2CMV-00032-001 CSIRT advierte de activación de campañas de Emotet
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática (CSIRT), informa la activación de múltiples campañas de phishing con carga del malware Emotet, con documento tipo Word adjuntos.
El fenómeno ha sido recogido por diversos medios informativos de seguridad a nivel mundial. CSIRT ha podido identificar campañas dirigidas especialmente a Chile dentro de este contexto.
Este informe se estará ampliando en la medida que se puedan reunir mayor antecedentes.
Las fuentes utilizadas en este informe son abiertas.
CSIRT quiere llamar la atención a las instituciones públicas y privadas para que tomen las precauciones respectivas y estén alertas a los correos y descargas de archivos.
Indicadores de compromisos
Fuentes Abiertas
Url’s:
https[:]//hotel-informations[.]com/cgi-bin/EnBkrIClw/ |
http[:]//www.gigeveryday[.]com/blogs/tw37xlx2i9_m7v9pa-6/ |
http[:]//www.gokkastennl[.]com/img/NrZdWqqbrW/ |
http[:]//gracewellscare.co.uk/wp-content/PyBpOTsGt/ |
http[:]//attpoland.home.pl/pub/nBGIvBmq/ |
https[:]//casadealdeaaraceli[.]com/test/Scan/xoPkQSPbGFPJaXweelhBRxbPG/ |
http[:]//www.cia[.]com.py/wp-content/uploads/2019/09/XNFerERN/ |
http[:]//theindonesia.coffee/wp-content/oRiRyDy/ |
http[:]//luaviettours[.]com/wp-content/qyTGBOtb/ |
http[:]//foful.vn/wp-admin/lmtbu4j2m-945-573/ |
http[:]//japan-wifi[.]com.tw/ntuwchob/1zpdev_k6nlaypev0-29/ |
http[:]//uspeshnybusiness[.]ru/wp-content/yir9ufq8_4ldys-0526630200/ |
https[:]//yiyangjz[.]cn/wordpress/ysffVVcH/ |
http[:]//jecherchedieu.fr/wp-content/HgDvuBDm/ |
https[:]//gcsucai[.]com/wp-content/h891u8f8/ |
http[:]//drfalamaki[.]com/Mqm24/btxz33664/ |
http[:]//poshinternationalmedia[.]com/nqec/zcdvgy178/ |
http[:]//www.kutrialiogludernegi[.]com/cgi-bin/6j1/ |
http[:]//www.offmaxindia[.]com/wp-includes/b161/ |
http[:]//manhattanphonesystem[.]com/wp-admin/qp813_dj0y8-2/ |
https[:]//www.womenzie[.]com/wp-includes/x55z1ue_8o60gw-0988890/ |
http[:]//apgneedles[.]com/cxucfgc6c/dmjw587409/ |
http[:]//15ih[.]com/TEST777/rbnm37/ |
http[:]//www.angelicaevelyn[.]com/wp-admin/cbo60/ |
https[:]//turgutreisboschsiemensservisi[.]com/wp-content/lhhnt4057/ |
https[:]//maddykart[.]com/wp-content/r3e1dy202939/ |
http[:]//www.parantezlojistik[.]com/wp-admin/RDHaWtuW/ |
https[:]//vipcanadatours[.]com/wp-admin/20tikuee4l_88vynz4-856181111/ |
http[:]//www.vnswebtech[.]com/wp-content/45dw83/ |
http[:]//garantitaksi[.]com/wp-content/a47/ |
https[:]//time-dz[.]com/wp-admin/tp0225/ |
https[:]//uklik.co.id/iebc/ecjqEsecI/
http[:]//manhattanphonesystem.com/wp-admin/qp813_dj0y8-2/
https[:]//www.womenzie.com/wp-includes/x55z1ue_8o60gw-0988890/
http[:]//halalfoodinjapan.com/wp-content/nYsWtkihe/
http[:]//amberandangela.com/wp-includes/Requests/Utility/BUKTLSjxp/
http[:]//cartawesome.com/385ih/74oz712rtsl6p5t4ttqnedn7jz0x_gef5dc-599133617567342/
http[:]//www.pro-cyber.fr/layouts/Scan/ACAjeqGxQhLY/
https[:]//snapvinebdtelenet.com/yc7y3duy/JkMQoyktnmCoXe/
http[:]//zhuanmeng.net/wp-includes/esp/318egp5w2utyz_opl4jiiox-07199196984/
http[:]//anjosapp.com.br/wp-includes/NhorkpikutPJNbkNBdTNaI/
http[:]//bkm-oresund.se/wp-includes/sites/xgzu2uvz0jbdwp7eny_8ig1f-20340113/
https[:]//learnkorean.tech/wp-content/esp/HMFdgilzFNJAzo/
http[:]//pro-cyber.fr/layouts/Scan/ACAjeqGxQhLY/
http[:]//techysites.xyz/wp-content/99855989738244714/vOezetSBfaCysEWjWVtwrCrghQCX/
http[:]//xclassicpictures.com/wp-includes/51112424726944561/txrfhwrxmvb_f7kl6tp-140772247094287/
http[:]//cartawesome.com/385ih/74oz712rtsl6p5t4ttqnedn7jz0x_gef5dc-599133617567342
https[:]//www.thepretshop.com/rbjsd/sites/gYbuKhiuVNtmzSOpgNRkj
https[:]//tike.co.uk/cgi-bin/thCGLsksxUHThTOdvrsmiYJqW
http[:]//strategicsocialpartners.com/wp-content/parts_service/lLbwCpWyhInZOVukBfTYmLyHUxG
http[:]//strategicsocialpartners.com/wp-content/parts_service/lLbwCpWyhInZOVukBfTYmLyHUxG/
http[:]//www.shuimulinsen.vip/62gng/sites/xKqCLmqUTUYHCSeTZEe/
https[:]//tike.co.uk/cgi-bin/thCGLsksxUHThTOdvrsmiYJqW/
https[:]//minimidt.cm/wp-admin/3530205148/nk9et6ehzi5x1vy6jmkjsabl0t_43mgcy1-8257917054260/
https[:]//sarkariresultinfo.co.in/wp-content/dTLBBKLDcNPw/
https[:]//laneezericeira.com/fvweifb2/0kulrptr6rln_eulp4-62014967452890/
http[:]//tuttotenda.it/wp-content/Pages/HjOmRWVwVBbCuUEzXgo/
https[:]//laneezericeira.com/fvweifb2/0kulrptr6rln_eulp4-62014967452890
http[:]//www.pro-cyber.fr/layouts/Scan/ACAjeqGxQhLY
https[:]//snapvinebdtelenet.com/yc7y3duy/JkMQoyktnmCoXe
http[:]//k2-hygiene.de/cgi-bin/Scan/eZxMeOQwGYkPwbEkfhXFvKCOajI/
https[:]//wapvideos.me/cgi-bin/P69CHM9E0ZC/tEOmjsHUorPFXUTtrWWkaVoTbBe/
https[:]//tuttotenda.it/wp-content/Pages/HjOmRWVwVBbCuUEzXgo/
https[:]//www.thepretshop.com/rbjsd/sites/gYbuKhiuVNtmzSOpgNRkj/
http[:]//structuralworkshop.com/wp-content/9397210738/jmCLqdiQCuFulDISJy/
https[:]//noorstudio.pk/cgi-bin/lm/p5szigx5lqscish0vf39naaok47_a1q6e8bb-8008161365
http[:]//tuttotenda.it/wp-content/Pages/HjOmRWVwVBbCuUEzXgo
https[:]//noorstudio.pk/cgi-bin/lm/p5szigx5lqscish0vf39naaok47_a1q6e8bb-8008161365/
https[:]//casadealdeaaraceli.com/test/Scan/xoPkQSPbGFPJaXweelhBRxbPG/
https[:]//pcpin.site/gtcu8j/paclm/uj3u5l645gncp1_w27yxt-297010970015/
http[:]//aleksandarnikov.com/blogs/lm/q9e0sxelwpmpmi_8zz6ndkry-860510954408/
https[:]//structuralworkshop.com/wp-content/9397210738/jmCLqdiQCuFulDISJy/
http[:]//reha-active.pl/wp-admin/Scan/LUUUiRTcQkumgefqXXqasngth/
https[:]//wapvideos.me/cgi-bin/P69CHM9E0ZC/tEOmjsHUorPFXUTtrWWkaVoTbBe
IP’s
80[.]11[.]163[.]139[:]443
186[.]75[.]241[.]230[:]80
181[.]143[.]194[.]138[:]443
77[.]237[.]248[.]136[:]8080
185[.]142[.]236[.]163[:]443
63[.]142[.]253[.]122[:]8080
178[.]254[.]6[.]27[:]7080
92[.]222[.]125[.]16[:]7080
87[.]106[.]139[.]101[:]8080
175[.]100[.]138[.]82[:]22
188[.]166[.]253[.]46[:]8080
104[.]236[.]246[.]93[:]8080
119[.]15[.]153[.]237[:]80
181[.]164[.]8[.]25[:]80
31[.]172[.]240[.]91[:]8080
222[.]214[.]218[.]192[:]8080
187[.]144[.]189[.]58[:]50000
190[.]106[.]97[.]230[:]443
88[.]156[.]97[.]210[:]80
190[.]226[.]44[.]20[:]21
37[.]157[.]194[.]134[:]443
190[.]18[.]146[.]70[:]80
182[.]176[.]132[.]213[:]8090
186[.]4[.]194[.]153[:]993
211[.]63[.]71[.]72[:]8080
179[.]32[.]19[.]219[:]22
85[.]104[.]59[.]244[:]20
5[.]196[.]74[.]210[:]8080
190[.]145[.]67[.]134[:]8090
189[.]129[.]231[.]76[:]20
212[.]71[.]234[.]16[:]8080
189[.]209[.]217[.]49[:]80
87[.]230[.]19[.]21[:]8080
91[.]92[.]191[.]134[:]8080
181[.]143[.]53[.]227[:]21
45[.]33[.]49[.]124[:]443
178[.]79[.]161[.]166[:]443
190[.]186[.]203[.]55[:]80
59[.]152[.]93[.]46[:]443
85[.]106[.]1[.]166[:]50000
45[.]123[.]3[.]54[:]443
78[.]24[.]219[.]147[:]8080
104[.]131[.]11[.]150[:]8080
80[.]11[.]163[.]139[:]21
37[.]208[.]39[.]59[:]7080
182[.]76[.]6[.]2[:]8080
149[.]167[.]86[.]174[:]990
78[.]188[.]105[.]159[:]21
142[.]44[.]162[.]209[:]8080
180[.]183[.]112[.]185[:]21
144[.]139[.]247[.]220[:]80
173[.]212[.]203[.]26[:]8080
86[.]98[.]25[.]30[:]53
186[.]4[.]172[.]5[:]443
87[.]106[.]136[.]232[:]8080
91[.]205[.]215[.]66[:]8080
47[.]41[.]213[.]2[:]22
136[.]243[.]177[.]26[:]8080
46[.]105[.]131[.]87[:]80
95[.]128[.]43[.]213[:]8080
177[.]246[.]193[.]139[:]20
182[.]176[.]106[.]43[:]995
92[.]222[.]216[.]44[:]8080
169[.]239[.]182[.]217[:]8080
103[.]97[.]95[.]218[:]143
185[.]94[.]252[.]13[:]443
201[.]250[.]11[.]236[:]50000
41[.]220[.]119[.]246[:]80
149[.]202[.]153[.]252[:]8080
88[.]247[.]163[.]44[:]80
206[.]189[.]98[.]125[:]8080
190[.]201[.]164[.]223[:]53
217[.]160[.]182[.]191[:]8080
62[.]75[.]187[.]192[:]8080
94[.]205[.]247[.]10[:]80
201[.]251[.]43[.]69[:]8080
31[.]12[.]67[.]62[:]7080
186[.]4[.]172[.]5[:]8080
101[.]187[.]237[.]217[:]20
138[.]201[.]140[.]110[:]8080
159[.]65[.]25[.]128[:]8080
190[.]53[.]135[.]159[:]21
187[.]188[.]166[.]192[:]80
200[.]57[.]102[.]71[:]8443
200[.]21[.]90[.]6[:]8080
46[.]41[.]134[.]46[:]8080
178[.]249[.]187[.]151[:]8080
217[.]199[.]160[.]224[:]8080
71[.]244[.]60[.]230[:]7080
119[.]59[.]124[.]163[:]8080
185[.]86[.]148[.]222[:]8080
190[.]230[.]60[.]129[:]80
178[.]79[.]163[.]131[:]8080
186[.]83[.]133[.]253[:]8080
179[.]62[.]18[.]56[:]443
91[.]205[.]215[.]57[:]7080
217[.]113[.]27[.]158[:]443
181[.]36[.]42[.]205[:]443
190[.]19[.]42[.]131[:]80
183[.]82[.]97[.]25[:]80
77[.]245[.]101[.]134[:]8080
109[.]104[.]79[.]48[:]8080
159[.]203[.]204[.]126[:]8080
5[.]77[.]13[.]70[:]80
189[.]187[.]141[.]15[:]50000
46[.]28[.]111[.]142[:]7080
46[.]21[.]105[.]59[:]8080
189[.]166[.]68[.]89[:]443
183[.]87[.]87[.]73[:]80
190[.]200[.]64[.]180[:]7080
79[.]143[.]182[.]254[:]8080
119[.]92[.]51[.]40[:]8080
187[.]155[.]233[.]46[:]443
89[.]188[.]124[.]145[:]443
201[.]163[.]74[.]202[:]443
62[.]75[.]160[.]178[:]8080
51[.]15[.]8[.]192[:]8080
46[.]29[.]183[.]211[:]8080
62[.]75[.]143[.]100[:]7080
114[.]79[.]134[.]129[:]443
190[.]117[.]206[.]153[:]443
203[.]25[.]159[.]3[:]8080
217[.]199[.]175[.]216[:]8080
80[.]85[.]87[.]122[:]8080
190[.]1[.]37[.]125[:]443
23[.]92[.]22[.]225[:]7080
81[.]169[.]140[.]14[:]443
46[.]163[.]144[.]228[:]80
5[.]196[.]35[.]138[:]7080
189[.]129[.]4[.]186[:]80
151[.]80[.]142[.]33[:]80
190[.]221[.]50[.]210[:]8080
190[.]104[.]253[.]234[:]990
71[.]244[.]60[.]231[:]7080
91[.]83[.]93[.]124[:]7080
181[.]81[.]143[.]108[:]80
181[.]188[.]149[.]134[:]80
50[.]28[.]51[.]143[:]8080
123[.]168[.]4[.]66[:]22
211[.]229[.]116[.]97[:]80
201[.]184[.]65[.]229[:]80
77[.]55[.]211[.]77[:]8080
212[.]71[.]237[.]140[:]8080
190[.]38[.]14[.]52[:]80
46[.]41[.]151[.]103[:]8080
149[.]62[.]173[.]247[:]8080
87[.]106[.]77[.]40[:]7080
86[.]42[.]166[.]147[:]80
109[.]169[.]86[.]13[:]8080
88[.]250[.]223[.]190[:]8080
138[.]68[.]106[.]4[:]7080
200[.]58[.]171[.]51[:]80
187[.]188[.]166[.]192[:]80
200[.]57[.]102[.]71[:]8443
200[.]21[.]90[.]6[:]8080
46[.]41[.]134[.]46[:]8080
178[.]249[.]187[.]151[:]8080
217[.]199[.]160[.]224[:]8080
71[.]244[.]60[.]230[:]7080
119[.]59[.]124[.]163[:]8080
185[.]86[.]148[.]222[:]8080
190[.]230[.]60[.]129[:]80
178[.]79[.]163[.]131[:]8080
186[.]83[.]133[.]253[:]8080
179[.]62[.]18[.]56[:]443
91[.]205[.]215[.]57[:]7080
217[.]113[.]27[.]158[:]443
181[.]36[.]42[.]205[:]443
190[.]19[.]42[.]131[:]80
183[.]82[.]97[.]25[:]80
77[.]245[.]101[.]134[:]8080
109[.]104[.]79[.]48[:]8080
159[.]203[.]204[.]126[:]8080
5[.]77[.]13[.]70[:]80
189[.]187[.]141[.]15[:]50000
46[.]28[.]111[.]142[:]7080
46[.]21[.]105[.]59[:]8080
189[.]166[.]68[.]89[:]443
183[.]87[.]87[.]73[:]80
190[.]200[.]64[.]180[:]7080
79[.]143[.]182[.]254[:]8080
119[.]92[.]51[.]40[:]8080
187[.]155[.]233[.]46[:]443
89[.]188[.]124[.]145[:]443
201[.]163[.]74[.]202[:]443
62[.]75[.]160[.]178[:]8080
51[.]15[.]8[.]192[:]8080
46[.]29[.]183[.]211[:]8080
62[.]75[.]143[.]100[:]7080
114[.]79[.]134[.]129[:]443
190[.]117[.]206[.]153[:]443
203[.]25[.]159[.]3[:]8080
217[.]199[.]175[.]216[:]8080
80[.]85[.]87[.]122[:]8080
190[.]1[.]37[.]125[:]443
23[.]92[.]22[.]225[:]7080
81[.]169[.]140[.]14[:]443
46[.]163[.]144[.]228[:]80
5[.]196[.]35[.]138[:]7080
189[.]129[.]4[.]186[:]80
151[.]80[.]142[.]33[:]80
190[.]221[.]50[.]210[:]8080
190[.]104[.]253[.]234[:]990
71[.]244[.]60[.]231[:]7080
91[.]83[.]93[.]124[:]7080
181[.]81[.]143[.]108[:]80
181[.]188[.]149[.]134[:]80
50[.]28[.]51[.]143[:]8080
123[.]168[.]4[.]66[:]22
211[.]229[.]116[.]97[:]80
201[.]184[.]65[.]229[:]80
77[.]55[.]211[.]77[:]8080
212[.]71[.]237[.]140[:]8080
190[.]38[.]14[.]52[:]80
46[.]41[.]151[.]103[:]8080
149[.]62[.]173[.]247[:]8080
87[.]106[.]77[.]40[:]7080
86[.]42[.]166[.]147[:]80
109[.]169[.]86[.]13[:]8080
88[.]250[.]223[.]190[:]8080
138[.]68[.]106[.]4[:]7080
200[.]58[.]171[.]51[:]80
Hashes
09c1d3dc85c930a20b3057fb907dfd3ae06c8f21d38bdedc5f20ca6be192677d
da099c922a3c64920e7806dc41932ad88f7234b3e33e63743d6445eddc7ee781
a65fbcd2f0ea9b9dbb1d44861eabe4ebbb7da3306975eb2f9f3e0916e7f6934e
0a1a08f500acf178694a18d93271e9d6ff4f819d3d40fe720f4a6092b94a3a43
19c2784b669081e9c423336c8575738b596ac81a46c9720599ce384f9e7ba92d
05103e4e73b155dcbf5832d7b82e6abc1aa19ef42b91cd4944edbad6f1eca3c3
cb6a8eafed1e36cc4e360e441daf1481a6ad037a186e42c5d3035582d3d2b7eb
a33063d4a2aa065c8c671424dd58c701bedded567772c757fd9a7eb3f92ab486
7044c628d7a3cff0b2b11579f605b3974168550ab6832f7470f6ddf97d690a93
960592543f51c6c87842dfd2ec6dc42d527afbbe029a50947a294e75eb67488d
d231bfe18119e039979cf624c9b48860478b8d445bfdd798066b3a911dc0fcc9
URL´s
Recomendaciones
Mantener actualizadas sus plataformas (Office, Windows, Adobe Acrobat, Oracle Java y otras)
Evaluar el bloqueo preventivo de los indicadores de compromisos
Mantener actualizadas todas las plataformas de tecnologías y de detección de amenazas
Revisar los controles de seguridad de los AntiSpam y SandBoxing
Realizar concientización permanente para los usuarios sobre este tipo de amenazas
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 2CMV-00032-001