← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Emotet: New Delivery Mechanism to Bypass VBA Protection
WHITE AlienVault 2022-05-10 Modified: 2022-06-09
189
IOCs
HIGH VOLUME
On April 26, 2022, a new Emotet campaign was spotted in the wild, where the usual Office delivery system was replaced with LNK files, in a clear response to the VBA protection launched by Microsoft. Researchers found 139 distinct LNK files that are part of the same campaign, delivering two distinct payloads that share the same C2 infrastructure.
emotetofficelnk filepowershell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Emotet - S0367
Indicators of Compromise (189)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 72b183fbdc98a095b9a752a6eda09543 2022-05-10
FileHash-MD5 73b22d37bca6a2a940986b05d83a1f8c 2022-05-10
FileHash-MD5 74c804e92dfc26c9a36a77d05003786e 2022-05-10
FileHash-MD5 75d993bbd6f20b5294c89ae5125c3451 2022-05-10
FileHash-MD5 76222933888757a915007c6bf4195b34 2022-05-10
FileHash-MD5 76f848289a2876e6cdc9ae6b82acea37 2022-05-10
FileHash-MD5 7b67f5c27df1ba2fb4a2843a9a24268b 2022-05-10
FileHash-MD5 7d8d6338cf47b62524b746ef9530b07f 2022-05-10
FileHash-MD5 7de652aa1aacb0f420f19414b249272e 2022-05-10
FileHash-MD5 7df58505c5ee764d63106aba714c0ac6 2022-05-10
FileHash-MD5 7ea0ca18842cf48d96cabb5c6ffaac8a 2022-05-10
FileHash-MD5 81def0831f986665041e8d6b0a6d6851 2022-05-10
FileHash-MD5 8264b890a1ffa705f8fab8ec70aeb949 2022-05-10
FileHash-MD5 84c8ca047767e599a22d59888c43c25f 2022-05-10
FileHash-MD5 866626636c2792e06ec5c4f36eb9bcc8 2022-05-10
FileHash-MD5 86dbd6d9376cec15f624685e1349dd86 2022-05-10
FileHash-MD5 870ed02715a64968b47e5cfe79486c3d 2022-05-10
FileHash-MD5 88a4dc9329e07fe4ee885171ef00796a 2022-05-10
FileHash-MD5 8937691e147ae1236b539de6303f0ca5 2022-05-10
FileHash-MD5 8a7da1dc56082a761d2fae67bff43174 2022-05-10
FileHash-MD5 8c95ea7276b5d60e18a370d9f5d7bb7f 2022-05-10
FileHash-MD5 9483b51790158f0aa2de699c2eb01cf1 2022-05-10
FileHash-MD5 9725911b9b3796f8a4c6c7cc07f800a5 2022-05-10
FileHash-MD5 9797a358c933cbfc6de234b1a457fdde 2022-05-10
FileHash-MD5 98e0400be0bfc95346e91f2315a3357b 2022-05-10
FileHash-MD5 9a1d9a2f98e9a5b04d0c48bd7bd6623f 2022-05-10
FileHash-MD5 9ab4c46c1a5e8b584bef8f082814f704 2022-05-10
FileHash-MD5 9b17d1cb0e31e7e8fe25615149f924a2 2022-05-10
FileHash-MD5 9ba42429a1320cd15fff7632817ed004 2022-05-10
FileHash-MD5 9c190e595afdd9b76e68dd6ad1716d88 2022-05-10
FileHash-MD5 9f33a35a0e697b91638de2cb3a77bb83 2022-05-10
FileHash-MD5 a2c1122bd206139857ce0175cbcadbd9 2022-05-10
FileHash-MD5 a360a7f0b7c026d862f937e13b57f1e5 2022-05-10
FileHash-MD5 a46c6f4980b892ffd445bb580a2fdc61 2022-05-10
FileHash-MD5 a4e45d28631ea2dd178f314f1362f213 2022-05-10
FileHash-MD5 a5258a9236c7fd144160ebbea5b5ff7b 2022-05-10
FileHash-MD5 a6111575b80ddd73d553781a6a780fe9 2022-05-10
FileHash-MD5 a6816426d1108fa93da2b2337e82119a 2022-05-10
FileHash-MD5 a76701287c26d386a8f5ec200dd03ff2 2022-05-10
FileHash-MD5 ac664772dc648e84aa3bec4de0c50c6c 2022-05-10
FileHash-MD5 b37002f3ac40a6ca21dfb0844548aa09 2022-05-10
FileHash-MD5 b393817f0c7f3313c92595dfc7e5cb28 2022-05-10
FileHash-MD5 b408dfb18c97cdc73f80c88dd0648cef 2022-05-10
FileHash-MD5 b58e53c6120c2f33749c4f3f31d2713d 2022-05-10
FileHash-MD5 be9474d3b1a13ec2ff36f8c930113fe5 2022-05-10
FileHash-MD5 bfc3995ae78a66b857863ad032a311ae 2022-05-10
FileHash-MD5 c408c2b483e3e308e6ecc03208b543d0 2022-05-10
FileHash-MD5 c86628469810b09397c728271b7b0077 2022-05-10
FileHash-MD5 ca16cce68abd5ba9aa7eca6c4a2406f2 2022-05-10
FileHash-MD5 cbfd11a0521f024dbdfec5b994c99ea7 2022-05-10
FileHash-MD5 cc81d4491bfb3913a11375f2df58932f 2022-05-10
FileHash-MD5 ccee3d4a72733e7329fff109522e5d3f 2022-05-10
FileHash-MD5 d1a20f6df5dbbfe754022854c9ee0fd9 2022-05-10
FileHash-MD5 d1a288f0ec71789621d1f6cce42973c8 2022-05-10
FileHash-MD5 d1f00a08ecedd4aed664f5a0fb74f387 2022-05-10
FileHash-MD5 d29e5791840a6d68aa9d62fb9df30c0a 2022-05-10
FileHash-MD5 d2b90fa83209f7ca05d743c037f1f78c 2022-05-10
FileHash-MD5 d7d1b0f573a600badaaf3b5ef0f62ddd 2022-05-10
FileHash-MD5 de6e5849742f5b69af8ed50191cbd0b7 2022-05-10
FileHash-MD5 e0c70a79b9c6f889e045109a6130d099 2022-05-10
FileHash-MD5 e2e8813cbd75e316742489b35b7ac635 2022-05-10
FileHash-MD5 e37121822e035316e6a102997d9b79f2 2022-05-10
FileHash-MD5 e3ba32754584b12786bc842a0555c74d 2022-05-10
FileHash-MD5 e5afe154d63a793ebba9be93e13f62a6 2022-05-10
FileHash-MD5 e82abc3b442ca4828d84ebaa3f070246 2022-05-10
FileHash-MD5 e8840ce13dac2fc743a9eed99633e97c 2022-05-10
FileHash-MD5 e896bef25819be294d93856f29b21606 2022-05-10
FileHash-MD5 ebce3b10d485d4fde09166282e9c18cf 2022-05-10
FileHash-MD5 f00a7a1ef719f6ee45fddc42b8e0e71a 2022-05-10
FileHash-MD5 f12d0eec899b636e0671b3b1afa8f419 2022-05-10
FileHash-MD5 f139a413a37a45803410fbe8f85ca8eb 2022-05-10
FileHash-MD5 f2cd5576ab917f2e24fa6d09961a447f 2022-05-10
FileHash-MD5 f3694c914af7e627fe2cb3c09d6f684a 2022-05-10
FileHash-MD5 f9b88463261a471e2ba8dd5a375444c9 2022-05-10
FileHash-MD5 fa15b97a6bb4d34e84dfb060b7114a5d 2022-05-10
FileHash-MD5 fb92c86a07261f0485c998ead6466985 2022-05-10
FileHash-MD5 fee8b8364d4e51b81bc2588310e1aee8 2022-05-10
FileHash-MD5 ff942b936242769123c61b5b76a4c7ad 2022-05-10
FileHash-SHA1 1e6d771a94ae9a088a8a9dc8f13aafc5e10b0c73 SHA1 of 86dbd6d9376cec15f624685e1349dd86 2022-05-10
FileHash-SHA1 442a9610159667b859d71fe00ec914fb5ee36172 SHA1 of 4bfe548ba98a21c96cca84961e350f7b 2022-05-10
FileHash-SHA1 57dced0d991d252c2b9798671f214f7577c0bed7 SHA1 of e37121822e035316e6a102997d9b79f2 2022-05-10
FileHash-SHA1 65bd89a19283987f044be9481892c610b7523057 SHA1 of 5b05a0ca1cbdbecaaf314bc2e3021b2a 2022-05-10
FileHash-SHA1 6aafb775a20f018771dd7a9a3491a7d24d5d55c5 SHA1 of f00a7a1ef719f6ee45fddc42b8e0e71a 2022-05-10
FileHash-SHA1 77bde2b94f6a30be930371e81a27ddb297c46c5e SHA1 of ebce3b10d485d4fde09166282e9c18cf 2022-05-10
FileHash-SHA1 8548173b1d3bf160ab2f72f737795bd61f46c6c2 SHA1 of 59b46d7b8ca590cb98da5935793c18f7 2022-05-10
FileHash-SHA1 905d2a98c82ed7e3282ce427496a756bb046f6ef SHA1 of 8c95ea7276b5d60e18a370d9f5d7bb7f 2022-05-10
FileHash-SHA1 ae542b3b199f0cdaa064488941d0241d6562b4df SHA1 of d1a288f0ec71789621d1f6cce42973c8 2022-05-10
FileHash-SHA1 b3e411cbb58b2175327bc303201728f45cb2b462 SHA1 of a6816426d1108fa93da2b2337e82119a 2022-05-10
FileHash-SHA1 bbe0babe8682874b72126aa3978b7a38906403ae SHA1 of 8264b890a1ffa705f8fab8ec70aeb949 2022-05-10
FileHash-SHA1 d267a4f2aae10824b029e52fa625f12163f5ce41 SHA1 of 7d8d6338cf47b62524b746ef9530b07f 2022-05-10
FileHash-SHA1 dd43238a93d85da2ad6d1e4af57bccc1c837ad2d SHA1 of 21a6a4be4803c29fdd889b4ffa421c84 2022-05-10
FileHash-SHA1 e6065c15b6c0170d1d0a22f6b975bb2443c9c173 SHA1 of 0b9b51ba82e6bf7fcfcb695bea8e1267 2022-05-10
FileHash-SHA1 fd0ca7e15be33e44217f09e5c8617fb99e853218 SHA1 of 2d67580a7adaba0a9712fcdc1e891857 2022-05-10
FileHash-SHA256 11c725a1b42b18bf76b7e3d585eb00bedef28dba4b35e13111b6b5b559d00d82 SHA256 of 7d8d6338cf47b62524b746ef9530b07f 2022-05-10
FileHash-SHA256 20026ee7e955931fc5fc44c8a608f9dfe21e44e029b282d3c80bbea3e381bdc3 SHA256 of 21a6a4be4803c29fdd889b4ffa421c84 2022-05-10
FileHash-SHA256 2516525ce1df9db108d86a36fefd3d98e45ff831d47b12064b687d1198968406 SHA256 of 4bfe548ba98a21c96cca84961e350f7b 2022-05-10
FileHash-SHA256 3903abb689588b9f3b25ef058538652c9c03aec7ec0c4a06c88b8cd271bfa6ad SHA256 of 0b9b51ba82e6bf7fcfcb695bea8e1267 2022-05-10
FileHash-SHA256 6bdac750fd1885696ffaf5dd38806c8f7bff2c8bc706421c9b4f0c2b0a9d8520 SHA256 of f00a7a1ef719f6ee45fddc42b8e0e71a 2022-05-10
FileHash-SHA256 9961fe48bb7ef789afe8193482bbc39241ff6fa005b4b00146f233fad7be72e5 SHA256 of 8264b890a1ffa705f8fab8ec70aeb949 2022-05-10
FileHash-SHA256 a0f4813e8bfd1ec7850dd61f39be5e62c98a1fdd71e98d29e3d19a534096394d SHA256 of e37121822e035316e6a102997d9b79f2 2022-05-10
FileHash-SHA256 aaf7d4c5b41878a34d8c0439c9cf1f95dec98cc6be4b6723506813fbc439b432 SHA256 of a6816426d1108fa93da2b2337e82119a 2022-05-10
FileHash-SHA256 b9a6c34d896e0322fd523dcc9da7290c18266c55b0d0f78c6fee7b046dbca924 SHA256 of 5b05a0ca1cbdbecaaf314bc2e3021b2a 2022-05-10
FileHash-SHA256 bfe95b17c9da49a20da5b5b3f9b0c83ef4c6c03e143215d0b2f6a626fd7e3daa SHA256 of 59b46d7b8ca590cb98da5935793c18f7 2022-05-10
FileHash-SHA256 c46ff8a85ba49067aa64cab183e4ad765a7c90497d0abfe393c2de7f968b6915 SHA256 of 2d67580a7adaba0a9712fcdc1e891857 2022-05-10
FileHash-SHA256 c7480dfe7bf64bea19d43f623793a40880b084c2564f27693b22da87a72e796e SHA256 of 8c95ea7276b5d60e18a370d9f5d7bb7f 2022-05-10
FileHash-SHA256 d9d4ae5e5afd2b161961916a01198679a076cd6cbb63d3fa1aa5e7b18514e4ef SHA256 of d1a288f0ec71789621d1f6cce42973c8 2022-05-10
FileHash-SHA256 ddac6350c788c407c7bfd6207471c3f0157bad12c1e525af293ee537ed49c3e5 SHA256 of 86dbd6d9376cec15f624685e1349dd86 2022-05-10
FileHash-SHA256 fd656a657cc92f3015b96b89d170a9e9dbb55e9b689fbefd4a0a0304be47cd0b SHA256 of ebce3b10d485d4fde09166282e9c18cf 2022-05-10
URL http://1.234.2.232:8080 2022-05-10
URL http://1.234.21.73:7080 2022-05-10
URL http://101.50.0.91:8080 2022-05-10
URL http://103.132.242.26:8080 2022-05-10
URL http://103.43.46.182:443 2022-05-10
URL http://103.70.28.102:8080 2022-05-10
URL http://103.75.201.2:443 2022-05-10
URL http://104.168.154.79:8080 2022-05-10
URL http://107.182.225.142:8080 2022-05-10
URL http://110.232.117.186:8080 2022-05-10
URL http://119.193.124.41:7080 2022-05-10
URL http://129.232.188.93:443 2022-05-10
URL http://131.100.24.231:80 2022-05-10
URL http://134.122.66.193:8080 2022-05-10
URL http://134.195.212.50:7080 2022-05-10
URL http://138.197.147.101:443 2022-05-10
URL http://138.201.142.73:8080 2022-05-10
URL http://146.59.226.45:443 2022-05-10
URL http://151.106.112.196:8080 2022-05-10
URL http://153.126.146.25:7080 2022-05-10
URL http://158.69.222.101:443 2022-05-10
URL http://159.65.88.10:8080 2022-05-10
URL http://160.16.142.56:8080 2022-05-10
URL http://164.68.99.3:8080 2022-05-10
URL http://167.172.253.162:8080 2022-05-10
URL http://167.99.115.35:8080 2022-05-10
URL http://172.104.251.154:8080 2022-05-10
URL http://173.212.193.249:8080 2022-05-10
URL http://176.104.106.96:8080 2022-05-10
URL http://176.31.73.90:443 2022-05-10
URL http://183.111.227.137:8080 2022-05-10
URL http://185.157.82.211:8080 2022-05-10
URL http://185.4.135.165:8080 2022-05-10
URL http://185.8.212.130:7080 2022-05-10
URL http://187.84.80.182:443 2022-05-10
URL http://188.44.20.25:443 2022-05-10
URL http://189.126.111.200:7080 2022-05-10
URL http://196.218.30.83:443 2022-05-10
URL http://197.242.150.244:8080 2022-05-10
URL http://201.94.166.162:443 2022-05-10
URL http://203.114.109.124:443 2022-05-10
URL http://206.189.28.199:8080 2022-05-10
URL http://209.126.98.206:8080 2022-05-10
URL http://209.250.246.206:443 2022-05-10
URL http://209.97.163.214:443 2022-05-10
URL http://212.237.17.99:8080 2022-05-10
URL http://212.24.98.99:8080 2022-05-10
URL http://216.158.226.206:443 2022-05-10
URL http://27.54.89.58:8080 2022-05-10
URL http://45.118.115.99:8080 2022-05-10
URL http://45.176.232.124:443 2022-05-10
URL http://45.235.8.30:8080 2022-05-10
URL http://45.76.159.214:8080 2022-05-10
URL http://46.55.222.11:443 2022-05-10
URL http://5.9.116.246:8080 2022-05-10
URL http://50.30.40.196:8080 2022-05-10
URL http://51.254.140.238:7080 2022-05-10
URL http://51.91.7.5:8080 2022-05-10
URL http://51.91.76.89:8080 2022-05-10
URL http://58.227.42.236:80 2022-05-10
URL http://72.15.201.15:8080 2022-05-10
URL http://77.81.247.144:8080 2022-05-10
URL http://79.137.35.198:8080 2022-05-10
URL http://7gallery.com/bbeauty_download/HpOjrjExAb6PY/ 2022-05-10
URL http://82.165.152.127:8080 2022-05-10
URL http://91.207.28.33:8080 2022-05-10
URL http://94.23.45.86:4143 2022-05-10
URL http://clubmanager.net.ar/prueba/7llR9qWfQdqlnImliUE/ 2022-05-10
URL http://e5web.com.br/wp-content/4TPDUppb/ 2022-05-10
URL http://farschid.de/verkaufsberater_service/uADJw/ 2022-05-10
URL http://focusmedica.in/fmlib/IxBABMh0I2cLM3qq1GVv/ 65a3dfcf0e2b666b401dc6284fd743edaffb50ef919f4e46bfa58792aaebe494 2022-05-10
URL https://creemo.pl/wp-admin/ZKS1DcdquUT4Bb8Kb/ 5b13fb5957b84ef7bb9d0b6cd509c947ff6a37d67efdac2b896ddd3b908aad10 2022-05-10
URL https://dwwmaster.com/wp-content/tfNs1crHYZd6F5/ 2022-05-10
URL https://kupondigital.stormapp.in/mido-nicu/9NSRCfZB/ 6bdac750fd1885696ffaf5dd38806c8f7bff2c8bc706421c9b4f0c2b0a9d8520 2022-05-10
domain 7gallery.com 2022-05-10
domain clubmanager.net.ar 2022-05-10
domain creemo.pl 2022-05-10
domain dwwmaster.com 2022-05-10
domain e5web.com.br 2022-05-10
domain farschid.de 2022-05-10
hostname kupondigital.stormapp.in 2022-05-10
References (2)
↗ https://www.netskope.com/blog/emotet-new-delivery-mechanism-to-bypass-vba-protection ↗ https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Emotet/IOCs/2022-05-06