Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Emotet/README.md

46 KiB
Raw Blame History

Emotet - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

There are 9 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Campaign Confidence
1 1.186.249.82 1.186.249.82.dvois.com - High
2 1.226.84.243 - - High
3 1.234.2.232 - - High
4 1.234.21.73 - - High
5 2.47.112.152 net-2-47-112-152.cust.vodafonedsl.it - High
6 2.58.16.86 - - High
7 2.58.16.89 - - High
8 2.82.75.215 bl21-75-215.dsl.telepac.pt - High
9 5.2.75.167 coms.a9v34.com.cn - High
10 5.2.84.232 momos.alastyr.com - High
11 5.2.136.90 static-5-2-136-90.rdsnet.ro - High
12 5.2.182.7 static-5-2-182-7.rdsnet.ro - High
13 5.2.212.254 static-5-2-212-254.rdsnet.ro - High
14 5.9.49.12 static.12.49.9.5.clients.your-server.de - High
15 5.9.116.246 static.246.116.9.5.clients.your-server.de - High
16 5.9.128.163 static.163.128.9.5.clients.your-server.de - High
17 5.9.189.24 static.24.189.9.5.clients.your-server.de - High
18 5.12.246.155 5-12-246-155.residential.rdsnet.ro - High
19 5.35.249.46 rs250366.rs.hosteurope.de - High
20 5.39.69.166 ns340204.ip-5-39-69.eu - High
21 5.39.84.48 ns3126815.ip-5-39-84.eu - High
22 5.39.91.110 ns3278366.ip-5-39-91.eu - High
23 5.45.108.146 cosmo.jumpingcrab.com - High
24 5.56.56.146 sites1.tucomunidad.cloud - High
25 5.79.70.250 - - High
26 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it - High
27 5.101.138.188 uk.mthservers.com - High
28 5.159.57.195 www-riedle.transfermarkt.de - High
29 5.196.35.138 vps10.open-techno.net - High
30 5.196.73.150 ns3000085.ip-5-196-73.eu - High
31 5.196.133.206 pixelfed.hosnet.fr - High
32 5.230.193.41 casagarcia-web.sys.netzfabrik.eu - High
33 8.4.9.137 onlinehorizons.net - High
34 8.247.6.134 - - High
35 8.248.153.254 - - High
36 8.248.163.254 - - High
37 8.249.219.254 - - High
38 8.249.241.254 - - High
39 8.253.45.214 - - High
40 8.253.131.121 - - High
41 12.6.148.4 mail.carters.com - High
42 12.6.183.21 - - High
43 12.32.68.154 mail.sealscoinc.com - High
44 12.149.72.170 - - High
45 12.162.84.2 - - High
46 12.163.208.58 - - High
47 12.182.146.226 - - High
48 12.184.217.101 - - High
49 12.222.134.10 - - High
50 12.238.114.130 - - High
51 13.107.21.200 - - High
52 14.49.39.215 - - High
53 17.36.205.74 - - High
54 17.56.136.171 p74-smtp.mail.icloud.com - High
55 18.209.113.128 ec2-18-209-113-128.compute-1.amazonaws.com - Medium
56 18.211.9.206 ec2-18-211-9-206.compute-1.amazonaws.com - Medium
57 18.217.99.164 ec2-18-217-99-164.us-east-2.compute.amazonaws.com - Medium
58 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
59 23.3.13.146 a23-3-13-146.deploy.static.akamaitechnologies.com - High
60 23.3.13.153 a23-3-13-153.deploy.static.akamaitechnologies.com - High
61 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
62 23.5.231.225 a23-5-231-225.deploy.static.akamaitechnologies.com - High
63 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com - High
64 23.6.69.99 a23-6-69-99.deploy.static.akamaitechnologies.com - High
65 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com - High
66 23.41.248.194 a23-41-248-194.deploy.static.akamaitechnologies.com - High
67 23.46.53.71 a23-46-53-71.deploy.static.akamaitechnologies.com - High
68 23.46.238.193 a23-46-238-193.deploy.static.akamaitechnologies.com - High
69 23.46.238.194 a23-46-238-194.deploy.static.akamaitechnologies.com - High
70 23.46.238.232 a23-46-238-232.deploy.static.akamaitechnologies.com - High
71 23.52.7.20 a23-52-7-20.deploy.static.akamaitechnologies.com - High
72 23.67.200.172 a23-67-200-172.deploy.static.akamaitechnologies.com - High
73 23.67.202.10 a23-67-202-10.deploy.static.akamaitechnologies.com - High
74 23.95.95.18 23-95-95-18-host.colocrossing.com - High
75 23.111.156.118 23-111-156-118.static.hvvc.us - High
76 23.197.19.180 a23-197-19-180.deploy.static.akamaitechnologies.com - High
77 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
78 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com - High
79 23.218.127.164 a23-218-127-164.deploy.static.akamaitechnologies.com - High
80 23.218.141.31 a23-218-141-31.deploy.static.akamaitechnologies.com - High
81 23.221.50.122 a23-221-50-122.deploy.static.akamaitechnologies.com - High
82 23.227.38.64 shops.myshopify.com - High
83 23.229.115.217 - - High
84 23.229.190.0 ip-23-229-190-0.ip.secureserver.net - High
85 23.239.2.11 li683-11.members.linode.com - High
86 23.254.203.51 hwsrv-779084.hostwindsdns.com - High
87 24.40.239.62 24-40-239-62.fidnet.com - High
88 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com - High
89 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net - High
90 24.116.40.208 24-116-40-208.cpe.sparklight.net - High
91 24.119.116.230 24-119-116-230.cpe.sparklight.net - High
92 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net - High
93 24.137.76.62 host-24-137-76-62.public.eastlink.ca - High
94 24.178.90.49 024-178-090-049.res.spectrum.com - High
95 24.179.13.119 024-179-013-119.res.spectrum.com - High
96 24.190.11.79 ool-18be0b4f.dyn.optonline.net - High
97 24.201.79.34 modemcable034.79-201-24.mc.videotron.ca - High
98 24.203.4.40 modemcable040.4-203-24.mc.videotron.ca - High
99 24.217.117.217 024-217-117-217.res.spectrum.com - High
100 24.232.0.227 smtp.fibertel.com.ar - High
101 24.232.228.233 OL233-228.fibertel.com.ar - High
102 24.244.177.40 - - High
103 27.50.89.209 27-50-89-209.as45671.net - High
104 27.78.27.110 localhost - High
105 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp - High
106 27.109.24.214 - - High
107 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp - High
108 27.254.81.87 cloud-linux09.thaidata.net - High
109 31.3.135.232 mirror.tillo.ch - High
110 31.24.158.56 bm.servidoresdedicados.com - High
111 31.167.248.50 - - High
112 31.172.86.183 - - High
113 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
114 34.192.19.33 ec2-34-192-19-33.compute-1.amazonaws.com - Medium
115 35.184.245.68 68.245.184.35.bc.googleusercontent.com - Medium
116 35.190.87.116 116.87.190.35.bc.googleusercontent.com - Medium
117 35.203.98.50 50.98.203.35.bc.googleusercontent.com - Medium
118 35.213.151.141 141.151.213.35.bc.googleusercontent.com - Medium
119 35.214.151.75 75.151.214.35.bc.googleusercontent.com - Medium
120 36.91.44.183 - - High
121 37.9.175.14 14.175.9.37.in-addr.arpa.websupport.sk - High
122 37.46.129.215 we-too.ru - High
123 37.97.135.82 37-97-135-82.colo.transip.net - High
124 37.120.175.15 v220220112692175454.nicesrv.de - High
125 37.139.21.175 37.139.21.175-e2-8080-keep-up - High
126 37.179.204.33 - - High
127 37.187.4.178 ks2.kku.io - High
128 37.187.5.82 ks3370412.kimsufi.com - High
129 37.187.56.166 - - High
130 37.187.57.57 ns3357940.ovh.net - High
131 37.187.72.193 ns3362285.ip-37-187-72.eu - High
132 37.187.161.206 toolbox.alabs.io - High
133 37.205.9.252 s1.ithelp24.eu - High
134 37.221.70.250 b2b-customer.inftele.net - High
135 37.228.137.204 wiki.lmap.ir - High
136 37.247.101.241 server241.turkwebdizayn.com - High
137 40.97.124.18 - - High
138 41.76.108.46 - - High
139 41.169.20.147 - - High
140 41.169.36.237 - - High
141 41.185.28.84 brf01-nix01.wadns.net - High
142 41.185.29.128 abp79-nix01.wadns.net - High
143 41.190.32.8 smtp11.utande.co.zw - High
144 41.203.62.170 - - High
145 41.204.202.41 www41.cpt2.host-h.net - High
146 41.231.225.139 - - High
147 42.62.40.103 - - High
148 43.229.62.186 rocket-cheese.bnr.la - High
149 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net - High
150 45.33.35.103 li985-103.members.linode.com - High
151 45.33.54.74 li1004-74.members.linode.com - High
152 45.33.77.42 li1023-42.members.linode.com - High
153 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com - High
154 45.55.36.51 - - High
155 45.55.82.2 - - High
156 45.55.179.121 - - High
157 45.55.219.163 - - High
158 45.56.88.91 45-56-88-91.ip.linodeusercontent.com - High
159 45.56.127.75 li945-75.members.linode.com - High
160 45.59.204.133 rrcs-45-59-204-133.west.biz.rr.com - High
161 45.76.176.10 45.76.176.10.vultrusercontent.com - High
162 45.77.154.161 45.77.154.161.vultrusercontent.com - High
163 45.79.95.107 li1194-107.members.linode.com - High
164 45.79.188.67 li1287-67.members.linode.com - High
165 45.80.148.200 - - High
166 45.118.115.99 - - High
167 45.118.135.203 45-118-135-203.ip.linodeusercontent.com - High
168 45.118.136.92 - - High
169 45.119.83.237 - - High
170 45.142.114.231 mail.dounutmail.de - High
171 45.176.232.124 - - High
172 45.230.45.171 - - High
173 45.252.251.10 - - High
174 46.4.100.178 support.wizard-shopservice.de - High
175 46.4.192.185 static.185.192.4.46.clients.your-server.de - High
176 46.28.111.142 enkindu.jsuchy.net - High
177 46.30.213.132 - - High
178 46.32.229.152 094882.vps-10.com - High
179 46.32.233.226 yetitoolusa.com - High
180 46.38.238.8 v2202109122001163131.happysrv.de - High
181 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io - High
182 46.49.124.53 - - High
183 46.55.222.11 - - High
184 46.101.58.37 46.101.58.37-e1-8080 - High
185 46.105.81.76 myu0.cylipo.sbs - High
186 46.105.114.137 ns3188253.ip-46-105-114.eu - High
187 46.105.131.68 http.adven.fr - High
188 46.105.131.69 epouventaille.adven.fr - High
189 46.105.131.79 relay.adven.fr - High
190 46.105.131.87 pop.adven.fr - High
191 46.105.236.18 - - High
192 46.165.212.76 - - High
193 46.165.254.206 - - High
194 46.214.107.142 46-214-107-142.next-gen.ro - High
195 47.36.140.164 047-036-140-164.res.spectrum.com - High
196 47.52.19.221 - - High
197 47.146.32.175 - - High
198 47.146.39.147 - - High
199 47.150.11.161 - - High
200 47.188.131.94 - - High
201 47.201.208.154 - - High
202 47.246.24.225 - - High
203 47.246.24.226 - - High
204 47.246.24.230 - - High
205 47.246.24.232 - - High
206 49.12.121.47 filezilla-project.org - High
207 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz - High
208 49.212.135.76 os3-321-50322.vs.sakura.ne.jp - High
209 49.212.155.94 os3-325-52340.vs.sakura.ne.jp - High
210 50.22.35.194 c2.23.1632.ip4.static.sl-reverse.com - High
211 50.23.248.182 b6.f8.1732.ip4.static.sl-reverse.com - High
212 50.28.51.143 - - High
213 50.30.40.196 usve255301.serverprofi24.com - High
214 50.31.146.101 mail.brillinjurylaw.com - High
215 50.31.174.165 priva28.privatednsorg.com - High
216 50.56.135.44 - - High
217 50.62.176.42 p3plcpnl0515.prod.phx3.secureserver.net - High
218 50.62.176.244 p3plcpnl0728.prod.phx3.secureserver.net - High
219 50.62.194.30 ip-50-62-194-30.ip.secureserver.net - High
220 50.63.8.21 ip-50-63-8-21.ip.secureserver.net - High
221 50.78.167.65 millcreek.cc - High
222 50.87.59.65 50-87-59-65.unifiedlayer.com - High
223 50.87.144.137 gator3103.hostgator.com - High
224 50.87.144.197 gator3161.hostgator.com - High
225 50.87.150.177 50-87-150-177.unifiedlayer.com - High
226 50.91.114.38 050-091-114-038.res.spectrum.com - High
227 50.92.101.60 d50-92-101-60.bchsia.telus.net - High
228 50.116.54.215 li440-215.members.linode.com - High
229 50.116.78.109 intersearchmedia.com - High
230 50.116.86.205 template3.domain.com - High
231 50.121.220.50 static-50-121-220-50.clbg.wv.frontiernet.net - High
232 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net - High
233 51.15.4.22 51-15-4-22.rev.poneytelecom.eu - High
234 51.15.7.145 51-15-7-145.rev.poneytelecom.eu - High
235 51.38.124.206 206.ip-51-38-124.eu - High
236 51.38.201.19 ip19.ip-51-38-201.eu - High
237 51.68.175.8 vps-9dba3732.vps.ovh.net - High
238 51.68.220.244 vps-7a400d57.vps.ovh.net - High
239 51.75.33.120 ip120.ip-51-75-33.eu - High
240 51.75.33.127 ip127.ip-51-75-33.eu - High
241 51.77.113.100 titan40.fastworldwideweb.com - High
242 51.89.36.180 ip180.ip-51-89-36.eu - High
243 51.89.199.141 ip141.ip-51-89-199.eu - High
244 51.91.7.5 ns3147667.ip-51-91-7.eu - High
245 51.91.76.89 89.ip-51-91-76.eu - High
246 51.159.23.217 jambold.co.uk - High
247 51.159.35.157 51-159-35-157.rev.poneytelecom.eu - High
248 51.254.137.156 mail.unolan.net - High
249 51.254.140.238 238.ip-51-254-140.eu - High
250 51.255.50.164 vps-b6cfe010.vps.ovh.net - High
251 51.255.165.160 160.ip-51-255-165.eu - High
252 52.31.99.185 ec2-52-31-99-185.eu-west-1.compute.amazonaws.com - Medium
253 52.66.202.63 ec2-52-66-202-63.ap-south-1.compute.amazonaws.com - Medium
254 52.96.38.82 - - High
255 52.96.40.242 - - High
256 52.96.62.226 - - High
257 54.36.185.60 ip60.ip-54-36-185.eu - High
258 54.38.94.197 ns3140984.ip-54-38-94.eu - High
259 54.38.143.245 tools.inovato.me - High
260 54.88.144.211 va-smtp01.263.net - High
261 58.27.215.3 58-27-215-3.wateen.net - High
262 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp - High
263 58.96.74.42 42.74.96.58.static.exetel.com.au - High
264 58.171.38.26 - - High
265 58.216.16.130 - - High
266 58.227.42.236 - - High
267 59.110.18.236 - - High
268 59.120.5.154 59-120-5-154.hinet-ip.hinet.net - High
269 59.124.1.19 59-124-1-19.hinet-ip.hinet.net - High
270 59.148.253.194 059148253194.ctinets.com - High
271 59.152.93.46 46.93.152.59.zipnetltd.com - High
272 60.36.166.212 imail.mail.plala.or.jp - High
273 60.93.23.51 softbank060093023051.bbtec.net - High
274 60.108.128.186 softbank060108128186.bbtec.net - High
275 60.125.114.64 softbank060125114064.bbtec.net - High
276 60.249.78.226 60-249-78-226.hinet-ip.hinet.net - High
277 61.19.246.238 - - High
278 61.197.37.169 pl937.ag1001.nttpc.ne.jp - High
279 62.28.40.155 exchange.ptasp.com - High
280 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk - High
281 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com - High
282 62.84.75.50 mail.saadegrp.com.lb - High
283 62.141.45.103 vps2009743.fastwebserver.de - High
284 62.149.128.42 imaps.aruba.it - High
285 62.149.128.72 mxd4.aruba.it - High
286 62.149.128.179 pop3s.aruba.it - High
287 62.149.128.200 smtp1.aruba.it - High
288 62.149.128.210 smtpa1.aruba.it - High
289 62.149.152.151 - - High
290 62.149.152.152 - - High
291 62.149.157.55 - - High
292 62.171.142.179 vmi499457.contaboserver.net - High
293 62.171.178.147 vmi365451.contaboserver.net - High
294 62.210.127.136 62-210-127-136.rev.poneytelecom.eu - High
295 62.212.34.102 - - High
296 62.234.99.30 - - High
297 63.142.253.122 - - High
298 64.4.244.68 - - High
299 64.26.60.221 pop5.csee.onr.siteprotect.com - High
300 64.41.126.110 securesmtp.csee.siteprotect.com - High
301 64.59.136.142 mail.shaw.ca - High
302 64.60.82.82 64-60-82-82.static-ip.telepacific.net - High
303 64.71.36.11 - - High
304 64.85.73.16 - - High
305 64.88.202.250 - - High
306 64.90.62.162 pop.dreamhost.com - High
307 64.91.228.45 - - High
308 64.98.36.5 mail.b.hostedemail.com - High
309 64.98.36.173 mail.lawyers-mail.com - High
310 64.183.73.122 rrcs-64-183-73-122.west.biz.rr.com - High
311 64.190.63.136 - - High
312 64.207.182.168 - - High
313 64.250.117.68 smtp.movistarcloud.com.ve - High
314 65.49.60.163 65-49-60-163.ip.linodeusercontent.com - High
315 65.55.72.183 origin.sn134w.snt134.mail.live.com - High
316 65.182.102.90 mail.geantes.com - High
317 65.254.228.100 customer.hostcentric.com - High
318 66.23.200.58 - - High
319 66.42.55.5 66.42.55.5.vultrusercontent.com - High
320 66.50.57.73 66-50-57-73.prtc.net - High
321 66.54.51.172 - - High
322 66.71.241.102 mail.nixhost.net - High
323 66.76.26.33 66-76-26-33.hdsncmta01.com.sta.suddenlink.net - High
324 66.96.134.1 1.134.96.66.static.eigbox.net - High
325 66.96.147.103 103.147.96.66.static.eigbox.net - High
326 66.96.147.110 110.147.96.66.static.eigbox.net - High
327 66.195.202.115 mail.navarac.com - High
328 66.209.69.165 - - High
329 66.216.234.131 066-216-234-131.res.spectrum.com - High
330 66.220.110.56 h66-220-110-56.bendor.broadband.dynamic.tds.net - High
331 66.228.32.31 li282-31.members.linode.com - High
332 66.228.45.129 li326-129.members.linode.com - High
333 66.228.61.248 li318-248.members.linode.com - High
334 67.19.105.107 ns2.datatrust.com.br - High
335 67.68.235.25 bas10-montrealak-67-68-235-25.dsl.bell.ca - High
336 67.163.161.107 c-67-163-161-107.hsd1.pa.comcast.net - High
337 67.170.250.203 c-67-170-250-203.hsd1.ca.comcast.net - High
338 67.177.71.77 c-67-177-71-77.hsd1.al.comcast.net - High
339 67.195.197.75 p9ats-i.geo.vip.bf1.yahoo.com - High
340 67.195.228.95 unknown.yahoo.com - High
341 67.212.168.237 237.168.212.67.unassigned.ord.singlehop.net - High
342 67.216.131.134 134.131.216.67.134.static.hargray.net - High
343 67.222.2.148 - - High
344 67.225.218.50 lb01.parklogic.com - High
345 67.225.221.173 host.hddpool2.net - High
346 67.225.229.55 - - High
347 67.241.81.253 cpe-67-241-81-253.twcny.res.rr.com - High
348 68.2.97.91 ip68-2-97-91.ph.ph.cox.net - High
349 68.44.137.144 c-68-44-137-144.hsd1.in.comcast.net - High
350 68.66.194.12 68.66.194.12.static.a2webhosting.com - High
351 68.66.248.6 nl1-ls1.a2hosting.com - High
352 68.178.213.203 p3plibsmtp03-v01.prod.phx3.secureserver.net - High
353 68.183.62.61 - - High
354 68.183.170.114 68.183.170.114-e1-8080-keep-up - High
355 68.183.190.199 68.183.190.199-e1-8080-keep-up - High
356 69.16.228.14 kurt.duplika.com - High
357 69.16.254.127 cloudvpsserver.etelligens.in - High
358 69.17.170.58 unallocated-static.rogers.com - High
359 69.43.168.200 ns0.imunplugged.com - High
360 69.43.168.232 - - High
361 69.45.19.251 coastinet.com - High
362 69.61.0.198 alpha01.serverparlor.net - High
363 69.147.92.11 e1.ycpi.vip.dca.yahoo.com - High
364 69.147.92.12 e2.ycpi.vip.dca.yahoo.com - High
365 69.156.240.33 smtp.transportalliance.ca - High
366 69.163.33.82 - - High
367 69.167.152.111 - - High
368 69.168.106.36 mail.windstream.syn-alias.com - High
369 69.175.31.212 212.31.175.69.unassigned.ord.singlehop.net - High
370 69.198.17.20 69-198-17-20.customerip.birch.net - High
371 69.198.17.49 69-198-17-49.customerip.birch.net - High
372 70.32.84.74 - - High
373 70.32.89.105 parties-at-sea.com - High
374 ... ... ... ...

There are 1492 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1040 CWE-294 Authentication Bypass by Capture-replay High
2 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
3 T1068 CWE-264, CWE-266, CWE-284 Execution with Unnecessary Privileges High
4 ... ... ... ...

There are 8 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /account/ResetPassword High
2 File /admin.php/news/admin/topic/save High
3 File /anony/mjpg.cgi High
4 File /api/crontab Medium
5 File /api/RecordingList/DownloadRecord?file= High
6 File /bcms/admin/?page=user/list High
7 File /cgi-bin/supervisor/adcommand.cgi High
8 File /current_action.php?action=reboot High
9 File /debug/pprof Medium
10 File /etc/config/image_sign High
11 File /etc/password High
12 File /forum/away.php High
13 File /fuel/index.php/fuel/logs/items High
14 File /IISADMPWD Medium
15 File /mgmt/tm/util/bash High
16 File /proc/stat Medium
17 File /secure/QueryComponent!Default.jspa High
18 File /simple_chat_bot/admin/?page=user/manage_user High
19 File /src/njs/src/njs_module.c High
20 File /uncpath/ Medium
21 File /user-utils/users/md5.json High
22 File /userRpm/popupSiteSurveyRpm.html High
23 File /views/directive/sys/SysConfigDataDirective.java High
24 File /wp-admin/admin-ajax.php High
25 File /_internal Medium
26 File 4.edu.php Medium
27 File aam/v1/authenticate High
28 File acl.c Low
29 File admin.webring.docs.php High
30 File admin/?page=students High
31 ... ... ...

There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!