SmokeLoader |
| URL | hxxp://130[.]162[.]152[.]154:8080/js/4577[.]txt hxxp://130[.]162[.]152[.]154:8080/js/s[.]rar hxxp://130[.]162[.]152[.]154:8080/js/mq[.]txt hxxp://159[.]65[.]122[.]137:8080/docs/javas[.]txt hxxp://159[.]65[.]122[.]137:8080/docs/zy1[.]txt hxxp://159[.]65[.]122[.]137:8080/docs/xmrig[.]exe hxxp://185[.]215[.]113[.]51/WinRing0x64[.]sys |
Coinminer |
| URL | hxxp://185[.]215[.]113[.]39/files/initlosizz198hyjdr/random[.]exe | Socks5 Systemz |
| URL | hxxp://52[.]64[.]253[.]184:8000/ready[.]apk hxxp://13[.]60[.]104[.]110:8000/ready[.]apk hxxp://38[.]199[.]109[.]240/app/ready[.]apk |
SpyNote |
| URL | hxxp://185[.]29[.]10[.]20/aIqXYcJG152[.]bin hxxp://192[.]227[.]246[.]125/EviJxYi16[.]bin hxxp://192[.]227[.]246[.]125/JbAxG184[.]bin |
CloudEyE |
| URL | hxxp://45[.]141[.]26[.]234/1[.]jar | AdWind |
| URL | hxxps://194[.]105[.]5[.]12/index[.]html/payload[.]exe hxxps://galeforce[.]com[.]tr/index[.]html/payload[.]exe |
Metasploit |
