Emotet returns Targeting Users Worldwide
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Scheduled Task/Job
maec-delivery-vectors: Watering Hole
attack-pattern: Application Layer Protocol - T1437 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Non-Standard Port - T1509 Non-Standard Port - T1571 Password Guessing - T1110.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Brute Force - T1110 Command-Line Interface - T1059 Remote File Copy - T1105 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Regsvr32 - T1117 Rundll32 - T1085 Scheduled Task - T1053 Spearphishing Attachment - T1193 User Execution - T1204 Spearphishing Attachment User Execution
Show in Graph
Common Information
Type Value
UUID bd22b20a-b245-4232-9035-a1198bd0b8be
Fingerprint b215b86d09758a84
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 9, 2022, midnight
Added to db Oct. 24, 2023, 1:35 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Emotet returns Targeting Users Worldwide
Title Emotet returns Targeting Users Worldwide
Detected Hints/Tags/Attributes 89/3/67
Source URLs
Redirection Url
Details Redirection https://blog.cyble.com/2022/11/09/emotet-returns-targeting-users-worldwide/
Details Source https://cyble.com/blog/emotet-returns-targeting-users-worldwide/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
Details cyble.com blog.cyble.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
designelis.com.br
Details Domain 1 
copayucatan.com.mx
Details Domain 1 
cursosweb.com.br
Details Domain 1 
db.rikaz.tech
Details Domain 2 
bayernbadabum.com
Details File 459 
regsvr32.exe
Details File 1 
icxbdzlkufevwx.dll
Details File 1 
ifocnf.dll
Details File 1 
eqamup1.dll
Details File 1 
peurix.txt
Details File 1018 
rundll32.exe
Details File 1 
c:\windows\tasks\bb.dll
Details File 1 
6096.xls
Details File 1 
obpgviuuvwx.dll
Details md5 1 
e5192c6239f67745e99d626cd3df8a58
Details md5 1 
40fdab4303254fbd0ffe9a9a4917455a
Details md5 1 
5f144bff7013b9d25527d7baaa9ac4fb
Details md5 1 
2d5ed2b25105753b8dfbc68e38718f2d
Details md5 1 
878e2105d4f1dd5e8957f7183e1c9c62
Details sha1 1 
b67c12c03394ca14788991fc3243c41443a2a9d8
Details sha1 1 
0cf93b7a774b605e4350f3b92c0d2c63f84f8411
Details sha1 1 
6fcd48a2708fe81419ff9becc39ef3ca5a35e134
Details sha1 1 
7c1160e74747648485a2e3af179d060d7c4a33c4
Details sha1 1 
adfd3cde25019526083e091f546a26a2eb033ecc
Details IPv4 1 
87.251.67.176
Details IPv4 1 
134.209.118.141
Details IPv4 7 
45.235.8.30
Details IPv4 7 
94.23.45.86
Details IPv4 5 
119.59.103.152
Details IPv4 3 
169.60.181.70
Details IPv4 8 
164.68.99.3
Details IPv4 6 
172.105.226.75
Details IPv4 6 
107.170.39.149
Details IPv4 8 
206.189.28.199
Details IPv4 8 
1.234.2.232
Details IPv4 9 
188.44.20.25
Details IPv4 5 
186.194.240.217
Details IPv4 5 
103.43.75.120
Details IPv4 3 
149.28.143.92
Details IPv4 7 
159.89.202.34
Details IPv4 4 
209.97.163.214
Details IPv4 7 
183.111.227.137
Details IPv4 8 
129.232.188.93
Details IPv4 5 
139.59.126.41
Details IPv4 11 
110.232.117.186
Details IPv4 3 
139.59.56.73
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 238 
T1497
Details MITRE ATT&CK Techniques 163 
T1573
Details MITRE ATT&CK Techniques 115 
T1571
Details MITRE ATT&CK Techniques 44 
T1110.001
Details MITRE ATT&CK Techniques 179 
T1087
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 492 
T1105
Details Url 1 
https://designelis.com.br/wp-content/nnfbzzegi
Details Url 1 
http://copayucatan.com.mx/wp-includes/bqajmpc3osz0lrnkk
Details Url 1 
http://cursosweb.com.br/portal/6ozjr
Details Url 1 
http://db.rikaz.tech/lcx76ilkrbtesqnfa7/.
Details Url 1 
https://bayernbadabum.com/botpack.dat
Details Url 1 
http://87.251.67.176/tps1.ps1
Details Url 1 
http://134.209.118.141/bb.dll
Details Url 1 
http://copayucatan.com.mx/wp-
Details Url 1 
http://db.rikaz.tech/lcx76ilkrbtesqnfa7