Page 1 sur 1

Rapport sur le trojan bancaire EMOTET

Posté : 28 oct. 2019 08:54
par charles
Le CERT national australien a publié le 24/10/2019 un rapport détaillé sur le cheval de Troie bancaire EMOTET qui continue de sévir cinq ans après sa première apparition.

On retrouve pas mal d'informations, notamment, une liste d'indicateurs de compromission :

Code : Tout sélectionner

IP   |   URL   |   Fichier
115.29.64.127   |   https://gaosanxuexi[.]com/css/q3z3ljo394/    |   Message_20191010_23295.doc
116.202.102.192   |   https://careervsjob[.]com/wp-content/0nzppxq49   |   Report_20191010_3621589.doc
151.106.5.57   |   https://kaaryathalo[.]com/wp-content/231/    |   lumberdom[.]exe
167.114.190.45   |   https://miraigroupsumatera[.]com/wp-includes/wkcw90205/   |   828[.]exe
96.125.173.81   |   http://www.cbdnewsdirect[.]com/wordpress/5l1kpx45/    |   comments 20191022 TE152.doc
179.62.18.56   |   http://179[.]62[.]18[.]56/enabled/mult/sess/   |   message-20191022-U8868.doc
181.81.143.108   |   http://181[.]81[.]143[.]108/taskbar/loadan/sess   |   NOTICE.doc
183.82.97.25   |   http://183[.]82[.]97[.]25/entries/pdf/sess/merge/   |   Details_20191022_977.doc
187.155.233.46   |   http://187[.]155[.]233[.]46/devices/chunk/sess/   |   Details-20191022-634.doc
189.166.68.89   |   http://187[.]188[.]166[.]192/schema/merge/sess/merge/   |   details-VWQ7547.doc
189.129.4.186   |   http://189[.]129[.]4[.]186/enable/   |   MAIL_20191022_9687527.doc
190.117.206.153   |   http://189[.]166[.]68[.]89/jit/entries/sess/merge/   |   pack 20191022 1465.doc
190.19.42.131   |   http://190[.]117[.]206[.]15/publish/vermont/   |   NOTICE-X19423.doc
190.230.60.129   |   http://190[.]19[.]42[.]131/ban/   |   Doc_20191022_ANX420.doc
190.38.14.52   |   http://190[.]230[.]60[.]129/splash/   |   mail.eml
211.229.116.97   |   http://190[.]38[.]14[.]52/prep/ban/sess/   |   DETAILS-20191022-EG4120.doc
217.113.27.158   |   http://211[.]229[.]116[.]97/ringin/pnp/sess/   |   TYP3318H45_22_10.doc
46.163.144.228   |   http://217[.]113[.]27[.]158/stubs/rtm/sess/merge/   |   Doc_20191022_095.doc
81.169.140.14   |   http://46[.]163[.]144[.]228/raster/results/sess/   |   NOTICE_2019_10_22.doc
86.42.166.147   |   http://81[.]169[.]140[.]14/entries/stubs/sess/merge/   |   SCAN 2019_10_22 974928.doc
27.121.66.123   |   http://86[.]42[.]166[.]147/taskbar/   |   MES_20191022_Y755968.doc
189.80.134.122   |   hxxp://mcivor.gen[.]nz/Invoice-for-u/l-03/12/2018/   |   list 20191022 9066144.doc
27.121.66.123   |   http[:]//icv[.]edu[.]au/wp-includes/RH_Xw/   |   0007963686_22_Oct_2019.doc
103.74.118.106   |   https[:]//hatmem[.]com/wp-content/v_6h/   |   ST_3863181469_Oct2019.doc
17.254.6.27   |   http[:]//driveless[.]pt/wp-content/PB_D/   |   PACK-2019_10_22-OHO817.doc
77.237.248.136   |   jacobsondevelopers[.]com   |   file_20191022_554213.doc
186.4.174.25   |   hxxp://ausgoods[.]net/Statement/Invoice-81576970788-06-20-2018/�    |   10046469060_HNM.doc
190.106.97.230   |   hxxp://mcivor.gen[.]nz/Invoice-for-u/l-03/12/2018/   |   Info 2019_10_22 Y1962.doc
103.75.66.255   |   hXXp[:]//151[.]106[.]5[.]57/   |   comments-20191022-4884.doc
N.C   |   N.C   |   NOTICE 2019_10_22 GFS0021.doc
N.C   |   N.C   |   INFO 2019_10_22 16833.doc
N.C   |   N.C   |   Data 4861.doc
N.C   |   N.C   |   Mail 2019_10_22 R357497.doc
N.C   |   N.C   |   ATTACHMENTS_587852_L986.doc
N.C   |   N.C   |   FILE_20191022_TSC52788.doc
N.C   |   N.C   |   DOC 2019_10_22 V6829.doc
N.C   |   N.C   |   SCAN_2019_10_22_Y231927.doc
N.C   |   N.C   |   MES 20190920 0778481.doc
N.C   |   N.C   |   DOCUMENT K985.doc
N.C   |   N.C   |   Info_2019_10_10.doc
N.C   |   N.C   |   Mail_20191011_8834084.doc
N.C   |   N.C   |   MES__RTH403404.DOC
N.C   |   N.C   |   NETUTILS.doc
N.C   |   N.C   |   Message.doc
N.C   |   N.C   |   info 2019_09_20 88505.doc
La liste est téléchargeable aux formats :

PDF : https://www.cyber.gov.au/media/1256
CSV : https://www.cyber.gov.au/media/1257

Rapport complet : https://www.cyber.gov.au/threats/adviso ... e-campaign