API tools faq
paste
Advertisement
jroosen

Emotet Malware IoCs 2019/06/21

jroosen
Jun 21st, 2019
12,323
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.86 KB | None | 0 0
raw download clone embed print report
  1. ## Emotet Malware Document links/IOCs for 06/21/19 as of 06/21/19 15:00 EDT ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. Emotet Tier 1 C2 is still down on both botnets. I wanted to update these lists because I was missing 4 combos on
  5. E1 and 8 combos on E2. The correct totals are 126 for E1 and 100 for E2. Somehow I truncated the totals and missed
  6. these 12 IP/Port combos. @0xtadavie found this oversight and provided me with the following missing combinations.
  7. Fortunately if you were just blocking on IPs, some of these were just additional ports on the same host.
  8.  
  9. #### Epoch 1 Missing C2s ####
  10. ```
  11.  
  12. 104.236.185.25:8080
  13. 190.13.211.174:21
  14. 190.246.146.101:80
  15. 5.77.13.70:80
  16.  
  17. ```
  18.  
  19. #### Epoch 2 Missing C2s ####
  20. ```
  21.  
  22. 103.97.95.218:143
  23. 179.14.2.75:21
  24. 186.19.202.88:21
  25. 186.31.189.232:143
  26. 187.147.184.249:143
  27. 190.25.255.98:143
  28. 190.53.135.159:21
  29. 41.169.20.147:143
  30.  
  31. ```
  32.  
  33. Here is the total of both of them as it originally should have been:
  34.  
  35. C2 Combos are MUCH higher than normal at 126 for E1 and 100 for E2. This leads me to believe that this outage
  36. was planned and we are seeing some sort of maintenance on the C2 infrastructure play out. The C2s combos are:
  37.  
  38.  
  39. #### Epoch 1 C2s ####
  40. ```
  41.  
  42. 103.201.150.209:80
  43. 104.236.151.95:7080
  44. 104.236.185.25:8080
  45. 105.224.171.102:80
  46. 109.104.79.48:8080
  47. 109.73.52.242:8080
  48. 111.67.12.221:8080
  49. 112.72.9.242:443
  50. 115.124.109.85:8443
  51. 117.218.133.244:80
  52. 125.99.61.162:7080
  53. 128.199.78.227:8080
  54. 134.196.209.126:443
  55. 138.219.214.164:443
  56. 138.68.106.4:7080
  57. 149.62.173.247:8080
  58. 159.203.204.126:8080
  59. 159.65.241.220:8080
  60. 162.217.250.243:7080
  61. 170.247.122.37:8080
  62. 176.250.213.131:80
  63. 176.31.200.136:8080
  64. 178.79.163.131:8080
  65. 179.40.105.76:80
  66. 181.134.105.191:80
  67. 181.15.180.140:80
  68. 181.15.243.22:80
  69. 181.16.127.226:443
  70. 181.171.118.19:80
  71. 181.198.67.178:20
  72. 181.231.72.200:80
  73. 181.28.144.64:80
  74. 181.28.248.205:80
  75. 181.39.134.122:80
  76. 181.48.174.242:80
  77. 183.82.97.25:80
  78. 185.129.93.140:80
  79. 185.86.148.222:8080
  80. 185.94.252.27:443
  81. 186.138.56.183:443
  82. 186.22.209.16:8080
  83. 186.23.146.42:80
  84. 186.23.18.211:443
  85. 186.83.133.253:8080
  86. 186.86.177.193:80
  87. 187.149.41.205:8080
  88. 187.178.9.19:20
  89. 187.188.166.192:80
  90. 187.242.204.142:80
  91. 189.180.84.115:8080
  92. 189.196.140.187:80
  93. 190.1.37.125:443
  94. 190.102.226.91:80
  95. 190.113.233.4:7080
  96. 190.117.206.153:443
  97. 190.13.211.174:21
  98. 190.147.12.71:443
  99. 190.186.221.50:80
  100. 190.189.112.116:80
  101. 190.189.204.100:80
  102. 190.19.42.131:80
  103. 190.193.131.141:443
  104. 190.230.60.129:80
  105. 190.246.146.101:80
  106. 190.246.166.217:80
  107. 190.36.88.98:8080
  108. 190.55.39.215:80
  109. 190.97.10.198:80
  110. 191.97.116.232:443
  111. 196.6.112.70:443
  112. 197.211.244.6:50000
  113. 200.107.105.16:465
  114. 200.123.101.90:80
  115. 200.28.131.215:443
  116. 200.32.61.210:8080
  117. 200.57.102.71:8443
  118. 200.58.171.51:80
  119. 200.58.83.179:80
  120. 200.80.198.34:80
  121. 201.212.24.6:443
  122. 201.219.183.243:443
  123. 201.251.229.37:80
  124. 201.252.229.169:8443
  125. 203.25.159.3:8080
  126. 205.186.154.130:80
  127. 213.120.104.180:50000
  128. 216.98.148.136:4143
  129. 217.113.27.158:443
  130. 217.92.171.167:53
  131. 219.74.237.49:443
  132. 23.254.203.51:8080
  133. 37.59.1.74:8080
  134. 43.229.62.186:8080
  135. 45.32.158.232:7080
  136. 45.55.82.2:8080
  137. 45.55.83.204:8080
  138. 45.73.124.235:8080
  139. 46.101.123.139:8080
  140. 46.21.105.59:8080
  141. 46.249.204.99:8080
  142. 46.29.183.211:8080
  143. 46.32.228.206:8080
  144. 5.153.252.228:8080
  145. 5.77.13.70:80
  146. 5.79.119.1:8080
  147. 61.92.159.208:8080
  148. 62.210.142.58:8080
  149. 62.75.143.100:7080
  150. 66.209.69.165:443
  151. 69.163.33.82:8080
  152. 70.32.84.74:8080
  153. 71.244.60.231:8080
  154. 77.122.183.203:8080
  155. 77.245.101.134:8080
  156. 79.143.182.254:8080
  157. 80.0.106.83:80
  158. 80.85.87.122:8080
  159. 81.140.12.131:8080
  160. 81.143.213.156:7080
  161. 81.183.213.36:80
  162. 85.132.96.242:80
  163. 86.42.166.147:80
  164. 89.134.144.41:8080
  165. 90.69.208.50:7080
  166. 91.205.215.57:7080
  167. 91.83.93.124:7080
  168.  
  169. ```
  170. #### Epoch 2 C2s ####
  171. ```
  172.  
  173. 103.97.95.218:143
  174. 104.131.11.150:8080
  175. 104.131.208.175:8080
  176. 104.236.246.93:8080
  177. 104.236.99.225:8080
  178. 115.71.233.127:443
  179. 125.99.106.226:80
  180. 136.243.177.26:8080
  181. 138.201.140.110:8080
  182. 142.4.198.249:7080
  183. 142.93.88.16:443
  184. 144.139.247.220:80
  185. 147.135.210.39:8080
  186. 159.65.25.128:8080
  187. 162.144.119.216:8080
  188. 162.243.125.212:8080
  189. 167.114.210.191:8080
  190. 169.239.182.217:8080
  191. 173.212.203.26:8080
  192. 174.136.14.100:8080
  193. 175.100.138.82:22
  194. 177.242.214.30:80
  195. 177.246.193.139:20
  196. 178.62.37.188:443
  197. 178.79.161.166:443
  198. 179.14.2.75:21
  199. 179.14.2.75:80
  200. 179.32.19.219:22
  201. 181.189.213.231:465
  202. 186.144.64.31:53
  203. 186.19.202.88:21
  204. 186.31.189.232:143
  205. 186.4.167.166:80
  206. 186.4.234.27:443
  207. 187.147.184.249:143
  208. 187.163.180.243:22
  209. 187.163.222.244:465
  210. 187.189.195.208:8443
  211. 188.166.253.46:8080
  212. 189.209.217.49:80
  213. 190.112.228.47:443
  214. 190.145.67.134:8090
  215. 190.186.203.55:80
  216. 190.25.255.98:143
  217. 190.25.255.98:443
  218. 190.25.255.98:80
  219. 190.53.135.159:21
  220. 190.72.136.214:465
  221. 195.242.117.231:8080
  222. 198.58.114.91:4143
  223. 200.24.248.206:80
  224. 200.43.231.10:7080
  225. 200.85.46.122:80
  226. 201.199.89.223:8443
  227. 201.220.152.101:80
  228. 201.231.44.78:80
  229. 201.238.152.20:465
  230. 202.83.16.150:80
  231. 206.189.98.125:8080
  232. 211.63.71.72:8080
  233. 212.71.234.16:8080
  234. 216.98.148.156:8080
  235. 217.13.106.160:7080
  236. 222.214.218.136:4143
  237. 222.214.218.192:8080
  238. 24.139.205.186:8080
  239. 31.12.67.62:7080
  240. 31.172.240.91:8080
  241. 37.211.85.139:80
  242. 41.169.20.147:143
  243. 41.169.20.147:465
  244. 41.220.119.246:80
  245. 45.123.3.54:443
  246. 45.33.49.124:443
  247. 46.101.142.115:8080
  248. 46.105.131.87:80
  249. 47.41.213.2:22
  250. 50.31.0.160:8080
  251. 50.99.132.7:465
  252. 59.103.164.174:80
  253. 60.48.253.12:20
  254. 62.75.187.192:8080
  255. 64.13.225.150:8080
  256. 66.84.11.168:8080
  257. 69.45.19.145:8080
  258. 71.244.60.230:8080
  259. 75.127.14.170:8080
  260. 78.24.219.147:8080
  261. 81.109.227.123:80
  262. 85.104.59.244:20
  263. 86.98.61.221:443
  264. 87.106.136.232:8080
  265. 87.106.139.101:8080
  266. 87.230.19.21:8080
  267. 91.205.215.10:7080
  268. 91.205.215.66:8080
  269. 91.83.93.103:7080
  270. 92.154.101.154:50000
  271. 94.76.200.114:8080
  272. 95.128.43.213:8080
  273.  
  274. ```
  275.  
  276. Thanks to @0xtadavie for catching this oversight!
  277.  
  278. Now is the time to block these IP/Port combos while you can. Also, if you see any requests going out to these IP/Port combos,
  279. cleanup isle whatever that computer is in because it is infected!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!