MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II | FortiGuard Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | bbc1c8fc-a10e-4bf0-8e21-be461ca13093 |
| Fingerprint | fe388dd22937a3ce |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 23, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II |
| Title | MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II | FortiGuard Labs |
| Detected Hints/Tags/Attributes | 59/2/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | email2.office.com |
|
| Details | File | 9 | x.dll |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1 | %windir%\syswow64\certutil.exe |
|
| Details | File | 6 | %windir%\system32\certutil.exe |
|
| Details | File | 1 | uvbubqj.exe |
|
| Details | File | 1 | c:\users\bobs\appdata\local\temp\60b2.tmp |
|
| Details | File | 1 | 60b2.tmp |
|
| Details | File | 1 | c:\users\bobs\appdata\local\temp\7b3c.tmp |
|
| Details | File | 1 | %temp%\6827.tmp |
|
| Details | File | 1 | c:\users\bobs\appdata\local\temp\8042.tmp |
|
| Details | IPv4 | 4 | 144.217.88.125 |
|
| Details | IPv4 | 3 | 67.205.162.68 |
|
| Details | IPv4 | 3 | 54.36.98.59 |
|
| Details | IPv4 | 5 | 45.184.36.10 |
|
| Details | IPv4 | 2 | 47.110.149.223 |
|
| Details | IPv4 | 3 | 159.65.1.71 |
|
| Details | IPv4 | 3 | 51.178.186.134 |
|
| Details | IPv4 | 3 | 131.100.24.199 |
|
| Details | IPv4 | 3 | 51.91.142.158 |
|
| Details | IPv4 | 3 | 51.79.205.117 |
|
| Details | IPv4 | 3 | 176.31.163.17 |
|
| Details | Windows Registry Key | 22 | HKCU\Software\Microsoft\Internet |
|
| Details | Windows Registry Key | 3 | HKCU\Software\Microsoft\Office\Outlook\OMI |