http://128.92.203.42/b3cT/XTE3ge/KGu5mB/

128.92.203.42

http://128.92.203.42/3PCga7kiz/0Z2A4bpUCXpHnGVd/r5kxqLjJnC4hQ05W/ruZParGqHycRyKZtfx3/
http://babyshop.webdungsan.com/wp-admin/n/

103.124.92.99
128.92.203.42

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

http://167.71.227.113:8080/N7oz3wlXYGqub32robD/2ac0VOBpE/EaIL6gH5v/ogohG4oKV/

167.71.227.113
49.243.9.118

http://edu.jmsvclass.com/wp-includes/sZmjSq/
http://38.18.235.242/IcKaqWXLrGj/szawWpkr5bo9VpCttEI/qa3aWeZpdQZVO/QnBtCtY/oiWENMkDor61zf1lK/Mfvy1v5UPQP/

160.153.210.213
38.18.235.242

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

http://38.18.235.242/lhZgeoV9N30Pk/2Jy2JiHx/

38.18.235.242

http://www.szwymall.com/wp-content/j29mvS/
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://38.18.235.242/4niiJ0TpgdRqoaNC6/rFA7mxYGbVyyQ0qHXz/TJn7/ALgSmhUoKpV/

117.18.232.200
139.159.197.68
38.18.235.242

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

157.245.138.101
162.144.42.60
162.241.41.111
190.85.46.52
49.243.9.118

ET CNC Feodo Tracker Reported CnC Server group 4

http://192.241.146.84:8080/UGNlTlj8/BBqIVX7ArmAvXVMdjaU/mseYCvEAm9phC/6zxPxAdNQXz/qql1UCCdbzuxM/

12.163.208.58
192.241.146.84
45.33.35.74
87.106.253.248

http://192.241.146.84:8080/q9bJ7GnWPx/gUgY/UibQl8CuK2b/

12.163.208.58
192.241.146.84
45.33.35.74
87.106.253.248

http://192.241.146.84:8080/bSA0HInnl/X050N6lyL0JzuTOKPw/aKU3gJbSff2EDP/Z93hgAnLI/

12.163.208.58
192.241.146.84
45.33.35.74
87.106.253.248