otx.alienvault.com
Open in
urlscan Pro
13.32.121.88
Public Scan
URL:
https://otx.alienvault.com/pulse/641c7ee2a863122234a95261
Submission: On March 23 via api from US — Scanned from DE
Submission: On March 23 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (224119) Suggest Edit Clone Embed Download Report Spam EMOTET RESUMES SPAM OPERATIONS, SWITCHES TO ONENOTE * Created 41 minutes ago by AlienVault * Public * TLP: White Emotet, a malicious group known as “Moby Dick” has returned to spamming operations after a months-long hiatus, and has switched to distributing malicious OneNote files. References: https://blog.talosintelligence.com/emotet-switches-to-onenote/ https://github.com/Cisco-Talos/IOCs/blob/main/2023/03/prometei-botnet-improves.txt Tags: Emotet, VBA, Macro, OneNote, WSF, VBScript, JavaScript, Phishing, Botnet Adversary: Emotet Att&ck IDs: T1027 - Obfuscated Files or Information , T1204 - User Execution , T1566 - Phishing , T1584 - Compromise Infrastructure Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (143) * Related Pulses (0) * Comments (0) * History (0) Hostname (3)Domain (15)IPv4 (14)FileHash-SHA256 (59)FileHash-MD5 (25)FileHash-SHA1 (27) TYPES OF INDICATORS India (1)Other (1)China (1)United States (4)Brazil (1)Indonesia (3) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses hostnamep3.feefreepool.netMar 23, 2023, 4:31:31 PM3 hostnamep2.feefreepool.netMar 23, 2023, 4:31:31 PM5 domainsubmit.orgMar 23, 2023, 4:31:31 PM123 domainsignup.teamMar 23, 2023, 4:31:31 PM118 domainrepository.clickMar 23, 2023, 4:31:31 PM125 domainmkhkjxgchtfgu7uhofxzgoawntfzrkdccymveektqgpxrpjb72oq.zeroMar 23, 2023, 4:31:31 PM7 domaingithub.coMar 23, 2023, 4:31:31 PM109 domaingb7ni5rgeexdcncj.onionMar 23, 2023, 4:31:31 PM17 domaincontinue.emailMar 23, 2023, 4:31:31 PM120 domainclick.zeroMar 23, 2023, 4:31:31 PM98 SHOWING 1 TO 10 OF 143 ENTRIES 1 2 3 4 5 ... 15 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2023 AlienVault, Inc. * Legal * Status