MUMMY SPIDER (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

MUMMY SPIDER (Back to overview)

aka: TA542, GOLD CRESTWOOD

MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malware shared code with the Bugat (aka Feodo) banking Trojan. However, MUMMY SPIDER swiftly developed the malware’s capabilities to include an RSA key exchange for command and control (C2) communication and a modular architecture. MUMMY SPIDER does not follow typical criminal behavioral patterns. In particular, MUMMY SPIDER usually conducts attacks for a few months before ceasing operations for a period of between three and 12 months, before returning with a new variant or version. After a 10 month hiatus, MUMMY SPIDER returned Emotet to operation in December 2016 but the latest variant is not deploying a banking Trojan module with web injects, it is currently acting as a ‘loader’ delivering other malware packages. The primary modules perform reconnaissance on victim machines, drop freeware tools for credential collection from web browsers and mail clients and a spam plugin for self-propagation. The malware is also issuing commands to download and execute other malware families such as the banking Trojans Dridex and Qakbot. MUMMY SPIDER advertised Emotet on underground forums until 2015, at which time it became private. Therefore, it is highly likely that Emotet is operate

Associated Families

js.unidentified_003 win.emotet

References

2023-03-22 ⋅ Cisco Talos ⋅ Edmund Brumaghin, Jaeson Schultz
Emotet Resumes Spam Operations, Switches to OneNote
Emotet

2023-03-13 ⋅ Trendmicro ⋅ Ian Kenefick
Emotet Returns, Now Adopts Binary Padding for Evasion
Emotet

2023-03-07 ⋅ BleepingComputer ⋅ Lawrence Abrams
Emotet malware attacks return after three-month break
Emotet

2023-03-07 ⋅ Cofense ⋅ Cofense
Emotet Sending Malicious Emails After Three-Month Hiatus
Emotet

2023-02-26 ⋅ Medium Ilandu ⋅ Ilan Duhin, Yossi Poberezsky
Emotet Campaign
Emotet

2023-01-30 ⋅ Checkpoint ⋅ Arie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot

2023-01-26 ⋅ Acronis ⋅ Ilan Duhin
Unpacking Emotet Malware
Emotet

2023-01-20 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
Emotet Returns With New Methods of Evasion
Emotet IcedID

2023-01-09 ⋅ Intrinsec ⋅ Intrinsec, CTI Intrinsec
Emotet returns and deploys loaders
BumbleBee Emotet IcedID

2022-12-19 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[Z2A]Bimonthly malware challege – Emotet (Back From the Dead)
Emotet

2022-11-28 ⋅ The DFIR Report ⋅ The DFIR Report
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker

2022-11-21 ⋅ BSides Sydney ⋅ Thomas Roccia
X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?
Emotet

2022-11-16 ⋅ Proofpoint ⋅ Pim Trouerbach, Axel F
A Comprehensive Look at Emotet Virus’ Fall 2022 Return
BumbleBee Emotet IcedID

2022-11-10 ⋅ Intezer ⋅ Nicole Fishbein
How LNK Files Are Abused by Threat Actors
BumbleBee Emotet Mount Locker QakBot

2022-10-28 ⋅ Elastic ⋅ @rsprooten, Elastic Security Intelligence & Analytics Team
EMOTET dynamic config extraction
Emotet

2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm

2022-10-03 ⋅ vmware ⋅ Threat Analysis Unit
Emotet Exposed: A Look Inside the Cybercriminal Supply Chain
Emotet

2022-09-13 ⋅ AdvIntel ⋅ Advanced Intelligence
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022
Conti Cobalt Strike Emotet Ryuk TrickBot

2022-09-12 ⋅ The DFIR Report ⋅ The DFIR Report
Dead or Alive? An Emotet Story
Cobalt Strike Emotet

2022-08-23 ⋅ Darktrace ⋅ Eugene Chua, Paul Jennings, Hanah Darley
Emotet Resurgence: Cross-Industry Campaign Analysis
Emotet

2022-08-19 ⋅ vmware ⋅ Oleg Boyarchuk, Stefano Ortolani
How to Replicate Emotet Lateral Movement
Emotet

2022-08-10 ⋅ BitSight ⋅ João Batista
Emotet SMB Spreader is Back
Emotet

2022-07-17 ⋅ Resecurity ⋅ Resecurity
Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise
AsyncRAT BumbleBee Emotet IcedID QakBot

2022-07-12 ⋅ Cyren ⋅ Kervin Alintanahin
Example Analysis of Multi-Component Malware
Emotet Formbook

2022-07-07 ⋅ SANS ISC ⋅ Brad Duncan
Emotet infection with Cobalt Strike
Cobalt Strike Emotet

2022-07-07 ⋅ Fortinet ⋅ Erin Lin
Notable Droppers Emerge in Recent Threat Campaigns
BumbleBee Emotet PhotoLoader QakBot

2022-06-27 ⋅ Netskope ⋅ Gustavo Palazolo
Emotet: Still Abusing Microsoft Office Macros
Emotet

2022-06-21 ⋅ McAfee ⋅ Lakshya Mathur
Rise of LNK (Shortcut files) Malware
BazarBackdoor Emotet IcedID QakBot

2022-06-16 ⋅ ESET Research ⋅ Rene Holt
How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security
Emotet

2022-06-02 ⋅ Mandiant ⋅ Mandiant
TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot

2022-05-27 ⋅ Kroll ⋅ Cole Manaster, George Glass, Elio Biasiotto
Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20
Emotet

2022-05-25 ⋅ vmware ⋅ Oleg Boyarchuk, Stefano Ortolani
Emotet Config Redux
Emotet

2022-05-24 ⋅ Deep instinct ⋅ Bar Block
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them
Dridex Emotet

2022-05-24 ⋅ BitSight ⋅ João Batista, Pedro Umbelino, BitSight
Emotet Botnet Rises Again
Cobalt Strike Emotet QakBot SystemBC

2022-05-19 ⋅ Trend Micro ⋅ Adolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
Emotet QakBot

2022-05-17 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Emotet Summary: November 2021 Through January 2022
Emotet

2022-05-16 ⋅ vmware ⋅ Oleg Boyarchuk, Stefano Ortolani, Jason Zhang, Threat Analysis Unit
Emotet Moves to 64 bit and Updates its Loader
Emotet

2022-05-11 ⋅ IronNet ⋅ Blake Cahen, IronNet Threat Research
Detecting a MUMMY SPIDER campaign and Emotet infection
Emotet

2022-05-11 ⋅ HP ⋅ HP Wolf Security
Threat Insights Report Q1 - 2022
AsyncRAT Emotet Mekotio Vjw0rm

2022-05-09 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT

2022-05-09 ⋅ Netresec ⋅ Erik Hjelmvik
Emotet C2 and Spam Traffic Video
Emotet

2022-05-06 ⋅ Netskope ⋅ Gustavo Palazolo
Emotet: New Delivery Mechanism to Bypass VBA Protection
Emotet

2022-05-04 ⋅ Sophos ⋅ Andreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet

2022-04-28 ⋅ Symantec ⋅ Karthikeyan C Kasiviswanathan, Vishal Kamble
Ransomware: How Attackers are Breaching Corporate Networks
AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot

2022-04-27 ⋅ Cybleinc ⋅ Cyble
Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims
Emotet

2022-04-26 ⋅ Bleeping Computer ⋅ Ionut Ilascu
Emotet malware now installs via PowerShell in Windows shortcut files
Emotet

2022-04-26 ⋅ Proofpoint ⋅ Axel F
Emotet Tests New Delivery Techniques
Emotet

2022-04-26 ⋅ Intel 471 ⋅ Intel 471
Conti and Emotet: A constantly destructive duo
Cobalt Strike Conti Emotet IcedID QakBot TrickBot

2022-04-24 ⋅ forensicitguy ⋅ Tony Lambert
Shortcut to Emotet, an odd TTP change
Emotet

2022-04-20 ⋅ cocomelonc ⋅ cocomelonc
Malware development: persistence - part 1. Registry run keys. C++ example.
Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky

2022-04-20 ⋅ CISA ⋅ CISA
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet

2022-04-20 ⋅ CISA ⋅ CISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA)
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader

2022-04-19 ⋅ Twitter (@Cryptolaemus1) ⋅ Cryptolaemus
#Emotet Update: 64 bit upgrade of Epoch 5
Emotet

2022-04-19 ⋅ Bleeping Computer ⋅ Bill Toulas
Emotet botnet switches to 64-bit modules, increases activity
Emotet

2022-04-18 ⋅ Fortinet ⋅ Erin Lin
Trends in the Recent Emotet Maldoc Outbreak
Emotet

2022-04-17 ⋅ BushidoToken Blog ⋅ BushidoToken
Lessons from the Conti Leaks
BazarBackdoor Conti Emotet IcedID Ryuk TrickBot

2022-04-13 ⋅ Kaspersky ⋅ AMR
Emotet modules and recent attacks
Emotet

2022-04-12 ⋅ AhnLab ⋅ ASEC Analysis Team
SystemBC Being Used by Various Attackers
Emotet SmokeLoader SystemBC

2022-04-12 ⋅ Check Point ⋅ Check Point Research
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance
Alien FluBot Agent Tesla Emotet

2022-04-08 ⋅ ReversingLabs ⋅ Paul Roberts
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles
Conti Emotet TrickBot

2022-04-02 ⋅ Github (pl-v) ⋅ Player-V
Emotet Analysis Part 1: Unpacking
Emotet

2022-03-30 ⋅ Prevailion ⋅ Prevailion
Wizard Spider continues to confound
BazarBackdoor Cobalt Strike Emotet

2022-03-29 ⋅ vmware ⋅ Oleg Boyarchuk, Jason Zhang, Threat Analysis Unit
Emotet C2 Configuration Extraction and Analysis
Emotet

2022-03-28 ⋅ Cisco ⋅ María José Erquiaga, Onur Erdogan, Adela Jezkova
Emotet is Back
Emotet

2022-03-23 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
Threat Intelligence Executive Report Volume 2022, Number 2
Conti Emotet IcedID TrickBot

2022-03-23 ⋅ Fortinet ⋅ Shunichi Imano, Val Saengphaibul
Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams
Emotet

2022-03-23 ⋅ Fortinet ⋅ Xiaopeng Zhang
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II
Emotet

2022-03-23 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
Conti Emotet IcedID TrickBot

2022-03-23 ⋅ NVISO Labs ⋅ Bart Parys
Hunting Emotet campaigns with Kusto
Emotet

2022-03-21 ⋅ Info Security ⋅ Vinugayathri Chinnasamy
Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware
Emotet

2022-03-16 ⋅ Dragos ⋅ Josh Hanrahan
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Conti Emotet

2022-03-16 ⋅ Symantec ⋅ Symantec Threat Hunter Team
The Ransomware Threat Landscape: What to Expect in 2022
AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin

2022-03-08 ⋅ Lumen ⋅ Black Lotus Labs
What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets
Emotet

2022-03-07 ⋅ Fortinet ⋅ Xiaopeng Zhang
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
Emotet

2022-03-03 ⋅ Trend Micro ⋅ Trend Micro Research
Cyberattacks are Prominent in the Russia-Ukraine Conflict
BazarBackdoor Cobalt Strike Conti Emotet WhisperGate

2022-03-02 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Conti Ransomware Group Diaries, Part II: The Office
Conti Emotet Ryuk TrickBot

2022-03-01 ⋅ Twitter (@ContiLeaks) ⋅ ContiLeaks
Tweet on Emotet final server scheme
Emotet

2022-02-25 ⋅ CyberScoop ⋅ Joe Warminsky
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators
BazarBackdoor Emotet TrickBot

2022-02-24 ⋅ The Hacker News ⋅ Ravie Lakshmanan
TrickBot Gang Likely Shifting Operations to Switch to New Malware
BazarBackdoor Emotet QakBot TrickBot

2022-02-24 ⋅ The Hacker News ⋅ Ravie Lakshmanan
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure
BazarBackdoor Emotet TrickBot

2022-02-24 ⋅ Cynet ⋅ Max Malyutin
New Wave of Emotet – When Project X Turns Into Y
Cobalt Strike Emotet

2022-02-23 ⋅ cyber.wtf blog ⋅ Luca Ebach
What the Pack(er)?
Cobalt Strike Emotet

2022-02-16 ⋅ Security Onion ⋅ Doug Burks
Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08
Cobalt Strike Emotet

2022-02-16 ⋅ Threat Post ⋅ Elizabeth Montalbano
Emotet Now Spreading Through Malicious Excel Files
Emotet

2022-02-15 ⋅ Palo Alto Networks Unit 42 ⋅ Saqib Khanzada, Tyler Halfpop, Micah Yates, Brad Duncan
New Emotet Infection Method
Emotet

2022-02-15 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
Increase in Emotet Activity and Cobalt Strike Deployment
Cobalt Strike Emotet

2022-02-13 ⋅ NetbyteSEC ⋅ Taqi, Rosamira, Fareed
Technical Malware Analysis: The Return of Emotet
Emotet

2022-02-10 ⋅ Cybereason ⋅ Cybereason Global SOC Team
Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot
Cobalt Strike Emotet IcedID QakBot

2022-02-07 ⋅ vmware ⋅ Jason Zhang, Threat Analysis Unit
Emotet Is Not Dead (Yet) – Part 2
Emotet

2022-02-02 ⋅ VMRay ⋅ VMRay Labs Team, Mateusz Lukaszewski
Malware Analysis Spotlight: Emotet’s Use of Cryptography
Emotet

2022-01-27 ⋅ Threat Lab Indonesia ⋅ Threat Lab Indonesia
Malware Analysis Emotet Infection
Emotet

2022-01-25 ⋅ SANS ISC ⋅ Brad Duncan
Emotet Stops Using 0.0.0.0 in Spambot Traffic
Emotet

2022-01-23 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Emotet epoch4 & epoch5 tactics
Emotet

2022-01-22 ⋅ Atomic Matryoshka ⋅ z3r0day_504
Malware Headliners: Emotet
Emotet

2022-01-21 ⋅ Trend Micro ⋅ Ian Kenefick
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
Emotet

2022-01-21 ⋅ vmware ⋅ Jason Zhang, Threat Analysis Unit
Emotet Is Not Dead (Yet)
Emotet

2022-01-19 ⋅ Gdata ⋅ Karsten Hahn
Malware vaccines can prevent pandemics, yet are rarely used
Emotet STOP

2022-01-19 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan
0.0.0.0 in Emotet Spambot Traffic
Emotet

2022-01-17 ⋅ forensicitguy ⋅ Tony Lambert
Emotet's Excel 4.0 Macros Dropping DLLs
Emotet

2022-01-14 ⋅ RiskIQ ⋅ Jordan Herman
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet

2022-01-07 ⋅ muha2xmad ⋅ Muhammad Hasan Ali
Unpacking Emotet malware part 02
Emotet

2022-01-06 ⋅ muha2xmad ⋅ Muhammad Hasan Ali
Unpacking Emotet malware part 01
Emotet

2021-12-22 ⋅ Cloudsek ⋅ Anandeshwar Unnikrishnan
Emotet 2.0: Everything you need to know about the new Variant of the Banking Trojan
Emotet

2021-12-13 ⋅ Zscaler ⋅ Dennis Schwarz, Avinash Kumar
Return of Emotet: Malware Analysis
Emotet

2021-12-09 ⋅ HP ⋅ Patrick Schläpfer
Emotet’s Return: What’s Different?
Emotet

2021-12-08 ⋅ Check Point Research ⋅ Raman Ladutska, Aliaksandr Trafimchuk, David Driker, Yali Magiel
When old friends meet again: why Emotet chose Trickbot for rebirth
Emotet TrickBot

2021-12-07 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Cobalt Strike Emotet

2021-11-30 ⋅ Deep instinct ⋅ Ron Ben Yizhak
The Re-Emergence of Emotet
Emotet

2021-11-25 ⋅ DSIH ⋅ Charles Blanc-Rolin
Emotet de retour, POC Exchange, 0-day Windows : à quelle sauce les attaquants prévoient de nous manger cette semaine?
Emotet

2021-11-23 ⋅ Anomali ⋅ Anomali Threat Research
Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return
Emotet

2021-11-20 ⋅ Twitter (@eduardfir) ⋅ Eduardo Mattos
Tweet on Velociraptor artifact analysis for Emotet
Emotet

2021-11-20 ⋅ Advanced Intelligence ⋅ Yelisey Boguslavskiy, Vitali Kremez
Corporate Loader "Emotet": History of "X" Project Return for Ransomware
Emotet

2021-11-20 ⋅ Youtube (HEXORCIST) ⋅ Nicolas Brulez
Unpacking Emotet and Reversing Obfuscated Word Document
Emotet

2021-11-19 ⋅ LAC WATCH ⋅ LAC WATCH
Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack
Emotet

2021-11-19 ⋅ CRONUP ⋅ Germán Fernández
La Botnet de EMOTET reinicia ataques en Chile y LATAM
Emotet

2021-11-18 ⋅ Netskope ⋅ Gustavo Palazolo, Ghanashyam Satpathy
Netskope Threat Coverage: The Return of Emotet
Emotet

2021-11-18 ⋅ eSentire ⋅ eSentire
Emotet Activity Identified
Emotet

2021-11-16 ⋅ Malwarebytes ⋅ Malwarebytes Threat Intelligence Team
TrickBot helps Emotet come back from the dead
Emotet TrickBot

2021-11-16 ⋅ Hornetsecurity ⋅ Security Lab
Comeback of Emotet
Emotet

2021-11-16 ⋅ Zscaler ⋅ Deepen Desai
Return of Emotet malware
Emotet

2021-11-16 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan
Emotet Returns
Emotet

2021-11-15 ⋅ cyber.wtf blog ⋅ Luca Ebach
Guess who’s back
Emotet

2021-11-15 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Emotet malware is back and rebuilding its botnet via TrickBot
Emotet

2021-08-15 ⋅ Symantec ⋅ Threat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker

2021-07-12 ⋅ The Record ⋅ Catalin Cimpanu
Over 780,000 email accounts compromised by Emotet have been secured
Emotet

2021-06-16 ⋅ S2 Grupo ⋅ CSIRT-CV (the ICT Security Center of the Valencian Community)
Emotet campaign analysis
Emotet QakBot

2021-06-10 ⋅ Tagesschau ⋅ Hakan Tanriverdi, Maximilian Zierer
Schadsoftware Emotet: BKA befragt Schlüsselfigur
Emotet

2021-06-10 ⋅ ZEIT Online ⋅ Von Kai Biermann, Astrid Geisler, Herwig G. Höller, Karsten Polke-Majewski, Zachary Kamel
On the Trail of the Internet Extortionists
Emotet Mailto

2021-05-26 ⋅ DeepInstinct ⋅ Ron Ben Yizhak
A Deep Dive into Packing Software CryptOne
Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader

2021-05-10 ⋅ Wirtschaftswoche ⋅ Thomas Kuhn
How one of the largest hacker networks in the world was paralyzed
Emotet

2021-04-22 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2021
Emotet Ficker Stealer Raccoon

2021-04-22 ⋅ Github (@cecio) ⋅ @red5heep
EMOTET: a State-Machine reversing exercise
Emotet

2021-04-09 ⋅ Palo Alto Networks Unit 42 ⋅ Yanhui Jia, Chris Navarrete
Emotet Command and Control Case Study
Emotet

2021-03-31 ⋅ Red Canary ⋅ Red Canary
2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot

2021-03-31 ⋅ Kaspersky ⋅ Kaspersky
Financial Cyberthreats in 2020
BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus

2021-03-21 ⋅ Blackberry ⋅ Blackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot

2021-03-17 ⋅ HP ⋅ HP Bromium
Threat Insights Report Q4-2020
Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader

2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Chris Navarrete, Yanhui Jia, Matthew Tennis, Durgesh Sangvikar, Rongbo Shao
Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet

2021-02-28 ⋅ PWC UK ⋅ PWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Tonto Team

2021-02-28 ⋅ NetbyteSEC
Deobfuscating Emotet Macro Document and Powershell Command
Emotet

2021-02-25 ⋅ JPCERT/CC ⋅ Ken Sajo
Emotet Disruption and Outreach to Affected Users
Emotet

2021-02-25 ⋅ ANSSI ⋅ CERT-FR
Ryuk Ransomware
BazarBackdoor Buer Conti Emotet Ryuk TrickBot

2021-02-24 ⋅ IBM ⋅ IBM SECURITY X-FORCE
X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot

2021-02-24 ⋅ Allsafe ⋅ Shota Nakajima, Hara Hiroaki
Malware Analysis at Scale - Defeating Emotet by Ghidra
Emotet

2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER

2021-02-17 ⋅ Politie NL ⋅ Politie NL
Politie bestrijdt cybercrime via Nederlandse infrastructuur
Emotet

2021-02-17 ⋅ YouTube (AGDC Services) ⋅ AGDC Services
How Malware Can Resolve APIs By Hash
Emotet Mailto

2021-02-16 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes
Emotet Ryuk NARWHAL SPIDER TA800

2021-02-12 ⋅ CERT-FR ⋅ CERT-FR
The Malware-Aa-A-Service Emotet
Emotet

2021-02-08 ⋅ GRNET CERT ⋅ Dimitris Kolotouros, Marios Levogiannis
Reverse engineering Emotet – Our approach to protect GRNET against the trojan
Emotet

2021-02-03 ⋅ Digital Shadows ⋅ Stefano De Blasi
Emotet Disruption: what it means for the cyber threat landscape
Emotet

2021-02-02 ⋅ CRONUP ⋅ Germán Fernández
De ataque con Malware a incidente de Ransomware
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader

2021-02-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot

2021-01-29 ⋅ Malwarebytes ⋅ Threat Intelligence Team
Cleaning up after Emotet: the law enforcement file
Emotet

2021-01-28 ⋅ NTT ⋅ Dan Saunders
Emotet disruption - Europol counterattack
Emotet

2021-01-28 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
Emotet Botnet Takedown
Emotet

2021-01-28 ⋅ Youtube (Virus Bulletin) ⋅ Benoît Ancel
The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction

2021-01-28 ⋅ Department of Homeland Security ⋅ Department of Justice
Emotet Botnet Disrupted in International Cyber Operation
Emotet

2021-01-28 ⋅ InfoSec Handlers Diary Blog ⋅ Daniel Wesemann
Emotet vs. Windows Attack Surface Reduction
Emotet

2021-01-27 ⋅ Team Cymru ⋅ James Shank
Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts
Emotet

2021-01-27 ⋅ KrebsOnSecurity ⋅ Brian Krebs
International Action Targets Emotet Crimeware
Emotet

2021-01-27 ⋅ Twitter (@milkr3am) ⋅ milkream
Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25
Emotet

2021-01-27 ⋅ Bundeskriminalamt ⋅ Bundeskriminalamt
Infrastruktur der Emotet-Schadsoftware zerschlagen
Emotet

2021-01-27 ⋅ Youtube (Національна поліція України) ⋅ Національна поліція України
Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET
Emotet

2021-01-27 ⋅ Intel 471 ⋅ Intel 471
Emotet takedown is not like the Trickbot takedown
Emotet

2021-01-27 ⋅ Eurojust ⋅ Eurojust
World’s most dangerous malware EMOTET disrupted through global action
Emotet

2021-01-19 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot

2021-01-14 ⋅ Netskope ⋅ Ghanashyam Satpathy, Dagmawi Mulugeta
You Can Run, But You Can’t Hide: Advanced Emotet Updates
Emotet

2021-01-13 ⋅ VinCSS ⋅ Tran Trung Kien, m4n0w4r
[RE019] From A to X analyzing some real cases which used recent Emotet samples
Emotet

2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot

2021-01-05 ⋅ r3mrum blog ⋅ R3MRUM
Manual analysis of new PowerSplit maldocs delivering Emotet
Emotet

2020-12-31 ⋅ Cert-AgID ⋅ Cert-AgID
Simplify Emotet parsing with Python and iced x86
Emotet

2020-12-30 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
Emotet malware hits Lithuania's National Public Health Center
Emotet

2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader

2020-12-10 ⋅ Youtube (OALabs) ⋅ Sergei Frankoff
Malware Triage Analyzing PrnLoader Used To Drop Emotet
Emotet

2020-12-04 ⋅ Kaspersky Labs ⋅ Oleg Kupreev
The chronicles of Emotet
Emotet

2020-11-26 ⋅ VirusTotal ⋅ Emiliano Martinez
Using similarity to expand context and map out threat campaigns
Emotet

2020-11-22 ⋅ Irshad's Blog ⋅ Irshad Muhammad
Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.
Emotet

2020-11-20 ⋅ ZDNet ⋅ Catalin Cimpanu
The malware that usually installs ransomware and you need to remove right away
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader

2020-11-18 ⋅ Cisco ⋅ Nick Biasini, Edmund Brumaghin, Jaeson Schultz
Back from vacation: Analyzing Emotet’s activity in 2020
Emotet

2020-11-06 ⋅ Security Soup Blog ⋅ Ryan Campbell
Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs
Emotet

2020-11-06 ⋅ LAC WATCH ⋅ Matsumoto, Takagen, Ishikawa
分析レポート：Emotetの裏で動くバンキングマルウェア「Zloader」に注意
Emotet Zloader

2020-11-05 ⋅ Brim Security ⋅ Oliver Rochford
Hunting Emotet with Brim and Zeek
Emotet

2020-10-29 ⋅ CERT-FR ⋅ CERT-FR
LE MALWARE-AS-A-SERVICE EMOTET
Dridex Emotet ISFB QakBot

2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Ruian Duan, Zhanhao Chen, Seokkyung Chung, Janos Szurdi, Jingwei Fan
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Emotet

2020-10-28 ⋅ Bitdefender ⋅ Ruben Andrei Condor
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware
sLoad Emotet Maze

2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ BSI
Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot

2020-10-19 ⋅ SPAM Auditor ⋅ Thomas
The Many Faces of Emotet
Emotet

2020-10-16 ⋅ Proofpoint ⋅ Cassandra A., Proofpoint Threat Research Team
Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet
Emotet

2020-10-12 ⋅ DeepInstinct ⋅ Ron Ben Yizhak
Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2
Emotet

2020-10-01 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Research Team
Emotet Makes Timely Adoption of Political and Elections Lures
Emotet

2020-09-29 ⋅ Seqrite ⋅ Prashant Tilekar
The return of the Emotet as the world unlocks!
Emotet

2020-09-29 ⋅ Microsoft ⋅ Microsoft
Microsoft Digital Defense Report
Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot

2020-09-29 ⋅ PWC UK ⋅ Andy Auld
What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker

2020-09-23 ⋅ paloalto Netoworks: Unit42 ⋅ Brad Duncan
Case Study: Emotet Thread Hijacking, an Email Attack Technique
Emotet

2020-09-11 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33

2020-09-07 ⋅ CERT NZ ⋅ CERT NZ
Emotet Malware being spread via email
Emotet

2020-09-07 ⋅ CERT-FR ⋅ CERT-FR
Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France
Emotet

2020-08-31 ⋅ Inde ⋅ Chris Campbell
Analysis of the latest wave of Emotet malicious documents
Emotet

2020-08-28 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Research Team
A Comprehensive Look at Emotet’s Summer 2020 Return
Emotet MUMMY SPIDER

2020-08-24 ⋅ Hornetsecurity ⋅ Security Lab
Emotet Update increases Downloads
Emotet

2020-08-14 ⋅ Binary Defense ⋅ James Quinn
EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense
Emotet

2020-08-12 ⋅ DeepInstinct ⋅ Ron Ben Yizhak
Why Emotet’s Latest Wave is Harder to Catch than Ever Before
Emotet

2020-08-09 ⋅ F5 Labs ⋅ Remi Cohen, Debbie Walkowski
Banking Trojans: A Reference Guide to the Malware Family Tree
BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus

2020-08-05 ⋅ Github (mauronz) ⋅ Francesco Muroni
Emotet API+string deobfuscator (v0.1)
Emotet

2020-08 ⋅ TG Soft ⋅ TG Soft
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB

2020-07-31 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
The webshells powering Emotet
Emotet

2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader

2020-07-29 ⋅ Sophos Labs ⋅ Andrew Brandt
Emotet’s return is the canary in the coal mine
Emotet

2020-07-28 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
Emotet malware now steals your email attachments to attack contacts
Emotet

2020-07-20 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
Emotet is back
Emotet

2020-07-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Emotet-TrickBot malware duo is back infecting Windows machines
Emotet TrickBot

2020-07-20 ⋅ NTT ⋅ Security division of NTT Ltd.
Shellbot victim overlap with Emotet network infrastructure
Emotet

2020-07-17 ⋅ CERT-FR ⋅ CERT-FR
The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus

2020-06-18 ⋅ NTT Security ⋅ Security division of NTT Ltd.
Behind the scenes of the Emotet Infrastructure
Emotet

2020-06-12 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
Probable Sandworm Infrastructure
Avaddon Emotet Kimsuky

2020-05-28 ⋅ VMWare Carbon Black ⋅ Tom Kellermann, Ryan Murphy
Modern Bank Heists 3.0
Emotet

2020-05-24 ⋅ Palo Alto Networks Unit 42 ⋅ Ajaya Neupane, Stefan Achleitner
Using AI to Detect Malicious C2 Traffic
Emotet Sality

2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE

2020-05-05 ⋅ Hornetsecurity ⋅ Security Lab
Awaiting the Inevitable Return of Emotet
Emotet

2020-04-22 ⋅ Youtube (Infosec Alpha) ⋅ Raashid Bhat
FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2
Emotet

2020-04-14 ⋅ Intel 471 ⋅ Intel 471
Understanding the relationship between Emotet, Ryuk and TrickBot
Emotet Ryuk TrickBot

2020-04-14 ⋅ Max Kersten
Emotet JavaScript downloader
Unidentified JS 003 (Emotet Downloader)

2020-04-03 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
Microsoft: Emotet Took Down a Network by Overheating All Computers
Emotet

2020-03-31 ⋅ Youtube (Infosec Alpha) ⋅ Raashid Bhat
Emotet Binary Deobfuscation | Coconut Paradise | Episode 1
Emotet

2020-03-30 ⋅ Intezer ⋅ Michael Kajiloti
Fantastic payloads and where we find them
Dridex Emotet ISFB TrickBot

2020-03-30 ⋅ Symantec ⋅ Nguyen Hoang Giang, Mingwei Zhang
Emotet: Dangerous Malware Keeps on Evolving
Emotet

2020-03-12 ⋅ Digital Shadows ⋅ Alex Guirakhoo
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation
Emotet

2020-03-11 ⋅ Twitter (@raashidbhatt) ⋅ Raashid Bhat
Tweet on Emotet Deobfuscation with Video
Emotet

2020-03-06 ⋅ Telekom ⋅ Thomas Barabosch
Dissecting Emotet - Part 2
Emotet

2020-03-06 ⋅ Binary Defense ⋅ James Quinn
Emotet Wi-Fi Spreader Upgraded
Emotet

2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER

2020-03-03 ⋅ PWC UK ⋅ PWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA

2020-03-02 ⋅ c't ⋅ Christian Wölbert
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
Emotet Ryuk

2020-02-29 ⋅ ZDNet ⋅ Catalin Cimpanu
Meet the white-hat group fighting Emotet, the world's most dangerous malware
Emotet

2020-02-18 ⋅ CERT.PL ⋅ Michał Praszmo
What’s up Emotet?
Emotet

2020-02-13 ⋅ Talos ⋅ Nick Biasini, Edmund Brumaghin
Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT

2020-02-10 ⋅ Malwarebytes ⋅ Adam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor

2020-02-08 ⋅ PICUS Security ⋅ Süleyman Özarslan
Emotet Technical Analysis - Part 2 PowerShell Unveiled
Emotet

2020-02-07 ⋅ Binary Defense ⋅ James Quinn
Emotet Evolves With New Wi-Fi Spreader
Emotet

2020-02-03 ⋅ Telekom ⋅ Thomas Barabosch
Dissecting Emotet – Part 1
Emotet

2020-01-30 ⋅ IBM X-Force Exchange ⋅ Ashkan Vila, Golo Mühr
Coronavirus Goes Cyber With Emotet
Emotet

2020-01-30 ⋅ PICUS Security ⋅ Süleyman Özarslan
Emotet Technical Analysis - Part 1 Reveal the Evil Code
Emotet

2020-01-27 ⋅ T-Systems ⋅ T-Systems
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht
Emotet TrickBot

2020-01-17 ⋅ Hiroaki Ogawa, Manabu Niseki
100 more behind cockroaches?
MoqHao Emotet Predator The Thief

2020-01-17 ⋅ JPCERT/CC ⋅ Takayoshi Shiigi
Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT

2020-01-14 ⋅ Bleeping Computer ⋅ Lawrence Abrams
United Nations Targeted With Emotet Malware Phishing Attack
Emotet

2020-01-13 ⋅ Gigamon ⋅ William Peteroy, Ed Miles
Emotet: Not your Run-of-the-mill Malware
Emotet

2020-01-10 ⋅ CSIS ⋅ CSIS
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot

2020-01-07 ⋅ Hatching.io ⋅ Team
Powershell Static Analysis & Emotet results
Emotet

2020 ⋅ Secureworks ⋅ SecureWorks
GOLD CRESTWOOD
Emotet MUMMY SPIDER

2019-12-12 ⋅ FireEye ⋅ Chi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech

2019-12-10 ⋅ JPCERT/CC ⋅ JPCERT/CC
[Updated] Alert Regarding Emotet Malware Infection
Emotet

2019-12-07 ⋅ Secureworks ⋅ Kevin O’Reilly, Keith Jarvis
End-to-end Botnet Monitoring... Botconf 2019
Emotet ISFB QakBot

2019-12-04 ⋅ JPCERT/CC ⋅ Ken Sajo
How to Respond to Emotet Infection (FAQ)
Emotet

2019-11-06 ⋅ Heise Security ⋅ Thomas Hungenberg
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot

2019-10-30 ⋅ Zscaler ⋅ Atinderpal Singh, Abhay Yadav
Emotet is back in action after a short break
Emotet

2019-10-14 ⋅ Marco Ramilli
Is Emotet gang targeting companies with external SOC?
Emotet

2019-09-24 ⋅ Dissecting Malware ⋅ Marius Genheimer
Return of the Mummy - Welcome back, Emotet
Emotet

2019-09-16 ⋅ Malwarebytes ⋅ Threat Intelligence Team
Emotet is back: botnet springs back to life with new spam campaign
Emotet

2019-08-13 ⋅ Adalogics ⋅ David Korczynski
The state of advanced code injections
Dridex Emotet Tinba

2019-08-12 ⋅ Schweizerische Eidgenossenschaft ⋅ Schweizerische Eidgenossenschaft
Trojaner Emotet greift Unternehmensnetzwerke an
Emotet

2019-06-06 ⋅ Fortinet ⋅ Kai Lu
A Deep Dive into the Emotet Malware
Emotet

2019-05-15 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Insight Team
Threat Actor Profile: TA542, From Banker to Malware Distribution Service
Emotet MUMMY SPIDER

2019-05-09 ⋅ GovCERT.ch ⋅ GovCERT.ch
Severe Ransomware Attacks Against Swiss SMEs
Emotet LockerGoga Ryuk TrickBot

2019-04-29 ⋅ Blueliv ⋅ Blueliv Labs Team
Where is Emotet? Latest geolocation data
Emotet

2019-04-25 ⋅ Trend Micro ⋅ Trendmicro
Emotet Adds New Evasion Technique
Emotet

2019-04-22 ⋅ int 0xcc blog ⋅ Raashid Bhat
Dissecting Emotet’s network communication protocol
Emotet

2019-04-12 ⋅ SpamTitan ⋅ titanadmin
Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
Emotet

2019-04-07 ⋅ Sveatoslav Persianov
Emotet malware analysis. Part 2
Emotet

2019-04 ⋅ Cafe Babe
Analyzing Emotet with Ghidra — Part 1
Emotet

2019-03-27 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Emotet adds a further layer of camouflage
Emotet

2019-03-17 ⋅ Persianov on Security ⋅ Sveatoslav Persianov
Emotet malware analysis. Part 1
Emotet

2019-03-15 ⋅ Cofense ⋅ Threat Intelligence
Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication
Emotet

2019-03-08 ⋅ The Daily Swig ⋅ James Walker
Emotet trojan implicated in Wolverine Solutions ransomware attack
Emotet

2019-02-16 ⋅ Max Kersten's Blog ⋅ Max Kersten
Emotet droppers
Emotet

2019-01-17 ⋅ SANS ISC InfoSec Forums ⋅ Brad Duncan
Emotet infections and follow-up malware
Emotet

2019-01-10 ⋅ CrowdStrike ⋅ Alexander Hanel
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER

2019-01-05 ⋅ Github (d00rt) ⋅ d00rt
Emotet Research
Emotet

2019 ⋅ D00RT_RM
Emutet
Emotet

2018-12-18 ⋅ Trend Micro ⋅ Trendmicro
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
Dridex Emotet FriedEx ISFB

2018-11-16 ⋅ Trend Micro ⋅ Trend Micro
Exploring Emotet: Examining Emotet’s Activities, Infrastructure
Emotet

2018-11-09 ⋅ ESET Research ⋅ ESET Research
Emotet launches major new spam campaign
Emotet

2018-10-31 ⋅ Kryptos Logic ⋅ Kryptos Logic
Emotet Awakens With New Campaign of Mass Email Exfiltration
Emotet

2018-09-12 ⋅ Cryptolaemus Pastedump ⋅ Cryptolaemus
Emotet IOC
Emotet

2018-08-01 ⋅ Kryptos Logic ⋅ Kryptos Logic
Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
Emotet

2018-07-26 ⋅ Intezer ⋅ Itai Tevet
Mitigating Emotet, The Most Common Banking Trojan
Emotet

2018-07-24 ⋅ Check Point ⋅ Ofer Caspi, Ben Herzog
Emotet: The Tricky Trojan that ‘Git Clones’
Emotet

2018-07-23 ⋅ MalFind ⋅ Lasq
Deobfuscating Emotet’s powershell payload
Emotet

2018-07-20 ⋅ NCCIC ⋅ National Cybersecurity, Communications Integration Center
Alert (TA18-201A) Emotet Malware
Emotet

2018-07-18 ⋅ Symantec ⋅ Security Response Attack Investigation Team
The Evolution of Emotet: From Banking Trojan to Threat Distributor
Emotet

2018-02-08 ⋅ CrowdStrike ⋅ Adam Meyers
Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER
Emotet MUMMY SPIDER

2018-01-12 ⋅ Proofpoint ⋅ Proofpoint Staff
Holiday lull? Not so much
Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER

2018 ⋅ Quick Heal ⋅ Quick Heal
The Complete story of EMOTET Most prominent Malware of 2018
Emotet

2017-11-15 ⋅ Trend Micro ⋅ Rubio Wu
New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
Emotet

2017-11-06 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet QakBot

2017-11-06 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet

2017-10-12 ⋅ G Data ⋅ G Data
Emotet beutet Outlook aus
Emotet

2017-10-06 ⋅ CERT.PL ⋅ Maciej Kotowicz, Jarosław Jedynak
Peering into spam botnets
Emotet Kelihos Necurs SendSafe Tofsee

2017-09-07 ⋅ Trend Micro ⋅ Don Ladores
EMOTET Returns, Starts Spreading via Spam Botnet
Emotet

2017-07-17 ⋅ Malwarebytes ⋅ Threat Intelligence Team
It’s baaaack: Public cyber enemy Emotet has returned
Emotet

2017-05-31 ⋅ ropgadget.com ⋅ Jeff White
Writing PCRE's for applied passive network defense [Emotet]
Emotet

2017-05-24 ⋅ CERT.PL ⋅ Paweł Srokosz
Analysis of Emotet v4
Emotet

2017-05-03 ⋅ Fortinet ⋅ Xiaopeng Zhang
Deep Analysis of New Emotet Variant - Part 1
Emotet

2015-04-09 ⋅ Kaspersky Labs ⋅ Alexey Shulmin
The Banking Trojan Emotet: Detailed Analysis
Emotet

2013-01-18 ⋅ abuse.ch ⋅ abuse.ch
Feodo Tracker
Emotet

Credits: MISP Project