{ "Event": { "analysis": "1", "date": "2022-04-13", "extends_uuid": "", "info": "[Threat Intel] Kaspersky report on Emotet modules and recent attacks", "protected": false, "publish_timestamp": "1780039585", "published": true, "threat_level_id": "3", "timestamp": "1772901944", "uuid": "f367fd3e-04f5-44cf-a5b0-3231b2be5bd0", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#57b2ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"", "relationship_type": "" }, { "colour": "#77a4ec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"", "relationship_type": "" }, { "colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#750f7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Emotet\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736667568", "to_ids": false, "type": "link", "uuid": "76f89067-fc51-418d-95e9-710a11eb0a45", "value": "https://securelist.com/emotet-modules-and-recent-attacks/106290/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736667568", "to_ids": false, "type": "text", "uuid": "3849b7a9-bfd3-401e-871f-6f2734073f28", "value": "Emotet, a malicious botnet designed to steal user banking credentials, has been able to download 16 new modules, according to research by Kaspersky, the security firm, and its partners." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736667568", "to_ids": false, "type": "text", "uuid": "d13eeb28-10cf-44ff-b2b1-dbdaa27185f6", "value": "Name: Kaspersky report on Emotet modules and recent attacks\nAuthor: AlienVault\nAdversary: \nTags: [\"emotet\", \"trickbot\", \"botnets\", \"trojan banker\"]\nTgtd countries: [\"Malaysia\", \"Germany\", \"China\", \"Viet Nam\", \"India\", \"Indonesia\", \"Brazil\", \"Mexico\", \"Japan\", \"Russian Federation\", \"Italy\"]\nMlwr families: [\"Emotet\", \"Trickbot\"]\nAttack_ids: [\"T1027\", \"T1057\", \"T1496\", \"T1114\", \"T1555\", \"T1059\", \"T1137\", \"T1547\", \"T1566\", \"T1105\"]\nIndustries: []" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736667568", "to_ids": false, "type": "vulnerability", "uuid": "d8bc8342-079d-4d99-b392-647ac0c1027d", "value": "CVE-2021-44228" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736667568", "to_ids": false, "type": "vulnerability", "uuid": "9359a819-1131-4332-9ff3-fad87618a7a3", "value": "CVE-2022-0847" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736667568", "to_ids": false, "type": "vulnerability", "uuid": "6e5f44f9-b082-46c8-a8cd-45c76f2f74cb", "value": "CVE-2022-22965" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "932825f7-28ff-4361-8299-474631d01585", "value": "70.36.102.35|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "af0ec5bc-354e-40c4-8887-183f0fca3ad4", "value": "197.242.150.244|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "16e348fb-0cf8-4e8a-9344-71d9b3d0c712", "value": "188.44.20.25|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "68c2d37b-f3bf-4473-a203-55bd93b1e38a", "value": "45.118.135.203|7080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "f92c66b3-ae17-44b9-b5cb-b9b9ca2aaa7a", "value": "92.240.254.110|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "57b768e7-2685-4b66-b5bd-15d10d8eb96c", "value": "103.43.46.182|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "960b5cdd-f6c0-4783-a83b-a49d1e54ffac", "value": "1.234.2.232|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "19a5f770-47d0-4694-91cc-acbfd0831686", "value": "50.116.54.215|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "3faf6810-c0ed-423e-8b20-d746ff261486", "value": "51.91.76.89|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "f8af1562-ad7c-421a-856d-5726b4dcad13", "value": "206.188.212.92|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "5d509c9d-fd03-4fe8-a843-8d02065f44ae", "value": "153.126.146.25|7080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "4c42dc0f-ea4b-490b-891b-4469586688c8", "value": "178.79.147.66|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "75f66897-85b7-4862-9e78-b4b1599771ee", "value": "217.182.25.250|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "d0ac7d68-4016-42fb-9c62-d72cd8369be9", "value": "196.218.30.83|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "ba0b929f-e2c6-4fb8-8983-e9da4483b4a1", "value": "51.91.7.5|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "ab3ae2b4-925f-425b-a5b1-7d55d6de230d", "value": "72.15.201.15|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "fb956cf1-374c-4dc9-b73c-ad67a2302e99", "value": "119.193.124.41|7080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "658f311d-d45d-4fc8-bca5-6c2ef1d03330", "value": "5.9.116.246|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "2246989f-028a-47f1-b15d-2915d6ec1c9b", "value": "151.106.112.196|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "fed66205-6f57-47af-b554-e044243b4c29", "value": "101.50.0.91|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "c26a89f9-9ad4-4a95-ba2c-b85c96369e8c", "value": "45.142.114.231|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "5b9dff57-7772-4478-830d-b48cbed47d5d", "value": "185.157.82.211|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "81b1260c-2ef3-4e4a-aea3-4926e9c84287", "value": "46.55.222.11|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "7278b542-4a5a-4902-8a96-1edfdd49396a", "value": "103.75.201.2|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "b28869ed-9489-4259-b304-d170c9e6b381", "value": "176.56.128.118|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "61de141b-03cf-4f18-9a56-333286d50e0c", "value": "176.104.106.96|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "e6eaeaa0-cbaf-4b92-b852-7a8006fbef20", "value": "107.182.225.142|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "89921780-6b4f-4be1-9a05-e1ca9a41ecff", "value": "31.24.158.56|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "9104e1d7-4758-4a56-bcfa-d815d6d8c2d8", "value": "51.254.140.238|7080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "13324c77-9dca-4cfd-8211-49d49b92d0e6", "value": "159.65.88.10|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "e2ca7a62-eb77-4a1e-85a5-9e5313d2e564", "value": "82.165.152.127|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "6a443b10-49f8-4859-98c2-785b4a9f5012", "value": "146.59.226.45|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "a545487c-986a-4230-a994-81bd619d4245", "value": "173.212.193.249|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "80bff7b1-fa48-44a0-a6a5-eca436d56640", "value": "212.24.98.99|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "83d3b751-5fdd-4a12-9d9e-97e932c285be", "value": "212.237.17.99|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "afb9e5aa-be6c-4055-a22b-cbf4ccb85483", "value": "110.232.117.186|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "a2fbe463-a8f4-4490-89f2-7e7cf0b07912", "value": "131.100.24.231|80" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "75039086-763f-4f26-b895-43ff3c64c5a6", "value": "209.250.246.206|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "c5f20e9d-e225-464b-9cd4-ad4f921eae78", "value": "195.201.151.129|8080" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740272065", "to_ids": true, "type": "ip-dst|port", "uuid": "410a4d71-0aec-48a8-b8ef-0e78238b62d8", "value": "138.185.72.26|8080" } ] } }