Emotet: A Malware Family That Keeps Going | Infoblox
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 23a9fa10-d12a-409a-8c31-5fdb8712390d |
| Fingerprint | a099387569752317 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 6, 2022, 1:18 p.m. |
| Added to db | July 27, 2023, 9:21 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Emotet: A Malware Family That Keeps Going |
| Title | Emotet: A Malware Family That Keeps Going | Infoblox |
| Detected Hints/Tags/Attributes | 70/2/194 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | papillonweb.fr |
|
| Details | Domain | 1 | www.pioneerimmigration.co.in |
|
| Details | Domain | 1 | panamel.com |
|
| Details | Domain | 1 | app.virapad.ir |
|
| Details | Domain | 2 | www.garantihaliyikama.com |
|
| Details | Domain | 2 | haircutbar.com |
|
| Details | Domain | 1 | www.birebiregitim.net |
|
| Details | Domain | 1 | aysbody.com |
|
| Details | Domain | 1 | burgarellaquantumhealing.org |
|
| Details | Domain | 1 | faisonfilms.com |
|
| Details | Domain | 1 | cncadventist.org |
|
| Details | Domain | 1 | greenlizard.co |
|
| Details | Domain | 3 | airhobi.com |
|
| Details | Domain | 1 | pccurico.cl |
|
| Details | Domain | 1 | fashionbyprincessmelodicaah.com |
|
| Details | Domain | 1 | bpsjambi.id |
|
| Details | Domain | 1 | xpansul.com |
|
| Details | Domain | 1 | adviceme.gr |
|
| Details | Domain | 1 | akuntansi.itny.ac.id |
|
| Details | Domain | 1 | wp.eryaz.net |
|
| Details | Domain | 1 | www.cicerosd.com |
|
| Details | Domain | 1 | chainandpyle.com |
|
| Details | Domain | 1 | www.visionsfantastic.com |
|
| Details | Domain | 1 | ent.draftserver.com |
|
| Details | Domain | 1 | www.evosp.com.br |
|
| Details | Domain | 1 | www.clinicaportalpsicologia.com.br |
|
| Details | Domain | 1 | greycoconut.com |
|
| Details | Domain | 2 | harleyqueretaro.com |
|
| Details | Domain | 1 | drviniciusterra.com.br |
|
| Details | Domain | 1 | dscaluya.6te.net |
|
| Details | Domain | 1 | www.concivilpa.com.py |
|
| Details | Domain | 2 | helmprecision.com |
|
| Details | Domain | 1 | www.megakonferans.com |
|
| Details | Domain | 1 | disperindag.garutkab.go.id |
|
| Details | Domain | 1 | www.ergbox.com |
|
| Details | Domain | 1 | blessingsource.com |
|
| Details | Domain | 1 | deadcode200.c1.biz |
|
| Details | Domain | 1 | cs14productions.com |
|
| Details | Domain | 1 | djunreal.co.uk |
|
| Details | Domain | 1 | fisika.mipa.uns.ac.id |
|
| Details | Domain | 1 | grouprobust.com |
|
| Details | Domain | 1 | jimlowry.com |
|
| Details | Domain | 1 | balticcontrolbd.com |
|
| Details | Domain | 1 | www.druck-grafik.at |
|
| Details | Domain | 1 | dl.choobingroup.ir |
|
| Details | Domain | 1 | www.dl5.zahra-media.ir |
|
| Details | Domain | 1 | astrogurusunilbarmola.com |
|
| Details | Domain | 1 | brittknight.com |
|
| Details | Domain | 1 | www.hayalkatibi.com |
|
| Details | Domain | 2 | wmwifbajxxbcxmucxmlc.com |
|
| Details | Domain | 1 | kevinley.com |
|
| Details | Domain | 1 | appyhorsey.com |
|
| Details | Domain | 1 | www.graduate.cmru.ac.th |
|
| Details | Domain | 1 | www.lakor.ch |
|
| Details | Domain | 1 | erp.pinaken.com |
|
| Details | Domain | 1 | corporateissolutions.com |
|
| Details | Domain | 1 | perpustekim.untirta.ac.id |
|
| Details | Domain | 1 | iciee.untirta.ac.id |
|
| Details | Domain | 1 | ikatemia.untirta.ac.id |
|
| Details | Domain | 1 | tm.gamester.com.tr |
|
| Details | Domain | 1 | dencker.info |
|
| Details | Domain | 1 | www.escueladecinemza.com.ar |
|
| Details | Domain | 1 | escueladecinemza.com.ar |
|
| Details | Domain | 1 | www.mobiles-photostudio.com |
|
| Details | Domain | 1 | iprd.net.phtemp.com |
|
| Details | Domain | 1 | charmslovespells.com |
|
| Details | Domain | 1 | ewingconsulting.com |
|
| Details | Domain | 1 | francite.net |
|
| Details | Domain | 1 | educacionsanvicentefundacion.com |
|
| Details | Domain | 1 | clotizen.dothome.co.kr |
|
| Details | Domain | 1 | gmhealthcare.dothome.co.kr |
|
| Details | Domain | 1 | kwinglobal.dothome.co.kr |
|
| Details | Domain | 1 | withvac001.dothome.co.kr |
|
| Details | Domain | 1 | onepieceark.dothome.co.kr |
|
| Details | Domain | 1 | www.zvdesign.info |
|
| Details | Domain | 1 | natdemo.natrixsoftware.com |
|
| Details | Domain | 1 | www.fcstradesolutions.com |
|
| Details | Domain | 1 | demo-re-usables.inertiasoft.net |
|
| Details | Domain | 1 | www.guedala.com.br |
|
| Details | Domain | 1 | www.berekethaber.com |
|
| Details | Domain | 1 | bruidsfotografie-breda.nl |
|
| Details | Domain | 1 | fontecmobile.com |
|
| Details | Domain | 1 | document.vpservice-online.com |
|
| Details | Domain | 1 | atperson.com |
|
| Details | Domain | 1 | frascona.com.ar |
|
| Details | Domain | 1 | cashmailsystem.com |
|
| Details | Domain | 1 | www.clasite.com |
|
| Details | Domain | 1 | kairaliagencies.com |
|
| Details | Domain | 2 | gedebey-tvradio.info |
|
| Details | Domain | 1 | decorusfinancial.com |
|
| Details | Domain | 1 | zachboyle.com |
|
| Details | Domain | 1 | www.boraintercambios.com.br |
|
| Details | Domain | 1 | peicovich.com |
|
| Details | Domain | 1 | www.federation-sardaniste.fr |
|
| Details | Domain | 1 | weboculta.com |
|
| Details | Domain | 1 | earthmach.co |
|
| Details | Domain | 1 | www.drcno.sk |
|
| Details | Domain | 1 | www.forensisbilisim.com |
|
| Details | Domain | 1 | www.fullwiz.com.br |
|
| Details | Domain | 1 | evashopping.thietkewebsitechuanseo.com |
|
| Details | Domain | 1 | travel.pkn2.go.th |
|
| Details | Domain | 1 | www.anglicanjoburg.org |
|
| Details | Domain | 1 | www.joburg.org |
|
| Details | Domain | 1 | mtc.joburg.org |
|
| Details | Domain | 1 | dotcompany.com.br |
|
| Details | Domain | 1 | comecebem.com |
|
| Details | Domain | 1 | collabsolutions.co |
|
| Details | Domain | 1 | borntobefree.org |
|
| Details | Domain | 1 | nycom.narasoft.com |
|
| Details | Domain | 1 | cupsolution.com |
|
| Details | Domain | 1 | wordpress.agrupem.com |
|
| Details | Domain | 1 | www.olsav.sk |
|
| Details | Domain | 1 | www.aseguradosaldia.com |
|
| Details | Domain | 1 | www.nomatenalmono.org |
|
| Details | Domain | 1 | www.diarioaldia.com.ar |
|
| Details | Domain | 1 | ftp.yuecmr.org |
|
| Details | Domain | 1 | contabilidadeplenus.com.br |
|
| Details | Domain | 1 | chaledooleo.com.br |
|
| Details | Domain | 1 | nellydwiputri.co.id |
|
| Details | Domain | 1 | www.llev.com.br |
|
| Details | Domain | 1 | starluckycentre.com |
|
| Details | Domain | 1 | 3dstudioa.com.br |
|
| Details | Domain | 1 | survei.absensi.net |
|
| Details | Domain | 1 | dusangerzicgera.com |
|
| Details | Domain | 1 | ybp.rpmediateam.com |
|
| Details | Domain | 1 | www.controlnetworks.com.au |
|
| Details | Domain | 96 | malpedia.caad.fkie.fraunhofer.de |
|
| Details | Domain | 4 | blogs.infoblox.com |
|
| Details | Domain | 14 | www.infoblox.com |
|
| Details | Domain | 2 | insights.infoblox.com |
|
| Details | Domain | 39 | heimdalsecurity.com |
|
| Details | Domain | 145 | threatpost.com |
|
| Details | Domain | 1 | www.mpg.de |
|
| Details | Domain | 57 | www.theregister.com |
|
| Details | Domain | 24 | duo.com |
|
| Details | Domain | 37 | blogs.vmware.com |
|
| Details | Domain | 9 | feodotracker.abuse.ch |
|
| Details | Domain | 4127 | github.com |
|
| Details | File | 384 | www.inf |
|
| Details | File | 1 | threat-intelligence-report-how-emotet-stole-christmas.pdf |
|
| Details | File | 10 | blogs.inf |
|
| Details | File | 1 | threat-intelligence-report-emotet-gets-political.pdf |
|
| Details | File | 1 | threat-intelligence-report-return-of-emotet.pdf |
|
| Details | File | 2 | insights.inf |
|
| Details | File | 1 | www.mpg |
|
| Details | File | 1 | emotet-is-not-dead-yet-part-2.html |
|
| Details | Github username | 4 | infobloxopen |
|
| Details | IPv4 | 6 | 54.37.106.167 |
|
| Details | IPv4 | 8 | 78.47.204.80 |
|
| Details | IPv4 | 5 | 202.28.34.99 |
|
| Details | IPv4 | 5 | 210.57.209.142 |
|
| Details | IPv4 | 5 | 118.98.72.86 |
|
| Details | IPv4 | 8 | 37.44.244.177 |
|
| Details | IPv4 | 9 | 196.44.98.190 |
|
| Details | IPv4 | 8 | 195.77.239.39 |
|
| Details | IPv4 | 7 | 139.196.72.155 |
|
| Details | IPv4 | 8 | 54.37.228.122 |
|
| Details | IPv4 | 5 | 62.171.178.147 |
|
| Details | IPv4 | 6 | 202.134.4.210 |
|
| Details | IPv4 | 7 | 85.214.67.203 |
|
| Details | IPv4 | 5 | 93.104.209.107 |
|
| Details | IPv4 | 7 | 88.217.172.165 |
|
| Details | IPv4 | 5 | 103.41.204.169 |
|
| Details | IPv4 | 4 | 87.106.97.83 |
|
| Details | IPv4 | 5 | 85.25.120.45 |
|
| Details | IPv4 | 5 | 202.29.239.162 |
|
| Details | IPv4 | 4 | 36.67.23.59 |
|
| Details | IPv4 | 5 | 175.126.176.79 |
|
| Details | IPv4 | 5 | 103.56.149.105 |
|
| Details | IPv4 | 5 | 178.62.112.199 |
|
| Details | IPv4 | 4 | 104.248.225.227 |
|
| Details | IPv4 | 5 | 188.225.32.231 |
|
| Details | IPv4 | 3 | 103.85.95.4 |
|
| Details | IPv4 | 1 | 104.244.79.94 |
|
| Details | IPv4 | 1 | 157.230.99.206 |
|
| Details | IPv4 | 1 | 103.126.216.86 |
|
| Details | IPv4 | 1 | 157.245.111.0 |
|
| Details | Url | 6 | https://malpedia.caad.fkie.fraunhofer.de/details/win.emotet |
|
| Details | Url | 1 | https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-how-emotet-stole-christmas.pdf |
|
| Details | Url | 1 | https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/italian-emotet-campaign |
|
| Details | Url | 1 | https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-emotet-gets-political.pdf |
|
| Details | Url | 1 | https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-return-of-emotet.pdf |
|
| Details | Url | 1 | https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence |
|
| Details | Url | 2 | https://heimdalsecurity.com/blog/emotet-malware-history |
|
| Details | Url | 1 | https://threatpost.com/emotet-back-new-tricks/179410 |
|
| Details | Url | 1 | https://www.welivesecurity.com/2022/06/16/how-emotet-is-changing-tactics-microsoft-tightening-office-macro-security |
|
| Details | Url | 1 | https://www.mpg.de/18941175/emotet-malware-max-planck-institute-plasma-physics |
|
| Details | Url | 1 | https://www.theregister.com/2022/04/21/emotet-resurgence-email |
|
| Details | Url | 1 | https://duo.com/decipher/emotet-office-macros-abuse-continues-despite-microsoft-protections |
|
| Details | Url | 1 | https://blogs.vmware.com/security/2022/02/emotet-is-not-dead-yet-part-2.html |
|
| Details | Url | 2 | https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905 |
|
| Details | Url | 1 | https://blogs.infoblox.com/security/inforanks-infoblox-rankings-give-insights-into-the-stability-of-a-domains-popularity |
|
| Details | Url | 2 | https://feodotracker.abuse.ch |
|
| Details | Url | 1 | https://github.com/infobloxopen/threat-intelligence/tree/main/cta_indicators |