ioc[.]one - OSINT Cyber Threat Intelligence Database

Exploring Emotet’s Activities

Show in Graph

Common Information

Type	Value
UUID	eb4f8620-7b20-4ecc-b863-8090c9597b74
Fingerprint	3e04042a37c1ae28ec6f24817e70a0343f4ab3f4d8f3739186310e0b4c724608
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 28, 2019, 11:11 a.m.
Added to db	March 10, 2024, 12:24 a.m.
Last updated	Aug. 30, 2024, 10:35 p.m.
Headline	Exploring Emotet’s Activities
Title	Exploring Emotet’s Activities
Detected Hints/Tags/Attributes	179/4/100

Source URLs

	Redirection	Url
Details	Source	https://documents.trendmicro.com/assets/white_papers/ExploringEmotetsActivities_Final.pdf

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	documents.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	245	shutterstock.com
Details	Domain	1	websitedesigngarden.com
Details	Domain	1	emicontrol.com
Details	Domain	1	grupoembatec.com
Details	Domain	1	stevebrown.nl
Details	Domain	1	3music.net
Details	Domain	1	acb-blog.com
Details	Domain	1	aesbusiness.ru
Details	Domain	1	d792jssk19usnskdxnsw.com
Details	Domain	2	arad-net.ir
Details	Domain	2	arendaufa02.ru
Details	Domain	2	cestenelles.jakobson.fr
Details	Domain	2	checkout.spyversity.com
Details	Domain	2	challengerballtournament.com
Details	Domain	2	www.us
Details	Domain	177	blog.trendmicro.com
Details	Domain	216	www.symantec.com
Details	Domain	145	www.us-cert.gov
Details	Domain	622	en.wikipedia.org
Details	Domain	81	blog.malwarebytes.com
Details	Domain	87	app.any.run
Details	Domain	281	docs.microsoft.com
Details	Domain	27	developers.google.com
Details	Domain	141	research.checkpoint.com
Details	Domain	29	www.nirsoft.net
Details	Domain	184	www.fireeye.com
Details	Domain	403	securelist.com
Details	Domain	9	feodotracker.abuse.ch
Details	Domain	145	threatpost.com
Details	Domain	47	www.malware-traffic-analysis.net
Details	Domain	18	exchange.xforce.ibmcloud.com
Details	Domain	14	www.flashpoint-intel.com
Details	Domain	10	www.fidelissecurity.com
Details	Domain	222	www.blackhat.com
Details	Domain	370	www.proofpoint.com
Details	Domain	262	www.welivesecurity.com
Details	Domain	546	www.recordedfuture.com
Details	Domain	4126	github.com
Details	Domain	60	documents.trendmicro.com
Details	Domain	41	www.cisecurity.org
Details	Domain	604	www.trendmicro.com
Details	File	1	file-d3079439.doc
Details	File	141	www.cer
Details	File	4	mailpv.html
Details	File	4	web_browser_password.html
Details	File	1	feodosoff-a-new-botnet-on-the-rise.html
Details	File	816	index.html
Details	File	1	and-backends.pdf
Details	File	5	final.pdf
Details	Github username	15	decalage2
Details	md5	1	7d63501790ab200d8a6852508d6f6863
Details	sha256	1	648dce03ac4c32217ce5c0b279bc3775faf030cafb313c74009fe60ffde3c924
Details	sha256	2	30049dadda36afb0667765155aa8b3e9066511f47e017561bee7e456d4c0236d
Details	IPv4	1	167.99.81.74
Details	IPv4	1	173.11.129.38
Details	IPv4	1	183.82.101.78
Details	IPv4	1	63.142.32.242
Details	IPv4	1	70.164.197.196
Details	IPv4	1	76.175.26.109
Details	IPv4	1	199.119.78.23
Details	IPv4	1	77.146.69.15
Details	IPv4	1	70.105.162.74
Details	IPv4	3	222.214.218.192
Details	IPv4	1	148.74.40.144
Details	IPv4	1	95.141.175.240
Details	IPv4	1	207.47.71.46
Details	IPv4	1	31.49.122.115
Details	Url	2	https://www.us
Details	Url	1	https://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-
Details	Url	1	https://researchcenter.paloaltonetworks.com/2018/07/unit42-malware-team-malspam-pushing-emotet-trickbot/.
Details	Url	1	https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor.
Details	Url	7	https://www.us-cert.gov
Details	Url	1	https://en.wikipedia.org/wiki/windows_code_page.
Details	Url	1	https://blog.malwarebytes.com/threat-analysis/2018/05/malware-analysis-decoding-emotet-part-1/.
Details	Url	1	https://blog.malwarebytes.com/threat-analysis/2018/06/malware-analysis-decoding-emotet-part-2/.
Details	Url	7	https://app.any.run
Details	Url	5	https://developers.google.com
Details	Url	1	https://www.cert
Details	Url	1	https://research.checkpoint.com/emotet-tricky-trojan-git-clones/.
Details	Url	2	http://www.nirsoft.net/utils
Details	Url	1	https://www.fireeye.com/blog/threat-research/2010/10/feodosoff-a-new-botnet-on-the-rise.html
Details	Url	1	https://securelist.com/dridex-a-history-of-evolution/78531/.
Details	Url	1	https://feodotracker.abuse.ch/.
Details	Url	1	https://threatpost.com/cridex-variant-geodo-part-trojan-part-email-worm/106943/.
Details	Url	4	http://www.malware
Details	Url	1	https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/.
Details	Url	1	http://www.malware-traffic-analysis.net/2018/09/21/index.html
Details	Url	3	https://exchange.xforce.ibmcloud.com
Details	Url	1	https://www.flashpoint-intel.com/blog/trickbot-icedid-collaborate-increase-impact/.
Details	Url	1	https://www.fidelissecurity.com/threatgeek/threat-intelligence/emotet-payload-icedid.
Details	Url	2	https://www.blackhat.com/docs/us-15/materials/us-15-peterson-gameover-zeus-badguys-
Details	Url	1	https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter.
Details	Url	15	https://blog.trendmicro.com/trendlabs-security-intelligence
Details	Url	1	https://www.fbi.gov/contact-us/field-offices/pittsburgh/news/press-releases/bugat-botnet-administrator-arrested-and-
Details	Url	1	https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-
Details	Url	1	https://www.recordedfuture.com/russian-chinese-hacking-communities/.
Details	Url	1	https://github.com/decalage2/oletools/wiki
Details	Url	1	https://documents.trendmicro.com/assets/exploringemotet
Details	Url	1	https://securelist.com/the-banking-trojan-emotet-detailed-analysis/69560/.
Details	Url	1	https://www.cisecurity.org/blog/emotet-changes-ttp-and-arrives-in-united-states/.