ioc[.]one - OSINT Cyber Threat Intelligence Database

Emotet Returns, Now Adopts Binary Padding for Evasion

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Binary Padding - T1027.001 Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Binary Padding - T1009 Regsvr32 - T1117

Show in Graph

Common Information

Type	Value
UUID	eae73c11-4e69-4a91-afbf-f94f9697f844
Fingerprint	a29828112f750f0f
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 13, 2023, midnight
Added to db	Oct. 15, 2024, 3:33 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Emotet Returns, Now Adopts Binary Padding for Evasion
Title	Emotet Returns, Now Adopts Binary Padding for Evasion
Detected Hints/Tags/Attributes	37/2/16

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_hk/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_ph/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_nl/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_dk/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_ie/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_th/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_ae/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_se/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_be/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_id/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_ca/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_no/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html
Details	Source	https://www.trendmicro.com/en_fi/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		midcoastsupplies.com.au
Details	Domain	2		mtp.evotek.vn
Details	Domain	2		www.189dom.com
Details	Domain	3		esentai-gourmet.kz
Details	Domain	2		www.snaptikt.com
Details	Domain	2		diasgallery.com
Details	File	459		regsvr32.exe
Details	File	226		certutil.exe
Details	IPv4	4		139.219.4.166
Details	Url	2		https://midcoastsupplies.com.au/confignqs/es2oe4geh7fbz
Details	Url	2		http://mtp.evotek.vn/wp-content/l
Details	Url	2		http://www.189dom.com/xue80/c0ajr5tfi5pvi8m
Details	Url	2		https://esentai-gourmet.kz/404/edt0f
Details	Url	4		http://139.219.4.166/wp-includes/xxrrajtiutdhn7n13
Details	Url	2		https://www.snaptikt.com/wp-includes/am4cz6wp2k4sfq
Details	Url	2		https://diasgallery.com:443/about/r