Recent phishing emails + Emotet recent sample analysis - Threat hunting with hints of incident response
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Credentials - T1589.001 Phishing - T1660 Phishing - T1566 Regsvr32 - T1218.010 Regsvr32 - T1117 |
Common Information
Type | Value |
---|---|
UUID | ea68a020-5184-43e9-b434-544d5520c2e3 |
Fingerprint | 362c80312da39fad |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Nov. 13, 2022, 1:56 p.m. |
Added to db | June 5, 2023, 11:41 a.m. |
Last updated | Dec. 23, 2024, 9:20 a.m. |
Headline | Recent phishing emails + Emotet recent sample analysis |
Title | Recent phishing emails + Emotet recent sample analysis - Threat hunting with hints of incident response |
Detected Hints/Tags/Attributes | 34/2/21 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 252 | ✔ | | Threat hunting with hints of incident response | https://threathunt.blog/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 13 | script.google.com |
|
Details | Domain | 1 | bonusbtc.online |
|
Details | Domain | 1 | moonpay.com |
|
Details | Domain | 11 | forms.gle |
|
Details | Domain | 79 | tria.ge |
|
Details | Domain | 4701 | github.com |
|
Details | Domain | 3 | threathunt.blog |
|
Details | File | 497 | regsvr32.exe |
|
Details | File | 1 | utdfnjnpqkecvxvn.exe |
|
Details | File | 1 | oialmuujnim.exe |
|
Details | File | 1 | fwbm.exe |
|
Details | File | 1 | zbtkqcoguhdnmjk.exe |
|
Details | File | 1 | c:\users\ folder connection towards public ip-addresses from regsvr32.exe |
|
Details | File | 3 | c:\\windows\\system32\\regsvr32.exe |
|
Details | Github username | 3 | jounimi |
|
Details | IPv4 | 153 | 10.0.0.0 |
|
Details | IPv4 | 94 | 172.16.0.0 |
|
Details | IPv4 | 139 | 192.168.0.0 |
|
Details | Url | 1 | https://bonusbtc.online/offbitbonus_1120/?u=4403&s=44#5d8ymdgg8e9aogu4i4dy6646769fvrls |
|
Details | Url | 1 | https://forms.gle/2fb1augjppfjdgma6#wse6qe0vda21ar8il8 |
|
Details | Url | 1 | https://github.com/jounimi/threathunt.blog/blob/main/emotet_queries. |