| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): GOLD CABIN, MUMMY SPIDER, Mealybug
URLhausWhile Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery. For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times against high-profile targets.
It is always stealing information from victims but what the criminal gang behind it did, was to open up another business channel by selling their infrastructure delivering additional malicious software. From malware analysts it has been classified into epochs depending on command and control, payloads, and delivery solutions which change over time.
Emotet had been taken down by authorities in January 2021, though it appears to have sprung back to life in November 2021.
| 2022-11-28 ⋅ The DFIR Report ⋅ Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware Emotet Mount Locker |
| 2022-11-10 ⋅ Intezer ⋅ How LNK Files Are Abused by Threat Actors BumbleBee Emotet Mount Locker QakBot |
| 2022-10-28 ⋅ Elastic ⋅ EMOTET dynamic config extraction Emotet |
| 2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Botnet Threat Update Q3 2022 FluBot Loki Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-10-03 ⋅ vmware ⋅ Emotet Exposed: A Look Inside the Cybercriminal Supply Chain Emotet |
| 2022-09-13 ⋅ AdvIntel ⋅ AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
| 2022-09-12 ⋅ The DFIR Report ⋅ Dead or Alive? An Emotet Story Cobalt Strike Emotet |
| 2022-08-23 ⋅ Darktrace ⋅ Emotet Resurgence: Cross-Industry Campaign Analysis Emotet |
| 2022-08-19 ⋅ vmware ⋅ How to Replicate Emotet Lateral Movement Emotet |
| 2022-08-10 ⋅ BitSight ⋅ Emotet SMB Spreader is Back Emotet |
| 2022-07-17 ⋅ Resecurity ⋅ Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise AsyncRAT BumbleBee Emotet IcedID QakBot |
| 2022-07-12 ⋅ Cyren ⋅ Example Analysis of Multi-Component Malware Emotet Formbook |
| 2022-07-07 ⋅ SANS ISC ⋅ Emotet infection with Cobalt Strike Cobalt Strike Emotet |
| 2022-07-07 ⋅ Fortinet ⋅ Notable Droppers Emerge in Recent Threat Campaigns BumbleBee Emotet PhotoLoader QakBot |
| 2022-06-27 ⋅ Netskope ⋅ Emotet: Still Abusing Microsoft Office Macros Emotet |
| 2022-06-21 ⋅ McAfee ⋅ Rise of LNK (Shortcut files) Malware BazarBackdoor Emotet IcedID QakBot |
| 2022-06-16 ⋅ ESET Research ⋅ How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security Emotet |
| 2022-06-02 ⋅ Mandiant ⋅ TRENDING EVIL Q2 2022 CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot |
| 2022-05-27 ⋅ Kroll ⋅ Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20 Emotet |
| 2022-05-25 ⋅ vmware ⋅ Emotet Config Redux Emotet |
| 2022-05-24 ⋅ Deep instinct ⋅ Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them Dridex Emotet |
| 2022-05-24 ⋅ BitSight ⋅ Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
| 2022-05-19 ⋅ Trend Micro ⋅ Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware Emotet QakBot |
| 2022-05-17 ⋅ Palo Alto Networks Unit 42 ⋅ Emotet Summary: November 2021 Through January 2022 Emotet |
| 2022-05-16 ⋅ vmware ⋅ Emotet Moves to 64 bit and Updates its Loader Emotet |
| 2022-05-11 ⋅ IronNet ⋅ Detecting a MUMMY SPIDER campaign and Emotet infection Emotet |
| 2022-05-11 ⋅ HP ⋅ Threat Insights Report Q1 - 2022 AsyncRAT Emotet Mekotio Vjw0rm |
| 2022-05-09 ⋅ Microsoft ⋅ Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-05-09 ⋅ Netresec ⋅ Emotet C2 and Spam Traffic Video Emotet |
| 2022-05-06 ⋅ Netskope ⋅ Emotet: New Delivery Mechanism to Bypass VBA Protection Emotet |
| 2022-05-04 ⋅ Sophos ⋅ Attacking Emotet’s Control Flow Flattening Emotet |
| 2022-04-28 ⋅ Symantec ⋅ Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
| 2022-04-27 ⋅ Cybleinc ⋅ Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims Emotet |
| 2022-04-26 ⋅ Proofpoint ⋅ Emotet Tests New Delivery Techniques Emotet |
| 2022-04-26 ⋅ Intel 471 ⋅ Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
| 2022-04-26 ⋅ Bleeping Computer ⋅ Emotet malware now installs via PowerShell in Windows shortcut files Emotet |
| 2022-04-24 ⋅ forensicitguy ⋅ Shortcut to Emotet, an odd TTP change Emotet |
| 2022-04-20 ⋅ cocomelonc ⋅ Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
| 2022-04-20 ⋅ CISA ⋅ Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
| 2022-04-20 ⋅ CISA ⋅ AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
| 2022-04-19 ⋅ Twitter (@Cryptolaemus1) ⋅ #Emotet Update: 64 bit upgrade of Epoch 5 Emotet |
| 2022-04-19 ⋅ Bleeping Computer ⋅ Emotet botnet switches to 64-bit modules, increases activity Emotet |
| 2022-04-18 ⋅ Fortinet ⋅ Trends in the Recent Emotet Maldoc Outbreak Emotet |
| 2022-04-17 ⋅ BushidoToken Blog ⋅ Lessons from the Conti Leaks BazarBackdoor Conti Emotet IcedID Ryuk TrickBot |
| 2022-04-13 ⋅ Kaspersky ⋅ Emotet modules and recent attacks Emotet |
| 2022-04-12 ⋅ AhnLab ⋅ SystemBC Being Used by Various Attackers Emotet SmokeLoader SystemBC |
| 2022-04-12 ⋅ Check Point ⋅ March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance Alien FluBot Agent Tesla Emotet |
| 2022-04-08 ⋅ ReversingLabs ⋅ ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles Conti Emotet TrickBot |
| 2022-04-02 ⋅ Github (pl-v) ⋅ Emotet Analysis Part 1: Unpacking Emotet |
| 2022-03-30 ⋅ Prevailion ⋅ Wizard Spider continues to confound BazarBackdoor Cobalt Strike Emotet |
| 2022-03-29 ⋅ vmware ⋅ Emotet C2 Configuration Extraction and Analysis Emotet |
| 2022-03-28 ⋅ Cisco ⋅ Emotet is Back Emotet |
| 2022-03-23 ⋅ Secureworks ⋅ Threat Intelligence Executive Report Volume 2022, Number 2 Conti Emotet IcedID TrickBot |
| 2022-03-23 ⋅ Fortinet ⋅ Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams Emotet |
| 2022-03-23 ⋅ Fortinet ⋅ MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II Emotet |
| 2022-03-23 ⋅ Secureworks ⋅ GOLD ULRICK Leaks Reveal Organizational Structure and Relationships Conti Emotet IcedID TrickBot |
| 2022-03-23 ⋅ NVISO Labs ⋅ Hunting Emotet campaigns with Kusto Emotet |
| 2022-03-21 ⋅ Info Security ⋅ Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware Emotet |
| 2022-03-16 ⋅ Dragos ⋅ Suspected Conti Ransomware Activity in the Auto Manufacturing Sector Conti Emotet |
| 2022-03-16 ⋅ Symantec ⋅ The Ransomware Threat Landscape: What to Expect in 2022 AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin |
| 2022-03-08 ⋅ Lumen ⋅ What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets Emotet |
| 2022-03-07 ⋅ Fortinet ⋅ MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I Emotet |
| 2022-03-03 ⋅ Trend Micro ⋅ Cyberattacks are Prominent in the Russia-Ukraine Conflict BazarBackdoor Cobalt Strike Conti Emotet WhisperGate |
| 2022-03-02 ⋅ KrebsOnSecurity ⋅ Conti Ransomware Group Diaries, Part II: The Office Conti Emotet Ryuk TrickBot |
| 2022-03-01 ⋅ Twitter (@ContiLeaks) ⋅ Tweet on Emotet final server scheme Emotet |
| 2022-02-25 ⋅ CyberScoop ⋅ TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators BazarBackdoor Emotet TrickBot |
| 2022-02-24 ⋅ The Hacker News ⋅ TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
| 2022-02-24 ⋅ The Hacker News ⋅ Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure BazarBackdoor Emotet TrickBot |
| 2022-02-24 ⋅ Cynet ⋅ New Wave of Emotet – When Project X Turns Into Y Cobalt Strike Emotet |
| 2022-02-23 ⋅ cyber.wtf blog ⋅ What the Pack(er)? Cobalt Strike Emotet |
| 2022-02-16 ⋅ Security Onion ⋅ Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08 Cobalt Strike Emotet |
| 2022-02-16 ⋅ Threat Post ⋅ Emotet Now Spreading Through Malicious Excel Files Emotet |
| 2022-02-15 ⋅ Palo Alto Networks Unit 42 ⋅ New Emotet Infection Method Emotet |
| 2022-02-15 ⋅ eSentire ⋅ Increase in Emotet Activity and Cobalt Strike Deployment Cobalt Strike Emotet |
| 2022-02-13 ⋅ NetbyteSEC ⋅ Technical Malware Analysis: The Return of Emotet Emotet |
| 2022-02-10 ⋅ Cybereason ⋅ Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot Cobalt Strike Emotet IcedID QakBot |
| 2022-02-07 ⋅ vmware ⋅ Emotet Is Not Dead (Yet) – Part 2 Emotet |
| 2022-02-02 ⋅ VMRay ⋅ Malware Analysis Spotlight: Emotet’s Use of Cryptography Emotet |
| 2022-01-27 ⋅ Threat Lab Indonesia ⋅ Malware Analysis Emotet Infection Emotet |
| 2022-01-25 ⋅ SANS ISC ⋅ Emotet Stops Using 0.0.0.0 in Spambot Traffic Emotet |
| 2022-01-23 ⋅ kienmanowar Blog ⋅ [QuickNote] Emotet epoch4 & epoch5 tactics Emotet |
| 2022-01-22 ⋅ Atomic Matryoshka ⋅ Malware Headliners: Emotet Emotet |
| 2022-01-21 ⋅ Trend Micro ⋅ Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware Emotet |
| 2022-01-21 ⋅ vmware ⋅ Emotet Is Not Dead (Yet) Emotet |
| 2022-01-19 ⋅ InfoSec Handlers Diary Blog ⋅ 0.0.0.0 in Emotet Spambot Traffic Emotet |
| 2022-01-17 ⋅ forensicitguy ⋅ Emotet's Excel 4.0 Macros Dropping DLLs Emotet |
| 2022-01-14 ⋅ RiskIQ ⋅ RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers Dridex Emotet |
| 2022-01-07 ⋅ muha2xmad ⋅ Unpacking Emotet malware part 02 Emotet |
| 2022-01-06 ⋅ muha2xmad ⋅ Unpacking Emotet malware part 01 Emotet |
| 2021-12-22 ⋅ Cloudsek ⋅ Emotet 2.0: Everything you need to know about the new Variant of the Banking Trojan Emotet |
| 2021-12-13 ⋅ Zscaler ⋅ Return of Emotet: Malware Analysis Emotet |
| 2021-12-09 ⋅ HP ⋅ Emotet’s Return: What’s Different? Emotet |
| 2021-12-08 ⋅ Check Point Research ⋅ When old friends meet again: why Emotet chose Trickbot for rebirth Emotet TrickBot |
| 2021-12-07 ⋅ Bleeping Computer ⋅ Emotet now drops Cobalt Strike, fast forwards ransomware attacks Cobalt Strike Emotet |
| 2021-11-30 ⋅ Deep instinct ⋅ The Re-Emergence of Emotet Emotet |
| 2021-11-25 ⋅ DSIH ⋅ Emotet de retour, POC Exchange, 0-day Windows : à quelle sauce les attaquants prévoient de nous manger cette semaine? Emotet |
| 2021-11-23 ⋅ Anomali ⋅ Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return Emotet |
| 2021-11-20 ⋅ Twitter (@eduardfir) ⋅ Tweet on Velociraptor artifact analysis for Emotet Emotet |
| 2021-11-20 ⋅ Advanced Intelligence ⋅ Corporate Loader "Emotet": History of "X" Project Return for Ransomware Emotet |
| 2021-11-20 ⋅ Youtube (HEXORCIST) ⋅ Unpacking Emotet and Reversing Obfuscated Word Document Emotet |
| 2021-11-19 ⋅ LAC WATCH ⋅ Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack Emotet |
| 2021-11-19 ⋅ CRONUP ⋅ La Botnet de EMOTET reinicia ataques en Chile y LATAM Emotet |
| 2021-11-18 ⋅ Netskope ⋅ Netskope Threat Coverage: The Return of Emotet Emotet |
| 2021-11-18 ⋅ eSentire ⋅ Emotet Activity Identified Emotet |
| 2021-11-16 ⋅ Malwarebytes ⋅ TrickBot helps Emotet come back from the dead Emotet TrickBot |
| 2021-11-16 ⋅ Hornetsecurity ⋅ Comeback of Emotet Emotet |
| 2021-11-16 ⋅ Zscaler ⋅ Return of Emotet malware Emotet |
| 2021-11-16 ⋅ InfoSec Handlers Diary Blog ⋅ Emotet Returns Emotet |
| 2021-11-15 ⋅ cyber.wtf blog ⋅ Guess who’s back Emotet |
| 2021-11-15 ⋅ Bleeping Computer ⋅ Emotet malware is back and rebuilding its botnet via TrickBot Emotet |
| 2021-08-15 ⋅ Symantec ⋅ The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-07-12 ⋅ The Record ⋅ Over 780,000 email accounts compromised by Emotet have been secured Emotet |
| 2021-06-16 ⋅ S2 Grupo ⋅ Emotet campaign analysis Emotet QakBot |
| 2021-06-10 ⋅ Tagesschau ⋅ Schadsoftware Emotet: BKA befragt Schlüsselfigur Emotet |
| 2021-06-10 ⋅ ZEIT Online ⋅ On the Trail of the Internet Extortionists Emotet Mailto |
| 2021-05-26 ⋅ DeepInstinct ⋅ A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
| 2021-05-10 ⋅ Wirtschaftswoche ⋅ How one of the largest hacker networks in the world was paralyzed Emotet |
| 2021-04-22 ⋅ Spamhaus ⋅ Spamhaus Botnet Threat Update Q1 2021 Emotet Ficker Stealer Raccoon |
| 2021-04-22 ⋅ Github (@cecio) ⋅ EMOTET: a State-Machine reversing exercise Emotet |
| 2021-04-09 ⋅ Palo Alto Networks Unit 42 ⋅ Emotet Command and Control Case Study Emotet |
| 2021-03-31 ⋅ Red Canary ⋅ 2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-31 ⋅ Kaspersky ⋅ Financial Cyberthreats in 2020 BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus |
| 2021-03-21 ⋅ Blackberry ⋅ 2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-17 ⋅ HP ⋅ Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
| 2021-03-08 ⋅ Palo Alto Networks Unit 42 ⋅ Attack Chain Overview: Emotet in December 2020 and January 2021 Emotet |
| 2021-02-28 ⋅ PWC UK ⋅ Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Tonto Team |
| 2021-02-28 ⋅ Deobfuscating Emotet Macro Document and Powershell Command Emotet |
| 2021-02-25 ⋅ JPCERT/CC ⋅ Emotet Disruption and Outreach to Affected Users Emotet |
| 2021-02-25 ⋅ ANSSI ⋅ Ryuk Ransomware BazarBackdoor Buer Conti Emotet Ryuk TrickBot |
| 2021-02-24 ⋅ IBM ⋅ X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
| 2021-02-24 ⋅ Allsafe ⋅ Malware Analysis at Scale - Defeating Emotet by Ghidra Emotet |
| 2021-02-23 ⋅ CrowdStrike ⋅ 2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-17 ⋅ Politie NL ⋅ Politie bestrijdt cybercrime via Nederlandse infrastructuur Emotet |
| 2021-02-17 ⋅ YouTube (AGDC Services) ⋅ How Malware Can Resolve APIs By Hash Emotet Mailto |
| 2021-02-16 ⋅ Proofpoint ⋅ Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes Emotet Ryuk NARWHAL SPIDER TA800 |
| 2021-02-12 ⋅ CERT-FR ⋅ The Malware-Aa-A-Service Emotet Emotet |
| 2021-02-08 ⋅ GRNET CERT ⋅ Reverse engineering Emotet – Our approach to protect GRNET against the trojan Emotet |
| 2021-02-03 ⋅ Digital Shadows ⋅ Emotet Disruption: what it means for the cyber threat landscape Emotet |
| 2021-02-02 ⋅ CRONUP ⋅ De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-02-01 ⋅ Microsoft ⋅ What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
| 2021-01-29 ⋅ Malwarebytes ⋅ Cleaning up after Emotet: the law enforcement file Emotet |
| 2021-01-28 ⋅ NTT ⋅ Emotet disruption - Europol counterattack Emotet |
| 2021-01-28 ⋅ Hornetsecurity ⋅ Emotet Botnet Takedown Emotet |
| 2021-01-28 ⋅ Youtube (Virus Bulletin) ⋅ The Bagsu banker case Azorult DreamBot Emotet Pony TrickBot ZeusAction |
| 2021-01-28 ⋅ Department of Homeland Security ⋅ Emotet Botnet Disrupted in International Cyber Operation Emotet |
| 2021-01-28 ⋅ InfoSec Handlers Diary Blog ⋅ Emotet vs. Windows Attack Surface Reduction Emotet |
| 2021-01-27 ⋅ Team Cymru ⋅ Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts Emotet |
| 2021-01-27 ⋅ KrebsOnSecurity ⋅ International Action Targets Emotet Crimeware Emotet |
| 2021-01-27 ⋅ Twitter (@milkr3am) ⋅ Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25 Emotet |
| 2021-01-27 ⋅ Bundeskriminalamt ⋅ Infrastruktur der Emotet-Schadsoftware zerschlagen Emotet |
| 2021-01-27 ⋅ Youtube (Національна поліція України) ⋅ Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET Emotet |
| 2021-01-27 ⋅ Intel 471 ⋅ Emotet takedown is not like the Trickbot takedown Emotet |
| 2021-01-27 ⋅ Eurojust ⋅ World’s most dangerous malware EMOTET disrupted through global action Emotet |
| 2021-01-19 ⋅ Palo Alto Networks Unit 42 ⋅ Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
| 2021-01-14 ⋅ Netskope ⋅ You Can Run, But You Can’t Hide: Advanced Emotet Updates Emotet |
| 2021-01-13 ⋅ VinCSS ⋅ [RE019] From A to X analyzing some real cases which used recent Emotet samples Emotet |
| 2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-05 ⋅ r3mrum blog ⋅ Manual analysis of new PowerSplit maldocs delivering Emotet Emotet |
| 2020-12-31 ⋅ Cert-AgID ⋅ Simplify Emotet parsing with Python and iced x86 Emotet |
| 2020-12-30 ⋅ Bleeping Computer ⋅ Emotet malware hits Lithuania's National Public Health Center Emotet |
| 2020-12-21 ⋅ Cisco Talos ⋅ 2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
| 2020-12-10 ⋅ Youtube (OALabs) ⋅ Malware Triage Analyzing PrnLoader Used To Drop Emotet Emotet |
| 2020-12-04 ⋅ Kaspersky Labs ⋅ The chronicles of Emotet Emotet |
| 2020-11-26 ⋅ VirusTotal ⋅ Using similarity to expand context and map out threat campaigns Emotet |
| 2020-11-22 ⋅ Irshad's Blog ⋅ Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload. Emotet |
| 2020-11-20 ⋅ ZDNet ⋅ The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-18 ⋅ Cisco ⋅ Back from vacation: Analyzing Emotet’s activity in 2020 Emotet |
| 2020-11-06 ⋅ Security Soup Blog ⋅ Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs Emotet |
| 2020-11-06 ⋅ LAC WATCH ⋅ 分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意 Emotet Zloader |
| 2020-11-05 ⋅ Brim Security ⋅ Hunting Emotet with Brim and Zeek Emotet |
| 2020-10-29 ⋅ CERT-FR ⋅ LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
| 2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee Emotet |
| 2020-10-28 ⋅ Bitdefender ⋅ A Decade of WMI Abuse – an Overview of Techniques in Modern Malware sLoad Emotet Maze |
| 2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
| 2020-10-19 ⋅ SPAM Auditor ⋅ The Many Faces of Emotet Emotet |
| 2020-10-16 ⋅ Proofpoint ⋅ Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet Emotet |
| 2020-10-12 ⋅ DeepInstinct ⋅ Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2 Emotet |
| 2020-10-01 ⋅ Proofpoint ⋅ Emotet Makes Timely Adoption of Political and Elections Lures Emotet |
| 2020-09-29 ⋅ Seqrite ⋅ The return of the Emotet as the world unlocks! Emotet |
| 2020-09-29 ⋅ Microsoft ⋅ Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
| 2020-09-29 ⋅ PWC UK ⋅ What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
| 2020-09-23 ⋅ paloalto Netoworks: Unit42 ⋅ Case Study: Emotet Thread Hijacking, an Email Attack Technique Emotet |
| 2020-09-11 ⋅ ThreatConnect ⋅ Research Roundup: Activity on Previously Identified APT33 Domains Emotet PlugX APT33 |
| 2020-09-07 ⋅ CERT NZ ⋅ Emotet Malware being spread via email Emotet |
| 2020-09-07 ⋅ CERT-FR ⋅ Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France Emotet |
| 2020-08-31 ⋅ Inde ⋅ Analysis of the latest wave of Emotet malicious documents Emotet |
| 2020-08-28 ⋅ Proofpoint ⋅ A Comprehensive Look at Emotet’s Summer 2020 Return Emotet MUMMY SPIDER |
| 2020-08-24 ⋅ Hornetsecurity ⋅ Emotet Update increases Downloads Emotet |
| 2020-08-14 ⋅ Binary Defense ⋅ EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense Emotet |
| 2020-08-12 ⋅ DeepInstinct ⋅ Why Emotet’s Latest Wave is Harder to Catch than Ever Before Emotet |
| 2020-08-09 ⋅ F5 Labs ⋅ Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
| 2020-08-05 ⋅ Github (mauronz) ⋅ Emotet API+string deobfuscator (v0.1) Emotet |
| 2020-08 ⋅ TG Soft ⋅ TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
| 2020-07-31 ⋅ Hornetsecurity ⋅ The webshells powering Emotet Emotet |
| 2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
| 2020-07-29 ⋅ Sophos Labs ⋅ Emotet’s return is the canary in the coal mine Emotet |
| 2020-07-28 ⋅ Bleeping Computer ⋅ Emotet malware now steals your email attachments to attack contacts Emotet |
| 2020-07-20 ⋅ Hornetsecurity ⋅ Emotet is back Emotet |
| 2020-07-20 ⋅ Bleeping Computer ⋅ Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
| 2020-07-20 ⋅ NTT ⋅ Shellbot victim overlap with Emotet network infrastructure Emotet |
| 2020-07-17 ⋅ CERT-FR ⋅ The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
| 2020-06-18 ⋅ NTT Security ⋅ Behind the scenes of the Emotet Infrastructure Emotet |
| 2020-06-12 ⋅ ThreatConnect ⋅ Probable Sandworm Infrastructure Avaddon Emotet Kimsuky |
| 2020-05-28 ⋅ VMWare Carbon Black ⋅ Modern Bank Heists 3.0 Emotet |
| 2020-05-24 ⋅ Palo Alto Networks Unit 42 ⋅ Using AI to Detect Malicious C2 Traffic Emotet Sality |
| 2020-05-21 ⋅ PICUS Security ⋅ T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
| 2020-05-05 ⋅ Hornetsecurity ⋅ Awaiting the Inevitable Return of Emotet Emotet |
| 2020-04-22 ⋅ Youtube (Infosec Alpha) ⋅ FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2 Emotet |
| 2020-04-14 ⋅ Intel 471 ⋅ Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
| 2020-04-03 ⋅ Bleeping Computer ⋅ Microsoft: Emotet Took Down a Network by Overheating All Computers Emotet |
| 2020-03-31 ⋅ Youtube (Infosec Alpha) ⋅ Emotet Binary Deobfuscation | Coconut Paradise | Episode 1 Emotet |
| 2020-03-30 ⋅ Intezer ⋅ Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
| 2020-03-30 ⋅ Symantec ⋅ Emotet: Dangerous Malware Keeps on Evolving Emotet |
| 2020-03-12 ⋅ Digital Shadows ⋅ How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation Emotet |
| 2020-03-11 ⋅ Twitter (@raashidbhatt) ⋅ Tweet on Emotet Deobfuscation with Video Emotet |
| 2020-03-06 ⋅ Telekom ⋅ Dissecting Emotet - Part 2 Emotet |
| 2020-03-06 ⋅ Binary Defense ⋅ Emotet Wi-Fi Spreader Upgraded Emotet |
| 2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03 ⋅ PWC UK ⋅ Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA |
| 2020-03-02 ⋅ c't ⋅ Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
| 2020-02-29 ⋅ ZDNet ⋅ Meet the white-hat group fighting Emotet, the world's most dangerous malware Emotet |
| 2020-02-18 ⋅ CERT.PL ⋅ What’s up Emotet? Emotet |
| 2020-02-13 ⋅ Talos ⋅ Threat actors attempt to capitalize on coronavirus outbreak Emotet Nanocore RAT Parallax RAT |
| 2020-02-10 ⋅ Malwarebytes ⋅ 2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-02-08 ⋅ PICUS Security ⋅ Emotet Technical Analysis - Part 2 PowerShell Unveiled Emotet |
| 2020-02-07 ⋅ Binary Defense ⋅ Emotet Evolves With New Wi-Fi Spreader Emotet |
| 2020-02-03 ⋅ Telekom ⋅ Dissecting Emotet – Part 1 Emotet |
| 2020-01-30 ⋅ IBM X-Force Exchange ⋅ Coronavirus Goes Cyber With Emotet Emotet |
| 2020-01-30 ⋅ PICUS Security ⋅ Emotet Technical Analysis - Part 1 Reveal the Evil Code Emotet |
| 2020-01-27 ⋅ T-Systems ⋅ Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
| 2020-01-17 ⋅ 100 more behind cockroaches? MoqHao Emotet Predator The Thief |
| 2020-01-17 ⋅ JPCERT/CC ⋅ Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
| 2020-01-14 ⋅ Bleeping Computer ⋅ United Nations Targeted With Emotet Malware Phishing Attack Emotet |
| 2020-01-13 ⋅ Gigamon ⋅ Emotet: Not your Run-of-the-mill Malware Emotet |
| 2020-01-10 ⋅ CSIS ⋅ Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
| 2020-01-07 ⋅ Hatching.io ⋅ Powershell Static Analysis & Emotet results Emotet |
| 2020 ⋅ Secureworks ⋅ GOLD CRESTWOOD Emotet MUMMY SPIDER |
| 2019-12-12 ⋅ FireEye ⋅ Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
| 2019-12-10 ⋅ JPCERT/CC ⋅ [Updated] Alert Regarding Emotet Malware Infection Emotet |
| 2019-12-07 ⋅ Secureworks ⋅ End-to-end Botnet Monitoring... Botconf 2019 Emotet ISFB QakBot |
| 2019-12-04 ⋅ JPCERT/CC ⋅ How to Respond to Emotet Infection (FAQ) Emotet |
| 2019-11-06 ⋅ Heise Security ⋅ Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
| 2019-10-30 ⋅ Zscaler ⋅ Emotet is back in action after a short break Emotet |
| 2019-10-14 ⋅ Is Emotet gang targeting companies with external SOC? Emotet |
| 2019-09-24 ⋅ Dissecting Malware ⋅ Return of the Mummy - Welcome back, Emotet Emotet |
| 2019-09-16 ⋅ Malwarebytes ⋅ Emotet is back: botnet springs back to life with new spam campaign Emotet |
| 2019-08-13 ⋅ Adalogics ⋅ The state of advanced code injections Dridex Emotet Tinba |
| 2019-08-12 ⋅ Schweizerische Eidgenossenschaft ⋅ Trojaner Emotet greift Unternehmensnetzwerke an Emotet |
| 2019-06-06 ⋅ Fortinet ⋅ A Deep Dive into the Emotet Malware Emotet |
| 2019-05-15 ⋅ Proofpoint ⋅ Threat Actor Profile: TA542, From Banker to Malware Distribution Service Emotet MUMMY SPIDER |
| 2019-05-09 ⋅ GovCERT.ch ⋅ Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
| 2019-04-29 ⋅ Blueliv ⋅ Where is Emotet? Latest geolocation data Emotet |
| 2019-04-25 ⋅ Trend Micro ⋅ Emotet Adds New Evasion Technique Emotet |
| 2019-04-22 ⋅ int 0xcc blog ⋅ Dissecting Emotet’s network communication protocol Emotet |
| 2019-04-12 ⋅ SpamTitan ⋅ Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates Emotet |
| 2019-04-07 ⋅ Emotet malware analysis. Part 2 Emotet |
| 2019-04 ⋅ Analyzing Emotet with Ghidra — Part 1 Emotet |
| 2019-03-27 ⋅ Spamhaus ⋅ Emotet adds a further layer of camouflage Emotet |
| 2019-03-17 ⋅ Persianov on Security ⋅ Emotet malware analysis. Part 1 Emotet |
| 2019-03-15 ⋅ Cofense ⋅ Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication Emotet |
| 2019-03-08 ⋅ The Daily Swig ⋅ Emotet trojan implicated in Wolverine Solutions ransomware attack Emotet |
| 2019-02-16 ⋅ Max Kersten's Blog ⋅ Emotet droppers Emotet |
| 2019-01-17 ⋅ SANS ISC InfoSec Forums ⋅ Emotet infections and follow-up malware Emotet |
| 2019-01-05 ⋅ Github (d00rt) ⋅ Emotet Research Emotet |
| 2019 ⋅ Emutet Emotet |
| 2018-12-18 ⋅ Trend Micro ⋅ URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
| 2018-11-16 ⋅ Trend Micro ⋅ Exploring Emotet: Examining Emotet’s Activities, Infrastructure Emotet |
| 2018-11-09 ⋅ ESET Research ⋅ Emotet launches major new spam campaign Emotet |
| 2018-10-31 ⋅ Kryptos Logic ⋅ Emotet Awakens With New Campaign of Mass Email Exfiltration Emotet |
| 2018-09-12 ⋅ Cryptolaemus Pastedump ⋅ Emotet IOC Emotet |
| 2018-08-01 ⋅ Kryptos Logic ⋅ Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads Emotet |
| 2018-07-26 ⋅ Intezer ⋅ Mitigating Emotet, The Most Common Banking Trojan Emotet |
| 2018-07-24 ⋅ Check Point ⋅ Emotet: The Tricky Trojan that ‘Git Clones’ Emotet |
| 2018-07-23 ⋅ MalFind ⋅ Deobfuscating Emotet’s powershell payload Emotet |
| 2018-07-20 ⋅ NCCIC ⋅ Alert (TA18-201A) Emotet Malware Emotet |
| 2018-07-18 ⋅ Symantec ⋅ The Evolution of Emotet: From Banking Trojan to Threat Distributor Emotet |
| 2018-02-08 ⋅ CrowdStrike ⋅ Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER Emotet MUMMY SPIDER |
| 2018-01-12 ⋅ Proofpoint ⋅ Holiday lull? Not so much Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER |
| 2018 ⋅ Quick Heal ⋅ The Complete story of EMOTET Most prominent Malware of 2018 Emotet |
| 2017-11-15 ⋅ Trend Micro ⋅ New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis Emotet |
| 2017-11-06 ⋅ Microsoft ⋅ Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet QakBot |
| 2017-11-06 ⋅ Microsoft ⋅ Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet |
| 2017-10-12 ⋅ G Data ⋅ Emotet beutet Outlook aus Emotet |
| 2017-10-06 ⋅ CERT.PL ⋅ Peering into spam botnets Emotet Kelihos Necurs SendSafe Tofsee |
| 2017-09-07 ⋅ Trend Micro ⋅ EMOTET Returns, Starts Spreading via Spam Botnet Emotet |
| 2017-07-17 ⋅ Malwarebytes ⋅ It’s baaaack: Public cyber enemy Emotet has returned Emotet |
| 2017-05-31 ⋅ ropgadget.com ⋅ Writing PCRE's for applied passive network defense [Emotet] Emotet |
| 2017-05-24 ⋅ CERT.PL ⋅ Analysis of Emotet v4 Emotet |
| 2017-05-03 ⋅ Fortinet ⋅ Deep Analysis of New Emotet Variant - Part 1 Emotet |
| 2015-04-09 ⋅ Kaspersky Labs ⋅ The Banking Trojan Emotet: Detailed Analysis Emotet |
| 2013-01-18 ⋅ abuse.ch ⋅ Feodo Tracker Emotet |