← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report
WHITE OtpNgGim 2022-11-29 Modified: 2022-12-29
50
IOCs
MEDIUM VOLUME
cobalt strikeemotetet cncfeodo trackercnc servertactical rmmdfir reportanydesklnk filerclonepowershellagentbumblebeeexecutionlsassimpactjunecovenantmetasploitempireposhc2persistencemimikatzmegadatemeterpretertwitter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (10 / 50 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://drechslerstammtisch.de 2022-11-29
URL https://descontador.com.br 2022-11-29
URL https://el-energiaki.gr 2022-11-29
URL https://www.elaboro.pl 2022-11-29
URL http://139.60.160.18:443 2022-11-29
URL http://139.60.160.18:80 2022-11-29
URL http://84.17.49.114:1249 2022-11-29
URL http://dhnconstrucciones.com.ar 2022-11-29
URL http://dilsrl.com 2022-11-29
URL https://api.floppasoftware.com 2022-11-29
References (1)
↗ https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/