[QuickNote] Emotet epoch4 & epoch5 tactics
Tags
attack-pattern: Data Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Rundll32 - T1218.011 Mshta - T1170 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 34f73043-66d3-4a78-8bbc-4dc1e8e3c6b4
Fingerprint 242238778d362bc7
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 23, 2022, 10:59 a.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline 0day in {REA_TEAM}
Title [QuickNote] Emotet epoch4 & epoch5 tactics
Detected Hints/Tags/Attributes 24/1/17
Source URLs
Redirection Url
Details Source https://kienmanowar.wordpress.com/2022/01/23/quicknote-emotet-epoch4-epoch5-tactics/
URL Provider
Details Provider Source level domain
Details wordpress.com kienmanowar.wordpress.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
mangaloresoundandlights.com
Details Domain 75 
tria.ge
Details Domain 1 
mt.yoshimax.net
Details File 1 
12772684608453.xls
Details File 456 
mshta.exe
Details File 1 
fe2.html
Details File 1 
fe2.png
Details File 7 
c:\users\public\documents\ssd.dll
Details File 1018 
rundll32.exe
Details File 2 
ssd.dll
Details File 1 
2022-01-20-emotet-epoch5-excel-file.bin
Details File 1 
2022-01-20-emotet-epoch5-fe1.html
Details File 1 
fe1.png
Details File 1 
sdc.dll
Details IPv4 3 
185.7.214.7
Details Url 1 
https://tria.ge/220121-wxp5xaafb2.
Details Url 1 
https://tria.ge/220123-j3vw5afeel.