| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): MUMMY SPIDER, Mealybug
URLhausWhile Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery. For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times against high-profile targets.
It is always stealing information from victims but what the criminal gang behind it did, was to open up another business channel by selling their infrastructure delivering additional malicious software. From malware analysts it has been classified into epochs depending on command and control, payloads, and delivery solutions which change over time.
| 2020-09-11 ⋅ ThreatConnect ⋅ Research Roundup: Activity on Previously Identified APT33 Domains Emotet PlugX APT33 |
| 2020-09-07 ⋅ CERT-FR ⋅ Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France Emotet |
| 2020-09-07 ⋅ CERT NZ ⋅ Emotet Malware being spread via email Emotet |
| 2020-08-28 ⋅ Proofpoint ⋅ A Comprehensive Look at Emotet’s Summer 2020 Return Emotet MUMMY SPIDER |
| 2020-08-24 ⋅ Hornetsecurity ⋅ Emotet Update increases Downloads Emotet |
| 2020-08-14 ⋅ Binary Defense ⋅ EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense Emotet |
| 2020-08-05 ⋅ Github (mauronz) ⋅ Emotet API+string deobfuscator (v0.1) Emotet |
| 2020-08 ⋅ TG Soft ⋅ TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
| 2020-07-31 ⋅ Hornetsecurity ⋅ The webshells powering Emotet Emotet |
| 2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
| 2020-07-29 ⋅ Sophos Labs ⋅ Emotet’s return is the canary in the coal mine Emotet |
| 2020-07-28 ⋅ Bleeping Computer ⋅ Emotet malware now steals your email attachments to attack contacts Emotet |
| 2020-07-20 ⋅ Hornetsecurity ⋅ Emotet is back Emotet |
| 2020-07-20 ⋅ Bleeping Computer ⋅ Emotet-TrickBot malware duo is back infecting Windows machines Emotet TrickBot |
| 2020-07-20 ⋅ NTT ⋅ Shellbot victim overlap with Emotet network infrastructure Emotet |
| 2020-07-17 ⋅ CERT-FR ⋅ The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
| 2020-06-18 ⋅ NTT Security ⋅ Behind the scenes of the Emotet Infrastructure Emotet |
| 2020-06-12 ⋅ ThreatConnect ⋅ Probable Sandworm Infrastructure Avaddon Ransomware Emotet Kimsuky |
| 2020-05-28 ⋅ VMWare Carbon Black ⋅ Modern Bank Heists 3.0 Emotet |
| 2020-05-21 ⋅ PICUS Security ⋅ T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
| 2020-05-05 ⋅ Hornetsecurity ⋅ Awaiting the Inevitable Return of Emotet Emotet |
| 2020-04-22 ⋅ Youtube (Infosec Alpha) ⋅ FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2 Emotet |
| 2020-04-14 ⋅ Intel 471 ⋅ Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
| 2020-04-03 ⋅ Bleeping Computer ⋅ Microsoft: Emotet Took Down a Network by Overheating All Computers Emotet |
| 2020-03-31 ⋅ Youtube (Infosec Alpha) ⋅ Emotet Binary Deobfuscation | Coconut Paradise | Episode 1 Emotet |
| 2020-03-30 ⋅ Intezer ⋅ Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
| 2020-03-30 ⋅ Symantec ⋅ Emotet: Dangerous Malware Keeps on Evolving Emotet |
| 2020-03-12 ⋅ Digital Shadows ⋅ How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation Emotet |
| 2020-03-11 ⋅ Twitter (@raashidbhatt) ⋅ Tweet on Emotet Deobfuscation with Video Emotet |
| 2020-03-06 ⋅ Telekom ⋅ Dissecting Emotet - Part 2 Emotet |
| 2020-03-06 ⋅ Binary Defense ⋅ Emotet Wi-Fi Spreader Upgraded Emotet |
| 2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
| 2020-03-03 ⋅ PWC UK ⋅ Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
| 2020-03-02 ⋅ c't ⋅ Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
| 2020-02-29 ⋅ ZDNet ⋅ Meet the white-hat group fighting Emotet, the world's most dangerous malware Emotet |
| 2020-02-18 ⋅ CERT.PL ⋅ What’s up Emotet? Emotet |
| 2020-02-13 ⋅ Talos ⋅ Threat actors attempt to capitalize on coronavirus outbreak Emotet Nanocore RAT Parallax RAT |
| 2020-02-10 ⋅ Malwarebytes ⋅ 2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-02-08 ⋅ PICUS Security ⋅ Emotet Technical Analysis - Part 2 PowerShell Unveiled Emotet |
| 2020-02-07 ⋅ Binary Defense ⋅ Emotet Evolves With New Wi-Fi Spreader Emotet |
| 2020-02-03 ⋅ Telekom ⋅ Dissecting Emotet – Part 1 Emotet |
| 2020-01-30 ⋅ PICUS Security ⋅ Emotet Technical Analysis - Part 1 Reveal the Evil Code Emotet |
| 2020-01-30 ⋅ IBM X-Force Exchange ⋅ Coronavirus Goes Cyber With Emotet Emotet |
| 2020-01-27 ⋅ T-Systems ⋅ Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht Emotet TrickBot |
| 2020-01-17 ⋅ JPCERT/CC ⋅ Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
| 2020-01-17 ⋅ 100 more behind cockroaches? MoqHao Emotet Predator The Thief |
| 2020-01-14 ⋅ Bleeping Computer ⋅ United Nations Targeted With Emotet Malware Phishing Attack Emotet |
| 2020-01-13 ⋅ Gigamon ⋅ Emotet: Not your Run-of-the-mill Malware Emotet |
| 2020-01-10 ⋅ CSIS ⋅ Threat Matrix H1 2019 Gustuff magecart Emotet Gandcrab Ramnit TrickBot |
| 2020-01-07 ⋅ Hatching.io ⋅ Powershell Static Analysis & Emotet results Emotet |
| 2020 ⋅ Secureworks ⋅ GOLD CRESTWOOD Emotet MUMMY SPIDER |
| 2019-12-12 ⋅ FireEye ⋅ Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech |
| 2019-12-10 ⋅ JPCERT/CC ⋅ [Updated] Alert Regarding Emotet Malware Infection Emotet |
| 2019-12-04 ⋅ JPCERT/CC ⋅ How to Respond to Emotet Infection (FAQ) Emotet |
| 2019-11-06 ⋅ Heise Security ⋅ Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
| 2019-10-30 ⋅ Zscaler ⋅ Emotet is back in action after a short break Emotet |
| 2019-10-14 ⋅ Is Emotet gang targeting companies with external SOC? Emotet |
| 2019-09-24 ⋅ Dissecting Malware ⋅ Return of the Mummy - Welcome back, Emotet Emotet |
| 2019-09-16 ⋅ Malwarebytes ⋅ Emotet is back: botnet springs back to life with new spam campaign Emotet |
| 2019-08-13 ⋅ Adalogics ⋅ The state of advanced code injections Dridex Emotet Tinba |
| 2019-08-12 ⋅ Schweizerische Eidgenossenschaft ⋅ Trojaner Emotet greift Unternehmensnetzwerke an Emotet |
| 2019-06-06 ⋅ Fortinet ⋅ A Deep Dive into the Emotet Malware Emotet |
| 2019-05-15 ⋅ Proofpoint ⋅ Threat Actor Profile: TA542, From Banker to Malware Distribution Service Emotet MUMMY SPIDER |
| 2019-05-09 ⋅ GovCERT.ch ⋅ Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
| 2019-04-29 ⋅ Blueliv ⋅ Where is Emotet? Latest geolocation data Emotet |
| 2019-04-25 ⋅ Trend Micro ⋅ Emotet Adds New Evasion Technique Emotet |
| 2019-04-22 ⋅ int 0xcc blog ⋅ Dissecting Emotet’s network communication protocol Emotet |
| 2019-04-12 ⋅ SpamTitan ⋅ Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates Emotet |
| 2019-04-07 ⋅ Emotet malware analysis. Part 2 Emotet |
| 2019-04 ⋅ Analyzing Emotet with Ghidra — Part 1 Emotet |
| 2019-03-27 ⋅ Spamhaus ⋅ Emotet adds a further layer of camouflage Emotet |
| 2019-03-17 ⋅ Persianov on Security ⋅ Emotet malware analysis. Part 1 Emotet |
| 2019-03-15 ⋅ Cofense ⋅ Flash Bulletin: Emotet Epoch 1 Changes its C2 Communication Emotet |
| 2019-03-08 ⋅ The Daily Swig ⋅ Emotet trojan implicated in Wolverine Solutions ransomware attack Emotet |
| 2019-02-16 ⋅ Max Kersten's Blog ⋅ Emotet droppers Emotet |
| 2019-01-17 ⋅ SANS ISC InfoSec Forums ⋅ Emotet infections and follow-up malware Emotet |
| 2019-01-05 ⋅ Github (d00rt) ⋅ Emotet Research Emotet |
| 2019 ⋅ Emutet Emotet |
| 2018-12-18 ⋅ Trend Micro ⋅ URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
| 2018-11-16 ⋅ Trend Micro ⋅ Exploring Emotet: Examining Emotet’s Activities, Infrastructure Emotet |
| 2018-11-09 ⋅ ESET Research ⋅ Emotet launches major new spam campaign Emotet |
| 2018-10-31 ⋅ Kryptos Logic ⋅ Emotet Awakens With New Campaign of Mass Email Exfiltration Emotet |
| 2018-09-12 ⋅ Cryptolaemus Pastedump ⋅ Emotet IOC Emotet |
| 2018-08-01 ⋅ Kryptos Logic ⋅ Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads Emotet |
| 2018-07-26 ⋅ Intezer ⋅ Mitigating Emotet, The Most Common Banking Trojan Emotet |
| 2018-07-24 ⋅ Check Point ⋅ Emotet: The Tricky Trojan that ‘Git Clones’ Emotet |
| 2018-07-23 ⋅ MalFind ⋅ Deobfuscating Emotet’s powershell payload Emotet |
| 2018-07-20 ⋅ NCCIC ⋅ Alert (TA18-201A) Emotet Malware Emotet |
| 2018-07-18 ⋅ Symantec ⋅ The Evolution of Emotet: From Banking Trojan to Threat Distributor Emotet |
| 2018-02-08 ⋅ CrowdStrike ⋅ Meet CrowdStrike’s Adversary of the Month for February: MUMMY SPIDER Emotet MUMMY SPIDER |
| 2018 ⋅ Quick Heal ⋅ The Complete story of EMOTET Most prominent Malware of 2018 Emotet |
| 2017-11-15 ⋅ Trend Micro ⋅ New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis Emotet |
| 2017-11-06 ⋅ Microsoft ⋅ Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet |
| 2017-10-12 ⋅ G Data ⋅ Emotet beutet Outlook aus Emotet |
| 2017-10-06 ⋅ CERT.PL ⋅ Peering into spam botnets Emotet Kelihos Necurs SendSafe Tofsee |
| 2017-09-07 ⋅ Trend Micro ⋅ EMOTET Returns, Starts Spreading via Spam Botnet Emotet |
| 2017-07-17 ⋅ Malwarebytes ⋅ It’s baaaack: Public cyber enemy Emotet has returned Emotet |
| 2017-05-31 ⋅ ropgadget.com ⋅ Writing PCRE's for applied passive network defense [Emotet] Emotet |
| 2017-05-24 ⋅ CERT.PL ⋅ Analysis of Emotet v4 Emotet |
| 2017-05-03 ⋅ Fortinet ⋅ Deep Analysis of New Emotet Variant - Part 1 Emotet |
| 2015-04-09 ⋅ Kaspersky Labs ⋅ The Banking Trojan Emotet: Detailed Analysis Emotet |
| 2013-01-18 ⋅ abuse.ch ⋅ Feodo Tracker Emotet |