Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 18:03:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
40e55ae5b0
cyber_threat_intelligence/Emotet
History
Marc Ruef 40e55ae5b0 Update
2022-02-05 08:47:58 +01:00
..
README.md Update 2022-02-05 08:47:58 +01:00

README.md

Emotet - Cyber Threat Intelligence

The indicators are related to VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

  • VN
  • CN
  • US
  • ...

There are 2 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Confidence
1 1.186.249.82 1.186.249.82.dvois.com High
2 1.226.84.243 - High
3 2.58.16.86 - High
4 2.58.16.89 - High
5 2.82.75.215 bl21-75-215.dsl.telepac.pt High
6 5.2.84.232 momos.alastyr.com High
7 5.2.136.90 static-5-2-136-90.rdsnet.ro High
8 5.2.182.7 static-5-2-182-7.rdsnet.ro High
9 5.2.212.254 static-5-2-212-254.rdsnet.ro High
10 5.9.189.24 static.24.189.9.5.clients.your-server.de High
11 5.12.246.155 5-12-246-155.residential.rdsnet.ro High
12 5.35.249.46 rs250366.rs.hosteurope.de High
13 5.39.91.110 ns3278366.ip-5-39-91.eu High
14 5.79.70.250 - High
15 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it High
16 5.159.57.195 www-riedle.transfermarkt.de High
17 5.196.35.138 vps10.open-techno.net High
18 5.230.193.41 casagarcia-web.sys.netzfabrik.eu High
19 8.4.9.137 onlinehorizons.net High
20 8.247.6.134 - High
21 12.32.68.154 mail.sealscoinc.com High
22 12.149.72.170 - High
23 12.162.84.2 - High
24 12.163.208.58 - High
25 12.182.146.226 - High
26 12.184.217.101 - High
27 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com High
28 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com High
29 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com High
30 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com High
31 23.239.2.11 li683-11.members.linode.com High
32 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com High
33 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net High
34 24.119.116.230 24-119-116-230.cpe.sparklight.net High
35 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net High
36 24.137.76.62 host-24-137-76-62.public.eastlink.ca High
37 24.178.90.49 024-178-090-049.res.spectrum.com High
38 24.179.13.119 024-179-013-119.res.spectrum.com High
39 24.217.117.217 024-217-117-217.res.spectrum.com High
40 24.232.228.233 OL233-228.fibertel.com.ar High
41 24.244.177.40 - High
42 27.78.27.110 localhost High
43 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp High
44 27.109.24.214 - High
45 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp High
46 36.91.44.183 - High
47 37.46.129.215 we-too.ru High
48 37.97.135.82 37-97-135-82.colo.transip.net High
49 37.139.21.175 37.139.21.175-e2-8080-keep-up High
50 37.179.204.33 - High
51 37.187.4.178 ks2.kku.io High
52 37.187.57.57 ns3357940.ovh.net High
53 37.187.72.193 ns3362285.ip-37-187-72.eu High
54 37.187.161.206 toolbox.alabs.io High
55 37.205.9.252 s1.ithelp24.eu High
56 37.221.70.250 b2b-customer.inftele.net High
57 41.76.108.46 - High
58 41.169.36.237 - High
59 41.185.28.84 brf01-nix01.wadns.net High
60 41.185.29.128 exchange.imali-group.co.za High
61 41.231.225.139 - High
62 42.62.40.103 - High
63 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net High
64 45.33.77.42 li1023-42.members.linode.com High
65 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com High
66 45.55.36.51 - High
67 45.55.219.163 - High
68 45.79.95.107 li1194-107.members.linode.com High
69 45.80.148.200 - High
70 45.118.135.203 45-118-135-203.ip.linodeusercontent.com High
71 45.142.114.231 mail.dounutmail.de High
72 45.230.45.171 - High
73 46.4.100.178 support.wizard-shopservice.de High
74 46.4.192.185 static.185.192.4.46.clients.your-server.de High
75 46.28.111.142 enkindu.jsuchy.net High
76 46.32.229.152 094882.vps-10.com High
77 46.32.233.226 yetitoolusa.com High
78 46.38.238.8 v2202109122001163131.happysrv.de High
79 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io High
80 46.101.58.37 46.101.58.37-e1-8080 High
81 46.105.81.76 myu0.cylipo.sbs High
82 46.105.114.137 ns3188253.ip-46-105-114.eu High
83 46.105.131.68 http.adven.fr High
84 46.105.131.79 relay.adven.fr High
85 46.105.131.87 pop.adven.fr High
86 46.105.236.18 - High
87 46.165.254.206 - High
88 46.214.107.142 46-214-107-142.next-gen.ro High
89 47.36.140.164 047-036-140-164.res.spectrum.com High
90 47.146.39.147 - High
91 47.188.131.94 - High
92 49.12.121.47 filezilla-project.org High
93 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz High
94 49.212.135.76 os3-321-50322.vs.sakura.ne.jp High
95 49.212.155.94 os3-325-52340.vs.sakura.ne.jp High
96 50.28.51.143 - High
97 50.31.146.101 mail.brillinjurylaw.com High
98 50.56.135.44 - High
99 50.91.114.38 050-091-114-038.res.spectrum.com High
100 50.116.78.109 intersearchmedia.com High
101 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net High
102 51.15.7.145 51-15-7-145.rev.poneytelecom.eu High
103 51.75.33.127 ip127.ip-51-75-33.eu High
104 51.89.36.180 ip180.ip-51-89-36.eu High
105 51.89.199.141 ip141.ip-51-89-199.eu High
106 51.255.165.160 160.ip-51-255-165.eu High
107 54.38.143.245 tools.inovato.me High
108 58.27.215.3 58-27-215-3.wateen.net High
109 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp High
110 58.227.42.236 - High
111 59.148.253.194 059148253194.ctinets.com High
112 60.93.23.51 softbank060093023051.bbtec.net High
113 60.108.128.186 softbank060108128186.bbtec.net High
114 60.125.114.64 softbank060125114064.bbtec.net High
115 60.249.78.226 60-249-78-226.hinet-ip.hinet.net High
116 61.19.246.238 - High
117 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk High
118 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com High
119 62.84.75.50 mail.saadegrp.com.lb High
120 62.171.142.179 vmi499457.contaboserver.net High
121 62.212.34.102 - High
122 64.207.182.168 - High
123 66.54.51.172 - High
124 66.76.26.33 66-76-26-33.hdsncmta01.com.sta.suddenlink.net High
125 66.228.61.248 li318-248.members.linode.com High
126 67.19.105.107 ns2.datatrust.com.br High
127 67.170.250.203 c-67-170-250-203.hsd1.ca.comcast.net High
128 68.2.97.91 ip68-2-97-91.ph.ph.cox.net High
129 68.183.170.114 68.183.170.114-e1-8080-keep-up High
130 68.183.190.199 68.183.190.199-e1-8080-keep-up High
131 69.17.170.58 unallocated-static.rogers.com High
132 69.43.168.200 ns0.imunplugged.com High
133 69.45.19.251 coastinet.com High
134 69.167.152.111 - High
135 70.32.84.74 - High
136 70.32.89.105 parties-at-sea.com High
137 70.32.92.133 popdesigngroup.com High
138 70.32.115.157 harpotripofalifetime.com High
139 70.168.7.6 wsip-70-168-7-6.ri.ri.cox.net High
140 70.182.77.184 wsip-70-182-77-184.ok.ok.cox.net High
141 70.184.125.132 wsip-70-184-125-132.ph.ph.cox.net High
142 71.15.245.148 071-015-245-148.res.spectrum.com High
143 71.197.211.156 c-71-197-211-156.hsd1.wa.comcast.net High
144 71.244.60.231 static-71-244-60-231.dllstx.fios.frontiernet.net High
145 72.10.49.117 rtw7-rfpn.accessdomain.com High
146 72.18.204.17 lasvegas-nv-datacenter.com High
147 72.45.212.62 nyinstituteofmassage.com High
148 72.186.136.247 072-186-136-247.biz.spectrum.com High
149 ... ... ...

There are 594 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Description Confidence
1 T1059.007 Cross Site Scripting High
2 T1068 Execution with Unnecessary Privileges High
3 T1110.001 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ...

There are 2 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin/admin_manage/delete High
2 File /admin/configure.php High
3 File /administrator/components/table_manager/ High
4 File /application/common.php#action_log High
5 File /cgi-bin/luci High
6 File /Hospital-Management-System-master/func.php High
7 File /rest/api/1.0/render High
8 File /usr/bin/pkexec High
9 File /yzmcms/comment/index/init.html High
10 File admin/posts.php?source=add_post High
11 File admin/users.php?source=add_user High
12 File cgiserver.cgi High
13 File Controller.php High
14 File cszcms/controllers/Member.php#viewUser High
15 ... ... ...

There are 123 more IOA items available. Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!