34 KiB
Emotet - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 1.186.249.82 | 1.186.249.82.dvois.com | - | High |
2 | 1.226.84.243 | - | - | High |
3 | 1.234.2.232 | - | - | High |
4 | 1.234.21.73 | - | - | High |
5 | 2.47.112.152 | net-2-47-112-152.cust.vodafonedsl.it | - | High |
6 | 2.58.16.86 | - | - | High |
7 | 2.58.16.89 | - | - | High |
8 | 2.82.75.215 | bl21-75-215.dsl.telepac.pt | - | High |
9 | 5.2.84.232 | momos.alastyr.com | - | High |
10 | 5.2.136.90 | static-5-2-136-90.rdsnet.ro | - | High |
11 | 5.2.182.7 | static-5-2-182-7.rdsnet.ro | - | High |
12 | 5.2.212.254 | static-5-2-212-254.rdsnet.ro | - | High |
13 | 5.9.116.246 | static.246.116.9.5.clients.your-server.de | - | High |
14 | 5.9.128.163 | static.163.128.9.5.clients.your-server.de | - | High |
15 | 5.9.189.24 | static.24.189.9.5.clients.your-server.de | - | High |
16 | 5.12.246.155 | 5-12-246-155.residential.rdsnet.ro | - | High |
17 | 5.35.249.46 | rs250366.rs.hosteurope.de | - | High |
18 | 5.39.84.48 | ns3126815.ip-5-39-84.eu | - | High |
19 | 5.39.91.110 | ns3278366.ip-5-39-91.eu | - | High |
20 | 5.79.70.250 | - | - | High |
21 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | - | High |
22 | 5.101.138.188 | uk.mthservers.com | - | High |
23 | 5.159.57.195 | www-riedle.transfermarkt.de | - | High |
24 | 5.196.35.138 | vps10.open-techno.net | - | High |
25 | 5.196.73.150 | ns3000085.ip-5-196-73.eu | - | High |
26 | 5.196.133.206 | pixelfed.hosnet.fr | - | High |
27 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | - | High |
28 | 8.4.9.137 | onlinehorizons.net | - | High |
29 | 8.247.6.134 | - | - | High |
30 | 12.6.148.4 | mail.carters.com | - | High |
31 | 12.6.183.21 | - | - | High |
32 | 12.32.68.154 | mail.sealscoinc.com | - | High |
33 | 12.149.72.170 | - | - | High |
34 | 12.162.84.2 | - | - | High |
35 | 12.163.208.58 | - | - | High |
36 | 12.182.146.226 | - | - | High |
37 | 12.184.217.101 | - | - | High |
38 | 12.222.134.10 | - | - | High |
39 | 12.238.114.130 | - | - | High |
40 | 13.107.21.200 | - | - | High |
41 | 14.49.39.215 | - | - | High |
42 | 17.56.136.171 | p74-smtp.mail.icloud.com | - | High |
43 | 18.209.113.128 | ec2-18-209-113-128.compute-1.amazonaws.com | - | Medium |
44 | 18.211.9.206 | ec2-18-211-9-206.compute-1.amazonaws.com | - | Medium |
45 | 23.5.231.225 | a23-5-231-225.deploy.static.akamaitechnologies.com | - | High |
46 | 23.6.65.194 | a23-6-65-194.deploy.static.akamaitechnologies.com | - | High |
47 | 23.6.69.99 | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High |
48 | 23.36.85.183 | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High |
49 | 23.41.248.194 | a23-41-248-194.deploy.static.akamaitechnologies.com | - | High |
50 | 23.46.53.71 | a23-46-53-71.deploy.static.akamaitechnologies.com | - | High |
51 | 23.52.7.20 | a23-52-7-20.deploy.static.akamaitechnologies.com | - | High |
52 | 23.95.95.18 | 23-95-95-18-host.colocrossing.com | - | High |
53 | 23.199.63.11 | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High |
54 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High |
55 | 23.218.127.164 | a23-218-127-164.deploy.static.akamaitechnologies.com | - | High |
56 | 23.218.141.31 | a23-218-141-31.deploy.static.akamaitechnologies.com | - | High |
57 | 23.221.50.122 | a23-221-50-122.deploy.static.akamaitechnologies.com | - | High |
58 | 23.229.190.0 | ip-23-229-190-0.ip.secureserver.net | - | High |
59 | 23.239.2.11 | li683-11.members.linode.com | - | High |
60 | 23.254.203.51 | hwsrv-779084.hostwindsdns.com | - | High |
61 | 24.40.239.62 | 24-40-239-62.fidnet.com | - | High |
62 | 24.43.99.75 | rrcs-24-43-99-75.west.biz.rr.com | - | High |
63 | 24.101.229.82 | dynamic-acs-24-101-229-82.zoominternet.net | - | High |
64 | 24.116.40.208 | 24-116-40-208.cpe.sparklight.net | - | High |
65 | 24.119.116.230 | 24-119-116-230.cpe.sparklight.net | - | High |
66 | 24.121.176.48 | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High |
67 | 24.137.76.62 | host-24-137-76-62.public.eastlink.ca | - | High |
68 | 24.178.90.49 | 024-178-090-049.res.spectrum.com | - | High |
69 | 24.179.13.119 | 024-179-013-119.res.spectrum.com | - | High |
70 | 24.190.11.79 | ool-18be0b4f.dyn.optonline.net | - | High |
71 | 24.201.79.34 | modemcable034.79-201-24.mc.videotron.ca | - | High |
72 | 24.203.4.40 | modemcable040.4-203-24.mc.videotron.ca | - | High |
73 | 24.217.117.217 | 024-217-117-217.res.spectrum.com | - | High |
74 | 24.232.228.233 | OL233-228.fibertel.com.ar | - | High |
75 | 24.244.177.40 | - | - | High |
76 | 27.50.89.209 | 27-50-89-209.as45671.net | - | High |
77 | 27.78.27.110 | localhost | - | High |
78 | 27.82.13.10 | KD027082013010.ppp-bb.dion.ne.jp | - | High |
79 | 27.109.24.214 | - | - | High |
80 | 27.114.9.93 | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High |
81 | 31.24.158.56 | bm.servidoresdedicados.com | - | High |
82 | 31.167.248.50 | - | - | High |
83 | 31.172.86.183 | - | - | High |
84 | 35.190.87.116 | 116.87.190.35.bc.googleusercontent.com | - | Medium |
85 | 36.91.44.183 | - | - | High |
86 | 37.9.175.14 | 14.175.9.37.in-addr.arpa.websupport.sk | - | High |
87 | 37.46.129.215 | we-too.ru | - | High |
88 | 37.97.135.82 | 37-97-135-82.colo.transip.net | - | High |
89 | 37.120.175.15 | v220220112692175454.nicesrv.de | - | High |
90 | 37.139.21.175 | 37.139.21.175-e2-8080-keep-up | - | High |
91 | 37.179.204.33 | - | - | High |
92 | 37.187.4.178 | ks2.kku.io | - | High |
93 | 37.187.57.57 | ns3357940.ovh.net | - | High |
94 | 37.187.72.193 | ns3362285.ip-37-187-72.eu | - | High |
95 | 37.187.161.206 | toolbox.alabs.io | - | High |
96 | 37.205.9.252 | s1.ithelp24.eu | - | High |
97 | 37.221.70.250 | b2b-customer.inftele.net | - | High |
98 | 40.97.124.18 | - | - | High |
99 | 41.76.108.46 | - | - | High |
100 | 41.169.36.237 | - | - | High |
101 | 41.185.28.84 | brf01-nix01.wadns.net | - | High |
102 | 41.185.29.128 | abp79-nix01.wadns.net | - | High |
103 | 41.204.202.41 | www41.cpt2.host-h.net | - | High |
104 | 41.231.225.139 | - | - | High |
105 | 42.62.40.103 | - | - | High |
106 | 43.229.62.186 | rocket-cheese.bnr.la | - | High |
107 | 45.16.226.117 | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High |
108 | 45.33.35.103 | li985-103.members.linode.com | - | High |
109 | 45.33.77.42 | li1023-42.members.linode.com | - | High |
110 | 45.46.37.97 | cpe-45-46-37-97.maine.res.rr.com | - | High |
111 | 45.55.36.51 | - | - | High |
112 | 45.55.219.163 | - | - | High |
113 | 45.59.204.133 | rrcs-45-59-204-133.west.biz.rr.com | - | High |
114 | 45.79.95.107 | li1194-107.members.linode.com | - | High |
115 | 45.80.148.200 | - | - | High |
116 | 45.118.115.99 | - | - | High |
117 | 45.118.135.203 | 45-118-135-203.ip.linodeusercontent.com | - | High |
118 | 45.142.114.231 | mail.dounutmail.de | - | High |
119 | 45.176.232.124 | - | - | High |
120 | 45.230.45.171 | - | - | High |
121 | 46.4.100.178 | support.wizard-shopservice.de | - | High |
122 | 46.4.192.185 | static.185.192.4.46.clients.your-server.de | - | High |
123 | 46.28.111.142 | enkindu.jsuchy.net | - | High |
124 | 46.30.213.132 | - | - | High |
125 | 46.32.229.152 | 094882.vps-10.com | - | High |
126 | 46.32.233.226 | yetitoolusa.com | - | High |
127 | 46.38.238.8 | v2202109122001163131.happysrv.de | - | High |
128 | 46.43.2.95 | chris.default.cjenkinson.uk0.bigv.io | - | High |
129 | 46.55.222.11 | - | - | High |
130 | 46.101.58.37 | 46.101.58.37-e1-8080 | - | High |
131 | 46.105.81.76 | myu0.cylipo.sbs | - | High |
132 | 46.105.114.137 | ns3188253.ip-46-105-114.eu | - | High |
133 | 46.105.131.68 | http.adven.fr | - | High |
134 | 46.105.131.69 | epouventaille.adven.fr | - | High |
135 | 46.105.131.79 | relay.adven.fr | - | High |
136 | 46.105.131.87 | pop.adven.fr | - | High |
137 | 46.105.236.18 | - | - | High |
138 | 46.165.212.76 | - | - | High |
139 | 46.165.254.206 | - | - | High |
140 | 46.214.107.142 | 46-214-107-142.next-gen.ro | - | High |
141 | 47.36.140.164 | 047-036-140-164.res.spectrum.com | - | High |
142 | 47.52.19.221 | - | - | High |
143 | 47.146.39.147 | - | - | High |
144 | 47.150.11.161 | - | - | High |
145 | 47.188.131.94 | - | - | High |
146 | 47.201.208.154 | - | - | High |
147 | 47.246.24.225 | - | - | High |
148 | 47.246.24.226 | - | - | High |
149 | 47.246.24.230 | - | - | High |
150 | 47.246.24.232 | - | - | High |
151 | 49.12.121.47 | filezilla-project.org | - | High |
152 | 49.50.209.131 | 131.host-49-50-209.euba.megatel.co.nz | - | High |
153 | 49.212.135.76 | os3-321-50322.vs.sakura.ne.jp | - | High |
154 | 49.212.155.94 | os3-325-52340.vs.sakura.ne.jp | - | High |
155 | 50.23.248.182 | b6.f8.1732.ip4.static.sl-reverse.com | - | High |
156 | 50.28.51.143 | - | - | High |
157 | 50.30.40.196 | usve255301.serverprofi24.com | - | High |
158 | 50.31.146.101 | mail.brillinjurylaw.com | - | High |
159 | 50.56.135.44 | - | - | High |
160 | 50.62.176.42 | p3plcpnl0515.prod.phx3.secureserver.net | - | High |
161 | 50.62.176.244 | p3plcpnl0728.prod.phx3.secureserver.net | - | High |
162 | 50.62.194.30 | ip-50-62-194-30.ip.secureserver.net | - | High |
163 | 50.78.167.65 | millcreek.cc | - | High |
164 | 50.87.59.65 | 50-87-59-65.unifiedlayer.com | - | High |
165 | 50.87.144.137 | gator3103.hostgator.com | - | High |
166 | 50.87.144.197 | gator3161.hostgator.com | - | High |
167 | 50.87.150.177 | 50-87-150-177.unifiedlayer.com | - | High |
168 | 50.91.114.38 | 050-091-114-038.res.spectrum.com | - | High |
169 | 50.92.101.60 | d50-92-101-60.bchsia.telus.net | - | High |
170 | 50.116.54.215 | li440-215.members.linode.com | - | High |
171 | 50.116.78.109 | intersearchmedia.com | - | High |
172 | 50.245.107.73 | 50-245-107-73-static.hfc.comcastbusiness.net | - | High |
173 | 51.15.4.22 | 51-15-4-22.rev.poneytelecom.eu | - | High |
174 | 51.15.7.145 | 51-15-7-145.rev.poneytelecom.eu | - | High |
175 | 51.38.201.19 | ip19.ip-51-38-201.eu | - | High |
176 | 51.75.33.120 | ip120.ip-51-75-33.eu | - | High |
177 | 51.75.33.127 | ip127.ip-51-75-33.eu | - | High |
178 | 51.89.36.180 | ip180.ip-51-89-36.eu | - | High |
179 | 51.89.199.141 | ip141.ip-51-89-199.eu | - | High |
180 | 51.91.7.5 | ns3147667.ip-51-91-7.eu | - | High |
181 | 51.91.76.89 | 89.ip-51-91-76.eu | - | High |
182 | 51.159.23.217 | jambold.co.uk | - | High |
183 | 51.159.35.157 | 51-159-35-157.rev.poneytelecom.eu | - | High |
184 | 51.254.140.238 | 238.ip-51-254-140.eu | - | High |
185 | 51.255.50.164 | vps-b6cfe010.vps.ovh.net | - | High |
186 | 51.255.165.160 | 160.ip-51-255-165.eu | - | High |
187 | 52.31.99.185 | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium |
188 | 52.66.202.63 | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium |
189 | 52.96.38.82 | - | - | High |
190 | 54.38.143.245 | tools.inovato.me | - | High |
191 | 58.27.215.3 | 58-27-215-3.wateen.net | - | High |
192 | 58.94.58.13 | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High |
193 | 58.216.16.130 | - | - | High |
194 | 58.227.42.236 | - | - | High |
195 | 59.124.1.19 | 59-124-1-19.hinet-ip.hinet.net | - | High |
196 | 59.148.253.194 | 059148253194.ctinets.com | - | High |
197 | 59.152.93.46 | 46.93.152.59.zipnetltd.com | - | High |
198 | 60.93.23.51 | softbank060093023051.bbtec.net | - | High |
199 | 60.108.128.186 | softbank060108128186.bbtec.net | - | High |
200 | 60.125.114.64 | softbank060125114064.bbtec.net | - | High |
201 | 60.249.78.226 | 60-249-78-226.hinet-ip.hinet.net | - | High |
202 | 61.19.246.238 | - | - | High |
203 | 62.30.7.67 | 67.7-30-62.static.virginmediabusiness.co.uk | - | High |
204 | 62.75.141.82 | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High |
205 | 62.84.75.50 | mail.saadegrp.com.lb | - | High |
206 | 62.171.142.179 | vmi499457.contaboserver.net | - | High |
207 | 62.210.127.136 | 62-210-127-136.rev.poneytelecom.eu | - | High |
208 | 62.212.34.102 | - | - | High |
209 | 64.4.244.68 | - | - | High |
210 | 64.26.60.221 | pop5.csee.onr.siteprotect.com | - | High |
211 | 64.59.136.142 | mail.shaw.ca | - | High |
212 | 64.60.82.82 | 64-60-82-82.static-ip.telepacific.net | - | High |
213 | 64.71.36.11 | - | - | High |
214 | 64.85.73.16 | - | - | High |
215 | 64.90.62.162 | pop.dreamhost.com | - | High |
216 | 64.91.228.45 | - | - | High |
217 | 64.98.36.5 | mail.b.hostedemail.com | - | High |
218 | 64.190.63.136 | - | - | High |
219 | 64.207.182.168 | - | - | High |
220 | 64.250.117.68 | smtp.movistarcloud.com.ve | - | High |
221 | 65.49.60.163 | 65-49-60-163.ip.linodeusercontent.com | - | High |
222 | 65.55.72.183 | origin.sn134w.snt134.mail.live.com | - | High |
223 | 65.182.102.90 | mail.geantes.com | - | High |
224 | 65.254.228.100 | customer.hostcentric.com | - | High |
225 | 66.23.200.58 | - | - | High |
226 | 66.50.57.73 | 66-50-57-73.prtc.net | - | High |
227 | 66.54.51.172 | - | - | High |
228 | 66.71.241.102 | mail.nixhost.net | - | High |
229 | 66.76.26.33 | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High |
230 | 66.96.134.1 | 1.134.96.66.static.eigbox.net | - | High |
231 | 66.96.147.103 | 103.147.96.66.static.eigbox.net | - | High |
232 | 66.96.147.110 | 110.147.96.66.static.eigbox.net | - | High |
233 | 66.195.202.115 | mail.navarac.com | - | High |
234 | 66.209.69.165 | - | - | High |
235 | 66.216.234.131 | 066-216-234-131.res.spectrum.com | - | High |
236 | 66.220.110.56 | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High |
237 | 66.228.32.31 | li282-31.members.linode.com | - | High |
238 | 66.228.45.129 | li326-129.members.linode.com | - | High |
239 | 66.228.61.248 | li318-248.members.linode.com | - | High |
240 | 67.19.105.107 | ns2.datatrust.com.br | - | High |
241 | 67.68.235.25 | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High |
242 | 67.170.250.203 | c-67-170-250-203.hsd1.ca.comcast.net | - | High |
243 | 67.177.71.77 | c-67-177-71-77.hsd1.al.comcast.net | - | High |
244 | 67.195.197.75 | p9ats-i.geo.vip.bf1.yahoo.com | - | High |
245 | 67.195.228.95 | unknown.yahoo.com | - | High |
246 | 67.216.131.134 | 134.131.216.67.134.static.hargray.net | - | High |
247 | 67.222.2.148 | - | - | High |
248 | 67.225.218.50 | lb01.parklogic.com | - | High |
249 | 67.225.221.173 | host.hddpool2.net | - | High |
250 | 67.241.81.253 | cpe-67-241-81-253.twcny.res.rr.com | - | High |
251 | 68.2.97.91 | ip68-2-97-91.ph.ph.cox.net | - | High |
252 | 68.66.194.12 | 68.66.194.12.static.a2webhosting.com | - | High |
253 | 68.178.213.203 | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High |
254 | 68.183.170.114 | 68.183.170.114-e1-8080-keep-up | - | High |
255 | 68.183.190.199 | 68.183.190.199-e1-8080-keep-up | - | High |
256 | 69.16.228.14 | kurt.duplika.com | - | High |
257 | 69.17.170.58 | unallocated-static.rogers.com | - | High |
258 | 69.43.168.200 | ns0.imunplugged.com | - | High |
259 | 69.43.168.232 | - | - | High |
260 | 69.45.19.251 | coastinet.com | - | High |
261 | 69.61.0.198 | alpha01.serverparlor.net | - | High |
262 | 69.147.92.11 | e1.ycpi.vip.dca.yahoo.com | - | High |
263 | 69.147.92.12 | e2.ycpi.vip.dca.yahoo.com | - | High |
264 | 69.156.240.33 | smtp.transportalliance.ca | - | High |
265 | 69.163.33.82 | - | - | High |
266 | 69.167.152.111 | - | - | High |
267 | 69.168.106.36 | mail.windstream.syn-alias.com | - | High |
268 | 69.175.31.212 | 212.31.175.69.unassigned.ord.singlehop.net | - | High |
269 | 69.198.17.20 | 69-198-17-20.customerip.birch.net | - | High |
270 | 69.198.17.49 | 69-198-17-49.customerip.birch.net | - | High |
271 | 70.32.84.74 | - | - | High |
272 | 70.32.89.105 | parties-at-sea.com | - | High |
273 | 70.32.92.133 | popdesigngroup.com | - | High |
274 | 70.32.115.157 | harpotripofalifetime.com | - | High |
275 | 70.36.102.35 | - | - | High |
276 | 70.45.30.28 | dynamic.libertypr.net | - | High |
277 | 70.168.7.6 | wsip-70-168-7-6.ri.ri.cox.net | - | High |
278 | 70.182.77.184 | wsip-70-182-77-184.ok.ok.cox.net | - | High |
279 | 70.183.113.54 | wsip-70-183-113-54.no.no.cox.net | - | High |
280 | 70.184.86.103 | wsip-70-184-86-103.ph.ph.cox.net | - | High |
281 | 70.184.125.132 | wsip-70-184-125-132.ph.ph.cox.net | - | High |
282 | 71.8.1.188 | 071-008-001-188.res.spectrum.com | - | High |
283 | ... | ... | ... | ... |
There are 1126 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High |
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High |
4 | ... | ... | ... | ... |
There are 3 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /admin.php?id=posts&action=display&value=1&postid= |
High |
2 | File | /admin.php?id=siteoptions&social=display&value=0&sid=2 |
High |
3 | File | /admin.php?id=siteoptions&social=edit&sid=2 |
High |
4 | File | /admin/inbox.php&action=delete |
High |
5 | File | /admin/inbox.php&action=read |
High |
6 | File | /admin/pagerole.php&action=display&value=1 |
High |
7 | File | /admin/pagerole.php&action=edit |
High |
8 | File | /admin/posts.php |
High |
9 | File | /admin/posts.php&action=delete |
High |
10 | File | /admin/posts.php&action=edit |
High |
11 | File | /admin/siteoptions.php&action=displaygoal&value=1&roleid=1 |
High |
12 | File | /admin/siteoptions.php&social=remove&sid=2 |
High |
13 | File | /admin/uesrs.php&&action=delete&userid=4 |
High |
14 | ... | ... | ... |
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
- https://blog.talosintelligence.com/2018/07/threat-roundup-0720-0727.html
- https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
- https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
- https://blog.talosintelligence.com/2018/12/threat-roundup-1130-1207.html
- https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html
- https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html
- https://blog.talosintelligence.com/2019/01/threat-roundup-0118-0125.html
- https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html
- https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0419-to-0426.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0517-0524.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
- https://blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html
- https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0723-0730.html
- https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
- https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
- https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
- https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
- https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
- https://blog.talosintelligence.com/2022/03/threat-roundup-0225-0304.html
- https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
- https://blogs.blackberry.com/en/2017/12/threat-spotlight-emotet-infostealer-malware
- https://blogs.cisco.com/security/emotet-is-back
- https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
- https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
- https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_24.03.2022.txt
- https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
- https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
- https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
- https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
- https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
- https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
- https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
- https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
- https://lawiet47.github.io/malware_writeups/Emotet/
- https://pastebin.com/gT80R12S
- https://pastebin.com/uPn1zM6b
- https://unit42.paloaltonetworks.com/emotet-command-and-control/
- https://www.cert.pl/en/posts/2017/05/analysis-of-emotet-v4/
- https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!