{"id":1465,"date":"2020-09-23T10:04:02","date_gmt":"2020-09-23T08:04:02","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=1465"},"modified":"2020-09-23T10:04:02","modified_gmt":"2020-09-23T08:04:02","slug":"trojan-emotet-23-settembre-2020","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/cyber-security-news\/trojan-emotet-23-settembre-2020\/","title":{"rendered":"Trojan Emotet &#8211; 23 Settembre 2020"},"content":{"rendered":"\n<p>Nuova campagna Malware Emotet del 23 Settembre 2020. Sono state identificate 3 diverse logiche per la compromissione delle postazioni:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>E-Mail con documento Word malevolo in allegato<\/li><li>E-Mail con ZIP (con password) contenente documento Word malevolo  <\/li><li>E-Mail con URL per il download del documento Word malevolo<\/li><\/ol>\n\n\n\n<p style=\"text-align: justify\">Tutti i documenti Word contengono una Macro malevola per il download e installazione del Trojan Emotet.<\/p>\n<p>Di seguito alcuni dettagli:<\/p>\n\n\n\n<figure class=\"wp-block-gallery columns-3 is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\"><ul class=\"blocks-gallery-grid\"><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/3.png\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/3.png\" alt=\"\" data-id=\"1467\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/3.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1467\" class=\"wp-image-1467\" loading=\"lazy\" \/><\/a><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/2-1.png\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/2-1-1024x464.png\" alt=\"\" data-id=\"1468\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/2-1.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1468\" class=\"wp-image-1468\" loading=\"lazy\" \/><\/a><\/figure><\/li><li class=\"blocks-gallery-item\"><figure><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/1.png\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/1-1024x334.png\" alt=\"\" data-id=\"1469\" data-full-url=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/09\/1.png\" data-link=\"https:\/\/fortgale.com\/news\/?attachment_id=1469\" class=\"wp-image-1469\" loading=\"lazy\" \/><\/a><\/figure><\/li><\/ul><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Indicatori di Compromissione parziali:<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"\"><tbody><tr><td>C2:\n  76.168.54.203:80<\/td><td>C2:\n  174.113.69.136:80<\/td><td>C2:\n  98.13.75.196:80<\/td><\/tr><tr><td>C2:\n  51.38.124.206:80<\/td><td>C2:\n  178.250.54.208:8080<\/td><td>C2: 185.178.10.77:80<\/td><\/tr><tr><td>C2:\n  38.88.126.202:8080<\/td><td>C2: 190.2.31.172:80<\/td><td>C2:\n  181.129.96.162:8080<\/td><\/tr><tr><td>C2:\n  54.37.42.48:8080<\/td><td>C2: 45.16.226.117:443<\/td><td>C2: 67.247.242.247:80<\/td><\/tr><tr><td>C2:\n  5.196.35.138:7080<\/td><td>C2: 50.121.220.50:80<\/td><td>C2: 170.81.48.2:80<\/td><\/tr><tr><td>C2:\n  177.129.17.170:443<\/td><td>C2:\n  217.13.106.14:8080<\/td><td>C2: 199.203.62.165:80<\/td><\/tr><tr><td>C2:\n  87.106.46.107:8080<\/td><td>C2:\n  217.199.160.224:7080<\/td><td>C2:\n  204.225.249.100:7080<\/td><\/tr><tr><td>C2:\n  68.183.190.199:8080<\/td><td>C2: 80.11.164.185:80<\/td><td>C2:\n  77.106.157.34:8080<\/td><\/tr><tr><td>C2:\n  185.183.16.47:80<\/td><td>C2:\n  172.104.169.32:8080<\/td><td>C2:\n  68.183.170.114:8080<\/td><\/tr><tr><td>C2:\n  186.103.141.250:443<\/td><td>C2:\n  77.90.136.129:8080<\/td><td>C2: 45.46.37.97:80<\/td><\/tr><tr><td>C2:\n  64.201.88.132:80<\/td><td>C2: 123.51.47.18:80<\/td><td>C2:\n  70.32.115.157:8080<\/td><\/tr><tr><td>C2:\n  70.32.84.74:8080<\/td><td>C2: 82.230.1.24:80<\/td><td>C2: 190.163.31.26:80<\/td><\/tr><tr><td>C2:\n  68.69.155.181:80<\/td><td>C2: 74.58.215.226:80<\/td><td>C2:\n  94.176.234.118:443<\/td><\/tr><tr><td>C2:\n  82.76.111.249:443<\/td><td>C2: 185.94.252.27:443<\/td><td>C2: 95.9.180.128:80<\/td><\/tr><tr><td>C2:\n  111.67.12.221:8080<\/td><td>C2: 181.30.61.163:443<\/td><td>C2:\n  104.131.103.37:8080<\/td><\/tr><tr><td>C2:\n  60.93.23.51:80<\/td><td>C2:\n  111.67.77.202:8080<\/td><td>C2: 35.143.99.174:80<\/td><\/tr><tr><td>C2:\n  104.131.41.185:8080<\/td><td>C2: 96.227.52.8:443<\/td><td>C2: 91.105.94.200:80<\/td><\/tr><tr><td>C2:\n  92.24.50.153:80<\/td><td>C2: 2.36.95.106:80<\/td><td>C2:\n  190.6.193.152:8080<\/td><\/tr><tr><td>C2:\n  191.182.6.118:80<\/td><td>C2: 78.249.119.122:80<\/td><td>C2: 155.186.0.121:80<\/td><\/tr><tr><td>C2:\n  61.197.92.216:80<\/td><td>C2:\n  209.236.123.42:8080<\/td><td>C2: 219.92.13.25:80<\/td><\/tr><tr><td>C2:\n  213.197.182.158:8080<\/td><td>C2:\n  185.215.227.107:443<\/td><td>C2: 12.162.84.2:8080<\/td><\/tr><tr><td>C2:\n  137.74.106.111:7080<\/td><td>C2: 188.135.15.49:80<\/td><td>C2: 220.109.145.69:80<\/td><\/tr><tr><td>C2:\n  138.97.60.141:7080<\/td><td>C2: 83.169.21.32:7080<\/td><td>C2: 177.74.228.34:80<\/td><\/tr><tr><td>C2:\n  187.162.248.237:80<\/td><td>C2: 96.245.123.149:80<\/td><td>C2: 77.238.212.227:80<\/td><\/tr><tr><td>C2:\n  110.142.219.51:80<\/td><td>C2: 216.47.196.104:80<\/td><td>C2:\n  61.92.159.208:8080<\/td><\/tr><tr><td>C2:\n  51.159.23.217:443<\/td><td>C2: 50.28.51.143:8080<\/td><td>C2:\n  186.70.127.199:8090<\/td><\/tr><tr><td>C2:\n  192.241.143.52:8080<\/td><td>C2:\n  5.189.178.202:8080<\/td><td>C2: 45.33.77.42:8080<\/td><\/tr><tr><td>C2:\n  190.24.243.186:80<\/td><td>C2: 74.136.144.133:80<\/td><td>C2: 152.169.22.67:80<\/td><\/tr><tr><td>C2:\n  51.255.165.160:8080<\/td><td>C2: 72.47.248.48:7080<\/td><td>C2:\n  192.241.146.84:8080<\/td><\/tr><tr><td>C2:\n  212.71.237.140:8080<\/td><td>C2:\n  190.190.148.27:8080<\/td><td>C2: 185.94.252.12:80<\/td><\/tr><tr><td>C2:\n  190.115.18.139:8080<\/td><td>C2: 189.2.177.210:443<\/td><td>C2: 177.73.0.98:443<\/td><\/tr><tr><td>C2:\n  65.36.62.20:80<\/td><td><\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>E-Mail con documento Word malevolo in allegato E-Mail con ZIP (con password) contenente documento Word malevolo E-Mail con URL per il download del documento Word malevolo Indicatori di Compromissione parziali: C2: 76.168.54.203:80 C2: 174.113.69.136:80 C2: 98.13.75.196:80 C2: 51.38.124.206:80 C2: 178.250.54.208:8080 C2: 185.178.10.77:80 C2: 38.88.126.202:8080 C2: 190.2.31.172:80 C2: 181.129.96.162:8080 C2: 54.37.42.48:8080 C2: 45.16.226.117:443 C2: 67.247.242.247:80 C2: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1466,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[125,185,211,362],"class_list":["post-1465","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-news","tag-emotet","tag-ioc","tag-malspam","tag-trojan"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1465","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=1465"}],"version-history":[{"count":0,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1465\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=1465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=1465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=1465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}