otx.alienvault.com
Open in
urlscan Pro
13.32.121.88
Public Scan
URL:
https://otx.alienvault.com/pulse/66d81f146f00d5c462419815
Submission: On September 05 via api from NL — Scanned from NL
Submission: On September 05 via api from NL — Scanned from NL
Form analysis 0 forms found in the DOM
Text Content
× Loading... * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (284403) Suggest Edit Clone Embed Download Report Spam EMANSREPO STEALER: MULTI-VECTOR ATTACK CHAINS * Created 21 hours ago * Modified 20 hours ago by AlienVault * Public * TLP: White A Python infostealer named Emansrepo has been observed since November 2023, distributed via phishing emails containing fake purchase orders and invoices. The malware steals browser data, credit card information, and files, sending them to the attacker's email. The attack chain has evolved, becoming more complex with multiple stages before downloading Emansrepo. Three main attack chains are described, involving HTML files, AutoIt scripts, and PowerShell commands. The stealer's behavior is divided into three parts, targeting different types of data. A new related campaign using Remcos malware has also been identified. The attackers continuously evolve their methods, emphasizing the importance of cybersecurity awareness for organizations. Reference: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains Tags: phishing, emansrepo, infostealer, remcos Malware Families: Emansrepo , Remcos Att&ck IDs: T1056.001 - Keylogging , T1114 - Email Collection , T1005 - Data from Local System , T1555 - Credentials from Password Stores , T1074 - Data Staged , T1552.001 - Credentials In Files , T1204 - User Execution , T1041 - Exfiltration Over C2 Channel , T1059.001 - PowerShell , T1566 - Phishing , T1059.006 - Python , T1059.005 - Visual Basic Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (50) * Related Pulses (4) * Comments (0) * History (0) IPv4 (2)Other (12)FileHash-MD5 (4)FileHash-SHA256 (21)FileHash-SHA1 (4)URL (5) TYPES OF INDICATORS United States (2) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-MD552a5dc40d2942d6776a15366797ac5a6Sep 4, 2024, 8:49:25 AM2FileHash-MD55737683c12a5d76fd8aefeeebc2e4eb5Sep 4, 2024, 8:49:25 AM3FileHash-MD57e624d04567390e409c27ac1203d7e65Sep 4, 2024, 8:49:25 AM3FileHash-MD594ebcda891d70f117249d025c829fc2bSep 4, 2024, 8:49:25 AM2FileHash-SHA11e19d1aa6c9e7e20a73568f81bfd2fcc8685c1fcSep 4, 2024, 8:49:25 AM2FileHash-SHA145f9218a745ed83a7f382d89ebea1f71d4902e07Sep 4, 2024, 8:49:25 AM2FileHash-SHA19856a70d1a1ba47e97f24e0664a2e0add0998ffbSep 4, 2024, 8:49:25 AM3FileHash-SHA1ea4e515e003438d68d51f1d27971d3ca8330a651Sep 4, 2024, 8:49:25 AM3FileHash-SHA25618459be33cd4f59081098435a0fbaa649f301f985647a75d21b7fc337378e59bSep 4, 2024, 8:49:25 AM2FileHash-SHA256222dd76c461e70c3cb330bacfcf465751b07331c4f8a4415c09f4cd7c4e6fcd9Sep 4, 2024, 8:49:25 AM2 SHOWING 1 TO 10 OF 50 ENTRIES 1 2 3 4 5 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2024 LevelBlue, Inc. * Legal * Status