Emotet is back
Tags
attack-pattern: Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 2fe5e09f-2d08-4f84-bb49-66f906e06fab
Fingerprint b29998652974030e
Analysis status DONE
Considered CTI value 2
Text language
Published July 20, 2020, 12:26 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline Emotet is back
Title Emotet is back
Detected Hints/Tags/Attributes 17/1/21
Source URLs
Redirection Url
Details Source https://www.hornetsecurity.com/en/security-information/emotet-is-back/
URL Provider
Details Provider Source level domain
Details hornetsecurity.com www.hornetsecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 11 
www.hornetsecurity.com
Details Domain 145 
www.us-cert.gov
Details Domain 18 
paste.cryptolaemus.com
Details Domain 1373 
twitter.com
Details Domain 1 
www.elseelektrikci.com
Details Domain 1 
www.rviradeals.com
Details Domain 2 
skenglish.com
Details Domain 1 
www.packersmoversmohali.com
Details Domain 1 
www.tri-comma.com
Details sha256 1 
99d8438c947cac7ca363037f1436ecab4e7fa4609c9c59f6fd5006a050d361aa
Details sha256 2 
5d2c6110f2ea87a6b7fe9256affbac0eebdeee18081d59e05df4b4a17417492b
Details sha256 1 
c5949244e5d529848c2323545a75eec34e6ba33c6519d46359b004d6717a68a5
Details Url 2 
https://www.hornetsecurity.com/en/security-information/awaiting-the-inevitable-return-of-emotet
Details Url 3 
https://www.us-cert.gov/ncas/alerts/ta18-201a
Details Url 6 
https://paste.cryptolaemus.com
Details Url 2 
https://twitter.com/cryptolaemus1
Details Url 1 
https://www.elseelektrikci.com/wp-content/hedk3
Details Url 1 
https://www.rviradeals.com/wp-includes/ledr
Details Url 1 
https://skenglish.com/wp-admin/o0gf
Details Url 1 
https://www.packersmoversmohali.com/wp-includes/pgmt4x
Details Url 1 
https://www.tri-comma.com/wp-admin/mmd