any.runに上がってる #Emotet の通信先について調べてみた
こんばんは。はしだいです。
any.runにアップされてたEmotetの通信先について、Maldoc解析の勉強がてら調べてみたのでブログ書きます。
11/29の午前中(JST)にアップされていた.docのものを調べてみました。
https[://]app[.]any[.]run/tasks/74719cfc-67b6-455c-89aa-34bdb3a41dc3/
md5: c404bf981ea5909a508b3ff9269e0986
URL
- http[://]www[.]stages[.]defilangues[.]be/3hs5wkd/VoT/
- IP: 213[.]186[.]33[.]5
- AS: AS16276 OVH, FR
- http[://]delicedurucher[.]fr/wp-includes/vn/
- IP: 87[.]98[.]154[.]146
- AS: AS16276 OVH, FR
- https[://]rosimonteiro[.]com[.]br/wp-content/AH4/
- IP: 35[.]161[.]124[.]10
- AS: AS16509 AMAZON-02 - Amazon.com, Inc., US
- http[://]www[.]cdfatimasad[.]pt/wp-admin/ls7g/
- IP: 52[.]30[.]157[.]149
- AS: AS16509 AMAZON-02 - Amazon.com, Inc., US
- https[://]thedressmaker[.]pk/wp-includes/HrppOePG/
- IP: 104[.]28[.]26[.]66
- AS: AS13335 CLOUDFLARENET - Cloudflare, Inc., US
https[://]app[.]any[.]run/tasks/56d3cc78-3a38-4f8c-9b1a-533e7d4492bb/
md5: 172a64f1ca46e3a8a779821c0561ef50
URL
- http[://]tanghuo8[.]com/wp-admin/y5q6e02/
- IP: 129[.]211[.]68[.]85
- AS: AS45090 CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN
- http[://]mnmsg[.]com/calendar/4u5/
- IP: 209[.]134[.]150[.]115
- AS: AS8015 Vector Internet Services, Inc., US
- http[://]downloadmovies24[.]com/upload/aumPBqD02/2i09833/
- IP: 104[.]28[.]29[.]38
- AS: AS13335 Cloudflare, Inc., US
- http[://]classywonders[.]com/web_map/fsrm01124/
- IP: 35[.]158[.]125[.]211
- AS: AS16509 Amazon.com, Inc., DE
- http[://]iimtgroupeducation[.]info/wp-admin/a7900276/
- IP: 166[.]62[.]10[.]32
- AS: AS26496 GoDaddy.com, LLC, US
https[://]app[.]any[.]run/tasks/83add37f-0198-46d5-823a-45d1e9f9ac01/
md5: 7ee69ba54f45faf416687c01a95f0192
URL
- http[://]www[.]huayishi[.]cn/wp-includes/p1GL8OTW/
- IP: 124[.]116[.]176[.]81
- AS: AS4134 No.31,Jin-rong Street, CN
- http[://]bangsaraycondo[.]com/bxqg/le81/
- IP: 104[.]28[.]21[.]199
- AS: AS13335 Cloudflare, Inc., US
- http[://]healvideos[.]com/blogs/e23/
- IP: 107[.]180[.]26[.]81
- AS: AS26496 GoDaddy.com, LLC, US
- https[://]www[.]sisustussuunnittelu[.]fi/cgi-bin/218t/
- IP: 185[.]26[.]49[.]42
- AS: AS202053 UpCloud Ltd, FI
- https[://]www[.]noticiare[.]com[.]br/oihpj/jmjhf2/
- IP: 35[.]193[.]38[.]118
- AS: AS15169 Google LLC,US
https[://]app[.]any[.]run/tasks/83add37f-0198-46d5-823a-45d1e9f9ac01/
md5: 404b834f271885bb15d23658ba1b2179
URL
- https[://]nompareilleproductions[.]fr/wp-content/WTdK/
- IP: 46[.]105[.]57[.]16
- AS: AS16276 OVH, FR
- https[://]lockingsystemsnw[.]com/o144/ueffi/
- IP: 198[.]71[.]233[.]109
- AS: AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US
- https[://]learn8home[.]com/cgi-bin/rex/
- IP: 64[.]20[.]39[.]19
- AS: AS19318 IS-AS-1 - Interserver, Inc, US
- https[://]news4uni[.]com/wp-admin/jz8i/
- IP: 138[.]201[.]5[.]129
- AS: AS24940 HETZNER-AS, DE
- https[://]wooodev[.]com/wp-admin/bokm7/
- IP: 149[.]255[.]60[.]174
- AS: AS34931 AWARESOFT, GB
また調査したらブログ書こうと思います。 では。