TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究ログ

Cloud Hopper (まとめ)

【概要】

攻撃作戦 Operation Cloud Hopper
攻撃対象 Managed Services Provider (MPS)
目的 標的となった企業の資産や取引上の機密情報の窃取
攻撃組織 APT10, MenuPass, POTASSIUM, Stone Panda, Red Apollo, CVNX

【ニュース】

◆中国のハッキンググループが世界中のマネージドサービスプロバイダーを標的に--PwCら報告 (ZDNet, 2017/04/05 13:52)
https://japan.zdnet.com/article/35099282/
http://malware-log.hatenablog.com/entry/2017/04/05/202857

◆中国のハッカー集団は何を狙うのか--日本も巻き込む攻撃の手口 (ZDNet, 2017/04/28 08:00)
https://japan.zdnet.com/article/35100477/
http://malware-log.hatenablog.com/entry/2017/04/28/000000_3

◆〔オセアニアン事件簿〕中国によるサイバー攻撃、豪政府に対応圧力 (NNA ASIA, 2018/11/21)
https://www.nna.jp/news/show/1838466
http://malware-log.hatenablog.com/entry/2018/11/21/000000_7

◆ドイツ企業に中国からハッキングか、独情報当局が警告=報道 (ロイター, 2018/12/19 19:38)
https://jp.reuters.com/article/germany-security-idJPKBN1OI0ZD
http://malware-log.hatenablog.com/entry/2018/12/19/000000_4

◆中国がHPEとIBMに不正アクセス、顧客企業にも侵入 (ロイター, 2018/12/21 07:40)
https://jp.reuters.com/article/china-cyber-hpe-ibm-idJPKCN1OJ2XD
http://malware-log.hatenablog.com/entry/2018/12/21/000000_9

◆Special Report: Inside the West’s failed fight against China’s ‘Cloud Hopper’ hackers (ロイター, 2019/06/26 20:04)
https://www.reuters.com/article/us-china-cyber-cloudhopper-special-repor/special-report-inside-the-wests-failed-fight-against-chinas-cloud-hopper-hackers-idUSKCN1TR1DK
https://malware-log.hatenablog.com/entry/2019/06/26/000000_4

◆Exclusive: China hacked eight major computer services firms in years-long attack (ロイター, 2019/06/26 20:04)
https://www.reuters.com/article/us-china-cyber-cloudhopper-companies-exc/exclusive-china-hacked-eight-major-computer-services-firms-in-years-long-attack-idUSKCN1TR1D4
https://malware-log.hatenablog.com/entry/2019/06/26/000000_5

◆中国、富士通やNTTデータにも不正侵入 大規模サイバー攻撃 (ロイター, 2019/06/27 01:28)
https://jp.reuters.com/article/china-cyber-cloudhopper-companies-idJPKCN1TR2I2
https://malware-log.hatenablog.com/entry/2019/06/27/000000

◆世界が注視する中国のハッカー集団「APT10」とは… (テレ朝, 2019/06/27 16:00)
https://news.tv-asahi.co.jp/news_international/articles/000158125.html
https://malware-log.hatenablog.com/entry/2019/06/27/000000_3

◆特別リポート:中国クラウドホッパー攻撃、西側敗北の裏事情 (ロイター, 2019/06/28 17:25)
https://jp.reuters.com/article/china-cyber-cloudhopper-idJPKCN1TT114?il=0
https://malware-log.hatenablog.com/entry/2019/06/28/000000_3


【ブログ】

◆APT10 - Operation Cloud Hopper (BAE, 2017/04/04)
http://www.baesystems.com/en/cybersecurity/blog/apt10-operation-cloud-hopper
http://malware-log.hatenablog.com/entry/2017/04/04/000000_2

◆過去最大規模のサイバー諜報活動「Operation Cloud Hopper」、日本も標的に (Trendmicro, 2017/04/13)
https://blog.trendmicro.co.jp/archives/14690
http://malware-log.hatenablog.com/entry/2017/04/13/000000_6


【公開情報】

◆Operation Cloud Hopper Indicators of Compromise (pwc, 2017/04/05)
https://www.pwc.com/jp/ja/japan-service/cyber-security/assets/pdf/operation-cloud-hopper.pdf
https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf
http://malware-log.hatenablog.com/entry/2017/04/05/000000_5

◆Uncovering a new sustained global cyber espionage campaign (pwc, 2017/04/05)
https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html
http://malware-log.hatenablog.com/entry/2017/04/05/202857


【資料】

◆Operation Cloud Hopper (クラウドホッパー作戦) (PWC, 2017/4/04)
https://www.pwc.com/jp/ja/japan-service/cyber-security/assets/pdf/operation-cloud-hopper.pdf
http://malware-log.hatenablog.com/entry/2017/04/04/000000_6

◆Operation Cloud Hopper (pwc, 2017/04)
https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf
http://malware-log.hatenablog.com/entry/2017/04/05/202857


【関連情報】

f:id:tanigawa:20170529204753p:plain
f:id:tanigawa:20170529204929p:plain
f:id:tanigawa:20170529204943p:plain
出典: http://baesystemsai.blogspot.jp/2017/04/apt10-operation-cloud-hopper_3.html

f:id:tanigawa:20170529201732j:plain
f:id:tanigawa:20170529202245j:plain
f:id:tanigawa:20170529202400j:plain
f:id:tanigawa:20170529202140j:plain
出典: https://japan.zdnet.com/article/35100477/


【関連まとめ記事】

◆APT10 / MenuPass (まとめ)
http://malware-log.hatenablog.com/entry/APT10

【インディケータ情報】

■ハッシュ(MD5)

001b8f696b6576798517168cd0a0fb44
007f5599898ab9013672226b4c5f57e1
01468a69ca8676b51a357676e0856c88
018509c1165817d4b0a3e728eab41ea0
0232172544079ff42890db4fd248cc11
0506cf6d4e86c9ad1d4ea985f43582c6
05138bd38f7c63313cb72b4ed5c241fa
05c974fa1e5c11e472706f98c9923f61
0687d9cd29d39c98aba312a0baaa4506
076ec3aa6b0cb93e7d4cd607f3ced946
07abd6583295061eac2435ae470eff78
08709f35581e0958d1ca4e50b7d86dba
08a268a4c473f9920b254a6b6fc62548
08a3259648ae99053ba24aa60a309770
08f10881e2c57eb6f7368b7c06735826
0921d7b4bf06276f4f59c85eb240da29
098bfd5c1e7a5cf9f914c09abacb58f9
0991c9c0797d5299ad29ba55a87f13a6
0ad3ed5588eec7ba4988c8892a5c2946
0b6845fbfa54511f21d93ef90f77c8de
0b87f38f9151ef81e07c2cdd8a602335
0c0a39e1cab4fc9896bdf5ef3c96a716
0dc209a146d163f70a8f7d2a6cfd33e1
0ea8b5118943827db26dd07785180909
0f3f59190054c95b9001baa3f2aea917
0f6b00b0c5a26a5aa8942ae356329945
102494d665b137bf91e902076f339185
10c13a817bf7622b2359d1816be4c122
11ea8d8dd0ffde8285f3c0049861a442
13cdd0d9f222a47589c5c71fa3ac2cbe
15faecbbc412a7c3bd1049d77bc7618b
16ab92cc9a5d40cf0e3fa01fed0dd80f
17b8e6ac3830ad58afe1a70df4319fae
184dd07bc91cc915aebf157a8b28066d
19417f7551bc54db6783823325557773
19609562ae8df094b1f6e313aff21359
19610f0d343657f6842d2045e8818f09
1a14bd60f4c49d1aebd245968a3a654f
1b1588507439cf700f411336e40b94a1
1b50e838babcd80ab95cff14bdf22a69
1b851bb23578033c79b8b15313b9c382
1b891bc2e5038615efafabe48920f200
1bc481cb01b205095c86174a171676d8
1c3fe3ec1148fa72c18e2fcc3cdb354f
1d0105cf8e076b33ed499f1dfef9a46b
1d3ebced0619f8e399a91735a05cf617
1ecbff1a46a8ec9a0c3ee45a390950a0
200c06f1be562a09cafab07d22838767
20e5d623af9afe095ef449cb9b6c9b46
21567cce2c26e7543b977a205845ba77
223d1396f2b5b7719702c980cbd1d6c0
22d799e3fe58e5d10341080d370b683e
233368858a54e5f41f28dbbb7b9bb245
234257c192caa419d14096f104b03e06
23d03ee4bf57de7087055b230dae7c5b
24c2661aece1c089aa57c6efa7380e9d
250495a936dd186b689438aab3cea65b
251a5361efa82fb66e0832cc2de63b93
257b3ed1145c25e3e67f83f61a637034
25a11276aa992478f4c21c64ee409b35
25a2bb2eda3c432a4c1ce481d9ceb2e6
2685d8eb6009fd7f03956928f08071de
26c7326f4449c1337fc42e43ca0790dd
26f932c0ff3dd6bbf0361a6b97343b1a
28d5fb5d73c7f9b442827fa1a3c09e29
291976ba47cec4b3c0e31cbc50ab1923
2a92aff566d6b1253e5c63336c32df73
2b7db3f35255c34676570dcff88cc7b3
2bd698ae474b18cf4748edd99bd6c9e7
2d1e048030c27e2d57f0448df78142f6
312d49a05b6effe1f2ef2775c13b4382
3160654955f818072f6f8a8782e0f16f
32d85825a7f627cdf8070a379b6b464f
33c50a7ec7fc4cd601801eed093dc620
343974937d2a9a83ea08828cf447a53e
354b40f155beefcac3a41c2ffabbf6c8
35947b085e4593ccf38a5eb26ca4d4cf
3643d7d278316eb23e852638cef4e51c
37a5d27d49385f4e8edb94ad83b38164
37c89f291dbe880b1f3ac036e6b9c558
392f15c431c00f049bb1282847d8967f
3afa9243b3aeb534e02426569d85e517
3cbb5664d70bbe62f19ee28f26f21d7e
3d83df756cc1e575755a7a3a8d9d8afc
3dca6cbf1981ab987987966228d95e55
40ae680e0f9cf3ae344ad97c55723aa9
410774441b39165380ecb50598d7a799
429f5048462fd037e3ad7f8a211004c6
42c6e38375e46075eb1abd7a41ae15c5
433f5dc5546d98cc9e4597b342df31cf
454a7f651e366ec0982216ae8d45544d
45f5b2404eefe7672534bcd13466987d
472b1710794d5c420b9d921c484ca9e8
4840ee7971322e1a6da801643432b25f
486a97e513b02bde9e61f16ec8c55a01
492c9ea17e215053db1c214bb369684f
494e65cf21ad559fccf3dacdd69acc94
4a076785e9786324bb852dd5bc27f10b
4b7cc736e85f6c2d128a78c69280f12c
4d3c31e95879ca85caadaad0c91974e3
4d449395552584ef28c7dea47e54cb30
4d4ecaa074e5bab3ecc0c68de10687e5
4e6bf299554a356e91e9d230014075fc
4eb8a6b39b3f8e952473874f99225b2c
4f505ca0ea4540e6662def1c1ddadd03
50b03a4d7ff45c2d8724de1292c1b8f4
51abc29c8f832a6ed57b6d9bdf05ac1f
52f6a991feb2785451d66b49f287e588
531a86012f2250e97a75323b9b64d63a
5359c9cd0936d10b88b6bce295026ea9
53c8096033db54e5ec3d5eb9ac080fc4
55b8690c0aae4e500e645d5f49ce5a13
578b17334312f81934adfed048ffdafd
57a797dff7bb1d26074845a72e2e70d2
583ab1678588b754899b9d2c58f20aa2
584f13c639ecf696781515a593234deb
58553dcf4f13b6ec1dde8ba2a58ec8e9
588f58afc2298e6b31e44ebc86aee104
59a3ff3496740ceea97ff70a980bc3ae
5a78974df88ab6a67bb72a5c7a437fb2
5b425dcf90df36706bcdd21438d6d32a
5c5401fd7d32f481570511c73083e9a1
5e0091c529d7d43f803c2cfff5de28d7
5e8d1e8518d10893eab0b1b1ebb6c97d
5ed1cb6e270a66d593478ebfefd7213d
5ef46462597297547be10a6ac9a28247
5f3b25e36f6c6637eb08dcca1c3a8ed6
61c886305f490c0f1b6a9407aeb01596
6257e9973eb355b73d7610be8c1f0663
6285cba13fc5c2538e31c7f2529c7069
62898b77bd9e8e286d6bc760f3e28981
65eacb6fec60ad22ca32b47e8f50a907
667989ffa5e77943f3384e78adf93510
66fae10b1e063cbaca1e1d58d56c13cd
684888079aaf7ed25e725b55a3695062
686bb59ea637fb3af214c8c21761cda8
69f8ac18b047aa0c70eaf982fa1e483c
6a3b8d24c125f3a3c7cff526e63297f3
6b27330b779541ae8f3de7a491a19d8f
6e311f3af7fbf98b0af1241e26e07e4
6f3d15cf788e28ca504a6370c4ff6a1e
6f5648ea4ca8a65c36c328c5ae8ac096
6fea7954ab3d31414946d95e72f3152c
6ff16afc92ce09acd2e3890b780efd86
7007b54e7e3f84844086d5320806788e
726788726dfb19231c6fc9c83ee2f392
72f50a28656fa65b6d770af89ed82d69
730c2d11835d2d8804d5a93b67cd8fe2
75500bb4143a052795ec7d2e61ac3261
7891f00dcab0e4a2f928422062e94213
78a4fee0e7b471f733f00c6e7bca3d90
78c309be8437e7c1d2dd3f12d7c034c8
79e5a1d9adad4d64c8f5be2eb8345605
7af04a468de09c519681dcb0bd77030b
7bee1d0709169e07db6182e65dc50b60
7f9692ba1a14c9c5ea97d6182f07051b
7fe3e44991c645642119fcc683bd62df
80fa12d221adba53b8e7f9514960f945
81f1d7bec990a29a9552bd430006ced9
82f926009c06dfa452714608da21cb77
8312e9bd38f9116214d32c5a829e9529
83448fc10f297a6968aeda7c02b09051
839698d0419d06a511f421b065e04f5b
841dfe3eaafe68cc0b989fbf55a34c9c
84e767032054e0c2fef5764fb60679f4
850a7e877d8e68188714ff5344f6fc15
89c501be309678be8c30f81a328daaf7
89cdae384c49f321a22dfb848cfa46ed
8a21337be17e1e921eeb4d1b9c1b4773
8a93859e5f7079d6746832a3a22ff65c
8af979b96c28131f394e267c6210ba91
8c9e843d62ff89f15c25517eff02497b
8d6b6e023b4221bae8ed37bb18407516
8ece7de82e1bdd4659a122c06ea9533e
923c0e5dec753e3b7eb6d8f441a7206f
93a4328e1e347447044146b53972cd37
94bdc9ded334eceedfa288ffdd03e30f
95da3987c6ebd2646e90b7c2a42c19a7
994fdc67386bd33bf849dd97adc04244
99d33c40d22a14f90dd6cdb1d639163b
9a014c33f9a9958ffbcf99d2a71d52fe
9a8c76271210324d97a232974ca0a6a3
9af4c1e5bb81bf2df607653fcc25915a
9da42d0bce9f5dbf22d33df77c561bda
9df608f5bd1e6d2cac11950cf8a75a80
9ed1164f4f6a337cde2ba6e7c72730cf
9ee006601c5ee9f6f1992ec38fed63f6
9ee1d2df2abe915b84980af9675f4180
9fb73e749107447fccd5bb48627fd6a9
a02610e760fa15c064931cfafb90a9e8
a07fea56b45d0d1ebb6df4589e750464
a1942d1cc7552387393b91a14c9a3d73
a1d0f8895052b60c4d2860556494f233
a2768b46a48c72e6f183c99333c14ff6
a32468828c12657497cddf57190f5700
a50c5ba8a92c7b199ac9e20a815d9e69
a7517905e08efd0add3a0c3c7ba95388
a75bea992cef46c1a4ee5146150540aa
a79f96647c4ca5527e56057d5173ab47
ab57a44d58dad47314048c8b3ccff60b
ac0ff4bad83350b7dde27af8728a469f
ac725400d9a5fe832dd40a1afb2951f8
ac86c256b30534d5ede4a0df1019507e
ae3c3741c6fc6fe9bafae5fd352e58f7
aed6ec002370818ddab2ca164a6b4e18
b0263050fdc7c6ae3836f43c7ffdd7b0
b0649c1f7fb15796805ca983fd8f95a3
b0f541cd6bff77de916e58d493f54b10
b18a316b2ce6e099fe7fbf69283cbc5e
b2dfe6d3be38cef08e9a3141ca3599c0
b3139b26a2dabb9b6e728884d8fa8b33
b332234f01ec229a03c0c60045f37072
b34402586a077b7ed11b44d042c7aabf
b42062a6947c8801f5a35c365f09bca4
b45318fe5c373cf4e252baea82fb0337
b4bea824c539785dedb83c8599c90255
b66816052c2a29cd5449d990341252ae
b872ad1460aeb948d1e0ad71a92789d2
b9456beff99ae2dc1a5321a10b0014ea
babd8cd2f24c809fedec1a5642b5fe46
bd1ae82185d3eb0a8c8c615e710240ac
bd64660692b84e2b6fcb25d02cecbbcb
bdd054de9e710830ac04b6f076fc5f71
c0c8dcc9dad39da8278bf8956e30a3fc
c1cb28327d3364768d1c1e4ce0d9bc07
c1e5c46e4ef284f2922bb458c9ba3ce2
c2a07ca21ecad714821df647ada8ecaa
c32c1cc761f92e60dd3d92f895ecd4db
c578b8db3869d92482fc77eeedf41eb0
c7e6d3ee926bf5d430644c74b25854de
c7f6e98e4539bd127573cd5934256c91
c870ce1cbc120f74059e5f1bb1f76040
c93eef1b06805a23e655c3856e7c7a17
ca507b0dd178471e9cadf4ca313a67e3
ca9644ef0f7ed355a842f6e2d4511546
cddfa154bbe89d4627210eba087c3504
d108706282a7ec7a9a9452e6e88e33ea
d1adc4f3a766b1bc55e3508c380c6d3d
d1bab4a30f2889ad392d17573302f097
d316848ce47c098ccfe72aa7311aaffa
d32be2f813971ec66c54697d78229653
d3ae29e3719d5fd68d31bf3c4d9eac30
d4398f6f7ba070b6cdee7204f6862bd9
d4b7f99669a3efc94006e5fe9d84eb65
d508147fed6e41bfc31ad8151bc0bb13
d537ce1bb88d7bd0d9d30f0554b91f51
d67e2f5e6a0b046ae3bf5c61f1f384ec
d69598758998cf5f677be9312b807938
d6adc86bc53e1730a077af49d9ca27d1
d7dc970923cc80be272aaf6bd1a59fe7
d81b91cd4c6f42eb7049109cb42461ed
d84851ad131424f04fbffc3bbac03bff
d9a958d55d457d745998ee70cf025cb9
d9f87e744dbc898212a9eaa4594301b0
da5ee020bef41dc95c3532cbaa1ea8f4
db212129be94fe77362751c557d0e893
dbb867c2250b5be4e67d1977fcf721fb
dc6ffd15d88f15f129f6f00f4fb82a0a
de32915056d480b8b722e0a93164dbfe
df5bd411f080b55c578aeb9001a4287d
e03e6807df25c111f79eac86907668b9
e0593f81fdf39eefd17427adac3825e2
e0ab70ff814592a18864eb05a516a711
e1663b6462115ba929b05bb75a61ed5f
e1fbf8d74b622fde3cf765a3a51ca39f
e2b61acf0db4d64d9fb325922c014969
e61c043005c16028dd55c04b14041f5e
e68ac9e407477b29073ebe4a15e1f520
e696b38ac71b23f50ee68da06a004af3
e6b7df4e923e701f1f8464c768eca166
e6c596cfa163fe9b8883c7618d594018
e75fe20dd51d32772d5211924d4f8564
e84b87db6ae7c34fc7e6bc2f0bef4ae4
e85005524e8e6a8612c9d0899bb952d6
e86531b216dc3f7d92da5d6c03871b45
e8f3790cfac1b104965dead841dc20b2
e96c994b21490ea5c8c7d78fecfeac87
e975d5b29d988929e5ad3a8fa19083d1
eca515f4d356627969a630434f29ca4b
edfa6607207ddbca961ae7b78405f761
ef9c0ea7ad447d0841e083534249089e
ef9d8cd06de03bd5f07b01c1cce9761f
f01a9a2d1e31332ed36c1a4d2839f412
f03f70d331c6564aec8931f481949188
f0be554b1d9b394bc2a90322ca944fce
f0d6b45e96cdbbbec6403ddb2ca98654
f310584eb1538cb78ca8c225038b2e54
f41023d4b0fe091eaeb778c621ac38d7
f5744d72c6919f994ff452b0e758ffee
f586edd88023f49bc4f9d84f9fb6bd7d
f68008057ff5dbc67c938b3f5f68a54d
f6a79b54c6351c32fe35cda9a78b607f
f6caa0160a6f0e5264fd16fa5ae95696
f847d99eedfe57949dd598a693a2d35f
f86c912661dbda535cbab464e79e26be
faacabea42afbc6cd5ce684e1bbfb073
faf9576ce2af23aac67d3087eb85a92b
fb0c714cd2ebdcc6f33817abe7813c36
fc26ad639598a92546af2daa6f6a7afd
fc7487a7f35a510246280589f228ecfc

(以上は PWC の情報。 引用元は https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v3.pdf)



■ドメイン

002562066559681.r3u8.com
031168053846049.r3u8.com
0625.have8000.com
1.gadskysun.com
100fanwen.com
11.usyahooapis.com
19518473326.r3u8.com
1960445709311199.r3u8.com
1j.www1.biz
1z.itsaol.com
2012yearleft.com
2014.zzux.com
202017845.r3u8.com
2139465544784.r3u8.com
2789203959848958.r3u8.com
5590428449750026.r3u8.com
5q.niushenghuo.info
6r.suibian2010.info
9gowg.tech
a.wubangtu.info
a1.suibian2010.info
ab.4pu.com
abc.wikaba.com
abcd120719.6600.org
abcd120807.3322.org
acc.emailfound.info
acc.lehigtapp.com
acsocietyy.com
ad.getfond.info
ad.webbooting.com
additional.sexidude.com
af.zyns.com
afc.https443.org
ako.ddns.us
androidmusicapp.onmypc.us
announcements.toythieves.com
anvprn.com
aotuo.9966.org
apec.qtsofta.com
app.lehigtapp.com
apple.cmdnetview.com
apple.defensewar.org
apple.ikwb.com
appledownload.ourhobby.com
appleimages.itemdb.com
appleimages.longmusic.com
applelib120102.9966.org
applemirror.organiccrap.com
applemirror.squirly.info
applemusic.isasecret.com
applemusic.itemdb.com
applemusic.wikaba.com
applemusic.xxuz.com
applemusic.zzux.com
apples.sytes.net
appleupdate.itemdb.com
architectisusa.com
area.wthelpdesk.com
army.xxuz.com
art.p6p6.net
asfzx.x24hr.com
av.ddns.us
availab.wikaba.com
availability.justdied.com
ba.my03.com
baby.macforlinux.net
baby.myie12.com
baby.usmirocomney.net
back.jungleheart.com
back.mofa.dynamic-dns.net
bak.have8000.com
bak.ignorelist.com
bak.un.dnsrd.com
balance1.wikaba.com
balk.n7go.com
banana.cmdnetview.com
barrybaker.6600.org
bbs.jungleheart.com
bdoncloud.com
be.mrslove.com
be.yourtrap.com
belowto.com
bethel.webhop.net
bexm.cleansite.biz
bezu.itemdb.com
bk56.twilightparadox.com
blaaaaaaaaaaaa.windowsupdate.3-a.net
blog.defensewar.org
brand.fartit.com
bridgeluxlightmadness.com
bulletproof.squirly.info
cao.p6p6.net
cata.qtsofta.com
catholicmmb.com
cc.dynamicdns.co.uk
ccfchrist.com
ccupdatedata.authorizeddns.net
cd.usyahooapis.com
cdn.incloud-go.com
center.shenajou.com
cgei493860.r3u8.com
chaindungeons.com
chibashiri.com
childrenstow.com
cia.ezua.com
cia.toh.info
ciaoci.chickenkiller.com
civilwar123.authorizeddns.org
civilwar520.onmypc.org
ckusshani.com
cloud-kingl.com
cloud-maste.com
cloudns.8800.org
cmdnetview.com
cms.sindeali.com
cnnews.mylftv.com
commissioner.shenajou.com
commons.onedumb.com
contactus.myddns.com
contactus.onmypc.us
contract.4mydomain.com
contractus.qpoe.com
contractus.zzux.com
coreck.suayay.com
cpu.4pu.com
cs.lflink.com
ctdl.windowsupdate.itsaol.com
ctdl.windowsupdate.nsatcdns.com
ctldl.appledownload.ourhobby.com
ctldl.applemusic.itemdb.com
ctldl.itunesmusic.jkub.com
ctldl.microsoftmusic.onedumb.com
ctldl.microsoftupdate.qhigh.com
ctldl.windowsupdate.authorizeddns.org
ctldl.windowsupdate.authorizeddns.us
ctldl.windowsupdate.dnset.com
ctldl.windowsupdate.esmtp.biz
ctldl.windowsupdate.ezua.com
ctldl.windowsupdate.gettrials.com
ctldl.windowsupdate.itsaol.com
ctldl.windowsupdate.lflinkup.com
ctldl.windowsupdate.mrface.com
ctldl.windowsupdate.nsatcdns.com
ctldl.windowsupdate.organiccrap.com
ctldl.windowsupdate.x24hr.com
cvnx.zyns.com
cwiinatonal.com
daddy.gostudyantivirus.com
dcc.jimingroup.com
dd.ddns.us
de.onmypc.info
dear.loveddos.com
dec.seyesb.acmetoy.com
dedgesuite.net
dedydns.ns01.us
defensewar.org
demoones.com
department.shenajou.com
details.squirly.info
development.shenajou.com
devilcase.acmetoy.com
dfgwerzc.3322.org
dick.ccfchrist.com
digsby.ourhobby.com
disruptive.https443.net
dlmix.ourdvs.com
dnspoddwg.authorizeddns.org
do.ddns.ms
document.methoder.com
document.shenajou.com
domainnow.yourtrap.com
download.applemusic.itemdb.com
download.microsoftmusic.onedumb.com
download.windowsupdate.authorizeddns.org
download.windowsupdate.dedgesuite.net
download.windowsupdate.dnset.com
download.windowsupdate.itsaol.com
download.windowsupdate.lflinkup.com
download.windowsupdate.nsatcdns.com
download.windowsupdate.x24hr.com
downloadlink.mypicture.info
drives.methoder.com
dst.1dumb.com
duosay.com
dyncojinf.6600.org
dynsbluecheck.7766.org
ea.onmypc.info
ea.rebatesrule.net
edgar.ccfchrist.com
ehshiroshima.mylftv.com
emailfound.info
eric-averyanov.wha.la
essashi.com
eu.acmetoy.com
eu.wha.la
eu.zzux.com
everydayfilmlink.com
ewe.toshste.com
eweek.2waky.com
exprenum.com
express.lflinkup.com
extraordinary.dynamic-dns.net
f068v.site
fabian.ccfchrist.com
fastemail.dnsrd.com
fastmail2.com
fbi.sexxxy.biz
fbi.zyns.com
fcztqbg.zj.r3u8.com
feed.jungleheart.com
fftpoor.com
fg.v4.download.windowsupdates.dnsrd.com
fgipv6.download.windowsupdate.com.mwcname.com
file.zzux.com
files.architectisusa.com
film.everydayfilmlink.com
filmlist.everydayfilmlink.com
findme.epac.to
fire.mrface.com
fish.toh.info
fiveavmersi.websegoo.net
fjs.wikaba.com
flea.poulsenv.com
flynews.edns.biz
fo.mysecondarydns.com
foal.wchildress.com
follow.wha.la
foo.shenajou.com
for.ddns.mobi
fr.wikaba.com
franck.demoones.com
ftp.2014.zzux.com
ftp.additional.sexidude.com
ftp.afc.https443.org
ftp.announcements.toythieves.com
ftp.apple.ikwb.com
ftp.appledownload.ourhobby.com
ftp.appleimages.itemdb.com
ftp.appleimages.longmusic.com
ftp.appleimages.organiccrap.com
ftp.applemirror.organiccrap.com
ftp.applemirror.squirly.info
ftp.applemusic.isasecret.com
ftp.applemusic.itemdb.com
ftp.applemusic.wikaba.com
ftp.applemusic.xxuz.com
ftp.applemusic.zzux.com
ftp.appleupdate.itemdb.com
ftp.architectisusa.com
ftp.asfzx.x24hr.com
ftp.availab.wikaba.com
ftp.availability.justdied.com
ftp.back.jungleheart.com
ftp.balance1.wikaba.com
ftp.be.mrslove.com
ftp.brand.fartit.com
ftp.bulletproof.squirly.info
ftp.cia.ezua.com
ftp.cia.toh.info
ftp.civilwar123.authorizeddns.org
ftp.civilwar520.onmypc.org
ftp.cloudfileserverbs.dynamicdns.co.uk
ftp.cnnews.mylftv.com
ftp.commons.onedumb.com
ftp.contractus.qpoe.com
ftp.cvnx.zyns.com
ftp.de.onmypc.info
ftp.details.squirly.info
ftp.devilcase.acmetoy.com
ftp.disruptive.https443.net
ftp.domainnow.yourtrap.com
ftp.ea.onmypc.info
ftp.ehshiroshima.mylftv.com
ftp.eric-averyanov.wha.la
ftp.eu.acmetoy.com
ftp.eu.wha.la
ftp.eu.zzux.com
ftp.fbi.sexxxy.biz
ftp.file.zzux.com
ftp.findme.epac.to
ftp.fire.mrface.com
ftp.fjs.wikaba.com
ftp.fr.wikaba.com
ftp.fuck.ikwb.com
ftp.fuckmm.dns-dns.com
ftp.generat.almostmy.com
ftp.goldtoyota.com
ftp.goodmusic.justdied.com
ftp.helpus.ddns.info
ftp.hii.qhigh.com
ftp.innocent-isayev.sexidude.com
ftp.invoices.sexxxy.biz
ftp.iphone.vizvaz.com
ftp.itlans.isasecret.com
ftp.itunesdownload.jkub.com
ftp.itunesdownload.wikaba.com
ftp.itunesimages.itemdb.com
ftp.itunesimages.itsaol.com
ftp.itunesimages.qpoe.com
ftp.itunesmirror.fartit.com
ftp.itunesmirror.itsaol.com
ftp.itunesmusic.ikwb.com
ftp.itunesmusic.jetos.com
ftp.itunesmusic.jkub.com
ftp.itunesmusic.zzux.com
ftp.itunesupdate.itsaol.com
ftp.itunesupdates.organiccrap.com
ftp.japanfilmsite.ikwb.com
ftp.jimin.mymom.info
ftp.jp.serveuser.com
ftp.key.zzux.com
ftp.knowledge.sellclassics.com
ftp.lan.dynssl.com
ftp.latestnews.epac.to
ftp.latestnews.organiccrap.com
ftp.leedong.longmusic.com
ftp.macfee.mrface.com
ftp.maffc.mrface.com
ftp.malware.dsmtp.com
ftp.manager.jetos.com
ftp.martin.sellclassics.com
ftp.mason.vizvaz.com
ftp.mediapath.organiccrap.com
ftp.microsoft.got-game.org
ftp.microsoft.mrface.com
ftp.microsoftimages.organiccrap.com
ftp.microsoftmusic.mrbasic.com
ftp.microsoftqckmanager.pcanywhere.net
ftp.microsoftupdate.mrbasic.com
ftp.microsoftupdate.qhigh.com
ftp.micrsoftware.dsmtp.com
ftp.mircsoft.compress.to
ftp.mmy.ddns.us
ftp.mod.jetos.com
ftp.mofa.dynamic-dns.net
ftp.mofa.ns01.info
ftp.moscowdic.trickip.org
ftp.msg.ezua.com
ftp.musicfile.ikwb.com
ftp.musicjj.zzux.com
ftp.mymusicbox.vizvaz.com
ftp.myphpwebsite.itsaol.com
ftp.myrestroomimage.isasecret.com
ftp.na.americanunfinished.com
ftp.na.onmypc.org
ftp.newsdata.jkub.com
ftp.newsroom.cleansite.info
ftp.no.authorizeddns.org
ftp.nsa.mefound.com
ftp.nt.mynumber.org
ftp.nttdata.otzo.com
ftp.nz.compress.to
ftp.ol.almostmy.com
ftp.oracleupdate.dns04.com
ftp.portal.mrface.com
ftp.portal.sendsmtp.com
ftp.portalser.dynamic-dns.net
ftp.praskovya-matveyeva.mefound.com
ftp.praskovya-ulyanova.dumb1.com
ftp.products.almostmy.com
ftp.products.cleansite.us
ftp.products.serveuser.com
ftp.purchase.lflinkup.org
ftp.recent.dns-stuff.com
ftp.recent.fartit.com
ftp.referred.gr8domain.biz
ftp.referred.yourtrap.com
ftp.register.ourhobby.com
ftp.registration2.instanthq.com
ftp.registrations.4pu.com
ftp.registrations.organiccrap.com
ftp.remeberdata.iownyour.org
ftp.reserveds.onedumb.com
ftp.rethem.almostmy.com
ftp.sdmsg.onmypc.org
ftp.se.toythieves.com
ftp.secertnews.mrbasic.com
ftp.senseye.ikwb.com
ftp.senseye.mrbonus.com
ftp.septdlluckysystem.jungleheart.com
ftp.seraphim-yurieva.justdied.com
ftp.serv.justdied.com
ftp.server1.proxydns.com
ftp.seyesb.acmetoy.com
ftp.shugiin.jkub.com
ftp.singed.otzo.com
ftp.sstday.jkub.com
ftp.support1.mrface.com
ftp.supportus.mefound.com
ftp.svc.dynssl.com
ftp.synssl.dnset.com
ftp.tamraj.fartit.com
ftp.tfa.longmusic.com
ftp.thunder.wikaba.com
ftp.ticket.instanthq.com
ftp.ticket.serveuser.com
ftp.tokyofile.2waky.com
ftp.tophost.dynamicdns.co.uk
ftp.transfer.lflinkup.org
ftp.transfer.mrbasic.com
ftp.transfer.vizvaz.com
ftp.ugreen.itemdb.com
ftp.uk.dynamicdns.org.uk
ftp.un.ddns.info
ftp.un.dnsrd.com
ftp.usa.itsaol.com
ftp.well.itsaol.com
ftp.well.mrbasic.com
ftp.wike.wikaba.com
ftp.windowfile.itemdb.com
ftp.windowsimages.itemdb.com
ftp.windowsimages.qhigh.com
ftp.windowsmirrors.vizvaz.com
ftp.windowsupdate.2waky.com
ftp.windowsupdate.3-a.net
ftp.windowsupdate.authorizeddns.us
ftp.windowsupdate.dns05.com
ftp.windowsupdate.esmtp.biz
ftp.windowsupdate.ezua.com
ftp.windowsupdate.fartit.com
ftp.windowsupdate.gettrials.com
ftp.windowsupdate.instanthq.com
ftp.windowsupdate.jungleheart.com
ftp.windowsupdate.lflink.com
ftp.windowsupdate.mrface.com
ftp.windowsupdate.mylftv.com
ftp.windowsupdate.rebatesrule.net
ftp.windowsupdate.sellclassics.com
ftp.windowsupdate.serveusers.com
ftp.yandexr.sellclassics.com
fu.epac.to
fuck.ikwb.com
fuckanti.com
fuckdd.8800.org
fuckmm.8800.org
fuckmm.dns-dns.com
fukuoka.cloud-maste.com
g3ypf.online
gadskysun.com
gavin.ccfchrist.com
generat.almostmy.com
generousd.hopto.org
gensuzuki.6600.org
getfond.info
gh.mysecondarydns.com
gifuonlineshopping.mynumber.org
glicense.shenajou.com
globalnews.wikaba.com
gmail.com.mailsserver.com
gmpcw.com
gold.polopurple.com
goldtoyota.com
goodmusic.justdied.com
goodsampjp.com
gooesdataios.instanthq.com
google.macforlinux.net
google.usrobothome.com
googlemeail.com
gostudyantivirus.com
gostudymbaa.com
gotourisma.com
gt4study.com
gtsofta.com
Hamiltion.catholicmmb.com
haoyujd.info
happy.workerisgood.com
have8000.com
helpus.ddns.info
helshellfucde.8866.org
hg8fmv.racing
hii.qhigh.com
hk.2012yearleft.com
hk.cmdnetview.com
hk.have8000.com
hk.loveddos.com
home.trickip.org
hostport9.net
hotmai.info
hotmail.com.mailsserver.com
hukuoka.cloud-maste.com
iamges.itunesmusic.jkub.com
ibmmsg.strangled.net
icfeds.cf
idpmus.hostport9.net
ijica.in
im.suibian2010.info
image.websago.info
images.itunesmusic.jkub.com
images.thedomais.info
images.tyoto-go-jp.com
images.windowsupdate.organiccrap.com
imap.architectisusa.com
imap.dnset.com
imap.lflink.com
imap.onmypc.net
imap.ygto.com
img.station155.com
improvejpese.com
incloud-go.com
incloud-obert.com
ingemar.catholicmmb.com
innocent-isayev.sexidude.com
innov-tec.com.ua
inspgon.re26.com
interpreter.shenajou.com
invoices.sexxxy.biz
io.jkub.com
iphone.vizvaz.com
ipv4.applemusic.itemdb.com
ipv4.itunesmusic.jkub.com
ipv4.japanenvnews.qpoe.com
ipv4.microsoftmusic.onedumb.com
ipv4.microsoftupdate.mrbasic.com
ipv4.microsoftupdate.qhigh.com
ipv4.windowsupdate.3-a.net
ipv4.windowsupdate.authorizeddns.org
ipv4.windowsupdate.authorizeddns.us
ipv4.windowsupdate.dnset.com
ipv4.windowsupdate.esmtp.biz
ipv4.windowsupdate.ezua.com
ipv4.windowsupdate.fartit.com
ipv4.windowsupdate.gettrials.com
ipv4.windowsupdate.itsaol.com
ipv4.windowsupdate.lflink.com
ipv4.windowsupdate.lflinkup.com
ipv4.windowsupdate.mrface.com
ipv4.windowsupdate.mylftv.com
ipv4.windowsupdate.nsatcdns.com
ipv4.windowsupdate.x24hr.com
ipv6microsoft.dlmix.ourdvs.com
itlans.isasecret.com
itunesdownload.jkub.com
itunesdownload.vizvaz.com
itunesdownload.wikaba.com
itunesimages.itemdb.com
itunesimages.itsaol.com
itunesimages.qpoe.com
itunesmirror.fartit.com
itunesmirror.itsaol.com
itunesmusic.ikwb.com
itunesmusic.jetos.com
itunesmusic.jkub.com
itunesmusic.zzux.com
itunesupdate.itsaol.com
itunesupdates.organiccrap.com
iw.mrslove.com
ixrayeye.com
james.tffghelth.com
janpan.bigmoney.biz
janpun.americanunfinished.com
jap.japanmusicinfo.com
japan.fuckanti.com
japan.linuxforover.com
japan.loveddos.com
japanenvnews.qpoe.com
japanfilmsite.ikwb.com
japanfst.japanteam.org
japanmusicinfo.com
japanteam.org
jcie.mofa.ns01.info
jepsen.r3u8.com
jica-go-jp.bike
jica-go-jp.biz
jimin.jimindaddy.com
jimin.mymom.info
jimindaddy.com
jimingroup.com
jimin-jp.biz
jimin-jp.biz
jimintokoy.com
jj.mysecondarydns.com
jmuroran.com
jp.rakutenmusic.com
jp.serveuser.com
jpcert.org
jpn.longmusic.com
jpnxzshopdata.authorizeddns.org
jpstarmarket.serveusers.com
kaka.lehigtapp.com
kawasaki.cloud-maste.com
kawasaki.unhamj.com
kennedy.tffghelth.com
key.zzux.com
kikimusic.sellclassics.com
kmd.crabdance.com
knowledge.sellclassics.com
ktgmktanxgvn.r3u8.com
kxsbwappupdate.dhcp.biz
kztmusiclnk.dnsrd.com
lan.dynssl.com
last.p6p6.net
latestnews.epac.to
latestnews.organiccrap.com
leedong.longmusic.com
lehigtapp.com
lennon.fftpoor.com
license.shenajou.com
lie.jetos.com
linuxforover.com
linuxsofta.com
lion.wchildress.com
lizard.poulsenv.com
logon-live.com
lottedfstravel.webbooting.com
loveddos.com
lzf550.r3u8.com
ma.vizvaz.com
mac.goldtoyota.com
mac.methoder.com
macfee.mrface.com
macforlinux.net
maffc.mrface.com
mail.architectisusa.com
mail.macforlinux.net
mailcarriage.co.uk
mailj.hostport9.net
mailserever.com
mailsserver.com
mailvserver.com
malcolm.fftpoor.com
malware.dsmtp.com
manager.architectisusa.com
manager.jetos.com
markabcinfo.dynamicdns.me.uk
martin.sellclassics.com
mason.vizvaz.com
mbaby.macforlinux.net
medexplor.thedomais.info
mediapath.organiccrap.com
meiji-ac-jp.com
mesjm.emailfound.info
message.emailfound.info
message.p6p6.net
messagea.emailfound.info
methoder.com
mf.ddns.info
microcnmlgb.3322.org
microdef.2288.org
microhome.wikaba.com
microsoft.got-game.org
microsoft.mrface.com
microsoftdownload.zzux.com
microsoftempowering.sendsmtp.com
microsoften.com
microsoftgame.mrface.com
microsoftgetstarted.sexidude.com
microsoftimages.organiccrap.com
microsoftmirror.mrbasic.com
microsoftmusic.itemdb.com
microsoftmusic.mrbasic.com
microsoftmusic.onedumb.com
microsoftqckmanager.pcanywhere.net
microsoftstore.jetos.com
microsoftstores.itemdb.com
microsoftupdate.mrbasic.com
microsoftupdate.qhigh.com
microsoftupdates.vizvaz.com
micrsoftware.dsmtp.com
mircsoft.compress.to
mivsee.website0012.net
mmofoojap.2288.org
mmy.ddns.us
mobile.2waky.com
mocha.100fanwen.com
mod.jetos.com
mofa.dynamic-dns.net
mofa.ns01.info
mofa.strangled.net
mofaess.com
mofa-go-jp.com
mongoles.3322.org
monkey.2012yearleft.com
moscowstdsupdate.toythieves.com
mrsloveaqx.mrslove.com
ms.ecc.u-tokyo-ac-jp.com
mseupdate.ourhobby.com
msg.ezua.com
msn.incloud-go.com
muller.exprenum.com
music.applemusic.itemdb.com
music.cleansite.us
music.websegoo.net
musicfile.ikwb.com
musicinfo.everydayfilmlink.com
musiclinker.jkub.com
musicsecph.squirly.info
mx.yetrula.eu
myie12.com
mymusicbox.lflinkup.org
mymusicbox.vizvaz.com
myphpwebsite.itsaol.com
myrestroomimage.isasecret.com
mytwhomeinst.sendsmtp.com
myurinikoreaaps.ninth.biz
na.americanunfinished.com
na.onmypc.org
nasa.xxuz.com
nec.website0012.net
news.100fanwen.com
newsdata.jkub.com
newsfile.toythieves.com
newsreport.justdied.com
newsroom.cleansite.info
nezwq.ezua.com
ngcc.8800.org
niushenghuo.info
nk10.belowto.com
nk20.belowto.com
nlddnsinfo.https443.org
nmrx.mrbonus.com
nn.dynssl.com
no.authorizeddns.org
node.mofaess.com
nodns2.qipian.org
nposnewsinfo.qhigh.com
ns1.belowto.com
ns1.tlchs2.ml
ns2.belowto.com
ns21.belowto.com
ns22.belowto.com
ns4.belowto.com
ns5.belowto.com
nsa.mefound.com
nsatcdns.com
nt.mynumber.org
nttdata.otzo.com
nunluck.re26.com
nz.compress.to
oipbl.com
ol.almostmy.com
oldbmwy.com
oms.sindeali.com
openmofa.8866.org
oracleupdate.dns04.com
osaka-jpgo.com
outlook.otzo.com
owlmedia.mefound.com
p6p6.net
peopleinfodata.3-a.net
phptecinfohelp.itemdb.com
pictures.everydayfilmlink.com
pj.qpoe.com
points.mofaess.com
polopurple.com
pop.architectisusa.com
pop.loveddos.com
portal.mrface.com
portal.sendsmtp.com
portalser.dynamic-dns.net
poulsenv.com
praskovya-matveyeva.mefound.com
praskovya-ulyanova.dumb1.com
premium.redforlinux.com
products.almostmy.com
products.cleansite.us
products.serveuser.com
program.acmetoy.com
prrmes4019.r3u8.com
purchase.lflinkup.org
q6.niushenghuo.info
qtsofta.com
quick.oldbmwy.com
r3u8.com
radiorig.com
rain.orctldl.windowsupdate.authorizeddns.us
rakutenmusic.com
rdns-4.infoproduto1.tk
re26.com
read.xxuz.com
recent.dns-stuff.com
recent.fartit.com
record.hostport9.net
record.webssl9.info
record.wschandler.com
redforlinux.com
referred.gr8domain.biz
referred.yourtrap.com
register.ourhobby.com
registration2.instanthq.com
registrations.4pu.com
registrations.organiccrap.com
reports.tomorrowforgood.com
reserveds.onedumb.com
resources.applemusic.itemdb.com
rethem.almostmy.com
rg197.win
rlbeiydn.hi.r3u8.com
saiyo.exprenum.com
sakai.unhamj.com
salvaiona.com
sappore.cloud-maste.com
sapporo.cloud-maste.com
sapporot.com
sat.suayay.com
saverd.re26.com
sbuudd.webssl9.info
sc.weboot.info
scholz-versand.com
scorpion.poulsenv.com
scrlk.exprenum.com
sdmsg.onmypc.org
se.toythieves.com
sea.websegoo.net
secertnews.mrbasic.com
secmicrosooo.6600.org
secnetshit.com
secserverupdate.toh.info
sell.mofaess.com
sema.linuxsofta.com
send.have8000.com
send.mofa.ns01.info
sendmsg.jumpingcrab.com
senseye.ikwb.com
senseye.mrbonus.com
septdlluckysystem.jungleheart.com
seraphim-yurieva.justdied.com
serv.justdied.com
server1.proxydns.com
seyesb.acmetoy.com
sha.25u.com
sha.ikwb.com
shenajou.com
shoppingcentre.station155.com
shrimp.bdoncloud.com
shrimp.UsFfUnicef.com
shugiin.jkub.com
sindeali.com
singed.otzo.com
siteinit.info
sky.oldbmwy.com
sma.jimindaddy.com
smo.gadskysun.com
smtp.architectisusa.com
smtp.macforlinux.net
smtp230.toldweb.com
somthing.re26.com
sstday.jkub.com
start.usrobothome.com
station155.com
stevenlf.com
stone.jumpingcrab.com
style.u-tokyo-ac-jp.com
suayay.com
suibian2010.info
support1.mrface.com
supportus.mefound.com
suzukigooogle.8866.org
svc.dynssl.com
synssl.dnset.com
sz.thedomais.info
taipei.yourtrap.com
taipeifoodsite.ocry.com
tamraj.fartit.com
telegraph.mefound.com
test.usyahooapis.com
tfa.longmusic.com
tffghelth.com
thedomais.info
ticket.instanthq.com
ticket.jetos.com
ticket.serveuser.com
tidatacenter.shenajou.com
tisdatacenter.shenajou.com
tisupdateinfo.faqserv.com
tokyofile.2waky.com
tokyo-gojp.com
tomorrowforgood.com
tophost.dynamicdns.co.uk
toshste.com
toya.7766.org
transfer.lflinkup.org
transfer.mrbasic.com
transfer.vizvaz.com
trasul.mypicture.info
travelyokogawafz.fartit.com
trendmicroupdate.shenajou.com
trendsecurity.shenajou.com
trout.belowto.com
tv.goldtoyota.com
tw.2012yearleft.com
twmusic.proxydns.com
twpeoplemusicsite.my03.com
twtravelinfomation.toythieves.com
twx.mynumber.org
tyoto-go-jp.com
u1.FartIT.com
u1.haoyujd.info
ubuntusofta.com
ugreen.itemdb.com
ui.hdcdui.com
uk.dynamicdns.org.uk
ukuoka.cloud-maste.com
ultimedia.vmmini.com
un.ddns.info
un.dnsrd.com
unhamj.com
update.yourtrap.com
updatemirrors.fartit.com
updates.itsaol.com
ups.improvejpese.com
urearapetsu.com
usa.got-game.org
usa.itsaol.com
usa.japanteam.org
usffunicef.com
usmirocomney.net
usrobothome.com
usyahooapis.com u-tokyo-ac-jp.com
uu.logon-live.com
uu.niushenghuo.info
ux.niushenghuo.info
v4.appledownload.ourhobby.com
v4.itunesmusic.jkub.com
v4.microsoftmusic.onedumb.com
v4.microsoftupdate.mrbasic.com
v4.windowsupdate.authorizeddns.org
v4.windowsupdate.DEDGESUITE.NET
v4.windowsupdate.dnset.com
v4.windowsupdate.itsaol.com
v4.windowsupdate.lflinkup.com
v4.windowsupdate.mrface.com
v4.windowsupdate.nsatcdns.com
v4.windowsupdate.x24hr.com
v4.windowsupdates.dnsrd.com
veryhuai.info
video.vmdnsup.org
vmdnsup.org
vmmini.com
vmyiersend.WEBSAGO.INFO
vmyisan.website0012.net
vscue.com
wchildress.com
wcwname.com
wcxh.mynetav.net
wdsupdates.com
webbooting.com
webdirectnews.dynamicdns.biz
webinfoseco.ygto.com
webmailentry.jetos.com
weboot.info
websago.info
websegoo.net
website0012.net
websiteboo.website0012.net
websqlnewsmanager.ninth.biz
webssl9.info
well.itsaol.com
well.mrbasic.com
whale.toshste.com
whellbuy.wschandler.com
whyis.haoyujd.info
wike.wikaba.com
windowfile.itemdb.com
windowsimages.itemdb.com
windowsimages.qhigh.com
windowsmirrors.vizvaz.com
windowsstores.gettrials.com
windowsstores.organiccrap.com
windowsupdate.2waky.com
windowsupdate.3-a.net
windowsupdate.acmetoy.com
windowsupdate.authorizeddns.net
windowsupdate.authorizeddns.org
windowsupdate.authorizeddns.us
windowsupdate.com.mwcname.com
windowsupdate.dedgesuite.net
windowsupdate.dns05.com
windowsupdate.dnset.com
windowsupdate.esmtp.biz
windowsupdate.ezua.com
windowsupdate.fartit.com
windowsupdate.gettrials.com
windowsupdate.instanthq.com
windowsupdate.itsaol.com
windowsupdate.jungleheart.com
windowsupdate.lflink.com
windowsupdate.mrface.com
windowsupdate.mylftv.com
windowsupdate.nsatcdns.com
windowsupdate.organiccrap.com
windowsupdate.rebatesrule.net
windowsupdate.sellclassics.com
windowsupdate.serveusers.com
windowsupdate.vizvaz.com
windowsupdate.wcwname.com
windowsupdate.x24hr.com
windowsupdate.ygto.com
windowsupdates.dnset.com
windowsupdates.ezua.com
windowsupdates.ikwb.com
windowsupdates.itemdb.com
windowsupdates.proxydns.com
workerisgood.com
woyaofanwen.com
wschandler.com
wthelpdesk.com
wubangtu.info
www.2014.zzux.com
www.97sm.com
www.9gowg.tech
www.abdominal.faqserv.com
www.additional.sexidude.com
www.afc.https443.org
www.androidmusicapp.onmypc.us
www.announcements.toythieves.com
www.anx-own-334.mrbasic.com
www.apple.ikwb.com
www.appledownload.ourhobby.com
www.appleimages.itemdb.com
www.appleimages.longmusic.com
www.appleimages.organiccrap.com
www.applejuice.itemdb.com
www.applemirror.organiccrap.com
www.applemirror.squirly.info
www.applemusic.isasecret.com
www.applemusic.itemdb.com
www.applemusic.wikaba.com
www.applemusic.xxuz.com
www.applemusic.zzux.com
www.appleupdate.itemdb.com
www.appleupdateurl.2waky.com
www.architectisusa.com
www.army.xxuz.com
www.art.p6p6.net
www.asfzx.x24hr.com
www.availab.wikaba.com
www.availability.justdied.com
www.babymusicsitetr.mymom.info
www.back.jungleheart.com
www.balance1.wikaba.com
www.be.mrslove.com
www.belowto.com
www.billing.organiccrap.com
www.blaaaaaaaaaaaa.windowsupdate.3-a.net
www.brand.fartit.com
www.bulletproof.squirly.info
www.cabbage.iownyour.biz
www.ccupdatedata.authorizeddns.net
www.cdn.incloud-go.com
www.center.shenajou.com
www.chaindungeons.com
www.cia.ezua.com
www.cia.toh.info
www.civilwar123.authorizeddns.org
www.civilwar520.onmypc.org
www.cloud-maste.com
www.cnnews.mylftv.com
www.commissioner.shenajou.com
www.commons.onedumb.com
www.contractus.qpoe.com
www.corp-dnsonline.itsaol.com
www.courier.jetos.com
www.cress.mynetav.net
www.ctdl.windowsupdate.nsatcdns.com
www.ctldl.microsoftupdate.qhigh.com
www.ctldl.windowsupdate.authorizeddns.us
www.ctldl.windowsupdate.esmtp.biz
www.ctldl.windowsupdate.mrface.com
www.cwiinatonal.com
www.dasoftactivemodule.toythieves.com
www.dasonews.youdontcare.com
www.daughter.vizvaz.com
www.de.onmypc.info
www.details.squirly.info
www.development.shenajou.com
www.devilcase.acmetoy.com
www.disruptive.https443.net
www.dns-hinettw.25u.com
www.document.shenajou.com
www.domainnow.yourtrap.com
www.download.windowsupdate.nsatcdns.com
www.ea.onmypc.info
www.eddo.qpoe.com
www.ehshiroshima.mylftv.com
www.eric-averyanov.wha.la
www.eu.acmetoy.com
www.eu.wha.la
www.express.lflinkup.com
www.extraordinary.dynamic-dns.net
www.f068v.site
www.facefile.fartit.com
www.fertile.authorizeddns.net
www.file.zzux.com
www.findme.epac.to
www.fire.mrface.com
www.firstnews.jkub.com
www.fjs.wikaba.com
www.foal.wchildress.com
www.fr.wikaba.com
www.freegamecenter.onedumb.com
www.fruit.qhigh.com
www.fuck.ikwb.com
www.fuckmm.dns-dns.com
www.fukuoka.cloud-maste.com
www.g3ypf.online
www.garlic.dyndns.pro
www.generat.almostmy.com
www.glicense.shenajou.com
www.goldtoyota.com
www.goodmusic.justdied.com
www.gooesdataios.instanthq.com
www.grammar.jkub.com
www.helpus.ddns.info
www.hii.qhigh.com
www.hinetonlinedns.dns05.com
www.incloud-go.com
www.innocent-isayev.sexidude.com
www.interpreter.shenajou.com
www.invoices.sexxxy.biz
www.iphone.vizvaz.com
www.ipv4.microsoftupdate.mrbasic.com
www.ipv4.windowsupdate.3-a.net
www.ipv4.windowsupdate.esmtp.biz
www.ipv4.windowsupdate.fartit.com
www.ipv4.windowsupdate.lflink.com
www.ipv4.windowsupdate.mrface.com
www.ipv4.windowsupdate.mylftv.com
www.ipv4.windowsupdate.nsatcdns.com
www.itlans.isasecret.com
www.itunesdownload.jkub.com
www.itunesdownload.vizvaz.com
www.itunesdownload.wikaba.com
www.itunesimages.itemdb.com
www.itunesimages.itsaol.com
www.itunesimages.qpoe.com
www.itunesmirror.fartit.com
www.itunesmirror.itsaol.com
www.itunesmusic.ikwb.com
www.itunesmusic.jetos.com
www.itunesmusic.jkub.com
www.itunesmusic.zzux.com
www.itunesupdate.itsaol.com
www.itunesupdates.organiccrap.com
www.japanenvnews.qpoe.com
www.jd978.com
www.jimin.jimindaddy.com
www.jimin.mymom.info
www.jp.serveuser.com
www.jpnappstore.ourhobby.com
www.jpnewslogs.sendsmtp.com
www.jpnxzshopdata.authorizeddns.org
www.kawasaki.cloud-maste.com
www.kawasaki.unhamj.com
www.key.zzux.com
www.knowledge.sellclassics.com
www.lan.dynssl.com
www.last.p6p6.net
www.latestnews.epac.to
www.latestnews.organiccrap.com
www.leedong.longmusic.com
www.leeks.mrbonus.com
www.liberty.acmetoy.com
www.license.shenajou.com
www.lion.wchildress.com
www.loveddos.com
www.macfee.mrface.com
www.macforlinux.net
www.maffc.mrface.com
www.malware.dsmtp.com
www.manager.jetos.com
www.markabcinfo.dynamicdns.me.uk
www.mason.vizvaz.com
www.mediapath.organiccrap.com
www.meiji-ac-jp.com
www.messagea.emailfound.info
www.microsoft.got-game.org
www.microsoft.mrface.com
www.microsoftempowering.sendsmtp.com
www.microsoftgame.mrface.com
www.microsoftgetstarted.sexidude.com
www.microsoftimages.organiccrap.com
www.microsoftmirror.mrbasic.com
www.microsoftmusic.itemdb.com
www.microsoftmusic.mrbasic.com
www.microsoftqckmanager.pcanywhere.net
www.microsoftupdate.mrbasic.com
www.microsoftupdate.qhigh.com
www.micrsoftware.dsmtp.com
www.mircsoft.compress.to
www.mmy.ddns.us
www.mod.jetos.com
www.mofa.dynamic-dns.net
www.mofa.ns01.info
www.moonnightthse.zyns.com
www.moscowdic.trickip.org
www.moscowstdsupdate.toythieves.com
www.mseupdate.ourhobby.com
www.msg.ezua.com
www.msn.incloud-go.com
www.musicfile.ikwb.com
www.musicjj.zzux.com
www.musicsecph.squirly.info
www.mymusicbox.lflinkup.org
www.mymusicbox.vizvaz.com
www.myrestroomimage.isasecret.com
www.mytwhomeinst.sendsmtp.com
www.myurinikoreaaps.ninth.biz
www.na.americanunfinished.com
www.na.onmypc.org
www.networkjpnzee.mynetav.org
www.newcityoforward.rebatesrule.net
www.newdnssec-info.4mydomain.com
www.newsdata.jkub.com
www.newsfile.toythieves.com
www.newsroom.cleansite.info
www.nlddnsinfo.https443.org
www.no.authorizeddns.org
www.nposnewsinfo.qhigh.com
www.nsa.mefound.com
www.nt.mynumber.org
www.nttdata.otzo.com
www.nuisance.serveusers.com
www.nz.compress.to
www.ol.almostmy.com
www.oldbmwy.com
www.onion.jkub.com
www.onlinednsserver.sendsmtp.com
www.oracleupdate.dns04.com
www.oyster.jkub.com
www.p6p6.net
www.packetsdsquery.dns05.com
www.pepper.sexxxy.biz
www.phptecinfohelp.itemdb.com
www.pickled.myddns.com
www.polopurple.com
www.portal.mrface.com
www.portal.sendsmtp.com
www.portalser.dynamic-dns.net
www.praskovya-matveyeva.mefound.com
www.praskovya-ulyanova.dumb1.com
www.products.almostmy.com
www.products.cleansite.us
www.products.serveuser.com
www.purchase.lflinkup.org
www.rainbow.mypop3.org
www.re26.com
www.read.xxuz.com
www.recent.dns-stuff.com
www.recent.fartit.com
www.redflower.isasecret.com
www.referred.gr8domain.biz
www.referred.yourtrap.com
www.register.ourhobby.com
www.registration2.instanthq.com
www.registrations.4pu.com
www.registrations.organiccrap.com
www.remeberdata.iownyour.org
www.reserveds.onedumb.com
www.rethem.almostmy.com
www.rg197.win
www.sakai.unhamj.com
www.sapporo.cloud-maste.com
www.sauerkraut.sellclassics.com
www.saverd.re26.com
www.sbuudd.webssl9.info
www.sdmsg.onmypc.org
www.se.toythieves.com
www.secertnews.mrbasic.com
www.secnetshit.com
www.secserverupdate.toh.info
www.senseye.ikwb.com
www.senseye.mrbonus.com
www.septdlluckysystem.jungleheart.com
www.seraphim-yurieva.justdied.com
www.serv.justdied.com
www.server1.proxydns.com
www.seyesb.acmetoy.com
www.showy.almostmy.com
www.shugiin.jkub.com
www.sindeali.com
www.singed.otzo.com
www.sojourner.mypicture.info
www.sstday.jkub.com
www.support1.mrface.com
www.supportus.mefound.com
www.svc.dynssl.com
www.sweetheart.sexxxy.biz
www.synssl.dnset.com
www.tamraj.fartit.com
www.telegraph.mefound.com
www.tfa.longmusic.com
www.thunder.wikaba.com
www.ticket.instanthq.com
www.ticket.serveuser.com
www.tisupdateinfo.faqserv.com
www.tokyofile.2waky.com
www.tophost.dynamicdns.co.uk
www.transfer.lflinkup.org
www.transfer.mrbasic.com
www.transfer.vizvaz.com
www.twgovernmentinfo.acmetoy.com
www.twsslpopservupro.dynssl.com
www.ugreen.itemdb.com
www.uk.dynamicdns.org.uk
www.un.ddns.info
www.un.dnsrd.com
www.unhamj.com
www.usa.itsaol.com
www.usffunicef.com
www.usliveupdateonline.ygto.com
www.ut-portal-u-tokyo-ac-jp.tyoto-go-jp.com
www.v4.windowsupdate.mrface.com
www.v4.windowsupdate.nsatcdns.com
www.vmmini.com
www.wchildress.com
www.webdirectnews.dynamicdns.biz
www.webmailentry.jetos.com
www.websqlnewsmanager.ninth.biz
www.well.itsaol.com
www.well.mrbasic.com
www.windowfile.itemdb.com
www.windowsimages.itemdb.com
www.windowsimages.qhigh.com
www.windowsmirrors.vizvaz.com
www.windowsupdate.2waky.com
www.windowsupdate.3-a.net
www.windowsupdate.acmetoy.com
www.windowsupdate.authorizeddns.net
www.windowsupdate.authorizeddns.org
www.windowsupdate.authorizeddns.us
www.windowsupdate.dns05.com
www.windowsupdate.dnset.com
www.windowsupdate.esmtp.biz
www.windowsupdate.ezua.com
www.windowsupdate.fartit.com
www.windowsupdate.gettrials.com
www.windowsupdate.instanthq.com
www.windowsupdate.itsaol.com
www.windowsupdate.jungleheart.com
www.windowsupdate.lflink.com
www.windowsupdate.mrface.com
www.windowsupdate.mylftv.com
www.windowsupdate.nsatcdns.com
www.windowsupdate.organiccrap.com
www.windowsupdate.rebatesrule.net
www.windowsupdate.sellclassics.com
www.windowsupdate.serveusers.com
www.windowsupdate.x24hr.com
www.yahoo.incloud-go.com
www.yandexr.sellclassics.com
www.yeahyeahyeahs.3322.org
www.yokohamajpinstaz.mrbonus.com
www.zaigawebinfo.rebatesrule.net
www.zebra.incloud-go.com
www2.qpoe.com
www2.zyns.com
www2.zzux.com
www-meti-go-jp.tyoto-go-jp.com
x7.usyahooapis.com
xi.dyndns.pro
xi.sexxxy.biz
xread10821.9966.org
xsince.tk
xt.dnset.com
xyrn998754.2288.org
yahoo.incloud-go.com
yallago.cu.cc
yandexr.sellclassics.com
yeahyeahyeahs.3322.org
yeap1.jumpingcrab.com
yfrfyhf.youdontcare.com
yo.acmetoy.com
za.myftp.info
zabbix.servercontrols.pw
zaigawebinfo.rebatesrule.net
zccw.cc
zebra.bdoncloud.com
zebra.incloud-go.com
zebra.unhamj.com
zebra.UsFfUnicef.com
zebra.wthelpdesk.com
zero.pcanywhere.net
zg.ns02.biz
zone.demoones.com

(以上は PWC の情報。 引用元は https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v3.pdf)


■ファイル名

[digits].plg
atexec.exe
detect.vbs
gothic.dat
handkerchief.dat
IEChecker.exe
logmeinsystrays.dat
mfeann.data
microsoft.workflow.compiler.dat
msseces.asm
NvSmart.hlp
obedience.exe
schf.its
secretsdump.exe
SFCNS.dat
starburn.dll
t.vbs
Vba32ar.cab.dat
Vba32arch.dll
wpf-etw.dat

(以上は PWC の情報。 引用元は https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v3.pdf)



■パス

%ALLUSERSPROFILE%\\SxS
%USERPROFILE%\AppData\Local\Temp\winsyslog\mPclient.dll
%USERPROFILE%\AppData\Local\Temp\winsyslog\msseces.asm
%USERPROFILE%\AppData\Local\Temp\winsyslog\msseces.exe
%USERPROFILE%\\AppData\Roaming\notron.exe
C:\recovery\csvde.exe
C:\recovery\lockdown.dll
C:\recovery\mfeann.exe
C:\recovery\mpsvc.dll
C:\recovery\MsMpEng.exe
C:\recovery\nbt.exe
C:\recovery\nosystem.exe
C:\windows\system32\RedLeaves.exe
C:\Windows\Temp\winsyslog\mPclient.dll
C:\Windows\Vss\Setup.exe
C:\Windows\Vss\SetupEngine.dll
C:\Windows\Vss\SFCNS.dat

(以上は PWC の情報。 引用元は https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v3.pdf)


■Mutex

&#@tz931(
0mm7b2k8c
2156jsdkh
54bc6939a1de55fd
a85edfea9aa3f292
c516394560dfdc20
cvxcbcbvw
Deosodlwfiadlkfajksllw
DF#EGDGFD
DY&F*#KJK
g6nncn1m1
jfkgjr$##
K!@DKFK#*
RedLeavesCMDSimulatorMutex
vv11287GD

(以上は PWC の情報。 引用元は https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v3.pdf)



■レジストリ

HKEY_CURRENT_USER\SOFTWARE\EGGORG
HKCU\Software\Classes\VirtualStore\MACHINE\Software\rar\e
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ISeC Croot Readr
HKCU\Software\rar\ActiveSettings
HKCU\Software\rar\data
HKCU\Software\rar\e
HKCU\Software\rar\s
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pedetdata
HKEY_LOCAL_MACHINE\Software\CLASSES\MJ
HKEY_LOCAL_MACHINE\Software\CLASSES\MJ\PROXY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pedetdata

(以上は PWC の情報。 引用元は https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v3.pdf)



■パイプ

\.\pipe\NamePipe_MoreWindows

(以上は PWC の情報。 引用元は https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v3.pdf)


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2019