Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-03 08:58:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
eea8d18f5b
cyber_threat_intelligence/actors/Emotet
History
Marc Ruef eea8d18f5b Update
2022-12-09 08:58:15 +01:00
..
README.md Update 2022-12-09 08:58:15 +01:00

README.md

Emotet - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Emotet. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.emotet

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:

There are 8 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Emotet.

ID IP address Hostname Campaign Confidence
1 1.5.141.72 - - High
2 1.21.136.179 - - High
3 1.40.193.129 - - High
4 1.48.7.221 - - High
5 1.48.131.141 - - High
6 1.53.34.223 - - High
7 1.74.7.221 mo1-74-7-221.air.mopera.net - High
8 1.104.7.221 - - High
9 1.120.193.129 cpe-1-120-193-129.4cbp-r-037.cha.qld.bigpond.net.au - High
10 1.125.7.221 - - High
11 1.128.131.141 - - High
12 1.137.72.0 - - High
13 1.139.72.13 - - High
14 1.139.72.14 - - High
15 1.139.72.207 - - High
16 1.142.132.15 - - High
17 1.186.249.82 1.186.249.82.dvois.com - High
18 1.192.235.164 - - High
19 1.220.7.221 - - High
20 1.221.254.82 - - High
21 1.223.7.221 - - High
22 1.226.84.243 - - High
23 1.234.2.232 - - High
24 1.234.21.73 - - High
25 1.234.65.61 - - High
26 1.238.233.0 - - High
27 2.36.95.106 net-2-36-95-106.cust.vodafonedsl.it - High
28 2.38.7.221 net-2-38-7-221.cust.vodafonedsl.it - High
29 2.40.128.139 net-2-40-128-139.cust.vodafonedsl.it - High
30 2.40.129.139 net-2-40-129-139.cust.vodafonedsl.it - High
31 2.45.176.233 net-2-45-176-233.cust.vodafonedsl.it - High
32 2.47.112.152 net-2-47-112-152.cust.vodafonedsl.it - High
33 2.58.16.86 - - High
34 2.58.16.87 - - High
35 2.58.16.88 - - High
36 2.58.16.89 - - High
37 2.80.112.146 bl19-112-146.dsl.telepac.pt - High
38 2.82.75.215 bl21-75-215.dsl.telepac.pt - High
39 2.84.12.98 ppp-2-84-12-98.home.otenet.gr - High
40 2.144.244.204 - - High
41 2.195.172.209 - - High
42 2.206.233.1 dslb-002-206-233-001.002.206.pools.vodafone-ip.de - High
43 2.214.46.14 dynamic-002-214-046-014.2.214.pool.telefonica.de - High
44 2.237.76.249 2-237-76-249.ip237.fastwebnet.it - High
45 3.187.12.235 - - High
46 3.187.14.117 - - High
47 3.253.193.72 ec2-3-253-193-72.eu-west-1.compute.amazonaws.com - Medium
48 4.0.7.187 - - High
49 4.173.7.221 - - High
50 5.2.75.167 coms.a9v34.com.cn - High
51 5.2.84.232 momos.alastyr.com - High
52 5.2.136.90 static-5-2-136-90.rdsnet.ro - High
53 5.2.164.75 mail.curier.ro - High
54 5.2.182.7 static-5-2-182-7.rdsnet.ro - High
55 5.2.198.197 - - High
56 5.2.212.254 static-5-2-212-254.rdsnet.ro - High
57 5.2.246.108 static-5-2-246-108.rdsnet.ro - High
58 5.9.49.12 static.12.49.9.5.clients.your-server.de - High
59 5.9.116.246 static.246.116.9.5.clients.your-server.de - High
60 5.9.128.163 static.163.128.9.5.clients.your-server.de - High
61 5.9.189.24 static.24.189.9.5.clients.your-server.de - High
62 5.12.233.12 5-12-233-12.residential.rdsnet.ro - High
63 5.12.246.155 5-12-246-155.residential.rdsnet.ro - High
64 5.32.55.214 - - High
65 5.35.249.46 rs250366.rs.hosteurope.de - High
66 5.37.191.91 5.37.191.91.dynamic-dsl-ip.omantel.net.om - High
67 5.39.69.166 ns340204.ip-5-39-69.eu - High
68 5.39.84.48 ns3126815.ip-5-39-84.eu - High
69 5.39.91.110 ns3278366.ip-5-39-91.eu - High
70 5.45.77.29 ds01.slirx.com - High
71 5.45.108.146 cosmo.jumpingcrab.com - High
72 5.56.56.146 sites1.tucomunidad.cloud - High
73 5.56.132.177 asiatech.dn-server.com - High
74 5.77.13.70 mx.pirant.tomsk.ru - High
75 5.79.70.250 - - High
76 5.89.33.136 net-5-89-33-136.cust.vodafonedsl.it - High
77 5.101.138.188 uk.mthservers.com - High
78 5.135.159.50 ks3303146.kimsufi.com - High
79 5.141.76.15 - - High
80 5.159.57.195 www-riedle.transfermarkt.de - High
81 5.189.148.98 - - High
82 5.189.160.61 ip-61-160-189-5.static.contabo.net - High
83 5.189.168.53 vmd97080.contaboserver.net - High
84 5.189.178.202 ip-202-178-189-5.static.contabo.net - High
85 5.196.35.138 vps10.open-techno.net - High
86 5.196.73.150 ns3000085.ip-5-196-73.eu - High
87 5.196.74.210 ns3003340.ip-5-196-74.eu - High
88 5.196.108.189 ip189.ip-5-196-108.eu - High
89 5.196.133.206 pixelfed.hosnet.fr - High
90 5.230.193.41 casagarcia-web.sys.netzfabrik.eu - High
91 5.253.30.17 17.30-253-5.rdns.scalabledns.com - High
92 6.62.33.25 - - High
93 6.116.51.249 - - High
94 6.143.56.130 - - High
95 7.4.223.187 - - High
96 7.119.118.126 - - High
97 7.139.72.0 - - High
98 7.187.14.117 - - High
99 7.221.185.208 - - High
100 7.221.185.218 - - High
101 7.228.68.224 - - High
102 7.232.185.208 - - High
103 8.4.9.137 onlinehorizons.net - High
104 8.9.11.48 8.9.11.48.vultrusercontent.com - High
105 8.14.232.207 - - High
106 8.75.57.144 - - High
107 8.116.49.57 - - High
108 8.137.32.70 - - High
109 8.139.72.24 - - High
110 8.139.72.72 - - High
111 8.144.232.83 - - High
112 8.153.103.130 - - High
113 8.184.129.38 - - High
114 8.193.131.72 - - High
115 8.247.6.134 - - High
116 8.248.153.254 - - High
117 8.248.163.254 - - High
118 8.249.219.254 - - High
119 8.249.241.254 - - High
120 8.253.45.214 - - High
121 8.253.131.121 - - High
122 9.5.14.49 - - High
123 9.15.49.96 - - High
124 9.72.10.187 - - High
125 9.116.192.133 - - High
126 9.172.212.216 - - High
127 9.234.94.202 - - High
128 10.120.225.81 - - High
129 11.83.16.118 - - High
130 11.113.10.58 - - High
131 11.116.245.109 - - High
132 11.152.26.27 - - High
133 12.6.148.4 mail.carters.com - High
134 12.6.183.21 - - High
135 12.32.68.154 mail.sealscoinc.com - High
136 12.116.192.133 - - High
137 12.136.199.117 - - High
138 12.149.72.170 - - High
139 12.162.84.2 - - High
140 12.163.144.0 - - High
141 12.163.208.58 - - High
142 12.175.220.98 - - High
143 12.182.146.226 - - High
144 12.184.217.101 - - High
145 12.222.134.10 - - High
146 12.238.114.130 - - High
147 13.24.105.178 - - High
148 13.107.21.200 - - High
149 13.111.29.162 mta.e.fields.ca - High
150 13.116.192.133 85.c0.740d.ip4.static.sl-reverse.com - High
151 13.116.201.133 85.c9.740d.ip4.static.sl-reverse.com - High
152 13.162.80.0 - - High
153 13.226.146.174 server-13-226-146-174.dus51.r.cloudfront.net - High
154 13.232.216.77 ec2-13-232-216-77.ap-south-1.compute.amazonaws.com - Medium
155 14.49.39.215 - - High
156 14.68.51.5 - - High
157 14.116.201.133 - - High
158 14.117.203.5 - - High
159 14.119.51.5 - - High
160 14.119.203.5 - - High
161 14.122.59.5 - - High
162 14.125.102.27 - - High
163 14.133.84.226 14-133-84-226.area5a.commufa.jp - High
164 14.186.17.117 static.vnpt.vn - High
165 14.241.182.160 static.vnpt.vn - High
166 15.0.15.191 - - High
167 15.0.15.205 - - High
168 15.0.15.212 - - High
169 15.0.15.215 - - High
170 15.0.15.216 - - High
171 15.0.15.223 - - High
172 15.0.15.224 - - High
173 15.0.15.225 - - High
174 15.0.29.158 - - High
175 15.0.29.159 - - High
176 15.69.89.200 - - High
177 15.153.114.192 - - High
178 15.192.133.255 - - High
179 15.207.43.21 ec2-15-207-43-21.ap-south-1.compute.amazonaws.com - Medium
180 15.207.211.21 ec2-15-207-211-21.ap-south-1.compute.amazonaws.com - Medium
181 15.210.251.21 - - High
182 15.211.51.21 - - High
183 15.212.227.21 - - High
184 15.213.195.21 - - High
185 15.214.3.21 - - High
186 15.219.19.21 - - High
187 15.221.147.21 - - High
188 15.224.115.21 - - High
189 15.225.71.220 - - High
190 15.234.51.21 - - High
191 15.235.19.21 ip21.ip-15-235-19.net - High
192 15.243.59.238 - - High
193 15.255.133.72 - - High
194 15.255.133.77 - - High
195 16.64.139.72 - - High
196 16.79.107.21 - - High
197 16.91.8.134 - - High
198 17.36.205.74 - - High
199 17.56.136.171 p74-smtp.mail.icloud.com - High
200 17.154.126.30 - - High
201 17.233.0.0 - - High
202 17.234.138.68 - - High
203 18.209.113.128 ec2-18-209-113-128.compute-1.amazonaws.com - Medium
204 18.211.9.206 ec2-18-211-9-206.compute-1.amazonaws.com - Medium
205 18.217.99.164 ec2-18-217-99-164.us-east-2.compute.amazonaws.com - Medium
206 18.251.7.221 - - High
207 20.154.175.97 - - High
208 20.172.189.25 - - High
209 21.0.47.193 - - High
210 21.26.115.5 - - High
211 21.93.136.79 - - High
212 21.116.192.133 - - High
213 21.141.72.0 - - High
214 21.141.72.234 - - High
215 21.251.60.6 - - High
216 21.255.0.0 - - High
217 21.255.0.139 - - High
218 21.255.16.64 - - High
219 21.255.48.64 - - High
220 21.255.64.64 - - High
221 21.255.72.4 - - High
222 21.255.72.168 - - High
223 21.255.88.64 - - High
224 22.60.74.9 - - High
225 22.127.236.147 - - High
226 22.140.21.143 - - High
227 22.210.58.207 - - High
228 22.211.207.175 - - High
229 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
230 23.3.13.146 a23-3-13-146.deploy.static.akamaitechnologies.com - High
231 23.3.13.153 a23-3-13-153.deploy.static.akamaitechnologies.com - High
232 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
233 23.5.231.225 a23-5-231-225.deploy.static.akamaitechnologies.com - High
234 23.6.65.194 a23-6-65-194.deploy.static.akamaitechnologies.com - High
235 23.6.69.99 a23-6-69-99.deploy.static.akamaitechnologies.com - High
236 23.36.85.183 a23-36-85-183.deploy.static.akamaitechnologies.com - High
237 23.41.248.194 a23-41-248-194.deploy.static.akamaitechnologies.com - High
238 23.46.53.71 a23-46-53-71.deploy.static.akamaitechnologies.com - High
239 23.46.150.48 a23-46-150-48.deploy.static.akamaitechnologies.com - High
240 23.46.150.72 a23-46-150-72.deploy.static.akamaitechnologies.com - High
241 23.46.238.193 a23-46-238-193.deploy.static.akamaitechnologies.com - High
242 23.46.238.194 a23-46-238-194.deploy.static.akamaitechnologies.com - High
243 23.46.238.232 a23-46-238-232.deploy.static.akamaitechnologies.com - High
244 23.52.7.20 a23-52-7-20.deploy.static.akamaitechnologies.com - High
245 23.67.200.172 a23-67-200-172.deploy.static.akamaitechnologies.com - High
246 23.67.202.10 a23-67-202-10.deploy.static.akamaitechnologies.com - High
247 23.92.16.164 li640-164.members.linode.com - High
248 23.92.22.225 se1.xicrg.com - High
249 23.95.95.18 23-95-95-18-host.colocrossing.com - High
250 23.111.156.118 23-111-156-118.static.hvvc.us - High
251 23.115.24.218 23-115-24-218.lightspeed.dctril.sbcglobal.net - High
252 23.197.19.180 a23-197-19-180.deploy.static.akamaitechnologies.com - High
253 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
254 23.199.71.185 a23-199-71-185.deploy.static.akamaitechnologies.com - High
255 23.218.127.164 a23-218-127-164.deploy.static.akamaitechnologies.com - High
256 23.218.141.31 a23-218-141-31.deploy.static.akamaitechnologies.com - High
257 23.221.50.122 a23-221-50-122.deploy.static.akamaitechnologies.com - High
258 23.221.72.10 a23-221-72-10.deploy.static.akamaitechnologies.com - High
259 23.221.72.27 a23-221-72-27.deploy.static.akamaitechnologies.com - High
260 23.223.28.11 a23-223-28-11.deploy.static.akamaitechnologies.com - High
261 23.227.38.64 shops.myshopify.com - High
262 23.229.115.217 - - High
263 23.229.190.0 ip-23-229-190-0.ip.secureserver.net - High
264 23.239.0.12 li680-12.members.linode.com - High
265 23.239.2.11 li683-11.members.linode.com - High
266 23.246.204.126 7e.cc.f617.ip4.static.sl-reverse.com - High
267 23.254.203.51 hwsrv-779084.hostwindsdns.com - High
268 24.40.239.62 24-40-239-62.fidnet.com - High
269 24.43.32.186 rrcs-24-43-32-186.west.biz.rr.com - High
270 24.43.99.75 rrcs-24-43-99-75.west.biz.rr.com - High
271 24.69.65.8 - - High
272 24.69.137.72 S0106606c630d63f3.gv.shawcable.net - High
273 24.94.237.248 cpe-24-94-237-248.sw.res.rr.com - High
274 24.101.229.82 dynamic-acs-24-101-229-82.zoominternet.net - High
275 24.105.202.216 24-105-202-216.ip.mhcable.com - High
276 24.116.40.208 24-116-40-208.cpe.sparklight.net - High
277 24.119.116.230 24-119-116-230.cpe.sparklight.net - High
278 24.121.176.48 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net - High
279 24.127.65.63 c-24-127-65-63.hsd1.mi.comcast.net - High
280 24.133.106.23 - - High
281 24.135.69.146 cable-24-135-69-146.dynamic.sbb.rs - High
282 24.137.76.62 host-24-137-76-62.public.eastlink.ca - High
283 24.157.25.203 dynamic.libertypr.net - High
284 24.164.79.147 cpe-24-164-79-147.cinci.res.rr.com - High
285 24.178.90.49 024-178-090-049.res.spectrum.com - High
286 24.179.13.119 024-179-013-119.res.spectrum.com - High
287 24.190.11.79 ool-18be0b4f.dyn.optonline.net - High
288 24.196.49.98 024-196-049-098.biz.spectrum.com - High
289 24.201.79.34 modemcable034.79-201-24.mc.videotron.ca - High
290 24.203.4.40 modemcable040.4-203-24.mc.videotron.ca - High
291 24.217.117.217 024-217-117-217.res.spectrum.com - High
292 24.230.124.78 24-230-124-78-static.midco.net - High
293 24.230.141.169 24-230-141-169-dynamic.midco.net - High
294 24.231.51.190 - - High
295 24.231.88.85 host-24-231-88-85.public.eastlink.ca - High
296 24.232.0.227 smtp.fibertel.com.ar - High
297 24.232.228.233 OL233-228.fibertel.com.ar - High
298 24.234.133.205 wsip-24-234-133-205.lv.lv.cox.net - High
299 24.244.177.40 - - High
300 24.245.65.66 host-24-245-65-66.vyvebroadband.net - High
301 24.249.135.121 wsip-24-249-135-121.ks.ks.cox.net - High
302 25.6.95.114 - - High
303 25.21.141.72 - - High
304 25.185.126.126 - - High
305 26.0.159.228 - - High
306 26.192.126.47 - - High
307 26.224.115.246 - - High
308 27.7.14.122 - - High
309 27.50.89.209 27-50-89-209.as45671.net - High
310 27.54.89.58 vm-1m-r44.ipv4.per01.ds.network - High
311 27.73.70.219 localhost - High
312 27.78.27.110 localhost - High
313 27.82.5.141 KD027082005141.ppp-bb.dion.ne.jp - High
314 27.82.13.10 KD027082013010.ppp-bb.dion.ne.jp - High
315 27.109.24.214 - - High
316 27.114.9.93 i27-114-9-93.s41.a011.ap.plala.or.jp - High
317 27.254.81.87 cloud-linux09.thaidata.net - High
318 27.254.174.84 - - High
319 28.226.51.136 - - High
320 29.4.44.70 - - High
321 29.25.67.13 - - High
322 29.147.57.19 - - High
323 29.153.99.21 - - High
324 30.72.85.222 - - High
325 30.99.177.63 - - High
326 30.139.135.130 - - High
327 30.213.130.98 - - High
328 31.3.135.232 mirror.tillo.ch - High
329 31.15.0.15 - - High
330 31.22.4.160 sv.comparelight.com - High
331 31.24.158.56 bm.servidoresdedicados.com - High
332 31.27.59.105 net-31-27-59-105.cust.vodafonedsl.it - High
333 31.31.77.83 - - High
334 31.167.248.50 - - High
335 31.172.86.183 - - High
336 31.172.240.91 - - High
337 31.198.118.56 host-31-198-118-56.business.telecomitalia.it - High
338 31.207.89.74 - - High
339 32.7.221.185 - - High
340 32.36.68.137 - - High
341 32.153.19.64 - - High
342 32.196.131.72 - - High
343 32.236.131.72 - - High
344 33.88.48.79 - - High
345 33.92.35.218 - - High
346 34.80.191.247 247.191.80.34.bc.googleusercontent.com - Medium
347 34.113.42.231 - - High
348 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
349 34.192.19.33 ec2-34-192-19-33.compute-1.amazonaws.com - Medium
350 34.213.169.60 ec2-34-213-169-60.us-west-2.compute.amazonaws.com - Medium
351 34.242.208.206 ec2-34-242-208-206.eu-west-1.compute.amazonaws.com - Medium
352 34.252.175.201 ec2-34-252-175-201.eu-west-1.compute.amazonaws.com - Medium
353 35.104.141.214 - - High
354 35.143.99.174 035-143-099-174.biz.spectrum.com - High
355 35.184.245.68 68.245.184.35.bc.googleusercontent.com - Medium
356 35.190.87.116 116.87.190.35.bc.googleusercontent.com - Medium
357 35.203.98.50 50.98.203.35.bc.googleusercontent.com - Medium
358 35.213.151.141 141.151.213.35.bc.googleusercontent.com - Medium
359 35.214.151.75 75.151.214.35.bc.googleusercontent.com - Medium
360 36.4.139.73 - - High
361 36.67.23.59 - - High
362 36.68.137.72 - - High
363 36.76.137.72 - - High
364 36.84.141.72 - - High
365 36.88.153.213 - - High
366 36.91.44.183 - - High
367 36.92.137.72 - - High
368 36.92.139.72 - - High
369 36.233.8.67 36-233-8-67.dynamic-ip.hinet.net - High
370 36.233.209.145 36-233-209-145.dynamic-ip.hinet.net - High
371 37.9.175.14 14.175.9.37.in-addr.arpa.websupport.sk - High
372 37.12.54.30 30.red-37-12-54.dynamicip.rima-tde.net - High
373 37.44.244.177 - - High
374 37.46.129.215 we-too.ru - High
375 37.59.209.141 - - High
376 37.70.131.107 107.131.70.37.rev.sfr.net - High
377 37.81.186.251 - - High
378 37.85.5.208 - - High
379 37.97.135.82 37-97-135-82.colo.transip.net - High
380 37.120.175.15 v220220112692175454.nicesrv.de - High
381 37.139.21.175 37.139.21.175-e2-8080-keep-up - High
382 37.179.145.105 net-37-179-145-105.cust.vodafonedsl.it - High
383 37.179.204.33 - - High
384 37.183.81.217 - - High
385 37.187.4.178 ks2.kku.io - High
386 37.187.5.82 ks3370412.kimsufi.com - High
387 37.187.56.166 - - High
388 37.187.57.57 ns3357940.ovh.net - High
389 37.187.72.193 ns3362285.ip-37-187-72.eu - High
390 37.187.100.220 ns3045097.ip-37-187-100.eu - High
391 37.187.114.15 ns328458.ip-37-187-114.eu - High
392 37.187.115.122 ns328855.ip-37-187-115.eu - High
393 37.187.161.206 toolbox.alabs.io - High
394 37.205.9.252 s1.ithelp24.eu - High
395 37.208.106.146 mail.joerrens.com - High
396 37.220.6.126 mac-qq.space - High
397 37.221.70.250 b2b-customer.inftele.net - High
398 37.228.137.204 wiki.lmap.ir - High
399 37.232.216.112 static-37-232-216-112.netbynet.ru - High
400 37.247.101.241 server241.turkwebdizayn.com - High
401 38.18.235.242 38-235-242.wifrs.pars.tx.3dsn.net - High
402 38.30.163.236 - - High
403 38.69.157.53 38-69-157-53.cust.metroloop.net - High
404 38.85.40.247 - - High
405 38.88.126.202 h38-88-126-202.ip4.unmetered.zone - High
406 38.111.46.46 cbegypt.use-trade.com - High
407 39.195.42.35 - - High
408 40.65.198.17 - - High
409 40.77.139.72 - - High
410 40.97.124.18 - - High
411 40.131.141.72 h72.141.131.40.dynamic.ip.windstream.net - High
412 40.251.54.87 - - High
413 41.21.255.16 vc-vb-41-21-255-16.ens.vodacom.co.za - High
414 41.40.125.237 host-41.40.125.237.tedata.net - High
415 41.45.222.121 host-41.45.222.121.tedata.net - High
416 41.60.200.34 41.60.200.34.liquidtelecom.net - High
417 41.73.252.195 - - High
418 41.76.108.46 - - High
419 41.76.213.144 diamondelement.dedicated.co.za - High
420 41.150.87.93 8ta-150-87-93.telkomadsl.co.za - High
421 41.169.20.147 - - High
422 41.169.36.237 - - High
423 41.185.28.84 brf01-nix01.wadns.net - High
424 41.185.29.128 abp79-nix01.wadns.net - High
425 41.190.32.8 smtp11.utande.co.zw - High
426 41.203.62.170 - - High
427 41.204.202.41 www41.cpt2.host-h.net - High
428 41.212.89.128 - - High
429 41.231.225.139 - - High
430 41.233.0.0 - - High
431 42.58.177.189 - - High
432 42.62.40.103 - - High
433 42.112.214.48 - - High
434 42.200.96.63 42-200-96-63.static.imsbiz.com - High
435 42.200.107.142 42-200-107-142.static.imsbiz.com - High
436 43.36.55.179 - - High
437 43.72.219.51 - - High
438 43.119.87.160 - - High
439 43.129.209.178 - - High
440 43.207.140.129 ec2-43-207-140-129.ap-northeast-1.compute.amazonaws.com - Medium
441 43.229.62.186 rocket-cheese.bnr.la - High
442 44.96.104.36 - - High
443 44.117.178.22 - - High
444 44.153.110.120 - - High
445 44.163.215.176 - - High
446 45.7.221.185 45-7-221-185.i9fibra.net.br - High
447 45.16.226.117 45-16-226-117.lightspeed.sndgca.sbcglobal.net - High
448 45.32.114.141 45.32.114.141.vultrusercontent.com - High
449 45.33.35.74 45-33-35-74.ip.linodeusercontent.com - High
450 45.33.35.103 li985-103.members.linode.com - High
451 45.33.49.124 45-33-49-124.ip.linodeusercontent.com - High
452 45.33.54.74 li1004-74.members.linode.com - High
453 45.33.77.42 li1023-42.members.linode.com - High
454 45.36.193.58 gen-045-036-193-58.res.spectrum.com - High
455 45.46.37.97 cpe-45-46-37-97.maine.res.rr.com - High
456 45.55.36.51 - - High
457 45.55.65.123 - - High
458 45.55.82.2 - - High
459 45.55.134.126 - - High
460 45.55.179.121 - - High
461 45.55.191.130 - - High
462 45.55.219.163 - - High
463 45.56.88.91 45-56-88-91.ip.linodeusercontent.com - High
464 45.56.127.75 li945-75.members.linode.com - High
465 45.59.204.133 rrcs-45-59-204-133.west.biz.rr.com - High
466 45.63.99.23 unifi.wl88.pt - High
467 45.71.195.104 - - High
468 45.76.1.145 45.76.1.145.vultrusercontent.com - High
469 45.76.159.214 45.76.159.214.vultrusercontent.com - High
470 45.76.176.10 45.76.176.10.vultrusercontent.com - High
471 45.76.181.158 45.76.181.158.vultrusercontent.com - High
472 45.77.154.161 45.77.154.161.vultrusercontent.com - High
473 45.79.80.198 45-79-80-198.ip.linodeusercontent.com - High
474 45.79.95.107 li1194-107.members.linode.com - High
475 45.79.173.200 45-79-173-200.ip.linodeusercontent.com - High
476 45.79.188.67 li1287-67.members.linode.com - High
477 45.80.148.200 - - High
478 45.114.167.125 - - High
479 45.117.10.70 - - High
480 45.118.115.99 - - High
481 45.118.135.203 45-118-135-203.ip.linodeusercontent.com - High
482 45.118.136.92 - - High
483 45.119.83.237 - - High
484 45.138.98.34 xtream - High
485 45.142.114.231 mail.dounutmail.de - High
486 45.142.213.135 vm564361.stark-industries.solutions - High
487 45.150.67.141 trong93.com - High
488 45.161.242.102 45-161-242-102.megalink.com.br - High
489 45.176.232.124 - - High
490 45.176.232.125 - - High
491 45.177.120.37 45-177-120-37.netlimit.net.br - High
492 45.184.36.10 - - High
493 45.184.103.73 - - High
494 45.186.16.18 45-186-16-18.winnet.com.br - High
495 45.226.53.34 - - High
496 45.230.45.171 - - High
497 45.235.8.30 - - High
498 45.239.204.100 - - High
499 45.252.251.10 - - High
500 46.4.100.178 support.wizard-shopservice.de - High
501 46.4.192.185 static.185.192.4.46.clients.your-server.de - High
502 46.21.105.59 46-21-105-59-static.glesys.net - High
503 46.28.111.142 enkindu.jsuchy.net - High
504 46.29.183.211 46.29.183.211.mixvoip.solutions - High
505 46.30.213.132 - - High
506 46.32.229.152 094882.vps-10.com - High
507 46.32.233.226 yetitoolusa.com - High
508 46.38.238.8 v2202109122001163131.happysrv.de - High
509 46.40.239.180 static.isp.ooredoo.om - High
510 46.41.130.218 - - High
511 46.41.134.46 panel.gotoweb.pl - High
512 46.41.151.103 mul.wkl.pl - High
513 46.43.2.95 chris.default.cjenkinson.uk0.bigv.io - High
514 46.49.124.53 - - High
515 46.55.222.11 - - High
516 46.101.58.37 46.101.58.37-e1-8080 - High
517 46.101.98.60 - - High
518 46.105.81.76 myu0.cylipo.sbs - High
519 46.105.114.137 ns3188253.ip-46-105-114.eu - High
520 46.105.131.68 http.adven.fr - High
521 46.105.131.69 epouventaille.adven.fr - High
522 46.105.131.79 relay.adven.fr - High
523 46.105.131.87 pop.adven.fr - High
524 46.105.236.18 - - High
525 46.163.144.228 - - High
526 46.165.212.76 - - High
527 46.165.254.206 - - High
528 46.214.107.142 46-214-107-142.next-gen.ro - High
529 47.6.15.79 047-006-015-079.res.spectrum.com - High
530 47.26.155.17 047-026-155-017.res.spectrum.com - High
531 47.36.140.164 047-036-140-164.res.spectrum.com - High
532 47.52.19.221 - - High
533 47.52.121.173 - - High
534 47.110.149.223 - - High
535 47.120.187.145 - - High
536 47.144.21.12 47-144-21-12.lsan.ca.frontiernet.net - High
537 47.144.21.37 47-144-21-37.lsan.ca.frontiernet.net - High
538 47.146.32.175 - - High
539 47.146.39.147 - - High
540 47.146.117.214 - - High
541 47.150.11.161 - - High
542 47.153.182.47 - - High
543 47.153.183.211 - - High
544 47.154.85.229 - - High
545 47.155.214.239 - - High
546 47.156.70.145 - - High
547 47.162.220.239 - - High
548 47.188.131.94 - - High
549 47.201.208.154 - - High
550 47.246.24.225 - - High
551 47.246.24.226 - - High
552 47.246.24.230 - - High
553 47.246.24.232 - - High
554 48.69.141.72 - - High
555 48.77.139.11 - - High
556 48.105.139.72 - - High
557 48.141.61.19 - - High
558 48.158.232.207 - - High
559 48.196.131.72 - - High
560 48.252.179.81 - - High
561 49.3.224.99 - - High
562 49.12.121.47 filezilla-project.org - High
563 49.21.141.72 - - High
564 49.21.255.72 - - High
565 49.41.163.200 - - High
566 49.50.209.131 131.host-49-50-209.euba.megatel.co.nz - High
567 49.190.180.66 n49-190-180-66.meb2.vic.optusnet.com.au - High
568 49.205.182.134 49.205.182.134.actcorp.in - High
569 49.212.135.76 os3-321-50322.vs.sakura.ne.jp - High
570 49.212.155.94 os3-325-52340.vs.sakura.ne.jp - High
571 49.243.9.118 118.9.243.49.ap.yournet.ne.jp - High
572 50.3.233.192 - - High
573 50.22.35.194 c2.23.1632.ip4.static.sl-reverse.com - High
574 50.23.248.182 b6.f8.1732.ip4.static.sl-reverse.com - High
575 50.28.51.143 - - High
576 50.30.40.196 usve255301.serverprofi24.com - High
577 50.31.146.101 mail.brillinjurylaw.com - High
578 50.31.174.165 priva28.privatednsorg.com - High
579 50.35.17.13 - - High
580 50.56.135.44 - - High
581 50.62.176.42 p3plcpnl0515.prod.phx3.secureserver.net - High
582 50.62.176.244 p3plcpnl0728.prod.phx3.secureserver.net - High
583 50.62.194.30 ip-50-62-194-30.ip.secureserver.net - High
584 50.63.8.21 ip-50-63-8-21.ip.secureserver.net - High
585 50.78.167.65 millcreek.cc - High
586 50.87.59.65 50-87-59-65.unifiedlayer.com - High
587 50.87.144.137 gator3103.hostgator.com - High
588 50.87.144.197 gator3161.hostgator.com - High
589 50.87.150.177 50-87-150-177.unifiedlayer.com - High
590 50.91.114.38 050-091-114-038.res.spectrum.com - High
591 50.92.101.60 d50-92-101-60.bchsia.telus.net - High
592 50.111.161.4 - - High
593 50.116.54.215 li440-215.members.linode.com - High
594 50.116.78.109 intersearchmedia.com - High
595 50.116.86.205 template3.domain.com - High
596 50.116.111.59 its.itsagigdeal.com - High
597 50.121.220.50 static-50-121-220-50.clbg.wv.frontiernet.net - High
598 50.132.143.230 - - High
599 50.245.107.73 50-245-107-73-static.hfc.comcastbusiness.net - High
600 51.0.15.211 - - High
601 51.15.4.22 51-15-4-22.rev.poneytelecom.eu - High
602 51.15.7.145 51-15-7-145.rev.poneytelecom.eu - High
603 51.15.7.189 51-15-7-189.rev.poneytelecom.eu - High
604 51.15.8.192 51-15-8-192.rev.poneytelecom.eu - High
605 51.22.116.0 - - High
606 51.38.50.144 vs128.evxonline.net - High
607 51.38.71.0 0.ip-51-38-71.eu - High
608 51.38.124.206 206.ip-51-38-124.eu - High
609 51.38.134.203 203.ip-51-38-134.eu - High
610 51.38.201.19 ip19.ip-51-38-201.eu - High
611 51.56.119.75 - - High
612 51.57.233.158 - - High
613 51.68.141.164 164.ip-51-68-141.eu - High
614 51.68.175.8 vps-9dba3732.vps.ovh.net - High
615 51.68.220.244 vps-7a400d57.vps.ovh.net - High
616 51.69.0.20 - - High
617 51.69.3.235 - - High
618 51.69.246.51 - - High
619 51.75.33.120 ip120.ip-51-75-33.eu - High
620 51.75.33.122 ip122.ip-51-75-33.eu - High
621 51.75.33.127 ip127.ip-51-75-33.eu - High
622 51.77.82.125 ip125.51-77-82.iproute.de - High
623 51.77.113.100 titan40.fastworldwideweb.com - High
624 51.79.205.117 vps-c0828464.vps.ovh.ca - High
625 51.89.36.180 ip180.ip-51-89-36.eu - High
626 51.89.199.141 ip141.ip-51-89-199.eu - High
627 51.91.7.5 ns3147667.ip-51-91-7.eu - High
628 51.91.76.89 89.ip-51-91-76.eu - High
629 51.91.142.158 ayome.eu - High
630 51.159.23.217 jambold.co.uk - High
631 51.159.35.157 51-159-35-157.rev.poneytelecom.eu - High
632 51.161.73.194 ip194.ip-51-161-73.net - High
633 51.178.186.134 ip134.ip-51-178-186.eu - High
634 51.210.176.76 vps-3a6c6346.vps.ovh.net - High
635 51.210.242.234 vps-36767060.vps.ovh.net - High
636 51.254.137.156 mail.unolan.net - High
637 51.254.140.238 238.ip-51-254-140.eu - High
638 51.255.50.164 vps-b6cfe010.vps.ovh.net - High
639 51.255.165.160 160.ip-51-255-165.eu - High
640 52.18.235.51 ec2-52-18-235-51.eu-west-1.compute.amazonaws.com - Medium
641 52.31.99.185 ec2-52-31-99-185.eu-west-1.compute.amazonaws.com - Medium
642 52.66.202.63 ec2-52-66-202-63.ap-south-1.compute.amazonaws.com - Medium
643 52.78.120.74 ec2-52-78-120-74.ap-northeast-2.compute.amazonaws.com - Medium
644 52.94.153.104 - - High
645 52.96.38.82 - - High
646 52.96.40.242 - - High
647 52.96.62.226 - - High
648 53.157.168.143 - - High
649 53.166.236.6 - - High
650 54.36.98.59 59.ip-54-36-98.eu - High
651 54.36.185.60 ip60.ip-54-36-185.eu - High
652 54.37.42.48 - - High
653 54.37.70.105 105.ip-54-37-70.eu - High
654 54.37.106.167 ip167.ip-54-37-106.eu - High
655 54.37.228.122 122.ip-54-37-228.eu - High
656 54.37.237.253 ip253.ip-54-37-237.eu - High
657 54.38.94.197 ns3140984.ip-54-38-94.eu - High
658 54.38.143.245 tools.inovato.me - High
659 54.38.143.246 ip246.ip-54-38-143.eu - High
660 54.38.242.185 vps-f3507bbf.vps.ovh.net - High
661 54.57.97.235 - - High
662 54.88.144.211 va-smtp01.263.net - High
663 54.102.103.237 - - High
664 54.180.252.38 ec2-54-180-252-38.ap-northeast-2.compute.amazonaws.com - Medium
665 54.183.177.28 ec2-54-183-177-28.us-west-1.compute.amazonaws.com - Medium
666 55.22.40.204 - - High
667 55.128.90.30 - - High
668 55.136.121.162 - - High
669 55.219.59.212 - - High
670 55.239.116.223 - - High
671 56.36.53.6 - - High
672 56.64.139.72 - - High
673 56.98.83.112 - - High
674 56.98.83.136 - - High
675 56.147.146.123 - - High
676 56.149.97.192 - - High
677 56.196.131.72 - - High
678 56.222.186.198 - - High
679 57.48.18.72 - - High
680 57.72.208.235 - - High
681 57.82.67.9 - - High
682 57.88.97.175 - - High
683 58.1.242.115 fntoska030019.oska.fnt.ftth4.ppp.ocn.ne.jp - High
684 58.7.221.185 58-7-221-185.dyn.iinet.net.au - High
685 58.27.215.3 58-27-215-3.wateen.net - High
686 58.94.58.13 i58-94-58-13.s41.a014.ap.plala.or.jp - High
687 58.96.74.42 42.74.96.58.static.exetel.com.au - High
688 58.105.146.189 d58-105-146-189.dsl.nsw.optusnet.com.au - High
689 58.140.44.23 - - High
690 58.167.223.125 - - High
691 58.171.38.26 - - High
692 58.174.185.169 cpe-58-174-185-169.sb03.sa.asp.telstra.net - High
693 58.216.16.130 - - High
694 58.227.42.236 - - High
695 58.234.12.220 - - High
696 58.246.232.213 - - High
697 58.253.207.222 - - High
698 59.21.235.119 - - High
699 59.51.188.224 - - High
700 59.103.164.174 - - High
701 59.110.18.236 - - High
702 59.120.5.154 59-120-5-154.hinet-ip.hinet.net - High
703 59.124.1.19 59-124-1-19.hinet-ip.hinet.net - High
704 59.125.219.109 59-125-219-109.hinet-ip.hinet.net - High
705 59.148.253.194 059148253194.ctinets.com - High
706 59.152.93.46 46.93.152.59.zipnetltd.com - High
707 60.36.166.212 imail.mail.plala.or.jp - High
708 60.93.23.51 softbank060093023051.bbtec.net - High
709 60.108.128.186 softbank060108128186.bbtec.net - High
710 60.108.144.104 softbank060108144104.bbtec.net - High
711 60.125.114.64 softbank060125114064.bbtec.net - High
712 60.142.249.243 softbank060142249243.bbtec.net - High
713 60.231.217.199 - - High
714 60.249.78.226 60-249-78-226.hinet-ip.hinet.net - High
715 60.250.78.22 60-250-78-22.hinet-ip.hinet.net - High
716 61.7.231.226 - - High
717 61.7.231.229 - - High
718 61.19.246.238 - - High
719 61.22.170.50 61-22-170-50.rev.home.ne.jp - High
720 61.33.119.226 - - High
721 61.76.222.210 - - High
722 61.81.63.123 - - High
723 61.92.17.12 061092017012.ctinets.com - High
724 61.92.159.208 061092159208.ctinets.com - High
725 61.118.67.173 p7764173-ipngn36801marunouchi.tokyo.ocn.ne.jp - High
726 61.187.202.247 - - High
727 61.197.37.169 pl937.ag1001.nttpc.ne.jp - High
728 61.197.92.216 pl2008.ag1313.nttpc.ne.jp - High
729 62.28.40.155 exchange.ptasp.com - High
730 62.30.7.67 67.7-30-62.static.virginmediabusiness.co.uk - High
731 62.57.134.186 62.57.134.186.dyn.user.ono.com - High
732 62.75.141.82 static-ip-62-75-141-82.inaddr.ip-pool.com - High
733 62.75.143.100 euve269813.serverprofi24.de - High
734 62.75.160.178 euve272115.serverprofi24.net - High
735 62.75.187.192 static-ip-62-75-187-192.inaddr.ip-pool.com - High
736 62.84.75.50 mail.saadegrp.com.lb - High
737 62.89.62.139 - - High
738 62.108.54.22 the-dark.de - High
739 62.116.128.9 - - High
740 62.138.26.28 vds4017x2.startdedicated.de - High
741 62.141.45.103 vps2009743.fastwebserver.de - High
742 62.149.128.42 imaps.aruba.it - High
743 62.149.128.72 mxd4.aruba.it - High
744 62.149.128.179 pop3s.aruba.it - High
745 62.149.128.200 smtp1.aruba.it - High
746 62.149.128.210 smtpa1.aruba.it - High
747 62.149.152.151 - - High
748 62.149.152.152 - - High
749 62.149.157.55 - - High
750 62.171.142.179 vmi499457.contaboserver.net - High
751 62.171.178.147 vmi365451.contaboserver.net - High
752 62.204.41.133 - - High
753 62.210.127.136 62-210-127-136.rev.poneytelecom.eu - High
754 62.212.34.102 - - High
755 62.234.99.30 - - High
756 63.141.228.141 mxrotation8.rotationmarketingssl.com.br - High
757 63.142.253.122 - - High
758 64.4.184.65 - - High
759 64.4.244.68 - - High
760 64.26.60.221 pop5.csee.onr.siteprotect.com - High
761 64.36.92.139 node-40245c8b.bos.onnet.us.uu.net - High
762 64.41.126.110 securesmtp.csee.siteprotect.com - High
763 64.59.136.142 mail.shaw.ca - High
764 64.60.82.82 64-60-82-82.static-ip.telepacific.net - High
765 64.71.36.11 - - High
766 64.85.73.16 - - High
767 64.88.202.250 - - High
768 64.90.62.162 pop.dreamhost.com - High
769 64.91.228.45 - - High
770 64.98.36.5 mail.b.hostedemail.com - High
771 64.98.36.173 mail.lawyers-mail.com - High
772 64.115.126.169 host169.sivikhealthcare.com - High
773 64.138.139.72 - - High
774 64.139.72.1 64-139-72-1-Chattanooga.hfc.comcastbusiness.net - High
775 64.139.72.168 64-139-72-168-Chattanooga.hfc.comcastbusiness.net - High
776 64.139.72.203 64-139-72-203-Chattanooga.hfc.comcastbusiness.net - High
777 64.139.72.205 64-139-72-205-Chattanooga.hfc.comcastbusiness.net - High
778 64.139.72.206 64-139-72-206-Chattanooga.hfc.comcastbusiness.net - High
779 64.139.72.207 64-139-72-207-Chattanooga.hfc.comcastbusiness.net - High
780 64.183.73.122 rrcs-64-183-73-122.west.biz.rr.com - High
781 64.190.63.136 - - High
782 64.191.131.72 64-191-131-72.xdsl.qx.net - High
783 64.201.88.132 - - High
784 64.207.182.168 - - High
785 64.227.55.231 - - High
786 64.227.100.222 - - High
787 64.250.117.68 smtp.movistarcloud.com.ve - High
788 ... ... ... ...

There are 3146 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22 Pathname Traversal High
2 T1040 CWE-294, CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80, CWE-85 Cross Site Scripting High
6 ... ... ... ...

There are 19 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Emotet. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /.ssh/authorized_keys High
2 File /admin/fst_upload.inc.php High
3 File /admin/submit-articles High
4 File /api/audits Medium
5 File /authUserAction!edit.action High
6 File /balance/service/list High
7 File /bsms_ci/index.php High
8 File /bsms_ci/index.php/user/edit_user/ High
9 File /carbon/ndatasource/validateconnection/ajaxprocessor.jsp High
10 File /cgi-bin/webproc High
11 File /cgi-bin/wlogin.cgi High
12 File /Content/Template/root/reverse-shell.aspx High
13 File /employeeview.php High
14 File /face-recognition-php/facepay-master/camera.php High
15 File /forum/away.php High
16 File /gpac/src/bifs/unquantize.c High
17 File /hrm/controller/employee.php High
18 File /index.php?route=extension/module/so_filter_shop_by/filter_data High
19 File /leave_system/admin/?page=maintenance/department High
20 File /login Low
21 File /modules/caddyhttp/rewrite/rewrite.go High
22 File /product/savenewproduct.php?flag=1 High
23 File /proxy Low
24 File /scenegraph/svg_attributes.c High
25 File /self.key Medium
26 File /signup_script.php High
27 File /spip.php Medium
28 File /system/sshkeys.js High
29 ... ... ...

There are 247 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!