Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Emotet/README.md

52 KiB
Raw Blame History

Emotet - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

There are 5 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Campaign Confidence
1 1.186.249.82 1.186.249.82.dvois.com - High
2 1.226.84.243 - - High
3 1.234.2.232 - - High
4 1.234.21.73 - - High
5 2.47.112.152 net-2-47-112-152.cust.vodafonedsl.it - High
6 2.58.16.86 - - High
7 2.58.16.87 - - High
8 2.58.16.89 - - High
9 2.82.75.215 bl21-75-215.dsl.telepac.pt - High
10 5.2.75.167 coms.a9v34.com.cn - High
11 5.2.84.232 momos.alastyr.com - High
12 5.2.136.90 static-5-2-136-90.rdsnet.ro - High
13 5.2.182.7 static-5-2-182-7.rdsnet.ro - High
14 5.2.212.254 static-5-2-212-254.rdsnet.ro - High
15 5.9.49.12 static.12.49.9.5.clients.your-server.de - High
16 5.9.116.246 static.246.116.9.5.clients.your-server.de - High
17 5.9.128.163 static.163.128.9.5.clients.your-server.de - High
18 5.9.189.24 static.24.189.9.5.clients.your-server.de - High
19 5.12.246.155 5-12-246-155.residential.rdsnet.ro - High
20 5.35.249.46 rs250366.rs.hosteurope.de - High
21 5.39.69.166 ns340204.ip-5-39-69.eu - High
22 5.39.84.48 ns3126815.ip-5-39-84.eu - High
23 5.39.91.110 ns3278366.ip-5-39-91.eu - High
24 5.45.108.146 cosmo.jumpingcrab.com - High
25 5.56.56.146 sites1.tucomunidad.cloud - High
26 5.56.132.177 asiatech.dn-server.com - High
27 5.79.70.250 - - High
28 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it - High
29 5.101.138.188 uk.mthservers.com - High
30 5.159.57.195 www-riedle.transfermarkt.de - High
31 5.189.160.61 ip-61-160-189-5.static.contabo.net - High
32 5.196.35.138 vps10.open-techno.net - High
33 5.196.73.150 ns3000085.ip-5-196-73.eu - High
34 5.196.133.206 pixelfed.hosnet.fr - High
35 5.230.193.41 casagarcia-web.sys.netzfabrik.eu - High
36 8.4.9.137 onlinehorizons.net - High
37 8.9.11.48 8.9.11.48.vultrusercontent.com - High
38 8.247.6.134 - - High
39 8.248.153.254 - - High
40 8.248.163.254 - - High
41 8.249.219.254 - - High
42 8.249.241.254 - - High
43 8.253.45.214 - - High
44 8.253.131.121 - - High
45 12.6.148.4 mail.carters.com - High
46 12.6.183.21 - - High
47 12.32.68.154 mail.sealscoinc.com - High
48 12.149.72.170 - - High
49 12.162.84.2 - - High
50 12.163.208.58 - - High
51 12.182.146.226 - - High
52 12.184.217.101 - - High
53 12.222.134.10 - - High
54 12.238.114.130 - - High
55 13.107.21.200 - - High
56 14.49.39.215 - - High
57 17.36.205.74 - - High
58 17.56.136.171 p74-smtp.mail.icloud.com - High
59 18.209.113.128 ec2-18-209-113-128.compute-1.amazonaws.com - Medium
60 18.211.9.206 ec2-18-211-9-206.compute-1.amazonaws.com - Medium
61 18.217.99.164 ec2-18-217-99-164.us-east-2.compute.amazonaws.com - Medium
62 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
63 23.3.13.146 a23-3-13-146.deploy.static.akamaitechnologies.com - High
64 23.3.13.153 a23-3-13-153.deploy.static.akamaitechnologies.com - High
65 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
66 23.5.231.225 a23-5-231-225.deploy.static.akamaitechnologies.com - High
67 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com - High
68 23.6.69.99 a23-6-69-99.deploy.static.akamaitechnologies.com - High
69 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com - High
70 23.41.248.194 a23-41-248-194.deploy.static.akamaitechnologies.com - High
71 23.46.53.71 a23-46-53-71.deploy.static.akamaitechnologies.com - High
72 23.46.238.193 a23-46-238-193.deploy.static.akamaitechnologies.com - High
73 23.46.238.194 a23-46-238-194.deploy.static.akamaitechnologies.com - High
74 23.46.238.232 a23-46-238-232.deploy.static.akamaitechnologies.com - High
75 23.52.7.20 a23-52-7-20.deploy.static.akamaitechnologies.com - High
76 23.67.200.172 a23-67-200-172.deploy.static.akamaitechnologies.com - High
77 23.67.202.10 a23-67-202-10.deploy.static.akamaitechnologies.com - High
78 23.95.95.18 23-95-95-18-host.colocrossing.com - High
79 23.111.156.118 23-111-156-118.static.hvvc.us - High
80 23.197.19.180 a23-197-19-180.deploy.static.akamaitechnologies.com - High
81 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
82 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com - High
83 23.218.127.164 a23-218-127-164.deploy.static.akamaitechnologies.com - High
84 23.218.141.31 a23-218-141-31.deploy.static.akamaitechnologies.com - High
85 23.221.50.122 a23-221-50-122.deploy.static.akamaitechnologies.com - High
86 23.227.38.64 shops.myshopify.com - High
87 23.229.115.217 - - High
88 23.229.190.0 ip-23-229-190-0.ip.secureserver.net - High
89 23.239.0.12 li680-12.members.linode.com - High
90 23.239.2.11 li683-11.members.linode.com - High
91 23.246.204.126 7e.cc.f617.ip4.static.sl-reverse.com - High
92 23.254.203.51 hwsrv-779084.hostwindsdns.com - High
93 24.40.239.62 24-40-239-62.fidnet.com - High
94 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com - High
95 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net - High
96 24.116.40.208 24-116-40-208.cpe.sparklight.net - High
97 24.119.116.230 24-119-116-230.cpe.sparklight.net - High
98 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net - High
99 24.137.76.62 host-24-137-76-62.public.eastlink.ca - High
100 24.178.90.49 024-178-090-049.res.spectrum.com - High
101 24.179.13.119 024-179-013-119.res.spectrum.com - High
102 24.190.11.79 ool-18be0b4f.dyn.optonline.net - High
103 24.201.79.34 modemcable034.79-201-24.mc.videotron.ca - High
104 24.203.4.40 modemcable040.4-203-24.mc.videotron.ca - High
105 24.217.117.217 024-217-117-217.res.spectrum.com - High
106 24.232.0.227 smtp.fibertel.com.ar - High
107 24.232.228.233 OL233-228.fibertel.com.ar - High
108 24.244.177.40 - - High
109 27.50.89.209 27-50-89-209.as45671.net - High
110 27.54.89.58 vm-1m-r44.ipv4.per01.ds.network - High
111 27.78.27.110 localhost - High
112 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp - High
113 27.109.24.214 - - High
114 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp - High
115 27.254.81.87 cloud-linux09.thaidata.net - High
116 31.3.135.232 mirror.tillo.ch - High
117 31.22.4.160 sv.comparelight.com - High
118 31.24.158.56 bm.servidoresdedicados.com - High
119 31.167.248.50 - - High
120 31.172.86.183 - - High
121 31.207.89.74 - - High
122 34.80.191.247 247.191.80.34.bc.googleusercontent.com - Medium
123 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
124 34.192.19.33 ec2-34-192-19-33.compute-1.amazonaws.com - Medium
125 35.184.245.68 68.245.184.35.bc.googleusercontent.com - Medium
126 35.190.87.116 116.87.190.35.bc.googleusercontent.com - Medium
127 35.203.98.50 50.98.203.35.bc.googleusercontent.com - Medium
128 35.213.151.141 141.151.213.35.bc.googleusercontent.com - Medium
129 35.214.151.75 75.151.214.35.bc.googleusercontent.com - Medium
130 36.67.23.59 - - High
131 36.91.44.183 - - High
132 37.9.175.14 14.175.9.37.in-addr.arpa.websupport.sk - High
133 37.44.244.177 - - High
134 37.46.129.215 we-too.ru - High
135 37.59.209.141 - - High
136 37.97.135.82 37-97-135-82.colo.transip.net - High
137 37.120.175.15 v220220112692175454.nicesrv.de - High
138 37.139.21.175 37.139.21.175-e2-8080-keep-up - High
139 37.179.204.33 - - High
140 37.187.4.178 ks2.kku.io - High
141 37.187.5.82 ks3370412.kimsufi.com - High
142 37.187.56.166 - - High
143 37.187.57.57 ns3357940.ovh.net - High
144 37.187.72.193 ns3362285.ip-37-187-72.eu - High
145 37.187.115.122 ns328855.ip-37-187-115.eu - High
146 37.187.161.206 toolbox.alabs.io - High
147 37.205.9.252 s1.ithelp24.eu - High
148 37.221.70.250 b2b-customer.inftele.net - High
149 37.228.137.204 wiki.lmap.ir - High
150 37.247.101.241 server241.turkwebdizayn.com - High
151 40.97.124.18 - - High
152 41.73.252.195 - - High
153 41.76.108.46 - - High
154 41.169.20.147 - - High
155 41.169.36.237 - - High
156 41.185.28.84 brf01-nix01.wadns.net - High
157 41.185.29.128 abp79-nix01.wadns.net - High
158 41.190.32.8 smtp11.utande.co.zw - High
159 41.203.62.170 - - High
160 41.204.202.41 www41.cpt2.host-h.net - High
161 41.231.225.139 - - High
162 42.62.40.103 - - High
163 43.229.62.186 rocket-cheese.bnr.la - High
164 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net - High
165 45.33.35.103 li985-103.members.linode.com - High
166 45.33.54.74 li1004-74.members.linode.com - High
167 45.33.77.42 li1023-42.members.linode.com - High
168 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com - High
169 45.55.36.51 - - High
170 45.55.82.2 - - High
171 45.55.179.121 - - High
172 45.55.191.130 - - High
173 45.55.219.163 - - High
174 45.56.88.91 45-56-88-91.ip.linodeusercontent.com - High
175 45.56.127.75 li945-75.members.linode.com - High
176 45.59.204.133 rrcs-45-59-204-133.west.biz.rr.com - High
177 45.71.195.104 - - High
178 45.76.1.145 45.76.1.145.vultrusercontent.com - High
179 45.76.159.214 45.76.159.214.vultrusercontent.com - High
180 45.76.176.10 45.76.176.10.vultrusercontent.com - High
181 45.76.181.158 45.76.181.158.vultrusercontent.com - High
182 45.77.154.161 45.77.154.161.vultrusercontent.com - High
183 45.79.95.107 li1194-107.members.linode.com - High
184 45.79.173.200 45-79-173-200.ip.linodeusercontent.com - High
185 45.79.188.67 li1287-67.members.linode.com - High
186 45.80.148.200 - - High
187 45.118.115.99 - - High
188 45.118.135.203 45-118-135-203.ip.linodeusercontent.com - High
189 45.118.136.92 - - High
190 45.119.83.237 - - High
191 45.138.98.34 xtream - High
192 45.142.114.231 mail.dounutmail.de - High
193 45.176.232.124 - - High
194 45.176.232.125 - - High
195 45.186.16.18 45-186-16-18.winnet.com.br - High
196 45.230.45.171 - - High
197 45.235.8.30 - - High
198 45.252.251.10 - - High
199 46.4.100.178 support.wizard-shopservice.de - High
200 46.4.192.185 static.185.192.4.46.clients.your-server.de - High
201 46.28.111.142 enkindu.jsuchy.net - High
202 46.30.213.132 - - High
203 46.32.229.152 094882.vps-10.com - High
204 46.32.233.226 yetitoolusa.com - High
205 46.38.238.8 v2202109122001163131.happysrv.de - High
206 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io - High
207 46.49.124.53 - - High
208 46.55.222.11 - - High
209 46.101.58.37 46.101.58.37-e1-8080 - High
210 46.105.81.76 myu0.cylipo.sbs - High
211 46.105.114.137 ns3188253.ip-46-105-114.eu - High
212 46.105.131.68 http.adven.fr - High
213 46.105.131.69 epouventaille.adven.fr - High
214 46.105.131.79 relay.adven.fr - High
215 46.105.131.87 pop.adven.fr - High
216 46.105.236.18 - - High
217 46.165.212.76 - - High
218 46.165.254.206 - - High
219 46.214.107.142 46-214-107-142.next-gen.ro - High
220 47.36.140.164 047-036-140-164.res.spectrum.com - High
221 47.52.19.221 - - High
222 47.146.32.175 - - High
223 47.146.39.147 - - High
224 47.150.11.161 - - High
225 47.188.131.94 - - High
226 47.201.208.154 - - High
227 47.246.24.225 - - High
228 47.246.24.226 - - High
229 47.246.24.230 - - High
230 47.246.24.232 - - High
231 49.12.121.47 filezilla-project.org - High
232 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz - High
233 49.212.135.76 os3-321-50322.vs.sakura.ne.jp - High
234 49.212.155.94 os3-325-52340.vs.sakura.ne.jp - High
235 50.22.35.194 c2.23.1632.ip4.static.sl-reverse.com - High
236 50.23.248.182 b6.f8.1732.ip4.static.sl-reverse.com - High
237 50.28.51.143 - - High
238 50.30.40.196 usve255301.serverprofi24.com - High
239 50.31.146.101 mail.brillinjurylaw.com - High
240 50.31.174.165 priva28.privatednsorg.com - High
241 50.56.135.44 - - High
242 50.62.176.42 p3plcpnl0515.prod.phx3.secureserver.net - High
243 50.62.176.244 p3plcpnl0728.prod.phx3.secureserver.net - High
244 50.62.194.30 ip-50-62-194-30.ip.secureserver.net - High
245 50.63.8.21 ip-50-63-8-21.ip.secureserver.net - High
246 50.78.167.65 millcreek.cc - High
247 50.87.59.65 50-87-59-65.unifiedlayer.com - High
248 50.87.144.137 gator3103.hostgator.com - High
249 50.87.144.197 gator3161.hostgator.com - High
250 50.87.150.177 50-87-150-177.unifiedlayer.com - High
251 50.91.114.38 050-091-114-038.res.spectrum.com - High
252 50.92.101.60 d50-92-101-60.bchsia.telus.net - High
253 50.116.54.215 li440-215.members.linode.com - High
254 50.116.78.109 intersearchmedia.com - High
255 50.116.86.205 template3.domain.com - High
256 50.121.220.50 static-50-121-220-50.clbg.wv.frontiernet.net - High
257 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net - High
258 51.15.4.22 51-15-4-22.rev.poneytelecom.eu - High
259 51.15.7.145 51-15-7-145.rev.poneytelecom.eu - High
260 51.38.71.0 0.ip-51-38-71.eu - High
261 51.38.124.206 206.ip-51-38-124.eu - High
262 51.38.201.19 ip19.ip-51-38-201.eu - High
263 51.68.141.164 164.ip-51-68-141.eu - High
264 51.68.175.8 vps-9dba3732.vps.ovh.net - High
265 51.68.220.244 vps-7a400d57.vps.ovh.net - High
266 51.75.33.120 ip120.ip-51-75-33.eu - High
267 51.75.33.127 ip127.ip-51-75-33.eu - High
268 51.77.82.125 ip125.51-77-82.iproute.de - High
269 51.77.113.100 titan40.fastworldwideweb.com - High
270 51.89.36.180 ip180.ip-51-89-36.eu - High
271 51.89.199.141 ip141.ip-51-89-199.eu - High
272 51.91.7.5 ns3147667.ip-51-91-7.eu - High
273 51.91.76.89 89.ip-51-91-76.eu - High
274 51.159.23.217 jambold.co.uk - High
275 51.159.35.157 51-159-35-157.rev.poneytelecom.eu - High
276 51.161.73.194 ip194.ip-51-161-73.net - High
277 51.210.242.234 vps-36767060.vps.ovh.net - High
278 51.254.137.156 mail.unolan.net - High
279 51.254.140.238 238.ip-51-254-140.eu - High
280 51.255.50.164 vps-b6cfe010.vps.ovh.net - High
281 51.255.165.160 160.ip-51-255-165.eu - High
282 52.31.99.185 ec2-52-31-99-185.eu-west-1.compute.amazonaws.com - Medium
283 52.66.202.63 ec2-52-66-202-63.ap-south-1.compute.amazonaws.com - Medium
284 52.96.38.82 - - High
285 52.96.40.242 - - High
286 52.96.62.226 - - High
287 54.36.185.60 ip60.ip-54-36-185.eu - High
288 54.37.106.167 ip167.ip-54-37-106.eu - High
289 54.37.228.122 122.ip-54-37-228.eu - High
290 54.38.94.197 ns3140984.ip-54-38-94.eu - High
291 54.38.143.245 tools.inovato.me - High
292 54.38.143.246 ip246.ip-54-38-143.eu - High
293 54.38.242.185 vps-f3507bbf.vps.ovh.net - High
294 54.88.144.211 va-smtp01.263.net - High
295 58.27.215.3 58-27-215-3.wateen.net - High
296 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp - High
297 58.96.74.42 42.74.96.58.static.exetel.com.au - High
298 58.171.38.26 - - High
299 58.216.16.130 - - High
300 58.227.42.236 - - High
301 59.110.18.236 - - High
302 59.120.5.154 59-120-5-154.hinet-ip.hinet.net - High
303 59.124.1.19 59-124-1-19.hinet-ip.hinet.net - High
304 59.148.253.194 059148253194.ctinets.com - High
305 59.152.93.46 46.93.152.59.zipnetltd.com - High
306 60.36.166.212 imail.mail.plala.or.jp - High
307 60.93.23.51 softbank060093023051.bbtec.net - High
308 60.108.128.186 softbank060108128186.bbtec.net - High
309 60.125.114.64 softbank060125114064.bbtec.net - High
310 60.249.78.226 60-249-78-226.hinet-ip.hinet.net - High
311 61.19.246.238 - - High
312 61.197.37.169 pl937.ag1001.nttpc.ne.jp - High
313 62.28.40.155 exchange.ptasp.com - High
314 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk - High
315 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com - High
316 62.84.75.50 mail.saadegrp.com.lb - High
317 62.141.45.103 vps2009743.fastwebserver.de - High
318 62.149.128.42 imaps.aruba.it - High
319 62.149.128.72 mxd4.aruba.it - High
320 62.149.128.179 pop3s.aruba.it - High
321 62.149.128.200 smtp1.aruba.it - High
322 62.149.128.210 smtpa1.aruba.it - High
323 62.149.152.151 - - High
324 62.149.152.152 - - High
325 62.149.157.55 - - High
326 62.171.142.179 vmi499457.contaboserver.net - High
327 62.171.178.147 vmi365451.contaboserver.net - High
328 62.210.127.136 62-210-127-136.rev.poneytelecom.eu - High
329 62.212.34.102 - - High
330 62.234.99.30 - - High
331 63.142.253.122 - - High
332 64.4.244.68 - - High
333 64.26.60.221 pop5.csee.onr.siteprotect.com - High
334 64.41.126.110 securesmtp.csee.siteprotect.com - High
335 64.59.136.142 mail.shaw.ca - High
336 64.60.82.82 64-60-82-82.static-ip.telepacific.net - High
337 64.71.36.11 - - High
338 64.85.73.16 - - High
339 64.88.202.250 - - High
340 64.90.62.162 pop.dreamhost.com - High
341 64.91.228.45 - - High
342 64.98.36.5 mail.b.hostedemail.com - High
343 64.98.36.173 mail.lawyers-mail.com - High
344 64.183.73.122 rrcs-64-183-73-122.west.biz.rr.com - High
345 64.190.63.136 - - High
346 64.207.182.168 - - High
347 64.227.55.231 - - High
348 64.227.100.222 - - High
349 64.250.117.68 smtp.movistarcloud.com.ve - High
350 65.49.60.163 65-49-60-163.ip.linodeusercontent.com - High
351 65.55.72.183 origin.sn134w.snt134.mail.live.com - High
352 65.182.102.90 mail.geantes.com - High
353 65.254.228.100 customer.hostcentric.com - High
354 66.23.200.58 - - High
355 66.42.55.5 66.42.55.5.vultrusercontent.com - High
356 66.42.57.149 66.42.57.149.vultrusercontent.com - High
357 66.50.57.73 66-50-57-73.prtc.net - High
358 66.54.51.172 - - High
359 66.71.241.102 mail.nixhost.net - High
360 66.76.26.33 66-76-26-33.hdsncmta01.com.sta.suddenlink.net - High
361 66.96.134.1 1.134.96.66.static.eigbox.net - High
362 66.96.147.103 103.147.96.66.static.eigbox.net - High
363 66.96.147.110 110.147.96.66.static.eigbox.net - High
364 66.195.202.115 mail.navarac.com - High
365 66.209.69.165 - - High
366 66.216.234.131 066-216-234-131.res.spectrum.com - High
367 66.220.110.56 h66-220-110-56.bendor.broadband.dynamic.tds.net - High
368 66.228.32.31 li282-31.members.linode.com - High
369 66.228.45.129 li326-129.members.linode.com - High
370 66.228.61.248 li318-248.members.linode.com - High
371 67.19.105.107 ns2.datatrust.com.br - High
372 67.68.235.25 bas10-montrealak-67-68-235-25.dsl.bell.ca - High
373 67.163.161.107 c-67-163-161-107.hsd1.pa.comcast.net - High
374 67.170.250.203 c-67-170-250-203.hsd1.ca.comcast.net - High
375 67.177.71.77 c-67-177-71-77.hsd1.al.comcast.net - High
376 67.195.197.75 p9ats-i.geo.vip.bf1.yahoo.com - High
377 67.195.228.95 unknown.yahoo.com - High
378 67.212.168.237 237.168.212.67.unassigned.ord.singlehop.net - High
379 67.216.131.134 134.131.216.67.134.static.hargray.net - High
380 67.222.2.148 - - High
381 67.225.218.50 lb01.parklogic.com - High
382 67.225.221.173 host.hddpool2.net - High
383 67.225.229.55 - - High
384 67.241.81.253 cpe-67-241-81-253.twcny.res.rr.com - High
385 68.2.97.91 ip68-2-97-91.ph.ph.cox.net - High
386 68.44.137.144 c-68-44-137-144.hsd1.in.comcast.net - High
387 68.66.194.12 68.66.194.12.static.a2webhosting.com - High
388 68.66.248.6 nl1-ls1.a2hosting.com - High
389 68.178.213.203 p3plibsmtp03-v01.prod.phx3.secureserver.net - High
390 68.183.62.61 - - High
391 68.183.91.111 romeo.samplebox.in - High
392 68.183.93.250 - - High
393 68.183.170.114 68.183.170.114-e1-8080-keep-up - High
394 68.183.190.199 68.183.190.199-e1-8080-keep-up - High
395 69.16.218.101 - - High
396 69.16.228.14 kurt.duplika.com - High
397 69.16.254.127 cloudvpsserver.etelligens.in - High
398 69.17.170.58 unallocated-static.rogers.com - High
399 69.43.168.200 ns0.imunplugged.com - High
400 69.43.168.232 - - High
401 69.45.19.251 coastinet.com - High
402 69.61.0.198 alpha01.serverparlor.net - High
403 69.147.92.11 e1.ycpi.vip.dca.yahoo.com - High
404 69.147.92.12 e2.ycpi.vip.dca.yahoo.com - High
405 69.156.240.33 smtp.transportalliance.ca - High
406 69.163.33.82 - - High
407 69.167.152.111 - - High
408 69.168.106.36 mail.windstream.syn-alias.com - High
409 69.175.31.212 212.31.175.69.unassigned.ord.singlehop.net - High
410 69.197.160.180 vps180.unisonserver.com - High
411 ... ... ... ...

There are 1640 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-425 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94 Cross Site Scripting High
5 ... ... ... ...

There are 17 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .python-version High
2 File /admin/curltest.cgi High
3 File /admin/vca/bia/addacph.cgi High
4 File /admin/vca/license/license_tok.cgi High
5 File /blog/blog.php High
6 File /bmis/pages/resident/resident.php High
7 File /cgi-bin/luci/api/auth High
8 File /cgi-bin/mesh.cgi?page=upgrade High
9 File /cgi-bin/nightled.cgi High
10 File /cgi-bin/touchlist_sync.cgi High
11 File /dashboard/profile.php High
12 File /donor-wall Medium
13 File /editbrand.php High
14 ... ... ...

There are 113 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!