ioc[.]one - OSINT Cyber Threat Intelligence Database

Return of the mummy - welcome back, emotet

Tags

country:	Egypt Netherlands
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	b3d2702e-a5b1-49a9-99ca-59de9dcfe1e5
Fingerprint	b029506128750aa7
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 24, 2019, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 10:43 p.m.
Headline	Return of the Mummy - Welcome back, Emotet
Title	Return of the mummy - welcome back, emotet
Detected Hints/Tags/Attributes	20/2/68

Source URLs

	Redirection	Url
Details	Source	https://dissectingmalwa.re/return-of-the-mummy-welcome-back-emotet.html

URL Provider

Details	Provider	Source level domain
Details	dissectingmalwa.re	dissectingmalwa.re

Attributes

Details	Type	#Events	Value
Details	Domain	538	pic.twitter.com
Details	Domain	2	autorepuestosdml.com
Details	Domain	1	pep-egypt.com
Details	Domain	2	danangluxury.com
Details	Domain	1	www.gcesb.com
Details	Domain	1	bondagetrip.com
Details	Domain	1	www.offmaxindia.com
Details	Domain	1	www.kutrialiogludernegi.com
Details	Domain	1	poshinternationalmedia.com
Details	Domain	1	drfalamaki.com
Details	Domain	1	gcsucai.com
Details	File	748	kernel32.dll
Details	File	229	advapi32.dll
Details	File	1	5b99674d2005bb01760a1765e4cb3bd06c6a7970.doc
Details	File	1	8kzlxw0qu5k8_njc.docm
Details	File	1	9b797e5a9e5fb0789b8278134af083aa4116b28e.doc
Details	File	1	1519749319.doc
Details	File	1	d468ea5ba7a856c12c3ac887c1a023f6b1182165.doc
Details	File	1	details_09_17_2019mw-33916.docm
Details	File	1	6678523.doc
Details	File	1	fb1ade20382673e3e1d3351fa3155229880f6ece.doc
Details	File	1	7330786_09_23_2019_uie76589.doc
Details	File	7	whoami.php
Details	sha1	1	5b99674d2005bb01760a1765e4cb3bd06c6a7970
Details	sha1	1	9b797e5a9e5fb0789b8278134af083aa4116b28e
Details	sha1	1	d468ea5ba7a856c12c3ac887c1a023f6b1182165
Details	sha1	1	fb1ade20382673e3e1d3351fa3155229880f6ece
Details	sha256	2	6076e26a123aaff20c0529ab13b2c5f11259f481e43d62659b33517060bb63c5
Details	sha256	2	757b35d20f05b98f2c51fc7a9b6a57ccbbd428576563d3aff7e0c6b70d544975
Details	sha256	2	7080e1b236a19ed46ea28754916c43a7e8b68727c33cbf81b96077374f4dc205
Details	sha256	1	ea7391b5dd01d2c79ebe16e842daacc84a0dc5f0174235bbae86b2204312a6ab
Details	sha256	16	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Details	sha256	1	c13a058b51294284b7383b5d5c78eff83529519c207376cf26e94f4e888c5114
Details	sha256	1	ae63b306cc2787b2acac3770d706db0648f53e1fade14af0104cfcb07001e22d
Details	sha256	1	82bb3612b299cba0350e1dc4c299af9d50354cc1448b1dd931017f4381d0606a
Details	sha256	1	78d7b30a7a68c3b1da18bcf2ea84904907ecbd96d460b7d94871ac1a6ff21a35
Details	sha256	1	d88175cb5257df99953b2cfb65dff302dce425548c54706bf7d23ba6de5eef19
Details	sha256	1	cb4a203b541ec40e06c9d9f030dacf22747d62a771385d49d03801945b8d2e1a
Details	sha256	1	1e1eedfe3066f398cdc0805ec5338e2028c0fd7085255c741d31ec35eb3bdbda
Details	IPv4	3	182.76.6.2
Details	IPv4	3	86.98.25.30
Details	IPv4	3	198.199.88.162
Details	IPv4	3	178.62.37.188
Details	IPv4	3	92.222.125.16
Details	IPv4	2	45.79.188.67
Details	IPv4	1	173.214.174.107
Details	Url	1	https://gcsucai.com/wp-content/h891u8f8/@hxxp://www.offmaxindia.com/wp-includes/b161/@hxxp://www.kutrialiogludernegi.com/cgi-bin/6j1/@hxxp://poshinternationalmedia.com/nqec/zcdvgy178/@hxxp://drfalamaki.com/mqm24/btxz33664
Details	Url	1	https://autorepuestosdml.com/wp-content/ciloxipti
Details	Url	1	https://pep-egypt.com/eedy/xx3yspke7_l7jp5-430067348
Details	Url	1	https://danangluxury.com/wp-content/uploads/ktgqsblu
Details	Url	1	https://www.gcesb.com/wp-includes/customize/zufjervum
Details	Url	1	https://bondagetrip.com/wp-content/y0gm3xxs_hmnw8rq-764161699
Details	Url	1	http://www.offmaxindia.com/wp-includes/b161
Details	Url	1	http://www.kutrialiogludernegi.com/cgi-bin/6j1
Details	Url	1	http://poshinternationalmedia.com/nqec/zcdvgy178
Details	Url	1	http://drfalamaki.com/mqm24/btxz33664
Details	Url	1	https://gcsucai.com/wp-content/h891u8f8
Details	Url	1	http://179.12.170[].88:8080/vermont/json/ringin
Details	Url	1	http://182.76.6.2:8080/sess
Details	Url	1	http://86.98.25.30:53/ringin/attrib/ringin
Details	Url	1	http://198.199.88.162:8080/sym/codec/ringin
Details	Url	1	http://178.62.37.188:443/health/enabled/ringin
Details	Url	1	http://92.222.125.16:7080/acquire/loadan
Details	Url	1	http://45.79.188.67:8080/report
Details	Url	1	http://45.79.188.67:8080/stubs/schema/ringin
Details	Url	1	http://173.214.174.107:443/whoami.php
Details	Url	1	http://173.214.174.107:443/xian/vermont/ringin/merge
Details	Url	1	http://173.214.174.107:443/symbols/enable/ringin