2022-02-13 Technical Malware Analysis The return of Emotet

📃Title: Technical Malware Analysis: The return of Emotet
📅Date: 2022-02-13
🔗References:

• https://notes.netbytesec.com/2022/02/technical-malware-analysis-return-of.html

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: malware-analysis
• target: broad-based
• MY-relevancy: relevant

🔖MISP Galaxies:

• target-information=“Malaysia”
• malpedia=“Emotet”
• mitre-attack-pattern=[]

MISP event uuid: fea7d515-1deb-4f0e-bc34-4bb69c9e954d

Indicator of Compromise (IoCs)

type,value,comment
ip-dst, 91.240.118.168, ''
ip-dst, 45.79.80.198, ''
url, http://91.240.118.168/oo/aa/se.html, ''
url, http://91.240.118.168/oo/aa/se.png, ''
url, http://farmmash.com/edh2fa/g2Q7Qbgs/, ''
url, http://karensgardentips.com/cgi-bin/hfpv/, ''
url, http://centrobilinguelospinos.com/wp-admin/w8528qkQnMPLDUc/, ''
url, http://unitedhorus.com/wp-content/m3oxVSV2uYW2rbh/, ''
url, http://vldispatch.com/licenses/JE6Ol2dfhrk/, ''
url, http://il-piccolo-principe.com/wp-content/Ua9GvD7acXnDz/, ''
url, http://hardstonecap.com/well-known/ps9kNMgc6/, ''
url, http://3-fasen.com/wp-content/3Bl0hBbW/, ''
url, http://baldcover.com/wp-admin/oRwkRUWpbJ55/, ''
md5, 25995b47257212e2e3ca5f7704c9e830, 'No sample in VT\r\nLast check:09/05/2025'

Full IOCs available in Rectifyq's MISP```