c3rb3ru5 c3rb3ru5d3d53c

Emotet IOCs for 2022-05-11

LNK Hashes:

369e9fc57a704e70e4aa9181be00aaab6e34e1290a2a77d8356a54b1d916ab43
8d4d2c11c4eaf5a1432426dd7f3b8d86570e40dfe5b2c36bbff5e359db01f211
3a255688d463e14c58d956e9b8db4ce8a5954599c0fb2ad88994181978fa11bc
372d4d2420717e47d443c735e147fdc5629bb321649b50ff8e855e2fc4e71d72
a56ca0ed3618524b9243500aee6491422c2cdd131211f835896efa96b6188935
3d0e7a74cfb9d57013811b95bb8462deb8c33d10135f78a3ca02ca2c38d9e26b

Emotet IOCs

C2 IPs:

101.50.0.91
103.132.242.26
103.133.214.242
103.41.204.169
103.42.58.120

LNK Shortcuts

015f8142cdbdac04377b3d8fccfdff3384c31bf5792884c00aa976c3076229ff
35fb4c684de15f912668cece7782cd65557cc811806a76791bbd9d18f06bf8a9
9f017c2b62e33d3be514c339dfc4765ed56c5e3a8f3a0b9691417bf8e208ae33
fba3a71c670f4cd6748d7a344cbe9d5500c8dbddd1a0af39fd20d373ce4a5257
5f734d1017c3911ca5021a2ee515f62af6a5751c5ef3ef2083d626845187f519
a09b08aeda725930a61959f4b7ad31fe3435ae31795512e8fea028bba25f517d
8c1c4b4ba911b4d7eb7f7153e8f6a0350c61f2af997ec38b94fb68a3a747c76d
bf6728486ea0081f6876ab872697e899bc336d916f63ab9772c4ef100ee9445f

Emotet LNK Hashes

ab0345703155bbc1e1560b79e3daad64019b57d3e6cad56e8f093ebde0849a57
3aa3036ccff4730bd2854ef0d0149598a3352f602738362029a7881516f5bbef
c10f7d70c58c55346f32fb74a514c5b672ed6a9db121a52c59a0bad93383944e
2d93da9ce5cfa8d07917b02f1a526341e0a52efbeaa90d87d1e9f6754c4539e7
fd8ea7a6cbf47e5ed2f9afe2af034bb22e98e25d72b160ed9c420fe8fd439243
c02750a14c87b6c3c723c151454c661c86d7876d54407e956ca5cab68db5de3d
d5548ee41fa59c270a835a6a523e04ae6bd9b6b6bf5c569c0de8ed103f060c8a

	#!/usr/bin/env python3

	import os
	import sys
	import json
	import hashlib
	import requests
	import argparse

	__author__ = "@c3rb3ru5d3d53c"

	# Parses and Imports Floss Radare2 Script
	#@author c3rb3ru5
	#@category Strings
	#@keybinding
	#@menupath
	#@toolbar

	import re
	import json
	import base64

	#!/bin/env bash

	GITLAB_URL=<your-gitlab-url>
	GITLAB_API_PRIVATE_TOKEN=<yout-gitlab-private-token>

	if ! git status > /dev/null 2>&1; then
	echo "ERROR: current directory is not a git repo" >&2
	exit 1
	fi

	#!/usr/bin/env python

	import sys
	import argparse

	__author__ = "@c3rb3ru5d3d53c"

	parser = argparse.ArgumentParser(
	prog=f'bytes',
	description='Print Bytes from File',

	#!/usr/bin/env python

	# pip install hexdump python-tlsh

	import tlsh
	from hexdump import hexdump


	str_0 = b'55 8b ec 81 ec 0c 02 00 00 66 83 a5 ?? ?? ?? ?? ?? 56 68 08 02 00 00 8d 85 ?? ?? ?? ?? 6a 00 50 e8 86 89 00 00 83 c4 0c 8d b5 ?? ?? ?? ?? e8 a6 ff ff ff 8b c6 50 6a 00 ff 15 ?? ?? ?? ?? 50 e8 15 ff ff ff 59 59 5e c9 c3'
	str_1 = b'55 8b ec 83 ec 20 85 c0 89 4d ?? 8b 4d ?? 89 4d ?? 8b 4d ?? 89 4d ?? 89 45 ?? 74 0a 50 e8 34 c4 00 00 59 89 45 ?? 83 65 ?? ?? 83 65 ?? ?? 83 65 ?? ?? 8d 45 ?? 50 ff 75 ?? 68 61 10 00 00 ff 75 ?? ff 15 ?? ?? ?? ?? c9 c3'

	# /etc/crypttab
	lvm-home /dev/sda none luks

	# /etc/fstab
	/dev/mapper/lvm-home /home ext4 defaults 1 2