MUMMY SPIDER  (Back to overview)

aka: TA542, Mummy Spider

MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malware shared code with the Bugat (aka Feodo) banking Trojan. However, MUMMY SPIDER swiftly developed the malware’s capabilities to include an RSA key exchange for command and control (C2) communication and a modular architecture. MUMMY SPIDER does not follow typical criminal behavioral patterns. In particular, MUMMY SPIDER usually conducts attacks for a few months before ceasing operations for a period of between three and 12 months, before returning with a new variant or version. After a 10 month hiatus, MUMMY SPIDER returned Emotet to operation in December 2016 but the latest variant is not deploying a banking Trojan module with web injects, it is currently acting as a ‘loader’ delivering other malware packages. The primary modules perform reconnaissance on victim machines, drop freeware tools for credential collection from web browsers and mail clients and a spam plugin for self-propagation. The malware is also issuing commands to download and execute other malware families such as the banking Trojans Dridex and Qakbot. MUMMY SPIDER advertised Emotet on underground forums until 2015, at which time it became private. Therefore, it is highly likely that Emotet is operate


Associated Families
win.emotet

References
2020-01-17 ⋅ Hiroaki Ogawa, Manabu Niseki
@techreport{ogawa:20200117:100:035a7dd, author = {Hiroaki Ogawa and Manabu Niseki}, title = {{100 more behind cockroaches?}}, date = {2020-01-17}, institution = {}, url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_4_ogawa-niseki_en.pdf}, language = {English}, urldate = {2020-01-17} } 100 more behind cockroaches?
MoqHao Emotet Predator The Thief
2020-01-14 ⋅ Bleeping ComputerLawrence Abrams
@online{abrams:20200114:united:a309baa, author = {Lawrence Abrams}, title = {{United Nations Targeted With Emotet Malware Phishing Attack}}, date = {2020-01-14}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/united-nations-targeted-with-emotet-malware-phishing-attack/}, language = {English}, urldate = {2020-01-20} } United Nations Targeted With Emotet Malware Phishing Attack
Emotet
2020-01-13 ⋅ GigamonWilliam Peteroy, Ed Miles
@online{peteroy:20200113:emotet:60abae1, author = {William Peteroy and Ed Miles}, title = {{Emotet: Not your Run-of-the-mill Malware}}, date = {2020-01-13}, organization = {Gigamon}, url = {https://atr-blog.gigamon.com/2020/01/13/emotet-not-your-run-of-the-mill-malware/}, language = {English}, urldate = {2020-01-17} } Emotet: Not your Run-of-the-mill Malware
Emotet
2020-01-10 ⋅ CSISCSIS
@techreport{csis:20200110:threat:7454f36, author = {CSIS}, title = {{Threat Matrix H1 2019}}, date = {2020-01-10}, institution = {CSIS}, url = {https://gallery.mailchimp.com/c35aef82661dad887b8162a4f/files/e24e8206-a157-4796-a8cb-2b7262cc76e8/CSIS_Threat_Matrix_H1_2019.pdf}, language = {English}, urldate = {2020-01-22} } Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
2020-01-07 ⋅ Hatching.ioTeam
@online{team:20200107:powershell:fb8264e, author = {Team}, title = {{Powershell Static Analysis & Emotet results}}, date = {2020-01-07}, organization = {Hatching.io}, url = {https://hatching.io/blog/powershell-analysis}, language = {English}, urldate = {2020-01-12} } Powershell Static Analysis & Emotet results
Emotet
2019-12-10 ⋅ JPCERT/CCJPCERT/CC
@online{jpcertcc:20191210:updated:86aee30, author = {JPCERT/CC}, title = {{[Updated] Alert Regarding Emotet Malware Infection}}, date = {2019-12-10}, organization = {JPCERT/CC}, url = {https://www.jpcert.or.jp/english/at/2019/at190044.html}, language = {English}, urldate = {2020-01-09} } [Updated] Alert Regarding Emotet Malware Infection
Emotet
2019-12-04 ⋅ JPCERT/CCKen Sajo
@online{sajo:20191204:how:60225fe, author = {Ken Sajo}, title = {{How to Respond to Emotet Infection (FAQ)}}, date = {2019-12-04}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2019/12/emotetfaq.html}, language = {English}, urldate = {2020-01-13} } How to Respond to Emotet Infection (FAQ)
Emotet
2019-11-06 ⋅ Heise SecurityThomas Hungenberg
@online{hungenberg:20191106:emotet:1605954, author = {Thomas Hungenberg}, title = {{Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail}}, date = {2019-11-06}, organization = {Heise Security}, url = {https://www.heise.de/security/artikel/Emotet-Trickbot-Ryuk-ein-explosiver-Malware-Cocktail-4573848.html}, language = {German}, urldate = {2020-01-06} } Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot
2019-10-14 ⋅ Marco Ramilli
@online{ramilli:20191014:is:de28de6, author = {Marco Ramilli}, title = {{Is Emotet gang targeting companies with external SOC?}}, date = {2019-10-14}, url = {https://marcoramilli.com/2019/10/14/is-emotet-gang-targeting-companies-with-external-soc/}, language = {English}, urldate = {2019-12-20} } Is Emotet gang targeting companies with external SOC?
Emotet
2019-09-16 ⋅ MalwarebytesThreat Intelligence Team
@online{team:20190916:emotet:9c6c8f3, author = {Threat Intelligence Team}, title = {{Emotet is back: botnet springs back to life with new spam campaign}}, date = {2019-09-16}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/botnets/2019/09/emotet-is-back-botnet-springs-back-to-life-with-new-spam-campaign/}, language = {English}, urldate = {2019-12-20} } Emotet is back: botnet springs back to life with new spam campaign
Emotet
2019-08-13 ⋅ AdalogicsDavid Korczynski
@online{korczynski:20190813:state:a4ad074, author = {David Korczynski}, title = {{The state of advanced code injections}}, date = {2019-08-13}, organization = {Adalogics}, url = {https://adalogics.com/blog/the-state-of-advanced-code-injections}, language = {English}, urldate = {2020-01-13} } The state of advanced code injections
Dridex Emotet Tinba
2019-08-12 ⋅ Schweizerische EidgenossenschaftSchweizerische Eidgenossenschaft
@online{eidgenossenschaft:20190812:trojaner:60574cc, author = {Schweizerische Eidgenossenschaft}, title = {{Trojaner Emotet greift Unternehmensnetzwerke an}}, date = {2019-08-12}, organization = {Schweizerische Eidgenossenschaft}, url = {https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/Trojaner_Emotet_greift_Unternehmensnetzwerke_an.html}, language = {German}, urldate = {2020-01-08} } Trojaner Emotet greift Unternehmensnetzwerke an
Emotet
2019-06-06 ⋅ FortinetKai Lu
@online{lu:20190606:deep:0ac679a, author = {Kai Lu}, title = {{A Deep Dive into the Emotet Malware}}, date = {2019-06-06}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html}, language = {English}, urldate = {2020-01-07} } A Deep Dive into the Emotet Malware
Emotet
2019-05-15 ⋅ ProofpointAxel F, Proofpoint Threat Insight Team
@online{f:20190515:threat:06b415a, author = {Axel F and Proofpoint Threat Insight Team}, title = {{Threat Actor Profile: TA542, From Banker to Malware Distribution Service}}, date = {2019-05-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service}, language = {English}, urldate = {2019-12-20} } Threat Actor Profile: TA542, From Banker to Malware Distribution Service
Emotet MUMMY SPIDER
2019-05-09 ⋅ GovCERT.chGovCERT.ch
@online{govcertch:20190509:severe:2767782, author = {GovCERT.ch}, title = {{Severe Ransomware Attacks Against Swiss SMEs}}, date = {2019-05-09}, organization = {GovCERT.ch}, url = {https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes}, language = {English}, urldate = {2019-07-11} } Severe Ransomware Attacks Against Swiss SMEs
Emotet LockerGoga Ryuk TrickBot
2019-04-29 ⋅ BluelivBlueliv Labs Team
@online{team:20190429:where:8c3db39, author = {Blueliv Labs Team}, title = {{Where is Emotet? Latest geolocation data}}, date = {2019-04-29}, organization = {Blueliv}, url = {https://www.blueliv.com/blog/research/where-is-emotet-latest-geolocation-data/}, language = {English}, urldate = {2020-01-08} } Where is Emotet? Latest geolocation data
Emotet
2019-04-25 ⋅ Trend MicroTrendmicro
@online{trendmicro:20190425:emotet:04884ca, author = {Trendmicro}, title = {{Emotet Adds New Evasion Technique}}, date = {2019-04-25}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-adds-new-evasion-technique-and-uses-connected-devices-as-proxy-cc-servers/}, language = {English}, urldate = {2019-11-26} } Emotet Adds New Evasion Technique
Emotet
2019-04-22 ⋅ int 0xcc blogRaashid Bhat
@online{bhat:20190422:dissecting:ffba987, author = {Raashid Bhat}, title = {{Dissecting Emotet’s network communication protocol}}, date = {2019-04-22}, organization = {int 0xcc blog}, url = {https://int0xcc.svbtle.com/dissecting-emotet-s-network-communication-protocol}, language = {English}, urldate = {2020-01-06} } Dissecting Emotet’s network communication protocol
Emotet
2019-04-12 ⋅ SpamTitantitanadmin
@online{titanadmin:20190412:emotet:12ca0e7, author = {titanadmin}, title = {{Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates}}, date = {2019-04-12}, organization = {SpamTitan}, url = {https://www.spamtitan.com/blog/emotet-malware-revives-old-email-conversations-threads-to-increase-infection-rates/}, language = {English}, urldate = {2020-01-09} } Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
Emotet
2019-04-07 ⋅ Sveatoslav Persianov
@online{persianov:20190407:emotet:0aeaa67, author = {Sveatoslav Persianov}, title = {{Emotet malware analysis. Part 2}}, date = {2019-04-07}, url = {https://persianov.net/emotet-malware-analysis-part-2}, language = {English}, urldate = {2020-01-05} } Emotet malware analysis. Part 2
Emotet
2019-04 ⋅ Cafe Babe
@online{babe:201904:analyzing:3a404ff, author = {Cafe Babe}, title = {{Analyzing Emotet with Ghidra — Part 1}}, date = {2019-04}, url = {https://medium.com/@0xd0cf11e/analyzing-emotet-with-ghidra-part-1-4da71a5c8d69}, language = {English}, urldate = {2019-12-06} } Analyzing Emotet with Ghidra — Part 1
Emotet
2019-03-27 ⋅ SpamhausSpamhaus Malware Labs
@online{labs:20190327:emotet:388559f, author = {Spamhaus Malware Labs}, title = {{Emotet adds a further layer of camouflage}}, date = {2019-03-27}, organization = {Spamhaus}, url = {https://www.spamhaus.org/news/article/783/emotet-adds-a-further-layer-of-camouflage}, language = {English}, urldate = {2020-01-06} } Emotet adds a further layer of camouflage
Emotet
2019-03-17 ⋅ Persianov on SecuritySveatoslav Persianov
@online{persianov:20190317:emotet:ee3ed0b, author = {Sveatoslav Persianov}, title = {{Emotet malware analysis. Part 1}}, date = {2019-03-17}, organization = {Persianov on Security}, url = {https://persianov.net/emotet-malware-analysis-part-1}, language = {English}, urldate = {2019-12-17} } Emotet malware analysis. Part 1
Emotet
2019-03-15 ⋅ CofenseThreat Intelligence
@online{intelligence:20190315:flash:c7544fd, author = {Threat Intelligence}, title = {{Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication}}, date = {2019-03-15}, organization = {Cofense}, url = {https://cofense.com/flash-bulletin-emotet-epoch-1-changes-c2-communication/}, language = {English}, urldate = {2019-10-23} } Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication
Emotet
2019-03-08 ⋅ The Daily SwigJames Walker
@online{walker:20190308:emotet:f1a68de, author = {James Walker}, title = {{Emotet trojan implicated in Wolverine Solutions ransomware attack}}, date = {2019-03-08}, organization = {The Daily Swig}, url = {https://portswigger.net/daily-swig/emotet-trojan-implicated-in-wolverine-solutions-ransomware-attack}, language = {English}, urldate = {2019-07-10} } Emotet trojan implicated in Wolverine Solutions ransomware attack
Emotet
2019-02-16 ⋅ Max Kersten's BlogMax Kersten
@online{kersten:20190216:emotet:7cb0628, author = {Max Kersten}, title = {{Emotet droppers}}, date = {2019-02-16}, organization = {Max Kersten's Blog}, url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/}, language = {English}, urldate = {2020-01-09} } Emotet droppers
Emotet
2019-01-17 ⋅ SANS ISC InfoSec ForumsBrad Duncan
@online{duncan:20190117:emotet:0754347, author = {Brad Duncan}, title = {{Emotet infections and follow-up malware}}, date = {2019-01-17}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/}, language = {English}, urldate = {2020-01-13} } Emotet infections and follow-up malware
Emotet
2019-01-10 ⋅ CrowdStrikeAlexander Hanel
@online{hanel:20190110:big:7e10bdf, author = {Alexander Hanel}, title = {{Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware}}, date = {2019-01-10}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/}, language = {English}, urldate = {2019-12-20} } Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER
2019-01-05 ⋅ Github (d00rt)d00rt
@online{d00rt:20190105:emotet:8dee25a, author = {d00rt}, title = {{Emotet Research}}, date = {2019-01-05}, organization = {Github (d00rt)}, url = {https://github.com/d00rt/emotet_research}, language = {English}, urldate = {2020-01-10} } Emotet Research
Emotet
2019 ⋅ D00RT_RM
@online{d00rtrm:2019:emutet:8913da8, author = {D00RT_RM}, title = {{Emutet}}, date = {2019}, url = {https://d00rt.github.io/emotet_network_protocol/}, language = {English}, urldate = {2020-01-07} } Emutet
Emotet
2018-12-18 ⋅ Trend MicroTrendmicro
@online{trendmicro:20181218:ursnif:cc5ce31, author = {Trendmicro}, title = {{URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader}}, date = {2018-12-18}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/}, language = {English}, urldate = {2020-01-07} } URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
Dridex Emotet FriedEx ISFB
2018-11-16 ⋅ Trend MicroTrend Micro
@online{micro:20181116:exploring:be1e153, author = {Trend Micro}, title = {{Exploring Emotet: Examining Emotet’s Activities, Infrastructure}}, date = {2018-11-16}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/exploring-emotet-examining-emotets-activities-infrastructure/}, language = {English}, urldate = {2020-01-12} } Exploring Emotet: Examining Emotet’s Activities, Infrastructure
Emotet
2018-11-09 ⋅ ESET ResearchESET Research
@online{research:20181109:emotet:b12ec91, author = {ESET Research}, title = {{Emotet launches major new spam campaign}}, date = {2018-11-09}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/}, language = {English}, urldate = {2019-11-14} } Emotet launches major new spam campaign
Emotet
2018-10-31 ⋅ Kryptos LogicKryptos Logic
@online{logic:20181031:emotet:ab7226f, author = {Kryptos Logic}, title = {{Emotet Awakens With New Campaign of Mass Email Exfiltration}}, date = {2018-10-31}, organization = {Kryptos Logic}, url = {https://blog.kryptoslogic.com/malware/2018/10/31/emotet-email-theft.html}, language = {English}, urldate = {2020-01-08} } Emotet Awakens With New Campaign of Mass Email Exfiltration
Emotet
2018-09-12 ⋅ Cryptolaemus PastedumpCryptolaemus
@online{cryptolaemus:20180912:emotet:013e01b, author = {Cryptolaemus}, title = {{Emotet IOC}}, date = {2018-09-12}, organization = {Cryptolaemus Pastedump}, url = {https://paste.cryptolaemus.com}, language = {English}, urldate = {2020-01-13} } Emotet IOC
Emotet
2018-08-01 ⋅ Kryptos LogicKryptos Logic
@online{logic:20180801:inside:e5a8e2c, author = {Kryptos Logic}, title = {{Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads}}, date = {2018-08-01}, organization = {Kryptos Logic}, url = {https://blog.kryptoslogic.com/malware/2018/08/01/emotet.html}, language = {English}, urldate = {2020-01-09} } Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
Emotet
2018-07-26 ⋅ IntezerItai Tevet
@online{tevet:20180726:mitigating:30dc2fb, author = {Itai Tevet}, title = {{Mitigating Emotet, The Most Common Banking Trojan}}, date = {2018-07-26}, organization = {Intezer}, url = {https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/}, language = {English}, urldate = {2019-12-31} } Mitigating Emotet, The Most Common Banking Trojan
Emotet
2018-07-24 ⋅ Check PointOfer Caspi, Ben Herzog
@online{caspi:20180724:emotet:a26725d, author = {Ofer Caspi and Ben Herzog}, title = {{Emotet: The Tricky Trojan that ‘Git Clones’}}, date = {2018-07-24}, organization = {Check Point}, url = {https://research.checkpoint.com/emotet-tricky-trojan-git-clones/}, language = {English}, urldate = {2020-01-13} } Emotet: The Tricky Trojan that ‘Git Clones’
Emotet
2018-07-23 ⋅ MalFindLasq
@online{lasq:20180723:deobfuscating:dd200d6, author = {Lasq}, title = {{Deobfuscating Emotet’s powershell payload}}, date = {2018-07-23}, organization = {MalFind}, url = {https://malfind.com/index.php/2018/07/23/deobfuscating-emotets-powershell-payload/}, language = {English}, urldate = {2020-01-09} } Deobfuscating Emotet’s powershell payload
Emotet
2018-07-20 ⋅ NCCICNational Cybersecurity, Communications Integration Center
@online{cybersecurity:20180720:alert:89ca0c7, author = {National Cybersecurity and Communications Integration Center}, title = {{Alert (TA18-201A) Emotet Malware}}, date = {2018-07-20}, organization = {NCCIC}, url = {https://www.us-cert.gov/ncas/alerts/TA18-201A}, language = {English}, urldate = {2019-10-27} } Alert (TA18-201A) Emotet Malware
Emotet
2018-07-18 ⋅ SymantecSecurity Response Attack Investigation Team
@online{team:20180718:evolution:25e5d39, author = {Security Response Attack Investigation Team}, title = {{The Evolution of Emotet: From Banking Trojan to Threat Distributor}}, date = {2018-07-18}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor}, language = {English}, urldate = {2019-11-27} } The Evolution of Emotet: From Banking Trojan to Threat Distributor
Emotet
2018-02-08 ⋅ CrowdStrikeAdam Meyers
@online{meyers:20180208:meet:39f25b3, author = {Adam Meyers}, title = {{Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER}}, date = {2018-02-08}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-february-mummy-spider/}, language = {English}, urldate = {2019-12-20} } Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER
Emotet MUMMY SPIDER
2018 ⋅ Quick HealQuick Heal
@techreport{heal:2018:complete:96388ed, author = {Quick Heal}, title = {{The Complete story of EMOTET Most prominent Malware of 2018}}, date = {2018}, institution = {Quick Heal}, url = {https://quickheal.co.in/documents/technical-paper/Whitepaper_HowToPM.pdf}, language = {English}, urldate = {2020-01-13} } The Complete story of EMOTET Most prominent Malware of 2018
Emotet
2017-11-15 ⋅ Trend MicroRubio Wu
@online{wu:20171115:new:dde35b0, author = {Rubio Wu}, title = {{New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis}}, date = {2017-11-15}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/}, language = {English}, urldate = {2019-10-14} } New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
Emotet
2017-11-06 ⋅ MicrosoftMicrosoft Defender ATP Research Team
@online{team:20171106:mitigating:f52d1d9, author = {Microsoft Defender ATP Research Team}, title = {{Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks}}, date = {2017-11-06}, organization = {Microsoft}, url = {https://cloudblogs.microsoft.com/microsoftsecure/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/?source=mmpc}, language = {English}, urldate = {2019-12-18} } Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet
2017-10-12 ⋅ G DataG Data
@online{data:20171012:emotet:c99dec0, author = {G Data}, title = {{Emotet beutet Outlook aus}}, date = {2017-10-12}, organization = {G Data}, url = {https://www.gdata.de/blog/2017/10/30110-emotet-beutet-outlook-aus}, language = {English}, urldate = {2019-12-05} } Emotet beutet Outlook aus
Emotet
2017-09-07 ⋅ Trend MicroDon Ladores
@online{ladores:20170907:emotet:bf3075c, author = {Don Ladores}, title = {{EMOTET Returns, Starts Spreading via Spam Botnet}}, date = {2017-09-07}, organization = {Trend Micro}, url = {http://blog.trendmicro.com/trendlabs-security-intelligence/emotet-returns-starts-spreading-via-spam-botnet/}, language = {English}, urldate = {2019-11-28} } EMOTET Returns, Starts Spreading via Spam Botnet
Emotet
2017-05-24 ⋅ CERT.PLPaweł Srokosz
@online{srokosz:20170524:analysis:1d591e7, author = {Paweł Srokosz}, title = {{Analysis of Emotet v4}}, date = {2017-05-24}, organization = {CERT.PL}, url = {https://www.cert.pl/en/news/single/analysis-of-emotet-v4/}, language = {English}, urldate = {2020-01-09} } Analysis of Emotet v4
Emotet
2017-05-03 ⋅ FortinetXiaopeng Zhang
@online{zhang:20170503:deep:4b1f7c7, author = {Xiaopeng Zhang}, title = {{Deep Analysis of New Emotet Variant - Part 1}}, date = {2017-05-03}, organization = {Fortinet}, url = {http://blog.fortinet.com/2017/05/03/deep-analysis-of-new-emotet-variant-part-1}, language = {English}, urldate = {2019-07-08} } Deep Analysis of New Emotet Variant - Part 1
Emotet
2015-04-09 ⋅ Kaspersky LabsAlexey Shulmin
@online{shulmin:20150409:banking:165b265, author = {Alexey Shulmin}, title = {{The Banking Trojan Emotet: Detailed Analysis}}, date = {2015-04-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/analysis/publications/69560/the-banking-trojan-emotet-detailed-analysis/}, language = {English}, urldate = {2019-12-20} } The Banking Trojan Emotet: Detailed Analysis
Emotet
2013-01-18 ⋅ abuse.chabuse.ch
@online{abusech:20130118:feodo:5354db0, author = {abuse.ch}, title = {{Feodo Tracker}}, date = {2013-01-18}, organization = {abuse.ch}, url = {https://feodotracker.abuse.ch/?filter=version_e}, language = {English}, urldate = {2020-01-13} } Feodo Tracker
Emotet

Credits: MISP Project