mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-06-20 14:09:10 +00:00
| .. | ||
| README.md | ||
Emotet - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
There are 3 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.
| ID | IP address | Hostname | Campaign | Confidence |
|---|---|---|---|---|
| 1 | 1.186.249.82 | 1.186.249.82.dvois.com | - | High |
| 2 | 1.226.84.243 | - | - | High |
| 3 | 1.234.2.232 | - | - | High |
| 4 | 1.234.21.73 | - | - | High |
| 5 | 2.47.112.152 | net-2-47-112-152.cust.vodafonedsl.it | - | High |
| 6 | 2.58.16.86 | - | - | High |
| 7 | 2.58.16.89 | - | - | High |
| 8 | 2.82.75.215 | bl21-75-215.dsl.telepac.pt | - | High |
| 9 | 5.2.75.167 | coms.a9v34.com.cn | - | High |
| 10 | 5.2.84.232 | momos.alastyr.com | - | High |
| 11 | 5.2.136.90 | static-5-2-136-90.rdsnet.ro | - | High |
| 12 | 5.2.182.7 | static-5-2-182-7.rdsnet.ro | - | High |
| 13 | 5.2.212.254 | static-5-2-212-254.rdsnet.ro | - | High |
| 14 | 5.9.49.12 | static.12.49.9.5.clients.your-server.de | - | High |
| 15 | 5.9.116.246 | static.246.116.9.5.clients.your-server.de | - | High |
| 16 | 5.9.128.163 | static.163.128.9.5.clients.your-server.de | - | High |
| 17 | 5.9.189.24 | static.24.189.9.5.clients.your-server.de | - | High |
| 18 | 5.12.246.155 | 5-12-246-155.residential.rdsnet.ro | - | High |
| 19 | 5.35.249.46 | rs250366.rs.hosteurope.de | - | High |
| 20 | 5.39.69.166 | ns340204.ip-5-39-69.eu | - | High |
| 21 | 5.39.84.48 | ns3126815.ip-5-39-84.eu | - | High |
| 22 | 5.39.91.110 | ns3278366.ip-5-39-91.eu | - | High |
| 23 | 5.45.108.146 | cosmo.jumpingcrab.com | - | High |
| 24 | 5.56.56.146 | sites1.tucomunidad.cloud | - | High |
| 25 | 5.79.70.250 | - | - | High |
| 26 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | - | High |
| 27 | 5.101.138.188 | uk.mthservers.com | - | High |
| 28 | 5.159.57.195 | www-riedle.transfermarkt.de | - | High |
| 29 | 5.196.35.138 | vps10.open-techno.net | - | High |
| 30 | 5.196.73.150 | ns3000085.ip-5-196-73.eu | - | High |
| 31 | 5.196.133.206 | pixelfed.hosnet.fr | - | High |
| 32 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | - | High |
| 33 | 8.4.9.137 | onlinehorizons.net | - | High |
| 34 | 8.247.6.134 | - | - | High |
| 35 | 8.248.153.254 | - | - | High |
| 36 | 8.248.163.254 | - | - | High |
| 37 | 8.249.219.254 | - | - | High |
| 38 | 8.249.241.254 | - | - | High |
| 39 | 8.253.45.214 | - | - | High |
| 40 | 8.253.131.121 | - | - | High |
| 41 | 12.6.148.4 | mail.carters.com | - | High |
| 42 | 12.6.183.21 | - | - | High |
| 43 | 12.32.68.154 | mail.sealscoinc.com | - | High |
| 44 | 12.149.72.170 | - | - | High |
| 45 | 12.162.84.2 | - | - | High |
| 46 | 12.163.208.58 | - | - | High |
| 47 | 12.182.146.226 | - | - | High |
| 48 | 12.184.217.101 | - | - | High |
| 49 | 12.222.134.10 | - | - | High |
| 50 | 12.238.114.130 | - | - | High |
| 51 | 13.107.21.200 | - | - | High |
| 52 | 14.49.39.215 | - | - | High |
| 53 | 17.36.205.74 | - | - | High |
| 54 | 17.56.136.171 | p74-smtp.mail.icloud.com | - | High |
| 55 | 18.209.113.128 | ec2-18-209-113-128.compute-1.amazonaws.com | - | Medium |
| 56 | 18.211.9.206 | ec2-18-211-9-206.compute-1.amazonaws.com | - | Medium |
| 57 | 18.217.99.164 | ec2-18-217-99-164.us-east-2.compute.amazonaws.com | - | Medium |
| 58 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High |
| 59 | 23.3.13.146 | a23-3-13-146.deploy.static.akamaitechnologies.com | - | High |
| 60 | 23.3.13.153 | a23-3-13-153.deploy.static.akamaitechnologies.com | - | High |
| 61 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High |
| 62 | 23.5.231.225 | a23-5-231-225.deploy.static.akamaitechnologies.com | - | High |
| 63 | 23.6.65.194 | a23-6-65-194.deploy.static.akamaitechnologies.com | - | High |
| 64 | 23.6.69.99 | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High |
| 65 | 23.36.85.183 | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High |
| 66 | 23.41.248.194 | a23-41-248-194.deploy.static.akamaitechnologies.com | - | High |
| 67 | 23.46.53.71 | a23-46-53-71.deploy.static.akamaitechnologies.com | - | High |
| 68 | 23.46.238.193 | a23-46-238-193.deploy.static.akamaitechnologies.com | - | High |
| 69 | 23.46.238.194 | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High |
| 70 | 23.46.238.232 | a23-46-238-232.deploy.static.akamaitechnologies.com | - | High |
| 71 | 23.52.7.20 | a23-52-7-20.deploy.static.akamaitechnologies.com | - | High |
| 72 | 23.67.200.172 | a23-67-200-172.deploy.static.akamaitechnologies.com | - | High |
| 73 | 23.67.202.10 | a23-67-202-10.deploy.static.akamaitechnologies.com | - | High |
| 74 | 23.95.95.18 | 23-95-95-18-host.colocrossing.com | - | High |
| 75 | 23.111.156.118 | 23-111-156-118.static.hvvc.us | - | High |
| 76 | 23.197.19.180 | a23-197-19-180.deploy.static.akamaitechnologies.com | - | High |
| 77 | 23.199.63.11 | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High |
| 78 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High |
| 79 | 23.218.127.164 | a23-218-127-164.deploy.static.akamaitechnologies.com | - | High |
| 80 | 23.218.141.31 | a23-218-141-31.deploy.static.akamaitechnologies.com | - | High |
| 81 | 23.221.50.122 | a23-221-50-122.deploy.static.akamaitechnologies.com | - | High |
| 82 | 23.227.38.64 | shops.myshopify.com | - | High |
| 83 | 23.229.115.217 | - | - | High |
| 84 | 23.229.190.0 | ip-23-229-190-0.ip.secureserver.net | - | High |
| 85 | 23.239.2.11 | li683-11.members.linode.com | - | High |
| 86 | 23.254.203.51 | hwsrv-779084.hostwindsdns.com | - | High |
| 87 | 24.40.239.62 | 24-40-239-62.fidnet.com | - | High |
| 88 | 24.43.99.75 | rrcs-24-43-99-75.west.biz.rr.com | - | High |
| 89 | 24.101.229.82 | dynamic-acs-24-101-229-82.zoominternet.net | - | High |
| 90 | 24.116.40.208 | 24-116-40-208.cpe.sparklight.net | - | High |
| 91 | 24.119.116.230 | 24-119-116-230.cpe.sparklight.net | - | High |
| 92 | 24.121.176.48 | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High |
| 93 | 24.137.76.62 | host-24-137-76-62.public.eastlink.ca | - | High |
| 94 | 24.178.90.49 | 024-178-090-049.res.spectrum.com | - | High |
| 95 | 24.179.13.119 | 024-179-013-119.res.spectrum.com | - | High |
| 96 | 24.190.11.79 | ool-18be0b4f.dyn.optonline.net | - | High |
| 97 | 24.201.79.34 | modemcable034.79-201-24.mc.videotron.ca | - | High |
| 98 | 24.203.4.40 | modemcable040.4-203-24.mc.videotron.ca | - | High |
| 99 | 24.217.117.217 | 024-217-117-217.res.spectrum.com | - | High |
| 100 | 24.232.0.227 | smtp.fibertel.com.ar | - | High |
| 101 | 24.232.228.233 | OL233-228.fibertel.com.ar | - | High |
| 102 | 24.244.177.40 | - | - | High |
| 103 | 27.50.89.209 | 27-50-89-209.as45671.net | - | High |
| 104 | 27.78.27.110 | localhost | - | High |
| 105 | 27.82.13.10 | KD027082013010.ppp-bb.dion.ne.jp | - | High |
| 106 | 27.109.24.214 | - | - | High |
| 107 | 27.114.9.93 | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High |
| 108 | 27.254.81.87 | cloud-linux09.thaidata.net | - | High |
| 109 | 31.3.135.232 | mirror.tillo.ch | - | High |
| 110 | 31.24.158.56 | bm.servidoresdedicados.com | - | High |
| 111 | 31.167.248.50 | - | - | High |
| 112 | 31.172.86.183 | - | - | High |
| 113 | 34.117.59.81 | 81.59.117.34.bc.googleusercontent.com | - | Medium |
| 114 | 34.192.19.33 | ec2-34-192-19-33.compute-1.amazonaws.com | - | Medium |
| 115 | 35.184.245.68 | 68.245.184.35.bc.googleusercontent.com | - | Medium |
| 116 | 35.190.87.116 | 116.87.190.35.bc.googleusercontent.com | - | Medium |
| 117 | 35.203.98.50 | 50.98.203.35.bc.googleusercontent.com | - | Medium |
| 118 | 35.213.151.141 | 141.151.213.35.bc.googleusercontent.com | - | Medium |
| 119 | 35.214.151.75 | 75.151.214.35.bc.googleusercontent.com | - | Medium |
| 120 | 36.91.44.183 | - | - | High |
| 121 | 37.9.175.14 | 14.175.9.37.in-addr.arpa.websupport.sk | - | High |
| 122 | 37.46.129.215 | we-too.ru | - | High |
| 123 | 37.97.135.82 | 37-97-135-82.colo.transip.net | - | High |
| 124 | 37.120.175.15 | v220220112692175454.nicesrv.de | - | High |
| 125 | 37.139.21.175 | 37.139.21.175-e2-8080-keep-up | - | High |
| 126 | 37.179.204.33 | - | - | High |
| 127 | 37.187.4.178 | ks2.kku.io | - | High |
| 128 | 37.187.5.82 | ks3370412.kimsufi.com | - | High |
| 129 | 37.187.56.166 | - | - | High |
| 130 | 37.187.57.57 | ns3357940.ovh.net | - | High |
| 131 | 37.187.72.193 | ns3362285.ip-37-187-72.eu | - | High |
| 132 | 37.187.161.206 | toolbox.alabs.io | - | High |
| 133 | 37.205.9.252 | s1.ithelp24.eu | - | High |
| 134 | 37.221.70.250 | b2b-customer.inftele.net | - | High |
| 135 | 37.228.137.204 | wiki.lmap.ir | - | High |
| 136 | 37.247.101.241 | server241.turkwebdizayn.com | - | High |
| 137 | 40.97.124.18 | - | - | High |
| 138 | 41.76.108.46 | - | - | High |
| 139 | 41.169.20.147 | - | - | High |
| 140 | 41.169.36.237 | - | - | High |
| 141 | 41.185.28.84 | brf01-nix01.wadns.net | - | High |
| 142 | 41.185.29.128 | abp79-nix01.wadns.net | - | High |
| 143 | 41.190.32.8 | smtp11.utande.co.zw | - | High |
| 144 | 41.203.62.170 | - | - | High |
| 145 | 41.204.202.41 | www41.cpt2.host-h.net | - | High |
| 146 | 41.231.225.139 | - | - | High |
| 147 | 42.62.40.103 | - | - | High |
| 148 | 43.229.62.186 | rocket-cheese.bnr.la | - | High |
| 149 | 45.16.226.117 | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High |
| 150 | 45.33.35.103 | li985-103.members.linode.com | - | High |
| 151 | 45.33.54.74 | li1004-74.members.linode.com | - | High |
| 152 | 45.33.77.42 | li1023-42.members.linode.com | - | High |
| 153 | 45.46.37.97 | cpe-45-46-37-97.maine.res.rr.com | - | High |
| 154 | 45.55.36.51 | - | - | High |
| 155 | 45.55.82.2 | - | - | High |
| 156 | 45.55.179.121 | - | - | High |
| 157 | 45.55.219.163 | - | - | High |
| 158 | 45.56.88.91 | 45-56-88-91.ip.linodeusercontent.com | - | High |
| 159 | 45.56.127.75 | li945-75.members.linode.com | - | High |
| 160 | 45.59.204.133 | rrcs-45-59-204-133.west.biz.rr.com | - | High |
| 161 | 45.76.176.10 | 45.76.176.10.vultrusercontent.com | - | High |
| 162 | 45.77.154.161 | 45.77.154.161.vultrusercontent.com | - | High |
| 163 | 45.79.95.107 | li1194-107.members.linode.com | - | High |
| 164 | 45.79.173.200 | 45-79-173-200.ip.linodeusercontent.com | - | High |
| 165 | 45.79.188.67 | li1287-67.members.linode.com | - | High |
| 166 | 45.80.148.200 | - | - | High |
| 167 | 45.118.115.99 | - | - | High |
| 168 | 45.118.135.203 | 45-118-135-203.ip.linodeusercontent.com | - | High |
| 169 | 45.118.136.92 | - | - | High |
| 170 | 45.119.83.237 | - | - | High |
| 171 | 45.142.114.231 | mail.dounutmail.de | - | High |
| 172 | 45.176.232.124 | - | - | High |
| 173 | 45.230.45.171 | - | - | High |
| 174 | 45.252.251.10 | - | - | High |
| 175 | 46.4.100.178 | support.wizard-shopservice.de | - | High |
| 176 | 46.4.192.185 | static.185.192.4.46.clients.your-server.de | - | High |
| 177 | 46.28.111.142 | enkindu.jsuchy.net | - | High |
| 178 | 46.30.213.132 | - | - | High |
| 179 | 46.32.229.152 | 094882.vps-10.com | - | High |
| 180 | 46.32.233.226 | yetitoolusa.com | - | High |
| 181 | 46.38.238.8 | v2202109122001163131.happysrv.de | - | High |
| 182 | 46.43.2.95 | chris.default.cjenkinson.uk0.bigv.io | - | High |
| 183 | 46.49.124.53 | - | - | High |
| 184 | 46.55.222.11 | - | - | High |
| 185 | 46.101.58.37 | 46.101.58.37-e1-8080 | - | High |
| 186 | 46.105.81.76 | myu0.cylipo.sbs | - | High |
| 187 | 46.105.114.137 | ns3188253.ip-46-105-114.eu | - | High |
| 188 | 46.105.131.68 | http.adven.fr | - | High |
| 189 | 46.105.131.69 | epouventaille.adven.fr | - | High |
| 190 | 46.105.131.79 | relay.adven.fr | - | High |
| 191 | 46.105.131.87 | pop.adven.fr | - | High |
| 192 | 46.105.236.18 | - | - | High |
| 193 | 46.165.212.76 | - | - | High |
| 194 | 46.165.254.206 | - | - | High |
| 195 | 46.214.107.142 | 46-214-107-142.next-gen.ro | - | High |
| 196 | 47.36.140.164 | 047-036-140-164.res.spectrum.com | - | High |
| 197 | 47.52.19.221 | - | - | High |
| 198 | 47.146.32.175 | - | - | High |
| 199 | 47.146.39.147 | - | - | High |
| 200 | 47.150.11.161 | - | - | High |
| 201 | 47.188.131.94 | - | - | High |
| 202 | 47.201.208.154 | - | - | High |
| 203 | 47.246.24.225 | - | - | High |
| 204 | 47.246.24.226 | - | - | High |
| 205 | 47.246.24.230 | - | - | High |
| 206 | 47.246.24.232 | - | - | High |
| 207 | 49.12.121.47 | filezilla-project.org | - | High |
| 208 | 49.50.209.131 | 131.host-49-50-209.euba.megatel.co.nz | - | High |
| 209 | 49.212.135.76 | os3-321-50322.vs.sakura.ne.jp | - | High |
| 210 | 49.212.155.94 | os3-325-52340.vs.sakura.ne.jp | - | High |
| 211 | 50.22.35.194 | c2.23.1632.ip4.static.sl-reverse.com | - | High |
| 212 | 50.23.248.182 | b6.f8.1732.ip4.static.sl-reverse.com | - | High |
| 213 | 50.28.51.143 | - | - | High |
| 214 | 50.30.40.196 | usve255301.serverprofi24.com | - | High |
| 215 | 50.31.146.101 | mail.brillinjurylaw.com | - | High |
| 216 | 50.31.174.165 | priva28.privatednsorg.com | - | High |
| 217 | 50.56.135.44 | - | - | High |
| 218 | 50.62.176.42 | p3plcpnl0515.prod.phx3.secureserver.net | - | High |
| 219 | 50.62.176.244 | p3plcpnl0728.prod.phx3.secureserver.net | - | High |
| 220 | 50.62.194.30 | ip-50-62-194-30.ip.secureserver.net | - | High |
| 221 | 50.63.8.21 | ip-50-63-8-21.ip.secureserver.net | - | High |
| 222 | 50.78.167.65 | millcreek.cc | - | High |
| 223 | 50.87.59.65 | 50-87-59-65.unifiedlayer.com | - | High |
| 224 | 50.87.144.137 | gator3103.hostgator.com | - | High |
| 225 | 50.87.144.197 | gator3161.hostgator.com | - | High |
| 226 | 50.87.150.177 | 50-87-150-177.unifiedlayer.com | - | High |
| 227 | 50.91.114.38 | 050-091-114-038.res.spectrum.com | - | High |
| 228 | 50.92.101.60 | d50-92-101-60.bchsia.telus.net | - | High |
| 229 | 50.116.54.215 | li440-215.members.linode.com | - | High |
| 230 | 50.116.78.109 | intersearchmedia.com | - | High |
| 231 | 50.116.86.205 | template3.domain.com | - | High |
| 232 | 50.121.220.50 | static-50-121-220-50.clbg.wv.frontiernet.net | - | High |
| 233 | 50.245.107.73 | 50-245-107-73-static.hfc.comcastbusiness.net | - | High |
| 234 | 51.15.4.22 | 51-15-4-22.rev.poneytelecom.eu | - | High |
| 235 | 51.15.7.145 | 51-15-7-145.rev.poneytelecom.eu | - | High |
| 236 | 51.38.124.206 | 206.ip-51-38-124.eu | - | High |
| 237 | 51.38.201.19 | ip19.ip-51-38-201.eu | - | High |
| 238 | 51.68.175.8 | vps-9dba3732.vps.ovh.net | - | High |
| 239 | 51.68.220.244 | vps-7a400d57.vps.ovh.net | - | High |
| 240 | 51.75.33.120 | ip120.ip-51-75-33.eu | - | High |
| 241 | 51.75.33.127 | ip127.ip-51-75-33.eu | - | High |
| 242 | 51.77.113.100 | titan40.fastworldwideweb.com | - | High |
| 243 | 51.89.36.180 | ip180.ip-51-89-36.eu | - | High |
| 244 | 51.89.199.141 | ip141.ip-51-89-199.eu | - | High |
| 245 | 51.91.7.5 | ns3147667.ip-51-91-7.eu | - | High |
| 246 | 51.91.76.89 | 89.ip-51-91-76.eu | - | High |
| 247 | 51.159.23.217 | jambold.co.uk | - | High |
| 248 | 51.159.35.157 | 51-159-35-157.rev.poneytelecom.eu | - | High |
| 249 | 51.254.137.156 | mail.unolan.net | - | High |
| 250 | 51.254.140.238 | 238.ip-51-254-140.eu | - | High |
| 251 | 51.255.50.164 | vps-b6cfe010.vps.ovh.net | - | High |
| 252 | 51.255.165.160 | 160.ip-51-255-165.eu | - | High |
| 253 | 52.31.99.185 | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium |
| 254 | 52.66.202.63 | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium |
| 255 | 52.96.38.82 | - | - | High |
| 256 | 52.96.40.242 | - | - | High |
| 257 | 52.96.62.226 | - | - | High |
| 258 | 54.36.185.60 | ip60.ip-54-36-185.eu | - | High |
| 259 | 54.38.94.197 | ns3140984.ip-54-38-94.eu | - | High |
| 260 | 54.38.143.245 | tools.inovato.me | - | High |
| 261 | 54.88.144.211 | va-smtp01.263.net | - | High |
| 262 | 58.27.215.3 | 58-27-215-3.wateen.net | - | High |
| 263 | 58.94.58.13 | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High |
| 264 | 58.96.74.42 | 42.74.96.58.static.exetel.com.au | - | High |
| 265 | 58.171.38.26 | - | - | High |
| 266 | 58.216.16.130 | - | - | High |
| 267 | 58.227.42.236 | - | - | High |
| 268 | 59.110.18.236 | - | - | High |
| 269 | 59.120.5.154 | 59-120-5-154.hinet-ip.hinet.net | - | High |
| 270 | 59.124.1.19 | 59-124-1-19.hinet-ip.hinet.net | - | High |
| 271 | 59.148.253.194 | 059148253194.ctinets.com | - | High |
| 272 | 59.152.93.46 | 46.93.152.59.zipnetltd.com | - | High |
| 273 | 60.36.166.212 | imail.mail.plala.or.jp | - | High |
| 274 | 60.93.23.51 | softbank060093023051.bbtec.net | - | High |
| 275 | 60.108.128.186 | softbank060108128186.bbtec.net | - | High |
| 276 | 60.125.114.64 | softbank060125114064.bbtec.net | - | High |
| 277 | 60.249.78.226 | 60-249-78-226.hinet-ip.hinet.net | - | High |
| 278 | 61.19.246.238 | - | - | High |
| 279 | 61.197.37.169 | pl937.ag1001.nttpc.ne.jp | - | High |
| 280 | 62.28.40.155 | exchange.ptasp.com | - | High |
| 281 | 62.30.7.67 | 67.7-30-62.static.virginmediabusiness.co.uk | - | High |
| 282 | 62.75.141.82 | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High |
| 283 | 62.84.75.50 | mail.saadegrp.com.lb | - | High |
| 284 | 62.141.45.103 | vps2009743.fastwebserver.de | - | High |
| 285 | 62.149.128.42 | imaps.aruba.it | - | High |
| 286 | 62.149.128.72 | mxd4.aruba.it | - | High |
| 287 | 62.149.128.179 | pop3s.aruba.it | - | High |
| 288 | 62.149.128.200 | smtp1.aruba.it | - | High |
| 289 | 62.149.128.210 | smtpa1.aruba.it | - | High |
| 290 | 62.149.152.151 | - | - | High |
| 291 | 62.149.152.152 | - | - | High |
| 292 | 62.149.157.55 | - | - | High |
| 293 | 62.171.142.179 | vmi499457.contaboserver.net | - | High |
| 294 | 62.171.178.147 | vmi365451.contaboserver.net | - | High |
| 295 | 62.210.127.136 | 62-210-127-136.rev.poneytelecom.eu | - | High |
| 296 | 62.212.34.102 | - | - | High |
| 297 | 62.234.99.30 | - | - | High |
| 298 | 63.142.253.122 | - | - | High |
| 299 | 64.4.244.68 | - | - | High |
| 300 | 64.26.60.221 | pop5.csee.onr.siteprotect.com | - | High |
| 301 | 64.41.126.110 | securesmtp.csee.siteprotect.com | - | High |
| 302 | 64.59.136.142 | mail.shaw.ca | - | High |
| 303 | 64.60.82.82 | 64-60-82-82.static-ip.telepacific.net | - | High |
| 304 | 64.71.36.11 | - | - | High |
| 305 | 64.85.73.16 | - | - | High |
| 306 | 64.88.202.250 | - | - | High |
| 307 | 64.90.62.162 | pop.dreamhost.com | - | High |
| 308 | 64.91.228.45 | - | - | High |
| 309 | 64.98.36.5 | mail.b.hostedemail.com | - | High |
| 310 | 64.98.36.173 | mail.lawyers-mail.com | - | High |
| 311 | 64.183.73.122 | rrcs-64-183-73-122.west.biz.rr.com | - | High |
| 312 | 64.190.63.136 | - | - | High |
| 313 | 64.207.182.168 | - | - | High |
| 314 | 64.250.117.68 | smtp.movistarcloud.com.ve | - | High |
| 315 | 65.49.60.163 | 65-49-60-163.ip.linodeusercontent.com | - | High |
| 316 | 65.55.72.183 | origin.sn134w.snt134.mail.live.com | - | High |
| 317 | 65.182.102.90 | mail.geantes.com | - | High |
| 318 | 65.254.228.100 | customer.hostcentric.com | - | High |
| 319 | 66.23.200.58 | - | - | High |
| 320 | 66.42.55.5 | 66.42.55.5.vultrusercontent.com | - | High |
| 321 | 66.50.57.73 | 66-50-57-73.prtc.net | - | High |
| 322 | 66.54.51.172 | - | - | High |
| 323 | 66.71.241.102 | mail.nixhost.net | - | High |
| 324 | 66.76.26.33 | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High |
| 325 | 66.96.134.1 | 1.134.96.66.static.eigbox.net | - | High |
| 326 | 66.96.147.103 | 103.147.96.66.static.eigbox.net | - | High |
| 327 | 66.96.147.110 | 110.147.96.66.static.eigbox.net | - | High |
| 328 | 66.195.202.115 | mail.navarac.com | - | High |
| 329 | 66.209.69.165 | - | - | High |
| 330 | 66.216.234.131 | 066-216-234-131.res.spectrum.com | - | High |
| 331 | 66.220.110.56 | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High |
| 332 | 66.228.32.31 | li282-31.members.linode.com | - | High |
| 333 | 66.228.45.129 | li326-129.members.linode.com | - | High |
| 334 | 66.228.61.248 | li318-248.members.linode.com | - | High |
| 335 | 67.19.105.107 | ns2.datatrust.com.br | - | High |
| 336 | 67.68.235.25 | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High |
| 337 | 67.163.161.107 | c-67-163-161-107.hsd1.pa.comcast.net | - | High |
| 338 | 67.170.250.203 | c-67-170-250-203.hsd1.ca.comcast.net | - | High |
| 339 | 67.177.71.77 | c-67-177-71-77.hsd1.al.comcast.net | - | High |
| 340 | 67.195.197.75 | p9ats-i.geo.vip.bf1.yahoo.com | - | High |
| 341 | 67.195.228.95 | unknown.yahoo.com | - | High |
| 342 | 67.212.168.237 | 237.168.212.67.unassigned.ord.singlehop.net | - | High |
| 343 | 67.216.131.134 | 134.131.216.67.134.static.hargray.net | - | High |
| 344 | 67.222.2.148 | - | - | High |
| 345 | 67.225.218.50 | lb01.parklogic.com | - | High |
| 346 | 67.225.221.173 | host.hddpool2.net | - | High |
| 347 | 67.225.229.55 | - | - | High |
| 348 | 67.241.81.253 | cpe-67-241-81-253.twcny.res.rr.com | - | High |
| 349 | 68.2.97.91 | ip68-2-97-91.ph.ph.cox.net | - | High |
| 350 | 68.44.137.144 | c-68-44-137-144.hsd1.in.comcast.net | - | High |
| 351 | 68.66.194.12 | 68.66.194.12.static.a2webhosting.com | - | High |
| 352 | 68.66.248.6 | nl1-ls1.a2hosting.com | - | High |
| 353 | 68.178.213.203 | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High |
| 354 | 68.183.62.61 | - | - | High |
| 355 | 68.183.170.114 | 68.183.170.114-e1-8080-keep-up | - | High |
| 356 | 68.183.190.199 | 68.183.190.199-e1-8080-keep-up | - | High |
| 357 | 69.16.228.14 | kurt.duplika.com | - | High |
| 358 | 69.16.254.127 | cloudvpsserver.etelligens.in | - | High |
| 359 | 69.17.170.58 | unallocated-static.rogers.com | - | High |
| 360 | 69.43.168.200 | ns0.imunplugged.com | - | High |
| 361 | 69.43.168.232 | - | - | High |
| 362 | 69.45.19.251 | coastinet.com | - | High |
| 363 | 69.61.0.198 | alpha01.serverparlor.net | - | High |
| 364 | 69.147.92.11 | e1.ycpi.vip.dca.yahoo.com | - | High |
| 365 | 69.147.92.12 | e2.ycpi.vip.dca.yahoo.com | - | High |
| 366 | 69.156.240.33 | smtp.transportalliance.ca | - | High |
| 367 | 69.163.33.82 | - | - | High |
| 368 | 69.167.152.111 | - | - | High |
| 369 | 69.168.106.36 | mail.windstream.syn-alias.com | - | High |
| 370 | 69.175.31.212 | 212.31.175.69.unassigned.ord.singlehop.net | - | High |
| 371 | 69.198.17.20 | 69-198-17-20.customerip.birch.net | - | High |
| 372 | 69.198.17.49 | 69-198-17-49.customerip.birch.net | - | High |
| 373 | 70.32.84.74 | - | - | High |
| 374 | 70.32.89.105 | parties-at-sea.com | - | High |
| 375 | 70.32.92.133 | popdesigngroup.com | - | High |
| 376 | ... | ... | ... | ... |
There are 1498 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.
| ID | Technique | Weakness | Description | Confidence |
|---|---|---|---|---|
| 1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High |
| 2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High |
| 3 | T1055 | CWE-74 | Injection | High |
| 4 | T1059 | CWE-94 | Cross Site Scripting | High |
| 5 | ... | ... | ... | ... |
There are 17 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.
| ID | Type | Indicator | Confidence |
|---|---|---|---|
| 1 | File | /action/import_cert_file/ |
High |
| 2 | File | /action/import_https_cert_file/ |
High |
| 3 | File | /action/remove/ |
High |
| 4 | File | /admin/inquiries/view_details.php |
High |
| 5 | File | /api/user/userData?userCode=admin |
High |
| 6 | File | /ci_hms/massage_room/edit/1 |
High |
| 7 | File | /ci_hms/search |
High |
| 8 | File | /ci_ssms/index.php/orders/create |
High |
| 9 | File | /classes/Master.php?f=delete_message |
High |
| 10 | File | /classes/Master.php?f=delete_reservation |
High |
| 11 | File | /classes/Master.php?f=delete_schedule |
High |
| 12 | File | /classes/Master.php?f=delete_service |
High |
| 13 | ... | ... | ... |
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://asec.ahnlab.com/en/31083/
- https://asec.ahnlab.com/en/31429/
- https://asec.ahnlab.com/en/31535/
- https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
- https://blog.talosintelligence.com/2018/07/threat-roundup-0720-0727.html
- https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
- https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
- https://blog.talosintelligence.com/2018/12/threat-roundup-1130-1207.html
- https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html
- https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html
- https://blog.talosintelligence.com/2019/01/threat-roundup-0118-0125.html
- https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html
- https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0419-to-0426.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0517-0524.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
- https://blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html
- https://blog.talosintelligence.com/2019/09/threat-roundup-0906-0913.html
- https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
- https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0221-0228.html
- https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
- https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
- https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html
- https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
- https://blog.talosintelligence.com/2020/06/threat-roundup-0619-0626.html
- https://blog.talosintelligence.com/2020/07/threat-roundup-0703-0710.html
- https://blog.talosintelligence.com/2020/07/threat-roundup-0710-0717.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0828-0904.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-0925-1002.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1002-1009.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1016-1023.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
- https://blog.talosintelligence.com/2020/11/threat-roundup-1030-1106.html
- https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
- https://blog.talosintelligence.com/2021/01/threat-roundup-0115-0122.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0723-0730.html
- https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
- https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
- https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
- https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
- https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
- https://blog.talosintelligence.com/2022/03/threat-roundup-0225-0304.html
- https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
- https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
- https://blogs.blackberry.com/en/2017/12/threat-spotlight-emotet-infostealer-malware
- https://blogs.cisco.com/security/emotet-is-back
- https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
- https://cyber.wtf/2021/11/15/guess-whos-back/
- https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
- https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_05.02.2022.txt
- https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_24.03.2022.txt
- https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
- https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
- https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
- https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
- https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
- https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
- https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
- https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
- https://lawiet47.github.io/malware_writeups/Emotet/
- https://pastebin.com/gT80R12S
- https://pastebin.com/uPn1zM6b
- https://unit42.paloaltonetworks.com/emotet-command-and-control/
- https://www.cert.pl/en/posts/2017/05/analysis-of-emotet-v4/
- https://www.malware-traffic-analysis.net/2022/06/07/index2.html
- https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!