ioc[.]one - OSINT Cyber Threat Intelligence Database

Attack Chain Overview: Emotet in December 2020 and January 2021

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Indirect Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 New Service - T1050 Powershell - T1086 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	27b8e501-f664-4bd5-b245-eaa90829dbe8
Fingerprint	ac090911233f0302
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 8, 2021, 2 p.m.
Added to db	Sept. 11, 2022, 12:41 p.m.
Last updated	Nov. 18, 2024, 1:25 p.m.
Headline	Attack Chain Overview: Emotet in December 2020 and January 2021
Title	Attack Chain Overview: Emotet in December 2020 and January 2021
Detected Hints/Tags/Attributes	68/2/54

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/attack-chain-overview-emotet-in-december-2020-and-january-2021/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	abrillofurniture.com
Details	Domain	2	allcannabismeds.com
Details	Domain	3	ezi-pos.com
Details	Domain	3	giannaspsychicstudio.com
Details	Domain	3	ienglishabc.com
Details	Domain	3	etkindedektiflik.com
Details	Domain	2	vstsample.com
Details	File	1	r43h.dll
Details	File	2130	cmd.exe
Details	File	8	msg.exe
Details	File	1212	powershell.exe
Details	File	1	%userprofile%\ygyhlqt\bx5jfmo\r43h.dll
Details	File	1021	rundll32.exe
Details	File	1	nk05dj2yia.dll
Details	File	1	%userprofile%\ygyhlqt\bx5jfmo\ and will be renamed to r43h.dll
Details	sha256	2	2cb81a1a59df4a4fd222fbcb946db3d653185c2e79cf4d3365b430b1988d485f
Details	sha256	2	bbb9c1b98ec307a5e84095cf491f7475964a698c90b48a9d43490a05b6ba0a79
Details	sha256	2	bd1e56637bd0fe213c2c58d6bd4e6e3693416ec2f90ea29f0c68a0b91815d91a
Details	sha256	1	209a975429304f771ef8a619553ffd9b8fc525a254157cbba47f8e64ec30df79
Details	sha256	1	2a8dcfc8f1262e1c6b5f65c52cdccdbcd40ff6218f4f25f82bd3eb025593dbc0
Details	sha256	1	36df660c8e323435d2bc7a5516adcadfbd0b220279f634725e407da9f2b9d4f5
Details	sha256	1	3788c8a783fbbd61fa60d41b78568c095a8587db728a61bff67c3ffebfad82a4
Details	sha256	1	704759a244e3f27481f6ad225a0e1c30ae46e411e01612d68ca76fe2fd8cee54
Details	sha256	1	7a18e87591637a8e962386b9c72aed584037a953ce7fe5ae51edba7a0ca57c1a
Details	sha256	1	96a1fea9853e6f77d4449da325dfdb1545b905bdb7ba227d24e6a1a5f8cb3bd4
Details	sha256	1	a9668efdb68bf251dae8623cb4f3dc8b9b7f42d77927d287633af94a72e9d1dc
Details	sha256	1	fc3c1ce6491bca2b028ae8806ca84d4b9dcb577fb2551aa871ca23eca19b10f5
Details	sha256	1	0a0bf0cab20ec7fb530738c4e08f8cd5062ea44c5da3d8a3e6ce0768286d4c51
Details	sha256	1	2a0a1e12a8a948083abe2a0dcbf9128b8ec7f711251f399e730af6645e86d5c8
Details	sha256	1	3b3a9517b61d2af8758e60d067c08edd397ad76b25efe1cbd393229088567002
Details	sha256	1	3bbda08f5e15c5cb4472c6e610f2063eb68f54c0234a2197bc4633f4344ab27f
Details	sha256	1	3e2fd3a5d790a0d4efe1100af08e3e2011f26416154ec11f1315db2ca6ca71bd
Details	sha256	1	4eb1928c08d16a9407dbf89ad1279886379a0415bdd7760a3b2d0697f7d287c6
Details	sha256	1	95bc30b35aa2d2baa80b50e970707197a26bd19d7772cbf65ff3d0300fe8e789
Details	sha256	1	97c395e1bd0c35e9b8e6f9d97b470abdfdacec25e0e4e3b987e3813fb902de9f
Details	IPv4	4	5.2.136.90
Details	IPv4	6	37.46.129.215
Details	IPv4	3	70.32.89.105
Details	IPv4	3	110.172.180.180
Details	IPv4	2	132.248.38.158
Details	IPv4	3	138.197.99.250
Details	IPv4	3	152.170.79.100
Details	IPv4	3	157.245.145.87
Details	IPv4	2	161.49.84.2
Details	IPv4	2	190.55.186.229
Details	IPv4	3	190.247.139.101
Details	IPv4	3	203.157.152.9
Details	Url	2	http://abrillofurniture.com/bph-nclex-wygq4/a7nbfhs
Details	Url	2	http://allcannabismeds.com/unraid-map/zzm6
Details	Url	2	http://ezi-pos.com/categoryl/x
Details	Url	2	http://giannaspsychicstudio.com/cgi-bin/pp
Details	Url	2	http://ienglishabc.com/cow/jh
Details	Url	2	https://etkindedektiflik.com/pcie-speed/u
Details	Url	2	https://vstsample.com/wp-includes/7exei