Wireshark Tutorial: Examining Emotet Infection Traffic
Tags
country: United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID 67f6aca3-c7b5-495f-8a90-0616c6a034ef
Fingerprint b431d9592df21bd6
Analysis status DONE
Considered CTI value -2
Text language
Published Jan. 19, 2021, 2 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 4, 2024, 10:59 p.m.
Headline Wireshark Tutorial: Examining Emotet Infection Traffic
Title Wireshark Tutorial: Examining Emotet Infection Traffic
Detected Hints/Tags/Attributes 51/3/25
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/wireshark-tutorial-emotet-infection/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
hangarlastik.com
Details Domain 1 
padreescapes.com
Details Domain 1 
sarture.com
Details Domain 1 
seo.udaipurkart.com
Details Domain 1 
obob.tv
Details Domain 1 
miprimercamino.com
Details Domain 2 
smtp.data
Details Domain 1 
fathekarim.com
Details Domain 1 
saketpranamam.mysquare.in
Details Domain 1 
samaritantec.com
Details Domain 1 
cdn.speedof.me
Details Domain 1 
strandsglobal.com
Details Domain 6 
http.host
Details File 4 
smtp.dat
Details File 1 
mingup.png
Details File 1 
saved.png
Details sha256 1 
8e37a82ff94c03a5be3f9dd76b9dfc335a0f70efc0d8fd3dca9ca34dd287de1b
Details sha256 1 
963b00584d8d63ea84585f7457e6ddcac9eda54428a432f388a1ffee21137316
Details sha256 1 
59e1711d6e4323da2dc22cdee30ba8876def991f6e476f29a0d3f983368ab461
Details sha256 1 
ed8dea5381a7f6c78108a04344dc73d5669690b7ecfe6e44b2c61687a2306785
Details sha256 1 
c7f429dde8986a1b2fc51a9b3f4a78a92311677a01790682120ab603fd3c2fcb
Details IPv4 4 
5.2.136.90
Details IPv4 2 
167.71.4.0
Details IPv4 2 
46.101.230.194
Details IPv4 2 
71.80.66.107