Emotet IOC Feed

Emotet is a malware threat that broadly targets victims across many verticals. Every organization should subscribe to an Emotet IOC feed that is regularly updated many times per day.

What is Emotet?

Emotet is one of the most widely distributed malware families over the past few years. Emotet (also known as Geodo) initially started as a banking trojan written for the purpose of perpetrating fraud. It is usually distributed through large-scale email spam campaigns containing malicious attachments or using embedded links to malicious documents containing a downloader script.

The Emotet botnet was disrupted by global law enforcement action on January 27, 2021 during which several arrests were made. This action took the botnet offline for almost a year before it resurfaced on November 15, 2021.

Screenshot of a Recent Emotet Malicious Document

Automated Emotet Alerts in Microsoft Sentinel

PrecisionSec actively tracks ongoing Emotet malware campaigns. Samples are tracked using hash values (md5, sha256) and network telemetry and config data are extracted and added to our outgoing intelligence.

The data feeds seamlessly integrate with most major security products including MISP and Microsoft Sentinel. All PrecisionSec threat intelligence products include Emotet C2 and distribution IOCs with a subscription.

 

Recent Emotet IOCs

Below you will find the most recent Emotet IOCs from our Threat Intelligence Feed. All of these indicators have been internally verified using custom YARA rules. Please note the data below is intentionally delayed by 48 hours. For live data updated every minute, including command & control (C2) data, please sign up for a free trial.

URL / IP / MD5 Date Added
76.31.115.125 2023-08-26 16:05:10
http://72.143.73.234:443/Ztxi6k8QM4E8OMS/oiEdeSpINtp/bR0jbPg8F43/M7VBwHd6SZDV7nbxz/b36IEctUMa0gG5/rRAPSzVyGA64L3c/ 2023-08-26 16:04:55
http://72.143.73.234:443/oc9MnTuEfv/ragIogg70lSJlBRz/QqA8rXWcir/x3ad24jNY/nDuZV5oyTkdoorluuUP/ 2023-08-24 22:04:43
99.247.33.186 2023-08-24 09:59:28
179.15.102.2 2023-08-18 21:56:54
https://elvalledetarrazu.com/cgi-bin/rpOzK/?224734&c=1 2023-08-07 02:11:41
http://darbazi.org.ge/language/E5Zr4JruIyd/?224734&c=1 2023-08-07 02:11:35
12.30.50.130 2023-08-04 09:42:20
96.252.116.33 2023-07-29 15:43:01
169.0.200.83 2023-07-25 21:51:16

Ready to see all of our data?

If you’re ready to take a look at our full set of data, click below to start your 15-day Free Trial.

Sign Up for a Free Trial