Emotet: Updated client with new C2 list

The Emotet botnet updated their clients this morning around 6am EST.

We came across these hashes for the clients:

E1
4969b8145150d8c9d92abd66db2d17b1b54efcece75812ef77e7ef72d955bd19
E2
812e7a6ebdb40271ec0f878a559c29b459527f2e21ef6208e27d34c6808cd662

The following is a list of the C2 that were pulled from the binaries. Please use these to catch any infections that may be present within your environment:

Epoch 1

109.104.79.48:8080
109.169.86.13:8080
125.99.61.162:7080
128.199.78.227:8080
138.68.106.4:7080
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
159.65.241.220:8080
162.241.130.39:8080
170.247.122.37:8080
178.79.163.131:8080
179.62.18.56:443
181.39.134.122:80
181.48.174.242:80
183.82.97.25:80
183.87.87.73:80
185.129.93.140:80
185.86.148.222:8080
186.83.133.253:8080
186.93.145.178:443
187.144.227.2:7080
187.188.166.192:80
187.242.204.142:80
190.1.37.125:443
190.117.206.153:443
190.19.42.131:80
190.230.60.129:80
190.55.39.215:80
190.97.10.198:80
196.6.112.70:443
200.32.61.210:8080
200.57.102.71:8443
200.58.171.51:80
200.80.198.34:80
201.219.183.243:443
203.25.159.3:8080
213.120.104.180:50000
217.113.27.158:443
217.199.175.216:8080
23.92.22.225:7080
37.59.1.74:8080
43.229.62.186:8080
46.21.105.59:8080
46.249.204.99:8080
46.29.183.211:8080
5.77.13.70:80
62.210.142.58:8080
62.75.143.100:7080
69.163.33.82:8080
72.47.248.48:8080
77.122.183.203:8080
80.0.106.83:80
80.85.87.122:8080
81.169.140.14:443
86.42.166.147:80
88.250.223.190:8080
89.188.124.145:443
90.69.208.50:7080
91.205.215.57:7080
91.83.93.124:7080

109.104.79.48:8080
109.169.86.13:8080
125.99.61.162:7080
128.199.78.227:8080
138.68.106.4:7080
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
159.65.241.220:8080
162.241.130.39:8080
170.247.122.37:8080
178.79.163.131:8080
179.62.18.56:443
181.39.134.122:80
181.48.174.242:80
183.82.97.25:80
183.87.87.73:80
185.129.93.140:80
185.86.148.222:8080
186.83.133.253:8080
186.93.145.178:443
187.144.227.2:7080
187.188.166.192:80
187.242.204.142:80
190.1.37.125:443
190.117.206.153:443
190.19.42.131:80
190.230.60.129:80
190.55.39.215:80
190.97.10.198:80
196.6.112.70:443
200.32.61.210:8080
200.57.102.71:8443
200.58.171.51:80
200.80.198.34:80
201.219.183.243:443
203.25.159.3:8080
213.120.104.180:50000
217.113.27.158:443
217.199.175.216:8080
23.92.22.225:7080
37.59.1.74:8080
43.229.62.186:8080
46.21.105.59:8080
46.249.204.99:8080
46.29.183.211:8080
5.77.13.70:80
62.210.142.58:8080
62.75.143.100:7080
69.163.33.82:8080
72.47.248.48:8080
77.122.183.203:8080
77.245.101.134:8080
79.143.182.254:8080
80.0.106.83:80
80.85.87.122:8080
81.169.140.14:443
86.42.166.147:80
88.250.223.190:8080
89.188.124.145:443
90.69.208.50:7080
91.205.215.57:7080
91.83.93.124:7080

Epoch 2

104.131.11.150:8080
104.131.208.175:8080
104.236.246.93:8080
104.247.221.104:8080
124.121.192.163:8443
125.99.106.226:80
136.243.177.26:8080
138.201.140.110:8080
142.93.88.16:443
144.139.247.220:80
149.202.153.252:8080
152.169.236.172:80
159.65.25.128:8080
162.144.119.216:8080
162.243.125.212:8080
169.239.182.217:8080
173.212.203.26:8080
175.100.138.82:22
177.242.214.30:80
177.246.193.139:20
178.62.37.188:443
178.79.161.166:443
179.32.19.219:22
182.176.132.213:8090
185.94.252.13:443
188.166.253.46:8080
189.209.217.49:80
190.145.67.134:8090
190.186.203.55:80
200.85.46.122:80
201.212.57.109:80
206.189.98.125:8080
211.63.71.72:8080
212.71.234.16:8080
222.214.218.192:8080
31.12.67.62:7080
31.172.240.91:8080
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
46.105.131.87:80
47.41.213.2:22
62.75.187.192:8080
64.13.225.150:8080
75.127.14.170:8080
78.24.219.147:8080
85.104.59.244:20
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
88.156.97.210:80
91.205.215.66:8080
91.83.93.103:7080
94.205.247.10:80
95.128.43.213:8080

We will continue to monitor and analyze this change and provide any updates as we come across them.