/
2022-03-01 Emotet (E4) IOCs
257 lines (245 loc) · 6.39 KB
/
2022-03-01 Emotet (E4) IOCs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
THREAT IDENTIFICATION: EMOTET (E4)
SUBJECTS OBSERVED
All subjects were from previously stolen email threads.
SENDERS OBSERVED
a-hayashi@mt-kambe.co.jp
abashiri-prison-sud68mx@kangoku.jp
abdullah.ameen@jindalx.com
accounts@hondamargalla.com
assist@assist-pro.co.jp
atsebrf.upw@aerialtelecom.in
bhushan.pawar@akshar-group.com
btv1==0599fef3434==rasib.babo@cfvl.com.bd
carancibia@prodeso.org.ar
chealou.luardo@heandsons.com
ctannous@samextg.com
customerservice@seetoffice.com
dai.sato@taihei-bs.co.jp
daisof005@lake.ocn.ne.jp
denki1@abukyu.co.jp
design@suzuki-civildesign.co.jp
do-waki.p.2882@mbr.nifty.com
doi@shinko-grp.com
e-kouzai@me-kambe.co.jp
fakture3@magyarszo.rs
finance@sfingredients.lk
front@beaver-118.com
fujita@kouga-log.com
fukagawa@kyokuto.com
funabuse@alpha.ocn.ne.jp
fusae.tamaoki@ntm.co.jp
ga-pro@greenarts.co.jp
h-fukusima@isuzutoryou.co.jp
h-shimazaki@fukamatsugumi.com
hansa.qc@marumo.co.id
hello-kitaosaka363093@ss-hello.co.jp
hiromoto-hatanaka@yuzawaya.co.jp
hobara@axel.ocn.ne.jp
horikoshi@sanshin-kg.co.jp
hotline@hinocemaco.co.id
id-teks.co.ltd@orion.ocn.ne.jp
indeed_0000@assertive.co.jp
induka.takayuki@ks-kobayashi.co.jp
info@asamiseika.com
info@hyk-hs.com
info@makichie-online.jp
info@nisshin-fs.com
info@oguni-beef.jp
info@port-emotion.co.jp
info@sarueglass.com
info@toasu-shop.jp
info@toyomic.jp
infosub@jbs-inc.jp
ishidou@kk-kanzaki.jp
it@mailscaleway4.hotvpn.io
j.okamoto@hamaguchi.co.jp
jaydeep@dishaenterprises.net.in
k-hayashi@netraise.jp
k-narumi@inugai.co.jp
k.kato@litera-properties.com
k.ogawa@marusan-setsubi.com
kanto@tanakakogyo-net.co.jp
khj@cig-ins.co.jp
kokado@kana-sg.co.jp
kqkxy562@ybb.ne.jp
kubo@sansohome.jp
kusano@cl-gp.co.jp
logeshkumar@teleindianetworks.com
logistic4w@excel-wheels.com
m.kakuta@sakura-sohgyo.co.jp
m.machida@kkmitani.co.jp
m.minowa@shimuraseiki.co.jp
m_okahashi@okahashi-co.co.jp
maruhira-2@po.minc.ne.jp
miwa@atalacia.com
miyazato@nakamura-k.com
motoi@kyowagousei.co.jp
muhammad.zubair@fsel.com.pk
muramoto@keieskei.jp
n-ikarashi@yaoko-net.com
nobeoka@inaolease.co.jp
nobumoto-hatanaka@yuzawaya.co.jp
nukanaisho1@makubetsu.jp
ogata@ogatatosou.com
oishi@daiichibousai.co.jp
okada@okuyamapb.com
ooishi@souken-net.com
osawa@chibayogyo.co.jp
otoiawase@daiwakougyo.jp
otoiawase@meishikojo.co.jp
oyoshi@aiu-s.com
part.analyst@nusantara-group.com
portalsite-bas@wellhome-gr.co.jp
r.komiyama@shimi-jyu.com
recruit@b-it.co.jp
rirumi@k-nishitaku.co.jp
roberto.c@iterdiruggeri.it
rumbidzaig@crocoholdings.co.zw
s-hatogai@kinds-sh.co.jp
s-kenta@andodenkikogyo.co.jp
s_hashimoto@heisei-rc.jp
sakai@ryoko-sakai-1979.jp
sangita.shrestha@unitedinsurance.com.np
shigeo@isk-shakyo.or.jp
shigeru2@crocus.ocn.ne.jp
shivani.g@nityo.com
shizuko@tsukuda-japan.co.jp
sohhehhudin@itservice.co.id
soumu-110@satsuben.or.jp
soumu@frontier-japan.co.jp
srs0=boep/p=tm=guyoil.gy=ahosein@eigbox.net
st-touhoku@iemamori.co.jp
sunny@scisi.com
suzuki@cousyun.co.jp
t-ogawa@majma.co.jp
t-sakaguchi@bandosetsubi.jp
t-ueda@funasho-group.co.jp
t.imai@omiya-swimming.co.jp
t.tsukamoto@benkan.co.jp
tarou@more2.net
tasukaru@koriyamaunso.jp
tatsuzin@godoh.co.jp
tender@arkush.ua
togo@airin.co.jp
tsubasa@medicaline.co.jp
tsukahara@ballistics.jp
tsushima_geo@mb.takenet.or.jp
tsuyoshi_watanabe@tanoi-mfg.co.jp
udo@gahouse.jp
uejo@uejo.co.jp
ujwal.pandit@ajodinsurance.com
umezawa@wantai.co.jp
urabe@mar.email.ne.jp
urano@hilogik.jp
vthirumalareddy@sageitinc.net
watase@plusm.life
xuanvu@jesco.co.jp
y-hotta@mt-kambe.co.jp
y-miyajima@jotaki.co.jp
y-takami@mt-kambe.co.jp
y.takenaka@hokkonkenzai.com
yamamoto@lifereliance.co.jp
yanee_s@kgp.co.th
yoshi@syouryu.co.jp
yoshida@bac-up.co.jp
yusuf@4kengineering.com
zonayed@gtssbd.com
ZIP FILE HASHES
0467d02ad5dfcc0ffff9d0d4259d5a24
334f66dd7b2b7312d98eadf89b0f9056
46f53787bae768877a786b7334e1d70c
XLSM MALDOC FILE HASHES
0266a3414c0c477bd7790cb703638a6e
0b9996f55f6aea09c367b710c21d19d2
18b662f3570e42d6725a34d31478c252
355ab8176c22fd42e221e48338509b1a
355e5868f4f656d61de19c49a0aad68a
3bfd9c3802adec95e886dd86175f67c4
5945202500412e765cf7dee8abfa010e
64f4e668c63fefee2abc13a199042a01
689c652f185094507807b3a5574ca3ea
EMOTET PAYLOAD DOWNLOAD URLS
http://diacrestgroup.com/ggv3rjy/9/
https://merturku.com/blogs/IFcif/
https://tugbagoncaguzellik.com/odwxblu/hRhyIiTr7M8/
https://winnieswondersaviary.com/wp-content/GfGvSMj6HihGNZZa9T/
https://mayatherm.com/vendor/3Vk/
https://dbmtechnologies.ca/wp-content/oZE7jRqRoPg7zVVW9/
https://queaventurasathya.com/licenses/r903sDTMHYLyn8ykMU/
https://escuelageneraljosedesanmartin.com/tmp/5vJR7J/
https://indianbusinessclub.org/wtzrlyx/Nfisb7Le5JH/
https://cartelac.pt/wp-includes/VJMcayYWquGgVAGa/
https://axial-ing.fr/old/98WgLPFy5u2Xf/
https://luape.es/wp-admin/moJpURVz/
EMOTET PAYLOAD DOWNLOAD DOMAINS
axial-ing.fr
cartelac.pt
dbmtechnologies.ca
diacrestgroup.com
escuelageneraljosedesanmartin.com
indianbusinessclub.org
luape.es
mayatherm.com
merturku.com
queaventurasathya.com
tugbagoncaguzellik.com
winnieswondersaviary.com
EMOTET PAYLOAD FILE HASHES
05c0cefd047b9c7f1d7c9f5d66ca473e
3a02b5d9d36fabdb3c7f4e10c83ca77f
5fc5905ece761ae19c5d4d93115a99ad
92e46e237190d9786b96c455a7c3928f
97816bb8f2434e071935873e98991d39
99f59e6f3fa993ba594a3d7077cc884d
ceb94e703b9c7d7448f4ebfa40fd8ff8
e70d0c4fc33f950196f1ae76cfc07ff1
fa6b4363f6e3c558dafb929eb9955677
ffac1a345316add717122dd7dadbb756
EMOTET C2s
http://209.15.236.39:8080
http://162.244.80.68:443
http://195.154.253.60:8080
http://31.24.158.56:8080
http://209.126.98.206:8080
http://45.142.114.231:8080
http://159.8.59.82:8080
http://159.65.88.10:8080
http://82.165.152.127:8080
http://1.234.2.232:8080
http://178.79.147.66:8080
http://103.75.201.4:443
http://131.100.24.231:80
http://129.232.188.93:443
http://173.212.193.249:8080
http://107.182.225.142:8080
http://103.134.85.85:80
http://176.104.106.96:8080
http://203.114.109.124:443
http://216.158.226.206:443
http://119.235.255.201:8080
http://103.75.201.2:443
http://176.56.128.118:443
http://195.154.133.20:443
http://51.254.140.238:7080
http://45.118.115.99:8080
http://212.237.56.116:7080
http://138.185.72.26:8080
http://158.69.222.101:443
http://46.55.222.11:443
http://79.172.212.216:8080
http://81.0.236.90:443
http://110.232.117.186:8080
http://50.30.40.196:8080
http://185.157.82.211:8080
http://162.243.175.63:443
http://178.128.83.165:80
http://153.126.203.229:8080
http://50.116.54.215:443
http://45.176.232.124:443
http://164.68.99.3:8080
http://207.38.84.195:8080
http://217.182.143.207:443
http://212.24.98.99:8080
http://45.118.135.203:7080
http://58.227.42.236:80
http://212.237.17.99:8080