• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
emotet now using unconventional ip address formats to evade detection

Emotet Now Using Unconventional IP Address Formats to Evade Detection

You are here: Home / General Cyber Security News / Emotet Now Using Unconventional IP Address Formats to Evade Detection
January 24, 2022

Social engineering strategies involving the deployment of the Emotet malware botnet have been observed utilizing “unconventional” IP tackle formats for the to start with time in a bid to sidestep detection by security answers.

This includes the use of hexadecimal and octal representations of the IP tackle that, when processed by the underlying running programs, get quickly transformed “to the dotted decimal quad illustration to initiate the request from the distant servers,” Development Micro’s Danger Analyst, Ian Kenefick, claimed in a report Friday.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The infection chains, as with past Emotet-linked attacks, intention to trick users into enabling document macros and automate malware execution. The document takes advantage of Excel 4. Macros, a function that has been frequently abused by malicious actors to provide malware.

As soon as enabled, the macro invokes a URL that’s obfuscated with carets, with the host incorporating a hexadecimal representation of the IP deal with — “h^tt^p^:/^/0xc12a24f5/cc.html” — to execute an HTML software (HTA) code from the distant host.

Emotet

A second variant of the phishing attack follows the exact same modus operandi, the only difference currently being that the IP address is now coded in the octal structure — “h^tt^p^:/^/0056.0151.0121.0114/c.html”.

“The unconventional use of hexadecimal and octal IP addresses may well end result in evading recent methods reliant on pattern matching,” Kenefick stated. “Evasion tactics like these could be viewed as evidence of attackers continuing to innovate to thwart pattern-primarily based detection options.”

Prevent Data Breaches

The improvement comes amid renewed Emotet action late past year following a 10-thirty day period-extensive hiatus in the wake of a coordinated legislation enforcement operation. In December 2021, researchers uncovered proof of the malware evolving its methods to fall Cobalt Strike Beacons specifically on to compromised systems.

The conclusions also get there as Microsoft discovered plans to disable Excel 4. (XLM) Macros by default to safeguard consumers from security threats. “This environment now defaults to Excel 4. (XLM) macros remaining disabled in Excel (Establish 16..14427.10000),” the organization declared past 7 days.

Uncovered this post exciting? Adhere to THN on Facebook, Twitter  and LinkedIn to read through additional distinctive written content we article.


Some components of this short article are sourced from:
thehackernews.com

Previous Post: «high severity rust programming bug could lead to file, directory deletion High-Severity Rust Programming Bug Could Lead to File, Directory Deletion
Next Post: Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers unusual ‘donald trump’ packer malware delivers rats, infostealers»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.