← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report
WHITE OtpNgGim 2022-11-29 Modified: 2022-12-29
50
IOCs
MEDIUM VOLUME
cobalt strikeemotetet cncfeodo trackercnc servertactical rmmdfir reportanydesklnk filerclonepowershellagentbumblebeeexecutionlsassimpactjunecovenantmetasploitempireposhc2persistencemimikatzmegadatemeterpretertwitter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (12 / 50 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 02b4f495e9995cc2251c19cd9984763f52122951 2022-11-29
FileHash-SHA1 08651822714c977d40d3c126c20ba4033d6836d3 2022-11-29
FileHash-SHA1 1f8e37351e7c5d89ce7808391edaef34bd8db6c0 2022-11-29
FileHash-SHA1 3a2079b02bcb1a2653ba9b5a5f56fd8b14a59820 2022-11-29
FileHash-SHA1 52332ce16ee0c393b8eea6e71863ad41e3caeafd 2022-11-29
FileHash-SHA1 74e2d1bd3cec8fa72ba06cf4eef8e58fb5e0e237 2022-11-29
FileHash-SHA1 8b749fb1260b92b9170e4e69fa1bd2f34e94d766 2022-11-29
FileHash-SHA1 a3eed2b760abddfd62014fcf9ae81f435b216473 2022-11-29
FileHash-SHA1 b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf 2022-11-29
FileHash-SHA1 b80c987c8849bf7905ea8f283b79d98753e3c15a 2022-11-29
FileHash-SHA1 c2a8776e21403eb00b38bfccd36d1c03dffb009e 2022-11-29
FileHash-SHA1 f6727d5d04f2728a3353fbd45d7b2cb19e98802c 2022-11-29
References (1)
↗ https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/