ioc[.]one - OSINT Cyber Threat Intelligence Database

Return of Emotet malware | Zscaler

Tags

cmtmf-attack-pattern:

attack-pattern:

Data Boot Or Logon Autostart Execution - T1547 Botnet - T1583.005 Botnet - T1584.005 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 File And Directory Discovery - T1420 Hidden Files And Directories - T1564.001 Hide Artifacts - T1564 Impair Defenses - T1562 Lsass Driver - T1547.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Process Discovery - T1424 System Information Discovery - T1426 Process Injection - T1631 Rundll32 - T1218.011 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Software Discovery - T1518 Application Window Discovery - T1010 File And Directory Discovery - T1083 Hidden Files And Directories - T1158 Lsass Driver - T1177 Masquerading - T1036 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Remote System Discovery - T1018 Rundll32 - T1085 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 System Information Discovery - T1082 Masquerading Remote System Discovery

Show in Graph

Common Information

Type	Value
UUID	c68d12f9-f351-4193-b08c-67f3a93ae1ef
Fingerprint	ac340d6dafdd8e93
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 16, 2021, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Return of Emotet malware
Title	Return of Emotet malware \| Zscaler
Detected Hints/Tags/Attributes	53/2/70

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/return-emotet-malware

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	evgeniys.ru
Details	Domain	1	crownadvertising.ca
Details	Domain	1	cars-taxonomy.mywebartist.eu
Details	Domain	1	immoinvest.com.br
Details	Domain	1	yoho.love
Details	Domain	1	www.168801.xyz
Details	Domain	1	www.pasionportufuturo.pe
Details	File	21	www.pas
Details	sha256	4	c7574aac7583a5bdc446f813b8e347a768a9f4af858404371eae82ad2d136a01
Details	sha256	1	015a96c0567c86af8c15b3fe4e19098ae9d0ea583e6bc0bb71c344fc993a26cf
Details	IPv4	6	81.0.236.93
Details	IPv4	6	94.177.248.64
Details	IPv4	5	66.42.55.5
Details	IPv4	8	103.8.26.103
Details	IPv4	7	185.184.25.237
Details	IPv4	5	45.76.176.10
Details	IPv4	5	188.93.125.116
Details	IPv4	7	103.8.26.102
Details	IPv4	10	178.79.147.66
Details	IPv4	10	58.227.42.236
Details	IPv4	10	45.118.135.203
Details	IPv4	15	103.75.201.2
Details	IPv4	8	195.154.133.20
Details	IPv4	10	45.142.114.231
Details	IPv4	8	212.237.5.209
Details	IPv4	9	207.38.84.195
Details	IPv4	8	104.251.214.46
Details	IPv4	9	138.185.72.26
Details	IPv4	7	51.68.175.8
Details	IPv4	6	210.57.217.132
Details	IPv4	5	51.178.61.60
Details	IPv4	5	168.197.250.14
Details	IPv4	4	45.79.33.48
Details	IPv4	9	196.44.98.190
Details	IPv4	4	177.72.80.14
Details	IPv4	4	51.210.242.234
Details	IPv4	4	185.148.169.10
Details	IPv4	5	142.4.219.173
Details	IPv4	8	78.47.204.80
Details	IPv4	8	78.46.73.125
Details	IPv4	8	37.44.244.177
Details	IPv4	7	37.59.209.141
Details	IPv4	4	191.252.103.16
Details	IPv4	7	54.38.242.185
Details	IPv4	7	85.214.67.203
Details	IPv4	8	54.37.228.122
Details	IPv4	7	207.148.81.119
Details	IPv4	8	195.77.239.39
Details	IPv4	7	66.42.57.149
Details	IPv4	8	195.154.146.35
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	121	T1218
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	107	T1564
Details	Url	1	https://evgeniys.ru/sap-logs/d6
Details	Url	1	http://crownadvertising.ca/wp-includes/oxiaaccoic
Details	Url	1	https://cars-taxonomy.mywebartist.eu/-/bpcahsafjwf
Details	Url	1	http://immoinvest.com.br/blog_old/wp-admin/luot
Details	Url	1	https://yoho.love/wp-content/e4lafbdxivyt6o
Details	Url	1	https://www.168801.xyz/wp-content/6j3cv4melxvzp
Details	Url	1	https://www.pasionportufuturo.pe/wp-content/xubs