Nuova campagna Malware Emotet del 23 Settembre 2020. Sono state identificate 3 diverse logiche per la compromissione delle postazioni:

  1. E-Mail con documento Word malevolo in allegato
  2. E-Mail con ZIP (con password) contenente documento Word malevolo
  3. E-Mail con URL per il download del documento Word malevolo

Tutti i documenti Word contengono una Macro malevola per il download e installazione del Trojan Emotet.

Di seguito alcuni dettagli:

Indicatori di Compromissione parziali:

C2: 76.168.54.203:80C2: 174.113.69.136:80C2: 98.13.75.196:80
C2: 51.38.124.206:80C2: 178.250.54.208:8080C2: 185.178.10.77:80
C2: 38.88.126.202:8080C2: 190.2.31.172:80C2: 181.129.96.162:8080
C2: 54.37.42.48:8080C2: 45.16.226.117:443C2: 67.247.242.247:80
C2: 5.196.35.138:7080C2: 50.121.220.50:80C2: 170.81.48.2:80
C2: 177.129.17.170:443C2: 217.13.106.14:8080C2: 199.203.62.165:80
C2: 87.106.46.107:8080C2: 217.199.160.224:7080C2: 204.225.249.100:7080
C2: 68.183.190.199:8080C2: 80.11.164.185:80C2: 77.106.157.34:8080
C2: 185.183.16.47:80C2: 172.104.169.32:8080C2: 68.183.170.114:8080
C2: 186.103.141.250:443C2: 77.90.136.129:8080C2: 45.46.37.97:80
C2: 64.201.88.132:80C2: 123.51.47.18:80C2: 70.32.115.157:8080
C2: 70.32.84.74:8080C2: 82.230.1.24:80C2: 190.163.31.26:80
C2: 68.69.155.181:80C2: 74.58.215.226:80C2: 94.176.234.118:443
C2: 82.76.111.249:443C2: 185.94.252.27:443C2: 95.9.180.128:80
C2: 111.67.12.221:8080C2: 181.30.61.163:443C2: 104.131.103.37:8080
C2: 60.93.23.51:80C2: 111.67.77.202:8080C2: 35.143.99.174:80
C2: 104.131.41.185:8080C2: 96.227.52.8:443C2: 91.105.94.200:80
C2: 92.24.50.153:80C2: 2.36.95.106:80C2: 190.6.193.152:8080
C2: 191.182.6.118:80C2: 78.249.119.122:80C2: 155.186.0.121:80
C2: 61.197.92.216:80C2: 209.236.123.42:8080C2: 219.92.13.25:80
C2: 213.197.182.158:8080C2: 185.215.227.107:443C2: 12.162.84.2:8080
C2: 137.74.106.111:7080C2: 188.135.15.49:80C2: 220.109.145.69:80
C2: 138.97.60.141:7080C2: 83.169.21.32:7080C2: 177.74.228.34:80
C2: 187.162.248.237:80C2: 96.245.123.149:80C2: 77.238.212.227:80
C2: 110.142.219.51:80C2: 216.47.196.104:80C2: 61.92.159.208:8080
C2: 51.159.23.217:443C2: 50.28.51.143:8080C2: 186.70.127.199:8090
C2: 192.241.143.52:8080C2: 5.189.178.202:8080C2: 45.33.77.42:8080
C2: 190.24.243.186:80C2: 74.136.144.133:80C2: 152.169.22.67:80
C2: 51.255.165.160:8080C2: 72.47.248.48:7080C2: 192.241.146.84:8080
C2: 212.71.237.140:8080C2: 190.190.148.27:8080C2: 185.94.252.12:80
C2: 190.115.18.139:8080C2: 189.2.177.210:443C2: 177.73.0.98:443
C2: 65.36.62.20:80
emotetiocmalspamtrojan

Take your cyber- defence to a new level!

Cybersecurity is of vital importance in today's digital landscape. Our innovative and tailored solutions provide impenetrable defense for businesses of all sizes.

More info here

this is a link

Related articles

qr code phishing
Cyber Security NewsReport

The Rising Threat of QR Code-Enabled Phishing Emails: Quishing

by serverca
on Sep 22
In the ever-evolving landscape of cyber threats, threat actors are constantly seeking […]
Read more
Cyber Security NewsCyber Security News

Cyber Attack Risk: Follina

by serverca
on Sep 20
Risks and Solutions How to protect and how to react The identification […]
Read more
fickerstealer
Cyber Security NewsCyber Security News

New Malspam campaign to deploy FickerStealer Malware

by serverca
on Sep 20
Over the last week (26th of July 2021), CERT-AGID observed a malspam […]
Read more