2018-07-19 - EMOTET INFECTION TRAFFIC WITH ZEUS PANDA BANKER

ASSOCIATED FILES:

  • 2018-07-17-Emotet-malspam-1153-UTC.eml   (1,153 bytes)
  • 2018-07-18-Emotet-malspam-0716-UTC.eml   (247,503 bytes)
  • 2018-07-19-Emotet-malspam-1058-UTC.eml   (493,762 bytes)
  • 2018-07-19-Emotet-malspam-1703-UTC.eml   (1,022 bytes)
  • 2018-07-19-Emotet-infection-with-Zeus-Panda-Banker.pcap   (4,568,407 bytes)
  • 2018-07-19-downloaded-Word-doc-with-macro-for-Emotet.doc   (343,296 bytes)
  • 2018-07-19-Emotet-malware-binary-1-of-2.exe   (283,648 bytes)
  • 2018-07-19-Emotet-malware-binary-2-of-2.exe   (280,576 bytes)
  • 2018-07-19-Zeus-Panda-Banker-caused-by-Emotet-infection.exe   (265,728 bytes)

 

NOTES:

 


Shown above:  Flowchart for recent Emotet infection traffic.

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domain and URLs:

 

EMAILS

DATA FROM 4 EMAIL EXAMPLES:

 

TRAFFIC


Shown above:  Traffic from an infection filtered in Wireshark.

 

TRAFFIC FROM AN INFECTED WINDOWS HOST:

 

FILE HASHES

MALWARE RETRIEVED FROM MY INFECTED WINDOWS HOST:

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.