Emotet C2 Deltas from 2021/01/25 as of 08:00EST or 13:00UTC

Emotet C2 Deltas from 2021/01/25 as of 08:00EST or 13:00UTC

Notes:

C2 update today first thing basically. Timestamps on DLLs all backdated to 
These changes on distro are what we saw yesterday(Sunday) for bots on E2/E3.
E1 is the only true delta here from last nights report and these are all the
latest T1 C2 IPs right now.
 
C2 Deltas:
E1 now 93 combos, -2.
E2 now 102 combos, nil.
E3 now 81 combos, -4.

---

Epoch 1

84.232.229.24:80
51.255.203.164:8080
217.160.169.110:8080
185.183.16.47:80
190.45.24.210:80
187.162.248.237:80
93.146.143.191:80
185.94.252.27:443
143.0.85.206:7080
80.15.100.37:80
85.105.239.184:443
94.176.234.118:443
62.84.75.50:80
137.74.106.111:7080
172.104.169.32:8080
46.105.114.137:8080
94.126.8.1:80
78.206.229.130:80
93.149.120.214:80
192.175.111.212:7080
80.249.176.206:80
181.10.46.92:80
190.24.243.186:80
191.223.36.170:80
177.23.7.151:80
154.127.113.242:80
51.255.165.160:8080
87.106.46.107:8080
85.214.26.7:8080
190.247.139.101:80
46.101.58.37:8080
201.185.69.28:443
46.43.2.95:8080
82.208.146.142:7080
110.39.160.38:443
186.177.174.163:80
51.38.124.206:80
81.4.105.175:8080
209.33.120.130:80
172.245.248.239:8080
45.16.226.117:443
104.130.154.83:7080
217.13.106.14:8080
94.23.45.86:7080
152.169.22.67:80
12.162.84.2:8080
201.48.121.65:443
81.17.93.134:80
81.215.230.173:443
60.93.23.51:80
122.201.23.45:443
31.27.59.105:80
105.209.235.113:8080
197.232.36.108:80
91.233.197.70:80
87.106.253.248:8080
138.97.60.141:7080
152.170.79.100:80
190.251.216.100:80
177.85.167.10:80
212.71.237.140:8080
82.48.39.246:80
213.52.74.198:80
116.125.120.88:443
81.214.253.80:443
149.62.173.247:8080
152.231.89.226:80
206.189.232.2:8080
181.30.61.163:443
1.226.84.243:8080
191.241.233.198:80
109.101.137.162:8080
110.39.162.2:443
167.71.148.58:443
5.196.35.138:7080
190.64.88.186:443
200.75.39.254:80
138.97.60.140:8080
170.81.48.2:80
70.32.115.157:8080
104.131.41.185:8080
190.162.232.138:80
188.135.15.49:80
95.76.153.115:80
188.225.32.231:7080
12.163.208.58:80
50.28.51.143:8080
202.134.4.210:7080
190.210.246.253:80
149.202.72.142:7080
138.197.99.250:8080
68.183.190.199:8080
211.215.18.93:8080

Old count: 95
New count: 93

Dropped:
51.15.7.145:80
190.114.254.163:8080
192.232.229.53:4143
111.67.12.221:8080
68.183.170.114:8080
70.32.84.74:8080
178.211.45.66:8080
83.169.21.32:7080
178.250.54.208:8080
209.236.123.42:8080

Added:
94.126.8.1:80
51.38.124.206:80
81.4.105.175:8080
104.130.154.83:7080
94.23.45.86:7080
87.106.253.248:8080
116.125.120.88:443
149.62.173.247:8080
---

Epoch 1 - Spam C2s

165.22.93.5:8080
128.199.220.70:8080
54.38.143.246:7080
5.56.132.177:8080
54.36.185.63:80

Epoch 1 - Stealer C2s

37.187.195.209:443
167.71.4.0:8080
165.22.246.219:8080
88.217.172.165:8080
162.144.212.120:8080

Epoch 2

69.38.130.14:80
195.159.28.230:8080
162.241.204.233:8080
181.165.68.127:80
49.205.182.134:80
190.251.200.206:80
139.59.60.244:8080
119.59.116.21:8080
89.216.122.92:80
185.94.252.104:443
70.92.118.112:80
78.24.219.147:8080
173.70.61.180:80
87.106.139.101:8080
66.57.108.14:443
24.179.13.119:80
121.124.124.40:7080
61.19.246.238:443
200.116.145.225:443
93.146.48.84:80
188.219.31.12:80
78.188.225.105:80
144.217.7.207:7080
167.114.153.111:8080
157.245.99.39:8080
50.116.111.59:8080
109.116.245.80:80
79.130.130.240:8080
168.235.67.138:7080
70.183.211.3:80
85.105.205.77:8080
74.208.45.104:8080
12.175.220.98:80
104.131.11.150:443
41.185.28.84:8080
217.20.166.178:7080
202.134.4.216:8080
138.68.87.218:443
123.176.25.234:80
75.113.193.72:80
74.128.121.17:80
172.125.40.123:80
180.222.161.85:80
139.162.60.124:8080
89.106.251.163:80
190.240.194.77:443
115.94.207.99:443
37.187.72.193:8080
190.103.228.24:80
24.231.88.85:80
172.105.13.66:443
120.150.60.189:80
220.245.198.194:80
69.49.88.46:80
187.161.206.24:80
115.21.224.117:80
174.118.202.24:443
120.150.218.241:443
110.145.101.66:443
108.53.88.101:443
37.139.21.175:8080
176.111.60.55:8080
79.137.83.50:443
59.21.235.119:80
74.58.215.226:80
136.244.110.184:8080
71.72.196.159:80
5.39.91.110:7080
188.165.214.98:8080
85.105.111.166:80
95.9.5.93:80
109.74.5.95:8080
202.134.4.211:8080
110.145.11.73:80
134.209.144.106:443
2.58.16.89:8080
95.213.236.64:8080
24.178.90.49:80
194.190.67.75:80
186.74.215.34:80
98.109.133.80:80
161.0.153.60:80
181.171.209.241:443
75.177.207.146:80
194.4.58.192:7080
172.104.97.173:8080
78.189.148.42:80
51.89.36.180:443
24.69.65.8:8080
50.91.114.38:80
197.211.245.21:80
46.105.131.79:8080
185.201.9.197:8080
203.153.216.189:7080
78.182.254.231:80
110.142.236.207:80
118.83.154.64:443
24.164.79.147:8080
74.40.205.197:443
75.109.111.18:80
62.75.141.82:80
172.86.188.251:8080

Old count: 105
New count: 102

Dropped:
139.99.158.11:443
62.171.142.179:8080
94.23.237.171:443

Added:
nil
---

Epoch 2 - Spam C2s

165.227.170.254:7080
195.181.215.65:8080
167.114.122.37:80
137.74.119.116:8080
51.38.237.230:8080
219.94.242.134:8080
217.160.19.232:8080
95.215.46.191:8080

Epoch 2 - Stealer C2s

167.99.105.11:8080
51.255.40.241:443
78.47.87.196:8080
159.65.222.75:8080
195.14.0.12:8080
87.106.225.180:8080
198.144.158.120:443
151.236.60.57:8080

Epoch 3

190.55.186.229:80
203.157.152.9:7080
157.245.145.87:443
132.248.38.158:80
110.172.180.180:8080
70.32.89.105:8080
161.49.84.2:80
37.46.129.215:8080
50.116.78.109:8080
115.79.195.246:80
178.62.254.156:8080
175.103.38.146:80
188.226.165.170:8080
91.93.3.85:8080
162.144.145.58:8080
117.2.139.117:443
190.85.46.52:7080
201.193.160.196:80
152.32.75.74:443
195.201.56.70:8080
192.210.217.94:8080
91.83.93.103:443
172.104.46.84:8080
201.212.61.66:80
186.96.170.61:80
74.208.173.91:8080
182.73.7.59:8080
139.59.12.63:8080
211.110.229.161:8080
122.116.104.238:8443
223.17.215.76:80
195.159.28.244:8080
82.78.179.117:443
2.58.16.86:8080
65.32.168.171:80
58.27.215.3:8080
179.233.3.89:80
190.19.169.69:443
203.160.167.243:80
178.254.36.182:8080
202.29.237.113:8080
79.133.6.236:8080
103.93.220.182:80
88.58.209.2:80
24.230.124.78:80
203.56.191.129:8080
186.146.229.172:80
91.75.75.46:80
68.133.75.203:8080
103.229.73.17:8080
116.202.10.123:8080
139.59.61.215:443
46.105.131.68:8080
2.82.75.215:80
75.127.14.170:8080
120.51.34.254:80
185.142.236.163:443
139.5.101.203:80
203.153.216.178:7080
188.166.220.180:7080
178.33.167.120:8080
162.144.42.60:8080
201.163.74.204:80
103.80.51.61:8080
49.206.16.156:80
78.90.78.210:80
110.37.224.243:80
27.78.27.110:443
190.18.184.113:80
172.193.14.201:80
192.163.221.191:8080
157.7.164.178:8081
183.91.3.63:80
109.99.146.210:8080
54.38.143.245:8080
192.241.220.183:8080
180.148.4.130:8080
190.107.118.125:80
8.4.9.137:8080
163.53.204.180:443
143.95.101.72:8080

Old count: 85
New count: 81

Dropped:
172.96.190.154:8080
198.20.228.9:8080
37.205.9.252:7080
5.79.70.250:8080
46.32.229.152:8080
185.208.226.142:8080

Added:
211.110.229.161:8080
162.144.42.60:8080
---

Epoch 3 - Spam C2s

82.118.225.196:7080
162.214.68.171:8080
202.29.237.114:8080
51.178.60.145:8080
159.65.140.182:80
118.163.97.19:8080

Epoch 3 - Stealer C2s

104.236.52.89:8080
45.230.228.26:443
195.159.28.229:7080
82.145.43.153:8080

END