• Email
• Facebook
• Twitter
• Google+
• Linkedin

TSPY_DYRE.IK

---

• マルウェアタイプ: スパイウェア
• 破壊活動の有無: なし
• 暗号化: なし
• 感染報告の有無: はい

---

  概要

トレンドマイクロは、このスパイウェアをNoteworthy（要注意）に分類しました。

この「DYRE」の亜種は、検出を無効にする機能を備えた「UPATRE」の更新版によってダウンロードされます。この「UPATRE」の亜種の特筆すべき不正活動は、レジストリ値の変更および関連するサービスを停止することで、ファイルウォールおよびネットワーク関連のセキュリティを無効にすることです。

この「DYRE」の亜種は、オンラインアカウントの個人情報を収集することで知られています。このオンライン銀行詐欺ツールの不正活動の詳細については、こちらをご参照ください。

スパイウェアは、リモートサイトから他のマルウェア、グレイウェアまたはスパイウェアにダウンロードされ、コンピュータに侵入します。

スパイウェアは、特定のWebサイトにアクセスし、情報を送受信します。 スパイウェアは、実行後、自身を削除します。

---

  詳細

侵入方法

スパイウェアは、リモートサイトから他のマルウェア、グレイウェアまたはスパイウェアにダウンロードされ、コンピュータに侵入します。

インストール

スパイウェアは、感染コンピュータのOSに応じて以下のファイルを作成します。

• %System%\config\systemprofile\Application Data\ne9bzef6m8.dll (for Windows XP and lower)
• %AppDataLocal%\ne9bzef6m8.dlll (for Windows Vista and higher)

(註：%System%フォルダは、システムフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows\System32" です。.. %AppDataLocal%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Local" です。)

スパイウェアは、感染したコンピュータ内に以下として自身のコピーを作成し、実行します。

• %Windows%\{random filename}.exe (for Windows XP and lower)
• %AppDataLocal%\{random filename}.exe (for Windows Vista and higher)

(註：%Windows%フォルダは、Windowsが利用するフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows" です。.. %AppDataLocal%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Local" です。)

スパイウェアは、以下のプロセスにコードを組み込みます。

• explorer.exe

自動実行方法

スパイウェアは、自身をシステムサービスとして登録し、Windows起動時に自動実行されるよう以下のレジストリ値を追加します。

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\googleupdate
ImagePath = "%Windows%\{random filename}.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\googleupdate
DisplayName = "Google Update Service"

スパイウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
GoogleUpdate = "%AppDataLocal%\{random filename}.exe" (for Windows Vista and higher)

スパイウェアは、自身をシステムサービスとして登録し、Windows起動時に自動実行されるよう以下のレジストリキーを追加します。

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\googleupdate (for Windows XP and lower)

情報漏えい

スパイウェアは、以下の情報を収集します。

• Host Name
• Public IP Address
• OS Version
• User Name
• Computer Name
• OS platform
• Installed programs

その他

スパイウェアは、以下のWebサイトにアクセスしてインターネット接続を確認します。

• google.com
• microsoft.com

スパイウェアは、以下のWebサイトにアクセスして感染コンピュータのIPアドレスを収集します。

• http://icanhazip.com

スパイウェアは、以下のWebサイトにアクセスし、情報を送受信します。

• http://{BLOCKED}.{BLOCKED}.74.70:443
• http://{BLOCKED}.{BLOCKED}.152.131:443
• http://{BLOCKED}.{BLOCKED}.190.183:443
• http://{BLOCKED}.{BLOCKED}.190.183:443
• http://{BLOCKED}.{BLOCKED}.178.46:4443
• http://{BLOCKED}.{BLOCKED}.190.167:443
• http://{BLOCKED}.{BLOCKED}.34.137:443
• http://{BLOCKED}.{BLOCKED}.63.46:443
• http://{BLOCKED}.{BLOCKED}.165.229:443
• http://{BLOCKED}.{BLOCKED}.206.204:443
• http://{BLOCKED}.{BLOCKED}.34.203:443
• http://{BLOCKED}.{BLOCKED}.157.139:443
• http://{BLOCKED}.{BLOCKED}.255.131:443
• http://{BLOCKED}.{BLOCKED}.147.50:443
• http://{BLOCKED}.{BLOCKED}.23.130:443
• http://{BLOCKED}.{BLOCKED}.54.22:443
• http://{BLOCKED}.{BLOCKED}.55.122:443
• http://{BLOCKED}.{BLOCKED}.81.96:4443
• http://{BLOCKED}.{BLOCKED}.235.48:443
• http://{BLOCKED}.{BLOCKED}.14.89:443
• http://{BLOCKED}.{BLOCKED}.69.137:4443
• http://{BLOCKED}.{BLOCKED}.190.84:443
• http://{BLOCKED}.{BLOCKED}.190.146:443
• http://{BLOCKED}.{BLOCKED}.191.213:443
• http://{BLOCKED}.{BLOCKED}.255.87:4443
• http://{BLOCKED}.{BLOCKED}.79.84:443
• http://{BLOCKED}.{BLOCKED}.92.77:443
• http://{BLOCKED}.{BLOCKED}.194.237:443
• http://{BLOCKED}.{BLOCKED}.97.141:443
• http://{BLOCKED}.{BLOCKED}.178.37:443
• http://{BLOCKED}.{BLOCKED}.15.70:443
• http://{BLOCKED}.{BLOCKED}.170.118:443
• http://{BLOCKED}.{BLOCKED}.169.178:443
• http://{BLOCKED}.{BLOCKED}.202.3:443
• http://{BLOCKED}.{BLOCKED}.202.197:443
• http://{BLOCKED}.{BLOCKED}.169.187:443
• http://{BLOCKED}.{BLOCKED}.177.95:443
• http://{BLOCKED}.{BLOCKED}.153.216:443
• http://{BLOCKED}.{BLOCKED}.58.238:4443
• http://{BLOCKED}.{BLOCKED}.54.127:443
• http://{BLOCKED}.{BLOCKED}.234.86:4443
• http://{BLOCKED}.{BLOCKED}.239.215:443
• http://{BLOCKED}.{BLOCKED}.201.9:443
• http://{BLOCKED}.{BLOCKED}.164.18:443
• http://{BLOCKED}.{BLOCKED}.115.88:443
• http://{BLOCKED}.{BLOCKED}.54.111:443
• http://{BLOCKED}.{BLOCKED}.190.26:443
• http://{BLOCKED}.{BLOCKED}.219.35:443
• http://{BLOCKED}.{BLOCKED}.54.111:443
• http://{BLOCKED}.{BLOCKED}.164.18:443
• http://{BLOCKED}.{BLOCKED}.212.27:443
• http://{BLOCKED}.{BLOCKED}.190.167:443
• http://{BLOCKED}.{BLOCKED}.255.87:4443

スパイウェアは、実行後、自身を削除します。

スパイウェアは、感染コンピュータのOSに応じて以下のファイルを作成します。

• %System%\config\systemprofile\Application Data\ne9bzef6m8.dll (Windows XPおよびそれ以前OSの場合)
• %AppDataLocal%\ne9bzef6m8.dlll (Windows Vistaおよびそれ以降のOSの場合)

スパイウェアは、感染したコンピュータ内に以下として自身のコピーを作成し、実行します。

• %Windows%\{random filename}.exe (Windows XPおよびそれ以前OSの場合)
• %AppDataLocal%\{random filename}.exe (Windows Vistaおよびそれ以降のOSの場合)

スパイウェアが収集する情報は以下のとおりです。

• ホスト名
• パブリックIPアドレス
• OSのバージョン
• ユーザ名
• コンピュータ名
• OSのプラットフォーム
• インストールされたプログラム

スパイウェアは、以下のブラウザを監視します。

• chrome.exe
• firefox.exe
• iexplore.exe

スパイウェアは、以下のいずれかを含むURLをもつネットバンキングや仮想通貨「Bitcoin（ビットコイン）」のログインページに不正なコードを組み込むことで、ネットバンキングやビットコインに関する重要な情報を窃取します。

• accesd.affaires.desjardins.com/*
• accesd.affaires.desjardins.com/en/ada*
• accesd.affaires.desjardins.com/fr/ada*
• access.jpmorgan.com/*
• access.jpmorgan.com/jpmalogon*
• access.usbank.com/*
• access.usbank.com/cpsApp1/AxolPreAuthServlet*
• achieveaccess.charterone.com/*
• achieveaccess.charterone.com/exchange/basic/authentication*
• admin.epymtservice.com/*
• admin.epymtservice.com/admin/index.jhtml*
• afactorcontact.com/*
• afactorcontact.com/ClientManagerCMA/formulaire.html*
• aibinternetbanking.aib.ie/*
• aibinternetbanking.aib.ie/inet/roi/login.htm*
• alolb1.arbuthnotlatham.co.uk/*
• alolb1.arbuthnotlatham.co.uk/IB/Online*
• ambank.amonline.com.my/*
• an.rbcnetbank.com/*
• ap.ebs.bankofchina.com/*
• ap.ebs.bankofchina.com/login.html*
• apps.bhw.de/*
• apps.bhw.de/es600/index.jsp*
• apps.virginmoney.com/*
• apps.virginmoney.com/vmosws/loginWait.do*
• at-directnet.credit-suisse.com/*
• at-directnet.credit-suisse.com/dn/c/cls/auth*
• au-services.credit-suisse.com/*
• au-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• auth.globalpay.westernunion.com/*
• auth.globalpay.westernunion.com/Sso/Login.aspx*
• aw.rbcnetbank.com/*
• bancodicaribeonline.com/*
• bancodicaribeonline.com/aua/SIGNON.CFM*
• bancodicaribeonline.com/SIGNON.CFM*
• bancodicaribeonline.com/sxm/SIGNON.CFM*
• bank.barclays.co.uk/*
• bank.barclays.co.uk/olb/auth/LoginLink.action*
• bank.ruralbank.com.au/*
• bank.ruralbank.com.au/banking/RBLIBanking*
• banking.bankhaus-mayer.de/*
• banking.bankhaus-mayer.de/ptlweb/WebPortal*
• banking.bankofscotland.co.uk/*
• banking.bankofscotland.co.uk/Logon/Logon.aspx*
• banking.berenberg.de/*
• banking.berenberg.de/onlinebanking-berenberg/loginFormAction.do*
• banking.bmwbank.de/*
• banking.bmwbank.de/s/b2cpws.fcc*
• banking.commerzfinanz.com/*
• banking.commerzfinanz.com/onlinebanking-cfg/loginFormAction.do*
• banking.degussa-bank.de/*
• banking.degussa-bank.de/banking/servlet/com.pagentix.banking.servlet.TopNavigationServlet*
• banking.donner-reuschel.de/*
• banking.donner-reuschel.de/index.jsp*
• banking.ing-diba.at/*
• banking.ing-diba.at/online-banking*
• banking.ing-diba.de/*
• banking.ing-diba.de/app/login*
• banking.ing-diba.de/app/obligo*
• banking.ireland-bank.com/*
• banking.ireland-bank.com/IrelandBankOnline_303/Authentication/Login.aspx*
• banking.lloydsbank.com/*
• banking.lloydsbank.com/Logon/logon.aspx*
• banking.martinbank.de/*
• banking.nfbank.de/*
• banking.nfbank.de/ptlweb/WebPortal*
• banking.oyakankerbank.de/*
• banking.secure.bnl.it/*
• banking.smile.co.uk/*
• banking.smile.co.uk/SmileWeb/start.do*
• banking.steylerbank.de/*
• banking.steylerbank.de/ptlweb/WebPortal*
• banking.triodos.co.uk/*
• banking.triodos.co.uk/ib-seam/login.seam?lcid=*
• banking.triodos.co.uk/ib-seam/login.seam?loginType=dp550*
• banking.triodos.co.uk/ib-seam/login.seam?loginType=username*
• banking.unionbank.de/*
• banking.unionbank.de/ptlweb/WebPortal*
• banking.valovisbank.de/*
• banking.valovisbank.de/portal/*
• banking.varengold.de/*
• banking.varengold.de/OnlineBankingWebfrontend/banking/common/login.xhtml;jsessionid=6B6D8E978F9BF46846D30C85AF534497*
• bankinguk.secure.investec.com/*
• bankinguk.secure.investec.com/login.html*
• bankofirelandlifeonline.ie/*
• bankonline.sboff.com/*
• bankonline.sboff.com/OFS2/InternetBanking*
• bankonweb.sgeb.bg/*
• bankonweb.sgeb.bg/page/default.aspx*
• bankonweb.sgeb.bg/page/default.aspx*
• banque.bfcoi.com/*
• banque.bfcoi.com/identificationClient.html*
• banques.exalog.net/*
• banques.exalog.net/authent.php*
• basfnet.france.banqueaudi.com/*
• basfnet.france.banqueaudi.com/cnet/Arc_NbOrion_html/Banque/Static_BASF/netbank_en.html*
• basfnet.france.banqueaudi.com/cnet/Arc_NbOrion_html/Banque/Static_BASF/netbank_fr.html*
• bbonline.bankofmelbourne.com.au/*
• bbonline.bankofmelbourne.com.au/html/cbank.asp*
• bbonline.banksa.com.au/*
• bbonline.banksa.com.au/html/cbank.asp*
• bbonline.stgeorge.com.au/*
• bbonline.stgeorge.com.au/html/cbank.asp*
• bbonline.stgeorge.com.au/html/cbindex.asp*
• blcweb.banquelaurentienne.ca/*
• blcweb.banquelaurentienne.ca/lang/en/BLCDirect*
• blcweb.banquelaurentienne.ca/lang/fr/BLCDirect*
• bol.westpac.co.nz/*
• bol.westpac.co.nz/s1gcb/logon/sbuser*
• bolpp.bankofireland.com/*
• bolpp.bankofireland.com/Commercial*
• bourse.cholet-dupont.fr/*
• bourse.cholet-dupont.fr/login.asp*
• boursebesv.besv.fr/*
• boursebesv.besv.fr/fr/index.html*
• br.credit-suisse.com/*
• br.credit-suisse.com/sec/login/default.aspx*
• bs-services.credit-suisse.com/*
• bs-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• btultra.btrl.ro/*
• btultra.btrl.ro/sign/_mcologon*
• bureau.bottomline.co.uk/*
• bureau.bottomline.co.uk/unity/index.aspx*
• business.co-operativebank.co.uk/*
• business.co-operativebank.co.uk/corp/BANKAWAY*
• business.firstcitizensonline.com/*
• business.firstcitizensonline.com/cb/pages/jsp-ns/loginfcbsc.jsp*
• business.santander.co.uk/*
• business.santander.co.uk/LGSBBI_NS_ENS/BtoChannelDriver.ssobto*
• business2.danskebank.co.uk/*
• business2.danskebank.co.uk/pub/logon/logon.aspx*
• business2.danskebank.com/*
• business2.danskebank.com/pub/logon/logon.aspx*
• business2.danskebank.dk/*
• business2.danskebank.dk/pub/logon/logon.aspx*
• business2.danskebank.ie/*
• business2.danskebank.ie/pub/logon/logon.aspx*
• business2.danskebank.no/*
• business2.danskebank.no/pub/logon/logon.aspx*
• businessaccess.citibank.citigroup.com/*
• businessaccess.citibank.citigroup.com/cbusol/signon.do*
• businessbank.tsbbank.co.nz/*
• businessbank.tsbbank.co.nz/BusinessBank/login.jsp*
• businessbanking.tdcommercialbanking.com/*
• businessbanking.tdcommercialbanking.com/WBB/LoginDisplay*
• businesscenter.mysynchrony.com/*
• businesscenter.mysynchrony.com/BusinessCenterPortal*
• business-eb.ibanking-services.com/*
• business-eb.ibanking-services.com/K1/index.jsp*
• businessonline.mutualofomahabank.com/*
• businessonline.mutualofomahabank.com/cb/pages/jsp-ns/login.jsp*
• businessonline.tdbank.com/*
• businessonline.tdbank.com/corporatebankingweb/core/login.aspx*
• businessonline.westpac.com.au/*
• businessonline.westpac.com.au/esis/Login/SrvPage*
• butterfieldonline.co.uk/*
• cardonebanking.com/*
• cardonebanking.com/authlogin.aspx
• cardonebanking.com/authlogin.aspx?business*
• cashmanagement.barclays.net/*
• cashmanagement.barclays.net/portalservices/forms/login.pser*
• cashmanager.mizuhoe-treasurer.com/*
• cashmanager.mizuhoe-treasurer.com/mz/servlet/SLogin*
• cashproonline.bankofamerica.com/*
• cashproonline.bankofamerica.com/AuthenticationFrameworkWeb/cpo/login/public/loginMain.faces*
• catalystcorp.org/*
• cbfm.saas.cashfac.com/*
• cbfm.saas.cashfac.com/cbfm/Logon.aspx*
• cbionline.cbi.ae/*
• cbionline.cbi.ae/bus/security/Welcome.do*
• cgacontact.c-g-a.fr/*
• cgacontact.c-g-a.fr/ClientManagerSG/formulaire.html*
• cgaetoile.c-g-a.fr/*
• cgaetoile.c-g-a.fr/ClientManagerCDN/formulaire.html*
• cgaoi.c-g-a.fr/*
• cgaoi.c-g-a.fr/ClientManagerOI/formulaire.html*
• cgi-hp.espace-clients.fr/*
• charisma.btdirect.ro/*
• charisma.btdirect.ro/CharismaWEB/_Public/Login.aspx*
• cib.affinonline.com/*
• cib.affinonline.com/business/login.html*
• cib.bankofthewest.com/*
• cib.bankofthewest.com/K1/servlet/com.fis.authentication.servlet.WelcomeServlet*
• cib.icicibank.com/*
• cib.icicibank.com/corp/BANKAWAY*
• cib.uab.ae/*
• cityntl.webcashmgmt.com/*
• cityntl.webcashmgmt.com/wcmfd/wcmpw/CustomerLogin*
• classic.nordea.fi/*
• classic.nordea.fi/cgi-bin/SOLO0001*
• client.gemoneybank.fr/*
• client.gemoneybank.fr/identification.do*
• clientlogin.ibb.ubs.com/*
• clientlogin.ibb.ubs.com/login*
• clientpoint.fisglobal.com/*
• clientpoint.fisglobal.com/tdcb/main/UserLogon*
• clientportal.ibb.ubs.com/*
• clientportal.ibb.ubs.com/portal/index.htm*
• clients.banque-fiducial.fr/*
• clients.banque-fiducial.fr/comptes/fr/index.htm*
• clients.tilneybestinvest.co.uk/*
• clients.tilneybestinvest.co.uk/ORM/Login.aspx*
• clientview-mx.credit-suisse.com/*
• clientview-mx.credit-suisse.com/pb/mexico/c/cls/auth*
• cmbdirect.cmbnv.com/*
• cmbdirect.cmbnv.com/business/online*
• cmo.cibc.com/*
• cmo.cibc.com/wp/wps/portal/bbdsignon*
• cmol.bbt.com/*
• cmol.bbt.com/auth/prompt.tb*
• commerceconnections.commercebank.com*
• commercial.bnc.ca/*
• commercial.bnc.ca/auth/Login*
• connect.bnymellon.com/*
• connect.bnymellon.com/ConnectLogin/login/LoginPage.jsp*
• connect-ch2.ubs.com/*
• connect-ch2.ubs.com/workbench/Index.do*
• connexis.bnpparibas.com*
• corporate.adcb.com/*
• corporate.adcb.com/corporateWeb/login.do*
• corporate.metrobankonline.co.uk/*
• cpn.hsbc.com.mx/*
• cpn.hsbc.com.mx/cpn/default.htm*
• cs.directnet.com/*
• cs.directnet.com/dn/c/cls/auth*
• db-direct.db.com/*
• db-direct.db.com/u/eb/Login_Main.serv*
• db-sg.db.com/*
• db-sg.db.com/gen/login/index_4.cfm*
• direct.capitecbank.co.za/*
• direct.capitecbank.co.za/ibank*
• direct.mcbgroup-ebanking.com/*
• direct.mcbgroup-ebanking.com/cmblogin/corporate_AuthenticateUserLocalEPF.html*
• direct.mcbgroup-ebanking.com/mcbbonairelogin/corporate_AuthenticateUserLocalEPF.html*
• direct.mcbgroup-ebanking.com/mcblogin/corporate_AuthenticateUserLocalEPF.html*
• direct.mcbgroup-ebanking.com/wiblogin/corporate_AuthenticateUserLocalEPF.html*
• drob.santanderbank.com/*
• drob.santanderbank.com/cscobgss/Satellite*
• e-access.compassbank.com/*
• e-access.compassbank.com/bbw/cmserver/welcome/default/verify.cfm*
• eadibcorp.adib.ae/*
• eadibcorp.adib.ae/cb/servlet/cb/jsp-ns/login.jsp*
• eastwestbank.webcashmgmt.com/*
• eastwestbank.webcashmgmt.com/wcmfd/wcmpw/CustomerLogin*
• ebaer.juliusbaer.com/*
• ebank.publicbank.com.hk/*
• ebank.publicbank.com.hk/index0028.html*
• ebank.turkishbank.co.uk/*
• ebank.turkishbank.co.uk/Default2.aspx*
• e-bank.unicreditbank.si/*
• e-bank.unicreditbank.si/webbankBACX*
• ebankas.danskebank.lt/*
• ebankas.danskebank.lt/ib/site/login*
• ebanking.fransabank.com/*
• ebanking.fransabank.com/LoginAE.aspx*
• ebanking.procreditbank-kos.com/*
• ebanking.procreditbank-kos.com/User/LogOn*
• ebanking.schwaebische-bank.de/*
• ebanking.schwaebische-bank.de/loginStart.do*
• ebanking.societegenerale.al/*
• ebanking.societegenerale.al/webbankALB/loginCer.jsp*
• ebanking.societegenerale.in/*
• ebanking.societegenerale.in/corp/AuthenticationController*
• ebanking2.danskebank.co.uk/*
• ebanking2.danskebank.co.uk/pub/logon/logon.aspx*
• ebanking-au.ubs.com/*
• ebanking-au.ubs.com/ebanking*
• ebanking-aut.ubs.com/*
• ebanking-aut.ubs.com/epexa*
• ebanking-aut.ubs.com/estmta*
• ebanking-aut.ubs.com/fim*
• ebanking-bel.ubs.com/*
• ebanking-bel.ubs.com/epexb*
• ebanking-bel.ubs.com/estmtb*
• ebanking-bel.ubs.com/fim*
• ebanking-bhs2.ubs.com/*
• ebanking-bhs2.ubs.com/epex*
• ebanking-ca.ubs.com/*
• ebanking-ca.ubs.com/estmtc/action/login*
• ebanking-ca.ubs.com/gepc/MainAction*
• ebanking-ca.ubs.com/safeloginc/Login*
• ebanking-can.ubs.com/*
• ebanking-can.ubs.com/epex*
• ebanking-can.ubs.com/estmtc*
• ebanking-ch.ubs.com/*
• ebanking-ch.ubs.com/workbench/Index.do*
• ebanking-ch2.ubs.com/*
• ebanking-ch2.ubs.com/workbench/Index.do*
• ebanking-de1.ubs.com/*
• ebanking-de1.ubs.com/workbench/Index.do*
• ebanking-es.ubs.com/*
• ebanking-fr.ubs.com/enquiries/*
• ebanking-hksg.ubs.com/*
• ebanking-it.ubs.com/*
• ebanking-lux.ubs.com/*
• ebanking-lux.ubs.com/epex*
• ebanking-lux.ubs.com/estmt*
• ebanking-lux.ubs.com/fim*
• ebanking-mc.ubs.com/*
• ebanking-nld.ubs.com/*
• ebanking-nld.ubs.com/estmtn*
• ebanking-uk.ubs.com/*
• e-cash.alrajhibank.com.my/*
• e-cash.alrajhibank.com.my/CashWebAlrajhi/index.jsp*
• ematchingnz1.online.anz.com/*
• ematchingnz1.online.anz.com/saam/SAAMLogin/Login.fcc*
• enlace.santander-serfin.com/*
• enlace.santander-serfin.com/eai/EaiEmpresasWAR/inicio.do*
• entreprises.bnpparibas.net/*
• entreprises.bnpparibas.net/NSAccess*
• entreprises.societegenerale.fr/*
• entreprises.societegenerale.fr/associations-connexion.html*
• entreprises.societegenerale.fr/index.html*
• epayday.e-ambiz.com.my/*
• epayday.e-ambiz.com.my/epayroll/login.do*
• eplusgiro.plusgirot.se/*
• eplusgiro.plusgirot.se/eplusgiro.html*
• eplusgiro.plusgirot.se/eplusgiro_comp.html*
• esavings.shawbrook.co.uk/*
• esavings.shawbrook.co.uk/BankFast/Shawbrook*
• esecure.banque-edel.fr/*
• esecure.banque-edel.fr/es@b/fr/index.jsp*
• esipub.esi-sa.com/*
• esipub.esi-sa.com/INGArchive/Account/Login.aspx*
• espace-client.cora.fr/*
• espace-client.cora.fr/FrHomeBK/cora/logon.do*
• es-services.credit-suisse.com/*
• es-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• express.53.com/*
• express.53.com/portal/auth/login/Login*
• extra.unicreditbank.hu/*
• extra.unicreditbank.hu/eib_SP/loginpage.hu.html*
• extra.unicreditbank.hu/eibpublic_SP/login.de.html*
• extranet.bpifrance.fr/*
• extranet.bpifrance.fr/etresosesame/connexion.do*
• factor.bnpparibas.com/*
• factor.bnpparibas.com/factoring/fr/Portail_Connexion.or*
• fareastnationalbank.ebanking-services.com/*
• fareastnationalbank.ebanking-services.com/EamWeb/account/login.aspx*
• fastbanking.bancpost.ro/*
• fastbanking.bancpost.ro/iBankWeb/login.jsp*
• fastpay.asbbank.co.nz/*
• fastpay.asbbank.co.nz/Account/LogOn*
• fdonline.co-operativebank.co.uk/*
• fdonline.co-operativebank.co.uk/corp/BANKAWAY*
• ffcw.webcashmgmt.com/*
• ffcw.webcashmgmt.com/wcmfd/wcmpw/CustomerLogin*
• financepilot-pe.mlp.de/*
• financepilot-pe.mlp.de/p13pepe/entry*
• finanzportal.fiducia.de/*
• finanzportal.fiducia.de/p01pebe/entry*
• fnfgbusinessonline.enterprisebanker.com/*
• fnfgbusinessonline.enterprisebanker.com/wcmfd/wcmpw/CustomerLogin*
• fr-services.credit-suisse.com/*
• fr-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• fx.regions.com/*
• fx.regions.com/esn01/servlet/RSASingleSignOn*
• fxpayments.americanexpress.com*
• gfs.nb.se/*
• gfs.nb.se/privat/bank/index_foretag.html*
• gg-services.credit-suisse.com/*
• gg-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• girolink.plusgirot.se/*
• girovision.plusgirot.se/*
• gi-services.credit-suisse.com/*
• gi-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• global.kbstar.com/*
• global.kbstar.com/quics*
• globalpay.westernunion.com/*
• globalpay.westernunion.com/GlobalPay/Login.aspx*
• group.unicreditbanking.net/*
• hbciweb.olb.de/*
• hbciweb.olb.de/financebrowser5*
• hk-services.credit-suisse.com/*
• hk-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• home1.ybonline.co.uk/*
• home1.ybonline.co.uk/raluV8/reglm-web/login.ctl*
• home2.cybusinessonline.co.uk/*
• home2.cybusinessonline.co.uk/lmgruV8/ceblm-web/login.ctl*
• homebank.tsbbank.co.nz/*
• homebank.tsbbank.co.nz/online*
• ht.businessonlinepayroll.com/*
• ht.businessonlinepayroll.com/SPF/login/ee_auth.aspx*
• ib.absa.co.za/*
• ib.absa.co.za/absa-online/login.jsp*
• ib.banksyd.com.au/*
• ib.btrl.ro/*
• ib.btrl.ro/BT24/bfo/channel/web/loginframe.jsp*
• ib.mebank.com.au/*
• ib.mebank.com.au/auth/ib/login.html*
• ib.tmbank.com.au/*
• ib.tmbank.com.au/ib/signon/Login.aspx*
• ib.tmbank.com.au/ib/SignOn/Login.aspx*
• ibank.gtbankuk.com/*
• ibank.gtbankuk.com/Gaps_UK/Default.aspx*
• ibank.reliancebankltd.com/*
• ibank.reliancebankltd.com/logon.aspx*
• ibank.sbs.net.nz/*
• ibank.sbs.net.nz/ui/inetbankindex.aspx*
• ibank.sbs.net.nz/ui/inetbankindex.aspx*
• ibank.standardchartered.com.sg/*
• ibank.standardchartered.com.sg/nfs/login.htm*
• ibank.theaccessbankukltd.co.uk/*
• ibank.theaccessbankukltd.co.uk/entry/CorpLoginLang.html*
• ibank.zenith-bank.co.uk/*
• ibank.zenith-bank.co.uk/internetbanking/index.jsp*
• ibank1.bib.barclays.com/*
• ibank1.bib.barclays.com/logon*
• ibanking.bankofmelbourne.com.au/*
• ibanking.bankofmelbourne.com.au/ibank/loginPage.action*
• ibb.firsttrustbank1.co.uk/*
• ibb.firsttrustbank1.co.uk/ibb/controller*
• ibs.bankwest.com.au/*
• ibs.bankwest.com.au/BWLogin/bib.aspx*
• ibs.medbank.lt/*
• ibs.medbank.lt/login.aspx*
• ideal.dbs.com/*
• ideal.dbs.com/loginSubscriber/login/pin.jsp*
• inba.lukb.ch/*
• inba.lukb.ch/lukbLogin/*
• inbursamf.inbursa.com/*
• inetbnkp.adelaidebank.com.au/*
• inetbnkp.adelaidebank.com.au/OnlineBanking/AdBank*
• infinity.icicibank.co.uk/*
• infinity.icicibank.co.uk/UKRET/BANKAWAY*
• internationalfx.bannerbank.com/*
• internationalfx.bannerbank.com/servlet/VTDController*
• internet.ocbc.com/*
• internet.ocbc.com/internet-banking*
• internetbanken.privat.nordea.se/*
• internetbanken.privat.nordea.se/nsp/engine*
• internetbanken.privat.nordea.se/nsp/login*
• internet-banking.dbs.com.sg/*
• internet-banking.dbs.com.sg/IB/Welcome*
• internetbanking.firstcaribbeanbank.com/*
• internetbanking.firstcaribbeanbank.com/index.jsp*
• internetbanking.scu.net.au/*
• internetbanking.scu.net.au/mvpscu/SignOn/Login.aspx*
• internetbanking.suncorpbank.com.au/*
• invest.etrade.com.au/*
• invest.etrade.com.au/Home.aspx*
• itreasury.regions.com/*
• itreasury.regions.com/wcmfd/wcmpw/CustomerLogin*
• it-services.credit-suisse.com/*
• it-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• jpmcsso.jpmorgan.com/*
• jpmcsso.jpmorgan.com/sso/action/federateLogin*
• jpmcsso.jpmorgan.com/sso/action/login*
• jpmcsso-uk.jpmorgan.com/*
• jpmcsso-uk.jpmorgan.com/sso/action/federateLogin*
• jpmorgan.chase.com/*
• jpmorgan.chase.com/Public/Logon*
• jpmpb001.jpmorgan.com/*
• jpmpb001.jpmorgan.com/prelogin/index.jsp*
• konto.baaderbank.de/*
• ktt.key.com/*
• ktt.key.com/ktt/cmd/logon*
• kunden.commerzbank.de/*
• kunden.commerzbank.de/lp/login*
• kunden-mkb-bank.de/*
• leumionline.bankleumi.co.uk/*
• leumionline.bankleumi.co.uk/my.policy*
• leumionline.leumiusa.com/*
• leumionline.leumiusa.com/uniquesiga2fb1806b2b3831412436dd67c0ba0085419e78b8eb462c3cbbdd1d547afe055/uniquesig0*
• live.barcap.com/*
• live.barcap.com/UAB/S/ecom/logon/1/barxcorporate*
• lloydslink.online.lloydsbank.com/*
• lloydslink.online.lloydsbank.com/Logon/Logon.jsp*
• login.24banking.ro/*
• login.24banking.ro/casserver/login*
• login.isso.db.com/*
• login.isso.db.com/websso/sso_custom_multi_auth_flex_Logon.sso*
• login.isso.db.com/websso/sso_multi_auth_Logon.sso*
• login.salesforce.com/*
• login.smartbusiness.ae/*
• login.smartbusiness.ae/bo-login.jsp*
• logon.reflex.rhbbank.com.my/*
• logon.reflex.rhbbank.com.my/rhbcams/corporate/login.jsp*
• logon.rhb.com.my/*
• lu-directnet.credit-suisse.com/*
• lu-directnet.credit-suisse.com/dn/c/cls/auth*
• mcbdirect.mcb-bank.com/*
• mcbdirect.mcb-bank.com/business/online*
• mcbdirect.mcbbonaire.com/*
• mcbdirect.mcbbonaire.com/business/online*
• mc-services.credit-suisse.com/*
• mc-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
• mdcommercial.jpmorgan.com/*
• meine.deutsche-bank.de/*
• meine.deutsche-bank.de/trxm/db*
• mijn.ing.nl/*
• mijnzakelijk.ing.nl/*
• my.banklenz.de/*
• my.banklenz.de/web/guest/login*
• my.hsbcprivatebank.com/*
• my.hsbcprivatebank.com/1/2/*
• my.hypovereinsbank.de/*
• my.hypovereinsbank.de/login*
• my.sjpbank.co.uk/*
• my.sjpbank.co.uk/Security/Auth/Logon*
• my.statestreet.com/*
• my.statestreet.com/secid-smpwservices.fcc*
• myaccounts.newbury.co.uk/*
• myaccounts.newbury.co.uk/main.asp*
• mybbsaccounts.bucksbs.co.uk/*
• mybbsaccounts.bucksbs.co.uk/mlogn01.asp*
• nab.directnet.com/*
• nab.directnet.com/dn/c/cls/auth*
• nabconnect*.nab.com.au/*
• nabconnect*.nab.com.au/auth/nabclogin/login.do*
• nb.nordea.no/*
• nb.nordea.no/jlogin/nettbank/login/login*
• nebasilicon.fdecs.com/*
• nebasilicon.fdecs.com/eCustService/*
• net.crediteurope.ro/*
• net.crediteurope.ro/ibank-cln/do/login/prompt*
• netaccess3.qtmb.com.au/*
• netaccess3.qtmb.com.au/QTMB/NetTeller/login.aspx*
• netbanking.mashreqbank.com/*
• netbanking.mashreqbank.com/B001/SMELogin.jsp*
• netbanking.ubluk.com/*
• netbanking.ubluk.com/Login/Index*
• nettbanken.nordea.no/*
• nettbanken.nordea.no/login*
• netteller*.pnbank.com.au/*
• netteller*.pnbank.com.au/InternetBanking/Login.aspx
• netteller2.tsw.com.au/*
• netteller2.tsw.com.au/delphi/ntv451.asp*
• nge01.bnymellon.com/*
• nge01.bnymellon.com/NextGenV4/dflt/Login.ing*
• obank.kbstar.com/*
• obank.kbstar.com/quics*
• online.adambank.com/*
• online.adambank.com/eBankingAdamLogin/login*
• online.alrayanbank.co.uk/*
• online.alrayanbank.co.uk/online/aspscripts/Logon.asp*
• online.bankmecu.com.au/*
• online.bankmecu.com.au/daib/logon/cu3140/logon.asp*
• online.bankofcyprus.co.uk/*
• online.bankofcyprus.co.uk/netteller/login.faces*
• online.bankofscotland.co.uk/*
• online.bankofscotland.co.uk/personal/logon/login.jsp*
• online.bulbank.bg/*
• online.bulbank.bg/page/default.aspx*
• online.ccbank.co.uk/*
• online.ccbank.co.uk/main.asp*
• online.citi.eu/*
• online.citi.eu/GBIPB/JSO/signon/DisplayUsernameSignon.do*
• online.corp.westpac.com.au*
• online.corp.westpac.com.au/*
• online.coutts.com/*
• online.coutts.com/eBankingCouttsLogin/login*
• online.dib.ae/*
• online.dib.ae/webapplication.ui/localoperations/login/loginpage.aspx*
• online.duncanlawrie.com/*
• online.duncanlawrie.com/InternetBanking/faces/mdi/login.jsp*
• online.ebs.ie/*
• online.ebs.ie/internet/login/index.jsp*
• online.hbs.net.au/*
• online.hbs.net.au/hbsv47/ntv471.asp*
• online.hl.co.uk/*
• online.hl.co.uk/my-accounts*
• online.hoaresbank.co.uk/*
• online.hoaresbank.co.uk/fi11512/bb/logon*
• online.kbc.ie/*
• online.kbc.ie/kbc-online/onlinebanking/login*
• online.lloydsbank.co.uk/*
• online.lloydsbank.co.uk/personal/logon/login.jsp*
• online.multiport.com.au/*
• online.mystate.com.au/*
• online.mystate.com.au/Banking/Business*
• online.mystate.com.au/Banking/Personal*
• online.nbad.com/*
• online.nbad.com/iportalweb/iportal/jsps/orbilogin.jsp*
• online.privatebanking.societegenerale.be/*
• online.privatebanking.societegenerale.be/sg/login_fr.html*
• online.unicreditcorporate.it/*
• online.unicreditcorporate.it/login.htm*
• online.westpac.com.au/*
• online.westpac.com.au/esis/Login/SrvPage*
• online.ybs.co.uk/*
• online.ybs.co.uk/public/authentication/login1.do*
• onlinebanking.bankcoop.ch/*
• onlinebanking.coutts.com/*
• onlinebanking.coutts.com/auth/login*
• onlinebanking.orcobank.com/*
• onlinebanking.orcobank.com/orcobankonline/*
• onlinebanking-sg.credit-suisse.com/*
• online-business.bankofscotland.co.uk/*
• online-business.bankofscotland.co.uk/business/logon/login.jsp*
• onlinebusiness.lloydsbank.co.uk/*
• onlinebusiness.lloydsbank.co.uk/business/logon/login.jsp*
• online-business.tsb.co.uk/*
• online-business.tsb.co.uk/business/logon/login.jsp*
• onlinebusinessplus.vancity.com/*
• onlinebusinessplus.vancity.com/business/default.jsp*
• online-private.unicredit.it/*
• online-private.unicredit.it/login.htm*
• online-retail.unicredit.it/*
• online-retail.unicredit.it/login.htm*
• onlineservices.ubs.com/*
• onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl*
• online-smallbusiness.unicredit.it/*
• online-smallbusiness.unicredit.it/login.htm*
• particuliers.societegenerale.fr/*
• pbusa.directnet.com/*
• pbusa.directnet.com/dn/c/cls/auth*
• personal.co-operativebank.co.uk/*
• personal.co-operativebank.co.uk/CBIBSWeb/start.do*
• personal.gironet.com/*
• personal.gironet.com/DIBS_GIRO_BANK/pages/loginP.jsp*
• personeo.epargne-retraite-entreprises.bnpparibas.com/*
• personeo.epargne-retraite-entreprises.bnpparibas.com/portal/salarie-bnp/*
• pfo.us.hsbc.com*
• portal.berenberg.de/*
• portal.berenberg.de/MULTIVERSA-IFP/faces/login/login.jsf*
• portal.northonline.com.au/*
• portal.northonline.com.au/WealthNET.PortalClient*
• portal.northonline.com.au/WealthNET.PortalClient/DUBLE*
• private.bankofsingapore.com/*
• private.bankofsingapore.com/Login/Login*
• privatebank-us.ubs.com/*
• pro.skb.net/*
• probank.tsbbank.co.nz/*
• probank.tsbbank.co.nz/ProBank/login.action*
• probanking.procreditbank.ba/*
• probanking.procreditbank.ba/User/LogOn*
• professionnels.societegenerale.fr/*
• professionnels.societegenerale.fr/association_connexion.html*
• professionnels.societegenerale.fr/index.html*
• quotes-global1.ubs.com/*
• quotes-global1.ubs.com/go/*
• rakbankonline.ae/*
• rakbankonline.ae/corp/BANKAWAY*
• retail.santander.co.uk/*
• retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto*
• rib.affinonline.com/*
• rib.affinonline.com/rib/pb/logon*
• ribs.rabobank.com.au/*
• ribs.rabobank.com.au/RIBSAU/AU*
• ro.unicreditbanking.net/*
• ro.unicreditbanking.net/disp*
• s2b.standardchartered.com/*
• s2b.standardchartered.com/ssoapp/login.jsp*
• santander.hpdsc.com/*
• santander.hpdsc.com/main*
• sec.westpac.co.nz/*
• sec.westpac.co.nz/IOLB/Login.jsp*
• secure.aldermorebusinesssavings.co.uk/*
• secure.aldermorebusinesssavings.co.uk/corporate*
• secure.ampbanking.com/*
• secure.ampbanking.com/au/Logon*
• secure.anz.co.nz/*
• secure.anz.co.nz/IBCS/service/login*
• secure.boqspecialist.com.au/*
• secure.boqspecialist.com.au/BOQ/BOQSpecialist*
• secure.boqspecialist.com.au/BOQ/BOQSpecialist*
• secure.defencebank.com.au/*
• secure.defencebank.com.au/daib/logon/cu3205/logon.asp*
• secure.handelsbanken.com/*
• secure.handelsbanken.com/bb/glss/servlet/prelogon*
• secure.heartland.co.nz/*
• secure.heartland.co.nz/IB/index.zul*
• secure.ingdirect.fr/*
• secure.ingdirect.fr/public/displayLogin.jsf*
• secure.ingdirect.it/*
• secure.ingdirect.it/login.aspx*
• secure.internetbanking.firstcaribbeanbank.com/*
• secure.internetbanking.ro/*
• secure.internetbanking.ro/IBK_SMS/Login/LoginFirstStep.aspx*
• secure.macquarie.com.au/*
• secure.macquarie.com.au/sepas/serve*
• secure.membersaccounts.com/*
• secure.membersaccounts.com/SELFSERVICE/login.aspx*
• secure.tddirectinvesting.co.uk/*
• secure.tddirectinvesting.co.uk/webbroker2/login.jsp*
• secure.unicreditbank.lu/*
• secure1.businesswaybnl.it/*
• secure1.businesswaybnl.it/newcorporate/webcontoc/login/login*
• secure1.entreprises.bnpparibas.net *
• secure1.rabodirect.co.nz/*
• secure1.rabodirect.co.nz/exp/policyenforcer/pages/loginB2CDGPEN.jsf*
• secure2.alphabank.ro/*
• secure2.alphabank.ro/corporate/CorpOTPLoginLangRom.jsp*
• securentrycorp.amegybank.com/*
• securentrycorp.calbanktrust.com/*
• securentrycorp.nsbank.com/*
• securentrycorp.zionsbank.com/*
• securentrycorp.zionsbank.com/*
• secureprivateebanking.nordea.ch/*
• secureprivateebanking.nordea.ch/eservices*
• secureprivateebanking.nordea.lu/*
• secureprivateebanking.nordea.lu/eservices*
• secureprivateebanking.nordea.sg/*
• secureprivateebanking.nordea.sg/eservices*
• securitiesexpert.credit-suisse.com/*
• securitiesexpert.credit-suisse.com/cs/eamnet/c/cls/auth*
• see.sbi.com.mx/*
• see.sbi.com.mx/invernet2000/home*
• sg.bibplus.uobgroup.com/*
• sg.bibplus.uobgroup.com/BIB/public*
• sgcib.pl/*
• sgcib.pl/ib/Default.aspx*
• sharinbox.societegenerale.com/*
• sharinbox.societegenerale.com/login.do*
• si.unicreditbanking.net/*
• si.unicreditbanking.net/disp*
• sikanet.sg-ssb.com.gh/*
• sikanet.sg-ssb.com.gh/priv/en/dciweb.htm*
• singlepoint.usbank.com/*
• singlepoint.usbank.com/cs70_banking/logon/sbuser*
• sites.scotiabank.com.mx/*
• sites.scotiabank.com.mx/colproveedores/menu/entrada.asp*
• sogecashnet.sga.dz/*
• sogecashnet.sga.dz/smartoffice*
• sogecashnet.societegenerale.cg/*
• sogecashnet.societegenerale.cg/smartoffice/GB*
• sogecashnet.societegenerale.cg/smartoffice/index.htm*
• sogeonline.societegenerale.cn/*
• sogeonline.societegenerale.cn/eweb/prelogin.do*
• solo.nordea.com/*
• solo.nordea.com/nsc/engine*
• solo1.nordea.fi/*
• solo1.nordea.fi/nsp/engine*
• solo1.nordea.fi/nsp/login*
• solo3.nordea.fi/*
• solo3.nordea.fi/cgi-bin/SOLO0001*
• spib.wooribank.com/*
• spib.wooribank.com/pib/Dream*
• sponsor.voya.com/*
• sponsor.voya.com/static/sponsor/SponsorLogin.fcc*
• ssologin-bp2s.bnpparibas.com/*
• subastas.scotiainlatrade.com/SubastasAppWeb/login.jsp*
• tb.raiffeisendirect.ch/*
• tdetreasury.tdbank.com/*
• tdetreasury.tdbank.com/s1gcb/logon/sbuser*
• tdwealth.netxinvestor.com/*
• tdwealth.netxinvestor.com/web/tdwealth/login*
• ticari.yapikredi.com.tr/*
• ticari.yapikredi.com.tr/ifcapp/xrl/0ae47e2458dc60906796609e8cf7763b*
• ticari.yapikredi.com.tr/ifcapp/xrl/8a162dffc621811178834120027d2afa;jsessionid=c0a8913f30fcd76aff61c9b944afb647f480bfa640bc.e34KcheMc3iMaO0Rah4Oe0*
• top.capitalonebank.com/*
• top.capitalonebank.com/cashplus/*
• top.capitalonebank.com/pub/html/login.html*
• transactgateway.svb.com/*
• transactgateway.svb.com/siliconvalley/customerlogin.aspx*
• transtasman.online.anz.com/*
• transtasman.online.anz.com/client*
• trz.tranzact.org/*
• trz.tranzact.org/LogonOTP.aspx*
• u-2-view.chorleybs.co.uk/*
• u-2-view.chorleybs.co.uk/mlogn01.asp*
• uk.hkbea-cyberbanking.com/*
• uk.hkbea-cyberbanking.com/UCBCorp/Index.action*
• uk.hkbea-cyberbanking.com/UCBWeb/Index.action*
• uksecure.barclayswealth.com/*
• uksecure.barclayswealth.com/*
• unified-access.societegenerale.com/*
• unified-access.societegenerale.com/portal/site/SogecashWeb*
• uniservices2.uobgroup.com/*
• uniservices2.uobgroup.com/ELO/login.jsp*
• usgateway*.rbs.com/*
• usgateway*.rbs.com/wps/portal/c*b/applications*
• velocity.ocbc.com/*
• velocity.ocbc.com/portal.view*
• verkkopankki2.danskebank.fi/*
• verkkopankki2.danskebank.fi/pub/logon/logon.aspx*
• wealth.goldman.com/*
• wealth.goldman.com/login/login_a.cgi*
• wealthclient.closebrothers.com/*
• wealthclient.closebrothers.com/Login*
• web.procapital.fr/*
• web.procapital.fr/bami/public/form_login.html*
• web.procapital.fr/bami/public/form_procap_login.html*
• webbanking.bgl.lu/*
• webbanking.bgl.lu/de/Main.html*
• webcmpr.bancopopular.com/*
• webcmpr.bancopopular.com/K1*
• wellsoffice.wellsfargo.com/*
• wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp*
• wibdirect.wib-bank.net/*
• wibdirect.wib-bank.net/business/online*
• www*.my.commbiz.commbank.com.au/*
• www*.my.commbiz.commbank.com.au/Logon/UserMaintenance/Login.aspx
• www.365online.com/*
• www.365online.com/online365/spring/authentication*
• www.alliancebizsmart.com.my/*
• www.alliancebizsmart.com.my/business*
• www.anz.com/*
• www.anz.com/INETBANK/bankmain.asp*
• www.anzdirect.co.nz/*
• www.anzdirect.co.nz/online/EnterANZDirect.do*
• www.anztransactive.anz.com/*
• www.arabi-online.net/*
• www.arabi-online.net/efs/servlet/efs/jsp-ns/login.jsp*
• www.asbolb.com/*
• www.asbolb.com/servlet/ASB.ASBServlet*
• www.asl.com/*
• www.asl.com/asl/login/entryFrame.jsp*
• www.bami.lmpatrimonline.com/*
• www.bami.lmpatrimonline.com/bol-sb-web/EP01Action.do*
• www.bamibanque.fr/*
• www.bamibanque.fr/WD110AWP/WD110awp.exe/CONNECT/GESCOMPTE2010*
• www.bancaempresarialazteca.com.mx/*
• www.bancaempresarialazteca.com.mx/BancaEmpresarial/login.htm*
• www.bancoinbursa.com/*
• www.bancoinbursa.com/login/useraccessPortatil.asp*
• www.bancorpsouthinview.web-cashplus.com/*
• www.bancorpsouthinview.web-cashplus.com/Cashplus/*
• www.bancorpsouthonline.com/*
• www.bancorpsouthonline.com/BXS/Login.aspx*
• www.bankdirect.co.nz*
• www.banking.axa.de/*
• www.banking.axa.de/OnlineBankingWebfrontend/banking/common/login.xhtml;jsessionid=F05F46A7333D65031BD6C9B43C062C31*
• www.bankline.natwest.com/*
• www.bankline.natwest.com/CWSLogon/logon.do*
• www.bankline.rbs.com/*
• www.bankline.rbs.com/CWSLogon/logon.do*
• www.bankline.ulsterbank.ie/*
• www.bankline.ulsterbank.ie/CWSLogon/logon.do*
• www.banorte.com/*
• www.banorte.com/portal/personas/acceso.web*
• www.banque-tahiti.pf/*
• www.banque-tahiti.pf/pauth.aspx*
• www.barclayswealth.com/*
• www.barclayswealth.com/login/action/logon/unauthenticated/corporate/loginSigningGemplus*
• www.barclayswealth.com/login/action/logon/unauthenticated/personal/loginDetailsRouting*
• www.bcif.fr/*
• www.bcif.fr/Compte/Login.aspx*
• www.bcv.ch/*
• www.bcv.ch/bcvd-login/authenticateAction.do*
• www.bcv.ch/de*
• www.bcv.ch/en*
• www.bcv.ch/fr*
• www.bendigobank.com.au/*
• www.bendigobank.com.au/banking/BBLIBanking*
• www.benefitaccess.com/*
• www.benefitaccess.com/cba.html*
• www.bnz.co.nz/*
• www.bnz.co.nz/ib4b/app/login*
• www.boi-bol.com/*
• www.boi-bol.com/newHome.jsp*
• www.bostonprivatebank.com/*
• www.bostonprivatebank.com/index.cfm/pid/10540*
• www.brdoffice.ro/*
• www.brdoffice.ro/smartoffice/_mcologon*
• www.business.hsbc.co.uk/*
• www.business.hsbc.co.uk/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDgzAfSycDUy8LAzNDbz8vbzMDKADKR2LKuyHkgbotDB1dDZyDDTwMzM0sDTy93B1dnXz8DN0tTCC6nd0dPUzMfYCqwzxdDTxNnEwMTH3dDA08jQnoLsgNDQUAO-nOhw!!*
• www.bv-activebanking.de/*
• www.bv-activebanking.de/dbm/loginFormAction.do*
• www.bv-activebanking.de/neelmeyer/loginFormAction.do*
• www.bv-activebanking.de/trinkaus/loginFormAction.do*
• www.bybloseuropeonline.com/*
• www.bybloseuropeonline.com/finsebanking_enu_europe*
• www.byblosonline.com/*
• www.byblosonline.com/finsebanking_enu*
• www.casden.fr/*
• www.casden.fr/simu/view/accueil.seam*
• www.cashanalyzer.com/*
• www.caterallenonline.co.uk/*
• www.ceconline.ro/*
• www.ceconline.ro/smartoffice/logon.htm*
• www.chase.com/*
• www.chase.com/commercial-bank/chase-commercial-online*
• www.cimb.bizchannel.com.my/*
• www.cimb.bizchannel.com.my/corp/common2/login.do*
• www.citibank.com.au/*
• www.citibank.com.au/AUGCB/JSO/signon/DisplayUsernameSignon.do*
• www.citibank.com.my/*
• www.citibank.com.my/MYGCB/JSO/signon/DisplayUsernameSignon.do*
• www.citibank.com.sg/*
• www.citibank.com.sg/SGGCB/JSO/signon/DisplayUsernameSignon.do*
• www.citibusiness.citibank.com.sg/*
• www.citibusiness.citibank.com.sg/SGCBZ/JSO/signon/DisplayUsernameSignon.do*
• www.citigold.com.my/*
• www.citigold.com.my/MYGCB/JSO/signon/DisplayUsernameSignon.do*
• www.cmb-home.com/*
• www.cmb-home.com/online/site002index.itm*
• www.commercial.hsbc.com.hk/*
• www.commercial.hsbc.com.hk/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDd-NQv1BDg2AXA1-PEE9zPwtDAwgAykeaxTu7O3qYmPsA-WGergaeJk4mBqa-boYGnsbYdPsidBfkhioCAMGAADI!*
• www.co-operativebank.co.nz/*
• www.co-operativebank.co.nz/InternetBankingSecure/t/iblogin.aspx*
• www.corpnet.lu/*
• www.corpnet.lu/corpnet/loginCorp.jsp*
• www.corporate-clients.commerzbank.com/*
• www.corporate-clients.commerzbank.com/S-Portal/SHTML/cdir2/companydirectportal/pgf.html*
• www.coventrybuildingsociety.co.uk/*
• www.coventrybuildingsociety.co.uk/onlineservices/login/ols_login.aspx*
• www.credit-cooperatif.coop/*
• www.credit-cooperatif.coop/portail/particuliers/login.do*
• www.credit-suisse.com.sg/*
• www.ct6.e-i.com/*
• www.ct6.e-i.com/wlib_sharedresources/sson/ssonsign/sign_extranet.asp*
• www.dab-bank.de/*
• www.dab-bank.de/Mein-Konto-Depot/Login*
• www.danskebank.no/*
• www.danskebank.no/nb-no/Bedrift/Mellomstore-bedrifter/Nettbank/Pages/Nettbank.aspx*
• www.dbsvonline.com/*
• www.dbsvonline.com/english/index.asp*
• www.deutschebank-dbdirect.com/*
• www.deutschebank-dbdirect.com/cas/login*
• www.dialog.bsibank.com/*
• www.dialog.bsibank.com/bsi_login_auth/login*
• www.e-ambiz.com.my/*
• www.e-ambiz.com.my/bon/jsp/common/loginfiles/Login.bon*
• www.ebanking.hsbc.co.nz/*
• www.ebanking.hsbc.co.nz/1/2/!ut/p/c5/jZBdC4IwGEZ_0vtuI6VLXTitmeGa6G5kiIigMyKK_n3rJrrpg-fynHPzgAE_Z6_jYC_j4uwENZigzYMQOd0yFLwIkJbZmsu4JCJhnjefecn-qkklokxTLEjquUxCKsUBxRF_1Kp3rVawT5e5hwZM-CYr8ZTzjVzFyDhn0Ez9YLv7d0-Rl6cdVG45z_6D06zr205GD_hDJm4!/dl3/d3/L0lJSklna21BL0lKakFBTXlBQkVSQ0pBISEvNEZHZ3NvMFZ2emE5SUFnIS83X002NzBDMkozMEdTRzYwMlJNREw1QjAzQ0MzL0FHVnNUNDc3MjAwMDQ!*
• www.e-connect.bsibank.com/*
• www.e-connect.bsibank.com/bsi_login_auth/login*
• www.epargne-entreprise.federal-finance.fr/*
• www.epargne-entreprise.federal-finance.fr/ent/start.swe*
• www.exane.com*
• www.exane.com/*
• www.factocicpartnet.com/*
• www.factocicpartnet.com/factocicWeb*
• www.fcsolb.com/*
• www.fcsolb.com/cb/pages/jsp-ns/login.jsp*
• www.fidunet.lu/*
• www.fidunet.lu/fidunet/loginFidu.jsp*
• www.fineco.it/*
• www.fineco.it/it/public*
• www.firstmerit.com/*
• www.firstmerit.com/commercial/index.html*
• www.firstmeritib.com/*
• www.firstmeritib.com/ec/DefaultCorp.aspx*
• www.flexipurchase.com/*
• www.flexipurchase.com/secure/welcome.asp*
• www.fnb.co.za/*
• www.frostcashmanager.com/*
• www.frostcashmanager.com/CASHplus*
• www.gecapitalbank.com/*
• www.gecapitalbank.com/gecb/app/login*
• www.gemyaccounts.com/*
• www.gemyaccounts.com/myaccounts/Index.html*
• www.gerrard.com/*
• www.gerrard.com/clientcentre/login.aspx*
• www.goldman.com/*
• www.goldman.com/login/login_a.cgi*
• www.gs.reyrey.com/*
• www.gs.reyrey.com/common/login/login.aspx*
• www.gtb.unicredit.eu/*
• www.gtb.unicredit.eu/login*
• www.halifax-online.co.uk/*
• www.halifax-online.co.uk/personal/logon/login.jsp*
• www.hsbc.co.uk/*
• www.hsbc.co.uk/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDgzAfSycDUy8LAzNDbz8vbzMDKADKR5rFO7s7epiY-wD5YZ6uBp4mTiYGpr5uhgaexmDdFibeBn7enkEuBs4ejiYeRiHGMN1-Hvm5qfoFuRHlABOr0sE!*
• www.hsbc.com.au/*
• www.hsbc.com.au/1/2/HUB_IDV2/IDV_EPP*
• www.hsbc.com.my/*
• www.hsbc.com.my/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDCxNvAz9vzyAXA2cPRxMPywBDAwgAykdiyjv5w-WJ0e1v6m5g6RNiYWngbeRvHGRqbECc7uDUvPjQYH0_j_zcVP1I_ShzDMWeniYwxZE5qemJyZXY1XljqgvN0w_Lyy_KBYZBQW5oRLm3jyMAwombdA!!/dl3/d3/L0lJSklna21BL0lKakFBTXlBQkVSQ0pBISEvNEZHZ3NvMFZ2emE5SUFnIS83XzA4NEswTktJUkQwQ0hBNEhJSTQwMDAwMDAwL3lSbVo6MjI4ODAwMDQ!*
• www.hsbc.com.sg/*
• www.hsbc.com.sg/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDf6NAZ8tQU3c3A0dDV5MAf2MTAwjQL8h2VAQAdKy3eg!!/*
• www.hvbrsce.com/*
• www.hvbrsce.com/ebanking/Athens/Pages/ElectronicBanking.htm*
• www.ib.boq.com.au/*
• www.ib.boq.com.au/boqbl*
• www.ib.kiwibank.co.nz/*
• www.ing.be/*
• www.ing.be/de/business/Pages/Login.aspx*
• www.ing.be/de/retail/Pages/Login.aspx*
• www.ing.be/en/business/Pages/Login.aspx*
• www.ing.be/en/retail/pages/login.aspx*
• www.ing.be/fr/business/pages/login.aspx*
• www.ing.be/fr/Retail/Pages/Login.aspx*
• www.ing.be/nl/business/pages/login.aspx*
• www.ing.be/nl/retail/pages/login.aspx*
• www.ing.lu/*
• www.ing.lu/ING/FR/Particuliers/Login/index.htm*
• www.ing.lu/web/ING/DE/Privatpersonen/Einloggen/index.htm*
• www.ing.lu/web/ING/EN/Personal/Login/index.htm*
• www.ing.lu/web/ING/FR/Personal/Login/index.htm*
• www.ing.lu/web/ING/NL/Particuliers/Login/index.htm*
• www.ingbank.cz/*
• www.ingbank.cz/ib/login*
• www.ingdirect.com.au/*
• www.ingdirect.com.au/client/index.aspx*
• www.ingonline.com/*
• www.ingonline.com/bg*
• www.ingonline.com/cz*
• www.ingonline.com/hu*
• www.ingonline.com/pl*
• www.ingonline.com/ro*
• www.ingonline.com/ro/!UPR.Dispatcher*
• www.ingonline.com/sk*
• www.interacciones.com/*
• www.interacciones.com/analisis/login.do*
• www.interacciones.com/loginUsuario.do*
• www.interacciones.com/portalAgentes/login.jsp*
• www.internationalmoneytransfers.com.au/*
• www.internationalmoneytransfers.com.au/login/login*
• www.internationalpayments.co.uk/*
• www.intesasanpaolo.com/*
• www.intesasanpaolo.com/script/Login2Servlet*
• www.investbank.ae/*
• www.investbank.ae/ibank/loginAction.do*
• www.investimenti.unicredit.it/*
• www.iombankibanking.com/*
• www.iombankibanking.com/eai/IPB_EAI_Web/eai*
• www.kbinternetbanking.com/*
• www.maybank2e.com/*
• www.maybank2e.com/SEA/m2e/portal/portal.view*
• www.maybank2e.net/*
• www.maybank2e.net/M2E/mbbcustomer*
• www.maybank2u.com.my/*
• www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do*
• www.mcbb-home.com/*
• www.mcbb-home.com/online/site003index.itm*
• www.mcb-home.com/*
• www.mcb-home.com/online/site001index.itm*
• www.mercantilcbonline.com/*
• www.mercantilcbonline.com/secure/banking/individualLogon*
• www.mercantilcbonline.com/secure/banking/logon*
• www.mkbag.de/*
• www.mkbag.de/ptlweb/WebPortal*
• www.ml.com/*
• www.my.commbank.com.au/*
• www.my.commbank.com.au/netbank/Logon/Logon.aspx*
• www.mydegroof.fr*
• www.mydegroof.fr/*
• www.mymerrill.com/*
• www.mymerrill.com/ml/home.aspx*
• www.natwestibanking.com/*
• www.natwestibanking.com/eai/IPB_EAI_Web/*
• www.netbank.nordea.dk/*
• www.netbank.nordea.dk/netbank/index.jsp*
• www.noorinternetbanking.com/*
• www.noorinternetbanking.com/CWCLIENT/loginClient.action*
• www.nordeaim.nordea.com/*
• www.nordeaim.nordea.com/ImExt/WebportExt.nsf*
• www.nwolb.com/*
• www.nwolb.com/default.aspx*
• www.obsgnet.com.mk/*
• www.obsgnet.com.mk/Retail/LoginModule/LoginToken.aspx*
• www.onlinebanking.iombank.com/*
• www.onlinebanking.iombank.com/default.aspx*
• www.onlinebanking.natwestoffshore.com/*
• www.onlinebanking.natwestoffshore.com/default.aspx*
• www.onlinesbiglobal.com/*
• www.onlinesbiglobal.com/64SG/BANKAWAY*
• www.open24.ie/*
• www.open24.ie/online/login.aspx*
• www.palatine.fr/*
• www.palatine.fr/espace-client-entreprises.html*
• www.paymentnet.jpmorgan.com/*
• www.portail.banque-solfea.fr/*
• www.portail.banque-solfea.fr/user/login*
• www.postfinance.ch/*
• www.postfinance.ch/ap/ba/fp/html/e-finance/home*
• www.pouyanne.net/*
• www.privatebanking.societegenerale.com/*
• www.privatebanking.societegenerale.com/en/banking/luxembourg*
• www.privatebanking.societegenerale.com/en/banking/monaco*
• www.publicmutualonline.com.my/*
• www.raiffeisenonline.ro/*
• www.raiffeisenonline.ro/eBankingWeb/login*
• www.rbsdigital.com/*
• www.rbsdigital.com/login.aspx*
• www.rbsidigital.com/*
• www.rbsidigital.com/default.aspx*
• www.rbsiibanking.com/*
• www.rbsiibanking.com/ipb/IPB_Client_Web/Start.do*
• www.sbisyd.com.au/*
• www.sbisyd.com.au/eremit/index.php*
• www.scotiaconnect.scotiabank.com/*
• www.scotiaconnect.scotiabank.com/sco-tp/pki/AuthenticateUserRoamingEPF.bns*
• www.scotiaweb.com.mx/*
• www.scotiaweb.com.mx/hipotecario/hip_login.asp*
• www.secure.bnpparibas.net/*
• www.secure.bnpparibas.net/banque/portail/entrepros/HomeConnexion*
• www.secure.bnpparibas.net/banque/portail/particulier/Fiche*
• www.secure.bnpparibas.net/banque/portail/particulier/HomeConnexion*
• www.sft-ebanking.com/*
• www.sft-ebanking.com/siteminderagent/forms/dbloginsft.fcc*
• www.sg-bdp.pf/*
• www.sgcb.nc/*
• www.sgcb.nc/part/en/dciweb.htm*
• www.signatureny.web-access.com/*
• www.signatureny.web-access.com/signat/cgi-bin/login.cgi*
• www.sogecashnet.ma/*
• www.sogecashnet.ma/smartoffice/index.htm*
• www.sogecashnet.ma/smartoffice/index_gb.htm*
• www.sogehomebank.com/*
• www.sogehomebank.com/Retail/login.aspx*
• www.standardlife.co.uk/*
• www.standardlife.co.uk/1/site/uk/login*
• www.superchoice.com.au/*
• www.superchoice.com.au/amp*
• www.superorganised.com.au/*
• www.superorganised.com.au/dashboard/login*
• www.svbconnect.com/*
• www.svbconnect.com/auth*
• www.tmbbizdirect.com/*
• www.tranzact.org/*
• www.tranzact.org/*
• www.treasury.pncbank.com/*
• www.treasury.pncbank.com/idp/esec/login.ht*
• www.ubibanca.com/*
• www.ubibanca.com/Login_utilio*
• www.ubs.com/*
• www.ubs.com/connect*
• www.uibanking-net.com/*
• www.uibanking-net.com/smartoffice/fr/connexion.html*
• www.uibanking-net.com/smartoffice/GB/connexion.html*
• www.ulsterbankanytimebanking.ie/*
• www.ulsterbankanytimebanking.ie/default.aspx*
• www.unicreditbank.ba/*
• www.unicreditbank.ba/eba/BHgradjani*
• www.unicreditbank.cz/*
• www.unicreditbank.cz/web/redirect.php*
• www.unicreditbank.sk/*
• www.unicreditbank.sk/i-banking-sk-https.html*
• www.unity-online.co.uk/*
• www.us.hsbcprivatebank.com/*
• www.us.hsbcprivatebank.com/1/2/*
• www.vancity.com/*
• www.vancity.com/BusinessBanking/OnlineBanking/MyAccounts*
• www.volkswagenbank.de/*
• www.volkswagenbank.de/PortalLogin/get/Error.aspx/*
• www.wib-home.com/*
• www.wib-home.com/online/site004index.itm*
• www.youinvest.co.uk/*
• www.youinvest.co.uk/LogIn/username*
• www.zaba.hr/*
• www.zaba.hr/ebank/gradjani/Prijava*
• www1.firstdirect.com/*
• www1.firstdirect.com/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDgzAfSycDUy8LAzNDbz8vbzMDKADKR5rFO7s7epiY-wD5YZ6uBp4mTiYGpr5uhgaexmDdFibeBn7enkEuBs4ejiYeHkGGMN0FuaGKAPRSfDc!*
• www1.rbcbankusa.com/*
• www1.rbcbankusa.com/cgi-bin/rbaccess/rbunxcgi*
• www2.pbebank.com/*
• www2.pbebank.com/myIBK/apppbb/servlet/BxxxServlet*
• www2.pbebank.com/PBL*
• www2.secure.hsbcnet.com/*
• www2.secure.hsbcnet.com/uims/portal/IDV_CAM10_AUTHENTICATION*
• www22.bmo.com/*
• www22.bmo.com/ctpauth/CTPEAILogin/CustUserPasswordAuthServlet*
• www4.banquewormser.com/*
• www6.rbc.com/*
• www6.rbc.com/webapp/ukv0/signin/logon.xhtml*
• www8.comerica.com/*
• www8.comerica.com/pkmslogin.form*
• wwwsec.ebanking.zugerkb.ch/*
• wwwsec.ebanking.zugerkb.ch/authen/login*
• wwwsec.valiant.ch/*
• wwwsec.valiant.ch/authen/login*

スパイウェアは、以下の「Simple Traversal of UDP through NATs（STUN）」サーバに接続して、感染コンピュータのパブリックIPアドレスを特定します。

• stun1.voiceeclipse.net
• stun.callwithus.com
• stun.sipgate.net
• stun.ekiga.net
• stun.internetcalls.com
• stun.noc.ams-ix.net
• stun.voip.aebc.com
• stun.voipbuster.com
• stun.voxgratia.org
• stun.ipshka.com
• stun.faktortel.com.au
• stun.iptel.org
• stun.voip
• stunt.com203.183.172.196:3478
• s1.taraba.net
• stun.l.google.com:19302
• stun1.l.google.com:19302
• stun2.l.google.com:19302
• stun3.l.google.com:19302
• stun4.l.google.com:19302
• stun.schlund.de
• stun.rixtelecom.se
• stun.voiparound.com
• numb.viagenie.ca
• stun.stunprotocol.org
• stun.services.mozilla.com
• stun.2talk.co.nz

スパイウェアは、以下を実行することができます。

• 環境設定ファイルの受信(webインジェクションを介して)
• 新しい通信の受信
• ファイルのダインロードおよび実行
• モジュールのダウンロード(VNC,TV)
• ブラウザのスナップショット
• コンピュータのシャットダウンおよび再起動

スパイウェアは、以下の GETリクエストを送信します。

• 804us77/{OS platform}_{DATA1}.{DATA2}/{NUMBER}/{DATA3}/{BLOCKED}.{BLOCKED}.43.39

スパイウェアは、POSTリクエストを送信して窃取した情報をインジェクションで送信します。

スパイウェアは、安全な通信のために以下のI2Pネットワーク上で情報を送受信することができます。

• {BLOCKED}veao5kxa7b3nhtc4saoonjpsy65mapycaua.{BLOCKED}2.i2p:443

---

  対応方法

ご利用はいかがでしたか？　アンケートにご協力ください