Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-30 19:03:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
86c2daab23
cyber_threat_intelligence/actors/Emotet
History
Marc Ruef 97f76b17a8 Update March 2023
2023-03-31 09:30:34 +02:00
..
README.md Update March 2023 2023-03-31 09:30:34 +02:00

README.md

Emotet - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

There are 9 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Campaign Confidence
1 1.5.141.72 - - High
2 1.21.136.179 - - High
3 1.40.193.129 - - High
4 1.48.7.221 - - High
5 1.48.131.141 - - High
6 1.53.34.223 - - High
7 1.74.7.221 mo1-74-7-221.air.mopera.net - High
8 1.104.7.221 - - High
9 1.120.193.129 cpe-1-120-193-129.4cbp-r-037.cha.qld.bigpond.net.au - High
10 1.125.7.221 - - High
11 1.128.131.141 - - High
12 1.137.72.0 - - High
13 1.139.72.13 - - High
14 1.139.72.14 - - High
15 1.139.72.207 - - High
16 1.142.132.15 - - High
17 1.186.249.82 1.186.249.82.dvois.com - High
18 1.192.235.164 - - High
19 1.220.7.221 - - High
20 1.221.254.82 - - High
21 1.223.7.221 - - High
22 1.226.84.243 - - High
23 1.234.2.232 - - High
24 1.234.21.73 - - High
25 1.234.65.61 - - High
26 1.238.233.0 - - High
27 2.36.95.106 net-2-36-95-106.cust.vodafonedsl.it - High
28 2.38.7.221 net-2-38-7-221.cust.vodafonedsl.it - High
29 2.40.128.139 net-2-40-128-139.cust.vodafonedsl.it - High
30 2.40.129.139 net-2-40-129-139.cust.vodafonedsl.it - High
31 2.45.176.233 net-2-45-176-233.cust.vodafonedsl.it - High
32 2.47.112.152 net-2-47-112-152.cust.vodafonedsl.it - High
33 2.58.16.86 - - High
34 2.58.16.87 - - High
35 2.58.16.88 - - High
36 2.58.16.89 - - High
37 2.80.112.146 bl19-112-146.dsl.telepac.pt - High
38 2.82.75.215 bl21-75-215.dsl.telepac.pt - High
39 2.84.12.98 ppp-2-84-12-98.home.otenet.gr - High
40 2.144.244.204 - - High
41 2.195.172.209 - - High
42 2.206.233.1 dslb-002-206-233-001.002.206.pools.vodafone-ip.de - High
43 2.214.46.14 dynamic-002-214-046-014.2.214.pool.telefonica.de - High
44 2.237.76.249 2-237-76-249.ip237.fastwebnet.it - High
45 3.187.12.235 - - High
46 3.187.14.117 - - High
47 3.253.193.72 ec2-3-253-193-72.eu-west-1.compute.amazonaws.com - Medium
48 4.0.7.187 - - High
49 4.173.7.221 - - High
50 5.2.75.167 coms.a9v34.com.cn - High
51 5.2.84.232 momos.alastyr.com - High
52 5.2.136.90 static-5-2-136-90.rdsnet.ro - High
53 5.2.164.75 mail.curier.ro - High
54 5.2.182.7 static-5-2-182-7.rdsnet.ro - High
55 5.2.198.197 - - High
56 5.2.212.254 static-5-2-212-254.rdsnet.ro - High
57 5.2.246.108 static-5-2-246-108.rdsnet.ro - High
58 5.9.49.12 static.12.49.9.5.clients.your-server.de - High
59 5.9.116.246 static.246.116.9.5.clients.your-server.de - High
60 5.9.128.163 static.163.128.9.5.clients.your-server.de - High
61 5.9.189.24 static.24.189.9.5.clients.your-server.de - High
62 5.12.233.12 5-12-233-12.residential.rdsnet.ro - High
63 5.12.246.155 5-12-246-155.residential.rdsnet.ro - High
64 5.32.55.214 - - High
65 5.35.249.46 rs250366.rs.hosteurope.de - High
66 5.37.191.91 5.37.191.91.dynamic-dsl-ip.omantel.net.om - High
67 5.39.69.166 ns340204.ip-5-39-69.eu - High
68 5.39.84.48 ns3126815.ip-5-39-84.eu - High
69 5.39.91.110 ns3278366.ip-5-39-91.eu - High
70 5.45.77.29 ds01.slirx.com - High
71 5.45.108.146 cosmo.jumpingcrab.com - High
72 5.56.56.146 sites1.tucomunidad.cloud - High
73 5.56.132.177 asiatech.dn-server.com - High
74 5.77.13.70 mx.pirant.tomsk.ru - High
75 5.79.70.250 - - High
76 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it - High
77 5.101.138.188 uk.mthservers.com - High
78 5.135.159.50 ks3303146.kimsufi.com - High
79 5.141.76.15 - - High
80 5.159.57.195 www-riedle.transfermarkt.de - High
81 5.189.148.98 - - High
82 5.189.160.61 ip-61-160-189-5.static.contabo.net - High
83 5.189.168.53 vmd97080.contaboserver.net - High
84 5.189.178.202 ip-202-178-189-5.static.contabo.net - High
85 5.196.35.138 vps10.open-techno.net - High
86 5.196.73.150 ns3000085.ip-5-196-73.eu - High
87 5.196.74.210 ns3003340.ip-5-196-74.eu - High
88 5.196.108.189 ip189.ip-5-196-108.eu - High
89 5.196.133.206 pixelfed.hosnet.fr - High
90 5.230.193.41 casagarcia-web.sys.netzfabrik.eu - High
91 5.253.30.17 17.30-253-5.rdns.scalabledns.com - High
92 5.255.255.70 yandex.ru - High
93 5.255.255.77 yandex.ru - High
94 6.62.33.25 - - High
95 6.116.51.249 - - High
96 6.143.56.130 - - High
97 7.4.223.187 - - High
98 7.119.118.126 - - High
99 7.139.72.0 - - High
100 7.187.14.117 - - High
101 7.221.185.208 - - High
102 7.221.185.218 - - High
103 7.228.68.224 - - High
104 7.232.185.208 - - High
105 8.4.9.137 onlinehorizons.net - High
106 8.9.11.48 8.9.11.48.vultrusercontent.com - High
107 8.14.232.207 - - High
108 8.75.57.144 - - High
109 8.116.49.57 - - High
110 8.137.32.70 - - High
111 8.139.72.24 - - High
112 8.139.72.72 - - High
113 8.144.232.83 - - High
114 8.153.103.130 - - High
115 8.184.129.38 - - High
116 8.193.131.72 - - High
117 8.247.6.134 - - High
118 8.248.153.254 - - High
119 8.248.163.254 - - High
120 8.249.219.254 - - High
121 8.249.241.254 - - High
122 8.253.45.214 - - High
123 8.253.131.121 - - High
124 9.5.14.49 - - High
125 9.15.49.96 - - High
126 9.72.10.187 - - High
127 9.116.192.133 - - High
128 9.172.212.216 - - High
129 9.234.94.202 - - High
130 10.120.225.81 - - High
131 11.23.33.44 - - High
132 11.83.16.118 - - High
133 11.113.10.58 - - High
134 11.116.245.109 - - High
135 11.152.26.27 - - High
136 12.6.148.4 mail.carters.com - High
137 12.6.183.21 - - High
138 12.32.68.154 mail.sealscoinc.com - High
139 12.116.192.133 - - High
140 12.136.199.117 - - High
141 12.149.72.170 - - High
142 12.162.84.2 - - High
143 12.163.144.0 - - High
144 12.163.208.58 - - High
145 12.175.220.98 - - High
146 12.182.146.226 - - High
147 12.184.217.101 - - High
148 12.222.134.10 - - High
149 12.238.114.130 - - High
150 13.24.105.178 - - High
151 13.107.21.200 - - High
152 13.111.29.162 mta.e.fields.ca - High
153 13.116.192.133 85.c0.740d.ip4.static.sl-reverse.com - High
154 13.116.201.133 85.c9.740d.ip4.static.sl-reverse.com - High
155 13.162.80.0 - - High
156 13.226.146.174 server-13-226-146-174.dus51.r.cloudfront.net - High
157 13.232.216.77 ec2-13-232-216-77.ap-south-1.compute.amazonaws.com - Medium
158 14.49.39.215 - - High
159 14.68.51.5 - - High
160 14.116.201.133 - - High
161 14.117.203.5 - - High
162 14.119.51.5 - - High
163 14.119.203.5 - - High
164 14.122.59.5 - - High
165 14.125.102.27 - - High
166 14.133.84.226 14-133-84-226.area5a.commufa.jp - High
167 14.186.17.117 static.vnpt.vn - High
168 14.241.182.160 static.vnpt.vn - High
169 15.0.15.191 - - High
170 15.0.15.205 - - High
171 15.0.15.212 - - High
172 15.0.15.215 - - High
173 15.0.15.216 - - High
174 15.0.15.223 - - High
175 15.0.15.224 - - High
176 15.0.15.225 - - High
177 15.0.29.158 - - High
178 15.0.29.159 - - High
179 15.69.89.200 - - High
180 15.153.114.192 - - High
181 15.192.133.255 - - High
182 15.207.43.21 ec2-15-207-43-21.ap-south-1.compute.amazonaws.com - Medium
183 15.207.211.21 ec2-15-207-211-21.ap-south-1.compute.amazonaws.com - Medium
184 15.210.251.21 - - High
185 15.211.51.21 - - High
186 15.212.227.21 - - High
187 15.213.195.21 - - High
188 15.214.3.21 - - High
189 15.219.19.21 - - High
190 15.221.147.21 - - High
191 15.224.115.21 - - High
192 15.225.71.220 - - High
193 15.234.51.21 - - High
194 15.235.19.21 ip21.ip-15-235-19.net - High
195 15.243.59.238 - - High
196 15.255.133.72 - - High
197 15.255.133.77 - - High
198 16.64.139.72 - - High
199 16.79.107.21 - - High
200 16.91.8.134 - - High
201 17.36.205.74 - - High
202 17.56.136.171 p74-smtp.mail.icloud.com - High
203 17.154.126.30 - - High
204 17.233.0.0 - - High
205 17.234.138.68 - - High
206 18.209.113.128 ec2-18-209-113-128.compute-1.amazonaws.com - Medium
207 18.211.9.206 ec2-18-211-9-206.compute-1.amazonaws.com - Medium
208 18.217.99.164 ec2-18-217-99-164.us-east-2.compute.amazonaws.com - Medium
209 18.251.7.221 - - High
210 20.154.175.97 - - High
211 20.172.189.25 - - High
212 21.0.47.193 - - High
213 21.26.115.5 - - High
214 21.93.136.79 - - High
215 21.116.192.133 - - High
216 21.141.72.0 - - High
217 21.141.72.234 - - High
218 21.251.60.6 - - High
219 21.255.0.0 - - High
220 21.255.0.139 - - High
221 21.255.16.64 - - High
222 21.255.48.64 - - High
223 21.255.64.64 - - High
224 21.255.72.4 - - High
225 21.255.72.168 - - High
226 21.255.88.64 - - High
227 22.60.74.9 - - High
228 22.127.236.147 - - High
229 22.140.21.143 - - High
230 22.210.58.207 - - High
231 22.211.207.175 - - High
232 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
233 23.3.13.146 a23-3-13-146.deploy.static.akamaitechnologies.com - High
234 23.3.13.153 a23-3-13-153.deploy.static.akamaitechnologies.com - High
235 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
236 23.5.231.225 a23-5-231-225.deploy.static.akamaitechnologies.com - High
237 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com - High
238 23.6.69.99 a23-6-69-99.deploy.static.akamaitechnologies.com - High
239 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com - High
240 23.41.248.194 a23-41-248-194.deploy.static.akamaitechnologies.com - High
241 23.46.53.71 a23-46-53-71.deploy.static.akamaitechnologies.com - High
242 23.46.150.48 a23-46-150-48.deploy.static.akamaitechnologies.com - High
243 23.46.150.72 a23-46-150-72.deploy.static.akamaitechnologies.com - High
244 23.46.238.193 a23-46-238-193.deploy.static.akamaitechnologies.com - High
245 23.46.238.194 a23-46-238-194.deploy.static.akamaitechnologies.com - High
246 23.46.238.232 a23-46-238-232.deploy.static.akamaitechnologies.com - High
247 23.52.7.20 a23-52-7-20.deploy.static.akamaitechnologies.com - High
248 23.67.200.172 a23-67-200-172.deploy.static.akamaitechnologies.com - High
249 23.67.202.10 a23-67-202-10.deploy.static.akamaitechnologies.com - High
250 23.92.16.164 li640-164.members.linode.com - High
251 23.92.22.225 se1.xicrg.com - High
252 23.95.95.18 23-95-95-18-host.colocrossing.com - High
253 23.111.156.118 23-111-156-118.static.hvvc.us - High
254 23.115.24.218 23-115-24-218.lightspeed.dctril.sbcglobal.net - High
255 23.197.19.180 a23-197-19-180.deploy.static.akamaitechnologies.com - High
256 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
257 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com - High
258 23.218.127.164 a23-218-127-164.deploy.static.akamaitechnologies.com - High
259 23.218.141.31 a23-218-141-31.deploy.static.akamaitechnologies.com - High
260 23.221.50.122 a23-221-50-122.deploy.static.akamaitechnologies.com - High
261 23.221.72.10 a23-221-72-10.deploy.static.akamaitechnologies.com - High
262 23.221.72.27 a23-221-72-27.deploy.static.akamaitechnologies.com - High
263 23.223.28.11 a23-223-28-11.deploy.static.akamaitechnologies.com - High
264 23.227.38.64 shops.myshopify.com - High
265 23.229.115.217 - - High
266 23.229.190.0 ip-23-229-190-0.ip.secureserver.net - High
267 23.239.0.12 li680-12.members.linode.com - High
268 23.239.2.11 li683-11.members.linode.com - High
269 23.246.204.126 7e.cc.f617.ip4.static.sl-reverse.com - High
270 23.254.203.51 hwsrv-779084.hostwindsdns.com - High
271 24.40.239.62 24-40-239-62.fidnet.com - High
272 24.43.32.186 rrcs-24-43-32-186.west.biz.rr.com - High
273 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com - High
274 24.69.65.8 - - High
275 24.69.137.72 S0106606c630d63f3.gv.shawcable.net - High
276 24.94.237.248 cpe-24-94-237-248.sw.res.rr.com - High
277 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net - High
278 24.105.202.216 24-105-202-216.ip.mhcable.com - High
279 24.116.40.208 24-116-40-208.cpe.sparklight.net - High
280 24.119.116.230 24-119-116-230.cpe.sparklight.net - High
281 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net - High
282 24.127.65.63 c-24-127-65-63.hsd1.mi.comcast.net - High
283 24.133.106.23 - - High
284 24.135.69.146 cable-24-135-69-146.dynamic.sbb.rs - High
285 24.137.76.62 host-24-137-76-62.public.eastlink.ca - High
286 24.157.25.203 dynamic.libertypr.net - High
287 24.164.79.147 cpe-24-164-79-147.cinci.res.rr.com - High
288 24.178.90.49 024-178-090-049.res.spectrum.com - High
289 24.179.13.119 024-179-013-119.res.spectrum.com - High
290 24.190.11.79 ool-18be0b4f.dyn.optonline.net - High
291 24.196.49.98 024-196-049-098.biz.spectrum.com - High
292 24.201.79.34 modemcable034.79-201-24.mc.videotron.ca - High
293 24.203.4.40 modemcable040.4-203-24.mc.videotron.ca - High
294 24.217.117.217 024-217-117-217.res.spectrum.com - High
295 24.230.124.78 24-230-124-78-static.midco.net - High
296 24.230.141.169 24-230-141-169-dynamic.midco.net - High
297 24.231.51.190 - - High
298 24.231.88.85 host-24-231-88-85.public.eastlink.ca - High
299 24.232.0.227 smtp.fibertel.com.ar - High
300 24.232.228.233 OL233-228.fibertel.com.ar - High
301 24.234.133.205 wsip-24-234-133-205.lv.lv.cox.net - High
302 24.244.177.40 - - High
303 24.245.65.66 host-24-245-65-66.vyvebroadband.net - High
304 24.249.135.121 wsip-24-249-135-121.ks.ks.cox.net - High
305 25.6.95.114 - - High
306 25.21.141.72 - - High
307 25.185.126.126 - - High
308 26.0.159.228 - - High
309 26.192.126.47 - - High
310 26.224.115.246 - - High
311 27.7.14.122 - - High
312 27.50.89.209 27-50-89-209.as45671.net - High
313 27.54.89.58 vm-1m-r44.ipv4.per01.ds.network - High
314 27.73.70.219 localhost - High
315 27.78.27.110 localhost - High
316 27.82.5.141 KD027082005141.ppp-bb.dion.ne.jp - High
317 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp - High
318 27.109.24.214 - - High
319 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp - High
320 27.254.81.87 cloud-linux09.thaidata.net - High
321 27.254.174.84 - - High
322 28.226.51.136 - - High
323 29.4.44.70 - - High
324 29.25.67.13 - - High
325 29.147.57.19 - - High
326 29.153.99.21 - - High
327 30.72.85.222 - - High
328 30.99.177.63 - - High
329 30.139.135.130 - - High
330 30.213.130.98 - - High
331 31.3.135.232 mirror.tillo.ch - High
332 31.15.0.15 - - High
333 31.22.4.160 sv.comparelight.com - High
334 31.24.158.56 bm.servidoresdedicados.com - High
335 31.27.59.105 net-31-27-59-105.cust.vodafonedsl.it - High
336 31.31.77.83 - - High
337 31.167.248.50 - - High
338 31.172.86.183 - - High
339 31.172.240.91 - - High
340 31.198.118.56 host-31-198-118-56.business.telecomitalia.it - High
341 31.207.89.74 - - High
342 32.7.221.185 - - High
343 32.36.68.137 - - High
344 32.153.19.64 - - High
345 32.196.131.72 - - High
346 32.236.131.72 - - High
347 33.88.48.79 - - High
348 33.92.35.218 - - High
349 34.80.191.247 247.191.80.34.bc.googleusercontent.com - Medium
350 34.113.42.231 - - High
351 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
352 34.192.19.33 ec2-34-192-19-33.compute-1.amazonaws.com - Medium
353 34.213.169.60 ec2-34-213-169-60.us-west-2.compute.amazonaws.com - Medium
354 34.242.208.206 ec2-34-242-208-206.eu-west-1.compute.amazonaws.com - Medium
355 34.252.175.201 ec2-34-252-175-201.eu-west-1.compute.amazonaws.com - Medium
356 35.104.141.214 - - High
357 35.143.99.174 035-143-099-174.biz.spectrum.com - High
358 35.184.245.68 68.245.184.35.bc.googleusercontent.com - Medium
359 35.190.87.116 116.87.190.35.bc.googleusercontent.com - Medium
360 35.203.98.50 50.98.203.35.bc.googleusercontent.com - Medium
361 35.213.151.141 141.151.213.35.bc.googleusercontent.com - Medium
362 35.214.151.75 75.151.214.35.bc.googleusercontent.com - Medium
363 36.4.139.73 - - High
364 36.67.23.59 - - High
365 36.68.137.72 - - High
366 36.76.137.72 - - High
367 36.84.141.72 - - High
368 36.88.153.213 - - High
369 36.91.44.183 - - High
370 36.92.137.72 - - High
371 36.92.139.72 - - High
372 36.233.8.67 36-233-8-67.dynamic-ip.hinet.net - High
373 36.233.209.145 36-233-209-145.dynamic-ip.hinet.net - High
374 37.9.175.14 14.175.9.37.in-addr.arpa.websupport.sk - High
375 37.12.54.30 30.red-37-12-54.dynamicip.rima-tde.net - High
376 37.44.244.177 - - High
377 37.46.129.215 we-too.ru - High
378 37.59.209.141 - - High
379 37.70.131.107 107.131.70.37.rev.sfr.net - High
380 37.81.186.251 - - High
381 37.85.5.208 - - High
382 37.97.135.82 37-97-135-82.colo.transip.net - High
383 37.120.175.15 v220220112692175454.nicesrv.de - High
384 37.139.21.175 37.139.21.175-e2-8080-keep-up - High
385 37.179.145.105 net-37-179-145-105.cust.vodafonedsl.it - High
386 37.179.204.33 - - High
387 37.183.81.217 - - High
388 37.187.4.178 ks2.kku.io - High
389 37.187.5.82 ks3370412.kimsufi.com - High
390 37.187.56.166 - - High
391 37.187.57.57 ns3357940.ovh.net - High
392 37.187.72.193 ns3362285.ip-37-187-72.eu - High
393 37.187.100.220 ns3045097.ip-37-187-100.eu - High
394 37.187.114.15 ns328458.ip-37-187-114.eu - High
395 37.187.115.122 ns328855.ip-37-187-115.eu - High
396 37.187.161.206 toolbox.alabs.io - High
397 37.205.9.252 s1.ithelp24.eu - High
398 37.208.106.146 mail.joerrens.com - High
399 37.220.6.126 mac-qq.space - High
400 37.221.70.250 b2b-customer.inftele.net - High
401 37.228.137.204 wiki.lmap.ir - High
402 37.232.216.112 static-37-232-216-112.netbynet.ru - High
403 37.247.101.241 server241.turkwebdizayn.com - High
404 38.18.235.242 38-235-242.wifrs.pars.tx.3dsn.net - High
405 38.30.163.236 - - High
406 38.69.157.53 38-69-157-53.cust.metroloop.net - High
407 38.85.40.247 - - High
408 38.88.126.202 h38-88-126-202.ip4.unmetered.zone - High
409 38.111.46.46 cbegypt.use-trade.com - High
410 39.195.42.35 - - High
411 40.65.198.17 - - High
412 40.77.139.72 - - High
413 40.97.124.18 - - High
414 40.131.141.72 h72.141.131.40.dynamic.ip.windstream.net - High
415 40.251.54.87 - - High
416 41.21.255.16 vc-vb-41-21-255-16.ens.vodacom.co.za - High
417 41.40.125.237 host-41.40.125.237.tedata.net - High
418 41.45.222.121 host-41.45.222.121.tedata.net - High
419 41.60.200.34 41.60.200.34.liquidtelecom.net - High
420 41.73.252.195 - - High
421 41.76.108.46 - - High
422 41.76.213.144 diamondelement.dedicated.co.za - High
423 41.150.87.93 8ta-150-87-93.telkomadsl.co.za - High
424 41.169.20.147 - - High
425 41.169.36.237 - - High
426 41.185.28.84 brf01-nix01.wadns.net - High
427 41.185.29.128 abp79-nix01.wadns.net - High
428 41.190.32.8 smtp11.utande.co.zw - High
429 41.203.62.170 - - High
430 41.204.202.41 www41.cpt2.host-h.net - High
431 41.212.89.128 - - High
432 41.231.225.139 - - High
433 41.233.0.0 - - High
434 42.58.177.189 - - High
435 42.62.40.103 - - High
436 42.112.214.48 - - High
437 42.200.96.63 42-200-96-63.static.imsbiz.com - High
438 42.200.107.142 42-200-107-142.static.imsbiz.com - High
439 43.36.55.179 - - High
440 43.72.219.51 - - High
441 43.119.87.160 - - High
442 43.129.209.178 - - High
443 43.207.140.129 ec2-43-207-140-129.ap-northeast-1.compute.amazonaws.com - Medium
444 43.229.62.186 rocket-cheese.bnr.la - High
445 44.96.104.36 - - High
446 44.117.178.22 - - High
447 44.153.110.120 - - High
448 44.163.215.176 - - High
449 45.7.221.185 45-7-221-185.i9fibra.net.br - High
450 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net - High
451 45.32.114.141 45.32.114.141.vultrusercontent.com - High
452 45.33.35.74 45-33-35-74.ip.linodeusercontent.com - High
453 45.33.35.103 li985-103.members.linode.com - High
454 45.33.49.124 45-33-49-124.ip.linodeusercontent.com - High
455 45.33.54.74 li1004-74.members.linode.com - High
456 45.33.77.42 li1023-42.members.linode.com - High
457 45.36.193.58 gen-045-036-193-58.res.spectrum.com - High
458 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com - High
459 45.55.36.51 - - High
460 45.55.65.123 - - High
461 45.55.82.2 - - High
462 45.55.134.126 - - High
463 45.55.179.121 - - High
464 45.55.191.130 - - High
465 45.55.219.163 - - High
466 45.56.88.91 45-56-88-91.ip.linodeusercontent.com - High
467 45.56.127.75 li945-75.members.linode.com - High
468 45.59.204.133 rrcs-45-59-204-133.west.biz.rr.com - High
469 45.63.99.23 unifi.wl88.pt - High
470 45.71.195.104 - - High
471 45.76.1.145 45.76.1.145.vultrusercontent.com - High
472 45.76.159.214 45.76.159.214.vultrusercontent.com - High
473 45.76.176.10 45.76.176.10.vultrusercontent.com - High
474 45.76.181.158 45.76.181.158.vultrusercontent.com - High
475 45.77.154.161 45.77.154.161.vultrusercontent.com - High
476 45.79.80.198 45-79-80-198.ip.linodeusercontent.com - High
477 45.79.95.107 li1194-107.members.linode.com - High
478 45.79.173.200 45-79-173-200.ip.linodeusercontent.com - High
479 45.79.188.67 li1287-67.members.linode.com - High
480 45.80.148.200 - - High
481 45.114.167.125 - - High
482 45.117.10.70 - - High
483 45.118.115.99 - - High
484 45.118.135.203 45-118-135-203.ip.linodeusercontent.com - High
485 45.118.136.92 - - High
486 45.119.83.237 - - High
487 45.138.98.34 xtream - High
488 45.142.114.231 mail.dounutmail.de - High
489 45.142.213.135 vm564361.stark-industries.solutions - High
490 45.150.67.141 trong93.com - High
491 45.161.242.102 45-161-242-102.megalink.com.br - High
492 45.176.232.124 - - High
493 45.176.232.125 - - High
494 45.177.120.37 45-177-120-37.netlimit.net.br - High
495 45.184.36.10 - - High
496 45.184.103.73 - - High
497 45.186.16.18 45-186-16-18.winnet.com.br - High
498 45.226.53.34 - - High
499 45.230.45.171 - - High
500 45.235.8.30 - - High
501 45.239.204.100 - - High
502 45.252.251.10 - - High
503 46.4.100.178 support.wizard-shopservice.de - High
504 46.4.192.185 static.185.192.4.46.clients.your-server.de - High
505 46.21.105.59 46-21-105-59-static.glesys.net - High
506 46.28.111.142 enkindu.jsuchy.net - High
507 46.29.183.211 46.29.183.211.mixvoip.solutions - High
508 46.30.213.132 - - High
509 46.32.229.152 094882.vps-10.com - High
510 46.32.233.226 yetitoolusa.com - High
511 46.38.238.8 v2202109122001163131.happysrv.de - High
512 46.40.239.180 static.isp.ooredoo.om - High
513 46.41.130.218 - - High
514 46.41.134.46 panel.gotoweb.pl - High
515 46.41.151.103 mul.wkl.pl - High
516 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io - High
517 46.49.124.53 - - High
518 46.55.222.11 - - High
519 46.101.58.37 46.101.58.37-e1-8080 - High
520 46.101.98.60 - - High
521 46.105.81.76 myu0.cylipo.sbs - High
522 46.105.114.137 ns3188253.ip-46-105-114.eu - High
523 46.105.131.68 http.adven.fr - High
524 46.105.131.69 epouventaille.adven.fr - High
525 46.105.131.79 relay.adven.fr - High
526 46.105.131.87 pop.adven.fr - High
527 46.105.236.18 - - High
528 46.163.144.228 - - High
529 46.165.212.76 - - High
530 46.165.254.206 - - High
531 46.214.107.142 46-214-107-142.next-gen.ro - High
532 47.6.15.79 047-006-015-079.res.spectrum.com - High
533 47.26.155.17 047-026-155-017.res.spectrum.com - High
534 47.36.140.164 047-036-140-164.res.spectrum.com - High
535 47.52.19.221 - - High
536 47.52.121.173 - - High
537 47.110.149.223 - - High
538 47.120.187.145 - - High
539 47.144.21.12 47-144-21-12.lsan.ca.frontiernet.net - High
540 47.144.21.37 47-144-21-37.lsan.ca.frontiernet.net - High
541 47.146.32.175 - - High
542 47.146.39.147 - - High
543 47.146.117.214 - - High
544 47.150.11.161 - - High
545 47.153.182.47 - - High
546 47.153.183.211 - - High
547 47.154.85.229 - - High
548 47.155.214.239 - - High
549 47.156.70.145 - - High
550 47.162.220.239 - - High
551 47.188.131.94 - - High
552 47.201.208.154 - - High
553 47.246.24.225 - - High
554 47.246.24.226 - - High
555 47.246.24.230 - - High
556 47.246.24.232 - - High
557 48.69.141.72 - - High
558 48.77.139.11 - - High
559 48.105.139.72 - - High
560 48.141.61.19 - - High
561 48.158.232.207 - - High
562 48.196.131.72 - - High
563 48.252.179.81 - - High
564 49.3.224.99 - - High
565 49.12.121.47 filezilla-project.org - High
566 49.21.141.72 - - High
567 49.21.255.72 - - High
568 49.41.163.200 - - High
569 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz - High
570 49.190.180.66 n49-190-180-66.meb2.vic.optusnet.com.au - High
571 49.205.182.134 49.205.182.134.actcorp.in - High
572 49.212.135.76 os3-321-50322.vs.sakura.ne.jp - High
573 49.212.155.94 os3-325-52340.vs.sakura.ne.jp - High
574 49.243.9.118 118.9.243.49.ap.yournet.ne.jp - High
575 50.3.233.192 - - High
576 50.22.35.194 c2.23.1632.ip4.static.sl-reverse.com - High
577 50.23.248.182 b6.f8.1732.ip4.static.sl-reverse.com - High
578 50.28.51.143 - - High
579 50.30.40.196 usve255301.serverprofi24.com - High
580 50.31.146.101 mail.brillinjurylaw.com - High
581 50.31.174.165 priva28.privatednsorg.com - High
582 50.35.17.13 - - High
583 50.56.135.44 - - High
584 50.62.176.42 p3plcpnl0515.prod.phx3.secureserver.net - High
585 50.62.176.244 p3plcpnl0728.prod.phx3.secureserver.net - High
586 50.62.194.30 ip-50-62-194-30.ip.secureserver.net - High
587 50.63.8.21 ip-50-63-8-21.ip.secureserver.net - High
588 50.78.167.65 millcreek.cc - High
589 50.87.59.65 50-87-59-65.unifiedlayer.com - High
590 50.87.144.137 gator3103.hostgator.com - High
591 50.87.144.197 gator3161.hostgator.com - High
592 50.87.150.177 50-87-150-177.unifiedlayer.com - High
593 50.91.114.38 050-091-114-038.res.spectrum.com - High
594 50.92.101.60 d50-92-101-60.bchsia.telus.net - High
595 50.111.161.4 - - High
596 50.116.54.215 li440-215.members.linode.com - High
597 50.116.62.25 inserthero2.inserthero.com - High
598 50.116.78.109 intersearchmedia.com - High
599 50.116.86.205 template3.domain.com - High
600 50.116.111.59 its.itsagigdeal.com - High
601 50.121.220.50 static-50-121-220-50.clbg.wv.frontiernet.net - High
602 50.132.143.230 - - High
603 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net - High
604 51.0.15.211 - - High
605 51.15.4.22 51-15-4-22.rev.poneytelecom.eu - High
606 51.15.7.145 51-15-7-145.rev.poneytelecom.eu - High
607 51.15.7.189 51-15-7-189.rev.poneytelecom.eu - High
608 51.15.8.192 51-15-8-192.rev.poneytelecom.eu - High
609 51.22.116.0 - - High
610 51.38.50.144 vs128.evxonline.net - High
611 51.38.71.0 0.ip-51-38-71.eu - High
612 51.38.124.206 206.ip-51-38-124.eu - High
613 51.38.134.203 203.ip-51-38-134.eu - High
614 51.38.201.19 ip19.ip-51-38-201.eu - High
615 51.56.119.75 - - High
616 51.57.233.158 - - High
617 51.68.141.164 164.ip-51-68-141.eu - High
618 51.68.175.8 vps-9dba3732.vps.ovh.net - High
619 51.68.220.244 vps-7a400d57.vps.ovh.net - High
620 51.69.0.20 - - High
621 51.69.3.235 - - High
622 51.69.246.51 - - High
623 51.75.33.120 ip120.ip-51-75-33.eu - High
624 51.75.33.122 ip122.ip-51-75-33.eu - High
625 51.75.33.127 ip127.ip-51-75-33.eu - High
626 51.77.82.125 ip125.51-77-82.iproute.de - High
627 51.77.113.100 titan40.fastworldwideweb.com - High
628 51.79.205.117 vps-c0828464.vps.ovh.ca - High
629 51.89.36.180 ip180.ip-51-89-36.eu - High
630 51.89.199.141 ip141.ip-51-89-199.eu - High
631 51.91.7.5 ns3147667.ip-51-91-7.eu - High
632 51.91.76.89 89.ip-51-91-76.eu - High
633 51.91.142.158 ayome.eu - High
634 51.159.23.217 jambold.co.uk - High
635 51.159.35.157 51-159-35-157.rev.poneytelecom.eu - High
636 51.161.73.194 ip194.ip-51-161-73.net - High
637 51.178.186.134 ip134.ip-51-178-186.eu - High
638 51.210.176.76 vps-3a6c6346.vps.ovh.net - High
639 51.210.242.234 vps-36767060.vps.ovh.net - High
640 51.254.137.156 mail.unolan.net - High
641 51.254.140.238 238.ip-51-254-140.eu - High
642 51.255.50.164 vps-b6cfe010.vps.ovh.net - High
643 51.255.165.160 160.ip-51-255-165.eu - High
644 52.18.235.51 ec2-52-18-235-51.eu-west-1.compute.amazonaws.com - Medium
645 52.31.99.185 ec2-52-31-99-185.eu-west-1.compute.amazonaws.com - Medium
646 52.66.202.63 ec2-52-66-202-63.ap-south-1.compute.amazonaws.com - Medium
647 52.78.120.74 ec2-52-78-120-74.ap-northeast-2.compute.amazonaws.com - Medium
648 52.94.153.104 - - High
649 52.96.38.82 - - High
650 52.96.40.242 - - High
651 52.96.62.226 - - High
652 53.157.168.143 - - High
653 53.166.236.6 - - High
654 54.36.98.59 59.ip-54-36-98.eu - High
655 54.36.185.60 ip60.ip-54-36-185.eu - High
656 54.37.42.48 - - High
657 54.37.70.105 105.ip-54-37-70.eu - High
658 54.37.106.167 ip167.ip-54-37-106.eu - High
659 54.37.228.122 122.ip-54-37-228.eu - High
660 54.37.237.253 ip253.ip-54-37-237.eu - High
661 54.38.94.197 ns3140984.ip-54-38-94.eu - High
662 54.38.143.245 tools.inovato.me - High
663 54.38.143.246 ip246.ip-54-38-143.eu - High
664 54.38.242.185 vps-f3507bbf.vps.ovh.net - High
665 54.57.97.235 - - High
666 54.88.144.211 va-smtp01.263.net - High
667 54.102.103.237 - - High
668 54.180.252.38 ec2-54-180-252-38.ap-northeast-2.compute.amazonaws.com - Medium
669 54.183.177.28 ec2-54-183-177-28.us-west-1.compute.amazonaws.com - Medium
670 55.22.40.204 - - High
671 55.128.90.30 - - High
672 55.136.121.162 - - High
673 55.219.59.212 - - High
674 55.239.116.223 - - High
675 56.36.53.6 - - High
676 56.64.139.72 - - High
677 56.98.83.112 - - High
678 56.98.83.136 - - High
679 56.147.146.123 - - High
680 56.149.97.192 - - High
681 56.196.131.72 - - High
682 56.222.186.198 - - High
683 57.48.18.72 - - High
684 57.72.208.235 - - High
685 57.82.67.9 - - High
686 57.88.97.175 - - High
687 58.1.242.115 fntoska030019.oska.fnt.ftth4.ppp.ocn.ne.jp - High
688 58.7.221.185 58-7-221-185.dyn.iinet.net.au - High
689 58.27.215.3 58-27-215-3.wateen.net - High
690 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp - High
691 58.96.74.42 42.74.96.58.static.exetel.com.au - High
692 58.105.146.189 d58-105-146-189.dsl.nsw.optusnet.com.au - High
693 58.140.44.23 - - High
694 58.167.223.125 - - High
695 58.171.38.26 - - High
696 58.174.185.169 cpe-58-174-185-169.sb03.sa.asp.telstra.net - High
697 58.216.16.130 - - High
698 58.227.42.236 - - High
699 58.234.12.220 - - High
700 58.246.232.213 - - High
701 58.253.207.222 - - High
702 59.21.235.119 - - High
703 59.51.188.224 - - High
704 59.103.164.174 - - High
705 59.110.18.236 - - High
706 59.120.5.154 59-120-5-154.hinet-ip.hinet.net - High
707 59.124.1.19 59-124-1-19.hinet-ip.hinet.net - High
708 59.125.219.109 59-125-219-109.hinet-ip.hinet.net - High
709 59.148.253.194 059148253194.ctinets.com - High
710 59.152.93.46 46.93.152.59.zipnetltd.com - High
711 60.36.166.212 imail.mail.plala.or.jp - High
712 60.93.23.51 softbank060093023051.bbtec.net - High
713 60.108.128.186 softbank060108128186.bbtec.net - High
714 60.108.144.104 softbank060108144104.bbtec.net - High
715 60.125.114.64 softbank060125114064.bbtec.net - High
716 60.142.249.243 softbank060142249243.bbtec.net - High
717 60.231.217.199 - - High
718 60.249.78.226 60-249-78-226.hinet-ip.hinet.net - High
719 60.250.78.22 60-250-78-22.hinet-ip.hinet.net - High
720 61.7.231.226 - - High
721 61.7.231.229 - - High
722 61.19.246.238 - - High
723 61.22.170.50 61-22-170-50.rev.home.ne.jp - High
724 61.33.119.226 - - High
725 61.76.222.210 - - High
726 61.81.63.123 - - High
727 61.92.17.12 061092017012.ctinets.com - High
728 61.92.159.208 061092159208.ctinets.com - High
729 61.118.67.173 p7764173-ipngn36801marunouchi.tokyo.ocn.ne.jp - High
730 61.187.202.247 - - High
731 61.197.37.169 pl937.ag1001.nttpc.ne.jp - High
732 61.197.92.216 pl2008.ag1313.nttpc.ne.jp - High
733 62.28.40.155 exchange.ptasp.com - High
734 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk - High
735 62.57.134.186 62.57.134.186.dyn.user.ono.com - High
736 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com - High
737 62.75.143.100 euve269813.serverprofi24.de - High
738 62.75.160.178 euve272115.serverprofi24.net - High
739 62.75.187.192 static-ip-62-75-187-192.inaddr.ip-pool.com - High
740 62.84.75.50 mail.saadegrp.com.lb - High
741 62.89.62.139 - - High
742 62.108.54.22 the-dark.de - High
743 62.116.128.9 - - High
744 62.138.26.28 vds4017x2.startdedicated.de - High
745 62.141.45.103 vps2009743.fastwebserver.de - High
746 62.149.128.42 imaps.aruba.it - High
747 62.149.128.72 mxd4.aruba.it - High
748 62.149.128.179 pop3s.aruba.it - High
749 62.149.128.200 smtp1.aruba.it - High
750 62.149.128.210 smtpa1.aruba.it - High
751 62.149.152.151 - - High
752 62.149.152.152 - - High
753 62.149.157.55 - - High
754 62.171.142.179 vmi499457.contaboserver.net - High
755 62.171.178.147 vmi365451.contaboserver.net - High
756 62.204.41.133 - - High
757 62.210.127.136 62-210-127-136.rev.poneytelecom.eu - High
758 62.212.34.102 - - High
759 62.234.99.30 - - High
760 63.141.228.141 mxrotation8.rotationmarketingssl.com.br - High
761 63.142.253.122 - - High
762 64.4.184.65 - - High
763 64.4.244.68 - - High
764 64.26.60.221 pop5.csee.onr.siteprotect.com - High
765 64.36.92.139 node-40245c8b.bos.onnet.us.uu.net - High
766 64.41.126.110 securesmtp.csee.siteprotect.com - High
767 64.59.136.142 mail.shaw.ca - High
768 64.60.82.82 64-60-82-82.static-ip.telepacific.net - High
769 64.71.36.11 - - High
770 64.85.73.16 - - High
771 64.88.202.250 - - High
772 64.90.62.162 pop.dreamhost.com - High
773 64.91.228.45 - - High
774 64.98.36.5 mail.b.hostedemail.com - High
775 64.98.36.173 mail.lawyers-mail.com - High
776 64.115.126.169 host169.sivikhealthcare.com - High
777 64.138.139.72 - - High
778 64.139.72.1 64-139-72-1-Chattanooga.hfc.comcastbusiness.net - High
779 64.139.72.168 64-139-72-168-Chattanooga.hfc.comcastbusiness.net - High
780 64.139.72.203 64-139-72-203-Chattanooga.hfc.comcastbusiness.net - High
781 64.139.72.205 64-139-72-205-Chattanooga.hfc.comcastbusiness.net - High
782 64.139.72.206 64-139-72-206-Chattanooga.hfc.comcastbusiness.net - High
783 64.139.72.207 64-139-72-207-Chattanooga.hfc.comcastbusiness.net - High
784 64.183.73.122 rrcs-64-183-73-122.west.biz.rr.com - High
785 64.190.63.136 - - High
786 64.191.131.72 64-191-131-72.xdsl.qx.net - High
787 64.201.88.132 - - High
788 64.207.182.168 - - High
789 64.227.55.231 - - High
790 64.227.100.222 - - High
791 ... ... ... ...

There are 3161 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-425 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File // Low
2 File /admin.php/accessory/filesdel.html High
3 File /admin/?page=user/manage High
4 File /admin/add-new.php High
5 File /admin/delete_user.php High
6 File /admin/doctors.php High
7 File /admin/patient.php High
8 File /alphaware/summary.php High
9 File /api/ Low
10 File /api/admin/system/store/order/list High
11 File /api/jmeter/download/files High
12 File /api/upload Medium
13 File /APR/login.php High
14 File /boat/login.php High
15 File /carbon/ndatasource/validateconnection/ajaxprocessor.jsp High
16 File /cgi-bin/supervisor/PwdGrp.cgi High
17 File /cgi-bin/wlogin.cgi High
18 File /common/sysFile/list High
19 File /debug/pprof Medium
20 File /DXR.axd Medium
21 File /etc/sudoers Medium
22 File /filemanager/php/connector.php High
23 File /files/import High
24 File /forum/away.php High
25 File /getcfg.php Medium
26 File /goform/addressNat High
27 File /home/www/cgi-bin/login.cgi High
28 File /j_security_check High
29 File /librarian/bookdetails.php High
30 File /mhds/clinic/view_details.php High
31 File /modules/projects/vw_files.php High
32 File /reservation/add_message.php High
33 File /rom-0 Low
34 File /rukovoditel/index.php?module=users/login High
35 File /secure/QueryComponent!Default.jspa High
36 File /static/ueditor/php/controller.php High
37 File /usr/bin/at Medium
38 File /var/WEB-GUI/cgi-bin/telnet.cgi High
39 File /wabt/bin/poc.wasm High
40 File /wireless/security.asp High
41 ... ... ...

There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!