Emotet_Feodo_C&C_IOCs_24-01-2019

1. #Emotet #Feodo #Banking #Malware
2. -------------------------------------
3. 24-01-2019 IOC's
4. -------------------------------------
5. **DOCUMENT**
6. -------------------------------------
7. Main object- "rqWH-z8oNsQQrrg0v6Gs_XiEOaIkCe-9y"
8. url http://ski.fib.uns.ac.id/rqWH-z8oNsQQrrg0v6Gs_XiEOaIkCe-9y
9. sha256 e0fcc6ad3578351241fa3870a7d80c7364d153b5b92257e6921bf0ff726052a4
10. sha1 730bf541e827f75d3a448ecbcab0534b98204703
11. md5 1a1ea5126d3f712ed6bb928e0f8eba94
12. DNS requests
13. domain sarahleighroddis.com
14. domain fbroz.com
15. domain thesunavenuequan2.com
16. domain ikiw.iniqua.com
17. domain drapart.org
18. Connections
19. ip 199.204.248.121
20. ip 167.99.81.221
21. ip 134.0.10.197
22. ip 202.92.7.103
23. ip 66.33.209.72
24. HTTP/HTTPS requests
25. url http://sarahleighroddis.com/xZs22v11 [Error Connection Timeout]
26. url http://fbroz.com/COeg4ZZ
27. url http://thesunavenuequan2.com/UYUiGwf9j
28. url http://drapart.org/Jvn89HTd2O
29. url http://ikiw.iniqua.com/oO0OtJVo [Error Server returned wrong http response code for url]
30. --------------------------------------
31. **PAYLOADS**
32. --------------------------------------
33. Main object- "AvCJonsPUZBl4k"
34. url http://www.mohammadishmam.com/wp-includes/AvCJonsPUZBl4k/
35. sha256 0a5648f840663534bb8bc8e92ae7191f42d8a21d605536d1754bde31ea6b80fb
36. sha1 b327ff338cdd041702cc0da5946cee104fd1568b
37. md5 863324326cbe82836070995d79d62c3d
38. Connections
39. ip 115.71.233.127
40. ip 45.63.17.206
41. ip 109.121.205.213
42. ip 173.255.196.209
43. ip 148.103.82.211
44. ip 152.231.224.62
45. ip 148.103.7.35
46. ip 137.74.173.19
47. ip 178.254.31.162
48. ip 178.62.37.188
49. ip 181.189.212.120
50. ip 175.205.73.49
51. ip 181.129.30.82
52. ip 179.8.99.239
53. ip 184.149.7.49
54. ip 186.118.161.100
55. ip 181.58.47.34
56. ip 186.114.207.82
57. ip 182.180.170.72
58. ip 186.120.159.140
59. ip 181.225.14.209
60. ip 190.247.62.93
61. ip 186.19.202.88
62. ip 189.149.181.61
63. ip 187.233.137.90
64. ip 189.253.39.50
65. ip 186.137.145.245
66. ip 190.183.58.155
67. ip 190.24.243.186
68. ip 208.78.100.202
69. ip 207.167.7.141
70. ip 191.92.81.199
71. ip 201.130.123.206
72. ip 206.248.110.184
73. ip 190.72.239.156
74. ip 201.190.204.249
75. ip 193.239.235.209
76. ip 190.98.58.170
77. ip 50.31.0.160
78. ip 24.48.215.63
79. ip 41.32.82.216
80. ip 217.86.203.2
81. ip 5.230.147.179
82. ip 41.202.77.180
83. ip 217.13.106.160
84. ip 211.115.111.19
85. ip 51.148.59.233
86. ip 67.205.149.117
87. ip 86.56.233.166
88. ip 62.75.191.231
89. ip 69.195.223.154
90. ip 95.141.175.240
91. ip 93.109.229.250
92. ip 89.211.147.250
93. ip 85.99.247.228
94. ip 98.142.208.27
95. ip 69.198.17.7
96. ip 83.222.124.62
97. HTTP/HTTPS requests
98. url http://45.63.17.206:8080/
99. url http://182.180.170.72:22/
100. url http://206.248.110.184:8080/
101. url http://189.253.39.50:8080/
102. url http://89.211.147.250/
103. url http://93.109.229.250:53/
104. url http://207.167.7.141:20/
105. url http://187.233.137.90/
106. url http://189.149.181.61:465/
107. url http://201.130.123.206/
108. url http://137.74.173.19:8080/
109. url http://50.31.0.160:8080/
110. url http://190.98.58.170:465/
111. url http://62.75.191.231:8080/
112. url http://178.62.37.188:443/
113. url http://190.24.243.186:50000/
114. url http://190.183.58.155:8443/
115. url http://95.141.175.240:443/
116. url http://24.48.215.63/
117. url http://190.247.62.93/
118. url http://69.198.17.7:8080/
119. url http://175.205.73.49/
120. url http://181.129.30.82/
121. url http://85.99.247.228/
122. url http://201.190.204.249:990/
123. url http://217.13.106.160:7080/
124. url http://109.121.205.213:465/
125. url http://69.195.223.154:7080/
126. url http://152.231.224.62:20/
127. url http://51.148.59.233:20/
128. url http://178.254.31.162:8080/
129. url http://148.103.82.211:53/
130. url http://186.114.207.82:465/
131. url http://41.202.77.180:465/
132. url http://181.225.14.209:8080/
133. url http://217.86.203.2:20/
134. url http://148.103.7.35/
135. url http://211.115.111.19:443/
136. url http://190.72.239.156:8090/
137. url http://24.48.215.63:20/
138. url http://191.92.81.199:53/
139. url http://83.222.124.62:8080/
140. url http://181.58.47.34:53/
141. url http://179.8.99.239:443/
142. url http://67.205.149.117:443/
143. url http://184.149.7.49:8090/
144. url http://193.239.235.209:8080/
145. url http://115.71.233.127:443/
146. url http://173.255.196.209:8080/
147. url http://86.56.233.166/
148. url http://98.142.208.27:443/
149. url http://181.189.212.120:465/
150. url http://186.120.159.140:443/
151. url http://41.32.82.216:995/
152. url http://186.19.202.88/
153. url http://208.78.100.202:8080/
154. url http://186.118.161.100:995/
155. url http://5.230.147.179:8080/
156. url http://186.137.145.245:995/
157. -----------------------------------------------
158. Main object- "COeg4ZZ"
159. url http://fbroz.com/COeg4ZZ
160. sha256 389f3728cc616fb381f6471306062ace0a9083746d19296052d6775bbdc5dc8b
161. sha1 f84efa9dea6156e33fc9a66bc9d6e92ec1f40f93
162. md5 c4c175b07148788b94918701b6231c73
163. Connections
164. ip 190.216.238.62
165. ip 200.125.113.60
166. ip 75.159.115.228
167. ip 200.68.61.242
168. ip 186.176.25.133
169. ip 189.250.153.215
170. ip 181.13.229.35
171. ip 186.19.62.24
172. ip 198.46.157.252
173. ip 159.65.76.245
174. ip 72.47.248.48
175. ip 158.174.130.145
176. ip 96.20.46.60
177. ip 179.62.18.56
178. ip 109.170.141.120
179. ip 181.114.107.154
180. ip 138.68.139.199
181. ip 190.179.117.181
182. ip 189.228.123.79
183. ip 51.77.111.116
184. ip 88.253.236.157
185. ip 109.104.79.48
186. ip 187.206.202.129
187. ip 144.76.117.247
188. ip 200.58.78.78
189. ip 92.48.118.27
190. ip 189.252.30.160
191. ip 200.43.231.60
192. ip 219.94.254.93
193. ip 49.212.135.76
194. ip 5.9.128.163
195. ip 94.73.197.123
196. ip 54.37.5.200
197. ip 79.98.31.206
198. ip 165.227.213.173
199. ip 186.136.185.11
200. ip 133.242.208.183
201. ip 99.234.216.14
202. ip 185.86.148.222
203. ip 77.44.120.62
204. ip 192.155.90.90
205. ip 186.68.199.71
206. ip 190.44.204.143
207. ip 191.99.120.221
208. ip 23.254.203.51
209. ip 190.104.191.159
210. ip 170.83.53.71
211. ip 210.2.86.72
212. ip 69.163.33.82
213. ip 182.72.25.180
214. ip 78.189.109.123
215. ip 187.163.60.63
216. HTTP/HTTPS requests
217. url http://200.125.113.60:8080/
218. url http://75.159.115.228:990/
219. url http://190.216.238.62:22/
220. url http://186.176.25.133:20/
221. url http://186.19.62.24:53/
222. url http://189.250.153.215:443/
223. url http://200.68.61.242:8080/
224. url http://181.13.229.35:465/
225. url http://96.20.46.60:50000/
226. url http://159.65.76.245:443/
227. url http://198.46.157.252:8080/
228. url http://72.47.248.48:8080/
229. url http://189.228.123.79:22/
230. url http://109.170.141.120:443/
231. url http://158.174.130.145:20/
232. url http://179.62.18.56:443/
233. url http://181.114.107.154:8080/
234. url http://138.68.139.199:443/
235. url http://190.179.117.181:8443/
236. url http://200.58.78.78/
237. url http://88.253.236.157:8090/
238. url http://92.48.118.27:8080/
239. url http://144.76.117.247:8080/
240. url http://51.77.111.116/
241. url http://189.252.30.160/
242. url http://109.104.79.48:8080/
243. url http://49.212.135.76:443/
244. url http://187.206.202.129:22/
245. url http://5.9.128.163:8080/
246. url http://54.37.5.200:8080/
247. url http://219.94.254.93:8080/
248. url http://79.98.31.206:443/
249. url http://200.43.231.60:990/
250. url http://94.73.197.123:53/
251. url http://165.227.213.173:8080/
252. url http://186.68.199.71:20/
253. url http://192.155.90.90:7080/
254. url http://77.44.120.62/
255. url http://133.242.208.183:8080/
256. url http://190.44.204.143:8443/
257. url http://186.136.185.11:995/
258. url http://185.86.148.222:8080/
259. url http://99.234.216.14:990/
260. url http://191.99.120.221/
261. url http://69.163.33.82:8080/
262. url http://23.254.203.51:8080/
263. url http://190.104.191.159/
264. url http://78.189.109.123:8080/
265. url http://182.72.25.180:443/
266. url http://210.2.86.72:8080/
267. url http://187.163.60.63:443/
268. url http://170.83.53.71/
269. --------------------------------------------
270. Main object- "UYUiGwf9j"
271. url http://thesunavenuequan2.com/UYUiGwf9j
272. sha256 389f3728cc616fb381f6471306062ace0a9083746d19296052d6775bbdc5dc8b
273. sha1 f84efa9dea6156e33fc9a66bc9d6e92ec1f40f93
274. md5 c4c175b07148788b94918701b6231c73
275. Connections
276. ip 190.216.238.62
277. ip 200.125.113.60
278. ip 75.159.115.228
279. ip 189.250.153.215
280. ip 200.68.61.242
281. ip 186.176.25.133
282. ip 186.19.62.24
283. ip 198.46.157.252
284. ip 181.13.229.35
285. ip 96.20.46.60
286. ip 72.47.248.48
287. ip 159.65.76.245
288. ip 189.228.123.79
289. ip 179.62.18.56
290. ip 109.170.141.120
291. ip 181.114.107.154
292. ip 158.174.130.145
293. ip 200.58.78.78
294. ip 92.48.118.27
295. ip 138.68.139.199
296. ip 144.76.117.247
297. ip 88.253.236.157
298. ip 190.179.117.181
299. ip 51.77.111.116
300. ip 109.104.79.48
301. ip 219.94.254.93
302. ip 5.9.128.163
303. ip 79.98.31.206
304. ip 187.206.202.129
305. ip 189.252.30.160
306. ip 49.212.135.76
307. ip 200.43.231.60
308. ip 94.73.197.123
309. ip 165.227.213.173
310. ip 186.68.199.71
311. ip 192.155.90.90
312. ip 190.44.204.143
313. ip 190.104.191.159
314. ip 69.163.33.82
315. ip 99.234.216.14
316. ip 186.136.185.11
317. ip 185.86.148.222
318. ip 191.99.120.221
319. ip 133.242.208.183
320. ip 54.37.5.200
321. ip 77.44.120.62
322. ip 210.2.86.72
323. ip 170.83.53.71
324. ip 187.163.60.63
325. ip 78.189.109.123
326. ip 182.72.25.180
327. ip 23.254.203.51
328. HTTP/HTTPS requests
329. url http://200.68.61.242:8080/
330. url http://200.125.113.60:8080/
331. url http://190.216.238.62:22/
332. url http://186.176.25.133:20/
333. url http://189.250.153.215:443/
334. url http://75.159.115.228:990/
335. url http://186.19.62.24:53/
336. url http://181.13.229.35:465/
337. url http://198.46.157.252:8080/
338. url http://96.20.46.60:50000/
339. url http://159.65.76.245:443/
340. url http://72.47.248.48:8080/
341. url http://179.62.18.56:443/
342. url http://158.174.130.145:20/
343. url http://109.170.141.120:443/
344. url http://189.228.123.79:22/
345. url http://92.48.118.27:8080/
346. url http://190.179.117.181:8443/
347. url http://138.68.139.199:443/
348. url http://181.114.107.154:8080/
349. url http://88.253.236.157:8090/
350. url http://51.77.111.116/
351. url http://187.206.202.129:22/
352. url http://144.76.117.247:8080/
353. url http://200.58.78.78/
354. url http://109.104.79.48:8080/
355. url http://5.9.128.163:8080/
356. url http://79.98.31.206:443/
357. url http://189.252.30.160/
358. url http://49.212.135.76:443/
359. url http://219.94.254.93:8080/
360. url http://94.73.197.123:53/
361. url http://77.44.120.62/
362. url http://186.68.199.71:20/
363. url http://165.227.213.173:8080/
364. url http://200.43.231.60:990/
365. url http://54.37.5.200:8080/
366. url http://192.155.90.90:7080/
367. url http://190.44.204.143:8443/
368. url http://186.136.185.11:995/
369. url http://99.234.216.14:990/
370. url http://133.242.208.183:8080/
371. url http://185.86.148.222:8080/
372. url http://78.189.109.123:8080/
373. url http://23.254.203.51:8080/
374. url http://182.72.25.180:443/
375. url http://190.104.191.159/
376. url http://69.163.33.82:8080/
377. url http://210.2.86.72:8080/
378. url http://191.99.120.221/
379. url http://187.163.60.63:443/
380. url http://170.83.53.71/
381. ----------------------------------------
382. Main object- "Jvn89HTd2O"
383. url http://drapart.org/Jvn89HTd2O
384. sha256 389f3728cc616fb381f6471306062ace0a9083746d19296052d6775bbdc5dc8b
385. sha1 f84efa9dea6156e33fc9a66bc9d6e92ec1f40f93
386. md5 c4c175b07148788b94918701b6231c73
387. Connections
388. ip 200.125.113.60
389. ip 190.216.238.62
390. ip 75.159.115.228
391. ip 186.176.25.133
392. ip 200.68.61.242
393. ip 186.19.62.24
394. ip 189.250.153.215
395. ip 159.65.76.245
396. ip 198.46.157.252
397. ip 72.47.248.48
398. ip 96.20.46.60
399. ip 109.170.141.120
400. ip 179.62.18.56
401. ip 158.174.130.145
402. ip 189.228.123.79
403. ip 181.114.107.154
404. ip 88.253.236.157
405. ip 144.76.117.247
406. ip 200.58.78.78
407. ip 190.179.117.181
408. ip 92.48.118.27
409. ip 138.68.139.199
410. ip 181.13.229.35
411. ip 109.104.79.48
412. ip 189.252.30.160
413. ip 51.77.111.116
414. ip 49.212.135.76
415. ip 187.206.202.129
416. ip 219.94.254.93
417. ip 79.98.31.206
418. ip 5.9.128.163
419. ip 94.73.197.123
420. ip 54.37.5.200
421. ip 200.43.231.60
422. ip 165.227.213.173
423. ip 186.68.199.71
424. ip 190.44.204.143
425. ip 192.155.90.90
426. ip 77.44.120.62
427. ip 186.136.185.11
428. ip 185.86.148.222
429. ip 99.234.216.14
430. ip 133.242.208.183
431. HTTP/HTTPS requests
432. url http://190.216.238.62:22/
433. url http://200.125.113.60:8080/
434. url http://75.159.115.228:990/
435. url http://186.176.25.133:20/
436. url http://200.68.61.242:8080/
437. url http://186.19.62.24:53/
438. url http://189.250.153.215:443/
439. url http://96.20.46.60:50000/
440. url http://181.13.229.35:465/
441. url http://198.46.157.252:8080/
442. url http://72.47.248.48:8080/
443. url http://158.174.130.145:20/
444. url http://159.65.76.245:443/
445. url http://179.62.18.56:443/
446. url http://109.170.141.120:443/
447. url http://189.228.123.79:22/
448. url http://181.114.107.154:8080/
449. url http://88.253.236.157:8090/
450. url http://92.48.118.27:8080/
451. url http://190.179.117.181:8443/
452. url http://144.76.117.247:8080/
453. url http://200.58.78.78/
454. url http://138.68.139.199:443/
455. url http://187.206.202.129:22/
456. url http://109.104.79.48:8080/
457. url http://49.212.135.76:443/
458. url http://51.77.111.116/
459. url http://189.252.30.160/
460. url http://219.94.254.93:8080/
461. url http://5.9.128.163:8080/
462. url http://79.98.31.206:443/
463. url http://200.43.231.60:990/
464. url http://94.73.197.123:53/
465. url http://54.37.5.200:8080/
466. url http://186.136.185.11:995/
467. url http://186.68.199.71:20/
468. url http://190.44.204.143:8443/
469. url http://165.227.213.173:8080/
470. url http://192.155.90.90:7080/
471. url http://77.44.120.62/
472. url http://99.234.216.14:990/
473. url http://133.242.208.183:8080/
474. url http://185.86.148.222:8080/