MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malware shared code with the Bugat (aka Feodo) banking Trojan. However, MUMMY SPIDER swiftly developed the malware’s capabilities to include an RSA key exchange for command and control (C2) communication and a modular architecture.
MUMMY SPIDER does not follow typical criminal behavioral patterns. In particular, MUMMY SPIDER usually conducts attacks for a few months before ceasing operations for a period of between three and 12 months, before returning with a new variant or version.
After a 10 month hiatus, MUMMY SPIDER returned Emotet to operation in December 2016 but the latest variant is not deploying a banking Trojan module with web injects, it is currently acting as a ‘loader’ delivering other malware packages. The primary modules perform reconnaissance on victim machines, drop freeware tools for credential collection from web browsers and mail clients and a spam plugin for self-propagation. The malware is also issuing commands to download and execute other malware families such as the banking Trojans Dridex and Qakbot.
MUMMY SPIDER advertised Emotet on underground forums until 2015, at which time it became private. Therefore, it is highly likely that Emotet is operate
2023-08-03 ⋅ Kaspersky ⋅ Kaspersky @online{kaspersky:20230803:whats:0d716ed,
author = {Kaspersky},
title = {{What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot}},
date = {2023-08-03},
organization = {Kaspersky},
url = {https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/},
language = {English},
urldate = {2023-08-03}
}
What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot LokiBot DarkGate Emotet |
2023-07-06 ⋅ WeLiveSecurity ⋅ Jakub Kaloč @online{kalo:20230706:whats:72b3767,
author = {Jakub Kaloč},
title = {{What’s up with Emotet?}},
date = {2023-07-06},
organization = {WeLiveSecurity},
url = {https://www.welivesecurity.com/2023/07/06/whats-up-with-emotet/},
language = {English},
urldate = {2023-07-10}
}
What’s up with Emotet? Emotet |
2023-05-18 ⋅ Intezer ⋅ Ryan Robinson @online{robinson:20230518:how:3acd352,
author = {Ryan Robinson},
title = {{How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems}},
date = {2023-05-18},
organization = {Intezer},
url = {https://intezer.com/blog/research/how-hackers-use-binary-padding-to-outsmart-sandboxes/},
language = {English},
urldate = {2023-05-25}
}
How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems Emotet |
2023-04-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20230412:spamhaus:aa309d1,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q1 2023}},
date = {2023-04-12},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2023-04-18}
}
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
2023-04-10 ⋅ Check Point ⋅ Check Point @online{point:20230410:march:144c1ad,
author = {Check Point},
title = {{March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files}},
date = {2023-04-10},
organization = {Check Point},
url = {https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/},
language = {English},
urldate = {2023-04-12}
}
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
2023-03-30 ⋅ loginsoft ⋅ Saharsh Agrawal @online{agrawal:20230330:from:7b46ae0,
author = {Saharsh Agrawal},
title = {{From Innocence to Malice: The OneNote Malware Campaign Uncovered}},
date = {2023-03-30},
organization = {loginsoft},
url = {https://research.loginsoft.com/threat-research/from-innocence-to-malice-the-onenote-malware-campaign-uncovered/},
language = {English},
urldate = {2023-04-14}
}
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
2023-03-30 ⋅ United States District Court (Eastern District of New York) ⋅ Microsoft, Fortra, HEALTH-ISAC @techreport{microsoft:20230330:cracked:08c67c0,
author = {Microsoft and Fortra and HEALTH-ISAC},
title = {{Cracked Cobalt Strike (1:23-cv-02447)}},
date = {2023-03-30},
institution = {United States District Court (Eastern District of New York)},
url = {https://noticeofpleadings.com/crackedcobaltstrike/files/ComplaintAndSummons/1%20-Microsoft%20Cobalt%20Strike%20-%20Complaint(907040021.9).pdf},
language = {English},
urldate = {2023-04-28}
}
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
2023-03-22 ⋅ Cisco Talos ⋅ Edmund Brumaghin, Jaeson Schultz @online{brumaghin:20230322:emotet:fa8054c,
author = {Edmund Brumaghin and Jaeson Schultz},
title = {{Emotet Resumes Spam Operations, Switches to OneNote}},
date = {2023-03-22},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/emotet-switches-to-onenote/},
language = {English},
urldate = {2023-03-23}
}
Emotet Resumes Spam Operations, Switches to OneNote Emotet |
2023-03-13 ⋅ Trendmicro ⋅ Ian Kenefick @online{kenefick:20230313:emotet:7dc342d,
author = {Ian Kenefick},
title = {{Emotet Returns, Now Adopts Binary Padding for Evasion}},
date = {2023-03-13},
organization = {Trendmicro},
url = {https://www.trendmicro.com/en_no/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html},
language = {English},
urldate = {2023-03-14}
}
Emotet Returns, Now Adopts Binary Padding for Evasion Emotet |
2023-03-07 ⋅ BleepingComputer ⋅ Lawrence Abrams @online{abrams:20230307:emotet:734058c,
author = {Lawrence Abrams},
title = {{Emotet malware attacks return after three-month break}},
date = {2023-03-07},
organization = {BleepingComputer},
url = {https://www.bleepingcomputer.com/news/security/emotet-malware-attacks-return-after-three-month-break/},
language = {English},
urldate = {2023-03-13}
}
Emotet malware attacks return after three-month break Emotet |
2023-03-07 ⋅ Cofense ⋅ Cofense @online{cofense:20230307:emotet:daf5b46,
author = {Cofense},
title = {{Emotet Sending Malicious Emails After Three-Month Hiatus}},
date = {2023-03-07},
organization = {Cofense},
url = {https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/},
language = {English},
urldate = {2023-03-13}
}
Emotet Sending Malicious Emails After Three-Month Hiatus Emotet |
2023-02-26 ⋅ Medium Ilandu ⋅ Ilan Duhin, Yossi Poberezsky @online{duhin:20230226:emotet:b21451d,
author = {Ilan Duhin and Yossi Poberezsky},
title = {{Emotet Campaign}},
date = {2023-02-26},
organization = {Medium Ilandu},
url = {https://medium.com/@Ilandu/emotet-campaign-6f240f7a5ed5},
language = {English},
urldate = {2023-02-27}
}
Emotet Campaign Emotet |
2023-01-30 ⋅ Checkpoint ⋅ Arie Olshtein @online{olshtein:20230130:following:e442fcc,
author = {Arie Olshtein},
title = {{Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware}},
date = {2023-01-30},
organization = {Checkpoint},
url = {https://research.checkpoint.com/2023/following-the-scent-of-trickgate-6-year-old-packer-used-to-deploy-the-most-wanted-malware/},
language = {English},
urldate = {2023-01-31}
}
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot |
2023-01-26 ⋅ Acronis ⋅ Ilan Duhin @online{duhin:20230126:unpacking:8ff4776,
author = {Ilan Duhin},
title = {{Unpacking Emotet Malware}},
date = {2023-01-26},
organization = {Acronis},
url = {https://medium.com/@Ilandu/emotet-unpacking-35bbe2980cfb},
language = {English},
urldate = {2023-01-27}
}
Unpacking Emotet Malware Emotet |
2023-01-20 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team @online{team:20230120:emotet:3d5fe7f,
author = {BlackBerry Research & Intelligence Team},
title = {{Emotet Returns With New Methods of Evasion}},
date = {2023-01-20},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion},
language = {English},
urldate = {2023-01-25}
}
Emotet Returns With New Methods of Evasion Emotet IcedID |
2023-01-09 ⋅ Intrinsec ⋅ Intrinsec, CTI Intrinsec @online{intrinsec:20230109:emotet:202716f,
author = {Intrinsec and CTI Intrinsec},
title = {{Emotet returns and deploys loaders}},
date = {2023-01-09},
organization = {Intrinsec},
url = {https://www.intrinsec.com/emotet-returns-and-deploys-loaders/},
language = {English},
urldate = {2023-08-14}
}
Emotet returns and deploys loaders BumbleBee Emotet IcedID PHOTOLITE |
2022-12-19 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien @online{m4n0w4r:20221219:z2abimonthly:8edee72,
author = {m4n0w4r and Tran Trung Kien},
title = {{[Z2A]Bimonthly malware challege – Emotet (Back From the Dead)}},
date = {2022-12-19},
organization = {kienmanowar Blog},
url = {https://kienmanowar.wordpress.com/2022/12/19/z2abimonthly-malware-challege-emotet-back-from-the-dead/},
language = {English},
urldate = {2022-12-20}
}
[Z2A]Bimonthly malware challege – Emotet (Back From the Dead) Emotet |
2022-11-28 ⋅ The DFIR Report ⋅ The DFIR Report @online{report:20221128:emotet:53a5fed,
author = {The DFIR Report},
title = {{Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware}},
date = {2022-11-28},
organization = {The DFIR Report},
url = {https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/},
language = {English},
urldate = {2022-11-28}
}
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware Emotet Mount Locker |
2022-11-21 ⋅ BSides Sydney ⋅ Thomas Roccia @online{roccia:20221121:xray:da154d3,
author = {Thomas Roccia},
title = {{X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?}},
date = {2022-11-21},
organization = {BSides Sydney},
url = {https://speakerdeck.com/fr0gger/x-ray-of-malware-evasion-techniques-analysis-dissection-cure},
language = {English},
urldate = {2022-12-29}
}
X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure? Emotet |
2022-11-16 ⋅ Proofpoint ⋅ Pim Trouerbach, Axel F @online{trouerbach:20221116:comprehensive:8278b4e,
author = {Pim Trouerbach and Axel F},
title = {{A Comprehensive Look at Emotet Virus’ Fall 2022 Return}},
date = {2022-11-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return},
language = {English},
urldate = {2023-08-11}
}
A Comprehensive Look at Emotet Virus’ Fall 2022 Return BumbleBee Emotet PHOTOLITE |
2022-11-10 ⋅ Intezer ⋅ Nicole Fishbein @online{fishbein:20221110:how:6b334be,
author = {Nicole Fishbein},
title = {{How LNK Files Are Abused by Threat Actors}},
date = {2022-11-10},
organization = {Intezer},
url = {https://www.intezer.com/blog/malware-analysis/how-threat-actors-abuse-lnk-files/},
language = {English},
urldate = {2022-11-11}
}
How LNK Files Are Abused by Threat Actors BumbleBee Emotet Mount Locker QakBot |
2022-10-28 ⋅ Elastic ⋅ @rsprooten, Elastic Security Intelligence & Analytics Team @online{rsprooten:20221028:emotet:ffabd03,
author = {@rsprooten and Elastic Security Intelligence & Analytics Team},
title = {{EMOTET dynamic config extraction}},
date = {2022-10-28},
organization = {Elastic},
url = {https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction},
language = {English},
urldate = {2022-10-30}
}
EMOTET dynamic config extraction Emotet |
2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20221013:spamhaus:43e3190,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q3 2022}},
date = {2022-10-13},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2022%20Q3%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2022-12-29}
}
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-10-03 ⋅ vmware ⋅ Threat Analysis Unit @techreport{unit:20221003:emotet:94323dc,
author = {Threat Analysis Unit},
title = {{Emotet Exposed: A Look Inside the Cybercriminal Supply Chain}},
date = {2022-10-03},
institution = {vmware},
url = {https://www.vmware.com/content/dam/learn/en/amer/fy23/pdf/1669005_Emotet_Exposed_A_Look_Inside_the_Cybercriminal_Supply_Chain.pdf},
language = {English},
urldate = {2022-10-24}
}
Emotet Exposed: A Look Inside the Cybercriminal Supply Chain Emotet |
2022-09-13 ⋅ AdvIntel ⋅ Advanced Intelligence @online{intelligence:20220913:advintels:ea02331,
author = {Advanced Intelligence},
title = {{AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022}},
date = {2022-09-13},
organization = {AdvIntel},
url = {https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022},
language = {English},
urldate = {2022-09-19}
}
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
2022-09-12 ⋅ The DFIR Report ⋅ The DFIR Report @online{report:20220912:dead:a6b31c3,
author = {The DFIR Report},
title = {{Dead or Alive? An Emotet Story}},
date = {2022-09-12},
organization = {The DFIR Report},
url = {https://thedfirreport.com/2022/09/12/dead-or-alive-an-emotet-story/},
language = {English},
urldate = {2022-09-12}
}
Dead or Alive? An Emotet Story Cobalt Strike Emotet |
2022-08-23 ⋅ Darktrace ⋅ Eugene Chua, Paul Jennings, Hanah Darley @online{chua:20220823:emotet:8e4522c,
author = {Eugene Chua and Paul Jennings and Hanah Darley},
title = {{Emotet Resurgence: Cross-Industry Campaign Analysis}},
date = {2022-08-23},
organization = {Darktrace},
url = {https://de.darktrace.com/blog/emotet-resurgence-cross-industry-campaign-analysis},
language = {English},
urldate = {2022-08-30}
}
Emotet Resurgence: Cross-Industry Campaign Analysis Emotet |
2022-08-19 ⋅ vmware ⋅ Oleg Boyarchuk, Stefano Ortolani @online{boyarchuk:20220819:how:a43d0e2,
author = {Oleg Boyarchuk and Stefano Ortolani},
title = {{How to Replicate Emotet Lateral Movement}},
date = {2022-08-19},
organization = {vmware},
url = {https://blogs.vmware.com/security/2022/08/how-to-replicate-emotet-lateral-movement.html},
language = {English},
urldate = {2022-08-31}
}
How to Replicate Emotet Lateral Movement Emotet |
2022-08-10 ⋅ BitSight ⋅ João Batista @online{batista:20220810:emotet:2248a42,
author = {João Batista},
title = {{Emotet SMB Spreader is Back}},
date = {2022-08-10},
organization = {BitSight},
url = {https://www.bitsight.com/blog/emotet-smb-spreader-back},
language = {English},
urldate = {2022-08-11}
}
Emotet SMB Spreader is Back Emotet |
2022-07-17 ⋅ Resecurity ⋅ Resecurity @online{resecurity:20220717:shortcutbased:6cd77fb,
author = {Resecurity},
title = {{Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise}},
date = {2022-07-17},
organization = {Resecurity},
url = {https://resecurity.com/blog/article/shortcut-based-lnk-attacks-delivering-malicious-code-on-the-rise},
language = {English},
urldate = {2022-07-28}
}
Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise AsyncRAT BumbleBee Emotet IcedID QakBot |
2022-07-12 ⋅ Cyren ⋅ Kervin Alintanahin @online{alintanahin:20220712:example:ae62e81,
author = {Kervin Alintanahin},
title = {{Example Analysis of Multi-Component Malware}},
date = {2022-07-12},
organization = {Cyren},
url = {https://www.cyren.com/blog/articles/example-analysis-of-multi-component-malware},
language = {English},
urldate = {2022-07-18}
}
Example Analysis of Multi-Component Malware Emotet Formbook |
2022-07-07 ⋅ Fortinet ⋅ Erin Lin @online{lin:20220707:notable:71d2df3,
author = {Erin Lin},
title = {{Notable Droppers Emerge in Recent Threat Campaigns}},
date = {2022-07-07},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/notable-droppers-emerge-in-recent-threat-campaigns},
language = {English},
urldate = {2022-07-15}
}
Notable Droppers Emerge in Recent Threat Campaigns BumbleBee Emotet PhotoLoader QakBot |
2022-07-07 ⋅ SANS ISC ⋅ Brad Duncan @online{duncan:20220707:emotet:3732ca7,
author = {Brad Duncan},
title = {{Emotet infection with Cobalt Strike}},
date = {2022-07-07},
organization = {SANS ISC},
url = {https://isc.sans.edu/forums/diary/Emotet%20infection%20with%20Cobalt%20Strike/28824/},
language = {English},
urldate = {2022-07-12}
}
Emotet infection with Cobalt Strike Cobalt Strike Emotet |
2022-06-27 ⋅ Netskope ⋅ Gustavo Palazolo @online{palazolo:20220627:emotet:e01f0fb,
author = {Gustavo Palazolo},
title = {{Emotet: Still Abusing Microsoft Office Macros}},
date = {2022-06-27},
organization = {Netskope},
url = {https://www.netskope.com/blog/emotet-still-abusing-microsoft-office-macros},
language = {English},
urldate = {2022-06-30}
}
Emotet: Still Abusing Microsoft Office Macros Emotet |
2022-06-21 ⋅ McAfee ⋅ Lakshya Mathur @online{mathur:20220621:rise:71e04f0,
author = {Lakshya Mathur},
title = {{Rise of LNK (Shortcut files) Malware}},
date = {2022-06-21},
organization = {McAfee},
url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-of-lnk-shortcut-files-malware/},
language = {English},
urldate = {2022-07-05}
}
Rise of LNK (Shortcut files) Malware BazarBackdoor Emotet IcedID QakBot |
2022-06-16 ⋅ ESET Research ⋅ Rene Holt @online{holt:20220616:how:d3225fc,
author = {Rene Holt},
title = {{How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security}},
date = {2022-06-16},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2022/06/16/how-emotet-is-changing-tactics-microsoft-tightening-office-macro-security/},
language = {English},
urldate = {2022-06-17}
}
How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security Emotet |
2022-06-02 ⋅ Mandiant ⋅ Mandiant @online{mandiant:20220602:trending:0bcdbc4,
author = {Mandiant},
title = {{TRENDING EVIL Q2 2022}},
date = {2022-06-02},
organization = {Mandiant},
url = {https://experience.mandiant.com/trending-evil-2/p/1},
language = {English},
urldate = {2022-06-07}
}
TRENDING EVIL Q2 2022 CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot |
2022-05-27 ⋅ Kroll ⋅ Cole Manaster, George Glass, Elio Biasiotto @online{manaster:20220527:emotet:77000c1,
author = {Cole Manaster and George Glass and Elio Biasiotto},
title = {{Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20}},
date = {2022-05-27},
organization = {Kroll},
url = {https://www.kroll.com/en/insights/publications/cyber/monitor/emotet-analysis-new-lnk-in-the-infection-chain},
language = {English},
urldate = {2022-05-31}
}
Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20 Emotet |
2022-05-25 ⋅ vmware ⋅ Oleg Boyarchuk, Stefano Ortolani @online{boyarchuk:20220525:emotet:ada82ac,
author = {Oleg Boyarchuk and Stefano Ortolani},
title = {{Emotet Config Redux}},
date = {2022-05-25},
organization = {vmware},
url = {https://blogs.vmware.com/security/2022/05/emotet-config-redux.html},
language = {English},
urldate = {2022-05-29}
}
Emotet Config Redux Emotet |
2022-05-24 ⋅ Deep instinct ⋅ Bar Block @online{block:20220524:blame:9f45829,
author = {Bar Block},
title = {{Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them}},
date = {2022-05-24},
organization = {Deep instinct},
url = {https://www.deepinstinct.com/blog/types-of-dropper-malware-in-microsoft-office},
language = {English},
urldate = {2022-05-29}
}
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them Dridex Emotet |
2022-05-24 ⋅ BitSight ⋅ João Batista, Pedro Umbelino, BitSight @online{batista:20220524:emotet:cae57f1,
author = {João Batista and Pedro Umbelino and BitSight},
title = {{Emotet Botnet Rises Again}},
date = {2022-05-24},
organization = {BitSight},
url = {https://www.bitsight.com/blog/emotet-botnet-rises-again},
language = {English},
urldate = {2022-05-25}
}
Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
2022-05-19 ⋅ Trend Micro ⋅ Adolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray @online{silverio:20220519:bruised:f5c6775,
author = {Adolph Christian Silverio and Jeric Miguel Abordo and Khristian Joseph Morales and Maria Emreen Viray},
title = {{Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware}},
date = {2022-05-19},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/22/e/bruised-but-not-broken--the-resurgence-of-the-emotet-botnet-malw.html},
language = {English},
urldate = {2022-05-25}
}
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware Emotet QakBot |
2022-05-17 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan @online{duncan:20220517:emotet:5f61714,
author = {Brad Duncan},
title = {{Emotet Summary: November 2021 Through January 2022}},
date = {2022-05-17},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/},
language = {English},
urldate = {2022-05-29}
}
Emotet Summary: November 2021 Through January 2022 Emotet |
2022-05-16 ⋅ vmware ⋅ Oleg Boyarchuk, Stefano Ortolani, Jason Zhang, Threat Analysis Unit @online{boyarchuk:20220516:emotet:6392ff3,
author = {Oleg Boyarchuk and Stefano Ortolani and Jason Zhang and Threat Analysis Unit},
title = {{Emotet Moves to 64 bit and Updates its Loader}},
date = {2022-05-16},
organization = {vmware},
url = {https://blogs.vmware.com/security/2022/05/emotet-moves-to-64-bit-and-updates-its-loader.html},
language = {English},
urldate = {2022-05-17}
}
Emotet Moves to 64 bit and Updates its Loader Emotet |
2022-05-11 ⋅ IronNet ⋅ Blake Cahen, IronNet Threat Research @online{cahen:20220511:detecting:c61fd63,
author = {Blake Cahen and IronNet Threat Research},
title = {{Detecting a MUMMY SPIDER campaign and Emotet infection}},
date = {2022-05-11},
organization = {IronNet},
url = {https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection},
language = {English},
urldate = {2022-05-17}
}
Detecting a MUMMY SPIDER campaign and Emotet infection Emotet |
2022-05-11 ⋅ HP ⋅ HP Wolf Security @techreport{security:20220511:threat:bd460f0,
author = {HP Wolf Security},
title = {{Threat Insights Report Q1 - 2022}},
date = {2022-05-11},
institution = {HP},
url = {https://threatresearch.ext.hp.com/wp-content/uploads/2022/05/HP-Wolf-Security-Threat-Insights-Report-Q1-2022.pdf},
language = {English},
urldate = {2022-05-13}
}
Threat Insights Report Q1 - 2022 AsyncRAT Emotet Mekotio Vjw0rm |
2022-05-09 ⋅ Netresec ⋅ Erik Hjelmvik @online{hjelmvik:20220509:emotet:ce90938,
author = {Erik Hjelmvik},
title = {{Emotet C2 and Spam Traffic Video}},
date = {2022-05-09},
organization = {Netresec},
url = {https://www.netresec.com/?page=Blog&month=2022-05&post=Emotet-C2-and-Spam-Traffic-Video},
language = {English},
urldate = {2022-05-09}
}
Emotet C2 and Spam Traffic Video Emotet |
2022-05-09 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC) @online{team:20220509:ransomwareasaservice:13ec472,
author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)},
title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}},
date = {2022-05-09},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself},
language = {English},
urldate = {2022-05-17}
}
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
2022-05-06 ⋅ Netskope ⋅ Gustavo Palazolo @online{palazolo:20220506:emotet:44a2595,
author = {Gustavo Palazolo},
title = {{Emotet: New Delivery Mechanism to Bypass VBA Protection}},
date = {2022-05-06},
organization = {Netskope},
url = {https://www.netskope.com/blog/emotet-new-delivery-mechanism-to-bypass-vba-protection},
language = {English},
urldate = {2022-05-09}
}
Emotet: New Delivery Mechanism to Bypass VBA Protection Emotet |
2022-05-04 ⋅ Sophos ⋅ Andreas Klopsch @online{klopsch:20220504:attacking:750e07f,
author = {Andreas Klopsch},
title = {{Attacking Emotet’s Control Flow Flattening}},
date = {2022-05-04},
organization = {Sophos},
url = {https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening/},
language = {English},
urldate = {2022-05-05}
}
Attacking Emotet’s Control Flow Flattening Emotet |
2022-04-28 ⋅ Symantec ⋅ Karthikeyan C Kasiviswanathan, Vishal Kamble @online{kasiviswanathan:20220428:ransomware:95feafb,
author = {Karthikeyan C Kasiviswanathan and Vishal Kamble},
title = {{Ransomware: How Attackers are Breaching Corporate Networks}},
date = {2022-04-28},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-hive-conti-avoslocker},
language = {English},
urldate = {2022-05-04}
}
Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
2022-04-27 ⋅ Cybleinc ⋅ Cyble @online{cyble:20220427:emotet:a8c919a,
author = {Cyble},
title = {{Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims}},
date = {2022-04-27},
organization = {Cybleinc},
url = {https://blog.cyble.com/2022/04/27/emotet-returns-with-new-ttps-and-delivers-lnk-files-to-its-victims/},
language = {English},
urldate = {2022-05-04}
}
Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims Emotet |
2022-04-26 ⋅ Proofpoint ⋅ Axel F @online{f:20220426:emotet:afb4f87,
author = {Axel F},
title = {{Emotet Tests New Delivery Techniques}},
date = {2022-04-26},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques},
language = {English},
urldate = {2022-04-29}
}
Emotet Tests New Delivery Techniques Emotet |
2022-04-26 ⋅ Intel 471 ⋅ Intel 471 @online{471:20220426:conti:6bcff7d,
author = {Intel 471},
title = {{Conti and Emotet: A constantly destructive duo}},
date = {2022-04-26},
organization = {Intel 471},
url = {https://intel471.com/blog/conti-emotet-ransomware-conti-leaks},
language = {English},
urldate = {2022-04-29}
}
Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
2022-04-26 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20220426:emotet:d0b6f50,
author = {Ionut Ilascu},
title = {{Emotet malware now installs via PowerShell in Windows shortcut files}},
date = {2022-04-26},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-malware-now-installs-via-powershell-in-windows-shortcut-files/},
language = {English},
urldate = {2022-04-29}
}
Emotet malware now installs via PowerShell in Windows shortcut files Emotet |
2022-04-24 ⋅ forensicitguy ⋅ Tony Lambert @online{lambert:20220424:shortcut:b1a00dd,
author = {Tony Lambert},
title = {{Shortcut to Emotet, an odd TTP change}},
date = {2022-04-24},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/shortcut-to-emotet-ttp-change/},
language = {English},
urldate = {2022-04-25}
}
Shortcut to Emotet, an odd TTP change Emotet |
2022-04-20 ⋅ CISA ⋅ CISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA) @techreport{cisa:20220420:aa22110a:4fde5d6,
author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)},
title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}},
date = {2022-04-20},
institution = {CISA},
url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf},
language = {English},
urldate = {2022-04-25}
}
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
2022-04-20 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20220420:malware:b20963e,
author = {cocomelonc},
title = {{Malware development: persistence - part 1. Registry run keys. C++ example.}},
date = {2022-04-20},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html},
language = {English},
urldate = {2022-12-01}
}
Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
2022-04-20 ⋅ CISA ⋅ CISA @online{cisa:20220420:alert:529e28c,
author = {CISA},
title = {{Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}},
date = {2022-04-20},
organization = {CISA},
url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-110a},
language = {English},
urldate = {2022-04-25}
}
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
2022-04-19 ⋅ Twitter (@Cryptolaemus1) ⋅ Cryptolaemus @online{cryptolaemus:20220419:emotet:c68608b,
author = {Cryptolaemus},
title = {{#Emotet Update: 64 bit upgrade of Epoch 5}},
date = {2022-04-19},
organization = {Twitter (@Cryptolaemus1)},
url = {https://twitter.com/Cryptolaemus1/status/1516535343281025032},
language = {English},
urldate = {2022-04-20}
}
#Emotet Update: 64 bit upgrade of Epoch 5 Emotet |
2022-04-19 ⋅ Bleeping Computer ⋅ Bill Toulas @online{toulas:20220419:emotet:a7e392d,
author = {Bill Toulas},
title = {{Emotet botnet switches to 64-bit modules, increases activity}},
date = {2022-04-19},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/},
language = {English},
urldate = {2022-04-20}
}
Emotet botnet switches to 64-bit modules, increases activity Emotet |
2022-04-18 ⋅ Fortinet ⋅ Erin Lin @online{lin:20220418:trends:fab9950,
author = {Erin Lin},
title = {{Trends in the Recent Emotet Maldoc Outbreak}},
date = {2022-04-18},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/Trends-in-the-recent-emotet-maldoc-outbreak},
language = {English},
urldate = {2022-04-20}
}
Trends in the Recent Emotet Maldoc Outbreak Emotet |
2022-04-17 ⋅ BushidoToken Blog ⋅ BushidoToken @online{bushidotoken:20220417:lessons:d4d0595,
author = {BushidoToken},
title = {{Lessons from the Conti Leaks}},
date = {2022-04-17},
organization = {BushidoToken Blog},
url = {https://blog.bushidotoken.net/2022/04/lessons-from-conti-leaks.html},
language = {English},
urldate = {2022-04-25}
}
Lessons from the Conti Leaks BazarBackdoor Conti Emotet IcedID Ryuk TrickBot |
2022-04-13 ⋅ Kaspersky ⋅ AMR @online{amr:20220413:emotet:113c0db,
author = {AMR},
title = {{Emotet modules and recent attacks}},
date = {2022-04-13},
organization = {Kaspersky},
url = {https://securelist.com/emotet-modules-and-recent-attacks/106290/},
language = {English},
urldate = {2022-04-15}
}
Emotet modules and recent attacks Emotet |
2022-04-12 ⋅ AhnLab ⋅ ASEC Analysis Team @online{team:20220412:systembc:7bdd20c,
author = {ASEC Analysis Team},
title = {{SystemBC Being Used by Various Attackers}},
date = {2022-04-12},
organization = {AhnLab},
url = {https://asec.ahnlab.com/en/33600/},
language = {English},
urldate = {2022-04-15}
}
SystemBC Being Used by Various Attackers Emotet SmokeLoader SystemBC |
2022-04-12 ⋅ Check Point ⋅ Check Point Research @online{research:20220412:march:2c56dc6,
author = {Check Point Research},
title = {{March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance}},
date = {2022-04-12},
organization = {Check Point},
url = {https://www.checkpoint.com/press/2022/march-2022s-most-wanted-malware-easter-phishing-scams-help-emotet-assert-its-dominance/},
language = {English},
urldate = {2022-04-20}
}
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance Alien FluBot Agent Tesla Emotet |
2022-04-08 ⋅ ReversingLabs ⋅ Paul Roberts @online{roberts:20220408:conversinglabs:270c740,
author = {Paul Roberts},
title = {{ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles}},
date = {2022-04-08},
organization = {ReversingLabs},
url = {https://blog.reversinglabs.com/blog/conversinglabs-ep-2-conti-pivots-as-ransomware-as-a-service-struggles},
language = {English},
urldate = {2022-06-09}
}
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles Conti Emotet TrickBot |
2022-04-02 ⋅ Github (pl-v) ⋅ Player-V @online{playerv:20220402:emotet:712f2ab,
author = {Player-V},
title = {{Emotet Analysis Part 1: Unpacking}},
date = {2022-04-02},
organization = {Github (pl-v)},
url = {https://pl-v.github.io/plv/posts/Emotet-unpacking/},
language = {English},
urldate = {2022-04-08}
}
Emotet Analysis Part 1: Unpacking Emotet |
2022-03-30 ⋅ Prevailion ⋅ Prevailion @online{prevailion:20220330:wizard:6eb38a7,
author = {Prevailion},
title = {{Wizard Spider continues to confound}},
date = {2022-03-30},
organization = {Prevailion},
url = {https://blog.prevailion.com/wizard-spider-continues-to-confound-4298370f6903},
language = {English},
urldate = {2022-03-31}
}
Wizard Spider continues to confound BazarBackdoor Cobalt Strike Emotet |
2022-03-29 ⋅ vmware ⋅ Oleg Boyarchuk, Jason Zhang, Threat Analysis Unit @online{boyarchuk:20220329:emotet:18b143b,
author = {Oleg Boyarchuk and Jason Zhang and Threat Analysis Unit},
title = {{Emotet C2 Configuration Extraction and Analysis}},
date = {2022-03-29},
organization = {vmware},
url = {https://blogs.vmware.com/security/2022/03/emotet-c2-configuration-extraction-and-analysis.html},
language = {English},
urldate = {2022-04-04}
}
Emotet C2 Configuration Extraction and Analysis Emotet |
2022-03-28 ⋅ Cisco ⋅ María José Erquiaga, Onur Erdogan, Adela Jezkova @online{erquiaga:20220328:emotet:d36774a,
author = {María José Erquiaga and Onur Erdogan and Adela Jezkova},
title = {{Emotet is Back}},
date = {2022-03-28},
organization = {Cisco},
url = {https://blogs.cisco.com/security/emotet-is-back},
language = {English},
urldate = {2022-03-30}
}
Emotet is Back Emotet |
2022-03-23 ⋅ Fortinet ⋅ Shunichi Imano, Val Saengphaibul @online{imano:20220323:bad:06c3501,
author = {Shunichi Imano and Val Saengphaibul},
title = {{Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams}},
date = {2022-03-23},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/bad-actors-capitalize-current-events-email-scams},
language = {English},
urldate = {2022-03-25}
}
Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams Emotet |
2022-03-23 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam @online{researchteam:20220323:gold:0f3da90,
author = {Counter Threat Unit ResearchTeam},
title = {{GOLD ULRICK Leaks Reveal Organizational Structure and Relationships}},
date = {2022-03-23},
organization = {Secureworks},
url = {https://www.secureworks.com/blog/gold-ulrick-leaks-reveal-organizational-structure-and-relationships},
language = {English},
urldate = {2022-03-25}
}
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships Conti Emotet IcedID TrickBot |
2022-03-23 ⋅ NVISO Labs ⋅ Bart Parys @online{parys:20220323:hunting:1610697,
author = {Bart Parys},
title = {{Hunting Emotet campaigns with Kusto}},
date = {2022-03-23},
organization = {NVISO Labs},
url = {https://blog.nviso.eu/2022/03/23/hunting-emotet-campaigns-with-kusto/},
language = {English},
urldate = {2022-03-24}
}
Hunting Emotet campaigns with Kusto Emotet |
2022-03-23 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam @online{researchteam:20220323:threat:84ad46c,
author = {Counter Threat Unit ResearchTeam},
title = {{Threat Intelligence Executive Report Volume 2022, Number 2}},
date = {2022-03-23},
organization = {Secureworks},
url = {https://content.secureworks.com/-/media/Files/US/Reports/Monthly%20Threat%20Intelligence/Secureworks_ECO1_ThreatIntelligenceExecutiveReport2022Vol2.ashx},
language = {English},
urldate = {2022-03-25}
}
Threat Intelligence Executive Report Volume 2022, Number 2 Conti Emotet IcedID TrickBot |
2022-03-23 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20220323:ms:946096e,
author = {Xiaopeng Zhang},
title = {{MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II}},
date = {2022-03-23},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/ms-office-files-involved-again-in-recent-emotet-trojan-campaign-part-ii},
language = {English},
urldate = {2022-03-25}
}
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II Emotet |
2022-03-21 ⋅ Info Security ⋅ Vinugayathri Chinnasamy @online{chinnasamy:20220321:emotet:2d27f06,
author = {Vinugayathri Chinnasamy},
title = {{Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware}},
date = {2022-03-21},
organization = {Info Security},
url = {https://www.infosecurity-magazine.com/blogs/a-rundown-of-the-emotet-malware/},
language = {English},
urldate = {2022-03-22}
}
Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware Emotet |
2022-03-16 ⋅ Symantec ⋅ Symantec Threat Hunter Team @techreport{team:20220316:ransomware:1c2a72a,
author = {Symantec Threat Hunter Team},
title = {{The Ransomware Threat Landscape: What to Expect in 2022}},
date = {2022-03-16},
institution = {Symantec},
url = {https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf},
language = {English},
urldate = {2022-03-22}
}
The Ransomware Threat Landscape: What to Expect in 2022 AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin |
2022-03-16 ⋅ Dragos ⋅ Josh Hanrahan @online{hanrahan:20220316:suspected:325fc01,
author = {Josh Hanrahan},
title = {{Suspected Conti Ransomware Activity in the Auto Manufacturing Sector}},
date = {2022-03-16},
organization = {Dragos},
url = {https://www.dragos.com/blog/industry-news/suspected-conti-ransomware-activity-in-the-auto-manufacturing-sector/},
language = {English},
urldate = {2022-03-17}
}
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector Conti Emotet |
2022-03-08 ⋅ Lumen ⋅ Black Lotus Labs @online{labs:20220308:what:c99735b,
author = {Black Lotus Labs},
title = {{What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets}},
date = {2022-03-08},
organization = {Lumen},
url = {https://blog.lumen.com/emotet-redux/},
language = {English},
urldate = {2022-03-10}
}
What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets Emotet |
2022-03-07 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20220307:ms:b388372,
author = {Xiaopeng Zhang},
title = {{MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I}},
date = {2022-03-07},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/ms-office-files-involved-in-emotet-trojan-campaign-pt-one},
language = {English},
urldate = {2022-03-08}
}
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I Emotet |
2022-03-03 ⋅ Trend Micro ⋅ Trend Micro Research @online{research:20220303:cyberattacks:d961eb0,
author = {Trend Micro Research},
title = {{Cyberattacks are Prominent in the Russia-Ukraine Conflict}},
date = {2022-03-03},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/22/c/cyberattacks-are-prominent-in-the-russia-ukraine-conflict.html},
language = {English},
urldate = {2022-03-04}
}
Cyberattacks are Prominent in the Russia-Ukraine Conflict BazarBackdoor Cobalt Strike Conti Emotet WhisperGate |
2022-03-02 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20220302:conti:03b0358,
author = {Brian Krebs},
title = {{Conti Ransomware Group Diaries, Part II: The Office}},
date = {2022-03-02},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/},
language = {English},
urldate = {2022-03-07}
}
Conti Ransomware Group Diaries, Part II: The Office Conti Emotet Ryuk TrickBot |
2022-03-01 ⋅ Twitter (@ContiLeaks) ⋅ ContiLeaks @online{contileaks:20220301:emotet:b68be9c,
author = {ContiLeaks},
title = {{Tweet on Emotet final server scheme}},
date = {2022-03-01},
organization = {Twitter (@ContiLeaks)},
url = {https://twitter.com/ContiLeaks/status/1498614197202079745},
language = {English},
urldate = {2022-03-02}
}
Tweet on Emotet final server scheme Emotet |
2022-02-25 ⋅ CyberScoop ⋅ Joe Warminsky @online{warminsky:20220225:trickbot:2d38470,
author = {Joe Warminsky},
title = {{TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators}},
date = {2022-02-25},
organization = {CyberScoop},
url = {https://www.cyberscoop.com/trickbot-shutdown-conti-emotet/},
language = {English},
urldate = {2022-03-01}
}
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators BazarBackdoor Emotet TrickBot |
2022-02-24 ⋅ The Hacker News ⋅ Ravie Lakshmanan @online{lakshmanan:20220224:notorious:c5e1556,
author = {Ravie Lakshmanan},
title = {{Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure}},
date = {2022-02-24},
organization = {The Hacker News},
url = {https://thehackernews.com/2022/02/notorious-trickbot-malware-gang-shuts.html},
language = {English},
urldate = {2022-03-04}
}
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure BazarBackdoor Emotet TrickBot |
2022-02-24 ⋅ Cynet ⋅ Max Malyutin @online{malyutin:20220224:new:014251e,
author = {Max Malyutin},
title = {{New Wave of Emotet – When Project X Turns Into Y}},
date = {2022-02-24},
organization = {Cynet},
url = {https://www.cynet.com/attack-techniques-hands-on/new-wave-of-emotet-when-project-x-turns-into-y/},
language = {English},
urldate = {2022-05-04}
}
New Wave of Emotet – When Project X Turns Into Y Cobalt Strike Emotet |
2022-02-24 ⋅ The Hacker News ⋅ Ravie Lakshmanan @online{lakshmanan:20220224:trickbot:7e86d52,
author = {Ravie Lakshmanan},
title = {{TrickBot Gang Likely Shifting Operations to Switch to New Malware}},
date = {2022-02-24},
organization = {The Hacker News},
url = {https://thehackernews.com/2022/02/trickbot-gang-likely-shifting.html},
language = {English},
urldate = {2022-03-01}
}
TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
2022-02-23 ⋅ cyber.wtf blog ⋅ Luca Ebach @online{ebach:20220223:what:0a4496e,
author = {Luca Ebach},
title = {{What the Pack(er)?}},
date = {2022-02-23},
organization = {cyber.wtf blog},
url = {https://cyber.wtf/2022/03/23/what-the-packer/},
language = {English},
urldate = {2022-03-25}
}
What the Pack(er)? Cobalt Strike Emotet |
2022-02-16 ⋅ Threat Post ⋅ Elizabeth Montalbano @online{montalbano:20220216:emotet:a1297ac,
author = {Elizabeth Montalbano},
title = {{Emotet Now Spreading Through Malicious Excel Files}},
date = {2022-02-16},
organization = {Threat Post},
url = {https://threatpost.com/emotet-spreading-malicious-excel-files/178444/},
language = {English},
urldate = {2022-02-18}
}
Emotet Now Spreading Through Malicious Excel Files Emotet |
2022-02-16 ⋅ Security Onion ⋅ Doug Burks @online{burks:20220216:quick:e515983,
author = {Doug Burks},
title = {{Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08}},
date = {2022-02-16},
organization = {Security Onion},
url = {https://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html},
language = {English},
urldate = {2022-02-17}
}
Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08 Cobalt Strike Emotet |
2022-02-15 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU) @online{tru:20220215:increase:a4de9ce,
author = {eSentire Threat Response Unit (TRU)},
title = {{Increase in Emotet Activity and Cobalt Strike Deployment}},
date = {2022-02-15},
organization = {eSentire},
url = {https://www.esentire.com/blog/increase-in-emotet-activity-and-cobalt-strike-deployment},
language = {English},
urldate = {2022-05-23}
}
Increase in Emotet Activity and Cobalt Strike Deployment Cobalt Strike Emotet |
2022-02-15 ⋅ Palo Alto Networks Unit 42 ⋅ Saqib Khanzada, Tyler Halfpop, Micah Yates, Brad Duncan @online{khanzada:20220215:new:822e8f9,
author = {Saqib Khanzada and Tyler Halfpop and Micah Yates and Brad Duncan},
title = {{New Emotet Infection Method}},
date = {2022-02-15},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/new-emotet-infection-method/},
language = {English},
urldate = {2022-02-17}
}
New Emotet Infection Method Emotet |
2022-02-13 ⋅ NetbyteSEC ⋅ Taqi, Rosamira, Fareed @online{taqi:20220213:technical:50aa099,
author = {Taqi and Rosamira and Fareed},
title = {{Technical Malware Analysis: The Return of Emotet}},
date = {2022-02-13},
organization = {NetbyteSEC},
url = {https://notes.netbytesec.com/2022/02/technical-malware-analysis-return-of.html},
language = {English},
urldate = {2022-02-14}
}
Technical Malware Analysis: The Return of Emotet Emotet |
2022-02-10 ⋅ Cybereason ⋅ Cybereason Global SOC Team @online{team:20220210:threat:320574f,
author = {Cybereason Global SOC Team},
title = {{Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot}},
date = {2022-02-10},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot},
language = {English},
urldate = {2022-02-10}
}
Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot Cobalt Strike Emotet IcedID QakBot |
2022-02-07 ⋅ vmware ⋅ Jason Zhang, Threat Analysis Unit @online{zhang:20220207:emotet:e89deeb,
author = {Jason Zhang and Threat Analysis Unit},
title = {{Emotet Is Not Dead (Yet) – Part 2}},
date = {2022-02-07},
organization = {vmware},
url = {https://blogs.vmware.com/networkvirtualization/2022/02/emotet-is-not-dead-yet-part-2.html/},
language = {English},
urldate = {2022-02-10}
}
Emotet Is Not Dead (Yet) – Part 2 Emotet |
2022-02-02 ⋅ VMRay ⋅ VMRay Labs Team, Mateusz Lukaszewski @online{team:20220202:malware:0eef3c2,
author = {VMRay Labs Team and Mateusz Lukaszewski},
title = {{Malware Analysis Spotlight: Emotet’s Use of Cryptography}},
date = {2022-02-02},
organization = {VMRay},
url = {https://www.vmray.com/cyber-security-blog/malware-analysis-spotlight-emotets-use-of-cryptography/},
language = {English},
urldate = {2022-02-09}
}
Malware Analysis Spotlight: Emotet’s Use of Cryptography Emotet |
2022-01-27 ⋅ Threat Lab Indonesia ⋅ Threat Lab Indonesia @online{indonesia:20220127:malware:8bcfff1,
author = {Threat Lab Indonesia},
title = {{Malware Analysis Emotet Infection}},
date = {2022-01-27},
organization = {Threat Lab Indonesia},
url = {https://blog.threatlab.info/malware-analysis-emotet-infection/},
language = {Indonesian},
urldate = {2022-02-02}
}
Malware Analysis Emotet Infection Emotet |
2022-01-25 ⋅ SANS ISC ⋅ Brad Duncan @online{duncan:20220125:emotet:9c62525,
author = {Brad Duncan},
title = {{Emotet Stops Using 0.0.0.0 in Spambot Traffic}},
date = {2022-01-25},
organization = {SANS ISC},
url = {https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/},
language = {English},
urldate = {2022-02-01}
}
Emotet Stops Using 0.0.0.0 in Spambot Traffic Emotet |
2022-01-23 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien @online{m4n0w4r:20220123:quicknote:852995b,
author = {m4n0w4r and Tran Trung Kien},
title = {{[QuickNote] Emotet epoch4 & epoch5 tactics}},
date = {2022-01-23},
organization = {kienmanowar Blog},
url = {https://kienmanowar.wordpress.com/2022/01/23/quicknote-emotet-epoch4-epoch5-tactics/},
language = {English},
urldate = {2022-01-25}
}
[QuickNote] Emotet epoch4 & epoch5 tactics Emotet |
2022-01-22 ⋅ Atomic Matryoshka ⋅ z3r0day_504 @online{z3r0day504:20220122:malware:1ec08ef,
author = {z3r0day_504},
title = {{Malware Headliners: Emotet}},
date = {2022-01-22},
organization = {Atomic Matryoshka},
url = {https://www.atomicmatryoshka.com/post/malware-headliners-emotet},
language = {English},
urldate = {2022-02-01}
}
Malware Headliners: Emotet Emotet |
2022-01-21 ⋅ Trend Micro ⋅ Ian Kenefick @online{kenefick:20220121:emotet:daddaf1,
author = {Ian Kenefick},
title = {{Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware}},
date = {2022-01-21},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html},
language = {English},
urldate = {2022-01-25}
}
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware Emotet |
2022-01-21 ⋅ vmware ⋅ Jason Zhang, Threat Analysis Unit @online{zhang:20220121:emotet:bdb4508,
author = {Jason Zhang and Threat Analysis Unit},
title = {{Emotet Is Not Dead (Yet)}},
date = {2022-01-21},
organization = {vmware},
url = {https://blogs.vmware.com/networkvirtualization/2022/01/emotet-is-not-dead-yet.html/},
language = {English},
urldate = {2022-02-10}
}
Emotet Is Not Dead (Yet) Emotet |
2022-01-19 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan @online{duncan:20220119:0000:cdac125,
author = {Brad Duncan},
title = {{0.0.0.0 in Emotet Spambot Traffic}},
date = {2022-01-19},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/rss/28254},
language = {English},
urldate = {2022-01-24}
}
0.0.0.0 in Emotet Spambot Traffic Emotet |
2022-01-19 ⋅ Gdata ⋅ Karsten Hahn @online{hahn:20220119:malware:293c00c,
author = {Karsten Hahn},
title = {{Malware vaccines can prevent pandemics, yet are rarely used}},
date = {2022-01-19},
organization = {Gdata},
url = {https://www.gdatasoftware.com/blog/2022/01/malware-vaccines},
language = {English},
urldate = {2023-03-24}
}
Malware vaccines can prevent pandemics, yet are rarely used Emotet STOP |
2022-01-17 ⋅ forensicitguy ⋅ Tony Lambert @online{lambert:20220117:emotets:85bf9d4,
author = {Tony Lambert},
title = {{Emotet's Excel 4.0 Macros Dropping DLLs}},
date = {2022-01-17},
organization = {forensicitguy},
url = {https://forensicitguy.github.io/emotet-excel4-macro-analysis/},
language = {English},
urldate = {2022-01-25}
}
Emotet's Excel 4.0 Macros Dropping DLLs Emotet |
2022-01-14 ⋅ RiskIQ ⋅ Jordan Herman @online{herman:20220114:riskiq:f4f5b68,
author = {Jordan Herman},
title = {{RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers}},
date = {2022-01-14},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/2cd1c003},
language = {English},
urldate = {2022-01-18}
}
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers Dridex Emotet |
2022-01-07 ⋅ muha2xmad ⋅ Muhammad Hasan Ali @online{ali:20220107:unpacking:e59d104,
author = {Muhammad Hasan Ali},
title = {{Unpacking Emotet malware part 02}},
date = {2022-01-07},
organization = {muha2xmad},
url = {https://muha2xmad.github.io/unpacking/emotet-part-2/},
language = {English},
urldate = {2022-02-14}
}
Unpacking Emotet malware part 02 Emotet |
2022-01-06 ⋅ muha2xmad ⋅ Muhammad Hasan Ali @online{ali:20220106:unpacking:57cdd55,
author = {Muhammad Hasan Ali},
title = {{Unpacking Emotet malware part 01}},
date = {2022-01-06},
organization = {muha2xmad},
url = {https://muha2xmad.github.io/unpacking/emotet-part-1/},
language = {English},
urldate = {2022-02-14}
}
Unpacking Emotet malware part 01 Emotet |
2021-12-22 ⋅ Cloudsek ⋅ Anandeshwar Unnikrishnan @online{unnikrishnan:20211222:emotet:29082b3,
author = {Anandeshwar Unnikrishnan},
title = {{Emotet 2.0: Everything you need to know about the new Variant of the Banking Trojan}},
date = {2021-12-22},
organization = {Cloudsek},
url = {https://web.archive.org/web/20211223100528/https://cloudsek.com/emotet-2-0-everything-you-need-to-know-about-the-new-variant-of-thbanking-trojan/},
language = {English},
urldate = {2022-05-25}
}
Emotet 2.0: Everything you need to know about the new Variant of the Banking Trojan Emotet |
2021-12-13 ⋅ Zscaler ⋅ Dennis Schwarz, Avinash Kumar @online{schwarz:20211213:return:94bdbce,
author = {Dennis Schwarz and Avinash Kumar},
title = {{Return of Emotet: Malware Analysis}},
date = {2021-12-13},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/return-emotet-malware-analysis},
language = {English},
urldate = {2021-12-20}
}
Return of Emotet: Malware Analysis Emotet |
2021-12-09 ⋅ HP ⋅ Patrick Schläpfer @online{schlpfer:20211209:emotets:aa090a7,
author = {Patrick Schläpfer},
title = {{Emotet’s Return: What’s Different?}},
date = {2021-12-09},
organization = {HP},
url = {https://threatresearch.ext.hp.com/emotets-return-whats-different/},
language = {English},
urldate = {2022-01-18}
}
Emotet’s Return: What’s Different? Emotet |
2021-12-08 ⋅ Check Point Research ⋅ Raman Ladutska, Aliaksandr Trafimchuk, David Driker, Yali Magiel @online{ladutska:20211208:when:16ee92b,
author = {Raman Ladutska and Aliaksandr Trafimchuk and David Driker and Yali Magiel},
title = {{When old friends meet again: why Emotet chose Trickbot for rebirth}},
date = {2021-12-08},
organization = {Check Point Research},
url = {https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/},
language = {English},
urldate = {2022-02-18}
}
When old friends meet again: why Emotet chose Trickbot for rebirth Emotet TrickBot |
2021-12-07 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20211207:emotet:f33c999,
author = {Lawrence Abrams},
title = {{Emotet now drops Cobalt Strike, fast forwards ransomware attacks}},
date = {2021-12-07},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/},
language = {English},
urldate = {2021-12-08}
}
Emotet now drops Cobalt Strike, fast forwards ransomware attacks Cobalt Strike Emotet |
2021-11-30 ⋅ Deep instinct ⋅ Ron Ben Yizhak @online{yizhak:20211130:reemergence:3f232d5,
author = {Ron Ben Yizhak},
title = {{The Re-Emergence of Emotet}},
date = {2021-11-30},
organization = {Deep instinct},
url = {https://www.deepinstinct.com/blog/the-re-emergence-of-emotet},
language = {English},
urldate = {2022-07-18}
}
The Re-Emergence of Emotet Emotet |
2021-11-25 ⋅ DSIH ⋅ Charles Blanc-Rolin @online{blancrolin:20211125:emotet:b02b32b,
author = {Charles Blanc-Rolin},
title = {{Emotet de retour, POC Exchange, 0-day Windows : à quelle sauce les attaquants prévoient de nous manger cette semaine?}},
date = {2021-11-25},
organization = {DSIH},
url = {https://www.dsih.fr/article/4483/emotet-de-retour-poc-exchange-0-day-windows-a-quelle-sauce-les-attaquants-prevoient-de-nous-manger-cette-semaine.html},
language = {French},
urldate = {2021-12-06}
}
Emotet de retour, POC Exchange, 0-day Windows : à quelle sauce les attaquants prévoient de nous manger cette semaine? Emotet |
2021-11-23 ⋅ Anomali ⋅ Anomali Threat Research @online{research:20211123:mummy:8cffd4e,
author = {Anomali Threat Research},
title = {{Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return}},
date = {2021-11-23},
organization = {Anomali},
url = {https://www.anomali.com/blog/mummy-spiders-emotet-malware-is-back-after-a-year-hiatus-wizard-spiders-trickbot-observed-in-its-return},
language = {English},
urldate = {2021-11-26}
}
Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return Emotet |
2021-11-20 ⋅ Twitter (@eduardfir) ⋅ Eduardo Mattos @online{mattos:20211120:velociraptor:bc6d897,
author = {Eduardo Mattos},
title = {{Tweet on Velociraptor artifact analysis for Emotet}},
date = {2021-11-20},
organization = {Twitter (@eduardfir)},
url = {https://twitter.com/eduardfir/status/1461856030292422659},
language = {English},
urldate = {2021-11-25}
}
Tweet on Velociraptor artifact analysis for Emotet Emotet |
2021-11-20 ⋅ Youtube (HEXORCIST) ⋅ Nicolas Brulez @online{brulez:20211120:unpacking:b26d2fb,
author = {Nicolas Brulez},
title = {{Unpacking Emotet and Reversing Obfuscated Word Document}},
date = {2021-11-20},
organization = {Youtube (HEXORCIST)},
url = {https://www.youtube.com/watch?v=AkZ5TYBqcU4},
language = {English},
urldate = {2021-12-20}
}
Unpacking Emotet and Reversing Obfuscated Word Document Emotet |
2021-11-20 ⋅ Advanced Intelligence ⋅ Yelisey Boguslavskiy, Vitali Kremez @online{boguslavskiy:20211120:corporate:a8b0a1c,
author = {Yelisey Boguslavskiy and Vitali Kremez},
title = {{Corporate Loader "Emotet": History of "X" Project Return for Ransomware}},
date = {2021-11-20},
organization = {Advanced Intelligence},
url = {https://www.advintel.io/post/corporate-loader-emotet-history-of-x-project-return-for-ransomware},
language = {English},
urldate = {2021-11-25}
}
Corporate Loader "Emotet": History of "X" Project Return for Ransomware Emotet |
2021-11-19 ⋅ CRONUP ⋅ Germán Fernández @online{fernndez:20211119:la:2cbc6a0,
author = {Germán Fernández},
title = {{La Botnet de EMOTET reinicia ataques en Chile y LATAM}},
date = {2021-11-19},
organization = {CRONUP},
url = {https://www.cronup.com/la-botnet-de-emotet-reinicia-ataques-en-chile-y-latinoamerica/},
language = {Spanish},
urldate = {2021-11-25}
}
La Botnet de EMOTET reinicia ataques en Chile y LATAM Emotet |
2021-11-19 ⋅ LAC WATCH ⋅ LAC WATCH @online{watch:20211119:malware:c504e6f,
author = {LAC WATCH},
title = {{Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack}},
date = {2021-11-19},
organization = {LAC WATCH},
url = {https://www.lac.co.jp/lacwatch/alert/20211119_002801.html},
language = {English},
urldate = {2021-11-25}
}
Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack Emotet |
2021-11-18 ⋅ Netskope ⋅ Gustavo Palazolo, Ghanashyam Satpathy @online{palazolo:20211118:netskope:39d2098,
author = {Gustavo Palazolo and Ghanashyam Satpathy},
title = {{Netskope Threat Coverage: The Return of Emotet}},
date = {2021-11-18},
organization = {Netskope},
url = {https://www.netskope.com/blog/netskope-threat-coverage-the-return-of-emotet},
language = {English},
urldate = {2021-11-25}
}
Netskope Threat Coverage: The Return of Emotet Emotet |
2021-11-18 ⋅ eSentire ⋅ eSentire @online{esentire:20211118:emotet:ded09a3,
author = {eSentire},
title = {{Emotet Activity Identified}},
date = {2021-11-18},
organization = {eSentire},
url = {https://www.esentire.com/security-advisories/emotet-activity-identified},
language = {English},
urldate = {2021-11-19}
}
Emotet Activity Identified Emotet |
2021-11-16 ⋅ Malwarebytes ⋅ Malwarebytes Threat Intelligence Team @online{team:20211116:trickbot:b624694,
author = {Malwarebytes Threat Intelligence Team},
title = {{TrickBot helps Emotet come back from the dead}},
date = {2021-11-16},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-intelligence/2021/11/trickbot-helps-emotet-come-back-from-the-dead/},
language = {English},
urldate = {2021-11-17}
}
TrickBot helps Emotet come back from the dead Emotet TrickBot |
2021-11-16 ⋅ Zscaler ⋅ Deepen Desai @online{desai:20211116:return:936dad6,
author = {Deepen Desai},
title = {{Return of Emotet malware}},
date = {2021-11-16},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/security-research/return-emotet-malware},
language = {English},
urldate = {2021-11-19}
}
Return of Emotet malware Emotet |
2021-11-16 ⋅ Hornetsecurity ⋅ Security Lab @online{lab:20211116:comeback:7f2b540,
author = {Security Lab},
title = {{Comeback of Emotet}},
date = {2021-11-16},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/threat-research/comeback-emotet/},
language = {English},
urldate = {2021-11-25}
}
Comeback of Emotet Emotet |
2021-11-16 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan @online{duncan:20211116:emotet:3545954,
author = {Brad Duncan},
title = {{Emotet Returns}},
date = {2021-11-16},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/28044},
language = {English},
urldate = {2021-11-17}
}
Emotet Returns Emotet |
2021-11-15 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20211115:emotet:8de6d81,
author = {Lawrence Abrams},
title = {{Emotet malware is back and rebuilding its botnet via TrickBot}},
date = {2021-11-15},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-malware-is-back-and-rebuilding-its-botnet-via-trickbot/},
language = {English},
urldate = {2021-11-17}
}
Emotet malware is back and rebuilding its botnet via TrickBot Emotet |
2021-11-15 ⋅ cyber.wtf blog ⋅ Luca Ebach @online{ebach:20211115:guess:81c7df8,
author = {Luca Ebach},
title = {{Guess who’s back}},
date = {2021-11-15},
organization = {cyber.wtf blog},
url = {https://cyber.wtf/2021/11/15/guess-whos-back/},
language = {English},
urldate = {2021-11-17}
}
Guess who’s back Emotet |
2021-08-15 ⋅ Symantec ⋅ Threat Hunter Team @techreport{team:20210815:ransomware:f799696,
author = {Threat Hunter Team},
title = {{The Ransomware Threat}},
date = {2021-08-15},
institution = {Symantec},
url = {https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf},
language = {English},
urldate = {2021-12-15}
}
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
2021-07-12 ⋅ The Record ⋅ Catalin Cimpanu @online{cimpanu:20210712:over:c88e351,
author = {Catalin Cimpanu},
title = {{Over 780,000 email accounts compromised by Emotet have been secured}},
date = {2021-07-12},
organization = {The Record},
url = {https://therecord.media/over-780000-email-accounts-compromised-by-emotet-have-been-secured/},
language = {English},
urldate = {2021-07-20}
}
Over 780,000 email accounts compromised by Emotet have been secured Emotet |
2021-06-16 ⋅ S2 Grupo ⋅ CSIRT-CV (the ICT Security Center of the Valencian Community) @online{community:20210616:emotet:7e0fafe,
author = {CSIRT-CV (the ICT Security Center of the Valencian Community)},
title = {{Emotet campaign analysis}},
date = {2021-06-16},
organization = {S2 Grupo},
url = {https://www.securityartwork.es/2021/06/16/analisis-campana-emotet/},
language = {Spanish},
urldate = {2021-06-21}
}
Emotet campaign analysis Emotet QakBot |
2021-06-10 ⋅ ZEIT Online ⋅ Von Kai Biermann, Astrid Geisler, Herwig G. Höller, Karsten Polke-Majewski, Zachary Kamel @online{biermann:20210610:trail:42969a8,
author = {Von Kai Biermann and Astrid Geisler and Herwig G. Höller and Karsten Polke-Majewski and Zachary Kamel},
title = {{On the Trail of the Internet Extortionists}},
date = {2021-06-10},
organization = {ZEIT Online},
url = {https://www.zeit.de/digital/2021-06/cybercrime-extortion-internet-spyware-ransomware-police-prosecution-hackers},
language = {English},
urldate = {2021-07-02}
}
On the Trail of the Internet Extortionists Emotet Mailto |
2021-06-10 ⋅ Tagesschau ⋅ Hakan Tanriverdi, Maximilian Zierer @online{tanriverdi:20210610:schadsoftware:834b3fd,
author = {Hakan Tanriverdi and Maximilian Zierer},
title = {{Schadsoftware Emotet: BKA befragt Schlüsselfigur}},
date = {2021-06-10},
organization = {Tagesschau},
url = {https://www.tagesschau.de/investigativ/br-recherche/emotet-schadsoftware-103.html},
language = {English},
urldate = {2021-07-02}
}
Schadsoftware Emotet: BKA befragt Schlüsselfigur Emotet |
2021-05-26 ⋅ DeepInstinct ⋅ Ron Ben Yizhak @online{yizhak:20210526:deep:c123a19,
author = {Ron Ben Yizhak},
title = {{A Deep Dive into Packing Software CryptOne}},
date = {2021-05-26},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2021/05/26/deep-dive-packing-software-cryptone/},
language = {English},
urldate = {2021-06-22}
}
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
2021-05-10 ⋅ Wirtschaftswoche ⋅ Thomas Kuhn @online{kuhn:20210510:how:5f1953b,
author = {Thomas Kuhn},
title = {{How one of the largest hacker networks in the world was paralyzed}},
date = {2021-05-10},
organization = {Wirtschaftswoche},
url = {https://www.wiwo.de/my/technologie/digitale-welt/emotet-netzwerk-wie-eines-der-groessten-hacker-netzwerke-der-welt-lahmgelegt-wurde/27164048.html},
language = {German},
urldate = {2021-05-13}
}
How one of the largest hacker networks in the world was paralyzed Emotet |
2021-04-22 ⋅ Github (@cecio) ⋅ @red5heep @online{red5heep:20210422:emotet:44c2798,
author = {@red5heep},
title = {{EMOTET: a State-Machine reversing exercise}},
date = {2021-04-22},
organization = {Github (@cecio)},
url = {https://github.com/cecio/EMOTET-2020-Reversing},
language = {English},
urldate = {2021-11-12}
}
EMOTET: a State-Machine reversing exercise Emotet |
2021-04-22 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20210422:spamhaus:4a32a4d,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q1 2021}},
date = {2021-04-22},
institution = {Spamhaus},
url = {https://www.spamhaus.com/custom-content/uploads/2021/04/Botnet-update-Q1-2021.pdf},
language = {English},
urldate = {2021-04-28}
}
Spamhaus Botnet Threat Update Q1 2021 Emotet Ficker Stealer Raccoon |
2021-04-09 ⋅ Palo Alto Networks Unit 42 ⋅ Yanhui Jia, Chris Navarrete @online{jia:20210409:emotet:c376dd2,
author = {Yanhui Jia and Chris Navarrete},
title = {{Emotet Command and Control Case Study}},
date = {2021-04-09},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/emotet-command-and-control/},
language = {English},
urldate = {2021-04-12}
}
Emotet Command and Control Case Study Emotet |
2021-03-31 ⋅ Kaspersky ⋅ Kaspersky @online{kaspersky:20210331:financial:3371aa0,
author = {Kaspersky},
title = {{Financial Cyberthreats in 2020}},
date = {2021-03-31},
organization = {Kaspersky},
url = {https://securelist.com/financial-cyberthreats-in-2020/101638/},
language = {English},
urldate = {2021-04-06}
}
Financial Cyberthreats in 2020 BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus |
2021-03-31 ⋅ Red Canary ⋅ Red Canary @techreport{canary:20210331:2021:cd81f2d,
author = {Red Canary},
title = {{2021 Threat Detection Report}},
date = {2021-03-31},
institution = {Red Canary},
url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf},
language = {English},
urldate = {2021-04-06}
}
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-21 ⋅ Blackberry ⋅ Blackberry Research @techreport{research:20210321:2021:a393473,
author = {Blackberry Research},
title = {{2021 Threat Report}},
date = {2021-03-21},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf},
language = {English},
urldate = {2021-03-25}
}
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
2021-03-17 ⋅ HP ⋅ HP Bromium @techreport{bromium:20210317:threat:3aed551,
author = {HP Bromium},
title = {{Threat Insights Report Q4-2020}},
date = {2021-03-17},
institution = {HP},
url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/03/HP_Bromium_Threat_Insights_Report_Q4_2020.pdf},
language = {English},
urldate = {2021-03-19}
}
Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Chris Navarrete, Yanhui Jia, Matthew Tennis, Durgesh Sangvikar, Rongbo Shao @online{navarrete:20210308:attack:6238643,
author = {Chris Navarrete and Yanhui Jia and Matthew Tennis and Durgesh Sangvikar and Rongbo Shao},
title = {{Attack Chain Overview: Emotet in December 2020 and January 2021}},
date = {2021-03-08},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/attack-chain-overview-emotet-in-december-2020-and-january-2021/},
language = {English},
urldate = {2021-03-11}
}
Attack Chain Overview: Emotet in December 2020 and January 2021 Emotet |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-28 ⋅ NetbyteSEC @online{netbytesec:20210228:deobfuscating:a975d4c,
author = {NetbyteSEC},
title = {{Deobfuscating Emotet Macro Document and Powershell Command}},
date = {2021-02-28},
url = {https://notes.netbytesec.com/2021/02/deobfuscating-emotet-macro-and.html},
language = {English},
urldate = {2022-02-14}
}
Deobfuscating Emotet Macro Document and Powershell Command Emotet |
2021-02-25 ⋅ ANSSI ⋅ CERT-FR @techreport{certfr:20210225:ryuk:7895e12,
author = {CERT-FR},
title = {{Ryuk Ransomware}},
date = {2021-02-25},
institution = {ANSSI},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf},
language = {English},
urldate = {2021-03-02}
}
Ryuk Ransomware BazarBackdoor Buer Conti Emotet Ryuk TrickBot |
2021-02-25 ⋅ JPCERT/CC ⋅ Ken Sajo @online{sajo:20210225:emotet:f78fb4e,
author = {Ken Sajo},
title = {{Emotet Disruption and Outreach to Affected Users}},
date = {2021-02-25},
organization = {JPCERT/CC},
url = {https://blogs.jpcert.or.jp/en/2021/02/emotet-notice.html},
language = {English},
urldate = {2021-02-25}
}
Emotet Disruption and Outreach to Affected Users Emotet |
2021-02-24 ⋅ IBM ⋅ IBM SECURITY X-FORCE @online{xforce:20210224:xforce:ac9a90e,
author = {IBM SECURITY X-FORCE},
title = {{X-Force Threat Intelligence Index 2021}},
date = {2021-02-24},
organization = {IBM},
url = {https://ibm.ent.box.com/s/hs5pcayhbbhjvj8di5sqdpbbd88tsh89},
language = {English},
urldate = {2021-03-02}
}
X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
2021-02-24 ⋅ Allsafe ⋅ Shota Nakajima, Hara Hiroaki @techreport{nakajima:20210224:malware:0f5ff88,
author = {Shota Nakajima and Hara Hiroaki},
title = {{Malware Analysis at Scale - Defeating Emotet by Ghidra}},
date = {2021-02-24},
institution = {Allsafe},
url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_workshop_malware-analysis_jp.pdf},
language = {English},
urldate = {2021-02-26}
}
Malware Analysis at Scale - Defeating Emotet by Ghidra Emotet |
2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20210223:2021:bf5bc4f,
author = {CrowdStrike},
title = {{2021 Global Threat Report}},
date = {2021-02-23},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf},
language = {English},
urldate = {2021-02-25}
}
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-02-17 ⋅ Politie NL ⋅ Politie NL @online{nl:20210217:politie:a27a279,
author = {Politie NL},
title = {{Politie bestrijdt cybercrime via Nederlandse infrastructuur}},
date = {2021-02-17},
organization = {Politie NL},
url = {https://www.politie.nl/nieuws/2021/februari/17/politie-bestrijdt-cybercrime-via-nederlandse-infrastructuur.html},
language = {Dutch},
urldate = {2021-02-20}
}
Politie bestrijdt cybercrime via Nederlandse infrastructuur Emotet |
2021-02-17 ⋅ YouTube (AGDC Services) ⋅ AGDC Services @online{services:20210217:how:d492b9b,
author = {AGDC Services},
title = {{How Malware Can Resolve APIs By Hash}},
date = {2021-02-17},
organization = {YouTube (AGDC Services)},
url = {https://www.youtube.com/watch?v=q8of74upT_g},
language = {English},
urldate = {2021-02-24}
}
How Malware Can Resolve APIs By Hash Emotet Mailto |
2021-02-16 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team @online{team:20210216:q4:4a82474,
author = {Proofpoint Threat Research Team},
title = {{Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes}},
date = {2021-02-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/q4-2020-threat-report-quarterly-analysis-cybersecurity-trends-tactics-and-themes},
language = {English},
urldate = {2021-05-31}
}
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes Emotet Ryuk NARWHAL SPIDER TA800 |
2021-02-12 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20210212:malwareaaaservice:c6454b5,
author = {CERT-FR},
title = {{The Malware-Aa-A-Service Emotet}},
date = {2021-02-12},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-003.pdf},
language = {English},
urldate = {2021-02-20}
}
The Malware-Aa-A-Service Emotet Emotet |
2021-02-08 ⋅ GRNET CERT ⋅ Dimitris Kolotouros, Marios Levogiannis @online{kolotouros:20210208:reverse:a034919,
author = {Dimitris Kolotouros and Marios Levogiannis},
title = {{Reverse engineering Emotet – Our approach to protect GRNET against the trojan}},
date = {2021-02-08},
organization = {GRNET CERT},
url = {https://cert.grnet.gr/en/blog/reverse-engineering-emotet/},
language = {English},
urldate = {2021-02-09}
}
Reverse engineering Emotet – Our approach to protect GRNET against the trojan Emotet |
2021-02-03 ⋅ Digital Shadows ⋅ Stefano De Blasi @online{blasi:20210203:emotet:8e8ac18,
author = {Stefano De Blasi},
title = {{Emotet Disruption: what it means for the cyber threat landscape}},
date = {2021-02-03},
organization = {Digital Shadows},
url = {https://www.digitalshadows.com/blog-and-research/emotet-disruption/},
language = {English},
urldate = {2021-02-06}
}
Emotet Disruption: what it means for the cyber threat landscape Emotet |
2021-02-02 ⋅ CRONUP ⋅ Germán Fernández @online{fernndez:20210202:de:6ff4f3a,
author = {Germán Fernández},
title = {{De ataque con Malware a incidente de Ransomware}},
date = {2021-02-02},
organization = {CRONUP},
url = {https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware},
language = {Spanish},
urldate = {2021-03-02}
}
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team @online{team:20210201:what:2e12897,
author = {Microsoft 365 Defender Threat Intelligence Team},
title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}},
date = {2021-02-01},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/},
language = {English},
urldate = {2021-02-02}
}
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
2021-01-29 ⋅ Malwarebytes ⋅ Threat Intelligence Team @online{team:20210129:cleaning:489c8b3,
author = {Threat Intelligence Team},
title = {{Cleaning up after Emotet: the law enforcement file}},
date = {2021-01-29},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/},
language = {English},
urldate = {2021-02-02}
}
Cleaning up after Emotet: the law enforcement file Emotet |
2021-01-28 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab @online{lab:20210128:emotet:863df45,
author = {Hornetsecurity Security Lab},
title = {{Emotet Botnet Takedown}},
date = {2021-01-28},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/threat-research/emotet-botnet-takedown/},
language = {English},
urldate = {2021-01-29}
}
Emotet Botnet Takedown Emotet |
2021-01-28 ⋅ Department of Homeland Security ⋅ Department of Justice @online{justice:20210128:emotet:cb82f8e,
author = {Department of Justice},
title = {{Emotet Botnet Disrupted in International Cyber Operation}},
date = {2021-01-28},
organization = {Department of Homeland Security},
url = {https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation},
language = {English},
urldate = {2021-02-01}
}
Emotet Botnet Disrupted in International Cyber Operation Emotet |
2021-01-28 ⋅ NTT ⋅ Dan Saunders @online{saunders:20210128:emotet:19b0313,
author = {Dan Saunders},
title = {{Emotet disruption - Europol counterattack}},
date = {2021-01-28},
organization = {NTT},
url = {https://hello.global.ntt/en-us/insights/blog/emotet-disruption-europol-counterattack},
language = {English},
urldate = {2021-01-29}
}
Emotet disruption - Europol counterattack Emotet |
2021-01-28 ⋅ Youtube (Virus Bulletin) ⋅ Benoît Ancel @online{ancel:20210128:bagsu:7de60de,
author = {Benoît Ancel},
title = {{The Bagsu banker case}},
date = {2021-01-28},
organization = {Youtube (Virus Bulletin)},
url = {https://www.youtube.com/watch?v=EyDiIAt__dI},
language = {English},
urldate = {2021-02-01}
}
The Bagsu banker case Azorult DreamBot Emotet Pony TrickBot ZeusAction |
2021-01-28 ⋅ InfoSec Handlers Diary Blog ⋅ Daniel Wesemann @online{wesemann:20210128:emotet:2939e8d,
author = {Daniel Wesemann},
title = {{Emotet vs. Windows Attack Surface Reduction}},
date = {2021-01-28},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/rss/27036},
language = {English},
urldate = {2021-01-29}
}
Emotet vs. Windows Attack Surface Reduction Emotet |
2021-01-27 ⋅ Team Cymru ⋅ James Shank @online{shank:20210127:taking:fa40609,
author = {James Shank},
title = {{Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts}},
date = {2021-01-27},
organization = {Team Cymru},
url = {https://team-cymru.com/blog/2021/01/27/taking-down-emotet/},
language = {English},
urldate = {2021-01-29}
}
Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts Emotet |
2021-01-27 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20210127:international:dc5699a,
author = {Brian Krebs},
title = {{International Action Targets Emotet Crimeware}},
date = {2021-01-27},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware},
language = {English},
urldate = {2021-01-29}
}
International Action Targets Emotet Crimeware Emotet |
2021-01-27 ⋅ Youtube (Національна поліція України) ⋅ Національна поліція України @online{:20210127:emotet:abc27db,
author = {Національна поліція України},
title = {{Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET}},
date = {2021-01-27},
organization = {Youtube (Національна поліція України)},
url = {https://www.youtube.com/watch?v=_BLOmClsSpc},
language = {Ukrainian},
urldate = {2021-01-27}
}
Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET Emotet |
2021-01-27 ⋅ Bundeskriminalamt ⋅ Bundeskriminalamt @online{bundeskriminalamt:20210127:infrastruktur:eb4ede6,
author = {Bundeskriminalamt},
title = {{Infrastruktur der Emotet-Schadsoftware zerschlagen}},
date = {2021-01-27},
organization = {Bundeskriminalamt},
url = {https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2021/Presse2021/210127_pmEmotet.html},
language = {German},
urldate = {2021-01-27}
}
Infrastruktur der Emotet-Schadsoftware zerschlagen Emotet |
2021-01-27 ⋅ Twitter (@milkr3am) ⋅ milkream @online{milkream:20210127:all:e3c3773,
author = {milkream},
title = {{Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25}},
date = {2021-01-27},
organization = {Twitter (@milkr3am)},
url = {https://twitter.com/milkr3am/status/1354459859912192002},
language = {English},
urldate = {2021-01-29}
}
Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25 Emotet |
2021-01-27 ⋅ Intel 471 ⋅ Intel 471 @online{471:20210127:emotet:0a7344b,
author = {Intel 471},
title = {{Emotet takedown is not like the Trickbot takedown}},
date = {2021-01-27},
organization = {Intel 471},
url = {https://intel471.com/blog/emotet-takedown-2021/},
language = {English},
urldate = {2021-01-29}
}
Emotet takedown is not like the Trickbot takedown Emotet |
2021-01-27 ⋅ Eurojust ⋅ Eurojust @online{eurojust:20210127:worlds:d416adc,
author = {Eurojust},
title = {{World’s most dangerous malware EMOTET disrupted through global action}},
date = {2021-01-27},
organization = {Eurojust},
url = {https://www.eurojust.europa.eu/worlds-most-dangerous-malware-emotet-disrupted-through-global-action},
language = {English},
urldate = {2021-01-27}
}
World’s most dangerous malware EMOTET disrupted through global action Emotet |
2021-01-19 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan @online{duncan:20210119:wireshark:be0c831,
author = {Brad Duncan},
title = {{Wireshark Tutorial: Examining Emotet Infection Traffic}},
date = {2021-01-19},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-emotet-infection/},
language = {English},
urldate = {2021-01-21}
}
Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
2021-01-14 ⋅ Netskope ⋅ Ghanashyam Satpathy, Dagmawi Mulugeta @online{satpathy:20210114:you:f7f99aa,
author = {Ghanashyam Satpathy and Dagmawi Mulugeta},
title = {{You Can Run, But You Can’t Hide: Advanced Emotet Updates}},
date = {2021-01-14},
organization = {Netskope},
url = {https://www.netskope.com/blog/you-can-run-but-you-cant-hide-advanced-emotet-updates},
language = {English},
urldate = {2021-01-18}
}
You Can Run, But You Can’t Hide: Advanced Emotet Updates Emotet |
2021-01-13 ⋅ VinCSS ⋅ Tran Trung Kien, m4n0w4r @online{kien:20210113:re019:5b00767,
author = {Tran Trung Kien and m4n0w4r},
title = {{[RE019] From A to X analyzing some real cases which used recent Emotet samples}},
date = {2021-01-13},
organization = {VinCSS},
url = {https://blog.vincss.net/2021/01/re019-from-a-to-x-analyzing-some-real-cases-which-used-recent-Emotet-samples.html},
language = {English},
urldate = {2021-01-25}
}
[RE019] From A to X analyzing some real cases which used recent Emotet samples Emotet |
2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20210109:command:d720b27,
author = {Marco Ramilli},
title = {{Command and Control Traffic Patterns}},
date = {2021-01-09},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/},
language = {English},
urldate = {2021-05-17}
}
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-05 ⋅ r3mrum blog ⋅ R3MRUM @online{r3mrum:20210105:manual:0d15421,
author = {R3MRUM},
title = {{Manual analysis of new PowerSplit maldocs delivering Emotet}},
date = {2021-01-05},
organization = {r3mrum blog},
url = {https://r3mrum.wordpress.com/2021/01/05/manual-analysis-of-new-powersplit-maldocs-delivering-emotet/},
language = {English},
urldate = {2021-01-10}
}
Manual analysis of new PowerSplit maldocs delivering Emotet Emotet |
2020-12-31 ⋅ Cert-AgID ⋅ Cert-AgID @online{certagid:20201231:simplify:1a7bcd2,
author = {Cert-AgID},
title = {{Simplify Emotet parsing with Python and iced x86}},
date = {2020-12-31},
organization = {Cert-AgID},
url = {https://cert-agid.gov.it/news/malware/semplificare-lanalisi-di-emotet-con-python-e-iced-x86/},
language = {Italian},
urldate = {2021-01-05}
}
Simplify Emotet parsing with Python and iced x86 Emotet |
2020-12-30 ⋅ Bleeping Computer ⋅ Sergiu Gatlan @online{gatlan:20201230:emotet:1f2a80b,
author = {Sergiu Gatlan},
title = {{Emotet malware hits Lithuania's National Public Health Center}},
date = {2020-12-30},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-malware-hits-lithuanias-national-public-health-center/},
language = {English},
urldate = {2021-01-05}
}
Emotet malware hits Lithuania's National Public Health Center Emotet |
2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW @online{munshaw:20201221:2020:4a88f84,
author = {JON MUNSHAW},
title = {{2020: The year in malware}},
date = {2020-12-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html},
language = {English},
urldate = {2020-12-26}
}
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-10 ⋅ Youtube (OALabs) ⋅ Sergei Frankoff @online{frankoff:20201210:malware:0a70511,
author = {Sergei Frankoff},
title = {{Malware Triage Analyzing PrnLoader Used To Drop Emotet}},
date = {2020-12-10},
organization = {Youtube (OALabs)},
url = {https://www.youtube.com/watch?v=5_-oR_135ss},
language = {English},
urldate = {2020-12-18}
}
Malware Triage Analyzing PrnLoader Used To Drop Emotet Emotet |
2020-12-04 ⋅ Kaspersky Labs ⋅ Oleg Kupreev @online{kupreev:20201204:chronicles:faab5a6,
author = {Oleg Kupreev},
title = {{The chronicles of Emotet}},
date = {2020-12-04},
organization = {Kaspersky Labs},
url = {https://securelist.com/the-chronicles-of-emotet/99660/},
language = {English},
urldate = {2020-12-08}
}
The chronicles of Emotet Emotet |
2020-11-26 ⋅ VirusTotal ⋅ Emiliano Martinez @online{martinez:20201126:using:2d0ccc3,
author = {Emiliano Martinez},
title = {{Using similarity to expand context and map out threat campaigns}},
date = {2020-11-26},
organization = {VirusTotal},
url = {https://blog.virustotal.com/2020/11/using-similarity-to-expand-context-and.html},
language = {English},
urldate = {2020-12-03}
}
Using similarity to expand context and map out threat campaigns Emotet |
2020-11-22 ⋅ Irshad's Blog ⋅ Irshad Muhammad @online{muhammad:20201122:analyzing:d3915d0,
author = {Irshad Muhammad},
title = {{Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.}},
date = {2020-11-22},
organization = {Irshad's Blog},
url = {https://mirshadx.wordpress.com/2020/11/22/analyzing-an-emotet-dropper-and-writing-a-python-script-to-statically-unpack-payload/},
language = {English},
urldate = {2020-11-23}
}
Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload. Emotet |
2020-11-20 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20201120:malware:0b8ff59,
author = {Catalin Cimpanu},
title = {{The malware that usually installs ransomware and you need to remove right away}},
date = {2020-11-20},
organization = {ZDNet},
url = {https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/},
language = {English},
urldate = {2020-11-23}
}
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-18 ⋅ Cisco ⋅ Nick Biasini, Edmund Brumaghin, Jaeson Schultz @online{biasini:20201118:back:178d20d,
author = {Nick Biasini and Edmund Brumaghin and Jaeson Schultz},
title = {{Back from vacation: Analyzing Emotet’s activity in 2020}},
date = {2020-11-18},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2020/11/emotet-2020.html},
language = {English},
urldate = {2020-11-19}
}
Back from vacation: Analyzing Emotet’s activity in 2020 Emotet |
2020-11-06 ⋅ Security Soup Blog ⋅ Ryan Campbell @online{campbell:20201106:quick:741d84a,
author = {Ryan Campbell},
title = {{Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs}},
date = {2020-11-06},
organization = {Security Soup Blog},
url = {https://security-soup.net/quick-post-spooky-new-powershell-obfuscation-in-emotet-maldocs/},
language = {English},
urldate = {2020-11-09}
}
Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs Emotet |
2020-11-06 ⋅ LAC WATCH ⋅ Matsumoto, Takagen, Ishikawa @online{matsumoto:20201106:emotetzloader:ba310e4,
author = {Matsumoto and Takagen and Ishikawa},
title = {{分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意}},
date = {2020-11-06},
organization = {LAC WATCH},
url = {https://www.lac.co.jp/lacwatch/people/20201106_002321.html},
language = {Japanese},
urldate = {2020-11-09}
}
分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意 Emotet Zloader |
2020-11-05 ⋅ Brim Security ⋅ Oliver Rochford @online{rochford:20201105:hunting:c53aca3,
author = {Oliver Rochford},
title = {{Hunting Emotet with Brim and Zeek}},
date = {2020-11-05},
organization = {Brim Security},
url = {https://medium.com/brim-securitys-knowledge-funnel/hunting-emotet-with-brim-and-zeek-1000c2f5c1ff},
language = {English},
urldate = {2020-11-09}
}
Hunting Emotet with Brim and Zeek Emotet |
2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Ruian Duan, Zhanhao Chen, Seokkyung Chung, Janos Szurdi, Jingwei Fan @online{duan:20201029:domain:413ffab,
author = {Ruian Duan and Zhanhao Chen and Seokkyung Chung and Janos Szurdi and Jingwei Fan},
title = {{Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee}},
date = {2020-10-29},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/domain-parking/},
language = {English},
urldate = {2020-11-02}
}
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee Emotet |
2020-10-29 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20201029:le:d296223,
author = {CERT-FR},
title = {{LE MALWARE-AS-A-SERVICE EMOTET}},
date = {2020-10-29},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-010.pdf},
language = {English},
urldate = {2020-11-04}
}
LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
2020-10-28 ⋅ Bitdefender ⋅ Ruben Andrei Condor @techreport{condor:20201028:decade:b8d7422,
author = {Ruben Andrei Condor},
title = {{A Decade of WMI Abuse – an Overview of Techniques in Modern Malware}},
date = {2020-10-28},
institution = {Bitdefender},
url = {https://www.bitdefender.com/files/News/CaseStudies/study/377/Bitdefender-Whitepaper-WMI-creat4871-en-EN-GenericUse.pdf},
language = {English},
urldate = {2020-11-02}
}
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware sLoad Emotet Maze |
2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ BSI @online{bsi:20201020:die:0683ad4,
author = {BSI},
title = {{Die Lage der IT-Sicherheit in Deutschland 2020}},
date = {2020-10-20},
organization = {Bundesamt für Sicherheit in der Informationstechnik},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2020.pdf?__blob=publicationFile&v=2},
language = {German},
urldate = {2020-10-21}
}
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
2020-10-19 ⋅ SPAM Auditor ⋅ Thomas @online{thomas:20201019:many:b85e434,
author = {Thomas},
title = {{The Many Faces of Emotet}},
date = {2020-10-19},
organization = {SPAM Auditor},
url = {https://spamauditor.org/2020/10/the-many-faces-of-emotet/},
language = {English},
urldate = {2020-10-23}
}
The Many Faces of Emotet Emotet |
2020-10-16 ⋅ Proofpoint ⋅ Cassandra A., Proofpoint Threat Research Team @online{a:20201016:geofenced:8c31198,
author = {Cassandra A. and Proofpoint Threat Research Team},
title = {{Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet}},
date = {2020-10-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet},
language = {English},
urldate = {2020-10-23}
}
Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet Emotet |
2020-10-12 ⋅ DeepInstinct ⋅ Ron Ben Yizhak @online{yizhak:20201012:why:df976a3,
author = {Ron Ben Yizhak},
title = {{Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2}},
date = {2020-10-12},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2020/10/12/why-emotets-latest-wave-is-harder-to-catch-than-ever-before-part-2/},
language = {English},
urldate = {2020-10-15}
}
Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2 Emotet |
2020-10-01 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Research Team @online{f:20201001:emotet:59780d9,
author = {Axel F and Proofpoint Threat Research Team},
title = {{Emotet Makes Timely Adoption of Political and Elections Lures}},
date = {2020-10-01},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/emotet-makes-timely-adoption-political-and-elections-lures},
language = {English},
urldate = {2020-10-05}
}
Emotet Makes Timely Adoption of Political and Elections Lures Emotet |
2020-09-29 ⋅ PWC UK ⋅ Andy Auld @online{auld:20200929:whats:2782a62,
author = {Andy Auld},
title = {{What's behind the increase in ransomware attacks this year?}},
date = {2020-09-29},
organization = {PWC UK},
url = {https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html},
language = {English},
urldate = {2021-05-25}
}
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
2020-09-29 ⋅ Microsoft ⋅ Microsoft @techreport{microsoft:20200929:microsoft:6e5d7b0,
author = {Microsoft},
title = {{Microsoft Digital Defense Report}},
date = {2020-09-29},
institution = {Microsoft},
url = {https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf},
language = {English},
urldate = {2020-10-05}
}
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
2020-09-29 ⋅ Seqrite ⋅ Prashant Tilekar @online{tilekar:20200929:return:d989aaf,
author = {Prashant Tilekar},
title = {{The return of the Emotet as the world unlocks!}},
date = {2020-09-29},
organization = {Seqrite},
url = {https://www.seqrite.com/blog/the-return-of-the-emotet-as-the-world-unlocks/},
language = {English},
urldate = {2021-01-01}
}
The return of the Emotet as the world unlocks! Emotet |
2020-09-23 ⋅ paloalto Netoworks: Unit42 ⋅ Brad Duncan @online{duncan:20200923:case:078ee7f,
author = {Brad Duncan},
title = {{Case Study: Emotet Thread Hijacking, an Email Attack Technique}},
date = {2020-09-23},
organization = {paloalto Netoworks: Unit42},
url = {https://unit42.paloaltonetworks.com/emotet-thread-hijacking/},
language = {English},
urldate = {2022-11-28}
}
Case Study: Emotet Thread Hijacking, an Email Attack Technique Emotet |
2020-09-11 ⋅ ThreatConnect ⋅ ThreatConnect Research Team @online{team:20200911:research:edfb074,
author = {ThreatConnect Research Team},
title = {{Research Roundup: Activity on Previously Identified APT33 Domains}},
date = {2020-09-11},
organization = {ThreatConnect},
url = {https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/},
language = {English},
urldate = {2020-09-15}
}
Research Roundup: Activity on Previously Identified APT33 Domains Emotet PlugX APT33 |
2020-09-07 ⋅ CERT-FR ⋅ CERT-FR @online{certfr:20200907:bulletin:f7b2023,
author = {CERT-FR},
title = {{Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France}},
date = {2020-09-07},
organization = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-019/},
language = {English},
urldate = {2020-09-15}
}
Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France Emotet |
2020-09-07 ⋅ CERT NZ ⋅ CERT NZ @online{nz:20200907:emotet:e7965c2,
author = {CERT NZ},
title = {{Emotet Malware being spread via email}},
date = {2020-09-07},
organization = {CERT NZ},
url = {https://www.cert.govt.nz/it-specialists/advisories/emotet-malware-being-spread-via-email/},
language = {English},
urldate = {2020-09-15}
}
Emotet Malware being spread via email Emotet |
2020-08-31 ⋅ Inde ⋅ Chris Campbell @online{campbell:20200831:analysis:33c982e,
author = {Chris Campbell},
title = {{Analysis of the latest wave of Emotet malicious documents}},
date = {2020-08-31},
organization = {Inde},
url = {https://www.inde.nz/blog/analysis-of-the-latest-wave-of-emotet-malicious-documents},
language = {English},
urldate = {2022-04-29}
}
Analysis of the latest wave of Emotet malicious documents Emotet |
2020-08-28 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Research Team @online{f:20200828:comprehensive:df5ff9b,
author = {Axel F and Proofpoint Threat Research Team},
title = {{A Comprehensive Look at Emotet’s Summer 2020 Return}},
date = {2020-08-28},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-summer-2020-return},
language = {English},
urldate = {2020-08-30}
}
A Comprehensive Look at Emotet’s Summer 2020 Return Emotet MUMMY SPIDER |
2020-08-24 ⋅ Hornetsecurity ⋅ Security Lab @online{lab:20200824:emotet:252c8de,
author = {Security Lab},
title = {{Emotet Update increases Downloads}},
date = {2020-08-24},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/emotet-update-increases-downloads/},
language = {English},
urldate = {2020-08-30}
}
Emotet Update increases Downloads Emotet |
2020-08-14 ⋅ Binary Defense ⋅ James Quinn @online{quinn:20200814:emocrash:4f12855,
author = {James Quinn},
title = {{EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense}},
date = {2020-08-14},
organization = {Binary Defense},
url = {https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/},
language = {English},
urldate = {2020-08-19}
}
EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense Emotet |
2020-08-12 ⋅ DeepInstinct ⋅ Ron Ben Yizhak @online{yizhak:20200812:why:b99aef4,
author = {Ron Ben Yizhak},
title = {{Why Emotet’s Latest Wave is Harder to Catch than Ever Before}},
date = {2020-08-12},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2020/08/12/why-emotets-latest-wave-is-harder-to-catch-than-ever-before/},
language = {English},
urldate = {2020-10-15}
}
Why Emotet’s Latest Wave is Harder to Catch than Ever Before Emotet |
2020-08-09 ⋅ F5 Labs ⋅ Remi Cohen, Debbie Walkowski @online{cohen:20200809:banking:8718999,
author = {Remi Cohen and Debbie Walkowski},
title = {{Banking Trojans: A Reference Guide to the Malware Family Tree}},
date = {2020-08-09},
organization = {F5 Labs},
url = {https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree},
language = {English},
urldate = {2021-06-29}
}
Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
2020-08-05 ⋅ Github (mauronz) ⋅ Francesco Muroni @online{muroni:20200805:emotet:0fe027e,
author = {Francesco Muroni},
title = {{Emotet API+string deobfuscator (v0.1)}},
date = {2020-08-05},
organization = {Github (mauronz)},
url = {https://github.com/mauronz/binja-emotet},
language = {English},
urldate = {2020-08-18}
}
Emotet API+string deobfuscator (v0.1) Emotet |
2020-08 ⋅ TG Soft ⋅ TG Soft @online{soft:202008:tg:88b671c,
author = {TG Soft},
title = {{TG Soft Cyber - Threat Report}},
date = {2020-08},
organization = {TG Soft},
url = {https://www.tgsoft.it/files/report/download.asp?id=7481257469},
language = {Italian},
urldate = {2020-09-15}
}
TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
2020-07-31 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab @online{lab:20200731:webshells:4963ea5,
author = {Hornetsecurity Security Lab},
title = {{The webshells powering Emotet}},
date = {2020-07-31},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-informationen-en/webshells-powering-emotet/},
language = {English},
urldate = {2020-08-21}
}
The webshells powering Emotet Emotet |
2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20200730:spamhaus:038546d,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q2 2020}},
date = {2020-07-30},
institution = {Spamhaus},
url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf},
language = {English},
urldate = {2020-07-30}
}
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-29 ⋅ Sophos Labs ⋅ Andrew Brandt @online{brandt:20200729:emotets:cb1de9b,
author = {Andrew Brandt},
title = {{Emotet’s return is the canary in the coal mine}},
date = {2020-07-29},
organization = {Sophos Labs},
url = {https://news.sophos.com/en-us/2020/07/28/emotets-return-is-the-canary-in-the-coal-mine/?cmp=30728},
language = {English},
urldate = {2020-07-30}
}
Emotet’s return is the canary in the coal mine Emotet |
2020-07-28 ⋅ Bleeping Computer ⋅ Sergiu Gatlan @online{gatlan:20200728:emotet:37429c5,
author = {Sergiu Gatlan},
title = {{Emotet malware now steals your email attachments to attack contacts}},
date = {2020-07-28},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/},
language = {English},
urldate = {2020-07-30}
}
Emotet malware now steals your email attachments to attack contacts Emotet |
2020-07-20 ⋅ NTT ⋅ Security division of NTT Ltd. @online{ltd:20200720:shellbot:adab896,
author = {Security division of NTT Ltd.},
title = {{Shellbot victim overlap with Emotet network infrastructure}},
date = {2020-07-20},
organization = {NTT},
url = {https://hello.global.ntt/en-us/insights/blog/shellbot-victim-overlap-with-emotet-network-infrastructure},
language = {English},
urldate = {2020-07-30}
}
Shellbot victim overlap with Emotet network infrastructure Emotet |
2020-07-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200720:emotettrickbot:a8e84d2,
author = {Lawrence Abrams},
title = {{Emotet-TrickBot malware duo is back infecting Windows machines}},
date = {2020-07-20},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/},
language = {English},
urldate = {2020-07-21}
}
Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
2020-07-20 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab @online{lab:20200720:emotet:f918eaf,
author = {Hornetsecurity Security Lab},
title = {{Emotet is back}},
date = {2020-07-20},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/emotet-is-back/},
language = {English},
urldate = {2020-07-30}
}
Emotet is back Emotet |
2020-07-17 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200717:malware:5c58cdf,
author = {CERT-FR},
title = {{The Malware Dridex: Origins and Uses}},
date = {2020-07-17},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf},
language = {English},
urldate = {2020-07-20}
}
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-06-18 ⋅ NTT Security ⋅ Security division of NTT Ltd. @online{ltd:20200618:behind:a5e168d,
author = {Security division of NTT Ltd.},
title = {{Behind the scenes of the Emotet Infrastructure}},
date = {2020-06-18},
organization = {NTT Security},
url = {https://hello.global.ntt/en-us/insights/blog/behind-the-scenes-of-the-emotet-infrastructure},
language = {English},
urldate = {2020-06-20}
}
Behind the scenes of the Emotet Infrastructure Emotet |
2020-06-12 ⋅ ThreatConnect ⋅ ThreatConnect Research Team @online{team:20200612:probable:89a5bed,
author = {ThreatConnect Research Team},
title = {{Probable Sandworm Infrastructure}},
date = {2020-06-12},
organization = {ThreatConnect},
url = {https://threatconnect.com/blog/threatconnect-research-roundup-probable-sandworm-infrastructure},
language = {English},
urldate = {2020-06-16}
}
Probable Sandworm Infrastructure Avaddon Emotet Kimsuky |
2020-05-28 ⋅ VMWare Carbon Black ⋅ Tom Kellermann, Ryan Murphy @techreport{kellermann:20200528:modern:8155ea4,
author = {Tom Kellermann and Ryan Murphy},
title = {{Modern Bank Heists 3.0}},
date = {2020-05-28},
institution = {VMWare Carbon Black},
url = {https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmwcb-report-modern-bank-heists-2020.pdf},
language = {English},
urldate = {2022-04-25}
}
Modern Bank Heists 3.0 Emotet |
2020-05-24 ⋅ Palo Alto Networks Unit 42 ⋅ Ajaya Neupane, Stefan Achleitner @online{neupane:20200524:using:2f77c1c,
author = {Ajaya Neupane and Stefan Achleitner},
title = {{Using AI to Detect Malicious C2 Traffic}},
date = {2020-05-24},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/c2-traffic/},
language = {English},
urldate = {2021-06-09}
}
Using AI to Detect Malicious C2 Traffic Emotet Sality |
2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan @online{zarslan:20200521:t1055:4400f98,
author = {Süleyman Özarslan},
title = {{T1055 Process Injection}},
date = {2020-05-21},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection},
language = {English},
urldate = {2020-06-03}
}
T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-05-05 ⋅ Hornetsecurity ⋅ Security Lab @online{lab:20200505:awaiting:513382e,
author = {Security Lab},
title = {{Awaiting the Inevitable Return of Emotet}},
date = {2020-05-05},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/awaiting-the-inevitable-return-of-emotet/},
language = {English},
urldate = {2020-05-05}
}
Awaiting the Inevitable Return of Emotet Emotet |
2020-04-22 ⋅ Youtube (Infosec Alpha) ⋅ Raashid Bhat @online{bhat:20200422:flattenthecurve:0bdf5a3,
author = {Raashid Bhat},
title = {{FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2}},
date = {2020-04-22},
organization = {Youtube (Infosec Alpha)},
url = {https://www.youtube.com/watch?v=8PHCZdpNKrw},
language = {English},
urldate = {2020-04-23}
}
FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2 Emotet |
2020-04-14 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200414:understanding:ca95961,
author = {Intel 471},
title = {{Understanding the relationship between Emotet, Ryuk and TrickBot}},
date = {2020-04-14},
organization = {Intel 471},
url = {https://blog.intel471.com/2020/04/14/understanding-the-relationship-between-emotet-ryuk-and-trickbot/},
language = {English},
urldate = {2020-04-26}
}
Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
2020-04-14 ⋅ Max Kersten @online{kersten:20200414:emotet:ec18d45,
author = {Max Kersten},
title = {{Emotet JavaScript downloader}},
date = {2020-04-14},
url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-javascript-downloader/},
language = {English},
urldate = {2020-04-14}
}
Emotet JavaScript downloader Unidentified JS 003 (Emotet Downloader) |
2020-04-03 ⋅ Bleeping Computer ⋅ Sergiu Gatlan @online{gatlan:20200403:microsoft:c12a844,
author = {Sergiu Gatlan},
title = {{Microsoft: Emotet Took Down a Network by Overheating All Computers}},
date = {2020-04-03},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/},
language = {English},
urldate = {2020-04-08}
}
Microsoft: Emotet Took Down a Network by Overheating All Computers Emotet |
2020-03-31 ⋅ Youtube (Infosec Alpha) ⋅ Raashid Bhat @online{bhat:20200331:emotet:50264e0,
author = {Raashid Bhat},
title = {{Emotet Binary Deobfuscation | Coconut Paradise | Episode 1}},
date = {2020-03-31},
organization = {Youtube (Infosec Alpha)},
url = {https://www.youtube.com/watch?v=_mGMJFNJWSk},
language = {English},
urldate = {2020-04-23}
}
Emotet Binary Deobfuscation | Coconut Paradise | Episode 1 Emotet |
2020-03-30 ⋅ Symantec ⋅ Nguyen Hoang Giang, Mingwei Zhang @online{giang:20200330:emotet:6034d14,
author = {Nguyen Hoang Giang and Mingwei Zhang},
title = {{Emotet: Dangerous Malware Keeps on Evolving}},
date = {2020-03-30},
organization = {Symantec},
url = {https://medium.com/threat-intel/emotet-dangerous-malware-keeps-on-evolving-ac84aadbb8de},
language = {English},
urldate = {2020-04-01}
}
Emotet: Dangerous Malware Keeps on Evolving Emotet |
2020-03-30 ⋅ Intezer ⋅ Michael Kajiloti @online{kajiloti:20200330:fantastic:c01db60,
author = {Michael Kajiloti},
title = {{Fantastic payloads and where we find them}},
date = {2020-03-30},
organization = {Intezer},
url = {https://intezer.com/blog/intezer-analyze/fantastic-payloads-and-where-we-find-them},
language = {English},
urldate = {2020-04-07}
}
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
2020-03-12 ⋅ Digital Shadows ⋅ Alex Guirakhoo @online{guirakhoo:20200312:how:cf2276f,
author = {Alex Guirakhoo},
title = {{How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation}},
date = {2020-03-12},
organization = {Digital Shadows},
url = {https://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-taking-advantage-of-covid-19-scams-fraud-misinformation/},
language = {English},
urldate = {2020-03-19}
}
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation Emotet |
2020-03-11 ⋅ Twitter (@raashidbhatt) ⋅ Raashid Bhat @online{bhat:20200311:emotet:c178008,
author = {Raashid Bhat},
title = {{Tweet on Emotet Deobfuscation with Video}},
date = {2020-03-11},
organization = {Twitter (@raashidbhatt)},
url = {https://twitter.com/raashidbhatt/status/1237853549200936960},
language = {English},
urldate = {2020-03-13}
}
Tweet on Emotet Deobfuscation with Video Emotet |
2020-03-06 ⋅ Binary Defense ⋅ James Quinn @online{quinn:20200306:emotet:e93ab0b,
author = {James Quinn},
title = {{Emotet Wi-Fi Spreader Upgraded}},
date = {2020-03-06},
organization = {Binary Defense},
url = {https://www.binarydefense.com/emotet-wi-fi-spreader-upgraded/},
language = {English},
urldate = {2020-03-09}
}
Emotet Wi-Fi Spreader Upgraded Emotet |
2020-03-06 ⋅ Telekom ⋅ Thomas Barabosch @online{barabosch:20200306:dissecting:809bc54,
author = {Thomas Barabosch},
title = {{Dissecting Emotet - Part 2}},
date = {2020-03-06},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/cybersecurity-dissecting-emotet-part-two-596128},
language = {English},
urldate = {2020-03-09}
}
Dissecting Emotet - Part 2 Emotet |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
2020-03-02 ⋅ c't ⋅ Christian Wölbert @online{wlbert:20200302:was:1b9cc93,
author = {Christian Wölbert},
title = {{Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen}},
date = {2020-03-02},
organization = {c't},
url = {https://www.heise.de/ct/artikel/Was-Emotet-anrichtet-und-welche-Lehren-die-Opfer-daraus-ziehen-4665958.html},
language = {German},
urldate = {2020-03-02}
}
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
2020-02-29 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20200229:meet:b1d7dbd,
author = {Catalin Cimpanu},
title = {{Meet the white-hat group fighting Emotet, the world's most dangerous malware}},
date = {2020-02-29},
organization = {ZDNet},
url = {https://www.zdnet.com/article/meet-the-white-hat-group-fighting-emotet-the-worlds-most-dangerous-malware/},
language = {English},
urldate = {2020-03-02}
}
Meet the white-hat group fighting Emotet, the world's most dangerous malware Emotet |
2020-02-18 ⋅ CERT.PL ⋅ Michał Praszmo @online{praszmo:20200218:whats:2790998,
author = {Michał Praszmo},
title = {{What’s up Emotet?}},
date = {2020-02-18},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/whats-up-emotet/},
language = {English},
urldate = {2020-02-18}
}
What’s up Emotet? Emotet |
2020-02-13 ⋅ Talos ⋅ Nick Biasini, Edmund Brumaghin @online{biasini:20200213:threat:443d687,
author = {Nick Biasini and Edmund Brumaghin},
title = {{Threat actors attempt to capitalize on coronavirus outbreak}},
date = {2020-02-13},
organization = {Talos},
url = {https://blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html},
language = {English},
urldate = {2020-03-19}
}
Threat actors attempt to capitalize on coronavirus outbreak Emotet Nanocore RAT Parallax RAT |
2020-02-10 ⋅ Malwarebytes ⋅ Adam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz @techreport{kujawa:20200210:2020:3fdaf12,
author = {Adam Kujawa and Wendy Zamora and Jérôme Segura and Thomas Reed and Nathan Collier and Jovi Umawing and Chris Boyd and Pieter Arntz and David Ruiz},
title = {{2020 State of Malware Report}},
date = {2020-02-10},
institution = {Malwarebytes},
url = {https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf},
language = {English},
urldate = {2020-02-13}
}
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
2020-02-08 ⋅ PICUS Security ⋅ Süleyman Özarslan @online{zarslan:20200208:emotet:1fac6a4,
author = {Süleyman Özarslan},
title = {{Emotet Technical Analysis - Part 2 PowerShell Unveiled}},
date = {2020-02-08},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/emotet-technical-analysis-part-2-powershell-unveiled},
language = {English},
urldate = {2020-06-03}
}
Emotet Technical Analysis - Part 2 PowerShell Unveiled Emotet |
2020-02-07 ⋅ Binary Defense ⋅ James Quinn @online{quinn:20200207:emotet:07de43a,
author = {James Quinn},
title = {{Emotet Evolves With New Wi-Fi Spreader}},
date = {2020-02-07},
organization = {Binary Defense},
url = {https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/},
language = {English},
urldate = {2020-02-09}
}
Emotet Evolves With New Wi-Fi Spreader Emotet |
2020-02-03 ⋅ Telekom ⋅ Thomas Barabosch @online{barabosch:20200203:dissecting:c1a6bca,
author = {Thomas Barabosch},
title = {{Dissecting Emotet – Part 1}},
date = {2020-02-03},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/cybersecurity-dissecting-emotet-part-one-592612},
language = {English},
urldate = {2020-02-07}
}
Dissecting Emotet – Part 1 Emotet |
2020-01-30 ⋅ IBM X-Force Exchange ⋅ Ashkan Vila, Golo Mühr @online{vila:20200130:coronavirus:f0121b9,
author = {Ashkan Vila and Golo Mühr},
title = {{Coronavirus Goes Cyber With Emotet}},
date = {2020-01-30},
organization = {IBM X-Force Exchange},
url = {https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b},
language = {English},
urldate = {2020-02-03}
}
Coronavirus Goes Cyber With Emotet Emotet |
2020-01-30 ⋅ PICUS Security ⋅ Süleyman Özarslan @online{zarslan:20200130:emotet:1d5ef78,
author = {Süleyman Özarslan},
title = {{Emotet Technical Analysis - Part 1 Reveal the Evil Code}},
date = {2020-01-30},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/emotet-technical-analysis-part-1-reveal-the-evil-code},
language = {English},
urldate = {2020-06-03}
}
Emotet Technical Analysis - Part 1 Reveal the Evil Code Emotet |
2020-01-27 ⋅ T-Systems ⋅ T-Systems @techreport{tsystems:20200127:vorlufiger:39dc989,
author = {T-Systems},
title = {{Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht}},
date = {2020-01-27},
institution = {T-Systems},
url = {https://www.berlin.de/sen/justva/presse/pressemitteilungen/2020/pm-11-2020-t-systems-forensik_bericht_public_v1.pdf},
language = {German},
urldate = {2020-01-28}
}
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
2020-01-17 ⋅ Hiroaki Ogawa, Manabu Niseki @techreport{ogawa:20200117:100:035a7dd,
author = {Hiroaki Ogawa and Manabu Niseki},
title = {{100 more behind cockroaches?}},
date = {2020-01-17},
institution = {},
url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_4_ogawa-niseki_en.pdf},
language = {English},
urldate = {2020-01-17}
}
100 more behind cockroaches? MoqHao Emotet Predator The Thief |
2020-01-17 ⋅ JPCERT/CC ⋅ Takayoshi Shiigi @techreport{shiigi:20200117:looking:bf71db1,
author = {Takayoshi Shiigi},
title = {{Looking back on the incidents in 2019}},
date = {2020-01-17},
institution = {JPCERT/CC},
url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_0_JPCERT_en.pdf},
language = {English},
urldate = {2020-04-06}
}
Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
2020-01-14 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200114:united:a309baa,
author = {Lawrence Abrams},
title = {{United Nations Targeted With Emotet Malware Phishing Attack}},
date = {2020-01-14},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/united-nations-targeted-with-emotet-malware-phishing-attack/},
language = {English},
urldate = {2020-01-20}
}
United Nations Targeted With Emotet Malware Phishing Attack Emotet |
2020-01-13 ⋅ Gigamon ⋅ William Peteroy, Ed Miles @online{peteroy:20200113:emotet:60abae1,
author = {William Peteroy and Ed Miles},
title = {{Emotet: Not your Run-of-the-mill Malware}},
date = {2020-01-13},
organization = {Gigamon},
url = {https://atr-blog.gigamon.com/2020/01/13/emotet-not-your-run-of-the-mill-malware/},
language = {English},
urldate = {2020-01-17}
}
Emotet: Not your Run-of-the-mill Malware Emotet |
2020-01-10 ⋅ CSIS ⋅ CSIS @techreport{csis:20200110:threat:7454f36,
author = {CSIS},
title = {{Threat Matrix H1 2019}},
date = {2020-01-10},
institution = {CSIS},
url = {https://gallery.mailchimp.com/c35aef82661dad887b8162a4f/files/e24e8206-a157-4796-a8cb-2b7262cc76e8/CSIS_Threat_Matrix_H1_2019.pdf},
language = {English},
urldate = {2020-01-22}
}
Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
2020-01-07 ⋅ Hatching.io ⋅ Team @online{team:20200107:powershell:fb8264e,
author = {Team},
title = {{Powershell Static Analysis & Emotet results}},
date = {2020-01-07},
organization = {Hatching.io},
url = {https://hatching.io/blog/powershell-analysis},
language = {English},
urldate = {2020-01-12}
}
Powershell Static Analysis & Emotet results Emotet |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:9b89cea,
author = {SecureWorks},
title = {{GOLD CRESTWOOD}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-crestwood},
language = {English},
urldate = {2020-05-23}
}
GOLD CRESTWOOD Emotet MUMMY SPIDER |
2019-12-12 ⋅ FireEye ⋅ Chi-en Shen, Oleg Bondarenko @online{shen:20191212:cyber:e01baca,
author = {Chi-en Shen and Oleg Bondarenko},
title = {{Cyber Threat Landscape in Japan – Revealing Threat in the Shadow}},
date = {2019-12-12},
organization = {FireEye},
url = {https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko},
language = {English},
urldate = {2020-04-16}
}
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
2019-12-10 ⋅ JPCERT/CC ⋅ JPCERT/CC @online{jpcertcc:20191210:updated:86aee30,
author = {JPCERT/CC},
title = {{[Updated] Alert Regarding Emotet Malware Infection}},
date = {2019-12-10},
organization = {JPCERT/CC},
url = {https://www.jpcert.or.jp/english/at/2019/at190044.html},
language = {English},
urldate = {2020-01-09}
}
[Updated] Alert Regarding Emotet Malware Infection Emotet |
2019-12-07 ⋅ Secureworks ⋅ Kevin O’Reilly, Keith Jarvis @techreport{oreilly:20191207:endtoend:84340da,
author = {Kevin O’Reilly and Keith Jarvis},
title = {{End-to-end Botnet Monitoring... Botconf 2019}},
date = {2019-12-07},
institution = {Secureworks},
url = {https://www.botconf.eu/wp-content/uploads/2019/12/B2019-OReilly-Jarvis-End-to-end-Botnet-Monitoring.pdf},
language = {English},
urldate = {2021-11-08}
}
End-to-end Botnet Monitoring... Botconf 2019 Emotet ISFB QakBot |
2019-12-04 ⋅ JPCERT/CC ⋅ Ken Sajo @online{sajo:20191204:how:60225fe,
author = {Ken Sajo},
title = {{How to Respond to Emotet Infection (FAQ)}},
date = {2019-12-04},
organization = {JPCERT/CC},
url = {https://blogs.jpcert.or.jp/en/2019/12/emotetfaq.html},
language = {English},
urldate = {2020-01-13}
}
How to Respond to Emotet Infection (FAQ) Emotet |
2019-11-06 ⋅ Heise Security ⋅ Thomas Hungenberg @online{hungenberg:20191106:emotet:1605954,
author = {Thomas Hungenberg},
title = {{Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail}},
date = {2019-11-06},
organization = {Heise Security},
url = {https://www.heise.de/security/artikel/Emotet-Trickbot-Ryuk-ein-explosiver-Malware-Cocktail-4573848.html},
language = {German},
urldate = {2020-01-06}
}
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
2019-10-30 ⋅ Zscaler ⋅ Atinderpal Singh, Abhay Yadav @online{singh:20191030:emotet:61821fe,
author = {Atinderpal Singh and Abhay Yadav},
title = {{Emotet is back in action after a short break}},
date = {2019-10-30},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/research/emotet-back-action-after-short-break},
language = {English},
urldate = {2020-07-01}
}
Emotet is back in action after a short break Emotet |
2019-10-14 ⋅ Marco Ramilli @online{ramilli:20191014:is:de28de6,
author = {Marco Ramilli},
title = {{Is Emotet gang targeting companies with external SOC?}},
date = {2019-10-14},
url = {https://marcoramilli.com/2019/10/14/is-emotet-gang-targeting-companies-with-external-soc/},
language = {English},
urldate = {2019-12-20}
}
Is Emotet gang targeting companies with external SOC? Emotet |
2019-09-24 ⋅ Dissecting Malware ⋅ Marius Genheimer @online{genheimer:20190924:return:f85ef19,
author = {Marius Genheimer},
title = {{Return of the Mummy - Welcome back, Emotet}},
date = {2019-09-24},
organization = {Dissecting Malware},
url = {https://dissectingmalwa.re/return-of-the-mummy-welcome-back-emotet.html},
language = {English},
urldate = {2020-03-27}
}
Return of the Mummy - Welcome back, Emotet Emotet |
2019-09-16 ⋅ Malwarebytes ⋅ Threat Intelligence Team @online{team:20190916:emotet:9c6c8f3,
author = {Threat Intelligence Team},
title = {{Emotet is back: botnet springs back to life with new spam campaign}},
date = {2019-09-16},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/botnets/2019/09/emotet-is-back-botnet-springs-back-to-life-with-new-spam-campaign/},
language = {English},
urldate = {2019-12-20}
}
Emotet is back: botnet springs back to life with new spam campaign Emotet |
2019-08-13 ⋅ Adalogics ⋅ David Korczynski @online{korczynski:20190813:state:a4ad074,
author = {David Korczynski},
title = {{The state of advanced code injections}},
date = {2019-08-13},
organization = {Adalogics},
url = {https://adalogics.com/blog/the-state-of-advanced-code-injections},
language = {English},
urldate = {2020-01-13}
}
The state of advanced code injections Dridex Emotet Tinba |
2019-08-12 ⋅ Schweizerische Eidgenossenschaft ⋅ Schweizerische Eidgenossenschaft @online{eidgenossenschaft:20190812:trojaner:60574cc,
author = {Schweizerische Eidgenossenschaft},
title = {{Trojaner Emotet greift Unternehmensnetzwerke an}},
date = {2019-08-12},
organization = {Schweizerische Eidgenossenschaft},
url = {https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/Trojaner_Emotet_greift_Unternehmensnetzwerke_an.html},
language = {German},
urldate = {2020-01-08}
}
Trojaner Emotet greift Unternehmensnetzwerke an Emotet |
2019-06-06 ⋅ Fortinet ⋅ Kai Lu @online{lu:20190606:deep:0ac679a,
author = {Kai Lu},
title = {{A Deep Dive into the Emotet Malware}},
date = {2019-06-06},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html},
language = {English},
urldate = {2020-01-07}
}
A Deep Dive into the Emotet Malware Emotet |
2019-05-15 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Insight Team @online{f:20190515:threat:06b415a,
author = {Axel F and Proofpoint Threat Insight Team},
title = {{Threat Actor Profile: TA542, From Banker to Malware Distribution Service}},
date = {2019-05-15},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service},
language = {English},
urldate = {2019-12-20}
}
Threat Actor Profile: TA542, From Banker to Malware Distribution Service Emotet MUMMY SPIDER |
2019-05-09 ⋅ GovCERT.ch ⋅ GovCERT.ch @online{govcertch:20190509:severe:2767782,
author = {GovCERT.ch},
title = {{Severe Ransomware Attacks Against Swiss SMEs}},
date = {2019-05-09},
organization = {GovCERT.ch},
url = {https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes},
language = {English},
urldate = {2019-07-11}
}
Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
2019-04-29 ⋅ Blueliv ⋅ Blueliv Labs Team @online{team:20190429:where:8c3db39,
author = {Blueliv Labs Team},
title = {{Where is Emotet? Latest geolocation data}},
date = {2019-04-29},
organization = {Blueliv},
url = {https://www.blueliv.com/blog/research/where-is-emotet-latest-geolocation-data/},
language = {English},
urldate = {2020-01-08}
}
Where is Emotet? Latest geolocation data Emotet |
2019-04-25 ⋅ Trend Micro ⋅ Trendmicro @online{trendmicro:20190425:emotet:04884ca,
author = {Trendmicro},
title = {{Emotet Adds New Evasion Technique}},
date = {2019-04-25},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-adds-new-evasion-technique-and-uses-connected-devices-as-proxy-cc-servers/},
language = {English},
urldate = {2019-11-26}
}
Emotet Adds New Evasion Technique Emotet |
2019-04-22 ⋅ int 0xcc blog ⋅ Raashid Bhat @online{bhat:20190422:dissecting:ffba987,
author = {Raashid Bhat},
title = {{Dissecting Emotet’s network communication protocol}},
date = {2019-04-22},
organization = {int 0xcc blog},
url = {https://int0xcc.svbtle.com/dissecting-emotet-s-network-communication-protocol},
language = {English},
urldate = {2020-01-06}
}
Dissecting Emotet’s network communication protocol Emotet |
2019-04-12 ⋅ SpamTitan ⋅ titanadmin @online{titanadmin:20190412:emotet:12ca0e7,
author = {titanadmin},
title = {{Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates}},
date = {2019-04-12},
organization = {SpamTitan},
url = {https://www.spamtitan.com/blog/emotet-malware-revives-old-email-conversations-threads-to-increase-infection-rates/},
language = {English},
urldate = {2020-01-09}
}
Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates Emotet |
2019-04-07 ⋅ Sveatoslav Persianov @online{persianov:20190407:emotet:0aeaa67,
author = {Sveatoslav Persianov},
title = {{Emotet malware analysis. Part 2}},
date = {2019-04-07},
url = {https://persianov.net/emotet-malware-analysis-part-2},
language = {English},
urldate = {2020-01-05}
}
Emotet malware analysis. Part 2 Emotet |
2019-04 ⋅ Cafe Babe @online{babe:201904:analyzing:3a404ff,
author = {Cafe Babe},
title = {{Analyzing Emotet with Ghidra — Part 1}},
date = {2019-04},
url = {https://medium.com/@0xd0cf11e/analyzing-emotet-with-ghidra-part-1-4da71a5c8d69},
language = {English},
urldate = {2019-12-06}
}
Analyzing Emotet with Ghidra — Part 1 Emotet |
2019-03-27 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @online{labs:20190327:emotet:388559f,
author = {Spamhaus Malware Labs},
title = {{Emotet adds a further layer of camouflage}},
date = {2019-03-27},
organization = {Spamhaus},
url = {https://www.spamhaus.org/news/article/783/emotet-adds-a-further-layer-of-camouflage},
language = {English},
urldate = {2020-01-06}
}
Emotet adds a further layer of camouflage Emotet |
2019-03-17 ⋅ Persianov on Security ⋅ Sveatoslav Persianov @online{persianov:20190317:emotet:ee3ed0b,
author = {Sveatoslav Persianov},
title = {{Emotet malware analysis. Part 1}},
date = {2019-03-17},
organization = {Persianov on Security},
url = {https://persianov.net/emotet-malware-analysis-part-1},
language = {English},
urldate = {2019-12-17}
}
Emotet malware analysis. Part 1 Emotet |
2019-03-15 ⋅ Cofense ⋅ Threat Intelligence @online{intelligence:20190315:flash:c7544fd,
author = {Threat Intelligence},
title = {{Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication}},
date = {2019-03-15},
organization = {Cofense},
url = {https://cofense.com/flash-bulletin-emotet-epoch-1-changes-c2-communication/},
language = {English},
urldate = {2019-10-23}
}
Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication Emotet |
2019-03-08 ⋅ The Daily Swig ⋅ James Walker @online{walker:20190308:emotet:f1a68de,
author = {James Walker},
title = {{Emotet trojan implicated in Wolverine Solutions ransomware attack}},
date = {2019-03-08},
organization = {The Daily Swig},
url = {https://portswigger.net/daily-swig/emotet-trojan-implicated-in-wolverine-solutions-ransomware-attack},
language = {English},
urldate = {2019-07-10}
}
Emotet trojan implicated in Wolverine Solutions ransomware attack Emotet |
2019-02-16 ⋅ Max Kersten's Blog ⋅ Max Kersten @online{kersten:20190216:emotet:7cb0628,
author = {Max Kersten},
title = {{Emotet droppers}},
date = {2019-02-16},
organization = {Max Kersten's Blog},
url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/},
language = {English},
urldate = {2020-01-09}
}
Emotet droppers Emotet |
2019-01-17 ⋅ SANS ISC InfoSec Forums ⋅ Brad Duncan @online{duncan:20190117:emotet:0754347,
author = {Brad Duncan},
title = {{Emotet infections and follow-up malware}},
date = {2019-01-17},
organization = {SANS ISC InfoSec Forums},
url = {https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/},
language = {English},
urldate = {2020-01-13}
}
Emotet infections and follow-up malware Emotet |
2019-01-10 ⋅ CrowdStrike ⋅ Alexander Hanel @online{hanel:20190110:big:7e10bdf,
author = {Alexander Hanel},
title = {{Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware}},
date = {2019-01-10},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/},
language = {English},
urldate = {2019-12-20}
}
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER |
2019-01-05 ⋅ Github (d00rt) ⋅ d00rt @online{d00rt:20190105:emotet:8dee25a,
author = {d00rt},
title = {{Emotet Research}},
date = {2019-01-05},
organization = {Github (d00rt)},
url = {https://github.com/d00rt/emotet_research},
language = {English},
urldate = {2020-01-10}
}
Emotet Research Emotet |
2019 ⋅ D00RT_RM @online{d00rtrm:2019:emutet:8913da8,
author = {D00RT_RM},
title = {{Emutet}},
date = {2019},
url = {https://d00rt.github.io/emotet_network_protocol/},
language = {English},
urldate = {2020-01-07}
}
Emutet Emotet |
2018-12-18 ⋅ Trend Micro ⋅ Trendmicro @online{trendmicro:20181218:ursnif:cc5ce31,
author = {Trendmicro},
title = {{URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader}},
date = {2018-12-18},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/},
language = {English},
urldate = {2020-01-07}
}
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
2018-11-16 ⋅ Trend Micro ⋅ Trend Micro @online{micro:20181116:exploring:be1e153,
author = {Trend Micro},
title = {{Exploring Emotet: Examining Emotet’s Activities, Infrastructure}},
date = {2018-11-16},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/exploring-emotet-examining-emotets-activities-infrastructure/},
language = {English},
urldate = {2020-01-12}
}
Exploring Emotet: Examining Emotet’s Activities, Infrastructure Emotet |
2018-11-09 ⋅ ESET Research ⋅ ESET Research @online{research:20181109:emotet:b12ec91,
author = {ESET Research},
title = {{Emotet launches major new spam campaign}},
date = {2018-11-09},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/},
language = {English},
urldate = {2019-11-14}
}
Emotet launches major new spam campaign Emotet |
2018-10-31 ⋅ Kryptos Logic ⋅ Kryptos Logic @online{logic:20181031:emotet:ab7226f,
author = {Kryptos Logic},
title = {{Emotet Awakens With New Campaign of Mass Email Exfiltration}},
date = {2018-10-31},
organization = {Kryptos Logic},
url = {https://blog.kryptoslogic.com/malware/2018/10/31/emotet-email-theft.html},
language = {English},
urldate = {2020-01-08}
}
Emotet Awakens With New Campaign of Mass Email Exfiltration Emotet |
2018-09-12 ⋅ Cryptolaemus Pastedump ⋅ Cryptolaemus @online{cryptolaemus:20180912:emotet:013e01b,
author = {Cryptolaemus},
title = {{Emotet IOC}},
date = {2018-09-12},
organization = {Cryptolaemus Pastedump},
url = {https://paste.cryptolaemus.com},
language = {English},
urldate = {2020-01-13}
}
Emotet IOC Emotet |
2018-08-01 ⋅ Kryptos Logic ⋅ Kryptos Logic @online{logic:20180801:inside:e5a8e2c,
author = {Kryptos Logic},
title = {{Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads}},
date = {2018-08-01},
organization = {Kryptos Logic},
url = {https://blog.kryptoslogic.com/malware/2018/08/01/emotet.html},
language = {English},
urldate = {2020-01-09}
}
Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads Emotet |
2018-07-26 ⋅ Intezer ⋅ Itai Tevet @online{tevet:20180726:mitigating:30dc2fb,
author = {Itai Tevet},
title = {{Mitigating Emotet, The Most Common Banking Trojan}},
date = {2018-07-26},
organization = {Intezer},
url = {https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/},
language = {English},
urldate = {2019-12-31}
}
Mitigating Emotet, The Most Common Banking Trojan Emotet |
2018-07-24 ⋅ Check Point ⋅ Ofer Caspi, Ben Herzog @online{caspi:20180724:emotet:a26725d,
author = {Ofer Caspi and Ben Herzog},
title = {{Emotet: The Tricky Trojan that ‘Git Clones’}},
date = {2018-07-24},
organization = {Check Point},
url = {https://research.checkpoint.com/emotet-tricky-trojan-git-clones/},
language = {English},
urldate = {2020-01-13}
}
Emotet: The Tricky Trojan that ‘Git Clones’ Emotet |
2018-07-23 ⋅ MalFind ⋅ Lasq @online{lasq:20180723:deobfuscating:dd200d6,
author = {Lasq},
title = {{Deobfuscating Emotet’s powershell payload}},
date = {2018-07-23},
organization = {MalFind},
url = {https://malfind.com/index.php/2018/07/23/deobfuscating-emotets-powershell-payload/},
language = {English},
urldate = {2020-01-09}
}
Deobfuscating Emotet’s powershell payload Emotet |
2018-07-20 ⋅ NCCIC ⋅ National Cybersecurity, Communications Integration Center @online{cybersecurity:20180720:alert:89ca0c7,
author = {National Cybersecurity and Communications Integration Center},
title = {{Alert (TA18-201A) Emotet Malware}},
date = {2018-07-20},
organization = {NCCIC},
url = {https://www.us-cert.gov/ncas/alerts/TA18-201A},
language = {English},
urldate = {2019-10-27}
}
Alert (TA18-201A) Emotet Malware Emotet |
2018-07-18 ⋅ Symantec ⋅ Security Response Attack Investigation Team @online{team:20180718:evolution:25e5d39,
author = {Security Response Attack Investigation Team},
title = {{The Evolution of Emotet: From Banking Trojan to Threat Distributor}},
date = {2018-07-18},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor},
language = {English},
urldate = {2019-11-27}
}
The Evolution of Emotet: From Banking Trojan to Threat Distributor Emotet |
2018-02-08 ⋅ CrowdStrike ⋅ Adam Meyers @online{meyers:20180208:meet:39f25b3,
author = {Adam Meyers},
title = {{Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER}},
date = {2018-02-08},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-february-mummy-spider/},
language = {English},
urldate = {2019-12-20}
}
Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER Emotet MUMMY SPIDER |
2018-01-12 ⋅ Proofpoint ⋅ Proofpoint Staff @online{staff:20180112:holiday:b4225b8,
author = {Proofpoint Staff},
title = {{Holiday lull? Not so much}},
date = {2018-01-12},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/holiday-lull-not-so-much},
language = {English},
urldate = {2021-05-31}
}
Holiday lull? Not so much Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER |
2018 ⋅ Quick Heal ⋅ Quick Heal @techreport{heal:2018:complete:96388ed,
author = {Quick Heal},
title = {{The Complete story of EMOTET Most prominent Malware of 2018}},
date = {2018},
institution = {Quick Heal},
url = {https://quickheal.co.in/documents/technical-paper/Whitepaper_HowToPM.pdf},
language = {English},
urldate = {2020-01-13}
}
The Complete story of EMOTET Most prominent Malware of 2018 Emotet |
2017-11-15 ⋅ Trend Micro ⋅ Rubio Wu @online{wu:20171115:new:dde35b0,
author = {Rubio Wu},
title = {{New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis}},
date = {2017-11-15},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/},
language = {English},
urldate = {2019-10-14}
}
New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis Emotet |
2017-11-06 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team @online{team:20171106:mitigating:f52d1d9,
author = {Microsoft Defender ATP Research Team},
title = {{Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks}},
date = {2017-11-06},
organization = {Microsoft},
url = {https://cloudblogs.microsoft.com/microsoftsecure/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/?source=mmpc},
language = {English},
urldate = {2019-12-18}
}
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet |
2017-11-06 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team @online{team:20171106:mitigating:b623a70,
author = {Microsoft Defender ATP Research Team},
title = {{Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks}},
date = {2017-11-06},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/},
language = {English},
urldate = {2020-10-23}
}
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet QakBot |
2017-10-12 ⋅ G Data ⋅ G Data @online{data:20171012:emotet:c99dec0,
author = {G Data},
title = {{Emotet beutet Outlook aus}},
date = {2017-10-12},
organization = {G Data},
url = {https://www.gdata.de/blog/2017/10/30110-emotet-beutet-outlook-aus},
language = {English},
urldate = {2019-12-05}
}
Emotet beutet Outlook aus Emotet |
2017-10-06 ⋅ CERT.PL ⋅ Maciej Kotowicz, Jarosław Jedynak @techreport{kotowicz:20171006:peering:668c82e,
author = {Maciej Kotowicz and Jarosław Jedynak},
title = {{Peering into spam botnets}},
date = {2017-10-06},
institution = {CERT.PL},
url = {https://lokalhost.pl/txt/peering.into.spam.botnets.VirusBulletin2017.pdf},
language = {English},
urldate = {2020-04-06}
}
Peering into spam botnets Emotet Kelihos Necurs SendSafe Tofsee |
2017-09-07 ⋅ Trend Micro ⋅ Don Ladores @online{ladores:20170907:emotet:bf3075c,
author = {Don Ladores},
title = {{EMOTET Returns, Starts Spreading via Spam Botnet}},
date = {2017-09-07},
organization = {Trend Micro},
url = {http://blog.trendmicro.com/trendlabs-security-intelligence/emotet-returns-starts-spreading-via-spam-botnet/},
language = {English},
urldate = {2019-11-28}
}
EMOTET Returns, Starts Spreading via Spam Botnet Emotet |
2017-07-17 ⋅ Malwarebytes ⋅ Threat Intelligence Team @online{team:20170717:its:4b94b0b,
author = {Threat Intelligence Team},
title = {{It’s baaaack: Public cyber enemy Emotet has returned}},
date = {2017-07-17},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/},
language = {English},
urldate = {2020-07-17}
}
It’s baaaack: Public cyber enemy Emotet has returned Emotet |
2017-05-31 ⋅ ropgadget.com ⋅ Jeff White @online{white:20170531:writing:1ad3f1b,
author = {Jeff White},
title = {{Writing PCRE's for applied passive network defense [Emotet]}},
date = {2017-05-31},
organization = {ropgadget.com},
url = {http://ropgadget.com/posts/defensive_pcres.html},
language = {English},
urldate = {2020-03-06}
}
Writing PCRE's for applied passive network defense [Emotet] Emotet |
2017-05-24 ⋅ CERT.PL ⋅ Paweł Srokosz @online{srokosz:20170524:analysis:1d591e7,
author = {Paweł Srokosz},
title = {{Analysis of Emotet v4}},
date = {2017-05-24},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/analysis-of-emotet-v4/},
language = {English},
urldate = {2020-01-09}
}
Analysis of Emotet v4 Emotet |
2017-05-03 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20170503:deep:4b1f7c7,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of New Emotet Variant - Part 1}},
date = {2017-05-03},
organization = {Fortinet},
url = {http://blog.fortinet.com/2017/05/03/deep-analysis-of-new-emotet-variant-part-1},
language = {English},
urldate = {2019-07-08}
}
Deep Analysis of New Emotet Variant - Part 1 Emotet |
2015-04-09 ⋅ Kaspersky Labs ⋅ Alexey Shulmin @online{shulmin:20150409:banking:165b265,
author = {Alexey Shulmin},
title = {{The Banking Trojan Emotet: Detailed Analysis}},
date = {2015-04-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/analysis/publications/69560/the-banking-trojan-emotet-detailed-analysis/},
language = {English},
urldate = {2019-12-20}
}
The Banking Trojan Emotet: Detailed Analysis Emotet |
2013-01-18 ⋅ abuse.ch ⋅ abuse.ch @online{abusech:20130118:feodo:5354db0,
author = {abuse.ch},
title = {{Feodo Tracker}},
date = {2013-01-18},
organization = {abuse.ch},
url = {https://feodotracker.abuse.ch/?filter=version_e},
language = {English},
urldate = {2020-01-13}
}
Feodo Tracker Emotet |