top of page
Kaspersky report on Emotet modules and recent attacks | Securelist
C45-2022-04-13-6
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
51.91.76.89 | 13/04/2022 | IPv4 |
206.188.212.92 | 13/04/2022 | IPv4 |
188.44.20.25 | 13/04/2022 | IPv4 |
70.36.102.35 | 13/04/2022 | IPv4 |
197.242.150.244 | 13/04/2022 | IPv4 |
1.234.2.232 | 13/04/2022 | IPv4 |
176.56.128.118 | 13/04/2022 | IPv4 |
ed1f9e435dc885292eab65620c51f3fb | 13/04/2022 | MD5 |
153.126.146.25 | 13/04/2022 | IPv4 |
46.55.222.11 | 13/04/2022 | IPv4 |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with the same names that were used when creating the service.
Autostart key in registry
As soon as the Emotet DLL is launched | 13/04/2022 | Win_Registry |
173.212.193.249 | 13/04/2022 | IPv4 |
92.240.254.110 | 13/04/2022 | IPv4 |
151.106.112.196 | 13/04/2022 | IPv4 |
51.91.7.5 | 13/04/2022 | IPv4 |
5.9.116.246 | 13/04/2022 | IPv4 |
51.254.140.238 | 13/04/2022 | IPv4 |
107.182.225.142 | 13/04/2022 | IPv4 |
CVE-2022-22965 | 13/04/2022 | CVE |
45.142.114.231 | 13/04/2022 | IPv4 |
138.185.72.26 | 13/04/2022 | IPv4 |
212.237.17.99 | 13/04/2022 | IPv4 |
72.15.201.15 | 13/04/2022 | IPv4 |
159.65.88.10 | 13/04/2022 | IPv4 |
119.193.124.41 | 13/04/2022 | IPv4 |
185.157.82.211 | 13/04/2022 | IPv4 |
110.232.117.186 | 13/04/2022 | IPv4 |
45.118.135.203 | 13/04/2022 | IPv4 |
146.59.226.45 | 13/04/2022 | IPv4 |
31.24.158.56 | 13/04/2022 | IPv4 |
176.104.106.96 | 13/04/2022 | IPv4 |
131.100.24.231 | 13/04/2022 | IPv4 |
CVE-2021-44228 | 13/04/2022 | CVE |
212.24.98.99 | 13/04/2022 | IPv4 |
195.201.151.129 | 13/04/2022 | IPv4 |
196.218.30.83 | 13/04/2022 | IPv4 |
209.250.246.206 | 13/04/2022 | IPv4 |
82.165.152.127 | 13/04/2022 | IPv4 |
101.50.0.91 | 13/04/2022 | IPv4 |
178.79.147.66 | 13/04/2022 | IPv4 |
103.75.201.2 | 13/04/2022 | IPv4 |
50.116.54.215 | 13/04/2022 | IPv4 |
103.43.46.182 | 13/04/2022 | IPv4 |
CVE-2022-0847 | 13/04/2022 | CVE |
217.182.25.250 | 13/04/2022 | IPv4 |
bottom of page