2018-07-10 Emotet - Subject: Invoice related

gistfile1.txt

Valid URLs:
===========
hxxp://mjcapt[.]com/newsletter/US/ACCOUNT/Please-pull-invoice-44130/
hxxp://www[.]anadolu-yapi[.]xyz/pdf/US/Order/Order-22324681075/
hxxp://www[.]friendsengg[.]co[.]in/files/En_us/STATUS/Invoice-07-10-18/
hxxp://www[.]desabiangkeke[.]com/doc/EN_en/INVOICE-STATUS/Invoice-18660/
hxxp://www[.]nasa[.]ekpaideusi[.]gr/newsletter/US/DOC/Invoice-3243324682-07-10-2018/
hxxp://www[.]elizimuhendislik[.]xyz/doc/EN_en/Statement/Invoice-7384991949-07-10-2018/
hxxp://www[.]docudabra[.]com/newsletter/En/ACCOUNT/Pay-Invoice/
hxxp://test[.]foskinterior[.]com/Jul2018/En_us/ACCOUNT/Invoice-14693880736-07-09-2018/
hxxp://www[.]sssgf[.]in/sites/En_us/DOC/Invoice-641879/

Invalid URLs:
=============
hxxp://www[.]enequipo[.]es/files/En/Purchase/Account-62123/
hxxp://www[.]spiritualhealerashish[.]com/pdf/US/STATUS/Invoice-07-10-18/
hxxp://www[.]ikonikov[.]lt/sites/En/Jul2018/Invoice-0225874/

Emotet Information:
===============
MD5 (INV-- DK1946 - JO# 3482.doc) = b603778b62c0c146f638c7a22a0531f0
 - https://app.any.run/tasks/d3e28d1e-3783-4f48-aa90-71cf31383c9b
 - https://www.virustotal.com/#/file/64809e3d53b3e0d1abb1b2fbd9f2121988404a71144c6da8661c52c69c240022/detection
 - hxxp://www[.]adonissanat[.]com/z/
 - hxxp://www[.]adonisict[.]com/Cq4jwgPS/
 - hxxp://www[.]dqwqwdqwqwd[.]info/By/
 - hxxp://www[.]appearancenetwork[.]com/wp-content/uploads/7K2/
 - hxxp://www[.]brands2life[.]b2ldigitalprojects[.]com/wp-content/upload

MD5 (INV-440286.doc) = 18046e008b255fdbe6c13e098eaa2142
 - https://app.any.run/tasks/3df430a4-3ec3-4771-a30d-2948849697ff
 - https://www.virustotal.com/#/file/dbe58f9025ed00c604d17ebf8de4613d344836f70c0f76ef58d127200c70d63f/detection
 - hxxp://www[.]adonissanat[.]com/z/
 - hxxp://www[.]adonisict[.]com/Cq4jwgPS/
 - hxxp://www[.]dqwqwdqwqwd[.]info/By/
 - hxxp://www[.]appearancenetwork[.]com/wp-content/uploads/7K2/
 - hxxp://www[.]brands2life[.]b2ldigitalprojects[.]com/wp-content/uploads/2017/Wq/

MD5 (INV-00165250236.doc) = 72241ada6473a047b17526ef38f58810
 - https://app.any.run/tasks/5d960529-7ec0-460a-ac03-21249ee59ebd
 - https://www.virustotal.com/#/file/53da48a0821a575d2d26dfc02aaff907837c0377ba19c9159bbc35aa95a52fda/detection
 - http://www[.]adonissanat[.]com/z/
 - hxxp://www[.]adonisict[.]com/Cq4jwgPS/
 - hxxp://www[.]dqwqwdqwqwd[.]info/By/
 - hxxp://www[.]appearancenetwork[.]com/wp-content/uploads/7K2/
 - hxxp://www[.]brands2life[.]b2ldigitalprojects[.]com/wp-content/uploads/2017/Wq/

MD5 (INV-00483201.96.doc) = 69d1f80000005ca471753ba4f190c389
 - https://app.any.run/tasks/0e74c568-902a-4509-991b-ace5831c466e
 - https://www.virustotal.com/#/file/66db6d1df008845690d9472234f68f5d490becd9f53b0079e87e41675fc7f348/detection
 - hxxp://www[.]baliwelcomesyou[.]com/4KUE/
 - hxxp://www[.]amanahwisatatour[.]com/cK/
 - hxxp://www[.]assess2grow[.]co[.]za/0Jz8cT/
 - hxxp://arquitectoencolunga[.]com/tE/
 - hxxp://aidoutor[.]com/nw9rmD/

MD5 (KQ-96319951121.doc) = 17bea7c5ba175d247da298ef4e9c79e2
 - https://app.any.run/tasks/078fc323-b6ef-4b43-af39-fec0dafcf3cc
 - https://www.virustotal.com/#/file/b72da9c86e4496c51fc622ddd5d45c4e390aa8272be4ff0b7ba7590ba2f673d3/detection
 - hxxp://www[.]maltofer[.]ro/vg/
 - hxxp://www[.]soft[.]lego-web[.]ru/HBQM6F/
 - hxxp://www[.]lifein[.]com[.]cn/wp-admin/PhYX2j/
 - hxxp://limusina[.]barcelona/kYZyu/
 - hxxp://www[.]microhubprojectmaker[.]com/OxNBEAb/