API tools faq
paste
jroosen

Emotet Malware IoCs 2019/06/10

jroosen
Jun 10th, 2019
10,269
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.66 KB | None | 0 0
raw download clone embed print report
  1. ## Emotet Malware Document links/IOCs for 06/10/19 as of 06/10/19 11:30 EDT ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. Small Emotet Update - 06/10/2019 - 11:15 EDT:
  5.  
  6. It looks like C2 is down on Tier 1 across both botnets. We are seeing no response or 400/404/502 responses.
  7. This has been happening since 06/07/19 around 19:00UTC. The latest binaries for both botnets are:
  8. 8e5089260064a955819a92ebccc43d05520e32d234dd3c176bed5f6d0665ebdb for E1
  9. f8f6faa7e578785f53796c395f4ca0b757d43b62d77cdb47f74f8573e8af37a3 for E2
  10.  
  11. C2 Combos are MUCH higher than normal at 122 for E1 and 92 for E2. This leads me to believe that this outage
  12. was planned and we are seeing some sort of maintenance on the C2 infrastructure play out. The C2s combos are:
  13.  
  14. ```
  15. #### Epoch 1 C2s ####
  16. ```
  17.  
  18. 103.201.150.209:80
  19. 104.236.151.95:7080
  20. 105.224.171.102:80
  21. 109.104.79.48:8080
  22. 109.73.52.242:8080
  23. 111.67.12.221:8080
  24. 112.72.9.242:443
  25. 115.124.109.85:8443
  26. 117.218.133.244:80
  27. 125.99.61.162:7080
  28. 128.199.78.227:8080
  29. 134.196.209.126:443
  30. 138.219.214.164:443
  31. 138.68.106.4:7080
  32. 149.62.173.247:8080
  33. 159.203.204.126:8080
  34. 159.65.241.220:8080
  35. 162.217.250.243:7080
  36. 170.247.122.37:8080
  37. 176.250.213.131:80
  38. 176.31.200.136:8080
  39. 178.79.163.131:8080
  40. 179.40.105.76:80
  41. 181.134.105.191:80
  42. 181.15.180.140:80
  43. 181.15.243.22:80
  44. 181.16.127.226:443
  45. 181.171.118.19:80
  46. 181.198.67.178:20
  47. 181.231.72.200:80
  48. 181.28.144.64:80
  49. 181.28.248.205:80
  50. 181.39.134.122:80
  51. 181.48.174.242:80
  52. 183.82.97.25:80
  53. 185.129.93.140:80
  54. 185.86.148.222:8080
  55. 185.94.252.27:443
  56. 186.138.56.183:443
  57. 186.22.209.16:8080
  58. 186.23.146.42:80
  59. 186.23.18.211:443
  60. 186.83.133.253:8080
  61. 186.86.177.193:80
  62. 187.149.41.205:8080
  63. 187.178.9.19:20
  64. 187.188.166.192:80
  65. 187.242.204.142:80
  66. 189.180.84.115:8080
  67. 189.196.140.187:80
  68. 190.1.37.125:443
  69. 190.102.226.91:80
  70. 190.113.233.4:7080
  71. 190.117.206.153:443
  72. 190.147.12.71:443
  73. 190.186.221.50:80
  74. 190.189.112.116:80
  75. 190.189.204.100:80
  76. 190.19.42.131:80
  77. 190.193.131.141:443
  78. 190.230.60.129:80
  79. 190.246.166.217:80
  80. 190.36.88.98:8080
  81. 190.55.39.215:80
  82. 190.97.10.198:80
  83. 191.97.116.232:443
  84. 196.6.112.70:443
  85. 197.211.244.6:50000
  86. 200.107.105.16:465
  87. 200.123.101.90:80
  88. 200.28.131.215:443
  89. 200.32.61.210:8080
  90. 200.57.102.71:8443
  91. 200.58.171.51:80
  92. 200.58.83.179:80
  93. 200.80.198.34:80
  94. 201.212.24.6:443
  95. 201.219.183.243:443
  96. 201.251.229.37:80
  97. 201.252.229.169:8443
  98. 203.25.159.3:8080
  99. 205.186.154.130:80
  100. 213.120.104.180:50000
  101. 216.98.148.136:4143
  102. 217.113.27.158:443
  103. 217.92.171.167:53
  104. 219.74.237.49:443
  105. 23.254.203.51:8080
  106. 37.59.1.74:8080
  107. 43.229.62.186:8080
  108. 45.32.158.232:7080
  109. 45.55.82.2:8080
  110. 45.55.83.204:8080
  111. 45.73.124.235:8080
  112. 46.101.123.139:8080
  113. 46.21.105.59:8080
  114. 46.249.204.99:8080
  115. 46.29.183.211:8080
  116. 46.32.228.206:8080
  117. 5.153.252.228:8080
  118. 5.79.119.1:8080
  119. 61.92.159.208:8080
  120. 62.210.142.58:8080
  121. 62.75.143.100:7080
  122. 66.209.69.165:443
  123. 69.163.33.82:8080
  124. 70.32.84.74:8080
  125. 71.244.60.231:8080
  126. 77.122.183.203:8080
  127. 77.245.101.134:8080
  128. 79.143.182.254:8080
  129. 80.0.106.83:80
  130. 80.85.87.122:8080
  131. 81.140.12.131:8080
  132. 81.143.213.156:7080
  133. 81.183.213.36:80
  134. 85.132.96.242:80
  135. 86.42.166.147:80
  136. 89.134.144.41:8080
  137. 90.69.208.50:7080
  138. 91.205.215.57:7080
  139. 91.83.93.124:7080
  140.  
  141. ```
  142. #### Epoch 2 C2s ####
  143. ```
  144.  
  145. 104.131.11.150:8080
  146. 104.131.208.175:8080
  147. 104.236.246.93:8080
  148. 104.236.99.225:8080
  149. 115.71.233.127:443
  150. 125.99.106.226:80
  151. 136.243.177.26:8080
  152. 138.201.140.110:8080
  153. 142.4.198.249:7080
  154. 142.93.88.16:443
  155. 144.139.247.220:80
  156. 147.135.210.39:8080
  157. 159.65.25.128:8080
  158. 162.144.119.216:8080
  159. 162.243.125.212:8080
  160. 167.114.210.191:8080
  161. 169.239.182.217:8080
  162. 173.212.203.26:8080
  163. 174.136.14.100:8080
  164. 175.100.138.82:22
  165. 177.242.214.30:80
  166. 177.246.193.139:20
  167. 178.62.37.188:443
  168. 178.79.161.166:443
  169. 179.14.2.75:80
  170. 179.32.19.219:22
  171. 181.189.213.231:465
  172. 186.144.64.31:53
  173. 186.4.167.166:80
  174. 186.4.234.27:443
  175. 187.163.180.243:22
  176. 187.163.222.244:465
  177. 187.189.195.208:8443
  178. 188.166.253.46:8080
  179. 189.209.217.49:80
  180. 190.112.228.47:443
  181. 190.145.67.134:8090
  182. 190.186.203.55:80
  183. 190.25.255.98:80
  184. 190.25.255.98:443
  185. 190.72.136.214:465
  186. 195.242.117.231:8080
  187. 198.58.114.91:4143
  188. 200.24.248.206:80
  189. 200.43.231.10:7080
  190. 200.85.46.122:80
  191. 201.199.89.223:8443
  192. 201.220.152.101:80
  193. 201.231.44.78:80
  194. 201.238.152.20:465
  195. 202.83.16.150:80
  196. 206.189.98.125:8080
  197. 211.63.71.72:8080
  198. 212.71.234.16:8080
  199. 216.98.148.156:8080
  200. 217.13.106.160:7080
  201. 222.214.218.136:4143
  202. 222.214.218.192:8080
  203. 24.139.205.186:8080
  204. 31.12.67.62:7080
  205. 31.172.240.91:8080
  206. 37.211.85.139:80
  207. 41.169.20.147:465
  208. 41.220.119.246:80
  209. 45.123.3.54:443
  210. 45.33.49.124:443
  211. 46.101.142.115:8080
  212. 46.105.131.87:80
  213. 47.41.213.2:22
  214. 50.31.0.160:8080
  215. 50.99.132.7:465
  216. 59.103.164.174:80
  217. 60.48.253.12:20
  218. 62.75.187.192:8080
  219. 64.13.225.150:8080
  220. 66.84.11.168:8080
  221. 69.45.19.145:8080
  222. 71.244.60.230:8080
  223. 75.127.14.170:8080
  224. 78.24.219.147:8080
  225. 81.109.227.123:80
  226. 85.104.59.244:20
  227. 86.98.61.221:443
  228. 87.106.136.232:8080
  229. 87.106.139.101:8080
  230. 87.230.19.21:8080
  231. 91.205.215.10:7080
  232. 91.205.215.66:8080
  233. 91.83.93.103:7080
  234. 92.154.101.154:50000
  235. 94.76.200.114:8080
  236. 95.128.43.213:8080
  237.  
  238.  
  239. Obviously we are not seeing any spamming or any other activity during this time. Now is the time to block these IP/Port combos
  240. while you can. Also if you see any requests going out to these IP/Port combos, cleanup isle whatever that computer is in because
  241. it is infected!
  242.  
  243. We will see how long this break lasts and what new surprises they have up their sleeve.
  244.  
  245.  
  246. ```
  247. #### Sandbox 06/10/19 ####
  248. (all with fakenet and MITM unless spam/secondary infection)
  249. ```
  250.  
  251. Epoch 1 C2 run on 2019-06-10 at 13:45 UTC - https://app.any.run/tasks/7f48ce71-945d-418e-a0f9-6c5fc3613e46
  252.  
  253. ```
  254.  
  255. ```
  256.  
  257. Epoch 2 C2 run on 2019-06-10 at 14:45 UTC - https://app.any.run/tasks/cd7edc98-a3bb-4c3b-bea5-a8493e020476
  258.  
  259. ```
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!