Profiling the Emotet Botnet C&C Infrastructure – An OSINT Analysis

Dear blog readers,

I've decided to share a recently obtained Emotet botnet C&C server IPs for the purpose of empowering everyone with the necessary technical information on their way to track down and monitor the botnet including to possibly assist and help where necessary in terms of cyber attack campaign attribution including cyber threat actor attribution campaigns.

Sample currently active Emotet botnet C&C server IPs:

hxxp://109[.]123[.]78[.]10

hxxp://66[.]54[.]51[.]172

hxxp://108[.]161[.]128[.]103

hxxp://195[.]210[.]29[.]237

hxxp://5[.]35[.]249[.]46

hxxp://5[.]159[.]57[.]195

hxxp://206[.]210[.]70[.]175

hxxp://88[.]80[.]187[.]139

hxxp://188[.]93[.]174[.]136

hxxp://130[.]133[.]3[.]7

hxxp://162[.]144[.]79[.]192

hxxp://79[.]110[.]90[.]207

hxxp://72[.]18[.]204[.]17

hxxp://212[.]129[.]13[.]110

hxxp://66[.]228[.]61[.]248 …

analysis botnet cybercrime cyberlaw emotet emotet botnet infrastructure malicious software malware osint security