Pulse Detail — Threat Intelligence

PULSE NAME

Emotet coming in hot

WHITE AlienVault 2022-11-09 Modified: 2022-12-09

2462

IOCs

HIGH VOLUME

Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto Open macros inside XLS documents. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027 T1547 T1566 T1204 T1047 T1040 T1057 T1210 T1560 T1571 T1041 T1036

MALWARE FAMILIES

Emotet

Indicators of Compromise (59 / 2462 total)

All URL domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://aibwireless.com/cgi-bin/zR2mG25Ssk8dH/	—	2022-11-09
URL	http://app.clubdedocentes.com/storage/DCcq9ekgH99sI/	—	2022-11-09
URL	http://blacksmithbooks.com/blog/yinA3nT/	—	2022-11-09
URL	http://bytesendesign.nl/cgi-bin/oJYQiWRZITmFqE1H/	—	2022-11-09
URL	http://coadymarine.com/Admin/ekamS7WWDkLwS44q/	—	2022-11-09
URL	http://coinkub.com/wp-content/NL7Ddclhm/	—	2022-11-09
URL	http://coinkub.com/wp-content/WwrJvjumS/	—	2022-11-09
URL	http://dazzlecollections.co.za/THDXpHbk3YwA/HTolLw1ams3x/	—	2022-11-09
URL	http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/H9YoD9PuGAHGb3MHZz/	—	2022-11-09
URL	http://demarsoft.com/ALPHAINSTALLS.US/lTsjpA6/	—	2022-11-09
URL	http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/	—	2022-11-09
URL	http://ftp.pricoat.com.mx/Fichas/3ybJLLXu5zqqn8Sx/	—	2022-11-09
URL	http://greycoconut.com/edm/71qUA/	—	2022-11-09
URL	http://kabaruntukrakyat.com/wp-content/B9oJ0jh/	—	2022-11-09
URL	http://ly.yjlianyi.top/wp-admin/NRAdJ/	—	2022-11-09
URL	http://nlasandbox.com/facebookpage/JFqg2Aqkl3UPZi6xGz/	—	2022-11-09
URL	http://ruitaiwz.com/wp-admin/sV1NeVxLDiHJ1xm/	—	2022-11-09
URL	http://sourcecool.com/throng/iOD/	—	2022-11-09
URL	http://straightmailconnect.com/cgi-bin/inc/	—	2022-11-09
URL	http://swiftwebbox.com/cgi-bin/vNqoMtQilpysJYRwtGu/	—	2022-11-09
URL	http://updailymail.com/cgi-bin/gBYmfqRi2utIS2n/	—	2022-11-09
URL	http://voinet.ca/cgi-bin/RXDWHpi8dHHZf8/	—	2022-11-09
URL	http://vourakilina.gr/6vtelq/Xo7C7m/	—	2022-11-09
URL	http://www.chacaltattoo.com.br/css/m51P4/	—	2022-11-09
URL	http://www.detertecnica.com/var/azLISfW/	—	2022-11-09
URL	http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/	—	2022-11-09
URL	http://xebabanhchohang.vn/wp-content/sux8Bfyu/	—	2022-11-09
URL	http://zonainformatica.es/tienda/XCHJmidSYTkE/	—	2022-11-09
URL	https://amorecuidados.com.br/wp-admin/t3D/	—	2022-11-09
URL	https://audioselec.com/about/dDw5ggtyMojggTqhc/	—	2022-11-09
URL	https://bosny.com/aspnet_client/5VLxhxQCFMinu6/	—	2022-11-09
URL	https://copunupo.ac.zm/cgi-bin/bNoAgU9/	—	2022-11-09
URL	https://geringer-muehle.de/wp-admin/G/	—	2022-11-09
URL	https://joomlaadvanced.com/marrowx/fbCctJXM0/	—	2022-11-09
URL	https://www.melisetotoaksesuar.com/catalog/pFyl/	—	2022-11-09
URL	http://brittknight.com/PHP/Aqxf09OugZ/	—	2022-11-09
URL	http://aprendeconmireia.com:443/	—	2022-11-09
URL	http://blangkonstudio.com:443/	—	2022-11-09
URL	http://caimari.com:443/	—	2022-11-09
URL	http://cloudxml.com.br:443/	—	2022-11-09
URL	http://cocostrunket.com/wp-content/GlJk9/	—	2022-11-09
URL	http://contactworks.nl/images_old/NuEAhfF0PCFhvv/	4aba308a0c51225448c5a5b3afc6b9e890ce1ea88704f084557555b6c68ffe80	2022-11-09
URL	http://copayucatan.com.mx/wp-includes/BqaJMpC3osZ0LRnKK/	—	2022-11-09
URL	http://copunupo.ac.zm:443/	—	2022-11-09
URL	http://cronoatletas.uy/headers/hPoIMx/	—	2022-11-09
URL	http://cs.com.sg:443/	—	2022-11-09
URL	http://cursosinterativos.com.br/semprichickoff2/pEl/	—	2022-11-09
URL	http://demirelmarka.com/wp-admin/vMmu5VHyAbUgIU/	—	2022-11-09
URL	http://isc.net.ua/themes/3rU/	—	2022-11-09
URL	http://laboritm2022.scienceontheweb.net/css/RoMZndfiNHp/	—	2022-11-09
URL	http://luminesthemes.com/clone_controller/bKv5LELdgzGRhtVAiJ/	714cc9d967e7e0556efc3692e32ed4189755bb897fea7ea36b5eae5dd781b4e5	2022-11-09
URL	http://meta4media.com/portfolio2/oYoSTW9fotg/	6348c3ef4c1df3212a64b3caa361a33843bd44f8024d960f1b283d727befff9a	2022-11-09
URL	http://www.careofu.com:443/	—	2022-11-09
URL	http://www.tugarden.com/docs/csv_import/rf6bMPAtbBPiDK/	—	2022-11-09
URL	https://188.165.79.151/	—	2022-11-09
URL	https://barkstage.es/wp-content/0E7NdYl7TZuHMJq7/	—	2022-11-09
URL	https://link2thai.com/Lock/aZNj/	d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3	2022-11-09
URL	https://luzytextura.com/marfinance/gdwyLku/	193ccd8d4f72e4c30566594e9891074a7f43a3050729a2e86252f18acb9047db	2022-11-09
URL	https://www.elaboro.pl/wp-admin/J0hwyIMsk9YFIi/	—	2022-11-09

References (3)

↗ https://blog.talosintelligence.com/emotet-coming-in-hot/ ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_contacted_URLs.txt ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_hashes.txt