/
2022-01-20 Emotet IOCs
97 lines (82 loc) · 2.28 KB
/
2022-01-20 Emotet IOCs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
THREAT IDENTIFICATION: EMOTET (E4)
SUBJECTS OBSERVED
All subjects were from previously stolen email threads.
SENDERS OBSERVED
bd@azizgroupbd.com
niko@samkyung.co.id
XLS MALDOC FILE HASHES
271e15bac0082a3e3a8443997086b4d8
c4997f3c9fcb335ca6df9551439bef19
EMOTET MSHTA DOWNLOAD URLS
http://185.7.214.7/fer/fer.html
EMOTET MSHTA FILE HASHES
fer.html
a845bed85c4a791c39615f5c00b636de
EMOTET PNG (POWERSHELL) FILE DOWNLOAD URLS
http://185.7.214.7/fer/fer.png
EMOTET PNG (POWERSHELL) FILE HASHES
fer.png
02e2ecf64151145f88df52783f971130
EMOTET PAYLOAD DOWNLOAD URLS
http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/
http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/
https://schloss.stainz.at.to-create.eu/cgi-bin/az2rEM5i8hacCiLt/
http://realinvestdeal.com/nonetdh/jENwrgafB7p8NwZ/
https://mall.payarena.com/wp-content/2JioZBV/
https://wordpress03.aftershipdemo.com/hqid/V2LD0vsK5Gg50dHb/
https://pmfotografie.com/oiuxj4n/3C3da27vJBm0cvajeD/
https://lalibertad.apiperu.net.pe/assets/4F/
http://s-lifes.com/2vz3x6/4WsF/
EMOTET PAYLOAD DOWNLOAD DOMAINS
aftershipdemo.com
anbo5288.cc
apiperu.net.pe
payarena.com
pmfotografie.com
realinvestdeal.com
s-lifes.com
to-create.eu
EMOTET PAYLOAD FILE HASHES
1d93df264387b3d67d7ff96b63f71f40
321380dc019516dfff7c977712f3c4cc
a5e26572412ce047fbfa0e190785c505
c53c9b76acfeef512fa181b8a141ba65
c7f0fcd06b6757af2bbb33cc2cfb81c3
EMOTET C2s
http://131.100.24.231:80
http://209.59.138.75:7080
http://103.8.26.103:8080
http://51.38.71.0:443
http://212.237.17.99:8080
http://79.172.212.216:8080
http://207.38.84.195:8080
http://104.168.155.129:8080
http://178.79.147.66:8080
http://46.55.222.11:443
http://103.8.26.102:8080
http://192.254.71.210:443
http://45.176.232.124:443
http://203.114.109.124:443
http://51.68.175.8:8080
http://58.227.42.236:80
http://45.142.114.231:8080
http://217.182.143.207:443
http://178.63.25.185:443
http://45.118.115.99:8080
http://103.75.201.2:443
http://104.251.214.46:8080
http://158.69.222.101:443
http://81.0.236.90:443
http://45.118.135.203:7080
http://176.104.106.96:8080
http://212.237.56.116:7080
http://216.158.226.206:443
http://173.212.193.249:8080
http://50.116.54.215:443
http://138.185.72.26:8080
http://41.76.108.46:8080
http://212.237.5.209:443
http://107.182.225.142:8080
http://195.154.133.20:443
http://162.214.50.39:7080
http://110.232.117.186:8080