Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Emotet/README.md

13 KiB
Raw Blame History

Emotet - Cyber Threat Intelligence

These indicators were collected during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model is able to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

  • VN
  • CN
  • US
  • ...

There are 1 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Campaign Confidence
1 1.186.249.82 1.186.249.82.dvois.com - High
2 1.226.84.243 - - High
3 2.58.16.86 - - High
4 2.58.16.89 - - High
5 2.82.75.215 bl21-75-215.dsl.telepac.pt - High
6 5.2.84.232 momos.alastyr.com - High
7 5.2.136.90 static-5-2-136-90.rdsnet.ro - High
8 5.2.182.7 static-5-2-182-7.rdsnet.ro - High
9 5.2.212.254 static-5-2-212-254.rdsnet.ro - High
10 5.9.189.24 static.24.189.9.5.clients.your-server.de - High
11 5.12.246.155 5-12-246-155.residential.rdsnet.ro - High
12 5.35.249.46 rs250366.rs.hosteurope.de - High
13 5.39.91.110 ns3278366.ip-5-39-91.eu - High
14 5.79.70.250 - - High
15 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it - High
16 5.159.57.195 www-riedle.transfermarkt.de - High
17 5.196.35.138 vps10.open-techno.net - High
18 5.230.193.41 casagarcia-web.sys.netzfabrik.eu - High
19 8.4.9.137 onlinehorizons.net - High
20 8.247.6.134 - - High
21 12.32.68.154 mail.sealscoinc.com - High
22 12.149.72.170 - - High
23 12.162.84.2 - - High
24 12.163.208.58 - - High
25 12.182.146.226 - - High
26 12.184.217.101 - - High
27 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com - High
28 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com - High
29 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
30 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com - High
31 23.239.2.11 li683-11.members.linode.com - High
32 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com - High
33 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net - High
34 24.119.116.230 24-119-116-230.cpe.sparklight.net - High
35 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net - High
36 24.137.76.62 host-24-137-76-62.public.eastlink.ca - High
37 24.178.90.49 024-178-090-049.res.spectrum.com - High
38 24.179.13.119 024-179-013-119.res.spectrum.com - High
39 24.217.117.217 024-217-117-217.res.spectrum.com - High
40 24.232.228.233 OL233-228.fibertel.com.ar - High
41 24.244.177.40 - - High
42 27.78.27.110 localhost - High
43 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp - High
44 27.109.24.214 - - High
45 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp - High
46 36.91.44.183 - - High
47 37.46.129.215 we-too.ru - High
48 37.97.135.82 37-97-135-82.colo.transip.net - High
49 37.139.21.175 37.139.21.175-e2-8080-keep-up - High
50 37.179.204.33 - - High
51 37.187.4.178 ks2.kku.io - High
52 37.187.57.57 ns3357940.ovh.net - High
53 37.187.72.193 ns3362285.ip-37-187-72.eu - High
54 37.187.161.206 toolbox.alabs.io - High
55 37.205.9.252 s1.ithelp24.eu - High
56 37.221.70.250 b2b-customer.inftele.net - High
57 41.76.108.46 - - High
58 41.169.36.237 - - High
59 41.185.28.84 brf01-nix01.wadns.net - High
60 41.185.29.128 abp79-nix01.wadns.net - High
61 41.231.225.139 - - High
62 42.62.40.103 - - High
63 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net - High
64 45.33.77.42 li1023-42.members.linode.com - High
65 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com - High
66 45.55.36.51 - - High
67 45.55.219.163 - - High
68 45.79.95.107 li1194-107.members.linode.com - High
69 45.80.148.200 - - High
70 45.118.115.99 - - High
71 45.118.135.203 45-118-135-203.ip.linodeusercontent.com - High
72 45.142.114.231 mail.dounutmail.de - High
73 45.230.45.171 - - High
74 46.4.100.178 support.wizard-shopservice.de - High
75 46.4.192.185 static.185.192.4.46.clients.your-server.de - High
76 46.28.111.142 enkindu.jsuchy.net - High
77 46.32.229.152 094882.vps-10.com - High
78 46.32.233.226 yetitoolusa.com - High
79 46.38.238.8 v2202109122001163131.happysrv.de - High
80 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io - High
81 46.55.222.11 - - High
82 46.101.58.37 46.101.58.37-e1-8080 - High
83 46.105.81.76 myu0.cylipo.sbs - High
84 46.105.114.137 ns3188253.ip-46-105-114.eu - High
85 46.105.131.68 http.adven.fr - High
86 46.105.131.79 relay.adven.fr - High
87 46.105.131.87 pop.adven.fr - High
88 46.105.236.18 - - High
89 46.165.254.206 - - High
90 46.214.107.142 46-214-107-142.next-gen.ro - High
91 47.36.140.164 047-036-140-164.res.spectrum.com - High
92 47.146.39.147 - - High
93 47.188.131.94 - - High
94 49.12.121.47 filezilla-project.org - High
95 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz - High
96 49.212.135.76 os3-321-50322.vs.sakura.ne.jp - High
97 49.212.155.94 os3-325-52340.vs.sakura.ne.jp - High
98 50.28.51.143 - - High
99 50.31.146.101 mail.brillinjurylaw.com - High
100 50.56.135.44 - - High
101 50.91.114.38 050-091-114-038.res.spectrum.com - High
102 50.116.78.109 intersearchmedia.com - High
103 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net - High
104 51.15.4.22 51-15-4-22.rev.poneytelecom.eu - High
105 51.15.7.145 51-15-7-145.rev.poneytelecom.eu - High
106 51.75.33.127 ip127.ip-51-75-33.eu - High
107 51.89.36.180 ip180.ip-51-89-36.eu - High
108 51.89.199.141 ip141.ip-51-89-199.eu - High
109 51.255.165.160 160.ip-51-255-165.eu - High
110 54.38.143.245 tools.inovato.me - High
111 58.27.215.3 58-27-215-3.wateen.net - High
112 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp - High
113 58.227.42.236 - - High
114 59.148.253.194 059148253194.ctinets.com - High
115 60.93.23.51 softbank060093023051.bbtec.net - High
116 60.108.128.186 softbank060108128186.bbtec.net - High
117 60.125.114.64 softbank060125114064.bbtec.net - High
118 60.249.78.226 60-249-78-226.hinet-ip.hinet.net - High
119 61.19.246.238 - - High
120 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk - High
121 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com - High
122 62.84.75.50 mail.saadegrp.com.lb - High
123 62.171.142.179 vmi499457.contaboserver.net - High
124 62.212.34.102 - - High
125 64.207.182.168 - - High
126 66.54.51.172 - - High
127 66.76.26.33 66-76-26-33.hdsncmta01.com.sta.suddenlink.net - High
128 66.228.61.248 li318-248.members.linode.com - High
129 67.19.105.107 ns2.datatrust.com.br - High
130 67.170.250.203 c-67-170-250-203.hsd1.ca.comcast.net - High
131 68.2.97.91 ip68-2-97-91.ph.ph.cox.net - High
132 68.183.170.114 68.183.170.114-e1-8080-keep-up - High
133 68.183.190.199 68.183.190.199-e1-8080-keep-up - High
134 69.17.170.58 unallocated-static.rogers.com - High
135 69.43.168.200 ns0.imunplugged.com - High
136 69.45.19.251 coastinet.com - High
137 69.167.152.111 - - High
138 70.32.84.74 - - High
139 70.32.89.105 parties-at-sea.com - High
140 70.32.92.133 popdesigngroup.com - High
141 70.32.115.157 harpotripofalifetime.com - High
142 70.168.7.6 wsip-70-168-7-6.ri.ri.cox.net - High
143 70.182.77.184 wsip-70-182-77-184.ok.ok.cox.net - High
144 70.184.125.132 wsip-70-184-125-132.ph.ph.cox.net - High
145 71.15.245.148 071-015-245-148.res.spectrum.com - High
146 71.197.211.156 c-71-197-211-156.hsd1.wa.comcast.net - High
147 71.244.60.231 static-71-244-60-231.dllstx.fios.frontiernet.net - High
148 72.10.49.117 rtw7-rfpn.accessdomain.com - High
149 72.18.204.17 lasvegas-nv-datacenter.com - High
150 72.45.212.62 nyinstituteofmassage.com - High
151 72.186.136.247 072-186-136-247.biz.spectrum.com - High
152 73.8.195.237 c-73-8-195-237.hsd1.il.comcast.net - High
153 ... ... ... ...

There are 606 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79 Cross Site Scripting High
2 T1068 CWE-264, CWE-284 Execution with Unnecessary Privileges High
3 T1110.001 CWE-798 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ... ...

There are 7 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /appliance/users?action=edit High
2 File /CMD_ACCOUNT_ADMIN High
3 File /context/%2e/WEB-INF/web.xml High
4 File /horde/util/go.php High
5 File /jeecg-boot/sys/user/queryUserByDepId High
6 File /js/js-parser.c High
7 File /MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users High
8 File /ms/cms/content/list.do High
9 File /ms/file/uploadTemplate.do High
10 File /ping.html Medium
11 File /SASWebReportStudio/logonAndRender.do High
12 File /sys/user/queryUserComponentData High
13 ... ... ...

There are 104 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!