Rewterz Threat Alert – Emotet Malware – IOCs

Severity

High

Analysis Summary

Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via maliciousscript, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “YourInvoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies. Emotet has gone through a few iterations. Early versions arrived as a malicious JavaScript file. Later versions evolved to use macro-enabled documents to retrieve the virus payload from command and control (C&C) servers run by the attackers.

Impact

• Financial loss 
• Exposure of sensitive data

Indicators of Compromise

URL

• https[:]//www[.]actacomunicacao[.]com[.]br/provisorio/sites/rrbh2hrzhzcc-0530/
• https[:]//www[.]lvl[.]com[.]br/wp-includes/payment/20657897730822784/8dlv-00575/
• http[:]//162[.]249[.]220[.]190/V5TnGcu/SWW9cFu34rA/
• http[:]//162[.]249[.]220[.]190/3WnbttSvO/ssRwBGKjglHhvFq/
• http[:]//162[.]249[.]220[.]190/0BZBlIc9GOA/CGbd3/
• https[:]//www[.]pxid360[.]com/wp-admin/GYU8FEISMJW1X6I/46974/gbb20zj-000761071/
• https[:]//blog[.]nucleoevent[.]com/wp-admin/form/07867514834268/fsUgfz/
• https[:]//moraniz[.]co[.]il/wp-content/72734409736/Ku/
• http[:]//tastes2plate[.]com/wp-content/uploads/report/u4o55hkjzd-00014/
• http[:]//162[.]249[.]220[.]190/AByb2tKV5PCTyU/HHy7k/jBMhFOG7MOr/

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.