Pulse Detail — Threat Intelligence

PULSE NAME

Emotet coming in hot

WHITE AlienVault 2022-11-09 Modified: 2022-12-09

2462

IOCs

HIGH VOLUME

Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto Open macros inside XLS documents. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027 T1547 T1566 T1204 T1047 T1040 T1057 T1210 T1560 T1571 T1041 T1036

MALWARE FAMILIES

Emotet

Indicators of Compromise (19 / 2462 total)

All URL domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	14ee686c33e2b5504f6b4943df12e9d3558f2940	SHA1 of 7ccdf928121e5547f70de1eda03b06fc5c5d4bbc778ea0ca2db4ccac77e573ad	2022-11-09
FileHash-SHA1	152b50a6eda7ed9361a35fbcfc70e4775597e04d	SHA1 of 662fb33e2ca5158c0d644c6a2fca0717bc55a164838d287aede4f576dc9fe7e1	2022-11-09
FileHash-SHA1	3225b4a4f3399915cf4558c37efdf8f25c216112	SHA1 of 3f19ef955f27b286cc7bb49329c75d7d70047f30c2852fb24d47131cacad9e81	2022-11-09
FileHash-SHA1	3925fd92a7546c6a092d6be55e440abeee0d7ed7	SHA1 of 2b9e253192c68bc69638043a5901d7753a9985a431738f0b22c7efea3e24bdea	2022-11-09
FileHash-SHA1	3cc43c03d5b634409b9cd28d4eeec6e7f8a19584	SHA1 of 5a63ab6f7ef4d61c6d67fddff5883778b3235ef83b36bfced892d6dbc1a7416e	2022-11-09
FileHash-SHA1	3d60491343341fb063fa7cddf6d2f48402a4d4d5	SHA1 of 74e71137617fdfb20a525df4a76dd95fc0d630a8ea930cf9287ec29e183d0585	2022-11-09
FileHash-SHA1	47bfe94aa96ef43231890f04ccd286b0888e10c8	SHA1 of ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c	2022-11-09
FileHash-SHA1	531ca8bb7e3444b8f4254b269e94c1f2ce034a6c	SHA1 of 86262511ab7e41a2940ac3fd15148d29aa56eb2dab3653917bd70964cdf50fbe	2022-11-09
FileHash-SHA1	769301632d80a6c5996e7f9514786e79d044db17	SHA1 of 8c3cfdd7e1e162129eedf2c3d9f6f63c133622bfe5d04bccbd823486a85b69ed	2022-11-09
FileHash-SHA1	875d63ddc7467890f8f72aa787298ca4b2051e3e	SHA1 of 1c5f2ca9839078742383b207721ce92fdfa70ac50e5d7b73c2488d47f7e5ebac	2022-11-09
FileHash-SHA1	9774e1e4f1de3ce1873dc67ddb650bc3abd0fc73	SHA1 of 48b2c5bcc179258578a14fa8047f0e7813eaec00e2ef5cb8e29500c64bd0ba47	2022-11-09
FileHash-SHA1	99b2f1ba3cfd48f344fe0552ff4308b1877f7542	SHA1 of 65f6bf1299c82659d54482d0d08ed38dcdf61826f7df7fb68301620933e61e16	2022-11-09
FileHash-SHA1	a46011d42a55479a1c32b776afd649632a5b3586	SHA1 of ed01d2c050fa67d21b9f27cf7cd49f5ea8b45476ddd7387ed9f786752947f097	2022-11-09
FileHash-SHA1	a4d3d2107acab77c677054f428ad7c714bebb2fe	SHA1 of 403e70970c9b6f4669f5446607042721caaa2235ebd610c31e1a5f7fc917d752	2022-11-09
FileHash-SHA1	a6e306f8841ff6fbd50188c738469143a6934df0	SHA1 of 199a2e0e1bb46a5dd8eb3a58aa55de157f6005c65b70245e71cecec4905cc2c0	2022-11-09
FileHash-SHA1	a88aa9a6b6ad91bd37d78d9341f49ad632b31ef0	SHA1 of 61e7a5bc6dda4cdf7d6c21edbabc61b22a616014d8648a8d43a83d03f5d75d61	2022-11-09
FileHash-SHA1	aca5d68a0fddcb6cdcb6fbc02eaa26f1326af4c1	SHA1 of 985e875e86cf5be71b871302d42aa7a7b09f3f2d528f9ea7b8b2c5f50d0ba34e	2022-11-09
FileHash-SHA1	d5bd989ffde2f67133b6404f9f234d13e618c206	SHA1 of cd99b899c5a3d6ddb22969605b079375da897362b4d599fc9eebb1e21115a31d	2022-11-09
FileHash-SHA1	e2defe35a68a0a8374fab7f7ec019b5b54a8a346	SHA1 of 76323e3a53815b76193d22984da10a9d492d934d49a611fd541e7a78a88cf3c9	2022-11-09

References (3)

↗ https://blog.talosintelligence.com/emotet-coming-in-hot/ ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_contacted_URLs.txt ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_hashes.txt