Author Topic: Emotet/Epoch1 being flagged on this website?  (Read 1630 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Emotet/Epoch1 being flagged on this website?
« Reply #1 on: January 13, 2020, 08:00:22 PM »
Quote
See failed scan here: https://sitecheck.sucuri.net/results/majan.neomeric.us
And the first thing to check when you see that is? ........ is it taken down?

Yes it is   https://downforeveryoneorjustme.com/majan.neomeric.us

also shown under VT detail button .... no details to show



Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Emotet/Epoch1 being flagged on this website?
« Reply #2 on: January 13, 2020, 10:27:56 PM »
Emotet doesn't normally show up in websites. Typical delivery platform is email, so this is odd.

IP Detection by IBM for malware: https://exchange.xforce.ibmcloud.com/ip/68.66.224.30

@Pondus - Often times, malicious websites don't remain online for long.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Emotet/Epoch1 being flagged on this website?
« Reply #3 on: January 14, 2020, 11:58:01 PM »
Hi Michael (alan1998),

Lately it is showing up and mainly in Word Press & gstore websites:
https://urlhaus.abuse.ch/url/288576/https://urlhaus.abuse.ch/url/288575/  &  https://urlhaus.abuse.ch/url/288572/  etc.
infested with emotet, heodo, epoch2.

Compare searches with -> https://maltiverse.com/sample/c6f6ca23761292552e6ea5f12496dc9c73374be0c5f9d0b2142ca3ae0bb8fe14
etc.

Remember with the latest plug-in flaw 320.000 Word Press sites are still unpatched and vulnerable  ???

polonus
« Last Edit: January 14, 2020, 11:59:42 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!