Unidentified JS 003 (Emotet Downloader) Propose Change

Actor(s): MUMMY SPIDER

According to Max Kersten, Emotet is dropped by a procedure spanned over multiple stages. The first stage is an office file that contains a macro. This macro then loads the second stage, which is either a PowerShell script or a piece of JavaScript, which is this family entry.

References

There is no Yara-Signature yet.