Malware-Traffic-Analysis.net - 2018-08-16 - Emotet infections with Zeus Panda Banker on 2018-08-15 and 2018-08-16
Tags
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | e6405577-6c42-44ff-984d-ad3f828a97c8 |
| Fingerprint | e9bdb9606ce414c7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 16, 2018, midnight |
| Added to db | Jan. 18, 2023, 11:28 p.m. |
| Last updated | Nov. 19, 2024, 1:59 p.m. |
| Headline | UNKNOWN |
| Title | Malware-Traffic-Analysis.net - 2018-08-16 - Emotet infections with Zeus Panda Banker on 2018-08-15 and 2018-08-16 |
| Detected Hints/Tags/Attributes | 23/1/72 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.malware-traffic-analysis.net/2018/08/16/index2.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 2018-08-14-thru-16-emotet-malspam-9-email-examples.zip |
|
| Details | Domain | 1 | 2018-08-15-emotet-infection-traffic-with-zeus-panda-banker.pcap.zip |
|
| Details | Domain | 1 | 2018-08-16-emotet-infection-traffic-with-zeus-panda-banker.pcap.zip |
|
| Details | Domain | 1 | 2018-08-14-thru-16-malware-associated-with-emotet-infections.zip |
|
| Details | Domain | 1 | whybowl.thebotogs.com |
|
| Details | Domain | 1 | sharpconstructiontx.com |
|
| Details | Domain | 1 | akademia.gnatyshyn.pl |
|
| Details | Domain | 2 | soportek.cl |
|
| Details | Domain | 1 | duncanfalk.com |
|
| Details | Domain | 1 | psychedelicsociety.org.au |
|
| Details | Domain | 1 | theeunload.website |
|
| Details | Domain | 1 | mykeeptake.xyz |
|
| Details | Domain | 1 | mhsi.us |
|
| Details | Domain | 1 | sevenseashotel.com |
|
| Details | Domain | 1 | greatlogicsinc.com |
|
| Details | Domain | 1 | revesoft.com |
|
| Details | Domain | 1 | affolders.com |
|
| Details | Domain | 1 | impacsa.com |
|
| Details | Domain | 1 | cablesurf.de |
|
| Details | Domain | 1 | windomnet.com |
|
| Details | Domain | 455 | www.google.com |
|
| Details | Domain | 1 | ns0.centralnic.net |
|
| Details | 1 | psanford@mhsi.us |
||
| Details | 1 | chefs@sevenseashotel.com |
||
| Details | 1 | ashish@greatlogicsinc.com |
||
| Details | 1 | farhan@revesoft.com |
||
| Details | 1 | jesse@affolders.com |
||
| Details | 1 | factelectronica@impacsa.com |
||
| Details | 1 | e.wendlandt@cablesurf.de |
||
| Details | 1 | sciwindom@windomnet.com |
||
| Details | File | 1 | 2018-08-14-thru-16-emotet-malspam-9-email-examples.zip |
|
| Details | File | 38 | pcap.zip |
|
| Details | File | 1 | 2018-08-14-thru-16-malware-associated-with-emotet-infections.zip |
|
| Details | File | 1 | gnatyshyn.pl |
|
| Details | File | 7 | whoami.php |
|
| Details | File | 1 | if80406_2018_08_14.doc |
|
| Details | File | 1 | 06521887908.doc |
|
| Details | File | 1 | 011-at0212.doc |
|
| Details | File | 1 | mco891938097_2018_08_15.doc |
|
| Details | File | 1 | 9p3018_2018_08_15.doc |
|
| Details | File | 1 | 44177315677.doc |
|
| Details | sha256 | 2 | fa24a0c05815300726dd268426b28397471f067cdedcdb2f3258df75af169c28 |
|
| Details | sha256 | 1 | e6ffa5ea51404503dff2ed0a29efea67d086f4fdf8a62b63ebb0ec6935f97f60 |
|
| Details | sha256 | 1 | 280e188cb3e5e0e8b541bab6a27ddd4d22b89060dcfe03efa21ba7d2d9a1702f |
|
| Details | sha256 | 1 | 0e6ca1d86245ca02cd271555d1d776705e7f66fa52e953655eb34653b4f55997 |
|
| Details | sha256 | 1 | 713a749206310f2c848ecf477b3903475eaf8f30454ec3e2312efbba8ba674a6 |
|
| Details | sha256 | 1 | dd4ff33e8853e34480e820a3d2d11e6fc87bc75efbeebfe324664d4013dee0b0 |
|
| Details | sha256 | 1 | 45c7c91ebb315a77dd28e0092913184cb6a4a8d0387d29384b273ebf9bce9a74 |
|
| Details | sha256 | 1 | e93367edd903d593c0ed475e31e8b433a5c5eaf3ec2472a0a31c758b4a85082f |
|
| Details | sha256 | 1 | 6c08db14bf40b0244a069834b523d8aac53caab33095b7d3f744615e15661cfd |
|
| Details | sha256 | 1 | 55bdd3ff511c7751663cb3d95384fb0e583d47ab534d641f0953fda32f16dfca |
|
| Details | sha256 | 1 | 63bd976a37fe2e7cdc3e3a53bd81b21c296a23626aa8aebe34624790552f62a6 |
|
| Details | sha256 | 1 | c0101bfdea779570b17dbff46177664736788f46de6c4bcce5774a3546fdeced |
|
| Details | sha256 | 1 | 1a4ca08fb00aedb3b45ec4418539472eea22761aabe719e0e8021947305c4e6e |
|
| Details | IPv4 | 1 | 206.188.160.216 |
|
| Details | IPv4 | 1 | 195.162.24.96 |
|
| Details | IPv4 | 2 | 201.148.107.187 |
|
| Details | IPv4 | 1 | 203.94.66.109 |
|
| Details | IPv4 | 1 | 93.88.93.99 |
|
| Details | IPv4 | 1 | 130.0.236.141 |
|
| Details | IPv4 | 1 | 132.148.58.1 |
|
| Details | IPv4 | 1 | 45.76.123.144 |
|
| Details | IPv4 | 1 | 98.220.219.68 |
|
| Details | IPv4 | 1 | 65.101.77.240 |
|
| Details | IPv4 | 1 | 178.132.7.106 |
|
| Details | Url | 1 | http://whybowl.thebotogs.com/wellsfargo/commercial/aug-15-2018 |
|
| Details | Url | 1 | http://sharpconstructiontx.com/wellsfargo/business/aug-14-2018 |
|
| Details | Url | 1 | http://akademia.gnatyshyn.pl/wellsfargo/smallbusiness/aug-15-2018 |
|
| Details | Url | 1 | http://soportek.cl/fam4ezy |
|
| Details | Url | 1 | http://duncanfalk.com/wellsfargo/biz/commercial/aug-16-2018 |
|
| Details | Url | 1 | http://psychedelicsociety.org.au/3mw |
|
| Details | Url | 1 | http://206.188.160.216:443/whoami.php |