2019-10-31 Emotet IOCs

SENDERS OBSERVED
facqro@tnl.com.mx
madiha.shah@ltnworld.com
adalana@propark.org
nfe@norky.com.br
arlyn.bustillo@intur.hn
amelia@mptravel.com.my
luciama@westvaal.co.za
mohamed@sres.co.tz
info@sakaautogas.com
mohamed@sres.co.tz
sanjanik@dlt.lk
emilykaytlyn@gavinpublishersonline.com
tlee@brainstorm3d.com
info@lamassuhotel.com
info@gingernco.com

DOCUMENT FILE HASHES
29bad1fec7af0f9008f77cce6f432c10
320984a7e9a47491f6f0f63674f48274
593dc0e35fdfdee83124bd54234ecbe8
7dcf71614942c4d98387eeb239f1509b
a999a58487abfcd2f5fcd8ed5dbc8be8
cf164388fa8101a6654698256285a78a
fd7ac344c2ca7b5250051494e700c887

PAYLOAD FILE HASHES
4cece2be4216e74431d409846dac2fbc
90eb3592106e52097e997bece1682c07
b477f4d675eb172decbe9d0c5944e342
c725b9594f46441ec770ac29b8eedf58
f74010154ad84694882b6e7739dd4e63

EMOTET PAYLOAD URLs
http://ar.cypruscrownivf.com/a587/xcqup/
http://benjamin-shoes.com/wp-admin/iqgp7/
http://content.greenvines.com.tw/wp-content/i2122/
http://dapurgarment.com/administrator/kiqn151/
http://demo.hccm.org.uk/alfacgiapi/NpgWWq/
http://dev.comgraphx.com/wp-admin/euNrLUZBh/
http://dev.edit.work/wp-admin/5z427/
http://docs.jazenetworks.com/wp-includes/5djb8pooi-pn7tnasr-96945/
http://executivemba.tabuzzco.com/wp-content/2cf60913/
http://go.skyyer.com/ha8aq/DoZSYZQPT/
http://gsmbrain.com/wp-content/795lnl/
http://gtstar.ir/wp-content/1q6q09283/
http://heyujewelry.com/wp-includes/3p2z3768/
http://hiphopbrasil.com.br/wp-content/uploads/y41vpLLg/
http://hope.icrisat.org/wp-snapshots/d376u2wop-ygs9lfy-56/
http://joleen.milfoy.net/test/lk0bll96/
http://komatireddy.net/wp-content/frn377/
http://level757.com/projects/1qdy1160861/
http://libasfashion.com/wp-admin/v4a-9j2qy08m2-1981501677/
http://miamiplumbingrepairs.com/wp-admin/jf11/
http://money-talks.info/__MACOSX/cfir802/
http://new.alfarenginiai.lt/wp-admin/MJSXwNZo/
http://partnersoft.media/phpmailo/17994/
http://portiaplayground.ca/cgi-bin/hzf92w-oqs-33/
http://rusyatamareload.web.id/cgi-bin/umm681g4/
http://ryghthelp.com/wp-admin/5modb/
http://simasaktiumroh.com/formulir-pendaftaran/tiru/
http://skdesignstudio.000webhostapp.com/wp-admin/hzcc-69fi-33/
http://spreas.xyz/wp-admin/SdvwpV/
http://staging.talon-eng.co.uk/wp-content/ftffm7iy7-o698k6pd5-88760289/
http://staging.thenaturallifestyles.com/wnty/1470074/
http://surenarora.com/consultation/mco3mnlyp-i1a-41590401/
http://takasago-kita.chibikko-land.jp/wp/y25-dflm-7655335990/
http://teacheryou.cn/hrhmcz5i/tyy3/
http://temp.salpg.com/wp-admin/w4gp1ixv0-tcql-30444061/
http://test.americasppo.com/rtbao/fUbCYQX/
http://test.forma-web.org/sbtamr/9ymv71770/
http://thenigerianimmigrant.com/m4omnui/813/
http://tintucdanang.net/cgi-bin/XG7/
http://wp.airzone.es/wp-includes/0ozodq-rgthjjb-82425/
http://wp.jednicky.cz/wp-core/uwvhYBcW/
http://www.alalam.ma/wp-content/uploads/2019/08/zej/
http://www.confidentlook.co.uk/wp-content/uqis512/saeQtMI/
http://www.e-bilab.gr/wp-content/uploads/2019/i8yx8gn/
http://www.kaanmed.com.tr/en/wp-content/b2jLZV/
http://www.sadgosp.shop/qg9l2ckmo/6179a20893/
http://www.susancollectibles.com/vqb5uc/efd70320/
http://www.uniodontopg.com.br/wp-includes/4fty/
http://www.vianostra.fr/wp-admin/a2/
http://zilianmy.com/yy0ghjx/N/
http://zina.h-ide.pl/gp9aakx/iWduWudlc/
https://africancontrol.com/wp-includes/JYlp5BJ2y/
https://aliceandesther.co.nz/wp-content/GtJOh/
https://bbcproducts.in/wp-admin/aNIjfxmDE/
https://benjamin-shoes.com/wp-admin/iQgp7/
https://bhoroshasthol.com/wp-content/MHufVYH/
https://blog.powderhook.com/wp-content/plugins/sgysobg/pSM/
https://elektro.polsri.ac.id/scriptso/ntgHRUc/
https://hockeykingdom.fr/wp-admin/tFrmVp1E1a/
https://hotellizbeth.mx/cgi-bin/4ymek8o-wz0k2-65/
https://joleen.milfoy.net/test/lk0bll96/
https://libasfashion.com/wp-admin/v4a-9j2qy08m2-1981501677/
https://middelkoop-techniek.nl/cgi-bin/2UE/
https://mrkhosrojerdi.ir/wp-admin/ecv5jr/
https://nargsmoke.jumps.com.br/v9713/eY/
https://onlineaddaforstudy.com/frontpage/l17613/
https://partnersoft.media/phpmailo/17994/
https://rewaco.mktrike.cz/4u2za/yi4p45/
https://simasaktiumroh.com/formulir-pendaftaran/tiru/
https://skdesignstudio.000webhostapp.com/wp-admin/hzcc-69fi-33/
https://sovintage.vn/wp-admin/YwBaFk/
https://staging.thenaturallifestyles.com/wnty/1470074/
https://surenarora.com/consultation/mco3mnlyp-i1a-41590401/
https://teacheryou.cn/hrhmcz5i/tyy3/
https://techecn.com/installl/seahjb83366/
https://test.americasppo.com/rtbao/fUbCYQX/
https://test.barankaraboga.com/tema/2g467/
https://thepeteryee.com/traffic/csteh058823/
https://topreviewpro.co/wp-admin/dl4-rx6d5daymy-40865/
https://vejaaki.site/wp-includes/DyIrunc/
https://www.alalam.ma/wp-content/uploads/2019/08/zej/
https://www.confidentlook.co.uk/wp-content/uqis512/saeQtMI/
https://www.egmgrupo.com/wp-admin/network/ij9s/
https://xtremeinflatables.com.au/zty/evudsvi35/96n/

EMOTET C2s
http://103.39.131.88
http://104.131.11.150:8080
http://104.131.44.150:8080
http://104.236.246.93:8080
http://110.36.234.146
http://113.52.135.33:7080
http://115.78.95.230:443
http://124.150.175.129:8080
http://124.150.175.133
http://124.240.198.66
http://133.167.80.63:7080
http://136.243.177.26:8080
http://138.186.179.235:8080
http://138.197.140.163:8080
http://138.201.140.110:8080
http://139.162.185.116:443
http://142.93.87.198:8080
http://143.95.101.72:8080
http://144.139.247.220
http://144.76.62.10:8080
http://149.202.153.252:8080
http://152.170.220.95
http://152.89.236.214:8080
http://154.120.227.206:8080
http://157.7.164.178:8081
http://159.65.25.128:8080
http://162.241.134.130:8080
http://167.71.10.37:8080
http://167.99.105.223:7080
http://169.239.182.217:8080
http://172.104.70.207:8080
http://173.212.203.26:8080
http://173.249.47.77:8080
http://176.31.200.130:8080
http://176.58.93.123
http://178.210.51.222:8080
http://178.249.187.150:7080
http://178.79.161.166:443
http://181.143.194.138:443
http://181.197.2.80:443
http://181.198.203.45:443
http://181.36.42.205:443
http://182.176.132.213:8090
http://183.102.238.69:465
http://185.187.198.15
http://185.45.24.254:7080
http://185.94.252.13:443
http://186.109.91.136
http://186.146.110.108:8080
http://186.159.246.121
http://186.18.224.149
http://186.4.172.5:20
http://186.4.172.5:443
http://186.4.172.5:8080
http://186.75.241.230
http://186.84.173.153
http://187.143.219.242:8080
http://187.188.166.192
http://189.145.6.189
http://189.209.217.49
http://189.218.243.150:443
http://190.117.206.153:443
http://190.145.67.134:8090
http://190.16.101.10
http://190.195.148.163
http://190.211.207.11:443
http://190.217.1.149
http://190.228.72.244:53
http://190.55.39.215
http://190.96.118.15:443
http://192.163.221.191:8080
http://192.241.220.155:8080
http://192.241.220.183:8080
http://192.81.213.192:8080
http://198.199.114.69:8080
http://198.57.217.170:8080
http://200.109.58.183:443
http://200.51.94.251
http://200.55.168.82:20
http://200.71.148.138:8080
http://201.196.15.79:990
http://201.208.244.123:443
http://201.210.70.8:8080
http://203.99.188.11:443
http://206.189.98.125:8080
http://209.141.41.136:8080
http://211.229.116.130
http://211.63.71.72:8080
http://212.112.113.235
http://212.129.24.79:8080
http://212.71.234.16:8080
http://216.70.88.55:8080
http://216.75.37.196:8080
http://217.160.182.191:8080
http://23.253.207.142:8080
http://27.147.163.188:8080
http://31.12.67.62:7080
http://31.172.240.91:8080
http://37.157.194.134:443
http://37.187.2.199:443
http://42.190.4.92:443
http://45.33.49.124:443
http://46.105.131.68:8080
http://46.105.131.87
http://47.41.213.2:22
http://5.189.148.98:8080
http://5.196.74.210:8080
http://51.38.134.203:8080
http://59.103.164.174
http://60.52.64.122
http://62.75.187.192:8080
http://70.45.30.28
http://75.154.163.1:8090
http://78.24.219.147:8080
http://83.136.245.190:8080
http://83.169.33.157:8080
http://85.104.121.33:8443
http://85.104.59.244:20
http://86.150.70.135
http://86.22.221.170
http://87.106.136.232:8080
http://87.106.139.101:8080
http://87.230.19.21:8080
http://91.109.5.28:8080
http://91.205.215.66:8080
http://92.222.216.44:8080
http://94.177.216.217:8080
http://94.177.253.126
http://94.205.247.10
http://95.128.43.213:8080
http://95.216.207.86:7080
http://95.216.212.157:8080
http://96.20.84.254:7080