← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
MS Office Files Involved Again in Recent Emotet Trojan Campaign
WHITE AlienVault 2022-03-08 Modified: 2022-04-07
84
IOCs
HIGH VOLUME
Recently, Fortinet’s FortiGuard Labs captured more than 500 Microsoft Excel files that were involved in a campaign to deliver a fresh Emotet Trojan onto the victim’s device. Emotet, known as a modular Trojan, was first discovered in the middle of 2014. Since then, it has become very active, continually updating itself. It has also been highlighted in cybersecurity news from time to time. Emotet uses social engineering, like email, to lure recipients into opening attached document files (including Word, Excel, PDF, etc.) or clicking links within the content of the email that download Emotet’s latest variant onto the victim’s device and then execute it.
EmotetTrojanMS OfficeMalicious documentVBSPowerShell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Emotet
Indicators of Compromise (84)
All domain URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain framemakers.us 2022-03-08
domain niplaw.com 2022-03-08
domain robertmchilespe.com 2022-03-08
domain rosevideo.net 2022-03-08
domain vbaint.com 2022-03-08
domain youlanda.org 2022-03-08
URL http://vocoptions.net/cgi/ifM9R5ylbVpM8hfR/ 2022-03-08
URL https://framemakers.us/eln-images/U5W2IGE9m8i9h9r/ 2022-03-08
domain dadsgetinthegame.com 2022-03-08
domain missionnyc.org 2022-03-08
domain mpmcomputing.com 2022-03-08
domain robertflood.us 2022-03-08
domain rosewoodcraft.com 2022-03-08
domain smbservices.net 2022-03-08
domain stkpointers.com 2022-03-08
domain vocoptions.net 2022-03-08
FileHash-MD5 1c4a5529203b02b219eb1c1e847085f0 MD5 of b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc 2022-03-08
FileHash-MD5 8df81ed528bd85fcd4b554d518351646 MD5 of 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0 2022-03-08
FileHash-MD5 8fc59bbf80df6a8c65d191d36968888f MD5 of 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782 2022-03-08
FileHash-MD5 a68913f0c5e886b2bbdb5363e85ed8e7 MD5 of b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05 2022-03-08
FileHash-SHA1 2891badad9b241b9d640e613a2918cd2d2782c78 SHA1 of 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782 2022-03-08
FileHash-SHA1 68823dbab5d91714ac2228681e8e455a6683a1fa SHA1 of 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0 2022-03-08
FileHash-SHA1 9d0814994b2860289572476c1593995b0d1f9b04 SHA1 of b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05 2022-03-08
FileHash-SHA1 fe170f7b94881bf92074e7542f0cc5fd341e7ba3 SHA1 of b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc 2022-03-08
FileHash-SHA256 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0 2022-03-08
FileHash-SHA256 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782 2022-03-08
FileHash-SHA256 b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05 2022-03-08
FileHash-SHA256 b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc 2022-03-08
FileHash-SHA256 a7c6abbc3241b6cfcfa27158e80bd50d3c9f1ae97e86481ccabd5b2337670690 2022-03-08
FileHash-SHA256 b019a867d167b6088ea18b3bd2f1a67706505aacc9542c4017e757f0381b3f0a 2022-03-08
URL http://103.75.201.2:443 2022-03-08
URL http://103.75.201.4:443 2022-03-08
URL http://104.251.214.46:8080 2022-03-08
URL http://107.182.225.142:8080 2022-03-08
URL http://110.232.117.186:8080 2022-03-08
URL http://119.235.255.201:8080 2022-03-08
URL http://129.232.188.93:443 2022-03-08
URL http://131.100.24.231:80 2022-03-08
URL http://138.185.72.26:8080 2022-03-08
URL http://144.76.186.49:8080 2022-03-08
URL http://144.76.186.55:7080 2022-03-08
URL http://153.126.203.229:8080 2022-03-08
URL http://158.69.222.101:443 2022-03-08
URL http://159.8.59.82:8080 2022-03-08
URL http://159.89.230.105:443 2022-03-08
URL http://160.16.102.168:80 2022-03-08
URL http://162.214.50.39:7080 2022-03-08
URL http://164.68.99.3:8080 2022-03-08
URL http://173.212.193.249:8080 2022-03-08
URL http://176.104.106.96:8080 2022-03-08
URL http://178.128.83.165:80 2022-03-08
URL http://178.79.147.66:8080 2022-03-08
URL http://185.157.82.211:8080 2022-03-08
URL http://185.248.140.40:443 2022-03-08
URL http://195.154.133.20:443 2022-03-08
URL http://203.114.109.124:443 2022-03-08
URL http://212.237.17.99:8080 2022-03-08
URL http://212.237.5.209:443 2022-03-08
URL http://212.237.56.116:7080 2022-03-08
URL http://212.24.98.99:8080 2022-03-08
URL http://216.158.226.206:443 2022-03-08
URL http://217.182.143.207:443 2022-03-08
URL http://31.24.158.56:8080 2022-03-08
URL http://41.76.108.46:8080 2022-03-08
URL http://45.118.115.99:8080 2022-03-08
URL http://45.142.114.231:8080 2022-03-08
URL http://46.55.222.11:443 2022-03-08
URL http://50.116.54.215:443 2022-03-08
URL http://51.254.140.238:7080 2022-03-08
URL http://58.227.42.236:80 2022-03-08
URL http://81.0.236.90:443 2022-03-08
URL http://82.165.152.127:8080 2022-03-08
URL http://dadsgetinthegame.com/eln-images/tAAUG/ 2022-03-08
URL http://missionnyc.org/ 2022-03-08
URL http://mpmcomputing.com/fonts/fJJrjqpIY3Bt3Q/ 2022-03-08
URL http://niplaw.com/asolidfoundation/yCE9/ 2022-03-08
URL http://robertflood.us/eln-images/DGI2YOkSc99XPO/ 2022-03-08
URL http://robertmchilespe.com/cgi/3f/ 2022-03-08
URL http://rosevideo.net/eln-images/EjdCoMlY8Gy/ 2022-03-08
URL http://rosewoodcraft.com/Merchant2/5.00/PGqX/ 2022-03-08
URL http://smbservices.net/cgi/JO01ckuwd/ 2022-03-08
URL http://stkpointers.com/eln-images/D/ 2022-03-08
URL http://vbaint.com/eln-images/H2pPGte8XzENC/ 2022-03-08
URL https://youlanda.org/eln-images/n8DPZISf/ 2022-03-08
References (1)
↗ https://www.fortinet.com/blog/threat-research/ms-office-files-involved-in-emotet-trojan-campaign-pt-one