MUMMY SPIDER is a criminal entity linked to the core development of the malware most commonly known as Emotet or Geodo. First observed in mid-2014, this malware shared code with the Bugat (aka Feodo) banking Trojan. However, MUMMY SPIDER swiftly developed the malware’s capabilities to include an RSA key exchange for command and control (C2) communication and a modular architecture.
MUMMY SPIDER does not follow typical criminal behavioral patterns. In particular, MUMMY SPIDER usually conducts attacks for a few months before ceasing operations for a period of between three and 12 months, before returning with a new variant or version.
After a 10 month hiatus, MUMMY SPIDER returned Emotet to operation in December 2016 but the latest variant is not deploying a banking Trojan module with web injects, it is currently acting as a ‘loader’ delivering other malware packages. The primary modules perform reconnaissance on victim machines, drop freeware tools for credential collection from web browsers and mail clients and a spam plugin for self-propagation. The malware is also issuing commands to download and execute other malware families such as the banking Trojans Dridex and Qakbot.
MUMMY SPIDER advertised Emotet on underground forums until 2015, at which time it became private. Therefore, it is highly likely that Emotet is operate
2021-04-09 ⋅ Palo Alto Networks Unit 42 ⋅ Yanhui Jia, Chris Navarrete
@online{jia:20210409:emotet:c376dd2,
author = {Yanhui Jia and Chris Navarrete},
title = {{Emotet Command and Control Case Study}},
date = {2021-04-09},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/emotet-command-and-control/},
language = {English},
urldate = {2021-04-12}
}
Emotet Command and Control Case Study
Emotet |
2021-03-31 ⋅ Kaspersky ⋅ Kaspersky
@online{kaspersky:20210331:financial:3371aa0,
author = {Kaspersky},
title = {{Financial Cyberthreats in 2020}},
date = {2021-03-31},
organization = {Kaspersky},
url = {https://securelist.com/financial-cyberthreats-in-2020/101638/},
language = {English},
urldate = {2021-04-06}
}
Financial Cyberthreats in 2020
BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus |
2021-03-31 ⋅ Red Canary ⋅ Red Canary
@techreport{canary:20210331:2021:cd81f2d,
author = {Red Canary},
title = {{2021 Threat Detection Report}},
date = {2021-03-31},
institution = {Red Canary},
url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf},
language = {English},
urldate = {2021-04-06}
}
2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-21 ⋅ Blackberry ⋅ Blackberry Research
@techreport{research:20210321:2021:a393473,
author = {Blackberry Research},
title = {{2021 Threat Report}},
date = {2021-03-21},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf},
language = {English},
urldate = {2021-03-25}
}
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
2021-03-17 ⋅ HP ⋅ HP Bromium
@techreport{bromium:20210317:threat:3aed551,
author = {HP Bromium},
title = {{Threat Insights Report Q4-2020}},
date = {2021-03-17},
institution = {HP},
url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/03/HP_Bromium_Threat_Insights_Report_Q4_2020.pdf},
language = {English},
urldate = {2021-03-19}
}
Threat Insights Report Q4-2020
Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Chris Navarrete, Yanhui Jia, Matthew Tennis, Durgesh Sangvikar, Rongbo Shao
@online{navarrete:20210308:attack:6238643,
author = {Chris Navarrete and Yanhui Jia and Matthew Tennis and Durgesh Sangvikar and Rongbo Shao},
title = {{Attack Chain Overview: Emotet in December 2020 and January 2021}},
date = {2021-03-08},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/attack-chain-overview-emotet-in-december-2020-and-january-2021/},
language = {English},
urldate = {2021-03-11}
}
Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet |
2021-02-28 ⋅ PWC UK ⋅ PWC UK
@techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Ransomware Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Ransomware Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare |
2021-02-25 ⋅ ANSSI ⋅ CERT-FR
@techreport{certfr:20210225:ryuk:7895e12,
author = {CERT-FR},
title = {{Ryuk Ransomware}},
date = {2021-02-25},
institution = {ANSSI},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf},
language = {English},
urldate = {2021-03-02}
}
Ryuk Ransomware
BazarBackdoor Buer Conti Ransomware Emotet Ryuk TrickBot |
2021-02-25 ⋅ JPCERT/CC ⋅ Ken Sajo
@online{sajo:20210225:emotet:f78fb4e,
author = {Ken Sajo},
title = {{Emotet Disruption and Outreach to Affected Users}},
date = {2021-02-25},
organization = {JPCERT/CC},
url = {https://blogs.jpcert.or.jp/en/2021/02/emotet-notice.html},
language = {English},
urldate = {2021-02-25}
}
Emotet Disruption and Outreach to Affected Users
Emotet |
2021-02-24 ⋅ Allsafe ⋅ Shota Nakajima, Hara Hiroaki
@techreport{nakajima:20210224:malware:0f5ff88,
author = {Shota Nakajima and Hara Hiroaki},
title = {{Malware Analysis at Scale - Defeating Emotet by Ghidra}},
date = {2021-02-24},
institution = {Allsafe},
url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_workshop_malware-analysis_jp.pdf},
language = {English},
urldate = {2021-02-26}
}
Malware Analysis at Scale - Defeating Emotet by Ghidra
Emotet |
2021-02-24 ⋅ IBM ⋅ IBM SECURITY X-FORCE
@online{xforce:20210224:xforce:ac9a90e,
author = {IBM SECURITY X-FORCE},
title = {{X-Force Threat Intelligence Index 2021}},
date = {2021-02-24},
organization = {IBM},
url = {https://ibm.ent.box.com/s/hs5pcayhbbhjvj8di5sqdpbbd88tsh89},
language = {English},
urldate = {2021-03-02}
}
X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot |
2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
@techreport{crowdstrike:20210223:2021:bf5bc4f,
author = {CrowdStrike},
title = {{2021 Global Threat Report}},
date = {2021-02-23},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf},
language = {English},
urldate = {2021-02-25}
}
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader |
2021-02-17 ⋅ Politie NL ⋅ Politie NL
@online{nl:20210217:politie:a27a279,
author = {Politie NL},
title = {{Politie bestrijdt cybercrime via Nederlandse infrastructuur}},
date = {2021-02-17},
organization = {Politie NL},
url = {https://www.politie.nl/nieuws/2021/februari/17/politie-bestrijdt-cybercrime-via-nederlandse-infrastructuur.html},
language = {Dutch},
urldate = {2021-02-20}
}
Politie bestrijdt cybercrime via Nederlandse infrastructuur
Emotet |
2021-02-17 ⋅ YouTube (AGDC Services) ⋅ AGDC Services
@online{services:20210217:how:d492b9b,
author = {AGDC Services},
title = {{How Malware Can Resolve APIs By Hash}},
date = {2021-02-17},
organization = {YouTube (AGDC Services)},
url = {https://www.youtube.com/watch?v=q8of74upT_g},
language = {English},
urldate = {2021-02-24}
}
How Malware Can Resolve APIs By Hash
Emotet Mailto |
2021-02-12 ⋅ CERT-FR ⋅ CERT-FR
@techreport{certfr:20210212:malwareaaaservice:c6454b5,
author = {CERT-FR},
title = {{The Malware-Aa-A-Service Emotet}},
date = {2021-02-12},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-003.pdf},
language = {English},
urldate = {2021-02-20}
}
The Malware-Aa-A-Service Emotet
Emotet |
2021-02-08 ⋅ GRNET CERT ⋅ Dimitris Kolotouros, Marios Levogiannis
@online{kolotouros:20210208:reverse:a034919,
author = {Dimitris Kolotouros and Marios Levogiannis},
title = {{Reverse engineering Emotet – Our approach to protect GRNET against the trojan}},
date = {2021-02-08},
organization = {GRNET CERT},
url = {https://cert.grnet.gr/en/blog/reverse-engineering-emotet/},
language = {English},
urldate = {2021-02-09}
}
Reverse engineering Emotet – Our approach to protect GRNET against the trojan
Emotet |
2021-02-03 ⋅ Digital Shadows ⋅ Stefano De Blasi
@online{blasi:20210203:emotet:8e8ac18,
author = {Stefano De Blasi},
title = {{Emotet Disruption: what it means for the cyber threat landscape}},
date = {2021-02-03},
organization = {Digital Shadows},
url = {https://www.digitalshadows.com/blog-and-research/emotet-disruption/},
language = {English},
urldate = {2021-02-06}
}
Emotet Disruption: what it means for the cyber threat landscape
Emotet |
2021-02-02 ⋅ CRONUP ⋅ Germán Fernández
@online{fernndez:20210202:de:6ff4f3a,
author = {Germán Fernández},
title = {{De ataque con Malware a incidente de Ransomware}},
date = {2021-02-02},
organization = {CRONUP},
url = {https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware},
language = {Spanish},
urldate = {2021-03-02}
}
De ataque con Malware a incidente de Ransomware
Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
@online{team:20210201:what:2e12897,
author = {Microsoft 365 Defender Threat Intelligence Team},
title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}},
date = {2021-02-01},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/},
language = {English},
urldate = {2021-02-02}
}
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
2021-01-29 ⋅ Malwarebytes ⋅ Threat Intelligence Team
@online{team:20210129:cleaning:489c8b3,
author = {Threat Intelligence Team},
title = {{Cleaning up after Emotet: the law enforcement file}},
date = {2021-01-29},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/},
language = {English},
urldate = {2021-02-02}
}
Cleaning up after Emotet: the law enforcement file
Emotet |
2021-01-28 ⋅ Youtube (Virus Bulletin) ⋅ Benoît Ancel
@online{ancel:20210128:bagsu:7de60de,
author = {Benoît Ancel},
title = {{The Bagsu banker case}},
date = {2021-01-28},
organization = {Youtube (Virus Bulletin)},
url = {https://www.youtube.com/watch?v=EyDiIAt__dI},
language = {English},
urldate = {2021-02-01}
}
The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction |
2021-01-28 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
@online{lab:20210128:emotet:863df45,
author = {Hornetsecurity Security Lab},
title = {{Emotet Botnet Takedown}},
date = {2021-01-28},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/threat-research/emotet-botnet-takedown/},
language = {English},
urldate = {2021-01-29}
}
Emotet Botnet Takedown
Emotet |
2021-01-28 ⋅ Department of Homeland Security ⋅ Department of Justice
@online{justice:20210128:emotet:cb82f8e,
author = {Department of Justice},
title = {{Emotet Botnet Disrupted in International Cyber Operation}},
date = {2021-01-28},
organization = {Department of Homeland Security},
url = {https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation},
language = {English},
urldate = {2021-02-01}
}
Emotet Botnet Disrupted in International Cyber Operation
Emotet |
2021-01-28 ⋅ NTT ⋅ Dan Saunders
@online{saunders:20210128:emotet:19b0313,
author = {Dan Saunders},
title = {{Emotet disruption - Europol counterattack}},
date = {2021-01-28},
organization = {NTT},
url = {https://hello.global.ntt/en-us/insights/blog/emotet-disruption-europol-counterattack},
language = {English},
urldate = {2021-01-29}
}
Emotet disruption - Europol counterattack
Emotet |
2021-01-28 ⋅ InfoSec Handlers Diary Blog ⋅ Daniel Wesemann
@online{wesemann:20210128:emotet:2939e8d,
author = {Daniel Wesemann},
title = {{Emotet vs. Windows Attack Surface Reduction}},
date = {2021-01-28},
organization = {InfoSec Handlers Diary Blog},
url = {https://isc.sans.edu/diary/rss/27036},
language = {English},
urldate = {2021-01-29}
}
Emotet vs. Windows Attack Surface Reduction
Emotet |
2021-01-27 ⋅ Intel 471 ⋅ Intel 471
@online{471:20210127:emotet:0a7344b,
author = {Intel 471},
title = {{Emotet takedown is not like the Trickbot takedown}},
date = {2021-01-27},
organization = {Intel 471},
url = {https://intel471.com/blog/emotet-takedown-2021/},
language = {English},
urldate = {2021-01-29}
}
Emotet takedown is not like the Trickbot takedown
Emotet |
2021-01-27 ⋅ KrebsOnSecurity ⋅ Brian Krebs
@online{krebs:20210127:international:dc5699a,
author = {Brian Krebs},
title = {{International Action Targets Emotet Crimeware}},
date = {2021-01-27},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware},
language = {English},
urldate = {2021-01-29}
}
International Action Targets Emotet Crimeware
Emotet |
2021-01-27 ⋅ Twitter (@milkr3am) ⋅ milkream
@online{milkream:20210127:all:e3c3773,
author = {milkream},
title = {{Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25}},
date = {2021-01-27},
organization = {Twitter (@milkr3am)},
url = {https://twitter.com/milkr3am/status/1354459859912192002},
language = {English},
urldate = {2021-01-29}
}
Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25
Emotet |
2021-01-27 ⋅ Team Cymru ⋅ James Shank
@online{shank:20210127:taking:fa40609,
author = {James Shank},
title = {{Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts}},
date = {2021-01-27},
organization = {Team Cymru},
url = {https://team-cymru.com/blog/2021/01/27/taking-down-emotet/},
language = {English},
urldate = {2021-01-29}
}
Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts
Emotet |
2021-01-27 ⋅ Eurojust ⋅ Eurojust
@online{eurojust:20210127:worlds:d416adc,
author = {Eurojust},
title = {{World’s most dangerous malware EMOTET disrupted through global action}},
date = {2021-01-27},
organization = {Eurojust},
url = {https://www.eurojust.europa.eu/worlds-most-dangerous-malware-emotet-disrupted-through-global-action},
language = {English},
urldate = {2021-01-27}
}
World’s most dangerous malware EMOTET disrupted through global action
Emotet |
2021-01-27 ⋅ Bundeskriminalamt ⋅ Bundeskriminalamt
@online{bundeskriminalamt:20210127:infrastruktur:eb4ede6,
author = {Bundeskriminalamt},
title = {{Infrastruktur der Emotet-Schadsoftware zerschlagen}},
date = {2021-01-27},
organization = {Bundeskriminalamt},
url = {https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2021/Presse2021/210127_pmEmotet.html},
language = {German},
urldate = {2021-01-27}
}
Infrastruktur der Emotet-Schadsoftware zerschlagen
Emotet |
2021-01-27 ⋅ Youtube (Національна поліція України) ⋅ Національна поліція України
@online{:20210127:emotet:abc27db,
author = {Національна поліція України},
title = {{Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET}},
date = {2021-01-27},
organization = {Youtube (Національна поліція України)},
url = {https://www.youtube.com/watch?v=_BLOmClsSpc},
language = {Ukrainian},
urldate = {2021-01-27}
}
Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET
Emotet |
2021-01-19 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
@online{duncan:20210119:wireshark:be0c831,
author = {Brad Duncan},
title = {{Wireshark Tutorial: Examining Emotet Infection Traffic}},
date = {2021-01-19},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-emotet-infection/},
language = {English},
urldate = {2021-01-21}
}
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot |
2021-01-14 ⋅ Netskope ⋅ Ghanashyam Satpathy, Dagmawi Mulugeta
@online{satpathy:20210114:you:f7f99aa,
author = {Ghanashyam Satpathy and Dagmawi Mulugeta},
title = {{You Can Run, But You Can’t Hide: Advanced Emotet Updates}},
date = {2021-01-14},
organization = {Netskope},
url = {https://www.netskope.com/blog/you-can-run-but-you-cant-hide-advanced-emotet-updates},
language = {English},
urldate = {2021-01-18}
}
You Can Run, But You Can’t Hide: Advanced Emotet Updates
Emotet |
2021-01-13 ⋅ VinCSS ⋅ Tran Trung Kien, m4n0w4r
@online{kien:20210113:re019:5b00767,
author = {Tran Trung Kien and m4n0w4r},
title = {{[RE019] From A to X analyzing some real cases which used recent Emotet samples}},
date = {2021-01-13},
organization = {VinCSS},
url = {https://blog.vincss.net/2021/01/re019-from-a-to-x-analyzing-some-real-cases-which-used-recent-Emotet-samples.html},
language = {English},
urldate = {2021-01-25}
}
[RE019] From A to X analyzing some real cases which used recent Emotet samples
Emotet |
2021-01-05 ⋅ r3mrum blog ⋅ R3MRUM
@online{r3mrum:20210105:manual:0d15421,
author = {R3MRUM},
title = {{Manual analysis of new PowerSplit maldocs delivering Emotet}},
date = {2021-01-05},
organization = {r3mrum blog},
url = {https://r3mrum.wordpress.com/2021/01/05/manual-analysis-of-new-powersplit-maldocs-delivering-emotet/},
language = {English},
urldate = {2021-01-10}
}
Manual analysis of new PowerSplit maldocs delivering Emotet
Emotet |
2020-12-31 ⋅ Cert-AgID ⋅ Cert-AgID
@online{certagid:20201231:simplify:1a7bcd2,
author = {Cert-AgID},
title = {{Simplify Emotet parsing with Python and iced x86}},
date = {2020-12-31},
organization = {Cert-AgID},
url = {https://cert-agid.gov.it/news/malware/semplificare-lanalisi-di-emotet-con-python-e-iced-x86/},
language = {Italian},
urldate = {2021-01-05}
}
Simplify Emotet parsing with Python and iced x86
Emotet |
2020-12-30 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
@online{gatlan:20201230:emotet:1f2a80b,
author = {Sergiu Gatlan},
title = {{Emotet malware hits Lithuania's National Public Health Center}},
date = {2020-12-30},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-malware-hits-lithuanias-national-public-health-center/},
language = {English},
urldate = {2021-01-05}
}
Emotet malware hits Lithuania's National Public Health Center
Emotet |
2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW
@online{munshaw:20201221:2020:4a88f84,
author = {JON MUNSHAW},
title = {{2020: The year in malware}},
date = {2020-12-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html},
language = {English},
urldate = {2020-12-26}
}
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-10 ⋅ Youtube (OALabs) ⋅ Sergei Frankoff
@online{frankoff:20201210:malware:0a70511,
author = {Sergei Frankoff},
title = {{Malware Triage Analyzing PrnLoader Used To Drop Emotet}},
date = {2020-12-10},
organization = {Youtube (OALabs)},
url = {https://www.youtube.com/watch?v=5_-oR_135ss},
language = {English},
urldate = {2020-12-18}
}
Malware Triage Analyzing PrnLoader Used To Drop Emotet
Emotet |
2020-12-04 ⋅ Kaspersky Labs ⋅ Oleg Kupreev
@online{kupreev:20201204:chronicles:faab5a6,
author = {Oleg Kupreev},
title = {{The chronicles of Emotet}},
date = {2020-12-04},
organization = {Kaspersky Labs},
url = {https://securelist.com/the-chronicles-of-emotet/99660/},
language = {English},
urldate = {2020-12-08}
}
The chronicles of Emotet
Emotet |
2020-11-26 ⋅ VirusTotal ⋅ Emiliano Martinez
@online{martinez:20201126:using:2d0ccc3,
author = {Emiliano Martinez},
title = {{Using similarity to expand context and map out threat campaigns}},
date = {2020-11-26},
organization = {VirusTotal},
url = {https://blog.virustotal.com/2020/11/using-similarity-to-expand-context-and.html},
language = {English},
urldate = {2020-12-03}
}
Using similarity to expand context and map out threat campaigns
Emotet |
2020-11-22 ⋅ Irshad's Blog ⋅ Irshad Muhammad
@online{muhammad:20201122:analyzing:d3915d0,
author = {Irshad Muhammad},
title = {{Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.}},
date = {2020-11-22},
organization = {Irshad's Blog},
url = {https://mirshadx.wordpress.com/2020/11/22/analyzing-an-emotet-dropper-and-writing-a-python-script-to-statically-unpack-payload/},
language = {English},
urldate = {2020-11-23}
}
Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.
Emotet |
2020-11-20 ⋅ ZDNet ⋅ Catalin Cimpanu
@online{cimpanu:20201120:malware:0b8ff59,
author = {Catalin Cimpanu},
title = {{The malware that usually installs ransomware and you need to remove right away}},
date = {2020-11-20},
organization = {ZDNet},
url = {https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/},
language = {English},
urldate = {2020-11-23}
}
The malware that usually installs ransomware and you need to remove right away
Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-18 ⋅ Cisco ⋅ Nick Biasini, Edmund Brumaghin, Jaeson Schultz
@online{biasini:20201118:back:178d20d,
author = {Nick Biasini and Edmund Brumaghin and Jaeson Schultz},
title = {{Back from vacation: Analyzing Emotet’s activity in 2020}},
date = {2020-11-18},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2020/11/emotet-2020.html},
language = {English},
urldate = {2020-11-19}
}
Back from vacation: Analyzing Emotet’s activity in 2020
Emotet |
2020-11-06 ⋅ Security Soup Blog ⋅ Ryan Campbell
@online{campbell:20201106:quick:741d84a,
author = {Ryan Campbell},
title = {{Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs}},
date = {2020-11-06},
organization = {Security Soup Blog},
url = {https://security-soup.net/quick-post-spooky-new-powershell-obfuscation-in-emotet-maldocs/},
language = {English},
urldate = {2020-11-09}
}
Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs
Emotet |
2020-11-06 ⋅ LAC WATCH ⋅ Matsumoto, Takagen, Ishikawa
@online{matsumoto:20201106:emotetzloader:ba310e4,
author = {Matsumoto and Takagen and Ishikawa},
title = {{分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意}},
date = {2020-11-06},
organization = {LAC WATCH},
url = {https://www.lac.co.jp/lacwatch/people/20201106_002321.html},
language = {Japanese},
urldate = {2020-11-09}
}
分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意
Emotet Zloader |
2020-11-05 ⋅ Brim Security ⋅ Oliver Rochford
@online{rochford:20201105:hunting:c53aca3,
author = {Oliver Rochford},
title = {{Hunting Emotet with Brim and Zeek}},
date = {2020-11-05},
organization = {Brim Security},
url = {https://medium.com/brim-securitys-knowledge-funnel/hunting-emotet-with-brim-and-zeek-1000c2f5c1ff},
language = {English},
urldate = {2020-11-09}
}
Hunting Emotet with Brim and Zeek
Emotet |
2020-10-29 ⋅ CERT-FR ⋅ CERT-FR
@techreport{certfr:20201029:le:d296223,
author = {CERT-FR},
title = {{LE MALWARE-AS-A-SERVICE EMOTET}},
date = {2020-10-29},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-010.pdf},
language = {English},
urldate = {2020-11-04}
}
LE MALWARE-AS-A-SERVICE EMOTET
Dridex Emotet ISFB QakBot |
2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Ruian Duan, Zhanhao Chen, Seokkyung Chung, Janos Szurdi, Jingwei Fan
@online{duan:20201029:domain:413ffab,
author = {Ruian Duan and Zhanhao Chen and Seokkyung Chung and Janos Szurdi and Jingwei Fan},
title = {{Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee}},
date = {2020-10-29},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/domain-parking/},
language = {English},
urldate = {2020-11-02}
}
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Emotet |
2020-10-28 ⋅ Bitdefender ⋅ Ruben Andrei Condor
@techreport{condor:20201028:decade:b8d7422,
author = {Ruben Andrei Condor},
title = {{A Decade of WMI Abuse – an Overview of Techniques in Modern Malware}},
date = {2020-10-28},
institution = {Bitdefender},
url = {https://www.bitdefender.com/files/News/CaseStudies/study/377/Bitdefender-Whitepaper-WMI-creat4871-en-EN-GenericUse.pdf},
language = {English},
urldate = {2020-11-02}
}
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware
sLoad Emotet Maze |
2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ BSI
@online{bsi:20201020:die:0683ad4,
author = {BSI},
title = {{Die Lage der IT-Sicherheit in Deutschland 2020}},
date = {2020-10-20},
organization = {Bundesamt für Sicherheit in der Informationstechnik},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2020.pdf?__blob=publicationFile&v=2},
language = {German},
urldate = {2020-10-21}
}
Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot |
2020-10-19 ⋅ SPAM Auditor ⋅ Thomas
@online{thomas:20201019:many:b85e434,
author = {Thomas},
title = {{The Many Faces of Emotet}},
date = {2020-10-19},
organization = {SPAM Auditor},
url = {https://spamauditor.org/2020/10/the-many-faces-of-emotet/},
language = {English},
urldate = {2020-10-23}
}
The Many Faces of Emotet
Emotet |
2020-10-16 ⋅ Proofpoint ⋅ Cassandra A., Proofpoint Threat Research Team
@online{a:20201016:geofenced:8c31198,
author = {Cassandra A. and Proofpoint Threat Research Team},
title = {{Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet}},
date = {2020-10-16},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet},
language = {English},
urldate = {2020-10-23}
}
Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet
Emotet |
2020-10-12 ⋅ DeepInstinct ⋅ Ron Ben Yizhak
@online{yizhak:20201012:why:df976a3,
author = {Ron Ben Yizhak},
title = {{Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2}},
date = {2020-10-12},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2020/10/12/why-emotets-latest-wave-is-harder-to-catch-than-ever-before-part-2/},
language = {English},
urldate = {2020-10-15}
}
Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2
Emotet |
2020-10-01 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Research Team
@online{f:20201001:emotet:59780d9,
author = {Axel F and Proofpoint Threat Research Team},
title = {{Emotet Makes Timely Adoption of Political and Elections Lures}},
date = {2020-10-01},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/emotet-makes-timely-adoption-political-and-elections-lures},
language = {English},
urldate = {2020-10-05}
}
Emotet Makes Timely Adoption of Political and Elections Lures
Emotet |
2020-09-29 ⋅ Microsoft ⋅ Microsoft
@techreport{microsoft:20200929:microsoft:6e5d7b0,
author = {Microsoft},
title = {{Microsoft Digital Defense Report}},
date = {2020-09-29},
institution = {Microsoft},
url = {https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf},
language = {English},
urldate = {2020-10-05}
}
Microsoft Digital Defense Report
Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
2020-09-29 ⋅ Seqrite ⋅ Prashant Tilekar
@online{tilekar:20200929:return:d989aaf,
author = {Prashant Tilekar},
title = {{The return of the Emotet as the world unlocks!}},
date = {2020-09-29},
organization = {Seqrite},
url = {https://www.seqrite.com/blog/the-return-of-the-emotet-as-the-world-unlocks/},
language = {English},
urldate = {2021-01-01}
}
The return of the Emotet as the world unlocks!
Emotet |
2020-09-11 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
@online{team:20200911:research:edfb074,
author = {ThreatConnect Research Team},
title = {{Research Roundup: Activity on Previously Identified APT33 Domains}},
date = {2020-09-11},
organization = {ThreatConnect},
url = {https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/},
language = {English},
urldate = {2020-09-15}
}
Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33 |
2020-09-07 ⋅ CERT-FR ⋅ CERT-FR
@online{certfr:20200907:bulletin:f7b2023,
author = {CERT-FR},
title = {{Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France}},
date = {2020-09-07},
organization = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-019/},
language = {English},
urldate = {2020-09-15}
}
Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France
Emotet |
2020-09-07 ⋅ CERT NZ ⋅ CERT NZ
@online{nz:20200907:emotet:e7965c2,
author = {CERT NZ},
title = {{Emotet Malware being spread via email}},
date = {2020-09-07},
organization = {CERT NZ},
url = {https://www.cert.govt.nz/it-specialists/advisories/emotet-malware-being-spread-via-email/},
language = {English},
urldate = {2020-09-15}
}
Emotet Malware being spread via email
Emotet |
2020-08-28 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Research Team
@online{f:20200828:comprehensive:df5ff9b,
author = {Axel F and Proofpoint Threat Research Team},
title = {{A Comprehensive Look at Emotet’s Summer 2020 Return}},
date = {2020-08-28},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-summer-2020-return},
language = {English},
urldate = {2020-08-30}
}
A Comprehensive Look at Emotet’s Summer 2020 Return
Emotet MUMMY SPIDER |
2020-08-24 ⋅ Hornetsecurity ⋅ Security Lab
@online{lab:20200824:emotet:252c8de,
author = {Security Lab},
title = {{Emotet Update increases Downloads}},
date = {2020-08-24},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/emotet-update-increases-downloads/},
language = {English},
urldate = {2020-08-30}
}
Emotet Update increases Downloads
Emotet |
2020-08-14 ⋅ Binary Defense ⋅ James Quinn
@online{quinn:20200814:emocrash:4f12855,
author = {James Quinn},
title = {{EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense}},
date = {2020-08-14},
organization = {Binary Defense},
url = {https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/},
language = {English},
urldate = {2020-08-19}
}
EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense
Emotet |
2020-08-12 ⋅ DeepInstinct ⋅ Ron Ben Yizhak
@online{yizhak:20200812:why:b99aef4,
author = {Ron Ben Yizhak},
title = {{Why Emotet’s Latest Wave is Harder to Catch than Ever Before}},
date = {2020-08-12},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2020/08/12/why-emotets-latest-wave-is-harder-to-catch-than-ever-before/},
language = {English},
urldate = {2020-10-15}
}
Why Emotet’s Latest Wave is Harder to Catch than Ever Before
Emotet |
2020-08-05 ⋅ Github (mauronz) ⋅ Francesco Muroni
@online{muroni:20200805:emotet:0fe027e,
author = {Francesco Muroni},
title = {{Emotet API+string deobfuscator (v0.1)}},
date = {2020-08-05},
organization = {Github (mauronz)},
url = {https://github.com/mauronz/binja-emotet},
language = {English},
urldate = {2020-08-18}
}
Emotet API+string deobfuscator (v0.1)
Emotet |
2020-08 ⋅ TG Soft ⋅ TG Soft
@online{soft:202008:tg:88b671c,
author = {TG Soft},
title = {{TG Soft Cyber - Threat Report}},
date = {2020-08},
organization = {TG Soft},
url = {https://www.tgsoft.it/files/report/download.asp?id=7481257469},
language = {Italian},
urldate = {2020-09-15}
}
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB |
2020-07-31 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
@online{lab:20200731:webshells:4963ea5,
author = {Hornetsecurity Security Lab},
title = {{The webshells powering Emotet}},
date = {2020-07-31},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-informationen-en/webshells-powering-emotet/},
language = {English},
urldate = {2020-08-21}
}
The webshells powering Emotet
Emotet |
2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
@techreport{labs:20200730:spamhaus:038546d,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q2 2020}},
date = {2020-07-30},
institution = {Spamhaus},
url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf},
language = {English},
urldate = {2020-07-30}
}
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
2020-07-29 ⋅ Sophos Labs ⋅ Andrew Brandt
@online{brandt:20200729:emotets:cb1de9b,
author = {Andrew Brandt},
title = {{Emotet’s return is the canary in the coal mine}},
date = {2020-07-29},
organization = {Sophos Labs},
url = {https://news.sophos.com/en-us/2020/07/28/emotets-return-is-the-canary-in-the-coal-mine/?cmp=30728},
language = {English},
urldate = {2020-07-30}
}
Emotet’s return is the canary in the coal mine
Emotet |
2020-07-28 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
@online{gatlan:20200728:emotet:37429c5,
author = {Sergiu Gatlan},
title = {{Emotet malware now steals your email attachments to attack contacts}},
date = {2020-07-28},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/},
language = {English},
urldate = {2020-07-30}
}
Emotet malware now steals your email attachments to attack contacts
Emotet |
2020-07-20 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
@online{lab:20200720:emotet:f918eaf,
author = {Hornetsecurity Security Lab},
title = {{Emotet is back}},
date = {2020-07-20},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/emotet-is-back/},
language = {English},
urldate = {2020-07-30}
}
Emotet is back
Emotet |
2020-07-20 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20200720:emotettrickbot:a8e84d2,
author = {Lawrence Abrams},
title = {{Emotet-TrickBot malware duo is back infecting Windows machines}},
date = {2020-07-20},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/emotet-trickbot-malware-duo-is-back-infecting-windows-machines/},
language = {English},
urldate = {2020-07-21}
}
Emotet-TrickBot malware duo is back infecting Windows machines
Emotet TrickBot |
2020-07-20 ⋅ NTT ⋅ Security division of NTT Ltd.
@online{ltd:20200720:shellbot:adab896,
author = {Security division of NTT Ltd.},
title = {{Shellbot victim overlap with Emotet network infrastructure}},
date = {2020-07-20},
organization = {NTT},
url = {https://hello.global.ntt/en-us/insights/blog/shellbot-victim-overlap-with-emotet-network-infrastructure},
language = {English},
urldate = {2020-07-30}
}
Shellbot victim overlap with Emotet network infrastructure
Emotet |
2020-07-17 ⋅ CERT-FR ⋅ CERT-FR
@techreport{certfr:20200717:malware:5c58cdf,
author = {CERT-FR},
title = {{The Malware Dridex: Origins and Uses}},
date = {2020-07-17},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf},
language = {English},
urldate = {2020-07-20}
}
The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-06-18 ⋅ NTT Security ⋅ Security division of NTT Ltd.
@online{ltd:20200618:behind:a5e168d,
author = {Security division of NTT Ltd.},
title = {{Behind the scenes of the Emotet Infrastructure}},
date = {2020-06-18},
organization = {NTT Security},
url = {https://hello.global.ntt/en-us/insights/blog/behind-the-scenes-of-the-emotet-infrastructure},
language = {English},
urldate = {2020-06-20}
}
Behind the scenes of the Emotet Infrastructure
Emotet |
2020-06-12 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
@online{team:20200612:probable:89a5bed,
author = {ThreatConnect Research Team},
title = {{Probable Sandworm Infrastructure}},
date = {2020-06-12},
organization = {ThreatConnect},
url = {https://threatconnect.com/blog/threatconnect-research-roundup-probable-sandworm-infrastructure},
language = {English},
urldate = {2020-06-16}
}
Probable Sandworm Infrastructure
Avaddon Ransomware Emotet Kimsuky |
2020-05-28 ⋅ VMWare Carbon Black ⋅ Tom Kellermann, Ryan Murphy
@techreport{kellermann:20200528:modern:8155ea4,
author = {Tom Kellermann and Ryan Murphy},
title = {{Modern Bank Heists 3.0}},
date = {2020-05-28},
institution = {VMWare Carbon Black},
url = {https://cdn.www.carbonblack.com/wp-content/uploads/2020/05/VMWCB-Report-Modern-Bank-Heists-2020.pdf},
language = {English},
urldate = {2020-05-29}
}
Modern Bank Heists 3.0
Emotet |
2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan
@online{zarslan:20200521:t1055:4400f98,
author = {Süleyman Özarslan},
title = {{T1055 Process Injection}},
date = {2020-05-21},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection},
language = {English},
urldate = {2020-06-03}
}
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-05-05 ⋅ Hornetsecurity ⋅ Security Lab
@online{lab:20200505:awaiting:513382e,
author = {Security Lab},
title = {{Awaiting the Inevitable Return of Emotet}},
date = {2020-05-05},
organization = {Hornetsecurity},
url = {https://www.hornetsecurity.com/en/security-information/awaiting-the-inevitable-return-of-emotet/},
language = {English},
urldate = {2020-05-05}
}
Awaiting the Inevitable Return of Emotet
Emotet |
2020-04-22 ⋅ Youtube (Infosec Alpha) ⋅ Raashid Bhat
@online{bhat:20200422:flattenthecurve:0bdf5a3,
author = {Raashid Bhat},
title = {{FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2}},
date = {2020-04-22},
organization = {Youtube (Infosec Alpha)},
url = {https://www.youtube.com/watch?v=8PHCZdpNKrw},
language = {English},
urldate = {2020-04-23}
}
FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2
Emotet |
2020-04-14 ⋅ Max Kersten
@online{kersten:20200414:emotet:ec18d45,
author = {Max Kersten},
title = {{Emotet JavaScript downloader}},
date = {2020-04-14},
url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-javascript-downloader/},
language = {English},
urldate = {2020-04-14}
}
Emotet JavaScript downloader
Unidentified JS 003 (Emotet Downloader) |
2020-04-14 ⋅ Intel 471 ⋅ Intel 471
@online{471:20200414:understanding:ca95961,
author = {Intel 471},
title = {{Understanding the relationship between Emotet, Ryuk and TrickBot}},
date = {2020-04-14},
organization = {Intel 471},
url = {https://blog.intel471.com/2020/04/14/understanding-the-relationship-between-emotet-ryuk-and-trickbot/},
language = {English},
urldate = {2020-04-26}
}
Understanding the relationship between Emotet, Ryuk and TrickBot
Emotet Ryuk TrickBot |
2020-04-03 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
@online{gatlan:20200403:microsoft:c12a844,
author = {Sergiu Gatlan},
title = {{Microsoft: Emotet Took Down a Network by Overheating All Computers}},
date = {2020-04-03},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/},
language = {English},
urldate = {2020-04-08}
}
Microsoft: Emotet Took Down a Network by Overheating All Computers
Emotet |
2020-03-31 ⋅ Youtube (Infosec Alpha) ⋅ Raashid Bhat
@online{bhat:20200331:emotet:50264e0,
author = {Raashid Bhat},
title = {{Emotet Binary Deobfuscation | Coconut Paradise | Episode 1}},
date = {2020-03-31},
organization = {Youtube (Infosec Alpha)},
url = {https://www.youtube.com/watch?v=_mGMJFNJWSk},
language = {English},
urldate = {2020-04-23}
}
Emotet Binary Deobfuscation | Coconut Paradise | Episode 1
Emotet |
2020-03-30 ⋅ Intezer ⋅ Michael Kajiloti
@online{kajiloti:20200330:fantastic:c01db60,
author = {Michael Kajiloti},
title = {{Fantastic payloads and where we find them}},
date = {2020-03-30},
organization = {Intezer},
url = {https://intezer.com/blog/intezer-analyze/fantastic-payloads-and-where-we-find-them},
language = {English},
urldate = {2020-04-07}
}
Fantastic payloads and where we find them
Dridex Emotet ISFB TrickBot |
2020-03-30 ⋅ Symantec ⋅ Nguyen Hoang Giang, Mingwei Zhang
@online{giang:20200330:emotet:6034d14,
author = {Nguyen Hoang Giang and Mingwei Zhang},
title = {{Emotet: Dangerous Malware Keeps on Evolving}},
date = {2020-03-30},
organization = {Symantec},
url = {https://medium.com/threat-intel/emotet-dangerous-malware-keeps-on-evolving-ac84aadbb8de},
language = {English},
urldate = {2020-04-01}
}
Emotet: Dangerous Malware Keeps on Evolving
Emotet |
2020-03-12 ⋅ Digital Shadows ⋅ Alex Guirakhoo
@online{guirakhoo:20200312:how:cf2276f,
author = {Alex Guirakhoo},
title = {{How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation}},
date = {2020-03-12},
organization = {Digital Shadows},
url = {https://www.digitalshadows.com/blog-and-research/how-cybercriminals-are-taking-advantage-of-covid-19-scams-fraud-misinformation/},
language = {English},
urldate = {2020-03-19}
}
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation
Emotet |
2020-03-11 ⋅ Twitter (@raashidbhatt) ⋅ Raashid Bhat
@online{bhat:20200311:emotet:c178008,
author = {Raashid Bhat},
title = {{Tweet on Emotet Deobfuscation with Video}},
date = {2020-03-11},
organization = {Twitter (@raashidbhatt)},
url = {https://twitter.com/raashidbhatt/status/1237853549200936960},
language = {English},
urldate = {2020-03-13}
}
Tweet on Emotet Deobfuscation with Video
Emotet |
2020-03-06 ⋅ Telekom ⋅ Thomas Barabosch
@online{barabosch:20200306:dissecting:809bc54,
author = {Thomas Barabosch},
title = {{Dissecting Emotet - Part 2}},
date = {2020-03-06},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/cybersecurity-dissecting-emotet-part-two-596128},
language = {English},
urldate = {2020-03-09}
}
Dissecting Emotet - Part 2
Emotet |
2020-03-06 ⋅ Binary Defense ⋅ James Quinn
@online{quinn:20200306:emotet:e93ab0b,
author = {James Quinn},
title = {{Emotet Wi-Fi Spreader Upgraded}},
date = {2020-03-06},
organization = {Binary Defense},
url = {https://www.binarydefense.com/emotet-wi-fi-spreader-upgraded/},
language = {English},
urldate = {2020-03-09}
}
Emotet Wi-Fi Spreader Upgraded
Emotet |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-03-03 ⋅ PWC UK ⋅ PWC UK
@techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
2020-03-02 ⋅ c't ⋅ Christian Wölbert
@online{wlbert:20200302:was:1b9cc93,
author = {Christian Wölbert},
title = {{Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen}},
date = {2020-03-02},
organization = {c't},
url = {https://www.heise.de/ct/artikel/Was-Emotet-anrichtet-und-welche-Lehren-die-Opfer-daraus-ziehen-4665958.html},
language = {German},
urldate = {2020-03-02}
}
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
Emotet Ryuk |
2020-02-29 ⋅ ZDNet ⋅ Catalin Cimpanu
@online{cimpanu:20200229:meet:b1d7dbd,
author = {Catalin Cimpanu},
title = {{Meet the white-hat group fighting Emotet, the world's most dangerous malware}},
date = {2020-02-29},
organization = {ZDNet},
url = {https://www.zdnet.com/article/meet-the-white-hat-group-fighting-emotet-the-worlds-most-dangerous-malware/},
language = {English},
urldate = {2020-03-02}
}
Meet the white-hat group fighting Emotet, the world's most dangerous malware
Emotet |
2020-02-18 ⋅ CERT.PL ⋅ Michał Praszmo
@online{praszmo:20200218:whats:2790998,
author = {Michał Praszmo},
title = {{What’s up Emotet?}},
date = {2020-02-18},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/whats-up-emotet/},
language = {English},
urldate = {2020-02-18}
}
What’s up Emotet?
Emotet |
2020-02-13 ⋅ Talos ⋅ Nick Biasini, Edmund Brumaghin
@online{biasini:20200213:threat:443d687,
author = {Nick Biasini and Edmund Brumaghin},
title = {{Threat actors attempt to capitalize on coronavirus outbreak}},
date = {2020-02-13},
organization = {Talos},
url = {https://blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html},
language = {English},
urldate = {2020-03-19}
}
Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT |
2020-02-10 ⋅ Malwarebytes ⋅ Adam Kujawa, Wendy Zamora, Jérôme Segura, Thomas Reed, Nathan Collier, Jovi Umawing, Chris Boyd, Pieter Arntz, David Ruiz
@techreport{kujawa:20200210:2020:3fdaf12,
author = {Adam Kujawa and Wendy Zamora and Jérôme Segura and Thomas Reed and Nathan Collier and Jovi Umawing and Chris Boyd and Pieter Arntz and David Ruiz},
title = {{2020 State of Malware Report}},
date = {2020-02-10},
institution = {Malwarebytes},
url = {https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf},
language = {English},
urldate = {2020-02-13}
}
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
2020-02-08 ⋅ PICUS Security ⋅ Süleyman Özarslan
@online{zarslan:20200208:emotet:1fac6a4,
author = {Süleyman Özarslan},
title = {{Emotet Technical Analysis - Part 2 PowerShell Unveiled}},
date = {2020-02-08},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/emotet-technical-analysis-part-2-powershell-unveiled},
language = {English},
urldate = {2020-06-03}
}
Emotet Technical Analysis - Part 2 PowerShell Unveiled
Emotet |
2020-02-07 ⋅ Binary Defense ⋅ James Quinn
@online{quinn:20200207:emotet:07de43a,
author = {James Quinn},
title = {{Emotet Evolves With New Wi-Fi Spreader}},
date = {2020-02-07},
organization = {Binary Defense},
url = {https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/},
language = {English},
urldate = {2020-02-09}
}
Emotet Evolves With New Wi-Fi Spreader
Emotet |
2020-02-03 ⋅ Telekom ⋅ Thomas Barabosch
@online{barabosch:20200203:dissecting:c1a6bca,
author = {Thomas Barabosch},
title = {{Dissecting Emotet – Part 1}},
date = {2020-02-03},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/cybersecurity-dissecting-emotet-part-one-592612},
language = {English},
urldate = {2020-02-07}
}
Dissecting Emotet – Part 1
Emotet |
2020-01-30 ⋅ PICUS Security ⋅ Süleyman Özarslan
@online{zarslan:20200130:emotet:1d5ef78,
author = {Süleyman Özarslan},
title = {{Emotet Technical Analysis - Part 1 Reveal the Evil Code}},
date = {2020-01-30},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/emotet-technical-analysis-part-1-reveal-the-evil-code},
language = {English},
urldate = {2020-06-03}
}
Emotet Technical Analysis - Part 1 Reveal the Evil Code
Emotet |
2020-01-30 ⋅ IBM X-Force Exchange ⋅ Ashkan Vila, Golo Mühr
@online{vila:20200130:coronavirus:f0121b9,
author = {Ashkan Vila and Golo Mühr},
title = {{Coronavirus Goes Cyber With Emotet}},
date = {2020-01-30},
organization = {IBM X-Force Exchange},
url = {https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b},
language = {English},
urldate = {2020-02-03}
}
Coronavirus Goes Cyber With Emotet
Emotet |
2020-01-27 ⋅ T-Systems ⋅ T-Systems
@techreport{tsystems:20200127:vorlufiger:39dc989,
author = {T-Systems},
title = {{Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht}},
date = {2020-01-27},
institution = {T-Systems},
url = {https://www.berlin.de/sen/justva/presse/pressemitteilungen/2020/pm-11-2020-t-systems-forensik_bericht_public_v1.pdf},
language = {German},
urldate = {2020-01-28}
}
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht
Emotet TrickBot |
2020-01-17 ⋅ JPCERT/CC ⋅ Takayoshi Shiigi
@techreport{shiigi:20200117:looking:bf71db1,
author = {Takayoshi Shiigi},
title = {{Looking back on the incidents in 2019}},
date = {2020-01-17},
institution = {JPCERT/CC},
url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_0_JPCERT_en.pdf},
language = {English},
urldate = {2020-04-06}
}
Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
2020-01-17 ⋅ Hiroaki Ogawa, Manabu Niseki
@techreport{ogawa:20200117:100:035a7dd,
author = {Hiroaki Ogawa and Manabu Niseki},
title = {{100 more behind cockroaches?}},
date = {2020-01-17},
institution = {},
url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_4_ogawa-niseki_en.pdf},
language = {English},
urldate = {2020-01-17}
}
100 more behind cockroaches?
MoqHao Emotet Predator The Thief |
2020-01-14 ⋅ Bleeping Computer ⋅ Lawrence Abrams
@online{abrams:20200114:united:a309baa,
author = {Lawrence Abrams},
title = {{United Nations Targeted With Emotet Malware Phishing Attack}},
date = {2020-01-14},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/united-nations-targeted-with-emotet-malware-phishing-attack/},
language = {English},
urldate = {2020-01-20}
}
United Nations Targeted With Emotet Malware Phishing Attack
Emotet |
2020-01-13 ⋅ Gigamon ⋅ William Peteroy, Ed Miles
@online{peteroy:20200113:emotet:60abae1,
author = {William Peteroy and Ed Miles},
title = {{Emotet: Not your Run-of-the-mill Malware}},
date = {2020-01-13},
organization = {Gigamon},
url = {https://atr-blog.gigamon.com/2020/01/13/emotet-not-your-run-of-the-mill-malware/},
language = {English},
urldate = {2020-01-17}
}
Emotet: Not your Run-of-the-mill Malware
Emotet |
2020-01-10 ⋅ CSIS ⋅ CSIS
@techreport{csis:20200110:threat:7454f36,
author = {CSIS},
title = {{Threat Matrix H1 2019}},
date = {2020-01-10},
institution = {CSIS},
url = {https://gallery.mailchimp.com/c35aef82661dad887b8162a4f/files/e24e8206-a157-4796-a8cb-2b7262cc76e8/CSIS_Threat_Matrix_H1_2019.pdf},
language = {English},
urldate = {2020-01-22}
}
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
2020-01-07 ⋅ Hatching.io ⋅ Team
@online{team:20200107:powershell:fb8264e,
author = {Team},
title = {{Powershell Static Analysis & Emotet results}},
date = {2020-01-07},
organization = {Hatching.io},
url = {https://hatching.io/blog/powershell-analysis},
language = {English},
urldate = {2020-01-12}
}
Powershell Static Analysis & Emotet results
Emotet |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:gold:9b89cea,
author = {SecureWorks},
title = {{GOLD CRESTWOOD}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-crestwood},
language = {English},
urldate = {2020-05-23}
}
GOLD CRESTWOOD
Emotet MUMMY SPIDER |
2019-12-12 ⋅ FireEye ⋅ Chi-en Shen, Oleg Bondarenko
@online{shen:20191212:cyber:e01baca,
author = {Chi-en Shen and Oleg Bondarenko},
title = {{Cyber Threat Landscape in Japan – Revealing Threat in the Shadow}},
date = {2019-12-12},
organization = {FireEye},
url = {https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko},
language = {English},
urldate = {2020-04-16}
}
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
2019-12-10 ⋅ JPCERT/CC ⋅ JPCERT/CC
@online{jpcertcc:20191210:updated:86aee30,
author = {JPCERT/CC},
title = {{[Updated] Alert Regarding Emotet Malware Infection}},
date = {2019-12-10},
organization = {JPCERT/CC},
url = {https://www.jpcert.or.jp/english/at/2019/at190044.html},
language = {English},
urldate = {2020-01-09}
}
[Updated] Alert Regarding Emotet Malware Infection
Emotet |
2019-12-04 ⋅ JPCERT/CC ⋅ Ken Sajo
@online{sajo:20191204:how:60225fe,
author = {Ken Sajo},
title = {{How to Respond to Emotet Infection (FAQ)}},
date = {2019-12-04},
organization = {JPCERT/CC},
url = {https://blogs.jpcert.or.jp/en/2019/12/emotetfaq.html},
language = {English},
urldate = {2020-01-13}
}
How to Respond to Emotet Infection (FAQ)
Emotet |
2019-11-06 ⋅ Heise Security ⋅ Thomas Hungenberg
@online{hungenberg:20191106:emotet:1605954,
author = {Thomas Hungenberg},
title = {{Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail}},
date = {2019-11-06},
organization = {Heise Security},
url = {https://www.heise.de/security/artikel/Emotet-Trickbot-Ryuk-ein-explosiver-Malware-Cocktail-4573848.html},
language = {German},
urldate = {2020-01-06}
}
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot |
2019-10-30 ⋅ Zscaler ⋅ Atinderpal Singh, Abhay Yadav
@online{singh:20191030:emotet:61821fe,
author = {Atinderpal Singh and Abhay Yadav},
title = {{Emotet is back in action after a short break}},
date = {2019-10-30},
organization = {Zscaler},
url = {https://www.zscaler.com/blogs/research/emotet-back-action-after-short-break},
language = {English},
urldate = {2020-07-01}
}
Emotet is back in action after a short break
Emotet |
2019-10-14 ⋅ Marco Ramilli
@online{ramilli:20191014:is:de28de6,
author = {Marco Ramilli},
title = {{Is Emotet gang targeting companies with external SOC?}},
date = {2019-10-14},
url = {https://marcoramilli.com/2019/10/14/is-emotet-gang-targeting-companies-with-external-soc/},
language = {English},
urldate = {2019-12-20}
}
Is Emotet gang targeting companies with external SOC?
Emotet |
2019-09-24 ⋅ Dissecting Malware ⋅ Marius Genheimer
@online{genheimer:20190924:return:f85ef19,
author = {Marius Genheimer},
title = {{Return of the Mummy - Welcome back, Emotet}},
date = {2019-09-24},
organization = {Dissecting Malware},
url = {https://dissectingmalwa.re/return-of-the-mummy-welcome-back-emotet.html},
language = {English},
urldate = {2020-03-27}
}
Return of the Mummy - Welcome back, Emotet
Emotet |
2019-09-16 ⋅ Malwarebytes ⋅ Threat Intelligence Team
@online{team:20190916:emotet:9c6c8f3,
author = {Threat Intelligence Team},
title = {{Emotet is back: botnet springs back to life with new spam campaign}},
date = {2019-09-16},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/botnets/2019/09/emotet-is-back-botnet-springs-back-to-life-with-new-spam-campaign/},
language = {English},
urldate = {2019-12-20}
}
Emotet is back: botnet springs back to life with new spam campaign
Emotet |
2019-08-13 ⋅ Adalogics ⋅ David Korczynski
@online{korczynski:20190813:state:a4ad074,
author = {David Korczynski},
title = {{The state of advanced code injections}},
date = {2019-08-13},
organization = {Adalogics},
url = {https://adalogics.com/blog/the-state-of-advanced-code-injections},
language = {English},
urldate = {2020-01-13}
}
The state of advanced code injections
Dridex Emotet Tinba |
2019-08-12 ⋅ Schweizerische Eidgenossenschaft ⋅ Schweizerische Eidgenossenschaft
@online{eidgenossenschaft:20190812:trojaner:60574cc,
author = {Schweizerische Eidgenossenschaft},
title = {{Trojaner Emotet greift Unternehmensnetzwerke an}},
date = {2019-08-12},
organization = {Schweizerische Eidgenossenschaft},
url = {https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/Trojaner_Emotet_greift_Unternehmensnetzwerke_an.html},
language = {German},
urldate = {2020-01-08}
}
Trojaner Emotet greift Unternehmensnetzwerke an
Emotet |
2019-06-06 ⋅ Fortinet ⋅ Kai Lu
@online{lu:20190606:deep:0ac679a,
author = {Kai Lu},
title = {{A Deep Dive into the Emotet Malware}},
date = {2019-06-06},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html},
language = {English},
urldate = {2020-01-07}
}
A Deep Dive into the Emotet Malware
Emotet |
2019-05-15 ⋅ Proofpoint ⋅ Axel F, Proofpoint Threat Insight Team
@online{f:20190515:threat:06b415a,
author = {Axel F and Proofpoint Threat Insight Team},
title = {{Threat Actor Profile: TA542, From Banker to Malware Distribution Service}},
date = {2019-05-15},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service},
language = {English},
urldate = {2019-12-20}
}
Threat Actor Profile: TA542, From Banker to Malware Distribution Service
Emotet MUMMY SPIDER |
2019-05-09 ⋅ GovCERT.ch ⋅ GovCERT.ch
@online{govcertch:20190509:severe:2767782,
author = {GovCERT.ch},
title = {{Severe Ransomware Attacks Against Swiss SMEs}},
date = {2019-05-09},
organization = {GovCERT.ch},
url = {https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes},
language = {English},
urldate = {2019-07-11}
}
Severe Ransomware Attacks Against Swiss SMEs
Emotet LockerGoga Ryuk TrickBot |
2019-04-29 ⋅ Blueliv ⋅ Blueliv Labs Team
@online{team:20190429:where:8c3db39,
author = {Blueliv Labs Team},
title = {{Where is Emotet? Latest geolocation data}},
date = {2019-04-29},
organization = {Blueliv},
url = {https://www.blueliv.com/blog/research/where-is-emotet-latest-geolocation-data/},
language = {English},
urldate = {2020-01-08}
}
Where is Emotet? Latest geolocation data
Emotet |
2019-04-25 ⋅ Trend Micro ⋅ Trendmicro
@online{trendmicro:20190425:emotet:04884ca,
author = {Trendmicro},
title = {{Emotet Adds New Evasion Technique}},
date = {2019-04-25},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-adds-new-evasion-technique-and-uses-connected-devices-as-proxy-cc-servers/},
language = {English},
urldate = {2019-11-26}
}
Emotet Adds New Evasion Technique
Emotet |
2019-04-22 ⋅ int 0xcc blog ⋅ Raashid Bhat
@online{bhat:20190422:dissecting:ffba987,
author = {Raashid Bhat},
title = {{Dissecting Emotet’s network communication protocol}},
date = {2019-04-22},
organization = {int 0xcc blog},
url = {https://int0xcc.svbtle.com/dissecting-emotet-s-network-communication-protocol},
language = {English},
urldate = {2020-01-06}
}
Dissecting Emotet’s network communication protocol
Emotet |
2019-04-12 ⋅ SpamTitan ⋅ titanadmin
@online{titanadmin:20190412:emotet:12ca0e7,
author = {titanadmin},
title = {{Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates}},
date = {2019-04-12},
organization = {SpamTitan},
url = {https://www.spamtitan.com/blog/emotet-malware-revives-old-email-conversations-threads-to-increase-infection-rates/},
language = {English},
urldate = {2020-01-09}
}
Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates
Emotet |
2019-04-07 ⋅ Sveatoslav Persianov
@online{persianov:20190407:emotet:0aeaa67,
author = {Sveatoslav Persianov},
title = {{Emotet malware analysis. Part 2}},
date = {2019-04-07},
url = {https://persianov.net/emotet-malware-analysis-part-2},
language = {English},
urldate = {2020-01-05}
}
Emotet malware analysis. Part 2
Emotet |
2019-04 ⋅ Cafe Babe
@online{babe:201904:analyzing:3a404ff,
author = {Cafe Babe},
title = {{Analyzing Emotet with Ghidra — Part 1}},
date = {2019-04},
url = {https://medium.com/@0xd0cf11e/analyzing-emotet-with-ghidra-part-1-4da71a5c8d69},
language = {English},
urldate = {2019-12-06}
}
Analyzing Emotet with Ghidra — Part 1
Emotet |
2019-03-27 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
@online{labs:20190327:emotet:388559f,
author = {Spamhaus Malware Labs},
title = {{Emotet adds a further layer of camouflage}},
date = {2019-03-27},
organization = {Spamhaus},
url = {https://www.spamhaus.org/news/article/783/emotet-adds-a-further-layer-of-camouflage},
language = {English},
urldate = {2020-01-06}
}
Emotet adds a further layer of camouflage
Emotet |
2019-03-17 ⋅ Persianov on Security ⋅ Sveatoslav Persianov
@online{persianov:20190317:emotet:ee3ed0b,
author = {Sveatoslav Persianov},
title = {{Emotet malware analysis. Part 1}},
date = {2019-03-17},
organization = {Persianov on Security},
url = {https://persianov.net/emotet-malware-analysis-part-1},
language = {English},
urldate = {2019-12-17}
}
Emotet malware analysis. Part 1
Emotet |
2019-03-15 ⋅ Cofense ⋅ Threat Intelligence
@online{intelligence:20190315:flash:c7544fd,
author = {Threat Intelligence},
title = {{Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication}},
date = {2019-03-15},
organization = {Cofense},
url = {https://cofense.com/flash-bulletin-emotet-epoch-1-changes-c2-communication/},
language = {English},
urldate = {2019-10-23}
}
Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication
Emotet |
2019-03-08 ⋅ The Daily Swig ⋅ James Walker
@online{walker:20190308:emotet:f1a68de,
author = {James Walker},
title = {{Emotet trojan implicated in Wolverine Solutions ransomware attack}},
date = {2019-03-08},
organization = {The Daily Swig},
url = {https://portswigger.net/daily-swig/emotet-trojan-implicated-in-wolverine-solutions-ransomware-attack},
language = {English},
urldate = {2019-07-10}
}
Emotet trojan implicated in Wolverine Solutions ransomware attack
Emotet |
2019-02-16 ⋅ Max Kersten's Blog ⋅ Max Kersten
@online{kersten:20190216:emotet:7cb0628,
author = {Max Kersten},
title = {{Emotet droppers}},
date = {2019-02-16},
organization = {Max Kersten's Blog},
url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/},
language = {English},
urldate = {2020-01-09}
}
Emotet droppers
Emotet |
2019-01-17 ⋅ SANS ISC InfoSec Forums ⋅ Brad Duncan
@online{duncan:20190117:emotet:0754347,
author = {Brad Duncan},
title = {{Emotet infections and follow-up malware}},
date = {2019-01-17},
organization = {SANS ISC InfoSec Forums},
url = {https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/},
language = {English},
urldate = {2020-01-13}
}
Emotet infections and follow-up malware
Emotet |
2019-01-10 ⋅ CrowdStrike ⋅ Alexander Hanel
@online{hanel:20190110:big:7e10bdf,
author = {Alexander Hanel},
title = {{Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware}},
date = {2019-01-10},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/},
language = {English},
urldate = {2019-12-20}
}
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER |
2019-01-05 ⋅ Github (d00rt) ⋅ d00rt
@online{d00rt:20190105:emotet:8dee25a,
author = {d00rt},
title = {{Emotet Research}},
date = {2019-01-05},
organization = {Github (d00rt)},
url = {https://github.com/d00rt/emotet_research},
language = {English},
urldate = {2020-01-10}
}
Emotet Research
Emotet |
2019 ⋅ D00RT_RM
@online{d00rtrm:2019:emutet:8913da8,
author = {D00RT_RM},
title = {{Emutet}},
date = {2019},
url = {https://d00rt.github.io/emotet_network_protocol/},
language = {English},
urldate = {2020-01-07}
}
Emutet
Emotet |
2018-12-18 ⋅ Trend Micro ⋅ Trendmicro
@online{trendmicro:20181218:ursnif:cc5ce31,
author = {Trendmicro},
title = {{URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader}},
date = {2018-12-18},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/},
language = {English},
urldate = {2020-01-07}
}
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
Dridex Emotet FriedEx ISFB |
2018-11-16 ⋅ Trend Micro ⋅ Trend Micro
@online{micro:20181116:exploring:be1e153,
author = {Trend Micro},
title = {{Exploring Emotet: Examining Emotet’s Activities, Infrastructure}},
date = {2018-11-16},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/exploring-emotet-examining-emotets-activities-infrastructure/},
language = {English},
urldate = {2020-01-12}
}
Exploring Emotet: Examining Emotet’s Activities, Infrastructure
Emotet |
2018-11-09 ⋅ ESET Research ⋅ ESET Research
@online{research:20181109:emotet:b12ec91,
author = {ESET Research},
title = {{Emotet launches major new spam campaign}},
date = {2018-11-09},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/},
language = {English},
urldate = {2019-11-14}
}
Emotet launches major new spam campaign
Emotet |
2018-10-31 ⋅ Kryptos Logic ⋅ Kryptos Logic
@online{logic:20181031:emotet:ab7226f,
author = {Kryptos Logic},
title = {{Emotet Awakens With New Campaign of Mass Email Exfiltration}},
date = {2018-10-31},
organization = {Kryptos Logic},
url = {https://blog.kryptoslogic.com/malware/2018/10/31/emotet-email-theft.html},
language = {English},
urldate = {2020-01-08}
}
Emotet Awakens With New Campaign of Mass Email Exfiltration
Emotet |
2018-09-12 ⋅ Cryptolaemus Pastedump ⋅ Cryptolaemus
@online{cryptolaemus:20180912:emotet:013e01b,
author = {Cryptolaemus},
title = {{Emotet IOC}},
date = {2018-09-12},
organization = {Cryptolaemus Pastedump},
url = {https://paste.cryptolaemus.com},
language = {English},
urldate = {2020-01-13}
}
Emotet IOC
Emotet |
2018-08-01 ⋅ Kryptos Logic ⋅ Kryptos Logic
@online{logic:20180801:inside:e5a8e2c,
author = {Kryptos Logic},
title = {{Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads}},
date = {2018-08-01},
organization = {Kryptos Logic},
url = {https://blog.kryptoslogic.com/malware/2018/08/01/emotet.html},
language = {English},
urldate = {2020-01-09}
}
Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads
Emotet |
2018-07-26 ⋅ Intezer ⋅ Itai Tevet
@online{tevet:20180726:mitigating:30dc2fb,
author = {Itai Tevet},
title = {{Mitigating Emotet, The Most Common Banking Trojan}},
date = {2018-07-26},
organization = {Intezer},
url = {https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/},
language = {English},
urldate = {2019-12-31}
}
Mitigating Emotet, The Most Common Banking Trojan
Emotet |
2018-07-24 ⋅ Check Point ⋅ Ofer Caspi, Ben Herzog
@online{caspi:20180724:emotet:a26725d,
author = {Ofer Caspi and Ben Herzog},
title = {{Emotet: The Tricky Trojan that ‘Git Clones’}},
date = {2018-07-24},
organization = {Check Point},
url = {https://research.checkpoint.com/emotet-tricky-trojan-git-clones/},
language = {English},
urldate = {2020-01-13}
}
Emotet: The Tricky Trojan that ‘Git Clones’
Emotet |
2018-07-23 ⋅ MalFind ⋅ Lasq
@online{lasq:20180723:deobfuscating:dd200d6,
author = {Lasq},
title = {{Deobfuscating Emotet’s powershell payload}},
date = {2018-07-23},
organization = {MalFind},
url = {https://malfind.com/index.php/2018/07/23/deobfuscating-emotets-powershell-payload/},
language = {English},
urldate = {2020-01-09}
}
Deobfuscating Emotet’s powershell payload
Emotet |
2018-07-20 ⋅ NCCIC ⋅ National Cybersecurity, Communications Integration Center
@online{cybersecurity:20180720:alert:89ca0c7,
author = {National Cybersecurity and Communications Integration Center},
title = {{Alert (TA18-201A) Emotet Malware}},
date = {2018-07-20},
organization = {NCCIC},
url = {https://www.us-cert.gov/ncas/alerts/TA18-201A},
language = {English},
urldate = {2019-10-27}
}
Alert (TA18-201A) Emotet Malware
Emotet |
2018-07-18 ⋅ Symantec ⋅ Security Response Attack Investigation Team
@online{team:20180718:evolution:25e5d39,
author = {Security Response Attack Investigation Team},
title = {{The Evolution of Emotet: From Banking Trojan to Threat Distributor}},
date = {2018-07-18},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor},
language = {English},
urldate = {2019-11-27}
}
The Evolution of Emotet: From Banking Trojan to Threat Distributor
Emotet |
2018-02-08 ⋅ CrowdStrike ⋅ Adam Meyers
@online{meyers:20180208:meet:39f25b3,
author = {Adam Meyers},
title = {{Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER}},
date = {2018-02-08},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-february-mummy-spider/},
language = {English},
urldate = {2019-12-20}
}
Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER
Emotet MUMMY SPIDER |
2018 ⋅ Quick Heal ⋅ Quick Heal
@techreport{heal:2018:complete:96388ed,
author = {Quick Heal},
title = {{The Complete story of EMOTET Most prominent Malware of 2018}},
date = {2018},
institution = {Quick Heal},
url = {https://quickheal.co.in/documents/technical-paper/Whitepaper_HowToPM.pdf},
language = {English},
urldate = {2020-01-13}
}
The Complete story of EMOTET Most prominent Malware of 2018
Emotet |
2017-11-15 ⋅ Trend Micro ⋅ Rubio Wu
@online{wu:20171115:new:dde35b0,
author = {Rubio Wu},
title = {{New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis}},
date = {2017-11-15},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/},
language = {English},
urldate = {2019-10-14}
}
New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
Emotet |
2017-11-06 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team
@online{team:20171106:mitigating:b623a70,
author = {Microsoft Defender ATP Research Team},
title = {{Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks}},
date = {2017-11-06},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/},
language = {English},
urldate = {2020-10-23}
}
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet QakBot |
2017-11-06 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team
@online{team:20171106:mitigating:f52d1d9,
author = {Microsoft Defender ATP Research Team},
title = {{Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks}},
date = {2017-11-06},
organization = {Microsoft},
url = {https://cloudblogs.microsoft.com/microsoftsecure/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/?source=mmpc},
language = {English},
urldate = {2019-12-18}
}
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet |
2017-10-12 ⋅ G Data ⋅ G Data
@online{data:20171012:emotet:c99dec0,
author = {G Data},
title = {{Emotet beutet Outlook aus}},
date = {2017-10-12},
organization = {G Data},
url = {https://www.gdata.de/blog/2017/10/30110-emotet-beutet-outlook-aus},
language = {English},
urldate = {2019-12-05}
}
Emotet beutet Outlook aus
Emotet |
2017-10-06 ⋅ CERT.PL ⋅ Maciej Kotowicz, Jarosław Jedynak
@techreport{kotowicz:20171006:peering:668c82e,
author = {Maciej Kotowicz and Jarosław Jedynak},
title = {{Peering into spam botnets}},
date = {2017-10-06},
institution = {CERT.PL},
url = {https://lokalhost.pl/txt/peering.into.spam.botnets.VirusBulletin2017.pdf},
language = {English},
urldate = {2020-04-06}
}
Peering into spam botnets
Emotet Kelihos Necurs SendSafe Tofsee |
2017-09-07 ⋅ Trend Micro ⋅ Don Ladores
@online{ladores:20170907:emotet:bf3075c,
author = {Don Ladores},
title = {{EMOTET Returns, Starts Spreading via Spam Botnet}},
date = {2017-09-07},
organization = {Trend Micro},
url = {http://blog.trendmicro.com/trendlabs-security-intelligence/emotet-returns-starts-spreading-via-spam-botnet/},
language = {English},
urldate = {2019-11-28}
}
EMOTET Returns, Starts Spreading via Spam Botnet
Emotet |
2017-07-17 ⋅ Malwarebytes ⋅ Threat Intelligence Team
@online{team:20170717:its:4b94b0b,
author = {Threat Intelligence Team},
title = {{It’s baaaack: Public cyber enemy Emotet has returned}},
date = {2017-07-17},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/},
language = {English},
urldate = {2020-07-17}
}
It’s baaaack: Public cyber enemy Emotet has returned
Emotet |
2017-05-31 ⋅ ropgadget.com ⋅ Jeff White
@online{white:20170531:writing:1ad3f1b,
author = {Jeff White},
title = {{Writing PCRE's for applied passive network defense [Emotet]}},
date = {2017-05-31},
organization = {ropgadget.com},
url = {http://ropgadget.com/posts/defensive_pcres.html},
language = {English},
urldate = {2020-03-06}
}
Writing PCRE's for applied passive network defense [Emotet]
Emotet |
2017-05-24 ⋅ CERT.PL ⋅ Paweł Srokosz
@online{srokosz:20170524:analysis:1d591e7,
author = {Paweł Srokosz},
title = {{Analysis of Emotet v4}},
date = {2017-05-24},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/analysis-of-emotet-v4/},
language = {English},
urldate = {2020-01-09}
}
Analysis of Emotet v4
Emotet |
2017-05-03 ⋅ Fortinet ⋅ Xiaopeng Zhang
@online{zhang:20170503:deep:4b1f7c7,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of New Emotet Variant - Part 1}},
date = {2017-05-03},
organization = {Fortinet},
url = {http://blog.fortinet.com/2017/05/03/deep-analysis-of-new-emotet-variant-part-1},
language = {English},
urldate = {2019-07-08}
}
Deep Analysis of New Emotet Variant - Part 1
Emotet |
2015-04-09 ⋅ Kaspersky Labs ⋅ Alexey Shulmin
@online{shulmin:20150409:banking:165b265,
author = {Alexey Shulmin},
title = {{The Banking Trojan Emotet: Detailed Analysis}},
date = {2015-04-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/analysis/publications/69560/the-banking-trojan-emotet-detailed-analysis/},
language = {English},
urldate = {2019-12-20}
}
The Banking Trojan Emotet: Detailed Analysis
Emotet |
2013-01-18 ⋅ abuse.ch ⋅ abuse.ch
@online{abusech:20130118:feodo:5354db0,
author = {abuse.ch},
title = {{Feodo Tracker}},
date = {2013-01-18},
organization = {abuse.ch},
url = {https://feodotracker.abuse.ch/?filter=version_e},
language = {English},
urldate = {2020-01-13}
}
Feodo Tracker
Emotet |