"The preliminary information provided allows the following URLs and subsequent IP addresses to be locked, as indicated otherwise," said the CSIRT Internal Ministry.
The Computer Security Accident Group (CSIRT), from the Ministry of the Interior, yesterday published the cyber-security alert, with new information on the incident.
This afternoon, CSIRT published a comprehensive list of IP addresses that need to block EMOTET signals.
As a result of co-ordination, the preliminary information gathered allows the following URLs and the following IP addresses to be locked, as long as a high level communication indicates.
hxxp: //5.39.218[.]210 / dns / dns.php? DNS = "
hxxp: //5.39.218[.]210 / dns / logs / logpc.php
hxxp: //185.29.8[.]45 / 1.exe
Perhaps a damaged file:
Block IP addresses needed: check the entire list here.
CSIRT updates the Cybersecurity Alert Malware EMOTET service. The second official statement has a broad list of IPs to be blocked. Details can be found at the following link: https://t.co/6oriBO5mqT
– CSIRT GOB CL (@CSIRTGOB) March 23, 2019
Locking must be done as flow and emission from that origin
These are the destinations, the statement.
Yesterday night, Banks and Financial Institutions Superintendent (SBIF) reported that some banks reported malicious malicious companies (malicious software) on some computers in some companies segment.
A minute later, CSIRT published a cybersecurity alert: "According to information from internal sources, cybersecurity alert alert status is linked to a malicious EMOTET, which will be affected by major economic sectors."