ioc[.]one - OSINT Cyber Threat Intelligence Database

New Emotet Infection Method

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Rundll32 - T1218.011 Mshta - T1170 Powershell - T1086 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	9ef4dcbf-b24c-46a8-b31f-c4228ecab91f
Fingerprint	ac1d88242d754b06
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2022, 2 p.m.
Added to db	Sept. 11, 2022, 12:47 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	New Emotet Infection Method
Title	New Emotet Infection Method
Detected Hints/Tags/Attributes	45/2/45

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/new-emotet-infection-method/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	11	form.zip
Details	Domain	1	unifiedpharma.com
Details	Domain	1	hotelamerpalace.com
Details	Domain	1	connecticutsfinestmovers.com
Details	Domain	1	icfacn.com
Details	Domain	1	krezol-group.com
Details	Domain	1	ledcaopingdeng.com
Details	Domain	1	autodiscover.karlamejia.com
Details	Domain	1	crmweb.info
Details	Domain	1	accessunited-bank.com
Details	Domain	1	pigij.com
Details	Domain	1	artanddesign.one
Details	Domain	1	strawberry.kids-singer.net
Details	Domain	1	eleccom.shop
Details	Domain	1	izocab.com
Details	File	2127	cmd.exe
Details	File	456	mshta.exe
Details	File	3	s.html
Details	File	3	s.png
Details	File	10	form.zip
Details	File	2	form.xlsm
Details	File	7	c:\users\public\documents\ssd.dll
Details	File	1018	rundll32.exe
Details	sha256	1	9f22626232934970e4851467b7b746578f0f149984cd0e4e1a156b391727fac9
Details	sha256	1	6d55f25222831cce73fd9a64a8e5a63b002522dc2637bd2704f77168c7c02d88
Details	sha256	1	9bda03babb0f2c6aa9861eca95b33af06a650e2851cce4edcc1fc3abd8e7c2a1
Details	sha256	1	5bd4987db7e6946bf2ca3f73e17d6f75e2d8217df63b2f7763ea9a6ebcaf9fed
Details	sha256	1	2de72908e0a1ef97e4e06d8b1ba3dc0d76f580cdf36f96b5c919bea770b2805f
Details	IPv4	2	91.240.118.168
Details	Url	2	http://91.240.118.168/se/s.html
Details	Url	2	http://91.240.118.168/se/s.png
Details	Url	1	http://unifiedpharma.com/wp-content/5arxm
Details	Url	1	http://hotelamerpalace.com/fox-c404/lepqpjpt4gbr8bhan
Details	Url	1	https://connecticutsfinestmovers.com/fox-c/mvwoqxt17gvwae8e
Details	Url	1	http://icfacn.com/runtime/n7qa2ystudp
Details	Url	1	https://krezol-group.com:443/images/pmlglkyecbs5d
Details	Url	1	http://ledcaopingdeng.com/wp-includes/qq39yj7fpvk
Details	Url	1	http://autodiscover.karlamejia.com/wp-admin/hcdnvlriiwvtvrjjjee
Details	Url	1	https://crmweb.info:443/bitrix/rc9xjtwf
Details	Url	1	http://accessunited-bank.com/admin/hzigvwq8btak
Details	Url	1	http://pigij.com/wp-admin/mvw5
Details	Url	1	http://artanddesign.one/wp-content/uploads/a2czl7
Details	Url	1	http://strawberry.kids-singer.net/assets_c/wadvnt84dmu
Details	Url	1	https://eleccom.shop:443/services/aejsdj
Details	Url	1	https://izocab.com/nashi-klienty/b5sc