Historical threat intelligence feed
Emotet IOC Feed
Historical IOC feed for the Emotet/Geodo botnet, maintained for reference.
This malware family is no longer active and PrecisionSec no longer tracks new Emotet indicators. This page is kept online for historical reference.
About Emotet
Emotet was one of the most widely distributed malware families for several years. Emotet (also known as Geodo) began as a banking trojan written to perpetrate fraud and was usually distributed through large-scale email spam campaigns containing malicious attachments or embedded links to malicious documents containing a downloader script.
The Emotet botnet was disrupted by global law-enforcement action on January 27, 2021, during which several arrests were made. The botnet briefly resurfaced later that year before activity ceased. PrecisionSec no longer tracks Emotet, and this page is maintained for historical reasons.

Historical Emotet intelligence
While Emotet was active, PrecisionSec tracked ongoing campaigns by hash value (MD5, SHA-256) and extracted network telemetry and config data into its outgoing intelligence. Those indicators are retained for reference but are no longer updated.
For active malware family, C2 and ransomware coverage, see our threat intelligence feeds.
Looking for active threat coverage?
Start your 15-day free trial and get our active malware family, C2 and ransomware feeds.