Emotet Domain IOC Feed

Query Information

Description

Emotet Domain IOC Feed Source: Talos Intelligence Feed information: https://blog.talosintelligence.com/emotet-coming-in-hot/ Feed link: https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_contacted_domains.txt

Defender XDR

let EmotetDomain = externaldata(Domain: string)[@"https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2022/11/Emotet_contacted_domains.txt"] with (format="txt", ignoreFirstRecord=True);
DeviceNetworkEvents
| where RemoteUrl in~ (EmotetDomain)
| project Timestamp, RemoteUrl, RemoteIP, DeviceName, InitiatingProcessCommandLine, InitiatingProcessFileName, InitiatingProcessAccountDomain, InitiatingProcessAccountName

Sentinel

let EmotetDomain = externaldata(Domain: string)[@"https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2022/11/Emotet_contacted_domains.txt"] with (format="txt", ignoreFirstRecord=True);
DeviceNetworkEvents
| where RemoteUrl in~ (EmotetDomain)
| project TimeGenerated, RemoteUrl, RemoteIP, DeviceName, InitiatingProcessCommandLine, InitiatingProcessFileName, InitiatingProcessAccountDomain, InitiatingProcessAccountName

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TI Feed - 2022-TalosEmotetDomain.md

TI Feed - 2022-TalosEmotetDomain.md

Emotet Domain IOC Feed

Query Information

Description

Defender XDR

Sentinel

Files

TI Feed - 2022-TalosEmotetDomain.md

Latest commit

History

TI Feed - 2022-TalosEmotetDomain.md

File metadata and controls

Emotet Domain IOC Feed

Query Information

Description

Defender XDR

Sentinel