Emotet_Feodo_IOC's_08-08-2018

1. #Emotet #Banking #Trojan #Malware
2. -------------------------------------
3. 08-08-2018 IOC's
4. -------------------------------------
5. Main object- "NWM-CSLA"
6. url http://nizansigorta.com/Download/HTJJ87600868HRGPTO/098020657/NWM-CSLA/
7. sha256 909c780364fe407032ed36022abd3054721fef762fb1e372472d888c3e60c81a
8. sha1 f8de2a6d90bc4762909987801db5306ab8ff33ee
9. md5 35c4d773782d7cfc379e85f8d1195469
10. DNS requests
11. domain scandryer.se
12. domain leisurecoinmachine.com
13. domain serborek.com
14. domain nase-rodina.cz
15. domain santacharityevent.com
16. Connections
17. ip 198.143.149.12
18. ip 81.2.195.172
19. ip 45.40.182.41
20. ip 94.73.150.147
21. ip 93.188.2.51
22. HTTP/HTTPS requests
23. url http://scandryer.se/Y
24. C2:
25. http://54.39.58.168/
26. http://96.3.21.210:20/
27. http://23.25.83.53/
28. http://216.21.168.27/
29. http://173.184.118.165/
30. http://109.75.36.105/
31. http://173.195.17.3:443/
32. http://108.170.54.171:8080/
33. http://199.119.78.38:443/
34. http://149.62.173.247:8080/
35. http://103.59.201.76:443/
36. http://111.93.226.226:465/
37. http://100.38.109.244/
38. http://209.15.84.54/
39. http://73.70.43.159/
40. http://222.214.218.192:4143/
41. http://172.95.38.36:7080/
42. http://81.154.227.235:8080/
43. http://146.185.170.222:8080/
44. http://118.244.214.210:443/
45. http://199.119.78.9:443/
46. http://46.105.131.87/
47. http://78.47.182.42:8080/
48. http://186.71.69.226/
49. http://46.105.131.69:8080/
50. http://202.141.245.30:443/
51. http://24.245.228.104:8090/
52. http://173.184.118.165:443/
53. http://27.50.89.209:8080/
54. http://157.7.164.23:8080/
55. http://54.37.131.63/
56. http://194.88.246.242:443/
57. http://80.69.56.5:50000/
58. http://173.197.222.214:443/
59. http://71.244.60.231:4143/
60. http://82.28.208.186/
61. http://162.212.100.241:8443/
62. http://54.38.40.148/
63. http://194.150.118.8:443/
64.  
65. url http://leisurecoinmachine.com/XxO
66. C2:
67. http://54.39.58.168/
68. http://216.21.168.27/
69. http://173.195.17.3:443/
70. http://96.3.21.210:20/
71. http://173.184.118.165/
72. http://109.75.36.105/
73. http://23.25.83.53/
74. http://108.170.54.171:8080/
75. http://103.59.201.76:443/
76. http://149.62.173.247:8080/
77. http://199.119.78.38:443/
78. http://100.38.109.244/
79. http://209.15.84.54/
80. http://81.154.227.235:8080/
81. http://73.70.43.159/
82. http://111.93.226.226:465/
83. http://222.214.218.192:4143/
84. http://46.105.131.69:8080/
85. http://202.141.245.30:443/
86. http://172.95.38.36:7080/
87. http://78.47.182.42:8080/
88. http://186.71.69.226/
89. http://24.245.228.104:8090/
90. http://199.119.78.9:443/
91. http://80.69.56.5:50000/
92. http://194.88.246.242:443/
93. http://157.7.164.23:8080/
94. http://46.105.131.87/
95. http://146.185.170.222:8080/
96. http://118.244.214.210:443/
97. http://173.184.118.165:443/
98. http://71.244.60.231:4143/
99. http://194.150.118.8:443/
100. http://27.50.89.209:8080/
101. http://54.38.40.148/
102. http://162.212.100.241:8443/
103. http://54.37.131.63/
104. http://82.28.208.186/
105. http://173.197.222.214:443/
106.  
107. url http://santacharityevent.com/QKkQ
108. C2:
109. http://54.39.58.168/
110. http://80.69.56.5:50000/
111. http://173.197.222.214:443/
112. http://216.21.168.27/
113. http://96.3.21.210:20/
114. http://173.195.17.3:443/
115. http://173.184.118.165/
116. http://109.75.36.105/
117. http://103.59.201.76:443/
118. http://23.25.83.53/
119. http://108.170.54.171:8080/
120. http://149.62.173.247:8080/
121. http://199.119.78.38:443/
122. http://209.15.84.54/
123. http://73.70.43.159/
124. http://100.38.109.244/
125. http://81.154.227.235:8080/
126. http://111.93.226.226:465/
127. http://172.95.38.36:7080/
128. http://186.71.69.226/
129. http://222.214.218.192:4143/
130. http://78.47.182.42:8080/
131. http://202.141.245.30:443/
132. http://46.105.131.69:8080/
133. http://199.119.78.9:443/
134. http://46.105.131.87/
135. http://146.185.170.222:8080/
136. http://118.244.214.210:443/
137. http://24.245.228.104:8090/
138. http://173.184.118.165:443/
139. http://54.37.131.63/
140. http://194.88.246.242:443/
141. http://54.38.40.148/
142. http://157.7.164.23:8080/
143. http://27.50.89.209:8080/
144. http://162.212.100.241:8443/
145. http://194.150.118.8:443/
146. http://71.244.60.231:4143/
147. http://82.28.208.186/
148.  
149. url http://nase-rodina.cz/xoV9W6
150. C2:
151. http://54.39.58.168/
152. http://173.195.17.3:443/
153. http://96.3.21.210:20/
154. http://216.21.168.27/
155. http://173.184.118.165/
156. http://108.170.54.171:8080/
157. http://149.62.173.247:8080/
158. http://109.75.36.105/
159. http://23.25.83.53/
160. http://103.59.201.76:443/
161. http://199.119.78.38:443/
162. http://209.15.84.54/
163. http://73.70.43.159/
164. http://81.154.227.235:8080/
165. http://100.38.109.244/
166. http://111.93.226.226:465/
167. http://172.95.38.36:7080/
168. http://46.105.131.69:8080/
169. http://222.214.218.192:4143/
170. http://186.71.69.226/
171. http://202.141.245.30:443/
172. http://78.47.182.42:8080/
173. http://199.119.78.9:443/
174. http://24.245.228.104:8090/
175. http://46.105.131.87/
176. http://118.244.214.210:443/
177. http://146.185.170.222:8080/
178. http://157.7.164.23:8080/
179. http://80.69.56.5:50000/
180. http://162.212.100.241:8443/
181. http://54.38.40.148/
182. http://54.37.131.63/
183. http://173.184.118.165:443/
184. http://27.50.89.209:8080/
185. http://194.88.246.242:443/
186. http://82.28.208.186/
187. http://71.244.60.231:4143/
188. http://173.197.222.214:443/
189. http://194.150.118.8:443/
190.  
191. url http://serborek.com/b3eoWq
192. C2:
193. http://54.39.58.168/
194. http://96.3.21.210:20/
195. http://216.21.168.27/
196. http://173.195.17.3:443/
197. http://173.184.118.165/
198. http://109.75.36.105/
199. http://103.59.201.76:443/
200. http://23.25.83.53/
201. http://108.170.54.171:8080/
202. http://149.62.173.247:8080/
203. http://100.38.109.244/
204. http://199.119.78.38:443/
205. http://209.15.84.54/
206. http://73.70.43.159/
207. http://81.154.227.235:8080/
208. http://111.93.226.226:465/
209. http://172.95.38.36:7080/
210. http://186.71.69.226/
211. http://78.47.182.42:8080/
212. http://222.214.218.192:4143/
213. http://202.141.245.30:443/
214. http://46.105.131.69:8080/
215. http://146.185.170.222:8080/
216. http://118.244.214.210:443/
217. http://199.119.78.9:443/
218. http://46.105.131.87/
219. http://80.69.56.5:50000/
220. http://24.245.228.104:8090/
221. http://157.7.164.23:8080/
222. http://54.37.131.63/
223. http://54.38.40.148/
224. http://194.88.246.242:443/
225. http://27.50.89.209:8080/
226. http://173.184.118.165:443/
227. http://162.212.100.241:8443/
228. http://71.244.60.231:4143/
229. http://194.150.118.8:443/
230. http://173.197.222.214:443/
231. http://82.28.208.186/
232. -------------------------------------------
233. sorted
234. -------------------------------------------
235. 54.39.58.168
236. 96.3.21.210
237. 23.25.83.53
238. 216.21.168.27
239. 173.184.118.165
240. 109.75.36.105
241. 173.195.17.3
242. 108.170.54.171
243. 199.119.78.38
244. 149.62.173.247
245. 103.59.201.76
246. 111.93.226.226
247. 100.38.109.244
248. 209.15.84.54
249. 73.70.43.159
250. 222.214.218.192
251. 172.95.38.36
252. 81.154.227.235
253. 146.185.170.222
254. 118.244.214.210
255. 199.119.78.9
256. 46.105.131.87
257. 78.47.182.42
258. 186.71.69.226
259. 46.105.131.69
260. 202.141.245.30
261. 24.245.228.104
262. 173.184.118.165
263. 27.50.89.209
264. 157.7.164.23
265. 54.37.131.63
266. 194.88.246.242
267. 80.69.56.5
268. 173.197.222.214
269. 71.244.60.231
270. 82.28.208.186
271. 162.212.100.241
272. 194.150.118.8