← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot
WHITE AlienVault 2023-08-03 Modified: 2023-09-23
19
IOCs
MEDIUM VOLUME
The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover botnets and underground forums.
BotnetDarkgateEmotet
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ALF:HeraklezEval:Trojan:Win32/Lokibot Emotet
Indicators of Compromise (19)
All FileHash-MD5 CVE FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1b9e9d90136d033a52d2c282503f33b7 2023-08-03
FileHash-MD5 149da23d732922b04f82d634750532f3 2023-08-03
FileHash-MD5 2c5cf406f3e4cfa448b167751eaea73b 2023-08-03
FileHash-MD5 238f7e8cd973a386b61348ab2629a912 2023-08-03
FileHash-MD5 31707f4c58be2db4fc43cba74f22c9e2 2023-08-03
FileHash-MD5 df3ee4fb63c971899e15479f9bca6853 2023-08-03
CVE CVE-2017-11882 2023-08-03
CVE CVE-2017-0199 2023-08-03
FileHash-MD5 b2d5a1369b5b88c18e5123b948683ba8 MD5 of 9a7db0204847d26515ed249f9ed577220326f63a724a2e0fb6bb1d8cd33508a3 2023-08-24
FileHash-SHA1 7f537f5045e5e4b77ccb8dcfbd04555b85b11821 SHA1 of 9a7db0204847d26515ed249f9ed577220326f63a724a2e0fb6bb1d8cd33508a3 2023-08-24
FileHash-SHA256 206042ec2b6bc377296c8b7901ce1a00c393df89e7c4cbbb1b8da1a86a153b67 2023-08-24
FileHash-SHA256 9a7db0204847d26515ed249f9ed577220326f63a724a2e0fb6bb1d8cd33508a3 2023-08-24
FileHash-SHA256 e5ca3a8732a4645de632d0a6edfaf064bdd34a4824102fbc2b328a974350db8f 2023-08-24
domain a4scan.com 2023-08-24
domain advanced-ip-scanne.com 2023-08-24
domain advanced-ips-scanne.com 2023-08-24
domain advancedscanner.link 2023-08-24
domain ipadvancedscanner.com 2023-08-24
hostname top.advscan.com 2023-08-24
References (1)
↗ https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/