Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Emotet/README.md

55 KiB
Raw Blame History

Emotet - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

There are 6 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Campaign Confidence
1 1.186.249.82 1.186.249.82.dvois.com - High
2 1.226.84.243 - - High
3 1.234.2.232 - - High
4 1.234.21.73 - - High
5 1.234.65.61 - - High
6 2.47.112.152 net-2-47-112-152.cust.vodafonedsl.it - High
7 2.58.16.86 - - High
8 2.58.16.87 - - High
9 2.58.16.89 - - High
10 2.80.112.146 bl19-112-146.dsl.telepac.pt - High
11 2.82.75.215 bl21-75-215.dsl.telepac.pt - High
12 5.2.75.167 coms.a9v34.com.cn - High
13 5.2.84.232 momos.alastyr.com - High
14 5.2.136.90 static-5-2-136-90.rdsnet.ro - High
15 5.2.182.7 static-5-2-182-7.rdsnet.ro - High
16 5.2.212.254 static-5-2-212-254.rdsnet.ro - High
17 5.9.49.12 static.12.49.9.5.clients.your-server.de - High
18 5.9.116.246 static.246.116.9.5.clients.your-server.de - High
19 5.9.128.163 static.163.128.9.5.clients.your-server.de - High
20 5.9.189.24 static.24.189.9.5.clients.your-server.de - High
21 5.12.246.155 5-12-246-155.residential.rdsnet.ro - High
22 5.35.249.46 rs250366.rs.hosteurope.de - High
23 5.39.69.166 ns340204.ip-5-39-69.eu - High
24 5.39.84.48 ns3126815.ip-5-39-84.eu - High
25 5.39.91.110 ns3278366.ip-5-39-91.eu - High
26 5.45.108.146 cosmo.jumpingcrab.com - High
27 5.56.56.146 sites1.tucomunidad.cloud - High
28 5.56.132.177 asiatech.dn-server.com - High
29 5.79.70.250 - - High
30 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it - High
31 5.101.138.188 uk.mthservers.com - High
32 5.159.57.195 www-riedle.transfermarkt.de - High
33 5.189.160.61 ip-61-160-189-5.static.contabo.net - High
34 5.196.35.138 vps10.open-techno.net - High
35 5.196.73.150 ns3000085.ip-5-196-73.eu - High
36 5.196.74.210 ns3003340.ip-5-196-74.eu - High
37 5.196.133.206 pixelfed.hosnet.fr - High
38 5.230.193.41 casagarcia-web.sys.netzfabrik.eu - High
39 8.4.9.137 onlinehorizons.net - High
40 8.9.11.48 8.9.11.48.vultrusercontent.com - High
41 8.247.6.134 - - High
42 8.248.153.254 - - High
43 8.248.163.254 - - High
44 8.249.219.254 - - High
45 8.249.241.254 - - High
46 8.253.45.214 - - High
47 8.253.131.121 - - High
48 12.6.148.4 mail.carters.com - High
49 12.6.183.21 - - High
50 12.32.68.154 mail.sealscoinc.com - High
51 12.149.72.170 - - High
52 12.162.84.2 - - High
53 12.163.208.58 - - High
54 12.182.146.226 - - High
55 12.184.217.101 - - High
56 12.222.134.10 - - High
57 12.238.114.130 - - High
58 13.107.21.200 - - High
59 14.49.39.215 - - High
60 17.36.205.74 - - High
61 17.56.136.171 p74-smtp.mail.icloud.com - High
62 18.209.113.128 ec2-18-209-113-128.compute-1.amazonaws.com - Medium
63 18.211.9.206 ec2-18-211-9-206.compute-1.amazonaws.com - Medium
64 18.217.99.164 ec2-18-217-99-164.us-east-2.compute.amazonaws.com - Medium
65 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
66 23.3.13.146 a23-3-13-146.deploy.static.akamaitechnologies.com - High
67 23.3.13.153 a23-3-13-153.deploy.static.akamaitechnologies.com - High
68 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
69 23.5.231.225 a23-5-231-225.deploy.static.akamaitechnologies.com - High
70 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com - High
71 23.6.69.99 a23-6-69-99.deploy.static.akamaitechnologies.com - High
72 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com - High
73 23.41.248.194 a23-41-248-194.deploy.static.akamaitechnologies.com - High
74 23.46.53.71 a23-46-53-71.deploy.static.akamaitechnologies.com - High
75 23.46.150.48 a23-46-150-48.deploy.static.akamaitechnologies.com - High
76 23.46.150.72 a23-46-150-72.deploy.static.akamaitechnologies.com - High
77 23.46.238.193 a23-46-238-193.deploy.static.akamaitechnologies.com - High
78 23.46.238.194 a23-46-238-194.deploy.static.akamaitechnologies.com - High
79 23.46.238.232 a23-46-238-232.deploy.static.akamaitechnologies.com - High
80 23.52.7.20 a23-52-7-20.deploy.static.akamaitechnologies.com - High
81 23.67.200.172 a23-67-200-172.deploy.static.akamaitechnologies.com - High
82 23.67.202.10 a23-67-202-10.deploy.static.akamaitechnologies.com - High
83 23.95.95.18 23-95-95-18-host.colocrossing.com - High
84 23.111.156.118 23-111-156-118.static.hvvc.us - High
85 23.197.19.180 a23-197-19-180.deploy.static.akamaitechnologies.com - High
86 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
87 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com - High
88 23.218.127.164 a23-218-127-164.deploy.static.akamaitechnologies.com - High
89 23.218.141.31 a23-218-141-31.deploy.static.akamaitechnologies.com - High
90 23.221.50.122 a23-221-50-122.deploy.static.akamaitechnologies.com - High
91 23.221.72.10 a23-221-72-10.deploy.static.akamaitechnologies.com - High
92 23.221.72.27 a23-221-72-27.deploy.static.akamaitechnologies.com - High
93 23.227.38.64 shops.myshopify.com - High
94 23.229.115.217 - - High
95 23.229.190.0 ip-23-229-190-0.ip.secureserver.net - High
96 23.239.0.12 li680-12.members.linode.com - High
97 23.239.2.11 li683-11.members.linode.com - High
98 23.246.204.126 7e.cc.f617.ip4.static.sl-reverse.com - High
99 23.254.203.51 hwsrv-779084.hostwindsdns.com - High
100 24.40.239.62 24-40-239-62.fidnet.com - High
101 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com - High
102 24.69.65.8 - - High
103 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net - High
104 24.116.40.208 24-116-40-208.cpe.sparklight.net - High
105 24.119.116.230 24-119-116-230.cpe.sparklight.net - High
106 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net - High
107 24.137.76.62 host-24-137-76-62.public.eastlink.ca - High
108 24.178.90.49 024-178-090-049.res.spectrum.com - High
109 24.179.13.119 024-179-013-119.res.spectrum.com - High
110 24.190.11.79 ool-18be0b4f.dyn.optonline.net - High
111 24.201.79.34 modemcable034.79-201-24.mc.videotron.ca - High
112 24.203.4.40 modemcable040.4-203-24.mc.videotron.ca - High
113 24.217.117.217 024-217-117-217.res.spectrum.com - High
114 24.232.0.227 smtp.fibertel.com.ar - High
115 24.232.228.233 OL233-228.fibertel.com.ar - High
116 24.244.177.40 - - High
117 24.245.65.66 host-24-245-65-66.vyvebroadband.net - High
118 27.50.89.209 27-50-89-209.as45671.net - High
119 27.54.89.58 vm-1m-r44.ipv4.per01.ds.network - High
120 27.78.27.110 localhost - High
121 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp - High
122 27.109.24.214 - - High
123 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp - High
124 27.254.81.87 cloud-linux09.thaidata.net - High
125 31.3.135.232 mirror.tillo.ch - High
126 31.22.4.160 sv.comparelight.com - High
127 31.24.158.56 bm.servidoresdedicados.com - High
128 31.167.248.50 - - High
129 31.172.86.183 - - High
130 31.207.89.74 - - High
131 34.80.191.247 247.191.80.34.bc.googleusercontent.com - Medium
132 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
133 34.192.19.33 ec2-34-192-19-33.compute-1.amazonaws.com - Medium
134 35.143.99.174 035-143-099-174.biz.spectrum.com - High
135 35.184.245.68 68.245.184.35.bc.googleusercontent.com - Medium
136 35.190.87.116 116.87.190.35.bc.googleusercontent.com - Medium
137 35.203.98.50 50.98.203.35.bc.googleusercontent.com - Medium
138 35.213.151.141 141.151.213.35.bc.googleusercontent.com - Medium
139 35.214.151.75 75.151.214.35.bc.googleusercontent.com - Medium
140 36.67.23.59 - - High
141 36.91.44.183 - - High
142 37.9.175.14 14.175.9.37.in-addr.arpa.websupport.sk - High
143 37.44.244.177 - - High
144 37.46.129.215 we-too.ru - High
145 37.59.209.141 - - High
146 37.97.135.82 37-97-135-82.colo.transip.net - High
147 37.120.175.15 v220220112692175454.nicesrv.de - High
148 37.139.21.175 37.139.21.175-e2-8080-keep-up - High
149 37.179.204.33 - - High
150 37.187.4.178 ks2.kku.io - High
151 37.187.5.82 ks3370412.kimsufi.com - High
152 37.187.56.166 - - High
153 37.187.57.57 ns3357940.ovh.net - High
154 37.187.72.193 ns3362285.ip-37-187-72.eu - High
155 37.187.115.122 ns328855.ip-37-187-115.eu - High
156 37.187.161.206 toolbox.alabs.io - High
157 37.205.9.252 s1.ithelp24.eu - High
158 37.220.6.126 mac-qq.space - High
159 37.221.70.250 b2b-customer.inftele.net - High
160 37.228.137.204 wiki.lmap.ir - High
161 37.247.101.241 server241.turkwebdizayn.com - High
162 40.97.124.18 - - High
163 41.73.252.195 - - High
164 41.76.108.46 - - High
165 41.169.20.147 - - High
166 41.169.36.237 - - High
167 41.185.28.84 brf01-nix01.wadns.net - High
168 41.185.29.128 abp79-nix01.wadns.net - High
169 41.190.32.8 smtp11.utande.co.zw - High
170 41.203.62.170 - - High
171 41.204.202.41 www41.cpt2.host-h.net - High
172 41.231.225.139 - - High
173 42.62.40.103 - - High
174 43.229.62.186 rocket-cheese.bnr.la - High
175 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net - High
176 45.33.35.103 li985-103.members.linode.com - High
177 45.33.54.74 li1004-74.members.linode.com - High
178 45.33.77.42 li1023-42.members.linode.com - High
179 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com - High
180 45.55.36.51 - - High
181 45.55.82.2 - - High
182 45.55.179.121 - - High
183 45.55.191.130 - - High
184 45.55.219.163 - - High
185 45.56.88.91 45-56-88-91.ip.linodeusercontent.com - High
186 45.56.127.75 li945-75.members.linode.com - High
187 45.59.204.133 rrcs-45-59-204-133.west.biz.rr.com - High
188 45.71.195.104 - - High
189 45.76.1.145 45.76.1.145.vultrusercontent.com - High
190 45.76.159.214 45.76.159.214.vultrusercontent.com - High
191 45.76.176.10 45.76.176.10.vultrusercontent.com - High
192 45.76.181.158 45.76.181.158.vultrusercontent.com - High
193 45.77.154.161 45.77.154.161.vultrusercontent.com - High
194 45.79.95.107 li1194-107.members.linode.com - High
195 45.79.173.200 45-79-173-200.ip.linodeusercontent.com - High
196 45.79.188.67 li1287-67.members.linode.com - High
197 45.80.148.200 - - High
198 45.118.115.99 - - High
199 45.118.135.203 45-118-135-203.ip.linodeusercontent.com - High
200 45.118.136.92 - - High
201 45.119.83.237 - - High
202 45.138.98.34 xtream - High
203 45.142.114.231 mail.dounutmail.de - High
204 45.161.242.102 45-161-242-102.megalink.com.br - High
205 45.176.232.124 - - High
206 45.176.232.125 - - High
207 45.184.36.10 - - High
208 45.184.103.73 - - High
209 45.186.16.18 45-186-16-18.winnet.com.br - High
210 45.230.45.171 - - High
211 45.235.8.30 - - High
212 45.252.251.10 - - High
213 46.4.100.178 support.wizard-shopservice.de - High
214 46.4.192.185 static.185.192.4.46.clients.your-server.de - High
215 46.28.111.142 enkindu.jsuchy.net - High
216 46.30.213.132 - - High
217 46.32.229.152 094882.vps-10.com - High
218 46.32.233.226 yetitoolusa.com - High
219 46.38.238.8 v2202109122001163131.happysrv.de - High
220 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io - High
221 46.49.124.53 - - High
222 46.55.222.11 - - High
223 46.101.58.37 46.101.58.37-e1-8080 - High
224 46.105.81.76 myu0.cylipo.sbs - High
225 46.105.114.137 ns3188253.ip-46-105-114.eu - High
226 46.105.131.68 http.adven.fr - High
227 46.105.131.69 epouventaille.adven.fr - High
228 46.105.131.79 relay.adven.fr - High
229 46.105.131.87 pop.adven.fr - High
230 46.105.236.18 - - High
231 46.165.212.76 - - High
232 46.165.254.206 - - High
233 46.214.107.142 46-214-107-142.next-gen.ro - High
234 47.36.140.164 047-036-140-164.res.spectrum.com - High
235 47.52.19.221 - - High
236 47.110.149.223 - - High
237 47.144.21.37 47-144-21-37.lsan.ca.frontiernet.net - High
238 47.146.32.175 - - High
239 47.146.39.147 - - High
240 47.150.11.161 - - High
241 47.188.131.94 - - High
242 47.201.208.154 - - High
243 47.246.24.225 - - High
244 47.246.24.226 - - High
245 47.246.24.230 - - High
246 47.246.24.232 - - High
247 49.12.121.47 filezilla-project.org - High
248 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz - High
249 49.205.182.134 49.205.182.134.actcorp.in - High
250 49.212.135.76 os3-321-50322.vs.sakura.ne.jp - High
251 49.212.155.94 os3-325-52340.vs.sakura.ne.jp - High
252 50.22.35.194 c2.23.1632.ip4.static.sl-reverse.com - High
253 50.23.248.182 b6.f8.1732.ip4.static.sl-reverse.com - High
254 50.28.51.143 - - High
255 50.30.40.196 usve255301.serverprofi24.com - High
256 50.31.146.101 mail.brillinjurylaw.com - High
257 50.31.174.165 priva28.privatednsorg.com - High
258 50.56.135.44 - - High
259 50.62.176.42 p3plcpnl0515.prod.phx3.secureserver.net - High
260 50.62.176.244 p3plcpnl0728.prod.phx3.secureserver.net - High
261 50.62.194.30 ip-50-62-194-30.ip.secureserver.net - High
262 50.63.8.21 ip-50-63-8-21.ip.secureserver.net - High
263 50.78.167.65 millcreek.cc - High
264 50.87.59.65 50-87-59-65.unifiedlayer.com - High
265 50.87.144.137 gator3103.hostgator.com - High
266 50.87.144.197 gator3161.hostgator.com - High
267 50.87.150.177 50-87-150-177.unifiedlayer.com - High
268 50.91.114.38 050-091-114-038.res.spectrum.com - High
269 50.92.101.60 d50-92-101-60.bchsia.telus.net - High
270 50.116.54.215 li440-215.members.linode.com - High
271 50.116.78.109 intersearchmedia.com - High
272 50.116.86.205 template3.domain.com - High
273 50.116.111.59 its.itsagigdeal.com - High
274 50.121.220.50 static-50-121-220-50.clbg.wv.frontiernet.net - High
275 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net - High
276 51.15.4.22 51-15-4-22.rev.poneytelecom.eu - High
277 51.15.7.145 51-15-7-145.rev.poneytelecom.eu - High
278 51.38.71.0 0.ip-51-38-71.eu - High
279 51.38.124.206 206.ip-51-38-124.eu - High
280 51.38.201.19 ip19.ip-51-38-201.eu - High
281 51.68.141.164 164.ip-51-68-141.eu - High
282 51.68.175.8 vps-9dba3732.vps.ovh.net - High
283 51.68.220.244 vps-7a400d57.vps.ovh.net - High
284 51.75.33.120 ip120.ip-51-75-33.eu - High
285 51.75.33.127 ip127.ip-51-75-33.eu - High
286 51.77.82.125 ip125.51-77-82.iproute.de - High
287 51.77.113.100 titan40.fastworldwideweb.com - High
288 51.79.205.117 vps-c0828464.vps.ovh.ca - High
289 51.89.36.180 ip180.ip-51-89-36.eu - High
290 51.89.199.141 ip141.ip-51-89-199.eu - High
291 51.91.7.5 ns3147667.ip-51-91-7.eu - High
292 51.91.76.89 89.ip-51-91-76.eu - High
293 51.91.142.158 ayome.eu - High
294 51.159.23.217 jambold.co.uk - High
295 51.159.35.157 51-159-35-157.rev.poneytelecom.eu - High
296 51.161.73.194 ip194.ip-51-161-73.net - High
297 51.178.186.134 ip134.ip-51-178-186.eu - High
298 51.210.242.234 vps-36767060.vps.ovh.net - High
299 51.254.137.156 mail.unolan.net - High
300 51.254.140.238 238.ip-51-254-140.eu - High
301 51.255.50.164 vps-b6cfe010.vps.ovh.net - High
302 51.255.165.160 160.ip-51-255-165.eu - High
303 52.18.235.51 ec2-52-18-235-51.eu-west-1.compute.amazonaws.com - Medium
304 52.31.99.185 ec2-52-31-99-185.eu-west-1.compute.amazonaws.com - Medium
305 52.66.202.63 ec2-52-66-202-63.ap-south-1.compute.amazonaws.com - Medium
306 52.96.38.82 - - High
307 52.96.40.242 - - High
308 52.96.62.226 - - High
309 54.36.98.59 59.ip-54-36-98.eu - High
310 54.36.185.60 ip60.ip-54-36-185.eu - High
311 54.37.106.167 ip167.ip-54-37-106.eu - High
312 54.37.228.122 122.ip-54-37-228.eu - High
313 54.37.237.253 ip253.ip-54-37-237.eu - High
314 54.38.94.197 ns3140984.ip-54-38-94.eu - High
315 54.38.143.245 tools.inovato.me - High
316 54.38.143.246 ip246.ip-54-38-143.eu - High
317 54.38.242.185 vps-f3507bbf.vps.ovh.net - High
318 54.88.144.211 va-smtp01.263.net - High
319 58.1.242.115 fntoska030019.oska.fnt.ftth4.ppp.ocn.ne.jp - High
320 58.27.215.3 58-27-215-3.wateen.net - High
321 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp - High
322 58.96.74.42 42.74.96.58.static.exetel.com.au - High
323 58.171.38.26 - - High
324 58.216.16.130 - - High
325 58.227.42.236 - - High
326 59.110.18.236 - - High
327 59.120.5.154 59-120-5-154.hinet-ip.hinet.net - High
328 59.124.1.19 59-124-1-19.hinet-ip.hinet.net - High
329 59.148.253.194 059148253194.ctinets.com - High
330 59.152.93.46 46.93.152.59.zipnetltd.com - High
331 60.36.166.212 imail.mail.plala.or.jp - High
332 60.93.23.51 softbank060093023051.bbtec.net - High
333 60.108.128.186 softbank060108128186.bbtec.net - High
334 60.125.114.64 softbank060125114064.bbtec.net - High
335 60.249.78.226 60-249-78-226.hinet-ip.hinet.net - High
336 61.19.246.238 - - High
337 61.197.37.169 pl937.ag1001.nttpc.ne.jp - High
338 62.28.40.155 exchange.ptasp.com - High
339 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk - High
340 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com - High
341 62.84.75.50 mail.saadegrp.com.lb - High
342 62.141.45.103 vps2009743.fastwebserver.de - High
343 62.149.128.42 imaps.aruba.it - High
344 62.149.128.72 mxd4.aruba.it - High
345 62.149.128.179 pop3s.aruba.it - High
346 62.149.128.200 smtp1.aruba.it - High
347 62.149.128.210 smtpa1.aruba.it - High
348 62.149.152.151 - - High
349 62.149.152.152 - - High
350 62.149.157.55 - - High
351 62.171.142.179 vmi499457.contaboserver.net - High
352 62.171.178.147 vmi365451.contaboserver.net - High
353 62.210.127.136 62-210-127-136.rev.poneytelecom.eu - High
354 62.212.34.102 - - High
355 62.234.99.30 - - High
356 63.142.253.122 - - High
357 64.4.244.68 - - High
358 64.26.60.221 pop5.csee.onr.siteprotect.com - High
359 64.41.126.110 securesmtp.csee.siteprotect.com - High
360 64.59.136.142 mail.shaw.ca - High
361 64.60.82.82 64-60-82-82.static-ip.telepacific.net - High
362 64.71.36.11 - - High
363 64.85.73.16 - - High
364 64.88.202.250 - - High
365 64.90.62.162 pop.dreamhost.com - High
366 64.91.228.45 - - High
367 64.98.36.5 mail.b.hostedemail.com - High
368 64.98.36.173 mail.lawyers-mail.com - High
369 64.183.73.122 rrcs-64-183-73-122.west.biz.rr.com - High
370 64.190.63.136 - - High
371 64.207.182.168 - - High
372 64.227.55.231 - - High
373 64.227.100.222 - - High
374 64.250.117.68 smtp.movistarcloud.com.ve - High
375 65.49.60.163 65-49-60-163.ip.linodeusercontent.com - High
376 65.55.72.183 origin.sn134w.snt134.mail.live.com - High
377 65.156.53.186 65-156-53-186.dia.static.qwest.net - High
378 65.182.102.90 mail.geantes.com - High
379 65.254.228.100 customer.hostcentric.com - High
380 66.23.200.58 - - High
381 66.42.55.5 66.42.55.5.vultrusercontent.com - High
382 66.42.57.149 66.42.57.149.vultrusercontent.com - High
383 66.50.57.73 66-50-57-73.prtc.net - High
384 66.54.51.172 - - High
385 66.71.241.102 mail.nixhost.net - High
386 66.76.26.33 66-76-26-33.hdsncmta01.com.sta.suddenlink.net - High
387 66.96.134.1 1.134.96.66.static.eigbox.net - High
388 66.96.147.103 103.147.96.66.static.eigbox.net - High
389 66.96.147.110 110.147.96.66.static.eigbox.net - High
390 66.195.202.115 mail.navarac.com - High
391 66.209.69.165 - - High
392 66.216.234.131 066-216-234-131.res.spectrum.com - High
393 66.220.110.56 h66-220-110-56.bendor.broadband.dynamic.tds.net - High
394 66.228.32.31 li282-31.members.linode.com - High
395 66.228.45.129 li326-129.members.linode.com - High
396 66.228.61.248 li318-248.members.linode.com - High
397 67.10.155.92 cpe-67-10-155-92.satx.res.rr.com - High
398 67.19.105.107 ns2.datatrust.com.br - High
399 67.68.235.25 bas10-montrealak-67-68-235-25.dsl.bell.ca - High
400 67.163.161.107 c-67-163-161-107.hsd1.pa.comcast.net - High
401 67.170.250.203 c-67-170-250-203.hsd1.ca.comcast.net - High
402 67.177.71.77 c-67-177-71-77.hsd1.al.comcast.net - High
403 67.195.197.75 p9ats-i.geo.vip.bf1.yahoo.com - High
404 67.195.228.95 unknown.yahoo.com - High
405 67.205.162.68 - - High
406 67.212.168.237 237.168.212.67.unassigned.ord.singlehop.net - High
407 67.216.131.134 134.131.216.67.134.static.hargray.net - High
408 67.222.2.148 - - High
409 67.225.218.50 lb01.parklogic.com - High
410 67.225.221.173 host.hddpool2.net - High
411 67.225.229.55 - - High
412 67.241.81.253 cpe-67-241-81-253.twcny.res.rr.com - High
413 68.2.97.91 ip68-2-97-91.ph.ph.cox.net - High
414 68.44.137.144 c-68-44-137-144.hsd1.in.comcast.net - High
415 68.66.194.12 68.66.194.12.static.a2webhosting.com - High
416 68.66.248.6 nl1-ls1.a2hosting.com - High
417 68.178.213.203 p3plibsmtp03-v01.prod.phx3.secureserver.net - High
418 68.183.62.61 - - High
419 68.183.91.111 romeo.samplebox.in - High
420 68.183.93.250 - - High
421 68.183.170.114 68.183.170.114-e1-8080-keep-up - High
422 68.183.190.199 68.183.190.199-e1-8080-keep-up - High
423 68.183.233.80 - - High
424 69.16.218.101 - - High
425 69.16.228.14 kurt.duplika.com - High
426 69.16.254.127 cloudvpsserver.etelligens.in - High
427 69.17.170.58 unallocated-static.rogers.com - High
428 69.43.168.200 ns0.imunplugged.com - High
429 69.43.168.232 - - High
430 ... ... ... ...

There are 1714 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-36 Pathname Traversal High
2 T1040 CWE-294, CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin/addemployee.php High
2 File /admin/del.php High
3 File /admin/delete.php High
4 File /admin/delstu.php High
5 File /admin/login.php High
6 File /admin/products/controller.php?action=add High
7 File /bd_genie_create_account.cgi High
8 File /categories/view_category.php High
9 File /cgi-bin/ExportSettings.sh High
10 File /cgi-bin/wlogin.cgi High
11 File /classes/Master.php?f=delete_img High
12 File /debug/pprof Medium
13 File /defaultui/player/modern.html High
14 File /etc/ciel.cfg High
15 File /etc/srapi/config/system.conf High
16 File /filemanager/ajax_calls.php High
17 File /goform/addRouting High
18 File /goform/Diagnosis High
19 File /goform/form2userconfig.cgi High
20 File /goform/NTPSyncWithHost High
21 File /goform/SetIpMacBind High
22 File /goform/setMAC High
23 File /goform/setPptpUserList High
24 File /goform/SystemCommand High
25 ... ... ...

There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!