← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Excel Files Involved in a Campaign to Deliver a Fresh Emotet Trojan onto the Victim’s Device via Emails
WHITE Malware Advisory SVThreatIntel 2022-03-09 Modified: 2022-04-08
36
IOCs
MEDIUM VOLUME
Researchers captured over 500 MS Excel files that were involved in a campaign to deliver a fresh Emotet Trojan onto the victim’s device. Emotet, a modular Trojan, was first discovered in the middle of 2014. Since then, it has been continually updated. Emotet uses social engineering Emotet uses social engineering techniques to lure recipients into opening attached document files like Word, Excel, PDF, etc. Or it could be clicking links within the content of the email that download Emotet’s latest variant onto the victim’s device and then execute it.
iocs urlssample sha256Emotet Trojan
Indicators of Compromise (36)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain framemakers.us 2022-03-09
domain niplaw.com 2022-03-09
domain robertmchilespe.com 2022-03-09
domain rosevideo.net 2022-03-09
domain vbaint.com 2022-03-09
domain youlanda.org 2022-03-09
domain dadsgetinthegame.com 2022-03-09
domain missionnyc.org 2022-03-09
domain mpmcomputing.com 2022-03-09
domain robertflood.us 2022-03-09
domain rosewoodcraft.com 2022-03-09
domain smbservices.net 2022-03-09
domain stkpointers.com 2022-03-09
domain vocoptions.net 2022-03-09
FileHash-MD5 10b9fe61811c6a05b7ae672a737ab8eb MD5 of c176c2b0336ea70c0d875f5c79d00771d59891560283364a81b2ede495cde62f 2022-03-09
FileHash-MD5 1c4a5529203b02b219eb1c1e847085f0 MD5 of b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc 2022-03-09
FileHash-MD5 4a135461977253dab9ab6ebb50c0e0f3 MD5 of 68aa775ec46c8b0911542e471f9a7f39d538001bd8552898416310436f58b95a 2022-03-09
FileHash-MD5 8df81ed528bd85fcd4b554d518351646 MD5 of 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0 2022-03-09
FileHash-MD5 8fc59bbf80df6a8c65d191d36968888f MD5 of 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782 2022-03-09
FileHash-MD5 a68913f0c5e886b2bbdb5363e85ed8e7 MD5 of b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05 2022-03-09
FileHash-MD5 f88d59c872cf2ce9880b7e03f55e4b79 MD5 of 36c2119c68b3c79b58417cadea3547f8bbecd2df02feb5f04ee798dfa621b66d 2022-03-09
FileHash-SHA1 2891badad9b241b9d640e613a2918cd2d2782c78 SHA1 of 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782 2022-03-09
FileHash-SHA1 2ec6fb6b6e8a493b37685f7538976f84068d70eb SHA1 of 36c2119c68b3c79b58417cadea3547f8bbecd2df02feb5f04ee798dfa621b66d 2022-03-09
FileHash-SHA1 68823dbab5d91714ac2228681e8e455a6683a1fa SHA1 of 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0 2022-03-09
FileHash-SHA1 8037942a3a52ce020d69595755bfa1b49b1b4d51 SHA1 of c176c2b0336ea70c0d875f5c79d00771d59891560283364a81b2ede495cde62f 2022-03-09
FileHash-SHA1 9d0814994b2860289572476c1593995b0d1f9b04 SHA1 of b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05 2022-03-09
FileHash-SHA1 ccd2fb54236572a226d5c7479fbd8e4fb7d02ea8 SHA1 of 68aa775ec46c8b0911542e471f9a7f39d538001bd8552898416310436f58b95a 2022-03-09
FileHash-SHA1 fe170f7b94881bf92074e7542f0cc5fd341e7ba3 SHA1 of b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc 2022-03-09
FileHash-SHA256 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0 2022-03-09
FileHash-SHA256 36c2119c68b3c79b58417cadea3547f8bbecd2df02feb5f04ee798dfa621b66d 2022-03-09
FileHash-SHA256 68aa775ec46c8b0911542e471f9a7f39d538001bd8552898416310436f58b95a 2022-03-09
FileHash-SHA256 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782 2022-03-09
FileHash-SHA256 b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05 2022-03-09
FileHash-SHA256 b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc 2022-03-09
FileHash-SHA256 c176c2b0336ea70c0d875f5c79d00771d59891560283364a81b2ede495cde62f 2022-03-09
FileHash-SHA256 f4626135c820c4784e1452e81fe25d291ea3a6326e906a2e15ae960eea3276e4 2022-03-09
References (1)
↗ https://www.fortinet.com/blog/threat-research/ms-office-files-involved-in-emotet-trojan-campaign-pt-one