Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 09:53:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
b9e5acb9da
cyber_threat_intelligence/Emotet/README.md
Marc Ruef 22f05d0892 Update
2022-01-27 15:47:14 +01:00

9.8 KiB
Raw Blame History

Emotet - Cyber Threat Intelligence

The indicators are related to VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

  • VN
  • US
  • CN
  • ...

There are 7 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Confidence
1 1.186.249.82 1.186.249.82.dvois.com High
2 1.226.84.243 - High
3 2.58.16.86 - High
4 2.58.16.89 - High
5 2.82.75.215 bl21-75-215.dsl.telepac.pt High
6 5.2.84.232 momos.alastyr.com High
7 5.2.136.90 static-5-2-136-90.rdsnet.ro High
8 5.2.182.7 static-5-2-182-7.rdsnet.ro High
9 5.2.212.254 static-5-2-212-254.rdsnet.ro High
10 5.12.246.155 5-12-246-155.residential.rdsnet.ro High
11 5.39.91.110 ns3278366.ip-5-39-91.eu High
12 5.79.70.250 - High
13 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it High
14 5.196.35.138 vps10.open-techno.net High
15 5.230.193.41 casagarcia-web.sys.netzfabrik.eu High
16 8.4.9.137 onlinehorizons.net High
17 12.32.68.154 mail.sealscoinc.com High
18 12.149.72.170 - High
19 12.162.84.2 - High
20 12.163.208.58 - High
21 12.182.146.226 - High
22 12.184.217.101 - High
23 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com High
24 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com High
25 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com High
26 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com High
27 23.239.2.11 li683-11.members.linode.com High
28 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com High
29 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net High
30 24.119.116.230 24-119-116-230.cpe.sparklight.net High
31 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net High
32 24.137.76.62 host-24-137-76-62.public.eastlink.ca High
33 24.178.90.49 024-178-090-049.res.spectrum.com High
34 24.179.13.119 024-179-013-119.res.spectrum.com High
35 24.217.117.217 024-217-117-217.res.spectrum.com High
36 24.232.228.233 OL233-228.fibertel.com.ar High
37 24.244.177.40 - High
38 27.78.27.110 localhost High
39 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp High
40 27.109.24.214 - High
41 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp High
42 36.91.44.183 - High
43 37.46.129.215 we-too.ru High
44 37.97.135.82 37-97-135-82.colo.transip.net High
45 37.139.21.175 37.139.21.175-e2-8080-keep-up High
46 37.179.204.33 - High
47 37.187.4.178 ks2.kku.io High
48 37.187.57.57 ns3357940.ovh.net High
49 37.187.72.193 ns3362285.ip-37-187-72.eu High
50 37.187.161.206 toolbox.alabs.io High
51 37.205.9.252 s1.ithelp24.eu High
52 37.221.70.250 b2b-customer.inftele.net High
53 41.169.36.237 - High
54 41.185.28.84 brf01-nix01.wadns.net High
55 41.185.29.128 abp79-nix01.wadns.net High
56 41.231.225.139 - High
57 42.62.40.103 - High
58 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net High
59 45.33.77.42 li1023-42.members.linode.com High
60 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com High
61 45.55.36.51 - High
62 45.55.219.163 - High
63 45.79.95.107 li1194-107.members.linode.com High
64 45.230.45.171 - High
65 46.4.100.178 support.wizard-shopservice.de High
66 46.4.192.185 static.185.192.4.46.clients.your-server.de High
67 46.28.111.142 enkindu.jsuchy.net High
68 46.32.229.152 094882.vps-10.com High
69 46.32.233.226 yetitoolusa.com High
70 46.38.238.8 v2202109122001163131.happysrv.de High
71 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io High
72 46.101.58.37 46.101.58.37-e1-8080 High
73 46.105.81.76 myu0.cylipo.sbs High
74 46.105.114.137 ns3188253.ip-46-105-114.eu High
75 46.105.131.68 http.adven.fr High
76 46.105.131.79 relay.adven.fr High
77 46.105.131.87 pop.adven.fr High
78 46.165.254.206 - High
79 47.36.140.164 047-036-140-164.res.spectrum.com High
80 47.146.39.147 - High
81 47.188.131.94 - High
82 49.12.121.47 filezilla-project.org High
83 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz High
84 49.212.135.76 os3-321-50322.vs.sakura.ne.jp High
85 49.212.155.94 os3-325-52340.vs.sakura.ne.jp High
86 50.28.51.143 - High
87 50.31.146.101 mail.brillinjurylaw.com High
88 50.91.114.38 050-091-114-038.res.spectrum.com High
89 50.116.78.109 intersearchmedia.com High
90 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net High
91 51.15.7.145 51-15-7-145.rev.poneytelecom.eu High
92 51.75.33.127 ip127.ip-51-75-33.eu High
93 51.89.36.180 ip180.ip-51-89-36.eu High
94 51.89.199.141 ip141.ip-51-89-199.eu High
95 51.255.165.160 160.ip-51-255-165.eu High
96 54.38.143.245 tools.inovato.me High
97 58.27.215.3 58-27-215-3.wateen.net High
98 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp High
99 59.148.253.194 059148253194.ctinets.com High
100 60.93.23.51 softbank060093023051.bbtec.net High
101 60.108.128.186 softbank060108128186.bbtec.net High
102 60.125.114.64 softbank060125114064.bbtec.net High
103 60.249.78.226 60-249-78-226.hinet-ip.hinet.net High
104 61.19.246.238 - High
105 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk High
106 ... ... ...

There are 419 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Description Confidence
1 T1059.007 Cross Site Scripting High
2 T1068 Execution with Unnecessary Privileges High
3 T1110.001 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ...

There are 8 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /?ajax-request=jnews High
2 File /ajax_crud Medium
3 File /appliance/users?action=edit High
4 File /assets/ctx Medium
5 File /core/table/query High
6 File /dev/ion Medium
7 File /ecma/operations/ecma-objects.c High
8 File /forum/away.php High
9 File /GetCopiedFile High
10 File /goform/activate_process High
11 File /hdf5/src/H5T.c High
12 File /include/chart_generator.php High
13 File /jerry-core/ecma/base/ecma-gc.c High
14 File /jerry-core/ecma/base/ecma-helpers-conversion.c High
15 File /jerry-core/ecma/base/ecma-lcache.c High
16 File /jerry-core/ecma/operations/ecma-objects.c High
17 File /jerry-core/vm/vm.c High
18 File /ms/mdiy/model/importJson.do High
19 File /ms/template/writeFileContent.do High
20 ... ... ...

There are 167 more IOA items available. Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!