見た分だけ

PowerShell

• bolehprediksi[.]com
• www[.]designindia[.]live
• www[.]hair2mpress[.]com
• www[.]worldnoticiasonline[.]com
• 9jabliss[.]com
• theclub5[.]com
• www[.]gzhouyuesao[.]com
• www[.]mamanzen[.]com
• www[.]pixozz[.]ro
• segrato[.]com
• stylex[.]kg
• vip-watch[.]store
• service[.]jumpitairbag[.]com
• vhdogaru-001-site11[.]btempurl[.]com
• pickpointgarage[.]com
• juspu[.]com
• lavanyaholidays[.]com
• makansob[.]com
• niagarabeveragesintl[.]com
• famalivingcastellon[.]com

WScript

• 見た分では変化なし

今日はsubmit数少ない？

GitHub github.com

見た分だけ

PowerShell

• www[.]edusenz[.]com
• www[.]zml15117[.]com
• www[.]kaligraph[.]in
• diler[.]zimen[.]ua
• hillsidecandy[.]com
• rolexclinic[.]com
• adman[.]porndr[.]com
• redbeat[.]club
• www[.]gochange[.]in
• angar[.]cc
• begumazing[.]com
• ec-lossa[.]de
• sonsistemsogutma[.]com[.]tr
• mckennastout[.]com
• www[.]maatjemeerwinkel[.]nl
• bestcondodeals[.]net
• bpbd[.]tabalongkab[.]go[.]id
• cajasparabotella[.]com
• boardgamesofold[.]com
• ashishswarup[.]in
• intrasenz[.]com
• somaspristine[.]com
• fillstudyo[.]com
• zaitalhayee[.]com
• www[.]cirugiaurologica[.]com
• wemax-ks[.]com
• makeupandbeautyguides[.]com
• todayspagepk[.]com
• vancity[.]space
• softus-dev[.]com
• alea[.]ir
• www[.]baptist[.]sumy[.]ua
• baptist[.]sumy[.]ua
• www[.]ecoleannedeguigne[.]fr
• goldengarden[.]com[.]br
• anivfx[.]kr
• unoparjab[.]com[.]br
• 5designradioa[.]com
• agencia619[.]online
• africa2h[.]org

見た分ではjseのほうは通信先が昨日と同じっぽいです。ていうか難読化レベル上がってますね。。。。

あとjseの検体がもっと増えると思ってたんですけど、現在時点ではPowerShellのほうが多数submitされており活発な印象でした。

jseとPSでアクターが別な可能性もあるのかなぁという印象です。

見れる分だけ

• www[.]siyinjichangjia[.]com
• jamesrcook[.]us
• giatlalaocai[.]com
• www[.]jalanuang[.]com
• www[.]craftqualitysolutions[.]com
• fxvipmaster[.]com
• celebritytoo[.]com
• cuahangphongthuy[.]net
• onlyyoursitebest[.]xyz
• www[.]6666888[.]xyz
• www[.]icairjy[.]org
• beta[.]theeyestyles[.]com
• rcsic[.]technocloudtech[.]com
• www[.]expertencall[.]com
• lifebrate[.]com
• brkglobalsolutions[.]com
• colegioquimico-001-site5[.]dtempurl[.]com
• cc8848[.]xyz
• cmc[.]inflack[.]net
• faridio-001-site9[.]ftempurl[.]com
• www[.]oasineldeserto[.]info
• wieland-juettner[.]de
• humanhair[.]vn
• upstart[.]ru[.]ac[.]za
• www[.]jigsaw[.]watch
• apk-downloader[.]net
• www2[.]jessicagalfas[.]com
• conilizate[.]com
• kevinmk[.]com
• elitenews[.]in
• maxtechmfg[.]com
• www[.]vbetnews[.]com
• blogforlady[.]com
• mp[.]webexpertsonline[.]org
• minotka[.]com
• visionplusopticians[.]com
• tv[.]htg[.]ink
• pilarfhiesalameda[.]000webhostapp[.]com
• www[.]lifebrothers[.]at
• euskararenetxea[.]eus
• fisheries[.]fpik[.]unpad[.]ac[.]id
• enjoy-aquaristik[.]de
• charity[.]charitypromoted[.]com
• www[.]latiao[.]pw
• fashionmall4u[.]com

GitHub

github.com

今日のやつ

• asemancard[.]com
• trilochan[.]org
• w04[.]jujingdao[.]com
• vinetechs[.]net
• www[.]vendameucarroo[.]com
• theclub5[.]com
• www[.]gzhouyuesao[.]com
• www[.]mamanzen[.]com
• www[.]pixozz[.]ro
• segrato[.]com
• prkcaddtrainingcenter[.]com
• thohun[.]org
• theforexexpo[.]itradesoft[.]com
• ukrhockey[.]info
• verstka[.]website
• design[.]smrt[.]site
• dftworld[.]com
• dashonweb[.]com
• credibizme[.]com
• www[.]demo[.]thedryerventpro[.]com
• prkcaddtrainingcenter[.]com
• thohun[.]org
• theforexexpo[.]itradesoft[.]com
• ukrhockey[.]info
• verstka[.]website
• wpprimebox[.]com
• wp[.]ewa-iot[.]com
• www[.]astrologerpanchmukhijyotish[.]com
• basepresupuestos[.]com
• camraiz[.]com

今日は同じ通信先の検体が多くSubmitされていたという印象です。

今日のやつのmdは以下

github.com