Recent phishing emails + Emotet recent sample analysis - Threat hunting with hints of incident response
Common Information
Type Value
UUID ea68a020-5184-43e9-b434-544d5520c2e3
Fingerprint 362c80312da39fad
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 13, 2022, 1:56 p.m.
Added to db June 5, 2023, 11:41 a.m.
Last updated Dec. 23, 2024, 9:20 a.m.
Headline Recent phishing emails + Emotet recent sample analysis
Title Recent phishing emails + Emotet recent sample analysis - Threat hunting with hints of incident response
Detected Hints/Tags/Attributes 34/2/21
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 252 | Threat hunting with hints of incident response https://threathunt.blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 13
script.google.com
Details Domain 1
bonusbtc.online
Details Domain 1
moonpay.com
Details Domain 11
forms.gle
Details Domain 79
tria.ge
Details Domain 4701
github.com
Details Domain 3
threathunt.blog
Details File 497
regsvr32.exe
Details File 1
utdfnjnpqkecvxvn.exe
Details File 1
oialmuujnim.exe
Details File 1
fwbm.exe
Details File 1
zbtkqcoguhdnmjk.exe
Details File 1
c:\users\ folder connection towards public ip-addresses from regsvr32.exe
Details File 3
c:\\windows\\system32\\regsvr32.exe
Details Github username 3
jounimi
Details IPv4 153
10.0.0.0
Details IPv4 94
172.16.0.0
Details IPv4 139
192.168.0.0
Details Url 1
https://bonusbtc.online/offbitbonus_1120/?u=4403&s=44#5d8ymdgg8e9aogu4i4dy6646769fvrls
Details Url 1
https://forms.gle/2fb1augjppfjdgma6#wse6qe0vda21ar8il8
Details Url 1
https://github.com/jounimi/threathunt.blog/blob/main/emotet_queries.