Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Emotet/README.md

52 KiB
Raw Blame History

Emotet - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

There are 3 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Campaign Confidence
1 1.186.249.82 1.186.249.82.dvois.com - High
2 1.226.84.243 - - High
3 1.234.2.232 - - High
4 1.234.21.73 - - High
5 2.47.112.152 net-2-47-112-152.cust.vodafonedsl.it - High
6 2.58.16.86 - - High
7 2.58.16.87 - - High
8 2.58.16.89 - - High
9 2.82.75.215 bl21-75-215.dsl.telepac.pt - High
10 5.2.75.167 coms.a9v34.com.cn - High
11 5.2.84.232 momos.alastyr.com - High
12 5.2.136.90 static-5-2-136-90.rdsnet.ro - High
13 5.2.182.7 static-5-2-182-7.rdsnet.ro - High
14 5.2.212.254 static-5-2-212-254.rdsnet.ro - High
15 5.9.49.12 static.12.49.9.5.clients.your-server.de - High
16 5.9.116.246 static.246.116.9.5.clients.your-server.de - High
17 5.9.128.163 static.163.128.9.5.clients.your-server.de - High
18 5.9.189.24 static.24.189.9.5.clients.your-server.de - High
19 5.12.246.155 5-12-246-155.residential.rdsnet.ro - High
20 5.35.249.46 rs250366.rs.hosteurope.de - High
21 5.39.69.166 ns340204.ip-5-39-69.eu - High
22 5.39.84.48 ns3126815.ip-5-39-84.eu - High
23 5.39.91.110 ns3278366.ip-5-39-91.eu - High
24 5.45.108.146 cosmo.jumpingcrab.com - High
25 5.56.56.146 sites1.tucomunidad.cloud - High
26 5.56.132.177 asiatech.dn-server.com - High
27 5.79.70.250 - - High
28 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it - High
29 5.101.138.188 uk.mthservers.com - High
30 5.159.57.195 www-riedle.transfermarkt.de - High
31 5.189.160.61 ip-61-160-189-5.static.contabo.net - High
32 5.196.35.138 vps10.open-techno.net - High
33 5.196.73.150 ns3000085.ip-5-196-73.eu - High
34 5.196.133.206 pixelfed.hosnet.fr - High
35 5.230.193.41 casagarcia-web.sys.netzfabrik.eu - High
36 8.4.9.137 onlinehorizons.net - High
37 8.9.11.48 8.9.11.48.vultrusercontent.com - High
38 8.247.6.134 - - High
39 8.248.153.254 - - High
40 8.248.163.254 - - High
41 8.249.219.254 - - High
42 8.249.241.254 - - High
43 8.253.45.214 - - High
44 8.253.131.121 - - High
45 12.6.148.4 mail.carters.com - High
46 12.6.183.21 - - High
47 12.32.68.154 mail.sealscoinc.com - High
48 12.149.72.170 - - High
49 12.162.84.2 - - High
50 12.163.208.58 - - High
51 12.182.146.226 - - High
52 12.184.217.101 - - High
53 12.222.134.10 - - High
54 12.238.114.130 - - High
55 13.107.21.200 - - High
56 14.49.39.215 - - High
57 17.36.205.74 - - High
58 17.56.136.171 p74-smtp.mail.icloud.com - High
59 18.209.113.128 ec2-18-209-113-128.compute-1.amazonaws.com - Medium
60 18.211.9.206 ec2-18-211-9-206.compute-1.amazonaws.com - Medium
61 18.217.99.164 ec2-18-217-99-164.us-east-2.compute.amazonaws.com - Medium
62 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
63 23.3.13.146 a23-3-13-146.deploy.static.akamaitechnologies.com - High
64 23.3.13.153 a23-3-13-153.deploy.static.akamaitechnologies.com - High
65 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
66 23.5.231.225 a23-5-231-225.deploy.static.akamaitechnologies.com - High
67 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com - High
68 23.6.69.99 a23-6-69-99.deploy.static.akamaitechnologies.com - High
69 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com - High
70 23.41.248.194 a23-41-248-194.deploy.static.akamaitechnologies.com - High
71 23.46.53.71 a23-46-53-71.deploy.static.akamaitechnologies.com - High
72 23.46.238.193 a23-46-238-193.deploy.static.akamaitechnologies.com - High
73 23.46.238.194 a23-46-238-194.deploy.static.akamaitechnologies.com - High
74 23.46.238.232 a23-46-238-232.deploy.static.akamaitechnologies.com - High
75 23.52.7.20 a23-52-7-20.deploy.static.akamaitechnologies.com - High
76 23.67.200.172 a23-67-200-172.deploy.static.akamaitechnologies.com - High
77 23.67.202.10 a23-67-202-10.deploy.static.akamaitechnologies.com - High
78 23.95.95.18 23-95-95-18-host.colocrossing.com - High
79 23.111.156.118 23-111-156-118.static.hvvc.us - High
80 23.197.19.180 a23-197-19-180.deploy.static.akamaitechnologies.com - High
81 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
82 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com - High
83 23.218.127.164 a23-218-127-164.deploy.static.akamaitechnologies.com - High
84 23.218.141.31 a23-218-141-31.deploy.static.akamaitechnologies.com - High
85 23.221.50.122 a23-221-50-122.deploy.static.akamaitechnologies.com - High
86 23.227.38.64 shops.myshopify.com - High
87 23.229.115.217 - - High
88 23.229.190.0 ip-23-229-190-0.ip.secureserver.net - High
89 23.239.0.12 li680-12.members.linode.com - High
90 23.239.2.11 li683-11.members.linode.com - High
91 23.246.204.126 7e.cc.f617.ip4.static.sl-reverse.com - High
92 23.254.203.51 hwsrv-779084.hostwindsdns.com - High
93 24.40.239.62 24-40-239-62.fidnet.com - High
94 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com - High
95 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net - High
96 24.116.40.208 24-116-40-208.cpe.sparklight.net - High
97 24.119.116.230 24-119-116-230.cpe.sparklight.net - High
98 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net - High
99 24.137.76.62 host-24-137-76-62.public.eastlink.ca - High
100 24.178.90.49 024-178-090-049.res.spectrum.com - High
101 24.179.13.119 024-179-013-119.res.spectrum.com - High
102 24.190.11.79 ool-18be0b4f.dyn.optonline.net - High
103 24.201.79.34 modemcable034.79-201-24.mc.videotron.ca - High
104 24.203.4.40 modemcable040.4-203-24.mc.videotron.ca - High
105 24.217.117.217 024-217-117-217.res.spectrum.com - High
106 24.232.0.227 smtp.fibertel.com.ar - High
107 24.232.228.233 OL233-228.fibertel.com.ar - High
108 24.244.177.40 - - High
109 27.50.89.209 27-50-89-209.as45671.net - High
110 27.54.89.58 vm-1m-r44.ipv4.per01.ds.network - High
111 27.78.27.110 localhost - High
112 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp - High
113 27.109.24.214 - - High
114 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp - High
115 27.254.81.87 cloud-linux09.thaidata.net - High
116 31.3.135.232 mirror.tillo.ch - High
117 31.22.4.160 sv.comparelight.com - High
118 31.24.158.56 bm.servidoresdedicados.com - High
119 31.167.248.50 - - High
120 31.172.86.183 - - High
121 31.207.89.74 - - High
122 34.80.191.247 247.191.80.34.bc.googleusercontent.com - Medium
123 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
124 34.192.19.33 ec2-34-192-19-33.compute-1.amazonaws.com - Medium
125 35.184.245.68 68.245.184.35.bc.googleusercontent.com - Medium
126 35.190.87.116 116.87.190.35.bc.googleusercontent.com - Medium
127 35.203.98.50 50.98.203.35.bc.googleusercontent.com - Medium
128 35.213.151.141 141.151.213.35.bc.googleusercontent.com - Medium
129 35.214.151.75 75.151.214.35.bc.googleusercontent.com - Medium
130 36.67.23.59 - - High
131 36.91.44.183 - - High
132 37.9.175.14 14.175.9.37.in-addr.arpa.websupport.sk - High
133 37.44.244.177 - - High
134 37.46.129.215 we-too.ru - High
135 37.59.209.141 - - High
136 37.97.135.82 37-97-135-82.colo.transip.net - High
137 37.120.175.15 v220220112692175454.nicesrv.de - High
138 37.139.21.175 37.139.21.175-e2-8080-keep-up - High
139 37.179.204.33 - - High
140 37.187.4.178 ks2.kku.io - High
141 37.187.5.82 ks3370412.kimsufi.com - High
142 37.187.56.166 - - High
143 37.187.57.57 ns3357940.ovh.net - High
144 37.187.72.193 ns3362285.ip-37-187-72.eu - High
145 37.187.115.122 ns328855.ip-37-187-115.eu - High
146 37.187.161.206 toolbox.alabs.io - High
147 37.205.9.252 s1.ithelp24.eu - High
148 37.221.70.250 b2b-customer.inftele.net - High
149 37.228.137.204 wiki.lmap.ir - High
150 37.247.101.241 server241.turkwebdizayn.com - High
151 40.97.124.18 - - High
152 41.73.252.195 - - High
153 41.76.108.46 - - High
154 41.169.20.147 - - High
155 41.169.36.237 - - High
156 41.185.28.84 brf01-nix01.wadns.net - High
157 41.185.29.128 abp79-nix01.wadns.net - High
158 41.190.32.8 smtp11.utande.co.zw - High
159 41.203.62.170 - - High
160 41.204.202.41 www41.cpt2.host-h.net - High
161 41.231.225.139 - - High
162 42.62.40.103 - - High
163 43.229.62.186 rocket-cheese.bnr.la - High
164 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net - High
165 45.33.35.103 li985-103.members.linode.com - High
166 45.33.54.74 li1004-74.members.linode.com - High
167 45.33.77.42 li1023-42.members.linode.com - High
168 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com - High
169 45.55.36.51 - - High
170 45.55.82.2 - - High
171 45.55.179.121 - - High
172 45.55.191.130 - - High
173 45.55.219.163 - - High
174 45.56.88.91 45-56-88-91.ip.linodeusercontent.com - High
175 45.56.127.75 li945-75.members.linode.com - High
176 45.59.204.133 rrcs-45-59-204-133.west.biz.rr.com - High
177 45.71.195.104 - - High
178 45.76.1.145 45.76.1.145.vultrusercontent.com - High
179 45.76.159.214 45.76.159.214.vultrusercontent.com - High
180 45.76.176.10 45.76.176.10.vultrusercontent.com - High
181 45.76.181.158 45.76.181.158.vultrusercontent.com - High
182 45.77.154.161 45.77.154.161.vultrusercontent.com - High
183 45.79.95.107 li1194-107.members.linode.com - High
184 45.79.173.200 45-79-173-200.ip.linodeusercontent.com - High
185 45.79.188.67 li1287-67.members.linode.com - High
186 45.80.148.200 - - High
187 45.118.115.99 - - High
188 45.118.135.203 45-118-135-203.ip.linodeusercontent.com - High
189 45.118.136.92 - - High
190 45.119.83.237 - - High
191 45.138.98.34 xtream - High
192 45.142.114.231 mail.dounutmail.de - High
193 45.176.232.124 - - High
194 45.176.232.125 - - High
195 45.184.36.10 - - High
196 45.186.16.18 45-186-16-18.winnet.com.br - High
197 45.230.45.171 - - High
198 45.235.8.30 - - High
199 45.252.251.10 - - High
200 46.4.100.178 support.wizard-shopservice.de - High
201 46.4.192.185 static.185.192.4.46.clients.your-server.de - High
202 46.28.111.142 enkindu.jsuchy.net - High
203 46.30.213.132 - - High
204 46.32.229.152 094882.vps-10.com - High
205 46.32.233.226 yetitoolusa.com - High
206 46.38.238.8 v2202109122001163131.happysrv.de - High
207 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io - High
208 46.49.124.53 - - High
209 46.55.222.11 - - High
210 46.101.58.37 46.101.58.37-e1-8080 - High
211 46.105.81.76 myu0.cylipo.sbs - High
212 46.105.114.137 ns3188253.ip-46-105-114.eu - High
213 46.105.131.68 http.adven.fr - High
214 46.105.131.69 epouventaille.adven.fr - High
215 46.105.131.79 relay.adven.fr - High
216 46.105.131.87 pop.adven.fr - High
217 46.105.236.18 - - High
218 46.165.212.76 - - High
219 46.165.254.206 - - High
220 46.214.107.142 46-214-107-142.next-gen.ro - High
221 47.36.140.164 047-036-140-164.res.spectrum.com - High
222 47.52.19.221 - - High
223 47.110.149.223 - - High
224 47.146.32.175 - - High
225 47.146.39.147 - - High
226 47.150.11.161 - - High
227 47.188.131.94 - - High
228 47.201.208.154 - - High
229 47.246.24.225 - - High
230 47.246.24.226 - - High
231 47.246.24.230 - - High
232 47.246.24.232 - - High
233 49.12.121.47 filezilla-project.org - High
234 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz - High
235 49.212.135.76 os3-321-50322.vs.sakura.ne.jp - High
236 49.212.155.94 os3-325-52340.vs.sakura.ne.jp - High
237 50.22.35.194 c2.23.1632.ip4.static.sl-reverse.com - High
238 50.23.248.182 b6.f8.1732.ip4.static.sl-reverse.com - High
239 50.28.51.143 - - High
240 50.30.40.196 usve255301.serverprofi24.com - High
241 50.31.146.101 mail.brillinjurylaw.com - High
242 50.31.174.165 priva28.privatednsorg.com - High
243 50.56.135.44 - - High
244 50.62.176.42 p3plcpnl0515.prod.phx3.secureserver.net - High
245 50.62.176.244 p3plcpnl0728.prod.phx3.secureserver.net - High
246 50.62.194.30 ip-50-62-194-30.ip.secureserver.net - High
247 50.63.8.21 ip-50-63-8-21.ip.secureserver.net - High
248 50.78.167.65 millcreek.cc - High
249 50.87.59.65 50-87-59-65.unifiedlayer.com - High
250 50.87.144.137 gator3103.hostgator.com - High
251 50.87.144.197 gator3161.hostgator.com - High
252 50.87.150.177 50-87-150-177.unifiedlayer.com - High
253 50.91.114.38 050-091-114-038.res.spectrum.com - High
254 50.92.101.60 d50-92-101-60.bchsia.telus.net - High
255 50.116.54.215 li440-215.members.linode.com - High
256 50.116.78.109 intersearchmedia.com - High
257 50.116.86.205 template3.domain.com - High
258 50.121.220.50 static-50-121-220-50.clbg.wv.frontiernet.net - High
259 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net - High
260 51.15.4.22 51-15-4-22.rev.poneytelecom.eu - High
261 51.15.7.145 51-15-7-145.rev.poneytelecom.eu - High
262 51.38.71.0 0.ip-51-38-71.eu - High
263 51.38.124.206 206.ip-51-38-124.eu - High
264 51.38.201.19 ip19.ip-51-38-201.eu - High
265 51.68.141.164 164.ip-51-68-141.eu - High
266 51.68.175.8 vps-9dba3732.vps.ovh.net - High
267 51.68.220.244 vps-7a400d57.vps.ovh.net - High
268 51.75.33.120 ip120.ip-51-75-33.eu - High
269 51.75.33.127 ip127.ip-51-75-33.eu - High
270 51.77.82.125 ip125.51-77-82.iproute.de - High
271 51.77.113.100 titan40.fastworldwideweb.com - High
272 51.79.205.117 vps-c0828464.vps.ovh.ca - High
273 51.89.36.180 ip180.ip-51-89-36.eu - High
274 51.89.199.141 ip141.ip-51-89-199.eu - High
275 51.91.7.5 ns3147667.ip-51-91-7.eu - High
276 51.91.76.89 89.ip-51-91-76.eu - High
277 51.91.142.158 ayome.eu - High
278 51.159.23.217 jambold.co.uk - High
279 51.159.35.157 51-159-35-157.rev.poneytelecom.eu - High
280 51.161.73.194 ip194.ip-51-161-73.net - High
281 51.178.186.134 ip134.ip-51-178-186.eu - High
282 51.210.242.234 vps-36767060.vps.ovh.net - High
283 51.254.137.156 mail.unolan.net - High
284 51.254.140.238 238.ip-51-254-140.eu - High
285 51.255.50.164 vps-b6cfe010.vps.ovh.net - High
286 51.255.165.160 160.ip-51-255-165.eu - High
287 52.31.99.185 ec2-52-31-99-185.eu-west-1.compute.amazonaws.com - Medium
288 52.66.202.63 ec2-52-66-202-63.ap-south-1.compute.amazonaws.com - Medium
289 52.96.38.82 - - High
290 52.96.40.242 - - High
291 52.96.62.226 - - High
292 54.36.98.59 59.ip-54-36-98.eu - High
293 54.36.185.60 ip60.ip-54-36-185.eu - High
294 54.37.106.167 ip167.ip-54-37-106.eu - High
295 54.37.228.122 122.ip-54-37-228.eu - High
296 54.38.94.197 ns3140984.ip-54-38-94.eu - High
297 54.38.143.245 tools.inovato.me - High
298 54.38.143.246 ip246.ip-54-38-143.eu - High
299 54.38.242.185 vps-f3507bbf.vps.ovh.net - High
300 54.88.144.211 va-smtp01.263.net - High
301 58.27.215.3 58-27-215-3.wateen.net - High
302 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp - High
303 58.96.74.42 42.74.96.58.static.exetel.com.au - High
304 58.171.38.26 - - High
305 58.216.16.130 - - High
306 58.227.42.236 - - High
307 59.110.18.236 - - High
308 59.120.5.154 59-120-5-154.hinet-ip.hinet.net - High
309 59.124.1.19 59-124-1-19.hinet-ip.hinet.net - High
310 59.148.253.194 059148253194.ctinets.com - High
311 59.152.93.46 46.93.152.59.zipnetltd.com - High
312 60.36.166.212 imail.mail.plala.or.jp - High
313 60.93.23.51 softbank060093023051.bbtec.net - High
314 60.108.128.186 softbank060108128186.bbtec.net - High
315 60.125.114.64 softbank060125114064.bbtec.net - High
316 60.249.78.226 60-249-78-226.hinet-ip.hinet.net - High
317 61.19.246.238 - - High
318 61.197.37.169 pl937.ag1001.nttpc.ne.jp - High
319 62.28.40.155 exchange.ptasp.com - High
320 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk - High
321 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com - High
322 62.84.75.50 mail.saadegrp.com.lb - High
323 62.141.45.103 vps2009743.fastwebserver.de - High
324 62.149.128.42 imaps.aruba.it - High
325 62.149.128.72 mxd4.aruba.it - High
326 62.149.128.179 pop3s.aruba.it - High
327 62.149.128.200 smtp1.aruba.it - High
328 62.149.128.210 smtpa1.aruba.it - High
329 62.149.152.151 - - High
330 62.149.152.152 - - High
331 62.149.157.55 - - High
332 62.171.142.179 vmi499457.contaboserver.net - High
333 62.171.178.147 vmi365451.contaboserver.net - High
334 62.210.127.136 62-210-127-136.rev.poneytelecom.eu - High
335 62.212.34.102 - - High
336 62.234.99.30 - - High
337 63.142.253.122 - - High
338 64.4.244.68 - - High
339 64.26.60.221 pop5.csee.onr.siteprotect.com - High
340 64.41.126.110 securesmtp.csee.siteprotect.com - High
341 64.59.136.142 mail.shaw.ca - High
342 64.60.82.82 64-60-82-82.static-ip.telepacific.net - High
343 64.71.36.11 - - High
344 64.85.73.16 - - High
345 64.88.202.250 - - High
346 64.90.62.162 pop.dreamhost.com - High
347 64.91.228.45 - - High
348 64.98.36.5 mail.b.hostedemail.com - High
349 64.98.36.173 mail.lawyers-mail.com - High
350 64.183.73.122 rrcs-64-183-73-122.west.biz.rr.com - High
351 64.190.63.136 - - High
352 64.207.182.168 - - High
353 64.227.55.231 - - High
354 64.227.100.222 - - High
355 64.250.117.68 smtp.movistarcloud.com.ve - High
356 65.49.60.163 65-49-60-163.ip.linodeusercontent.com - High
357 65.55.72.183 origin.sn134w.snt134.mail.live.com - High
358 65.182.102.90 mail.geantes.com - High
359 65.254.228.100 customer.hostcentric.com - High
360 66.23.200.58 - - High
361 66.42.55.5 66.42.55.5.vultrusercontent.com - High
362 66.42.57.149 66.42.57.149.vultrusercontent.com - High
363 66.50.57.73 66-50-57-73.prtc.net - High
364 66.54.51.172 - - High
365 66.71.241.102 mail.nixhost.net - High
366 66.76.26.33 66-76-26-33.hdsncmta01.com.sta.suddenlink.net - High
367 66.96.134.1 1.134.96.66.static.eigbox.net - High
368 66.96.147.103 103.147.96.66.static.eigbox.net - High
369 66.96.147.110 110.147.96.66.static.eigbox.net - High
370 66.195.202.115 mail.navarac.com - High
371 66.209.69.165 - - High
372 66.216.234.131 066-216-234-131.res.spectrum.com - High
373 66.220.110.56 h66-220-110-56.bendor.broadband.dynamic.tds.net - High
374 66.228.32.31 li282-31.members.linode.com - High
375 66.228.45.129 li326-129.members.linode.com - High
376 66.228.61.248 li318-248.members.linode.com - High
377 67.19.105.107 ns2.datatrust.com.br - High
378 67.68.235.25 bas10-montrealak-67-68-235-25.dsl.bell.ca - High
379 67.163.161.107 c-67-163-161-107.hsd1.pa.comcast.net - High
380 67.170.250.203 c-67-170-250-203.hsd1.ca.comcast.net - High
381 67.177.71.77 c-67-177-71-77.hsd1.al.comcast.net - High
382 67.195.197.75 p9ats-i.geo.vip.bf1.yahoo.com - High
383 67.195.228.95 unknown.yahoo.com - High
384 67.205.162.68 - - High
385 67.212.168.237 237.168.212.67.unassigned.ord.singlehop.net - High
386 67.216.131.134 134.131.216.67.134.static.hargray.net - High
387 67.222.2.148 - - High
388 67.225.218.50 lb01.parklogic.com - High
389 67.225.221.173 host.hddpool2.net - High
390 67.225.229.55 - - High
391 67.241.81.253 cpe-67-241-81-253.twcny.res.rr.com - High
392 68.2.97.91 ip68-2-97-91.ph.ph.cox.net - High
393 68.44.137.144 c-68-44-137-144.hsd1.in.comcast.net - High
394 68.66.194.12 68.66.194.12.static.a2webhosting.com - High
395 68.66.248.6 nl1-ls1.a2hosting.com - High
396 68.178.213.203 p3plibsmtp03-v01.prod.phx3.secureserver.net - High
397 68.183.62.61 - - High
398 68.183.91.111 romeo.samplebox.in - High
399 68.183.93.250 - - High
400 68.183.170.114 68.183.170.114-e1-8080-keep-up - High
401 68.183.190.199 68.183.190.199-e1-8080-keep-up - High
402 69.16.218.101 - - High
403 69.16.228.14 kurt.duplika.com - High
404 69.16.254.127 cloudvpsserver.etelligens.in - High
405 69.17.170.58 unallocated-static.rogers.com - High
406 69.43.168.200 ns0.imunplugged.com - High
407 69.43.168.232 - - High
408 69.45.19.251 coastinet.com - High
409 69.61.0.198 alpha01.serverparlor.net - High
410 69.147.92.11 e1.ycpi.vip.dca.yahoo.com - High
411 69.147.92.12 e2.ycpi.vip.dca.yahoo.com - High
412 69.156.240.33 smtp.transportalliance.ca - High
413 69.163.33.82 - - High
414 ... ... ... ...

There are 1652 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1059 CWE-94 Cross Site Scripting High
4 T1059.007 CWE-79 Cross Site Scripting High
5 ... ... ... ...

There are 16 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /addNotifyServlet High
2 File /edituser.php High
3 File /forum/away.php High
4 File /index.php/?p=report High
5 File /index.php?r=site%2Fsignup High
6 File /nav_bar_action.php High
7 File /pages/activity/activity.php High
8 File /pages/permit/permit.php High
9 ... ... ...

There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!