THE MALWARE-AS-A-SERVICE EMOTET
Common Information
| Type | Value |
|---|---|
| UUID | dd2161b5-a4d0-4cac-8d4a-f0d327442efc |
| Fingerprint | e0056918caeaadeaaeb38553a866823b1eae7955cde384b7b65ed93fea489c3e |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 23, 2021, 5:33 p.m. |
| Added to db | April 14, 2024, 9:17 a.m. |
| Last updated | Aug. 31, 2024, 9:16 a.m. |
| Headline | THE MALWARE-AS-A-SERVICE EMOTET |
| Title | THE MALWARE-AS-A-SERVICE EMOTET |
| Detected Hints/Tags/Attributes | 174/3/94 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-003.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | paster.cryptolaemus.com |
|
| Details | Domain | 9 | feodotracker.abuse.ch |
|
| Details | Domain | 2 | www.us |
|
| Details | Domain | 13 | secureworks.com |
|
| Details | Domain | 3 | www.institut-pandore.com |
|
| Details | Domain | 4 | assiste.com |
|
| Details | Domain | 88 | securityintelligence.com |
|
| Details | Domain | 60 | documents.trendmicro.com |
|
| Details | Domain | 4 | blogs.security.com |
|
| Details | Domain | 41 | www.cisecurity.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 96 | malpedia.caad.fkie.fraunhofer.de |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | Domain | 98 | www.secureworks.com |
|
| Details | Domain | 37 | cofense.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 21 | cyware.com |
|
| Details | Domain | 11 | blog.f-secure.com |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 14 | shadowserver.org |
|
| Details | Domain | 145 | threatpost.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 70 | nakedsecurity.sophos.com |
|
| Details | Domain | 20 | research.nccgroup.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 3 | blog.intel471.com |
|
| Details | Domain | 5 | hotforsecurity.bitdefender.com |
|
| Details | Domain | 11 | www.hornetsecurity.com |
|
| Details | Domain | 35 | resources.infosecinstitute.com |
|
| Details | Domain | 71 | success.trendmicro.com |
|
| Details | Domain | 177 | blog.trendmicro.com |
|
| Details | Domain | 3 | kroll.com |
|
| Details | Domain | 3 | zvelo.com |
|
| Details | Domain | 88 | malware-traffic-analysis.net |
|
| Details | Domain | 47 | www.malware-traffic-analysis.net |
|
| Details | Domain | 42 | socprime.com |
|
| Details | Domain | 65 | www.cert.ssi.gouv.fr |
|
| Details | Domain | 14 | ssi.gouv.fr |
|
| Details | 10 | cert-fr.cossi@ssi.gouv.fr |
||
| Details | File | 3 | botnet_dridex.html |
|
| Details | File | 4 | exploringemotetsactivities_final.pdf |
|
| Details | File | 2 | emotet-returns-starts-spreading-via-spam-botnet.html |
|
| Details | File | 2 | wastedlocker-emerges.html |
|
| Details | File | 18 | diary.html |
|
| Details | File | 2 | corrupts-encrypted-files-23295.html |
|
| Details | File | 36 | resources.inf |
|
| Details | File | 816 | index.html |
|
| Details | File | 1 | managed-detection-and-response.html |
|
| Details | File | 141 | www.cer |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1189 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | Url | 1 | https://paster.cryptolaemus.com |
|
| Details | Url | 2 | https://feodotracker.abuse.ch/browse |
|
| Details | Url | 2 | https://www.us |
|
| Details | Url | 3 | https://assiste.com/botnet_dridex.html |
|
| Details | Url | 1 | https://securityintelligence.com/new- |
|
| Details | Url | 2 | https://documents.trendmicro.com/assets |
|
| Details | Url | 13 | https://www.cisecurity.org |
|
| Details | Url | 2 | https://securelist.com/the- |
|
| Details | Url | 2 | https://malpedia.caad.fkie.fraunhofer.de/actor/mummy_spider. |
|
| Details | Url | 2 | https://research.checkpoint |
|
| Details | Url | 25 | https://www.trendmicro |
|
| Details | Url | 2 | https://www.secureworks.com/research |
|
| Details | Url | 1 | https://cofense.com |
|
| Details | Url | 4 | https://www.bleepingcomputer.com/news/security/emotet- |
|
| Details | Url | 3 | https://cyware.com/news |
|
| Details | Url | 2 | https://securityintelligence.com/posts/emotet-activity-rises-as-it-uses-coronavirus- |
|
| Details | Url | 1 | https://securityintelligence.com/posts/sextortion-scams-delivered-by- |
|
| Details | Url | 2 | https://securityintelligence.com/posts/emotet-smishing-uses- |
|
| Details | Url | 1 | https://blog.f-secure.com/hunting-for-emotet/. |
|
| Details | Url | 2 | https://www.zdnet.com/article/a-vigilante-is-sabotaging-the-emotet-botnet-by-replacing- |
|
| Details | Url | 1 | https://threatpost.com/as- |
|
| Details | Url | 3 | https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker- |
|
| Details | Url | 2 | https://nakedsecurity.sophos.com/2017/08/10/watch- |
|
| Details | Url | 6 | https://blog.malwarebytes |
|
| Details | Url | 2 | http://blog.talosintelligence |
|
| Details | Url | 2 | https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed- |
|
| Details | Url | 4 | https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/. |
|
| Details | Url | 3 | https://isc.sans |
|
| Details | Url | 3 | https://twitter.com/gossithedog/status/1298486442159677440. |
|
| Details | Url | 2 | https://hotforsecurity.bitdefender.com/blog/fbi-warns-that-prolock-ransomware-decryptor- |
|
| Details | Url | 2 | https://cyware.com/news/ta542- |
|
| Details | Url | 2 | https://www.darkreading |
|
| Details | Url | 2 | https://twitter.com/cryptolaemus1/status/1306850671531044865. |
|
| Details | Url | 2 | https://twitter.com/peterkruse/status/1307914831522131969. |
|
| Details | Url | 4 | https://www.proofpoint |
|
| Details | Url | 2 | https://www.zdnet.com/article/panda-trojan-becomes-part-of-emotet-threat-distribution- |
|
| Details | Url | 1 | https://success.trendmicro.com/solution/000146108- |
|
| Details | Url | 1 | https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and- |
|
| Details | Url | 1 | https://zvelo.com/wordpress-sites- |
|
| Details | Url | 2 | https://www.malware-traffic-analysis.net/2019/01/14/index.html |
|
| Details | Url | 5 | https://www.proofpoint.com/us/threat- |