{"id":11105,"date":"2019-09-11T03:35:04","date_gmt":"2019-09-11T01:35:04","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=11105"},"modified":"2019-09-11T03:35:04","modified_gmt":"2019-09-11T01:35:04","slug":"emotet-cc-server-liefern-neue-schadsoftware-aus","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/09\/11\/emotet-cc-server-liefern-neue-schadsoftware-aus\/","title":{"rendered":"Emotet C&amp;C servers deliver new malware"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/09\/10\/emotet-cc-server-liefern-neue-schadsoftware-aus\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]CERT-Bund informs that the cyber criminals behind the malware Emotet are currently rolling out new malware via their Command &amp; Control servers (C&amp;C servers). In addition, German city of Neustadt am R\u00fcbenberge has been infected by Emotet.<\/p>\n<p><!--more--><\/p>\n<h2>CERT-Bund warns<\/h2>\n<p>At the end of August 2019 I had reported that the remote cyber criminals had returned after a 'summer break' and booted the C&amp;C servers. I had this in the blog post <a href=\"https:\/\/borncity.com\/win\/2019\/08\/23\/cert-bund-warns-emotet-is-back-cc-server-online-again\/\">CERT-Bund warns: Emotet is back, C&amp;C servers online again<\/a>. There you can also find hints about Emotet. Now I just came across a warning of the CERT-Bund about the following tweet, which points to the following facts. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"de\" dir=\"ltr\">Seit einigen Stunden liefern die <a href=\"https:\/\/twitter.com\/hashtag\/Emotet?src=hash&amp;ref_src=twsrc%5Etfw\">#Emotet<\/a> C&amp;C-Server neue Versionen der <a href=\"https:\/\/twitter.com\/hashtag\/Schadsoftware?src=hash&amp;ref_src=twsrc%5Etfw\">#Schadsoftware<\/a> aus. Diese enthalten auch neue C&amp;C-Adressen.<br \/>Aktuelle Blocklisten gibt es wie immer bei <a href=\"https:\/\/twitter.com\/Cryptolaemus1?ref_src=twsrc%5Etfw\">@Cryptolaemus1<\/a>. <a href=\"https:\/\/twitter.com\/hashtag\/BlockNow?src=hash&amp;ref_src=twsrc%5Etfw\">#BlockNow<\/a>!<\/p>\n<p>\u2014 CERT-Bund (@certbund) <a href=\"https:\/\/twitter.com\/certbund\/status\/1171310541199040512?ref_src=twsrc%5Etfw\">September 10, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The tweet from German CERT-Bund warns about the Emotet trojan. They say, the malware Emotet are currently dpwnloading new malware via their Command &amp; Control servers (C&amp;C servers). The following tweet addresses the same topic:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Emotet is back ! <a href=\"https:\/\/t.co\/QJZlGgDzId\">pic.twitter.com\/QJZlGgDzId<\/a><\/p>\n<p>\u2014 Raashid Bhat (@raashidbhatt) <a href=\"https:\/\/twitter.com\/raashidbhatt\/status\/1164688969486831616?ref_src=twsrc%5Etfw\">August 23, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Administrators who block the relevant C&amp;C servers in their network firewalls must therefore react. The following tweet specifies the Pastebin address with the latest block lists.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Updated again as of 13:45 EDT with 1 additional C2 for E2 from <a href=\"https:\/\/twitter.com\/lazyactivist192?ref_src=twsrc%5Etfw\">@lazyactivist192<\/a> <br \/>\"+\" added infront of the new C2 additions. Block this stuff now!<a href=\"https:\/\/t.co\/TqsgNQB1TM\">https:\/\/t.co\/TqsgNQB1TM<\/a><\/p>\n<p>\u2014 Cryptolaemus (@Cryptolaemus1) <a href=\"https:\/\/twitter.com\/Cryptolaemus1\/status\/1171118216824918017?ref_src=twsrc%5Etfw\">September 9, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<h2>To late for Neustadt<\/h2>\n<p>German site heise <a href=\"https:\/\/www.heise.de\/newsticker\/meldung\/Ransomware-Neue-Emotet-Welle-legt-Neustaedter-Stadtverwaltung-lahm-4518819.html\" target=\"_blank\" rel=\"noopener noreferrer\">reported here<\/a>, that the city council of Neustadt am R\u00fcbenberge was just recently infected by Emotet. Until next Friday the local network of the city administration remains switched off. Neustadt am R\u00fcbenberge is located near Hanover (i.e. Heise-Land). According to German site <a href=\"https:\/\/www.ndr.de\/nachrichten\/niedersachsen\/hannover_weser-leinegebiet\/Cyberattacke-legt-Stadtverwaltung-lahm,neustadt332.html\" target=\"_blank\" rel=\"noopener noreferrer\">NDR<\/a> several offices of the city have become victims of the blackmail Trojan Emotet. The Emotet infection was probably caused by an infected e-mail attachment.&nbsp; <\/p>\n<p>Until the end of the week the computers may not be used and the city administration is therefore at present only limited able to work. The car registration office is closed, the employees have no e-mail function. It is also not currently possible to apply for identity cards or passports. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]CERT-Bund informs that the cyber criminals behind the malware Emotet are currently rolling out new malware via their Command &amp; Control servers (C&amp;C servers). In addition, German city of Neustadt am R\u00fcbenberge has been infected by Emotet.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-11105","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=11105"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11105\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=11105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=11105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=11105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}