Emotet C2 IoCs and Small Update for 06/10/19

Emotet Malware Document links/IOCs for 06/10/19 as of 06/10/19 11:30 EDT

Notes and Credits now at the bottom Follow us on twitter @cryptolaemus1 for more updates.

Small Emotet Update - 06/10/2019 - 11:15 EDT:

It looks like C2 is down on Tier 1 across both botnets. We are seeing no response or 400/404/502 responses. This has been happening since 06/07/19 around 19:00UTC. The latest binaries for both botnets are: 8e5089260064a955819a92ebccc43d05520e32d234dd3c176bed5f6d0665ebdb for E1 f8f6faa7e578785f53796c395f4ca0b757d43b62d77cdb47f74f8573e8af37a3 for E2

C2 Combos are MUCH higher than normal at 122 for E1 and 92 for E2. This leads me to believe that this outage was planned and we are seeing some sort of maintenance on the C2 infrastructure play out. The C2s combos are:

Epoch 1 C2s

Epoch 2 C2s

Obviously we are not seeing any spamming or any other activity during this time. Now is the time to block these IP/Port combos while you can. Also if you see any requests going out to these IP/Port combos, cleanup isle whatever that computer is in because it is infected!

We will see how long this break lasts and what new surprises they have up their sleeve.

#### Sandbox 06/10/19 ####
(all with fakenet and MITM unless spam/secondary infection)

Epoch 1 C2 run on 2019-06-10 at 13:45 UTC - https://app.any.run/tasks/7f48ce71-945d-418e-a0f9-6c5fc3613e46

Epoch 2 C2 run on 2019-06-10 at 14:45 UTC - https://app.any.run/tasks/cd7edc98-a3bb-4c3b-bea5-a8493e020476