.. | ||
README.md |
Emotet - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
There are 6 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 1.186.249.82 | 1.186.249.82.dvois.com | - | High |
2 | 1.226.84.243 | - | - | High |
3 | 1.234.2.232 | - | - | High |
4 | 1.234.21.73 | - | - | High |
5 | 1.234.65.61 | - | - | High |
6 | 2.47.112.152 | net-2-47-112-152.cust.vodafonedsl.it | - | High |
7 | 2.58.16.86 | - | - | High |
8 | 2.58.16.87 | - | - | High |
9 | 2.58.16.89 | - | - | High |
10 | 2.80.112.146 | bl19-112-146.dsl.telepac.pt | - | High |
11 | 2.82.75.215 | bl21-75-215.dsl.telepac.pt | - | High |
12 | 5.2.75.167 | coms.a9v34.com.cn | - | High |
13 | 5.2.84.232 | momos.alastyr.com | - | High |
14 | 5.2.136.90 | static-5-2-136-90.rdsnet.ro | - | High |
15 | 5.2.182.7 | static-5-2-182-7.rdsnet.ro | - | High |
16 | 5.2.212.254 | static-5-2-212-254.rdsnet.ro | - | High |
17 | 5.9.49.12 | static.12.49.9.5.clients.your-server.de | - | High |
18 | 5.9.116.246 | static.246.116.9.5.clients.your-server.de | - | High |
19 | 5.9.128.163 | static.163.128.9.5.clients.your-server.de | - | High |
20 | 5.9.189.24 | static.24.189.9.5.clients.your-server.de | - | High |
21 | 5.12.246.155 | 5-12-246-155.residential.rdsnet.ro | - | High |
22 | 5.35.249.46 | rs250366.rs.hosteurope.de | - | High |
23 | 5.39.69.166 | ns340204.ip-5-39-69.eu | - | High |
24 | 5.39.84.48 | ns3126815.ip-5-39-84.eu | - | High |
25 | 5.39.91.110 | ns3278366.ip-5-39-91.eu | - | High |
26 | 5.45.108.146 | cosmo.jumpingcrab.com | - | High |
27 | 5.56.56.146 | sites1.tucomunidad.cloud | - | High |
28 | 5.56.132.177 | asiatech.dn-server.com | - | High |
29 | 5.79.70.250 | - | - | High |
30 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | - | High |
31 | 5.101.138.188 | uk.mthservers.com | - | High |
32 | 5.159.57.195 | www-riedle.transfermarkt.de | - | High |
33 | 5.189.160.61 | ip-61-160-189-5.static.contabo.net | - | High |
34 | 5.196.35.138 | vps10.open-techno.net | - | High |
35 | 5.196.73.150 | ns3000085.ip-5-196-73.eu | - | High |
36 | 5.196.74.210 | ns3003340.ip-5-196-74.eu | - | High |
37 | 5.196.133.206 | pixelfed.hosnet.fr | - | High |
38 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | - | High |
39 | 8.4.9.137 | onlinehorizons.net | - | High |
40 | 8.9.11.48 | 8.9.11.48.vultrusercontent.com | - | High |
41 | 8.247.6.134 | - | - | High |
42 | 8.248.153.254 | - | - | High |
43 | 8.248.163.254 | - | - | High |
44 | 8.249.219.254 | - | - | High |
45 | 8.249.241.254 | - | - | High |
46 | 8.253.45.214 | - | - | High |
47 | 8.253.131.121 | - | - | High |
48 | 9.172.212.216 | - | - | High |
49 | 12.6.148.4 | mail.carters.com | - | High |
50 | 12.6.183.21 | - | - | High |
51 | 12.32.68.154 | mail.sealscoinc.com | - | High |
52 | 12.149.72.170 | - | - | High |
53 | 12.162.84.2 | - | - | High |
54 | 12.163.208.58 | - | - | High |
55 | 12.182.146.226 | - | - | High |
56 | 12.184.217.101 | - | - | High |
57 | 12.222.134.10 | - | - | High |
58 | 12.238.114.130 | - | - | High |
59 | 13.107.21.200 | - | - | High |
60 | 14.49.39.215 | - | - | High |
61 | 17.36.205.74 | - | - | High |
62 | 17.56.136.171 | p74-smtp.mail.icloud.com | - | High |
63 | 18.209.113.128 | ec2-18-209-113-128.compute-1.amazonaws.com | - | Medium |
64 | 18.211.9.206 | ec2-18-211-9-206.compute-1.amazonaws.com | - | Medium |
65 | 18.217.99.164 | ec2-18-217-99-164.us-east-2.compute.amazonaws.com | - | Medium |
66 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High |
67 | 23.3.13.146 | a23-3-13-146.deploy.static.akamaitechnologies.com | - | High |
68 | 23.3.13.153 | a23-3-13-153.deploy.static.akamaitechnologies.com | - | High |
69 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High |
70 | 23.5.231.225 | a23-5-231-225.deploy.static.akamaitechnologies.com | - | High |
71 | 23.6.65.194 | a23-6-65-194.deploy.static.akamaitechnologies.com | - | High |
72 | 23.6.69.99 | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High |
73 | 23.36.85.183 | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High |
74 | 23.41.248.194 | a23-41-248-194.deploy.static.akamaitechnologies.com | - | High |
75 | 23.46.53.71 | a23-46-53-71.deploy.static.akamaitechnologies.com | - | High |
76 | 23.46.150.48 | a23-46-150-48.deploy.static.akamaitechnologies.com | - | High |
77 | 23.46.150.72 | a23-46-150-72.deploy.static.akamaitechnologies.com | - | High |
78 | 23.46.238.193 | a23-46-238-193.deploy.static.akamaitechnologies.com | - | High |
79 | 23.46.238.194 | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High |
80 | 23.46.238.232 | a23-46-238-232.deploy.static.akamaitechnologies.com | - | High |
81 | 23.52.7.20 | a23-52-7-20.deploy.static.akamaitechnologies.com | - | High |
82 | 23.67.200.172 | a23-67-200-172.deploy.static.akamaitechnologies.com | - | High |
83 | 23.67.202.10 | a23-67-202-10.deploy.static.akamaitechnologies.com | - | High |
84 | 23.95.95.18 | 23-95-95-18-host.colocrossing.com | - | High |
85 | 23.111.156.118 | 23-111-156-118.static.hvvc.us | - | High |
86 | 23.197.19.180 | a23-197-19-180.deploy.static.akamaitechnologies.com | - | High |
87 | 23.199.63.11 | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High |
88 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High |
89 | 23.218.127.164 | a23-218-127-164.deploy.static.akamaitechnologies.com | - | High |
90 | 23.218.141.31 | a23-218-141-31.deploy.static.akamaitechnologies.com | - | High |
91 | 23.221.50.122 | a23-221-50-122.deploy.static.akamaitechnologies.com | - | High |
92 | 23.221.72.10 | a23-221-72-10.deploy.static.akamaitechnologies.com | - | High |
93 | 23.221.72.27 | a23-221-72-27.deploy.static.akamaitechnologies.com | - | High |
94 | 23.227.38.64 | shops.myshopify.com | - | High |
95 | 23.229.115.217 | - | - | High |
96 | 23.229.190.0 | ip-23-229-190-0.ip.secureserver.net | - | High |
97 | 23.239.0.12 | li680-12.members.linode.com | - | High |
98 | 23.239.2.11 | li683-11.members.linode.com | - | High |
99 | 23.246.204.126 | 7e.cc.f617.ip4.static.sl-reverse.com | - | High |
100 | 23.254.203.51 | hwsrv-779084.hostwindsdns.com | - | High |
101 | 24.40.239.62 | 24-40-239-62.fidnet.com | - | High |
102 | 24.43.99.75 | rrcs-24-43-99-75.west.biz.rr.com | - | High |
103 | 24.69.65.8 | - | - | High |
104 | 24.101.229.82 | dynamic-acs-24-101-229-82.zoominternet.net | - | High |
105 | 24.116.40.208 | 24-116-40-208.cpe.sparklight.net | - | High |
106 | 24.119.116.230 | 24-119-116-230.cpe.sparklight.net | - | High |
107 | 24.121.176.48 | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High |
108 | 24.137.76.62 | host-24-137-76-62.public.eastlink.ca | - | High |
109 | 24.178.90.49 | 024-178-090-049.res.spectrum.com | - | High |
110 | 24.179.13.119 | 024-179-013-119.res.spectrum.com | - | High |
111 | 24.190.11.79 | ool-18be0b4f.dyn.optonline.net | - | High |
112 | 24.201.79.34 | modemcable034.79-201-24.mc.videotron.ca | - | High |
113 | 24.203.4.40 | modemcable040.4-203-24.mc.videotron.ca | - | High |
114 | 24.217.117.217 | 024-217-117-217.res.spectrum.com | - | High |
115 | 24.232.0.227 | smtp.fibertel.com.ar | - | High |
116 | 24.232.228.233 | OL233-228.fibertel.com.ar | - | High |
117 | 24.244.177.40 | - | - | High |
118 | 24.245.65.66 | host-24-245-65-66.vyvebroadband.net | - | High |
119 | 27.50.89.209 | 27-50-89-209.as45671.net | - | High |
120 | 27.54.89.58 | vm-1m-r44.ipv4.per01.ds.network | - | High |
121 | 27.78.27.110 | localhost | - | High |
122 | 27.82.13.10 | KD027082013010.ppp-bb.dion.ne.jp | - | High |
123 | 27.109.24.214 | - | - | High |
124 | 27.114.9.93 | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High |
125 | 27.254.81.87 | cloud-linux09.thaidata.net | - | High |
126 | 31.3.135.232 | mirror.tillo.ch | - | High |
127 | 31.22.4.160 | sv.comparelight.com | - | High |
128 | 31.24.158.56 | bm.servidoresdedicados.com | - | High |
129 | 31.167.248.50 | - | - | High |
130 | 31.172.86.183 | - | - | High |
131 | 31.207.89.74 | - | - | High |
132 | 34.80.191.247 | 247.191.80.34.bc.googleusercontent.com | - | Medium |
133 | 34.117.59.81 | 81.59.117.34.bc.googleusercontent.com | - | Medium |
134 | 34.192.19.33 | ec2-34-192-19-33.compute-1.amazonaws.com | - | Medium |
135 | 35.143.99.174 | 035-143-099-174.biz.spectrum.com | - | High |
136 | 35.184.245.68 | 68.245.184.35.bc.googleusercontent.com | - | Medium |
137 | 35.190.87.116 | 116.87.190.35.bc.googleusercontent.com | - | Medium |
138 | 35.203.98.50 | 50.98.203.35.bc.googleusercontent.com | - | Medium |
139 | 35.213.151.141 | 141.151.213.35.bc.googleusercontent.com | - | Medium |
140 | 35.214.151.75 | 75.151.214.35.bc.googleusercontent.com | - | Medium |
141 | 36.67.23.59 | - | - | High |
142 | 36.91.44.183 | - | - | High |
143 | 37.9.175.14 | 14.175.9.37.in-addr.arpa.websupport.sk | - | High |
144 | 37.44.244.177 | - | - | High |
145 | 37.46.129.215 | we-too.ru | - | High |
146 | 37.59.209.141 | - | - | High |
147 | 37.97.135.82 | 37-97-135-82.colo.transip.net | - | High |
148 | 37.120.175.15 | v220220112692175454.nicesrv.de | - | High |
149 | 37.139.21.175 | 37.139.21.175-e2-8080-keep-up | - | High |
150 | 37.179.204.33 | - | - | High |
151 | 37.187.4.178 | ks2.kku.io | - | High |
152 | 37.187.5.82 | ks3370412.kimsufi.com | - | High |
153 | 37.187.56.166 | - | - | High |
154 | 37.187.57.57 | ns3357940.ovh.net | - | High |
155 | 37.187.72.193 | ns3362285.ip-37-187-72.eu | - | High |
156 | 37.187.115.122 | ns328855.ip-37-187-115.eu | - | High |
157 | 37.187.161.206 | toolbox.alabs.io | - | High |
158 | 37.205.9.252 | s1.ithelp24.eu | - | High |
159 | 37.220.6.126 | mac-qq.space | - | High |
160 | 37.221.70.250 | b2b-customer.inftele.net | - | High |
161 | 37.228.137.204 | wiki.lmap.ir | - | High |
162 | 37.247.101.241 | server241.turkwebdizayn.com | - | High |
163 | 40.97.124.18 | - | - | High |
164 | 41.73.252.195 | - | - | High |
165 | 41.76.108.46 | - | - | High |
166 | 41.169.20.147 | - | - | High |
167 | 41.169.36.237 | - | - | High |
168 | 41.185.28.84 | brf01-nix01.wadns.net | - | High |
169 | 41.185.29.128 | abp79-nix01.wadns.net | - | High |
170 | 41.190.32.8 | smtp11.utande.co.zw | - | High |
171 | 41.203.62.170 | - | - | High |
172 | 41.204.202.41 | www41.cpt2.host-h.net | - | High |
173 | 41.231.225.139 | - | - | High |
174 | 42.62.40.103 | - | - | High |
175 | 43.229.62.186 | rocket-cheese.bnr.la | - | High |
176 | 45.16.226.117 | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High |
177 | 45.33.35.103 | li985-103.members.linode.com | - | High |
178 | 45.33.54.74 | li1004-74.members.linode.com | - | High |
179 | 45.33.77.42 | li1023-42.members.linode.com | - | High |
180 | 45.46.37.97 | cpe-45-46-37-97.maine.res.rr.com | - | High |
181 | 45.55.36.51 | - | - | High |
182 | 45.55.82.2 | - | - | High |
183 | 45.55.179.121 | - | - | High |
184 | 45.55.191.130 | - | - | High |
185 | 45.55.219.163 | - | - | High |
186 | 45.56.88.91 | 45-56-88-91.ip.linodeusercontent.com | - | High |
187 | 45.56.127.75 | li945-75.members.linode.com | - | High |
188 | 45.59.204.133 | rrcs-45-59-204-133.west.biz.rr.com | - | High |
189 | 45.71.195.104 | - | - | High |
190 | 45.76.1.145 | 45.76.1.145.vultrusercontent.com | - | High |
191 | 45.76.159.214 | 45.76.159.214.vultrusercontent.com | - | High |
192 | 45.76.176.10 | 45.76.176.10.vultrusercontent.com | - | High |
193 | 45.76.181.158 | 45.76.181.158.vultrusercontent.com | - | High |
194 | 45.77.154.161 | 45.77.154.161.vultrusercontent.com | - | High |
195 | 45.79.95.107 | li1194-107.members.linode.com | - | High |
196 | 45.79.173.200 | 45-79-173-200.ip.linodeusercontent.com | - | High |
197 | 45.79.188.67 | li1287-67.members.linode.com | - | High |
198 | 45.80.148.200 | - | - | High |
199 | 45.118.115.99 | - | - | High |
200 | 45.118.135.203 | 45-118-135-203.ip.linodeusercontent.com | - | High |
201 | 45.118.136.92 | - | - | High |
202 | 45.119.83.237 | - | - | High |
203 | 45.138.98.34 | xtream | - | High |
204 | 45.142.114.231 | mail.dounutmail.de | - | High |
205 | 45.161.242.102 | 45-161-242-102.megalink.com.br | - | High |
206 | 45.176.232.124 | - | - | High |
207 | 45.176.232.125 | - | - | High |
208 | 45.184.36.10 | - | - | High |
209 | 45.184.103.73 | - | - | High |
210 | 45.186.16.18 | 45-186-16-18.winnet.com.br | - | High |
211 | 45.230.45.171 | - | - | High |
212 | 45.235.8.30 | - | - | High |
213 | 45.252.251.10 | - | - | High |
214 | 46.4.100.178 | support.wizard-shopservice.de | - | High |
215 | 46.4.192.185 | static.185.192.4.46.clients.your-server.de | - | High |
216 | 46.28.111.142 | enkindu.jsuchy.net | - | High |
217 | 46.30.213.132 | - | - | High |
218 | 46.32.229.152 | 094882.vps-10.com | - | High |
219 | 46.32.233.226 | yetitoolusa.com | - | High |
220 | 46.38.238.8 | v2202109122001163131.happysrv.de | - | High |
221 | 46.43.2.95 | chris.default.cjenkinson.uk0.bigv.io | - | High |
222 | 46.49.124.53 | - | - | High |
223 | 46.55.222.11 | - | - | High |
224 | 46.101.58.37 | 46.101.58.37-e1-8080 | - | High |
225 | 46.105.81.76 | myu0.cylipo.sbs | - | High |
226 | 46.105.114.137 | ns3188253.ip-46-105-114.eu | - | High |
227 | 46.105.131.68 | http.adven.fr | - | High |
228 | 46.105.131.69 | epouventaille.adven.fr | - | High |
229 | 46.105.131.79 | relay.adven.fr | - | High |
230 | 46.105.131.87 | pop.adven.fr | - | High |
231 | 46.105.236.18 | - | - | High |
232 | 46.165.212.76 | - | - | High |
233 | 46.165.254.206 | - | - | High |
234 | 46.214.107.142 | 46-214-107-142.next-gen.ro | - | High |
235 | 47.36.140.164 | 047-036-140-164.res.spectrum.com | - | High |
236 | 47.52.19.221 | - | - | High |
237 | 47.110.149.223 | - | - | High |
238 | 47.144.21.37 | 47-144-21-37.lsan.ca.frontiernet.net | - | High |
239 | 47.146.32.175 | - | - | High |
240 | 47.146.39.147 | - | - | High |
241 | 47.150.11.161 | - | - | High |
242 | 47.188.131.94 | - | - | High |
243 | 47.201.208.154 | - | - | High |
244 | 47.246.24.225 | - | - | High |
245 | 47.246.24.226 | - | - | High |
246 | 47.246.24.230 | - | - | High |
247 | 47.246.24.232 | - | - | High |
248 | 49.12.121.47 | filezilla-project.org | - | High |
249 | 49.50.209.131 | 131.host-49-50-209.euba.megatel.co.nz | - | High |
250 | 49.205.182.134 | 49.205.182.134.actcorp.in | - | High |
251 | 49.212.135.76 | os3-321-50322.vs.sakura.ne.jp | - | High |
252 | 49.212.155.94 | os3-325-52340.vs.sakura.ne.jp | - | High |
253 | 50.22.35.194 | c2.23.1632.ip4.static.sl-reverse.com | - | High |
254 | 50.23.248.182 | b6.f8.1732.ip4.static.sl-reverse.com | - | High |
255 | 50.28.51.143 | - | - | High |
256 | 50.30.40.196 | usve255301.serverprofi24.com | - | High |
257 | 50.31.146.101 | mail.brillinjurylaw.com | - | High |
258 | 50.31.174.165 | priva28.privatednsorg.com | - | High |
259 | 50.56.135.44 | - | - | High |
260 | 50.62.176.42 | p3plcpnl0515.prod.phx3.secureserver.net | - | High |
261 | 50.62.176.244 | p3plcpnl0728.prod.phx3.secureserver.net | - | High |
262 | 50.62.194.30 | ip-50-62-194-30.ip.secureserver.net | - | High |
263 | 50.63.8.21 | ip-50-63-8-21.ip.secureserver.net | - | High |
264 | 50.78.167.65 | millcreek.cc | - | High |
265 | 50.87.59.65 | 50-87-59-65.unifiedlayer.com | - | High |
266 | 50.87.144.137 | gator3103.hostgator.com | - | High |
267 | 50.87.144.197 | gator3161.hostgator.com | - | High |
268 | 50.87.150.177 | 50-87-150-177.unifiedlayer.com | - | High |
269 | 50.91.114.38 | 050-091-114-038.res.spectrum.com | - | High |
270 | 50.92.101.60 | d50-92-101-60.bchsia.telus.net | - | High |
271 | 50.116.54.215 | li440-215.members.linode.com | - | High |
272 | 50.116.78.109 | intersearchmedia.com | - | High |
273 | 50.116.86.205 | template3.domain.com | - | High |
274 | 50.116.111.59 | its.itsagigdeal.com | - | High |
275 | 50.121.220.50 | static-50-121-220-50.clbg.wv.frontiernet.net | - | High |
276 | 50.245.107.73 | 50-245-107-73-static.hfc.comcastbusiness.net | - | High |
277 | 51.15.4.22 | 51-15-4-22.rev.poneytelecom.eu | - | High |
278 | 51.15.7.145 | 51-15-7-145.rev.poneytelecom.eu | - | High |
279 | 51.38.71.0 | 0.ip-51-38-71.eu | - | High |
280 | 51.38.124.206 | 206.ip-51-38-124.eu | - | High |
281 | 51.38.201.19 | ip19.ip-51-38-201.eu | - | High |
282 | 51.68.141.164 | 164.ip-51-68-141.eu | - | High |
283 | 51.68.175.8 | vps-9dba3732.vps.ovh.net | - | High |
284 | 51.68.220.244 | vps-7a400d57.vps.ovh.net | - | High |
285 | 51.75.33.120 | ip120.ip-51-75-33.eu | - | High |
286 | 51.75.33.127 | ip127.ip-51-75-33.eu | - | High |
287 | 51.77.82.125 | ip125.51-77-82.iproute.de | - | High |
288 | 51.77.113.100 | titan40.fastworldwideweb.com | - | High |
289 | 51.79.205.117 | vps-c0828464.vps.ovh.ca | - | High |
290 | 51.89.36.180 | ip180.ip-51-89-36.eu | - | High |
291 | 51.89.199.141 | ip141.ip-51-89-199.eu | - | High |
292 | 51.91.7.5 | ns3147667.ip-51-91-7.eu | - | High |
293 | 51.91.76.89 | 89.ip-51-91-76.eu | - | High |
294 | 51.91.142.158 | ayome.eu | - | High |
295 | 51.159.23.217 | jambold.co.uk | - | High |
296 | 51.159.35.157 | 51-159-35-157.rev.poneytelecom.eu | - | High |
297 | 51.161.73.194 | ip194.ip-51-161-73.net | - | High |
298 | 51.178.186.134 | ip134.ip-51-178-186.eu | - | High |
299 | 51.210.242.234 | vps-36767060.vps.ovh.net | - | High |
300 | 51.254.137.156 | mail.unolan.net | - | High |
301 | 51.254.140.238 | 238.ip-51-254-140.eu | - | High |
302 | 51.255.50.164 | vps-b6cfe010.vps.ovh.net | - | High |
303 | 51.255.165.160 | 160.ip-51-255-165.eu | - | High |
304 | 52.18.235.51 | ec2-52-18-235-51.eu-west-1.compute.amazonaws.com | - | Medium |
305 | 52.31.99.185 | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium |
306 | 52.66.202.63 | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium |
307 | 52.96.38.82 | - | - | High |
308 | 52.96.40.242 | - | - | High |
309 | 52.96.62.226 | - | - | High |
310 | 54.36.98.59 | 59.ip-54-36-98.eu | - | High |
311 | 54.36.185.60 | ip60.ip-54-36-185.eu | - | High |
312 | 54.37.106.167 | ip167.ip-54-37-106.eu | - | High |
313 | 54.37.228.122 | 122.ip-54-37-228.eu | - | High |
314 | 54.37.237.253 | ip253.ip-54-37-237.eu | - | High |
315 | 54.38.94.197 | ns3140984.ip-54-38-94.eu | - | High |
316 | 54.38.143.245 | tools.inovato.me | - | High |
317 | 54.38.143.246 | ip246.ip-54-38-143.eu | - | High |
318 | 54.38.242.185 | vps-f3507bbf.vps.ovh.net | - | High |
319 | 54.88.144.211 | va-smtp01.263.net | - | High |
320 | 58.1.242.115 | fntoska030019.oska.fnt.ftth4.ppp.ocn.ne.jp | - | High |
321 | 58.27.215.3 | 58-27-215-3.wateen.net | - | High |
322 | 58.94.58.13 | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High |
323 | 58.96.74.42 | 42.74.96.58.static.exetel.com.au | - | High |
324 | 58.171.38.26 | - | - | High |
325 | 58.216.16.130 | - | - | High |
326 | 58.227.42.236 | - | - | High |
327 | 59.110.18.236 | - | - | High |
328 | 59.120.5.154 | 59-120-5-154.hinet-ip.hinet.net | - | High |
329 | 59.124.1.19 | 59-124-1-19.hinet-ip.hinet.net | - | High |
330 | 59.148.253.194 | 059148253194.ctinets.com | - | High |
331 | 59.152.93.46 | 46.93.152.59.zipnetltd.com | - | High |
332 | 60.36.166.212 | imail.mail.plala.or.jp | - | High |
333 | 60.93.23.51 | softbank060093023051.bbtec.net | - | High |
334 | 60.108.128.186 | softbank060108128186.bbtec.net | - | High |
335 | 60.125.114.64 | softbank060125114064.bbtec.net | - | High |
336 | 60.249.78.226 | 60-249-78-226.hinet-ip.hinet.net | - | High |
337 | 61.19.246.238 | - | - | High |
338 | 61.197.37.169 | pl937.ag1001.nttpc.ne.jp | - | High |
339 | 62.28.40.155 | exchange.ptasp.com | - | High |
340 | 62.30.7.67 | 67.7-30-62.static.virginmediabusiness.co.uk | - | High |
341 | 62.75.141.82 | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High |
342 | 62.84.75.50 | mail.saadegrp.com.lb | - | High |
343 | 62.141.45.103 | vps2009743.fastwebserver.de | - | High |
344 | 62.149.128.42 | imaps.aruba.it | - | High |
345 | 62.149.128.72 | mxd4.aruba.it | - | High |
346 | 62.149.128.179 | pop3s.aruba.it | - | High |
347 | 62.149.128.200 | smtp1.aruba.it | - | High |
348 | 62.149.128.210 | smtpa1.aruba.it | - | High |
349 | 62.149.152.151 | - | - | High |
350 | 62.149.152.152 | - | - | High |
351 | 62.149.157.55 | - | - | High |
352 | 62.171.142.179 | vmi499457.contaboserver.net | - | High |
353 | 62.171.178.147 | vmi365451.contaboserver.net | - | High |
354 | 62.210.127.136 | 62-210-127-136.rev.poneytelecom.eu | - | High |
355 | 62.212.34.102 | - | - | High |
356 | 62.234.99.30 | - | - | High |
357 | 63.142.253.122 | - | - | High |
358 | 64.4.244.68 | - | - | High |
359 | 64.26.60.221 | pop5.csee.onr.siteprotect.com | - | High |
360 | 64.41.126.110 | securesmtp.csee.siteprotect.com | - | High |
361 | 64.59.136.142 | mail.shaw.ca | - | High |
362 | 64.60.82.82 | 64-60-82-82.static-ip.telepacific.net | - | High |
363 | 64.71.36.11 | - | - | High |
364 | 64.85.73.16 | - | - | High |
365 | 64.88.202.250 | - | - | High |
366 | 64.90.62.162 | pop.dreamhost.com | - | High |
367 | 64.91.228.45 | - | - | High |
368 | 64.98.36.5 | mail.b.hostedemail.com | - | High |
369 | 64.98.36.173 | mail.lawyers-mail.com | - | High |
370 | 64.183.73.122 | rrcs-64-183-73-122.west.biz.rr.com | - | High |
371 | 64.190.63.136 | - | - | High |
372 | 64.207.182.168 | - | - | High |
373 | 64.227.55.231 | - | - | High |
374 | 64.227.100.222 | - | - | High |
375 | 64.250.117.68 | smtp.movistarcloud.com.ve | - | High |
376 | 65.49.60.163 | 65-49-60-163.ip.linodeusercontent.com | - | High |
377 | 65.55.72.183 | origin.sn134w.snt134.mail.live.com | - | High |
378 | 65.156.53.186 | 65-156-53-186.dia.static.qwest.net | - | High |
379 | 65.182.102.90 | mail.geantes.com | - | High |
380 | 65.254.228.100 | customer.hostcentric.com | - | High |
381 | 66.23.200.58 | - | - | High |
382 | 66.42.55.5 | 66.42.55.5.vultrusercontent.com | - | High |
383 | 66.42.57.149 | 66.42.57.149.vultrusercontent.com | - | High |
384 | 66.50.57.73 | 66-50-57-73.prtc.net | - | High |
385 | 66.54.51.172 | - | - | High |
386 | 66.71.241.102 | mail.nixhost.net | - | High |
387 | 66.76.26.33 | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High |
388 | 66.96.134.1 | 1.134.96.66.static.eigbox.net | - | High |
389 | 66.96.147.103 | 103.147.96.66.static.eigbox.net | - | High |
390 | 66.96.147.110 | 110.147.96.66.static.eigbox.net | - | High |
391 | 66.195.202.115 | mail.navarac.com | - | High |
392 | 66.209.69.165 | - | - | High |
393 | 66.216.234.131 | 066-216-234-131.res.spectrum.com | - | High |
394 | 66.220.110.56 | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High |
395 | 66.228.32.31 | li282-31.members.linode.com | - | High |
396 | 66.228.45.129 | li326-129.members.linode.com | - | High |
397 | 66.228.61.248 | li318-248.members.linode.com | - | High |
398 | 67.10.155.92 | cpe-67-10-155-92.satx.res.rr.com | - | High |
399 | 67.19.105.107 | ns2.datatrust.com.br | - | High |
400 | 67.68.235.25 | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High |
401 | 67.163.161.107 | c-67-163-161-107.hsd1.pa.comcast.net | - | High |
402 | 67.170.250.203 | c-67-170-250-203.hsd1.ca.comcast.net | - | High |
403 | 67.177.71.77 | c-67-177-71-77.hsd1.al.comcast.net | - | High |
404 | 67.195.197.75 | p9ats-i.geo.vip.bf1.yahoo.com | - | High |
405 | 67.195.228.95 | unknown.yahoo.com | - | High |
406 | 67.205.162.68 | - | - | High |
407 | 67.212.168.237 | 237.168.212.67.unassigned.ord.singlehop.net | - | High |
408 | 67.216.131.134 | 134.131.216.67.134.static.hargray.net | - | High |
409 | 67.222.2.148 | - | - | High |
410 | 67.225.218.50 | lb01.parklogic.com | - | High |
411 | 67.225.221.173 | host.hddpool2.net | - | High |
412 | 67.225.229.55 | - | - | High |
413 | 67.241.81.253 | cpe-67-241-81-253.twcny.res.rr.com | - | High |
414 | 68.2.97.91 | ip68-2-97-91.ph.ph.cox.net | - | High |
415 | 68.44.137.144 | c-68-44-137-144.hsd1.in.comcast.net | - | High |
416 | 68.66.194.12 | 68.66.194.12.static.a2webhosting.com | - | High |
417 | 68.66.248.6 | nl1-ls1.a2hosting.com | - | High |
418 | 68.178.213.203 | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High |
419 | 68.183.62.61 | - | - | High |
420 | 68.183.91.111 | romeo.samplebox.in | - | High |
421 | 68.183.93.250 | - | - | High |
422 | 68.183.170.114 | 68.183.170.114-e1-8080-keep-up | - | High |
423 | 68.183.190.199 | 68.183.190.199-e1-8080-keep-up | - | High |
424 | 68.183.233.80 | - | - | High |
425 | 69.16.218.101 | - | - | High |
426 | 69.16.228.14 | kurt.duplika.com | - | High |
427 | 69.16.254.127 | cloudvpsserver.etelligens.in | - | High |
428 | 69.17.170.58 | unallocated-static.rogers.com | - | High |
429 | 69.43.168.200 | ns0.imunplugged.com | - | High |
430 | ... | ... | ... | ... |
There are 1715 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High |
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High |
3 | T1055 | CWE-74 | Injection | High |
4 | T1059 | CWE-94 | Cross Site Scripting | High |
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
6 | ... | ... | ... | ... |
There are 20 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /.env |
Low |
2 | File | /admin.php/Admin/adminadd.html |
High |
3 | File | /admin/admin.php |
High |
4 | File | /admin/controller/JobLogController.java |
High |
5 | File | /Admin/dashboard.php |
High |
6 | File | /admin/problem_judge.php |
High |
7 | File | /api/user/password/sent-reset-email |
High |
8 | File | /asms/admin/mechanics/manage_mechanic.php |
High |
9 | File | /asms/classes/Master.php?f=delete_mechanic |
High |
10 | File | /asms/classes/Master.php?f=delete_service |
High |
11 | File | /category.php |
High |
12 | File | /cgi-bin/wlogin.cgi |
High |
13 | File | /CommunitySSORedirect.jsp |
High |
14 | File | /Content/Template/root/reverse-shell.aspx |
High |
15 | File | /debug/pprof |
Medium |
16 | File | /diag_ping_admin.asp |
High |
17 | File | /diag_tracert_admin.asp |
High |
18 | File | /etc/tomcat8/Catalina/attack |
High |
19 | File | /index/user/user_edit.html |
High |
20 | File | /login |
Low |
21 | File | /login.php |
Medium |
22 | File | /Member/memberedit.html |
High |
23 | File | /opt/zimbra/jetty/webapps/zimbra/public |
High |
24 | ... | ... | ... |
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://1275.ru/ioc/59/emotet-trojan-ioc/
- https://1275.ru/ioc/117/emotet-botnet-iocs/
- https://1275.ru/ioc/128/emotet-epoch5-x64-botnet-iocs/
- https://1275.ru/ioc/526/emotet-botnet-iocs-part-12/
- https://asec.ahnlab.com/en/31083/
- https://asec.ahnlab.com/en/31429/
- https://asec.ahnlab.com/en/31535/
- https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
- https://blog.talosintelligence.com/2018/07/threat-roundup-0720-0727.html
- https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
- https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html
- https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
- https://blog.talosintelligence.com/2018/12/threat-roundup-1130-1207.html
- https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html
- https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html
- https://blog.talosintelligence.com/2019/01/threat-roundup-0118-0125.html
- https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html
- https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html
- https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
- https://blog.talosintelligence.com/2019/04/threat-roundup-0419-to-0426.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0517-0524.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
- https://blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html
- https://blog.talosintelligence.com/2019/09/threat-roundup-0906-0913.html
- https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
- https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html
- https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html
- https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0221-0228.html
- https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
- https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
- https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html
- https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
- https://blog.talosintelligence.com/2020/06/threat-roundup-0619-0626.html
- https://blog.talosintelligence.com/2020/07/threat-roundup-0703-0710.html
- https://blog.talosintelligence.com/2020/07/threat-roundup-0710-0717.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
- https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0828-0904.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-0925-1002.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1002-1009.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1016-1023.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
- https://blog.talosintelligence.com/2020/11/threat-roundup-1030-1106.html
- https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
- https://blog.talosintelligence.com/2021/01/threat-roundup-0115-0122.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0723-0730.html
- https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
- https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
- https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
- https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
- https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
- https://blog.talosintelligence.com/2022/03/threat-roundup-0225-0304.html
- https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
- https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
- https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
- https://blogs.blackberry.com/en/2017/12/threat-spotlight-emotet-infostealer-malware
- https://blogs.cisco.com/security/emotet-is-back
- https://community.blueliv.com/#!/s/5f73a4dd82df413eac3478ef
- https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
- https://community.blueliv.com/#!/s/5fe35ede82df413eaf3451df
- https://cyber.wtf/2021/11/15/guess-whos-back/
- https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
- https://github.com/blackorbird/APT_REPORT/blob/master/cybercrime/emotet/Emotet_Exposed_A_Look_Inside_the_Cybercriminal_Supply_Chain.pdf
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-17%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-09%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-20%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-20%20Emotet_2%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-25%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-26%20%26%2027%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-02%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-07%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-08%20Emotet%20IOCs%20(AM)
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-22%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-23%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-28%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-01%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-14%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-15%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-16%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-28%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-29%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-01%20Emotet%20(E5)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-21%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-27%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-11%20Emotet%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-16%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-16%20Emotet%20(E5)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-17%20Emotet%20(E5)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-18%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-24%20Emotet%20(E5)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-03%20Emotet%20(E4)%20Additional%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-07%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-09%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-09%20Emotet%20(E5)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-14%20Emotet%20(E4)%20%232%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-15%20Emotet%20(E4)%20PM%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-21%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-28%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-30%20Emotet%20(E4)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-05%20Emotet%20(E4)%20IOCs
- https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_05.02.2022.txt
- https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_24.03.2022.txt
- https://isc.sans.edu/forums/diary/Emotet+infection+with+Cobalt+Strike/28824/
- https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
- https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
- https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
- https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
- https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
- https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
- https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
- https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
- https://lawiet47.github.io/malware_writeups/Emotet/
- https://pastebin.com/gT80R12S
- https://pastebin.com/uPn1zM6b
- https://unit42.paloaltonetworks.com/emotet-command-and-control/
- https://www.cert.pl/en/posts/2017/05/analysis-of-emotet-v4/
- https://www.malware-traffic-analysis.net/2022/06/07/index2.html
- https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!