2/10 15:00くらいまでにany.runにsubmitされた #Emotet のペイロードに含まれるドメインリストまとめた
見た分だけ
Hostname
- ads[.]kalabisim[.]com
- old[.]boracay-presse[.]com
- projectpartyweb[.]vulturdev[.]com
- malaysia[.]hadatha[.]net
- www[.]securotop[.]com
- etrackdivi[.]hostly[.]hu
- janusblockchain[.]com
- hondasaigon[.]com[.]vn
- iam-creative[.]co[.]id
- kabul365[.]com
- pemasaran[.]ptpnxiv[.]com
- aws[.]firstdistribution[.]com
- reklamlar[.]mamadunyasi[.]com
- medjamakan[.]com
- www[.]codetisan[.]com
- ta-behesht[.]ir
- tatcogroup[.]ir
- tcpartner[.]ru
- tepcian[.]utcc[.]ac[.]th
- ourproductreview[.]in
- 9jabliss[.]com
- nvl[.]netsmartz[.]net
- tbadl-ashtrakat[.]000webhostapp[.]com
- web23[.]s170[.]goserver[.]host
- steakhouse42[.]site
- movin[.]cloud
- ribrart[.]com
- www[.]pureborn[.]com
- phuongphamngulao[.]gov[.]vn
- wwwzarawazircom[.]000webhostapp[.]com
- supcargo[.]com
- sunucuo[.]com
- sweetestshop[.]ca
- subhedarmarketing[.]com
- takharandshankertour[.]com
- consultinghd[.]ge
- spicetraders[.]ch
- 1negah[.]net
- dennis-roth[.]de
- luaviettours[.]com
IP
- 152[.]169[.]31[.]120
- 211[.]20[.]154[.]102
- 24[.]249[.]63[.]138
- 103[.]38[.]12[.]139
- 71[.]126[.]247[.]90
- 98[.]239[.]119[.]52
- 80[.]86[.]91[.]91
- 104[.]236[.]28[.]47
- 45[.]79[.]223[.]161
やっぱり使い回しのスパン短くなってるような。。。
