Emotet Coming in Hot

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://blog.talosintelligence.com/emotet-coming-in-hot/
Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year, rebuilding its infrastructure and becoming highly active in a short time.

Emotet is back again with a new campaign displaying many characteristics of older runs, including the use of Auto Open macros inside XLS documents. Cisco Talos has observed an increased activity of spam distributing this new strain beginning in early November 2022, and the volume of spam and Emotet infrastructure has been increasing since then to target multiple geographies around the world.
Click to expand...
Following Microsoft’s recent announcement that it would begin disabling macros by default in Office documents downloaded from the internet, many malware families have begun migrating away from Office macros to other delivery mechanisms like ISO and LNK files. Therefore, it is interesting to note that this new campaign of Emotet is using its old method of distributing malicious MS Office documents (maldocs) via email-based phishing.

The malware is delivered via email spam messages that contain a zip file with a XLS file inside, or the XLS attached directly to the email. Based on the samples Talos observed, the messages have minimal content in the email body, typically only consisting of a filename and password. These emails might either be new emails arriving in a victim’s inbox or can even pose as responses to an existing, hijacked thread
Click to expand...
blog.talosintelligence.com

Emotet coming in hot

Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year, rebuilding its...
blog.talosintelligence.com blog.talosintelligence.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: tipo, Gandalf_The_Grey, Der.Reisende and 5 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Emotet malware now distributed in Microsoft OneNote files to evade defenses
Replies
15
Views
1,239
News Archive
ForgottenSeer 98186
F
silversurfer
    • +Reputation
    • Like
    • Wow
Emotet Malware Makes a Comeback with New Evasion Techniques
Replies
0
Views
501
News Archive
silversurfer
silversurfer
MuzzMelbourne
    • Like
    • +Reputation
Emotet Resurfaces Yet Again After 3-Month Hiatus
Replies
0
Views
436
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top