Skip to main content

Emotet C2 Network IOC August 2018 Week 4 Campaign

Article by Vishal Thakur

IPPortCOUNTRYREGIONCITYTIME ZONE StatesTexasDallasCST StatesNew JerseyEST StatesSouth CarolinaTamasseeEST StatesGeorgiaMoultrieEST StatesVirginiaAshburnEST Arab EmiratesDubaiGMT+4 StatesOklahomaOklahoma CityCST StatesMassachusettsCambridgeEST, Republic OfSeoulGMT+9 FederationMoscowGMT+3 StatesNew JerseyBedminsterEST StatesFloridaBrandonEST StatesMissouriSpringfieldCST StatesDelawareSeafordEST StatesDistrict Of ColumbiaWashingtonEST StatesTexasPlanoCST StatesWisconsinRacineCST StatesVirginiaHerndonEST StatesNew MexicoFarmingtonMST StatesMassachusettsBurlingtonEST StatesVirginiaAshburnEST South WalesSydneyGMT+10 StatesNew JerseyCedar KnollsEST StatesMissouriSpringfieldCST StatesCaliforniaSeal BeachPST StatesNew MexicoRio RanchoMST StatesCaliforniaIndioPST StatesConnecticutBloomfieldEST StatesIdahoNampaMST StatesSouth CarolinaGreenvilleEST StatesNevadaHendersonPST StatesFloridaOrlandoEST StatesColoradoDenverMST StatesNew JerseyBedminsterEST States StatesOhioColumbusEST StatesArizonaScottsdaleMST, Islamic Republic OfTehranGMT+3.50 ColumbiaVancouverPST StatesTexasRichardsonCST StatesVirginiaStaffordEST StatesColoradoAuroraMST StatesMarylandFrederickEST StatesNew YorkNew YorkEST ColumbiaVancouverPST StatesDistrict Of ColumbiaWashingtonEST StatesCaliforniaSan JosePST StatesNew JerseyParsippanyEST


Popular posts from this blog

Major update: Emotet C2i Apr 2019

Emotet has updated the C2 comms in the latest release, going for URIs instead of IPs (root). Here’s a complete list of the current campaign: Emotet C2i:

Grinju Downloader: Anti-analysis (on steroids) | Part 2

  This malware takes anti-analysis and stealth techniques to a new level We took a look at this malware in the Part 1 of this publication. Now let’s carry on with the analysis and dig deeper into the various anti-analysis and stealth-exec features of this malware in Part2. Malpedia Inventory: Secondary Macro Code First of all, here’s the entire code that is dumped in the sheet once all the macro functions have been completed. Take a look at these lines and try to figure out what they are meant to do. Then we’ll take a look at the most important of these briefly before moving on to the next section. =CLOSE(FALSE) =FORMULA(LEN(APP.MAXIMIZE())+-459,Sheet1!R18690C129) =FORMULA(LEN(GET.WINDOW(7))+-131,Sheet1!R18691C129) =FORMULA(LEN(GET.WINDOW(20))+-893,Sheet1!R18692C129) =FORMULA(LEN(GET.WINDOW(23)=3)+433,Sheet1!R18693C129) =FORMULA(LEN(GET.WORKSPACE(31))+864,Sheet1!R18694C129) =FORMULA(LEN(GET.WORKSPACE(13)>770)+707,Sheet1!R18