Emotet C2 IoCs Update for 06/21/19

Emotet Malware Document links/IOCs for 06/21/19 as of 06/21/19 15:00 EDT

Notes and Credits now at the bottom Follow us on twitter @cryptolaemus1 for more updates.

Emotet Tier 1 C2 is still down on both botnets. I wanted to update these lists because I was missing 4 combos on E1 and 8 combos on E2. The correct totals are 126 for E1 and 100 for E2. Somehow I truncated the totals and missed these 12 IP/Port combos. @0xtadavie found this oversight and provided me with the following missing combinations. Fortunately if you were just blocking on IPs, some of these were just additional ports on the same host.

Epoch 1 Missing C2s

Epoch 2 Missing C2s

Here is the total of both of them as it originally should have been:

C2 Combos are MUCH higher than normal at 126 for E1 and 100 for E2. This leads me to believe that this outage was planned and we are seeing some sort of maintenance on the C2 infrastructure play out. The C2s combos are:

Epoch 1 C2s

Epoch 2 C2s

Thanks to @0xtadavie for catching this oversight!

Now is the time to block these IP/Port combos while you can. Also, if you see any requests going out to these IP/Port combos, cleanup isle whatever that computer is in because it is infected!