• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Syrk Ransomware Targets Fortnite Users
August 23, 2019
Rewterz Threat Alert – Mastercard Reports Data Breach
August 26, 2019

Rewterz Threat Alert – Emotet Botnet Is Back, Resumes Activity Across Servers around the World

August 26, 2019

Severity

Medium

Analysis Summary

Command and control (C2) servers for the Emotet botnet appear to have resumed activity and deliver binaries once more. This comes after being inert since the beginning of June.

Although it started as a banking trojan in 2014, Emotet changed its course to becoming a botnet that delivers various malware strains.

Emotet is now one of the top threats, its infrastructure being used to distribute Trickbot, another banking trojan, and then spread the Ryuk ransomware. This combination is dubbed ‘triple threat’ and has affected public administrations in the U.S.

Emotet01.jpg

Impact

  • Exposure of sensitive information
  • File encryption

Indicators of Compromise

IP(s) / Hostname(s)

  • 104[.]131[.]11[.]150
  • 104[.]131[.]208[.]175
  • 104[.]236[.]151[.]95
  • 142[.]93[.]88[.]16
  • 144[.]139[.]247[.]220
  • 159[.]89[.]179[.]87
  • 162[.]144[.]119[.]216
  • 162[.]243[.]125[.]212
  • 170[.]150[.]11[.]245
  • 176[.]31[.]200[.]130
  • 177[.]242[.]214[.]30
  • 187[.]163[.]180[.]243
  • 195[.]242[.]117[.]231
  • 216[.]98[.]148[.]156
  • 217[.]13[.]106[.]160
  • 31[.]12[.]67[.]62
  • 45[.]123[.]3[.]54
  • 45[.]32[.]158[.]232
  • 46[.]101[.]142[.]115
  • 46[.]105[.]131[.]69
  • 64[.]13[.]225[.]150
  • 69[.]45[.]19[.]145
  • 70[.]32[.]84[.]74
  • 75[.]127[.]14[.]170
  • 91[.]83[.]93[.]103
  • 159[.]65[.]241[.]220
  • 128[.]199[.]78[.]227
  • 216[.]98[.]148[.]136
  • 109[.]104[.]79[.]48
  • 205[.]186[.]154[.]130
  • 69[.]163[.]33[.]82
  • 43[.]229[.]62[.]186
  • 72[.]47[.]248[.]48
  • 216[.]98[.]148[.]157
  • 88[.]215[.]2[.]29
  • 213[.]120[.]104[.]180
  • 200[.]57[.]102[.]71
  • 190[.]113[.]233[.]4
  • 186[.]15[.]83[.]52
  • 190[.]13[.]211[.]174
  • 187[.]188[.]166[.]192
  • 190[.]117[.]206[.]153
  • 125[.]99[.]61[.]162
  • 200[.]32[.]61[.]210
  • 187[.]242[.]204[.]142
  • 104[.]131[.]58[.]132
  • 128[.]199[.]78[.]227
  • 182[.]180[.]92[.]102
  • 125[.]99[.]106[.]226
  • 190[.]186[.]203[.]55
  • 181[.]175[.]142[.]212
  • 189[.]209[.]217[.]49
  • 175[.]100[.]138[.]82
  • 189[.]213[.]62[.]223
  • 182[.]176[.]132[.]213
  • 182[.]184[.]72[.]199
  • 177[.]246[.]193[.]139
  • 41[.]220[.]119[.]246

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.