Pulse Detail — Threat Intelligence

PULSE NAME

Dead or Alive? An Emotet Story

WHITE VertekLabs 2022-09-16 Modified: 2022-10-16

135

IOCs

HIGH VOLUME

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1018 T1021 T1055 T1059 T1069 T1071 T1082 T1087 T1135 T1204 T1218 T1482 T1547 T1550 T1558 T1559 T1566 T1567 T1570

Indicators of Compromise (135)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 SSLCertFingerprint URL YARA domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	066c972d2129d0e167d371a0abfcf03b	—	2022-09-16
FileHash-MD5	27d0b9e38cdc9a31fa9271c0bbf5d393	—	2022-09-16
FileHash-MD5	4e03b8b675969416fb0d10e8ab11f7c2	—	2022-09-16
FileHash-MD5	592155bbbab05ac1f818cfd9eb53b672	—	2022-09-16
FileHash-MD5	72a589da586844d7f0818ce684948eea	—	2022-09-16
FileHash-MD5	9b02dd2a1a15e94922be3f85129083ac	MD5 of b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682	2022-09-16
FileHash-MD5	acd3d4e8f63f52eaf57467a76ca2389d	MD5 of 4a42b5e7e7fd43ddefc856f45bb95d97656ddca6	2022-09-16
FileHash-MD5	adf2b487134ffcd7999e419318dfdf8d	—	2022-09-16
FileHash-MD5	bcf185f1308ffd9e4249849d206d9d0c	—	2022-09-16
FileHash-MD5	c96b2b5b52ef0013b841d136ddab0f49	—	2022-09-16
FileHash-MD5	d1aef4e37a548a43a95d44bd2f8c0afc	—	2022-09-16
FileHash-MD5	e051009b12b37c7ee16e810c135f1fef	MD5 of 5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b	2022-09-16
FileHash-MD5	e984f812689ec7af136a151a19b2d56c	—	2022-09-16
FileHash-MD5	f176ba63b4d68e576b5ba345bec2c7b7	—	2022-09-16
FileHash-SHA1	04f72b9e78f196544f8f1331b4d9158df34d7ecf	—	2022-09-16
FileHash-SHA1	068d312cfd18e156aa33ab27f8c2a4a802b5b416	—	2022-09-16
FileHash-SHA1	22cc2bc032ae327de9f975e9122b692e4474ac15	—	2022-09-16
FileHash-SHA1	2cb6ff75b38a3f24f3b60a2742b6f4d6027f0f2a	SHA1 of b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682	2022-09-16
FileHash-SHA1	415b27cd03d3d701a202924c26d25410ea0974d7	SHA1 of 5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b	2022-09-16
FileHash-SHA1	4a42b5e7e7fd43ddefc856f45bb95d97656ddca6	—	2022-09-16
FileHash-SHA1	4e3fc80ee84e190c88bd93e8000513498d9ca248	—	2022-09-16
FileHash-SHA1	756620702606bacfe4f6141d5f9e90579c2c55e5	—	2022-09-16
FileHash-SHA1	8041ab5130ff8f4d44a9fd9454670f329d2727bc	—	2022-09-16
FileHash-SHA1	82070d19c26e0f7e255168e1f2364174215aa0de	—	2022-09-16
FileHash-SHA1	88591ad3806c0a1e451c744d4942e99e9a5d2ff7	—	2022-09-16
FileHash-SHA1	91c54877440d14538be22d662e7f47e29ab219bf	—	2022-09-16
FileHash-SHA1	b4cb047ae720b37b11f8506de7965dc29d5920be	—	2022-09-16
FileHash-SHA1	e07b2f115b47d325c4db4d5dbf63750410def346	—	2022-09-16
FileHash-SHA1	e10fa684bdd0254b5ba5102feae293b8564f4628	—	2022-09-16
FileHash-SHA1	e96980812c287c9d27be9181bcf08727cc9f457a	—	2022-09-16
FileHash-SHA256	1b9c9e4ed6dab822b36e3716b1e8f046e92546554dff9bdbd18c822e18ab226b	—	2022-09-16
FileHash-SHA256	2b2e00ed89ce6898b9e58168488e72869f8e09f98fecb052143e15e98e5da9df	—	2022-09-16
FileHash-SHA256	5a5c601ede80d53e87e9ccb16b3b46f704e63ec7807e51f37929f65266158f4c	—	2022-09-16
FileHash-SHA256	5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b	—	2022-09-16
FileHash-SHA256	76bfb4a73dc0d3f382d3877a83ce62b50828f713744659bb21c30569d368caf8	—	2022-09-16
FileHash-SHA256	b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682	—	2022-09-16
FileHash-SHA256	e598b9700e13f2cb1c30c6d9230152ed5716a6d6e25db702576fefeb6638005e	SHA256 of 4a42b5e7e7fd43ddefc856f45bb95d97656ddca6	2022-09-16
FileHash-SHA256	f4c085ef1ba7e78a17a9185e4d5e06163fe0e39b6b0dc3088b4c1ed11c0d726b	—	2022-09-16
FileHash-SHA256	fd72a9313f8564b57ebd18791a438216d289d4a97df3f860f1fc585a001265d9	—	2022-09-16
SSLCertFingerprint	66:f7:4c:f9:56:5d:fe:15:a6:8c:62:b9:3d:72:cb:8e:c9:e9:89:02	—	2022-09-16
URL	http://103.133.214.242/	—	2022-09-16
URL	http://103.133.214.242:8080/	—	2022-09-16
URL	http://103.41.204.169/	—	2022-09-16
URL	http://103.41.204.169:8080/	—	2022-09-16
URL	http://103.42.58.120/	—	2022-09-16
URL	http://103.42.58.120:7080/	—	2022-09-16
URL	http://103.56.149.105/	—	2022-09-16
URL	http://103.56.149.105:8080/	—	2022-09-16
URL	http://103.8.26.17/	—	2022-09-16
URL	http://103.8.26.17:8080	—	2022-09-16
URL	http://103.8.26.17:8080/	—	2022-09-16
URL	http://104.248.225.227/	—	2022-09-16
URL	http://104.248.225.227:8080/	—	2022-09-16
URL	http://110.235.83.107/	—	2022-09-16
URL	http://110.235.83.107:7080/	—	2022-09-16
URL	http://116.124.128.206/	—	2022-09-16
URL	http://116.124.128.206:8080/	—	2022-09-16
URL	http://118.98.72.86/	—	2022-09-16
URL	http://134.122.119.23/	—	2022-09-16
URL	http://134.122.119.23:8080	—	2022-09-16
URL	http://134.122.119.23:8080/	—	2022-09-16
URL	http://139.196.72.155:8080/	—	2022-09-16
URL	http://159.69.237.188/	—	2022-09-16
URL	http://175.126.176.79/	—	2022-09-16
URL	http://175.126.176.79:8080/	—	2022-09-16
URL	http://185.148.168.220/	—	2022-09-16
URL	http://185.148.168.220:8080/	—	2022-09-16
URL	http://188.225.32.231/	—	2022-09-16
URL	http://188.225.32.231:4143/	—	2022-09-16
URL	http://190.90.233.66/	—	2022-09-16
URL	http://194.9.172.107/	—	2022-09-16
URL	http://194.9.172.107:8080/	—	2022-09-16
URL	http://195.154.146.35/	—	2022-09-16
URL	http://195.77.239.39/	—	2022-09-16
URL	http://195.77.239.39:8080/	—	2022-09-16
URL	http://196.44.98.190/	—	2022-09-16
URL	http://196.44.98.190:8080/	—	2022-09-16
URL	http://202.134.4.210/	—	2022-09-16
URL	http://202.134.4.210:7080/	—	2022-09-16
URL	http://202.28.34.99/	—	2022-09-16
URL	http://202.28.34.99:8080/	—	2022-09-16
URL	http://202.29.239.162/	—	2022-09-16
URL	http://202.29.239.162:443	—	2022-09-16
URL	http://203.153.216.46/	—	2022-09-16
URL	http://207.148.81.119/	—	2022-09-16
URL	http://207.148.81.119:8080/	—	2022-09-16
URL	http://210.57.209.142/	—	2022-09-16
URL	http://210.57.209.142:8080/	—	2022-09-16
URL	http://217.182.143.207/	—	2022-09-16
URL	http://36.67.23.59/	—	2022-09-16
URL	http://37.44.244.177/	—	2022-09-16
URL	http://37.44.244.177:8080/	—	2022-09-16
URL	http://37.59.209.141/	—	2022-09-16
URL	http://37.59.209.141:8080/	—	2022-09-16
URL	http://45.71.195.104:8080/	—	2022-09-16
URL	http://5.56.132.177:8080/	—	2022-09-16
URL	http://51.68.141.164:8080/	—	2022-09-16
URL	http://54.37.106.167:8080/	—	2022-09-16
URL	http://54.37.228.122/	—	2022-09-16
URL	http://54.38.143.246/	—	2022-09-16
URL	http://54.38.143.246:7080	—	2022-09-16
URL	http://54.38.143.246:7080/	—	2022-09-16
URL	http://54.38.242.185/	—	2022-09-16
URL	http://59.148.253.194/	—	2022-09-16
URL	http://59.95.98.204:8080	—	2022-09-16
URL	http://59.95.98.204:8080/jquery-3.3.1.min.js	—	2022-09-16
URL	http://62.171.178.147:8080/	—	2022-09-16
URL	http://66.42.57.149/	—	2022-09-16
URL	http://68.183.91.111/	—	2022-09-16
URL	http://68.183.91.111:8080/	—	2022-09-16
URL	http://68.183.93.250/	—	2022-09-16
URL	http://78.46.73.125/	—	2022-09-16
URL	http://78.47.204.80/	—	2022-09-16
URL	http://85.214.67.203/	—	2022-09-16
URL	http://85.214.67.203:8080/	—	2022-09-16
URL	http://85.25.120.45/	—	2022-09-16
URL	http://85.25.120.45:8080/	—	2022-09-16
URL	http://87.106.97.83/	—	2022-09-16
URL	http://87.106.97.83:7080/	—	2022-09-16
URL	http://88.217.172.165/	—	2022-09-16
URL	http://88.217.172.165:8080/	—	2022-09-16
URL	http://93.104.209.107/	—	2022-09-16
URL	http://93.104.209.107:8080/	—	2022-09-16
YARA	1d524a3fbe7f8fe0e8863c4512f3bfc96b814243	Find.bat using AdFind	2022-09-16
YARA	4040dc97dad1e643851510997def0a5d5a7675fc	Find.bat using AdFind	2022-09-16
YARA	77f4fd149ecbfcf2f282abe4154bf2adb727aeaf	32.dll	2022-09-16
YARA	865150dd5da0d6e55b9492798a436ba442666fa4	UOmCgbXygCe.exe	2022-09-16
YARA	fc97a6a4c8b6a3839709ead5acfd7412a89ece52	Finding bat files that is used for enumeration	2022-09-16
domain	borgelin.org	—	2022-09-16
domain	bosny.com	—	2022-09-16
domain	joeware.net	—	2022-09-16
domain	loa-hk.com	—	2022-09-16
domain	lopespublicidade.com	—	2022-09-16
domain	praachichemfood.com	—	2022-09-16
domain	seasidesolutions.com	—	2022-09-16

References (1)

↗ https://thedfirreport.com/2022/09/12/dead-or-alive-an-emotet-story/