IoC (TT Malware Log)

Malware の IoC(Indicator)情報

◆注意◆ マルウェア専門家向けサイト

     FQDN, URL,IPアドレス等はそのまま掲載しています


** Caution ** Malware expert site

                    FQDN, URL, IP address etc. are posted as they are

Emotet (2020/07/17-2)

【インディケータ情報】

■ハッシュ情報(Sha256) - Emotet Document-

5d2c6110f2ea87a6b7fe9256affbac0eebdeee18081d59e05df4b4a17417492b
4fdff0ebd50d37a32eb5c3a1b2009cb9764e679d8ee95ca7551815b7e8406206
bb5602ea74258ccad36d28f6a5315d07fbeb442a02d0c91b39ca6ba0a0fe71a2
6d86e68c160b25d25765a4f1a2f8f1f032b2d5cb0d1f39d1d504eeaa69492de0
18fab1420a6a968e88909793b3d87af2e8e1e968bf7279d981276a2aa8aa678e
d5213404d4cc40494af138f8051b01ec3f1856b72de3e24f75aca8c024783e89

(以上は MalwareBytes の情報: 引用元は https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ )


■ハッシュ情報(Sha256) - Emotet Binary -

454d3f0170a0aa750253d4bf697f9fa21b8d93c8ca6625c935b30e4b18835374
d51073eef56acf21e741c827b161c3925d9b45f701a9598ced41893c723ace23
1368a26328c15b6d204aef2b7d493738c83fced23f6b49fd8575944b94bcfbf4
7814f49b3d58b0633ea0a2cb44def98673aad07bd99744ec415534606a9ef314
f04388ca778ec86e83bf41aa6bfa1b163f42e916d0fbab7e50eaadc8b47caa50

(以上は MalwareBytes の情報: 引用元は https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ )


■FQDN - Emotet -

elseelektrikci.com
rviradeals.com
skenglish.com
packersmoversmohali.com
tri-comma.com
ramukakaonline.com
shubhinfoways.com
test2.cxyw.net
sustainableandorganicgarments.com
staging.icuskin.com
fivestarcleanerstx.com
bhandaraexpress.com
crm.shaayanpharma.com
zazabajouk.com
e2e-solution.com
topgameus.com
cpads.net
tyres2c.com
thesuperservice.com
ssuse.com

(以上は MalwareBytes の情報: 引用元は https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ )


■IPアドレス - Emotet(C2) -

178.210.171.15
109.117.53.230
212.51.142.238
190.160.53.126

(以上は MalwareBytes の情報: 引用元は https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ )


【検索】

google: 5d2c6110f2ea87a6b7fe9256affbac0eebdeee18081d59e05df4b4a17417492b
google: 4fdff0ebd50d37a32eb5c3a1b2009cb9764e679d8ee95ca7551815b7e8406206
google: bb5602ea74258ccad36d28f6a5315d07fbeb442a02d0c91b39ca6ba0a0fe71a2
google: 6d86e68c160b25d25765a4f1a2f8f1f032b2d5cb0d1f39d1d504eeaa69492de0
google: 18fab1420a6a968e88909793b3d87af2e8e1e968bf7279d981276a2aa8aa678e
google: d5213404d4cc40494af138f8051b01ec3f1856b72de3e24f75aca8c024783e89

google: 454d3f0170a0aa750253d4bf697f9fa21b8d93c8ca6625c935b30e4b18835374
google: d51073eef56acf21e741c827b161c3925d9b45f701a9598ced41893c723ace23
google: 1368a26328c15b6d204aef2b7d493738c83fced23f6b49fd8575944b94bcfbf4
google: 7814f49b3d58b0633ea0a2cb44def98673aad07bd99744ec415534606a9ef314
google: f04388ca778ec86e83bf41aa6bfa1b163f42e916d0fbab7e50eaadc8b47caa50

google: "elseelektrikci.com"
google: "rviradeals.com"
google: "skenglish.com"
google: "packersmoversmohali.com"
google: "tri-comma.com"
google: "ramukakaonline.com"
google: "shubhinfoways.com"
google: "test2.cxyw.net"
google: "sustainableandorganicgarments.com"
google: "staging.icuskin.com"
google: "fivestarcleanerstx.com"
google: "bhandaraexpress.com"
google: "crm.shaayanpharma.com"
google: "zazabajouk.com"
google: "e2e-solution.com"
google: "topgameus.com"
google: "cpads.net"
google: "tyres2c.com"
google: "thesuperservice.com"
google: "ssuse.com"

google: "178.210.171.15"
google: "109.117.53.230"
google: "212.51.142.238"
google: "190.160.53.126"

【VT検索】

https://www.virustotal.com/gui/file/5d2c6110f2ea87a6b7fe9256affbac0eebdeee18081d59e05df4b4a17417492b
https://www.virustotal.com/gui/file/4fdff0ebd50d37a32eb5c3a1b2009cb9764e679d8ee95ca7551815b7e8406206
https://www.virustotal.com/gui/file/bb5602ea74258ccad36d28f6a5315d07fbeb442a02d0c91b39ca6ba0a0fe71a2
https://www.virustotal.com/gui/file/6d86e68c160b25d25765a4f1a2f8f1f032b2d5cb0d1f39d1d504eeaa69492de0
https://www.virustotal.com/gui/file/18fab1420a6a968e88909793b3d87af2e8e1e968bf7279d981276a2aa8aa678e
https://www.virustotal.com/gui/file/d5213404d4cc40494af138f8051b01ec3f1856b72de3e24f75aca8c024783e89

https://www.virustotal.com/gui/file/454d3f0170a0aa750253d4bf697f9fa21b8d93c8ca6625c935b30e4b18835374
https://www.virustotal.com/gui/file/d51073eef56acf21e741c827b161c3925d9b45f701a9598ced41893c723ace23
https://www.virustotal.com/gui/file/1368a26328c15b6d204aef2b7d493738c83fced23f6b49fd8575944b94bcfbf4
https://www.virustotal.com/gui/file/7814f49b3d58b0633ea0a2cb44def98673aad07bd99744ec415534606a9ef314
https://www.virustotal.com/gui/file/f04388ca778ec86e83bf41aa6bfa1b163f42e916d0fbab7e50eaadc8b47caa50

https://www.virustotal.com/gui/domain/elseelektrikci.com
https://www.virustotal.com/gui/domain/rviradeals.com
https://www.virustotal.com/gui/domain/skenglish.com
https://www.virustotal.com/gui/domain/packersmoversmohali.com
https://www.virustotal.com/gui/domain/tri-comma.com
https://www.virustotal.com/gui/domain/ramukakaonline.com
https://www.virustotal.com/gui/domain/shubhinfoways.com
https://www.virustotal.com/gui/domain/test2.cxyw.net
https://www.virustotal.com/gui/domain/sustainableandorganicgarments.com
https://www.virustotal.com/gui/domain/staging.icuskin.com
https://www.virustotal.com/gui/domain/fivestarcleanerstx.com
https://www.virustotal.com/gui/domain/bhandaraexpress.com
https://www.virustotal.com/gui/domain/crm.shaayanpharma.com
https://www.virustotal.com/gui/domain/zazabajouk.com
https://www.virustotal.com/gui/domain/e2e-solution.com
https://www.virustotal.com/gui/domain/topgameus.com
https://www.virustotal.com/gui/domain/cpads.net
https://www.virustotal.com/gui/domain/tyres2c.com
https://www.virustotal.com/gui/domain/thesuperservice.com
https://www.virustotal.com/gui/domain/ssuse.com

https://www.virustotal.com/gui/ip-address/178.210.171.15]
https://www.virustotal.com/gui/ip-address/109.117.53.230]
https://www.virustotal.com/gui/ip-address/212.51.142.238]
https://www.virustotal.com/gui/ip-address/190.160.53.126]


【ブログ】

◆It’s baaaack: Public cyber enemy Emotet has returned (MalwareBytes, 2020/07/17)
https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/
https://malware-log.hatenablog.com/entry/2020/07/17/000000_5


【関連まとめ記事】

全体まとめ
 ◆マルウェア / Malware (まとめ)
  ◆バンキングマルウェア (まとめ)

◆Emotet (まとめ)
http://malware-log.hatenablog.com/entry/Emotet