Pulse Detail — Threat Intelligence

PULSE NAME

CERT-UA

WHITE procircularinc 2022-03-09 Modified: 2022-04-08

IOCs

HIGH VOLUME

The Emotet Trojan, a malware that infects victims' devices and collects sensitive information, has been targeted again in a series of attacks, including one involving Microsoft Office files. Â

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1218 T1106 T1082 T1547 T1070 T1102 T1560 T1027 T1140 T1137 T1566

MALWARE FAMILIES

Emotet Emotet Dll

Indicators of Compromise (85)

All domain URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	framemakers.us	—	2022-03-09
domain	niplaw.com	—	2022-03-09
domain	robertmchilespe.com	—	2022-03-09
domain	rosevideo.net	—	2022-03-09
domain	vbaint.com	—	2022-03-09
domain	youlanda.org	—	2022-03-09
URL	http://vocoptions.net/cgi/ifM9R5ylbVpM8hfR/	—	2022-03-09
URL	https://framemakers.us/eln-images/U5W2IGE9m8i9h9r/	—	2022-03-09
domain	dadsgetinthegame.com	—	2022-03-09
domain	missionnyc.org	—	2022-03-09
domain	mpmcomputing.com	—	2022-03-09
domain	robertflood.us	—	2022-03-09
domain	rosewoodcraft.com	—	2022-03-09
domain	smbservices.net	—	2022-03-09
domain	stkpointers.com	—	2022-03-09
domain	vocoptions.net	—	2022-03-09
FileHash-MD5	1c4a5529203b02b219eb1c1e847085f0	MD5 of b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc	2022-03-09
FileHash-MD5	8df81ed528bd85fcd4b554d518351646	MD5 of 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0	2022-03-09
FileHash-MD5	8fc59bbf80df6a8c65d191d36968888f	MD5 of 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782	2022-03-09
FileHash-MD5	a68913f0c5e886b2bbdb5363e85ed8e7	MD5 of b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05	2022-03-09
FileHash-SHA1	2891badad9b241b9d640e613a2918cd2d2782c78	SHA1 of 9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782	2022-03-09
FileHash-SHA1	68823dbab5d91714ac2228681e8e455a6683a1fa	SHA1 of 25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0	2022-03-09
FileHash-SHA1	9d0814994b2860289572476c1593995b0d1f9b04	SHA1 of b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05	2022-03-09
FileHash-SHA1	fe170f7b94881bf92074e7542f0cc5fd341e7ba3	SHA1 of b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc	2022-03-09
FileHash-SHA256	25271bb2c848a32229ee7d39162e32f5f74580e43f5e24a93e6057f7d15524f0	—	2022-03-09
FileHash-SHA256	9c62600a0885e39bd39748150b9b64155c9ea2dbbcdd43241eb24c8e098de782	—	2022-03-09
FileHash-SHA256	b14ab6a611a93b25da2815d2071aa5b76085414bf6ad32432fc0809b3610db05	—	2022-03-09
FileHash-SHA256	b380dfc348541691e4084689405d8acfaeafddd92eff95566aff2412f620e2dc	—	2022-03-09
CVE	CVE-2019-0708	—	2022-03-09
FileHash-SHA256	a7c6abbc3241b6cfcfa27158e80bd50d3c9f1ae97e86481ccabd5b2337670690	—	2022-03-09
FileHash-SHA256	b019a867d167b6088ea18b3bd2f1a67706505aacc9542c4017e757f0381b3f0a	—	2022-03-09
URL	http://103.75.201.2:443	—	2022-03-09
URL	http://103.75.201.4:443	—	2022-03-09
URL	http://104.251.214.46:8080	—	2022-03-09
URL	http://107.182.225.142:8080	—	2022-03-09
URL	http://110.232.117.186:8080	—	2022-03-09
URL	http://119.235.255.201:8080	—	2022-03-09
URL	http://129.232.188.93:443	—	2022-03-09
URL	http://131.100.24.231:80	—	2022-03-09
URL	http://138.185.72.26:8080	—	2022-03-09
URL	http://144.76.186.49:8080	—	2022-03-09
URL	http://144.76.186.55:7080	—	2022-03-09
URL	http://153.126.203.229:8080	—	2022-03-09
URL	http://158.69.222.101:443	—	2022-03-09
URL	http://159.8.59.82:8080	—	2022-03-09
URL	http://159.89.230.105:443	—	2022-03-09
URL	http://160.16.102.168:80	—	2022-03-09
URL	http://162.214.50.39:7080	—	2022-03-09
URL	http://164.68.99.3:8080	—	2022-03-09
URL	http://173.212.193.249:8080	—	2022-03-09
URL	http://176.104.106.96:8080	—	2022-03-09
URL	http://178.128.83.165:80	—	2022-03-09
URL	http://178.79.147.66:8080	—	2022-03-09
URL	http://185.157.82.211:8080	—	2022-03-09
URL	http://185.248.140.40:443	—	2022-03-09
URL	http://195.154.133.20:443	—	2022-03-09
URL	http://203.114.109.124:443	—	2022-03-09
URL	http://212.237.17.99:8080	—	2022-03-09
URL	http://212.237.5.209:443	—	2022-03-09
URL	http://212.237.56.116:7080	—	2022-03-09
URL	http://212.24.98.99:8080	—	2022-03-09
URL	http://216.158.226.206:443	—	2022-03-09
URL	http://217.182.143.207:443	—	2022-03-09
URL	http://31.24.158.56:8080	—	2022-03-09
URL	http://41.76.108.46:8080	—	2022-03-09
URL	http://45.118.115.99:8080	—	2022-03-09
URL	http://45.142.114.231:8080	—	2022-03-09
URL	http://46.55.222.11:443	—	2022-03-09
URL	http://50.116.54.215:443	—	2022-03-09
URL	http://51.254.140.238:7080	—	2022-03-09
URL	http://58.227.42.236:80	—	2022-03-09
URL	http://81.0.236.90:443	—	2022-03-09
URL	http://82.165.152.127:8080	—	2022-03-09
URL	http://dadsgetinthegame.com/eln-images/tAAUG/	—	2022-03-09
URL	http://missionnyc.org/	—	2022-03-09
URL	http://mpmcomputing.com/fonts/fJJrjqpIY3Bt3Q/	—	2022-03-09
URL	http://niplaw.com/asolidfoundation/yCE9/	—	2022-03-09
URL	http://robertflood.us/eln-images/DGI2YOkSc99XPO/	—	2022-03-09
URL	http://robertmchilespe.com/cgi/3f/	—	2022-03-09
URL	http://rosevideo.net/eln-images/EjdCoMlY8Gy/	—	2022-03-09
URL	http://rosewoodcraft.com/Merchant2/5.00/PGqX/	—	2022-03-09
URL	http://smbservices.net/cgi/JO01ckuwd/	—	2022-03-09
URL	http://stkpointers.com/eln-images/D/	—	2022-03-09
URL	http://vbaint.com/eln-images/H2pPGte8XzENC/	—	2022-03-09
URL	https://youlanda.org/eln-images/n8DPZISf/	—	2022-03-09

References (2)

↗ https://cert.gov.ua/article/37626 ↗ https://www.fortinet.com/blog/threat-research/ms-office-files-involved-in-emotet-trojan-campaign-pt-one