Pulse Detail — Threat Intelligence

PULSE NAME

IOC-2019-2020

WHITE assumed part of the emotet distribution network and communication infrastructure commandline 2024-09-09 Modified: 2024-10-09

1658

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

IOC collected in 2019-2020, including confirmed and suspected IOC. Also including whitelisted IOC since seen as part of the infrastructure These IOC were observed as a highly likely related set of IOC with overt and assumed covert interrelations.

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

Emotet FlyStudio Zeus

Indicators of Compromise (64 / 1658 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://104.238.156.230/api/159e89e9a383f5894aaa3ead65a339da/svchost.exe	—	2024-09-09
URL	http://104.238.156.230/api/6394f6e53022fd30c0839b8acdb33b9b/svchost.exe	—	2024-09-09
URL	http://blythewooddeals.com/one/index.php	—	2024-09-09
URL	http://down.dcodown1.com/api/d4493f93ef7610fc71ce8cf7c9e121e5/svchost.exe	—	2024-09-09
URL	https://blythewooddeals.com/done/afzz	—	2024-09-09
URL	http://amazon.de.p122421.com/	—	2024-09-09
URL	http://amazon.de.p122421.com/login/	—	2024-09-09
URL	http://bankofamerica.alert.service.manegers.online.secure.firststoponline.com.au/	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2/	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2/billing.php	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2/card.php	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2/email.php	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2/identification.php	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2/personal.php	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2/sitekey.html	—	2024-09-09
URL	http://104.238.156.230/	—	2024-09-09
URL	http://149.28.255.255	—	2024-09-09
URL	http://149.28.62.0	—	2024-09-09
URL	http://149.28.63.255	—	2024-09-09
URL	http://149.28.8.0	—	2024-09-09
URL	http://18.128.0.0	—	2024-09-09
URL	http://18.255.255.255	—	2024-09-09
URL	http://47.32.0.0	—	2024-09-09
URL	http://5pr6hirtlfan3j76.onion/?0.9149677821747106	—	2024-09-09
URL	http://amazon.de.p122421.com/login	—	2024-09-09
URL	http://api.kkkkkdajlhlkjhsdewgtuv.com	—	2024-09-09
URL	http://api.kkkkkdajlhlkjhsdewgtuv.com/	—	2024-09-09
URL	http://api.kkkkkdajlhlkjhsdewgtuv.com/api/list	—	2024-09-09
URL	http://api.kkkkkdajlhlkjhsdewgtuv.com/api/list/	—	2024-09-09
URL	http://api.kkkkkdajlhlkjhsdewgtuv.com/api/send	—	2024-09-09
URL	http://api.kkkkkdajlhlkjhsdewgtuv.com/favicon.ico	dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f	2024-09-09
URL	http://api.new-api.com/	cdf9d8eee8c4fe967fac3aa9218a7227647ae7aaaa4221c688e1aab7a9180f69	2024-09-09
URL	http://api.new-api.com/api/ip	—	2024-09-09
URL	http://api.new-api.com/api/report	—	2024-09-09
URL	http://bankofamerica.alert.service.manegers.online.secure.firststoponline.com.au/LulzSec/app/Home	—	2024-09-09
URL	http://bankofamerica.alert.service.manegers.online.secure.firststoponline.com.au/LulzSec/app/Home/	—	2024-09-09
URL	http://bankofamerica.alert.service.manegers.online.secure.firststoponline.com.au/LulzSec/app/Home/qes.php	—	2024-09-09
URL	http://bankofamerica.alert.service.manegers.online.secure.firststoponline.com.au/lulzsec/app	—	2024-09-09
URL	http://down.dcodown.com/	—	2024-09-09
URL	http://down.dcodown.com/api/3871e0beabff919e3b347c116923d881	—	2024-09-09
URL	http://down.dcodown1.com/	—	2024-09-09
URL	http://imagebuildingandcarpentry.com.au/	—	2024-09-09
URL	http://imagebuildingandcarpentry.com.au/utd/update	dad77b4e03da0b316a68760e47d7fa73d38b6aee78c004fbf5cb41b5a5d83ebf	2024-09-09
URL	http://monclairbeleza.com/	—	2024-09-09
URL	http://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2	—	2024-09-09
URL	http://monclairbeleza.com/modules/blockcart/sessi0n_ssi_2555000963/sessi0n_ssi_2555000963/sessi0n_ssi_2555000963	—	2024-09-09
URL	http://newbasemanage.com/	fdf900267092bc67bd7786b86c462e69f9ed52bed838809b6ba28b298be879f6	2024-09-09
URL	http://neya-tools.ru/config.ini	—	2024-09-09
URL	http://neya-tools.ru/input.js	—	2024-09-09
URL	http://use.timaeus-lui.com/	—	2024-09-09
URL	http://use.timaeus-lui.com/zcvisitor/0724b776-c2eb-11e8-a08e-066a1731b662?campaignid\=8258ed20-10ae-11e8-9a6b-0e497388635c	—	2024-09-09
URL	http://use.timaeus-lui.com/zcvisitor/3e376a80-bf78-11e8-b53c-06dcde7ea782?campaignid=3ef3ec10-38d6-11e8-8a93-0e9c191f3024	—	2024-09-09
URL	http://use.timaeus-lui.com/zcvisitor/d4174501-b8e0-11e8-adc2-060a96bace44?campaignid=d42575d3-b8e0-11e8-adc2-060a96bace44	—	2024-09-09
URL	http://use.timaeus-lui.com/zcvisitor/fa68f0d1-c161-11e8-a08e-066a1731b662?campaignid=b17e30a0-bc21-11e8-9a37-0ebb138d3962	—	2024-09-09
URL	http://usloft4634.dedicatedpanel.com/	—	2024-09-09
URL	http://ww17.login-appleid.apple.com.alert-wode.com/?amp&fp=uk2mzzybznyzrgq77i8i3dnk0zlvjhgsz/nvmtdn%20fuzev7rranyvjndji9zl9c%20y2sdbkad1rmdekgocit83n9r7aj2izrn%20gpij9o%2002nmvbfxnagtlcelqhmgzavxgkbc26karg2jnjrj%20bw7n3/mvc4bxqjxthgibmug4rg=	—	2024-09-09
URL	http://www.argenta.be.vlbbe.eu/aanvragen	—	2024-09-09
URL	https://amazon.de.p122421.com/	—	2024-09-09
URL	https://amazon.de.p122421.com/login/1573369252/	—	2024-09-09
URL	https://amazon.de.p122421.com/login/1573372838/	—	2024-09-09
URL	https://api.kkkkkdajlhlkjhsdewgtuv.com/	—	2024-09-09
URL	https://blythewooddeals.com/done/afzz/	—	2024-09-09
URL	https://imagebuildingandcarpentry.com.au/utd/update/index.php?email=nobody@mycraftmail.com	—	2024-09-09
URL	https://monclairbeleza.com/modules/blockcart/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/Sessi0n_SSi_2555000963/2525555_52558x68584854/b0a/66525_56669/en2	d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3	2024-09-09

References (1)

↗ https://www.virustotal.com/graph/embed/g8248c00b8fb747cbac22a9eafe2538c76d3f073c1a40477397f15304692dbbd0?theme=dark