← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report
WHITE OtpNgGim 2022-11-29 Modified: 2022-12-29
50
IOCs
MEDIUM VOLUME
cobalt strikeemotetet cncfeodo trackercnc servertactical rmmdfir reportanydesklnk filerclonepowershellagentbumblebeeexecutionlsassimpactjunecovenantmetasploitempireposhc2persistencemimikatzmegadatemeterpretertwitter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (6 / 50 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 18f0898d595ec054d13b02915fb7d3636f65b8e53c0c66b3c7ee3b6fc37d3566 SHA256 of 52332ce16ee0c393b8eea6e71863ad41e3caeafd 2022-11-29
FileHash-SHA256 1bf9314ae67ab791932c43e6c64103b1b572a88035447dae781bffd21a1187ad SHA256 of 02b4f495e9995cc2251c19cd9984763f52122951 2022-11-29
FileHash-SHA256 41e230134deca492704401ddf556ee2198ef6f32b868ec626d9aefbf268ab6b1 2022-11-29
FileHash-SHA256 53ae3567a34097f29011d752f1d3afab8f92beb36a8d6a5df5c1d4b12edc1703 SHA256 of c2a8776e21403eb00b38bfccd36d1c03dffb009e 2022-11-29
FileHash-SHA256 6424b4983f83f477a5da846a1dc3e2565b7a7d88ae3f084f3d3884c43aec5df6 2022-11-29
FileHash-SHA256 f8cff7082a936912baf2124d42ed82403c75c87cb160553a7df862f8d81809ee SHA256 of b286b58ed32b6df4ecdb5df86d7d7d177bb7bfaf 2022-11-29
References (1)
↗ https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/