Pulse Detail — Threat Intelligence

PULSE NAME

Emotet coming in hot

WHITE AlienVault 2022-11-09 Modified: 2022-12-09

2462

IOCs

HIGH VOLUME

Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto Open macros inside XLS documents. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027 T1547 T1566 T1204 T1047 T1040 T1057 T1210 T1560 T1571 T1041 T1036

MALWARE FAMILIES

Emotet

Indicators of Compromise (19 / 2462 total)

All URL domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	01afd5adf2ff8286ef400793fa58edad	MD5 of ed01d2c050fa67d21b9f27cf7cd49f5ea8b45476ddd7387ed9f786752947f097	2022-11-09
FileHash-MD5	18252d898a785e916760be3e63c29a78	MD5 of 8c3cfdd7e1e162129eedf2c3d9f6f63c133622bfe5d04bccbd823486a85b69ed	2022-11-09
FileHash-MD5	2486374800299563ab8934122234242a	MD5 of ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c	2022-11-09
FileHash-MD5	3863553af85106a0fef36a939e948c64	MD5 of 985e875e86cf5be71b871302d42aa7a7b09f3f2d528f9ea7b8b2c5f50d0ba34e	2022-11-09
FileHash-MD5	4b6abed86c2bea68614ec1d7a9008e0e	MD5 of 74e71137617fdfb20a525df4a76dd95fc0d630a8ea930cf9287ec29e183d0585	2022-11-09
FileHash-MD5	4eabe4d0b97feacfeee7212ca309be13	MD5 of 2b9e253192c68bc69638043a5901d7753a9985a431738f0b22c7efea3e24bdea	2022-11-09
FileHash-MD5	6493581b246b731e4937fbee64a68803	MD5 of 199a2e0e1bb46a5dd8eb3a58aa55de157f6005c65b70245e71cecec4905cc2c0	2022-11-09
FileHash-MD5	65d9d5c0a65355b62f967c57fa830348	MD5 of 76323e3a53815b76193d22984da10a9d492d934d49a611fd541e7a78a88cf3c9	2022-11-09
FileHash-MD5	681e7b5cd1c127370846410c50be3808	MD5 of 3f19ef955f27b286cc7bb49329c75d7d70047f30c2852fb24d47131cacad9e81	2022-11-09
FileHash-MD5	7028a3a564c7c5037708cd1de96dd3b9	MD5 of 662fb33e2ca5158c0d644c6a2fca0717bc55a164838d287aede4f576dc9fe7e1	2022-11-09
FileHash-MD5	733bb4c5c74fc1010e70e776f5180456	MD5 of 86262511ab7e41a2940ac3fd15148d29aa56eb2dab3653917bd70964cdf50fbe	2022-11-09
FileHash-MD5	864cdd87b945c4e9128c4c33a593adee	MD5 of 7ccdf928121e5547f70de1eda03b06fc5c5d4bbc778ea0ca2db4ccac77e573ad	2022-11-09
FileHash-MD5	893f9b10a48073fc3fa0d5c8867f7200	MD5 of 1c5f2ca9839078742383b207721ce92fdfa70ac50e5d7b73c2488d47f7e5ebac	2022-11-09
FileHash-MD5	97443a20d7b0dc4a3407cd7015fa63a0	MD5 of 48b2c5bcc179258578a14fa8047f0e7813eaec00e2ef5cb8e29500c64bd0ba47	2022-11-09
FileHash-MD5	bf5319e9d582876aaaa4df46e74e74ee	MD5 of 65f6bf1299c82659d54482d0d08ed38dcdf61826f7df7fb68301620933e61e16	2022-11-09
FileHash-MD5	c53b62a9af12cf189afd7f48d36041d5	MD5 of 5a63ab6f7ef4d61c6d67fddff5883778b3235ef83b36bfced892d6dbc1a7416e	2022-11-09
FileHash-MD5	ce3280f3e64768ff5a8b68c29bdf6fc7	MD5 of 403e70970c9b6f4669f5446607042721caaa2235ebd610c31e1a5f7fc917d752	2022-11-09
FileHash-MD5	d3b182de8c99553a9f2b6d0f3f030a4f	MD5 of cd99b899c5a3d6ddb22969605b079375da897362b4d599fc9eebb1e21115a31d	2022-11-09
FileHash-MD5	d8f46c46975e458f2019c27e8406911c	MD5 of 61e7a5bc6dda4cdf7d6c21edbabc61b22a616014d8648a8d43a83d03f5d75d61	2022-11-09

References (3)

↗ https://blog.talosintelligence.com/emotet-coming-in-hot/ ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_contacted_URLs.txt ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_hashes.txt