← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Emotet coming in hot
WHITE AlienVault 2022-11-09 Modified: 2022-12-09
2462
IOCs
HIGH VOLUME
Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto Open macros inside XLS documents. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world.
emotetphishingmaldocxls documentsoffice macrossocial engineeringbanking trojan
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Emotet
Indicators of Compromise (11 / 2462 total)
All URL domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
hostname db.rikaz.tech 2022-11-09
hostname ftp.agir-santeinternationale.com 2022-11-09
hostname ftp.pricoat.com.mx 2022-11-09
hostname ly.yjlianyi.top 2022-11-09
hostname www.careofu.com 2022-11-09
hostname www.chacaltattoo.com.br 2022-11-09
hostname www.detertecnica.com 2022-11-09
hostname laboritm2022.scienceontheweb.net 2022-11-09
hostname www.elaboro.pl 2022-11-09
hostname www.melisetotoaksesuar.com 2022-11-09
hostname www.tugarden.com 2022-11-09
References (3)
↗ https://blog.talosintelligence.com/emotet-coming-in-hot/ ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_contacted_URLs.txt ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_hashes.txt