Web: https://securityboulevard.com/2022/01/profiling-the-emotet-botnet-cc-infrastructure-an-osint-analysis/

Jan. 27, 2022, 12:01 a.m. | Dancho Danchev

Security Boulevard securityboulevard.com




Dear blog readers,


I've decided to share a recently obtained Emotet botnet C&C server IPs for the purpose of empowering everyone with the necessary technical information on their way to track down and monitor the botnet including to possibly assist and help where necessary in terms of cyber attack campaign attribution including cyber threat actor attribution campaigns.


Sample currently active Emotet botnet C&C server IPs:


hxxp://109[.]123[.]78[.]10


hxxp://66[.]54[.]51[.]172


hxxp://108[.]161[.]128[.]103


hxxp://195[.]210[.]29[.]237


hxxp://5[.]35[.]249[.]46


hxxp://5[.]159[.]57[.]195


hxxp://206[.]210[.]70[.]175


hxxp://88[.]80[.]187[.]139


hxxp://188[.]93[.]174[.]136


hxxp://130[.]133[.]3[.]7


hxxp://162[.]144[.]79[.]192


hxxp://79[.]110[.]90[.]207


hxxp://72[.]18[.]204[.]17


hxxp://212[.]129[.]13[.]110


hxxp://66[.]228[.]61[.]248 …

analysis botnet cybercrime cyberlaw emotet emotet botnet infrastructure malicious software malware osint security security bloggers network

Senior Incident Responder

@ CipherTechs, Inc. | Remote

Data Security DevOps Engineer Senior/Intermediate

@ University of Michigan - ITS | Ann Arbor, MI

Senior Penetration Tester

@ CipherTechs, Inc. | Remote

Data Analyst

@ SkyePoint Decisions | Washington, DC

POA&M Analyst

@ SkyePoint Decisions | Washington, DC

PKI Systems Engineer

@ SkyePoint Decisions | Springfield, VA