SYMBOLCOMMON_NAMEaka. SYNONYMS
win.emotet (Back to overview)

Emotet

aka: Geodo, Heodo

Actor(s): GOLD CABIN, MUMMY SPIDER, Mealybug

VTCollection     URLhaus                                  

While Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery. For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times against high-profile targets.
It is always stealing information from victims but what the criminal gang behind it did, was to open up another business channel by selling their infrastructure delivering additional malicious software. From malware analysts it has been classified into epochs depending on command and control, payloads, and delivery solutions which change over time.
Emotet had been taken down by authorities in January 2021, though it appears to have sprung back to life in November 2021.

References
2024-01-12YouTube (BSides Cambridge UK)Cian Heasley
Slipping The Net: Qakbot, Emotet And Defense Evasion
Emotet QakBot
2024-01-09Recorded FutureInsikt Group
2023 Adversary Infrastructure Report
AsyncRAT Cobalt Strike Emotet PlugX ShadowPad
2023-12-10cocomelonccocomelonc
Malware development: persistence - part 23. LNK files. Simple Powershell example.
Emotet
2023-08-03KasperskyKaspersky
What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot
LokiBot DarkGate Emotet
2023-07-23Medium infoSec Write-upsmov_eax_27
Unpacking an Emotet Trojan
Emotet
2023-07-06WeLiveSecurityJakub Kaloč
What’s up with Emotet?
Emotet
2023-05-18IntezerRyan Robinson
How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems
Emotet
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-04-10Check PointCheck Point
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee
2023-03-30loginsoftSaharsh Agrawal
From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm
2023-03-30United States District Court (Eastern District of New York)Fortra, HEALTH-ISAC, Microsoft
Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-03-22Cisco TalosEdmund Brumaghin, Jaeson Schultz
Emotet Resumes Spam Operations, Switches to OneNote
Emotet
2023-03-13TrendmicroIan Kenefick
Emotet Returns, Now Adopts Binary Padding for Evasion
Emotet
2023-03-07CofenseCofense
Emotet Sending Malicious Emails After Three-Month Hiatus
Emotet
2023-03-07BleepingComputerLawrence Abrams
Emotet malware attacks return after three-month break
Emotet
2023-02-26Medium IlanduIlan Duhin, Yossi Poberezsky
Emotet Campaign
Emotet
2023-01-30CheckpointArie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot
2023-01-26AcronisIlan Duhin
Unpacking Emotet Malware
Emotet
2023-01-20BlackberryBlackBerry Research & Intelligence Team
Emotet Returns With New Methods of Evasion
Emotet IcedID
2023-01-09IntrinsecCTI Intrinsec, Intrinsec
Emotet returns and deploys loaders
BumbleBee Emotet IcedID PHOTOLITE
2022-12-19kienmanowar Blogm4n0w4r, Tran Trung Kien
[Z2A]Bimonthly malware challege – Emotet (Back From the Dead)
Emotet
2022-12-06EuRepoCCamille Borrett, Kerstin Zettl-Schabath, Lena Rottinger
Conti/Wizard Spider
BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER
2022-11-28The DFIR ReportThe DFIR Report
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware
Emotet Mount Locker
2022-11-21BSides SydneyThomas Roccia
X-Ray of Malware Evasion Techniques - Analysis, Dissection, Cure?
Emotet
2022-11-16ProofpointAxel F, Pim Trouerbach
A Comprehensive Look at Emotet Virus’ Fall 2022 Return
BumbleBee Emotet PHOTOLITE
2022-11-10IntezerNicole Fishbein
How LNK Files Are Abused by Threat Actors
BumbleBee Emotet Mount Locker QakBot
2022-10-28Elastic@rsprooten, Elastic Security Intelligence & Analytics Team
EMOTET dynamic config extraction
Emotet
2022-10-13SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-10-03vmwareThreat Analysis Unit
Emotet Exposed: A Look Inside the Cybercriminal Supply Chain
Emotet
2022-09-13AdvIntelAdvanced Intelligence
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022
Conti Cobalt Strike Emotet Ryuk TrickBot
2022-09-12The DFIR ReportThe DFIR Report
Dead or Alive? An Emotet Story
Cobalt Strike Emotet
2022-08-23DarktraceEugene Chua, Hanah Darley, Paul Jennings
Emotet Resurgence: Cross-Industry Campaign Analysis
Emotet
2022-08-19vmwareOleg Boyarchuk, Stefano Ortolani
How to Replicate Emotet Lateral Movement
Emotet
2022-08-10BitSightJoão Batista
Emotet SMB Spreader is Back
Emotet
2022-07-17ResecurityResecurity
Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise
AsyncRAT BumbleBee Emotet IcedID QakBot
2022-07-12CyrenKervin Alintanahin
Example Analysis of Multi-Component Malware
Emotet Formbook
2022-07-07SANS ISCBrad Duncan
Emotet infection with Cobalt Strike
Cobalt Strike Emotet
2022-07-07FortinetErin Lin
Notable Droppers Emerge in Recent Threat Campaigns
BumbleBee Emotet PhotoLoader QakBot
2022-06-27NetskopeGustavo Palazolo
Emotet: Still Abusing Microsoft Office Macros
Emotet
2022-06-21McAfeeLakshya Mathur
Rise of LNK (Shortcut files) Malware
BazarBackdoor Emotet IcedID QakBot
2022-06-16ESET ResearchRene Holt
How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security
Emotet
2022-06-02MandiantMandiant
TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-05-27KrollCole Manaster, Elio Biasiotto, George Glass
Emotet Analysis: New LNKs in the Infection Chain – The Monitor, Issue 20
Emotet
2022-05-25vmwareOleg Boyarchuk, Stefano Ortolani
Emotet Config Redux
Emotet
2022-05-24BitSightBitSight, João Batista, Pedro Umbelino
Emotet Botnet Rises Again
Cobalt Strike Emotet QakBot SystemBC
2022-05-24Deep instinctBar Block
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them
Dridex Emotet
2022-05-19Trend MicroAdolph Christian Silverio, Jeric Miguel Abordo, Khristian Joseph Morales, Maria Emreen Viray
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
Emotet QakBot
2022-05-17Palo Alto Networks Unit 42Brad Duncan
Emotet Summary: November 2021 Through January 2022
Emotet
2022-05-16vmwareJason Zhang, Oleg Boyarchuk, Stefano Ortolani, Threat Analysis Unit
Emotet Moves to 64 bit and Updates its Loader
Emotet
2022-05-11HPHP Wolf Security
Threat Insights Report Q1 - 2022
AsyncRAT Emotet Mekotio Vjw0rm
2022-05-11IronNetBlake Cahen, IronNet Threat Research
Detecting a MUMMY SPIDER campaign and Emotet infection
Emotet
2022-05-09NetresecErik Hjelmvik
Emotet C2 and Spam Traffic Video
Emotet
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-06NetskopeGustavo Palazolo
Emotet: New Delivery Mechanism to Bypass VBA Protection
Emotet
2022-05-04SophosAndreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet
2022-04-28SymantecKarthikeyan C Kasiviswanathan, Vishal Kamble
Ransomware: How Attackers are Breaching Corporate Networks
AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot
2022-04-27CybleincCyble
Emotet Returns With New TTPs And Delivers .Lnk Files To Its Victims
Emotet
2022-04-26ProofpointAxel F
Emotet Tests New Delivery Techniques
Emotet
2022-04-26Bleeping ComputerIonut Ilascu
Emotet malware now installs via PowerShell in Windows shortcut files
Emotet
2022-04-26Intel 471Intel 471
Conti and Emotet: A constantly destructive duo
Cobalt Strike Conti Emotet IcedID QakBot TrickBot
2022-04-24forensicitguyTony Lambert
Shortcut to Emotet, an odd TTP change
Emotet
2022-04-20CISAAustralian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), CISA, FBI, Government Communications Security Bureau, National Crime Agency (NCA), NCSC UK, NSA
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-04-20cocomelonccocomelonc
Malware development: persistence - part 1. Registry run keys. C++ example.
Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky
2022-04-19Twitter (@Cryptolaemus1)Cryptolaemus
#Emotet Update: 64 bit upgrade of Epoch 5
Emotet
2022-04-19Bleeping ComputerBill Toulas
Emotet botnet switches to 64-bit modules, increases activity
Emotet
2022-04-18FortinetErin Lin
Trends in the Recent Emotet Maldoc Outbreak
Emotet
2022-04-17BushidoToken BlogBushidoToken
Lessons from the Conti Leaks
BazarBackdoor Conti Emotet IcedID Ryuk TrickBot
2022-04-13KasperskyAMR
Emotet modules and recent attacks
Emotet
2022-04-12AhnLabASEC Analysis Team
SystemBC Being Used by Various Attackers
Emotet SmokeLoader SystemBC
2022-04-12Check PointCheck Point Research
March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance
Alien FluBot Agent Tesla Emotet
2022-04-08ReversingLabsPaul Roberts
ConversingLabs Ep. 2: Conti pivots as ransomware as a service struggles
Conti Emotet TrickBot
2022-04-02Github (pl-v)Player-V
Emotet Analysis Part 1: Unpacking
Emotet
2022-03-30PrevailionPrevailion
Wizard Spider continues to confound
BazarBackdoor Cobalt Strike Emotet
2022-03-29vmwareJason Zhang, Oleg Boyarchuk, Threat Analysis Unit
Emotet C2 Configuration Extraction and Analysis
Emotet
2022-03-28CiscoAdela Jezkova, María José Erquiaga, Onur Erdogan
Emotet is Back
Emotet
2022-03-23NVISO LabsBart Parys
Hunting Emotet campaigns with Kusto
Emotet
2022-03-23FortinetXiaopeng Zhang
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II
Emotet
2022-03-23FortinetShunichi Imano, Val Saengphaibul
Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams
Emotet
2022-03-23SecureworksCounter Threat Unit ResearchTeam
Threat Intelligence Executive Report Volume 2022, Number 2
Conti Emotet IcedID TrickBot
2022-03-23SecureworksCounter Threat Unit ResearchTeam
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
Conti Emotet IcedID TrickBot
2022-03-21Info SecurityVinugayathri Chinnasamy
Emotet Is Back and Is Deadlier Than Ever! A Rundown of the Emotet Malware
Emotet
2022-03-16DragosJosh Hanrahan
Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
Conti Emotet
2022-03-16SymantecSymantec Threat Hunter Team
The Ransomware Threat Landscape: What to Expect in 2022
AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin
2022-03-08LumenBlack Lotus Labs
What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets
Emotet
2022-03-07FortinetXiaopeng Zhang
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
Emotet
2022-03-03Trend MicroTrend Micro Research
Cyberattacks are Prominent in the Russia-Ukraine Conflict
BazarBackdoor Cobalt Strike Conti Emotet WhisperGate
2022-03-02KrebsOnSecurityBrian Krebs
Conti Ransomware Group Diaries, Part II: The Office
Conti Emotet Ryuk TrickBot
2022-03-01Twitter (@ContiLeaks)ContiLeaks
Tweet on Emotet final server scheme
Emotet
2022-02-25CyberScoopJoe Warminsky
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators
BazarBackdoor Emotet TrickBot
2022-02-24The Hacker NewsRavie Lakshmanan
TrickBot Gang Likely Shifting Operations to Switch to New Malware
BazarBackdoor Emotet QakBot TrickBot
2022-02-24The Hacker NewsRavie Lakshmanan
Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure
BazarBackdoor Emotet TrickBot
2022-02-24CynetMax Malyutin
New Wave of Emotet – When Project X Turns Into Y
Cobalt Strike Emotet
2022-02-23cyber.wtf blogLuca Ebach
What the Pack(er)?
Cobalt Strike Emotet
2022-02-16Security OnionDoug Burks
Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08
Cobalt Strike Emotet
2022-02-16Threat PostElizabeth Montalbano
Emotet Now Spreading Through Malicious Excel Files
Emotet
2022-02-15Palo Alto Networks Unit 42Brad Duncan, Micah Yates, Saqib Khanzada, Tyler Halfpop
New Emotet Infection Method
Emotet
2022-02-15eSentireeSentire Threat Response Unit (TRU)
Increase in Emotet Activity and Cobalt Strike Deployment
Cobalt Strike Emotet
2022-02-13NetbyteSECFareed, Rosamira, Taqi
Technical Malware Analysis: The Return of Emotet
Emotet
2022-02-10CybereasonCybereason Global SOC Team
Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot
Cobalt Strike Emotet IcedID QakBot
2022-02-07vmwareJason Zhang, Threat Analysis Unit
Emotet Is Not Dead (Yet) – Part 2
Emotet
2022-02-02VMRayMateusz Lukaszewski, VMRay Labs Team
Malware Analysis Spotlight: Emotet’s Use of Cryptography
Emotet
2022-01-27Threat Lab IndonesiaThreat Lab Indonesia
Malware Analysis Emotet Infection
Emotet
2022-01-25SANS ISCBrad Duncan
Emotet Stops Using 0.0.0.0 in Spambot Traffic
Emotet
2022-01-23kienmanowar Blogm4n0w4r, Tran Trung Kien
[QuickNote] Emotet epoch4 & epoch5 tactics
Emotet
2022-01-22Atomic Matryoshkaz3r0day_504
Malware Headliners: Emotet
Emotet
2022-01-21Trend MicroIan Kenefick
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
Emotet
2022-01-21vmwareJason Zhang, Threat Analysis Unit
Emotet Is Not Dead (Yet)
Emotet
2022-01-19InfoSec Handlers Diary BlogBrad Duncan
0.0.0.0 in Emotet Spambot Traffic
Emotet
2022-01-19GdataKarsten Hahn
Malware vaccines can prevent pandemics, yet are rarely used
Emotet STOP
2022-01-17forensicitguyTony Lambert
Emotet's Excel 4.0 Macros Dropping DLLs
Emotet
2022-01-14RiskIQJordan Herman
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2022-01-07muha2xmadMuhammad Hasan Ali
Unpacking Emotet malware part 02
Emotet
2022-01-06muha2xmadMuhammad Hasan Ali
Unpacking Emotet malware part 01
Emotet
2021-12-22CloudsekAnandeshwar Unnikrishnan
Emotet 2.0: Everything you need to know about the new Variant of the Banking Trojan
Emotet
2021-12-13ZscalerAvinash Kumar, Dennis Schwarz
Return of Emotet: Malware Analysis
Emotet
2021-12-09HPPatrick Schläpfer
Emotet’s Return: What’s Different?
Emotet
2021-12-08Check Point ResearchAliaksandr Trafimchuk, David Driker, Raman Ladutska, Yali Magiel
When old friends meet again: why Emotet chose Trickbot for rebirth
Emotet TrickBot
2021-12-07Bleeping ComputerLawrence Abrams
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Cobalt Strike Emotet
2021-11-30Deep instinctRon Ben Yizhak
The Re-Emergence of Emotet
Emotet
2021-11-25DSIHCharles Blanc-Rolin
Emotet de retour, POC Exchange, 0-day Windows : à quelle sauce les attaquants prévoient de nous manger cette semaine?
Emotet
2021-11-23AnomaliAnomali Threat Research
Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return
Emotet
2021-11-20Advanced IntelligenceVitali Kremez, Yelisey Boguslavskiy
Corporate Loader "Emotet": History of "X" Project Return for Ransomware
Emotet
2021-11-20Twitter (@eduardfir)Eduardo Mattos
Tweet on Velociraptor artifact analysis for Emotet
Emotet
2021-11-20Youtube (HEXORCIST)Nicolas Brulez
Unpacking Emotet and Reversing Obfuscated Word Document
Emotet
2021-11-19LAC WATCHLAC WATCH
Malware Emotet resumes its activities for the first time in 10 months, and Japan is also the target of the attack
Emotet
2021-11-19CRONUPGermán Fernández
La Botnet de EMOTET reinicia ataques en Chile y LATAM
Emotet
2021-11-18eSentireeSentire
Emotet Activity Identified
Emotet
2021-11-18NetskopeGhanashyam Satpathy, Gustavo Palazolo
Netskope Threat Coverage: The Return of Emotet
Emotet
2021-11-16MalwarebytesMalwarebytes Threat Intelligence Team
TrickBot helps Emotet come back from the dead
Emotet TrickBot
2021-11-16InfoSec Handlers Diary BlogBrad Duncan
Emotet Returns
Emotet
2021-11-16ZscalerDeepen Desai
Return of Emotet malware
Emotet
2021-11-16HornetsecuritySecurity Lab
Comeback of Emotet
Emotet
2021-11-15cyber.wtf blogLuca Ebach
Guess who’s back
Emotet
2021-11-15Bleeping ComputerLawrence Abrams
Emotet malware is back and rebuilding its botnet via TrickBot
Emotet
2021-08-15SymantecThreat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker
2021-07-12The RecordCatalin Cimpanu
Over 780,000 email accounts compromised by Emotet have been secured
Emotet
2021-06-16S2 GrupoCSIRT-CV (the ICT Security Center of the Valencian Community)
Emotet campaign analysis
Emotet QakBot
2021-06-10ZEIT OnlineAstrid Geisler, Herwig G. Höller, Karsten Polke-Majewski, Von Kai Biermann, Zachary Kamel
On the Trail of the Internet Extortionists
Emotet Mailto
2021-06-10TagesschauHakan Tanriverdi, Maximilian Zierer
Schadsoftware Emotet: BKA befragt Schlüsselfigur
Emotet
2021-05-26DeepInstinctRon Ben Yizhak
A Deep Dive into Packing Software CryptOne
Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader
2021-05-10WirtschaftswocheThomas Kuhn
How one of the largest hacker networks in the world was paralyzed
Emotet
2021-04-22SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2021
Emotet Ficker Stealer Raccoon
2021-04-22Github (@cecio)@red5heep
EMOTET: a State-Machine reversing exercise
Emotet
2021-04-09Palo Alto Networks Unit 42Chris Navarrete, Yanhui Jia
Emotet Command and Control Case Study
Emotet
2021-03-31KasperskyKaspersky
Financial Cyberthreats in 2020
BetaBot DanaBot Emotet Gozi Ramnit RTM SpyEye TrickBot Zeus
2021-03-31Red CanaryRed Canary
2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot
2021-03-21BlackberryBlackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-03-17HPHP Bromium
Threat Insights Report Q4-2020
Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader
2021-03-08Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Rongbo Shao, Yanhui Jia
Attack Chain Overview: Emotet in December 2020 and January 2021
Emotet
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-28NetbyteSEC
Deobfuscating Emotet Macro Document and Powershell Command
Emotet
2021-02-25JPCERT/CCKen Sajo
Emotet Disruption and Outreach to Affected Users
Emotet
2021-02-25ANSSICERT-FR
Ryuk Ransomware
BazarBackdoor Buer Conti Emotet Ryuk TrickBot
2021-02-24AllsafeHara Hiroaki, Shota Nakajima
Malware Analysis at Scale - Defeating Emotet by Ghidra
Emotet
2021-02-24IBMIBM SECURITY X-FORCE
X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-17Politie NLPolitie NL
Politie bestrijdt cybercrime via Nederlandse infrastructuur
Emotet
2021-02-17YouTube (AGDC Services)AGDC Services
How Malware Can Resolve APIs By Hash
Emotet Mailto
2021-02-16ProofpointProofpoint Threat Research Team
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes
Emotet Ryuk NARWHAL SPIDER TA800
2021-02-12CERT-FRCERT-FR
The Malware-Aa-A-Service Emotet
Emotet
2021-02-08GRNET CERTDimitris Kolotouros, Marios Levogiannis
Reverse engineering Emotet – Our approach to protect GRNET against the trojan
Emotet
2021-02-03Digital ShadowsStefano De Blasi
Emotet Disruption: what it means for the cyber threat landscape
Emotet
2021-02-02CRONUPGermán Fernández
De ataque con Malware a incidente de Ransomware
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-29MalwarebytesThreat Intelligence Team
Cleaning up after Emotet: the law enforcement file
Emotet
2021-01-28InfoSec Handlers Diary BlogDaniel Wesemann
Emotet vs. Windows Attack Surface Reduction
Emotet
2021-01-28HornetsecurityHornetsecurity Security Lab
Emotet Botnet Takedown
Emotet
2021-01-28NTTDan Saunders
Emotet disruption - Europol counterattack
Emotet
2021-01-28Youtube (Virus Bulletin)Benoît Ancel
The Bagsu banker case
Azorult DreamBot Emotet Pony TrickBot ZeusAction
2021-01-28Department of Homeland SecurityDepartment of Justice
Emotet Botnet Disrupted in International Cyber Operation
Emotet
2021-01-27EurojustEurojust
World’s most dangerous malware EMOTET disrupted through global action
Emotet
2021-01-27BundeskriminalamtBundeskriminalamt
In­fra­struk­tur der Emo­tet-Schad­soft­wa­re zer­schla­gen
Emotet
2021-01-27Youtube (Національна поліція України)Національна поліція України
Кіберполіція викрила транснаціональне угруповання хакерів у розповсюдженні вірусу EMOTET
Emotet
2021-01-27Intel 471Intel 471
Emotet takedown is not like the Trickbot takedown
Emotet
2021-01-27Team CymruJames Shank
Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts
Emotet
2021-01-27Twitter (@milkr3am)milkream
Tweet on all Emotet epoch pushing payload to self remove emotet malware on 2021-04-25
Emotet
2021-01-27KrebsOnSecurityBrian Krebs
International Action Targets Emotet Crimeware
Emotet
2021-01-19Palo Alto Networks Unit 42Brad Duncan
Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot
2021-01-14NetskopeDagmawi Mulugeta, Ghanashyam Satpathy
You Can Run, But You Can’t Hide: Advanced Emotet Updates
Emotet
2021-01-13VinCSSm4n0w4r, Tran Trung Kien
[RE019] From A to X analyzing some real cases which used recent Emotet samples
Emotet
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-05r3mrum blogR3MRUM
Manual analysis of new PowerSplit maldocs delivering Emotet
Emotet
2020-12-31Cert-AgIDCert-AgID
Simplify Emotet parsing with Python and iced x86
Emotet
2020-12-30Bleeping ComputerSergiu Gatlan
Emotet malware hits Lithuania's National Public Health Center
Emotet
2020-12-21Cisco TalosJON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-10Youtube (OALabs)Sergei Frankoff
Malware Triage Analyzing PrnLoader Used To Drop Emotet
Emotet
2020-12-04Kaspersky LabsOleg Kupreev
The chronicles of Emotet
Emotet
2020-11-26VirusTotalEmiliano Martinez
Using similarity to expand context and map out threat campaigns
Emotet
2020-11-22Irshad's BlogIrshad Muhammad
Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.
Emotet
2020-11-20ZDNetCatalin Cimpanu
The malware that usually installs ransomware and you need to remove right away
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader
2020-11-18CiscoEdmund Brumaghin, Jaeson Schultz, Nick Biasini
Back from vacation: Analyzing Emotet’s activity in 2020
Emotet
2020-11-06Security Soup BlogRyan Campbell
Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs
Emotet
2020-11-06LAC WATCHIshikawa, Matsumoto, Takagen
分析レポート:Emotetの裏で動くバンキングマルウェア「Zloader」に注意
Emotet Zloader
2020-11-05Brim SecurityOliver Rochford
Hunting Emotet with Brim and Zeek
Emotet
2020-10-29Palo Alto Networks Unit 42Janos Szurdi, Jingwei Fan, Ruian Duan, Seokkyung Chung, Zhanhao Chen
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Emotet
2020-10-29CERT-FRCERT-FR
LE MALWARE-AS-A-SERVICE EMOTET
Dridex Emotet ISFB QakBot
2020-10-28BitdefenderRuben Andrei Condor
A Decade of WMI Abuse – an Overview of Techniques in Modern Malware
sLoad Emotet Maze
2020-10-20Bundesamt für Sicherheit in der InformationstechnikBSI
Die Lage der IT-Sicherheit in Deutschland 2020
Clop Emotet REvil Ryuk TrickBot
2020-10-19SPAM AuditorThomas
The Many Faces of Emotet
Emotet
2020-10-16ProofpointCassandra A., Proofpoint Threat Research Team
Geofenced Amazon Japan Credential Phishing Volumes Rival Emotet
Emotet
2020-10-12DeepInstinctRon Ben Yizhak
Why Emotet’s Latest Wave is Harder to Catch Than Ever Before – Part 2
Emotet
2020-10-01ProofpointAxel F, Proofpoint Threat Research Team
Emotet Makes Timely Adoption of Political and Elections Lures
Emotet
2020-09-29MicrosoftMicrosoft
Microsoft Digital Defense Report
Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot
2020-09-29SeqritePrashant Tilekar
The return of the Emotet as the world unlocks!
Emotet
2020-09-29PWC UKAndy Auld
What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker
2020-09-23paloalto Netoworks: Unit42Brad Duncan
Case Study: Emotet Thread Hijacking, an Email Attack Technique
Emotet
2020-09-11ThreatConnectThreatConnect Research Team
Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33
2020-09-07CERT NZCERT NZ
Emotet Malware being spread via email
Emotet
2020-09-07CERT-FRCERT-FR
Bulletin d'alerte du CERT-FR: Recrudescence d’activité Emotet en France
Emotet
2020-08-31IndeChris Campbell
Analysis of the latest wave of Emotet malicious documents
Emotet
2020-08-28ProofpointAxel F, Proofpoint Threat Research Team
A Comprehensive Look at Emotet’s Summer 2020 Return
Emotet MUMMY SPIDER
2020-08-24HornetsecuritySecurity Lab
Emotet Update increases Downloads
Emotet
2020-08-14Binary DefenseJames Quinn
EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense
Emotet
2020-08-12DeepInstinctRon Ben Yizhak
Why Emotet’s Latest Wave is Harder to Catch than Ever Before
Emotet
2020-08-09F5 LabsDebbie Walkowski, Remi Cohen
Banking Trojans: A Reference Guide to the Malware Family Tree
BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus
2020-08-05Github (mauronz)Francesco Muroni
Emotet API+string deobfuscator (v0.1)
Emotet
2020-08-01TG SoftTG Soft
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB
2020-07-31HornetsecurityHornetsecurity Security Lab
The webshells powering Emotet
Emotet
2020-07-30SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-29Sophos LabsAndrew Brandt
Emotet’s return is the canary in the coal mine
Emotet
2020-07-28Bleeping ComputerSergiu Gatlan
Emotet malware now steals your email attachments to attack contacts
Emotet
2020-07-20Bleeping ComputerLawrence Abrams
Emotet-TrickBot malware duo is back infecting Windows machines
Emotet TrickBot
2020-07-20NTTSecurity division of NTT Ltd.
Shellbot victim overlap with Emotet network infrastructure
Emotet
2020-07-20HornetsecurityHornetsecurity Security Lab
Emotet is back
Emotet
2020-07-17CERT-FRCERT-FR
The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus
2020-06-18NTT SecuritySecurity division of NTT Ltd.
Behind the scenes of the Emotet Infrastructure
Emotet
2020-06-12ThreatConnectThreatConnect Research Team
Probable Sandworm Infrastructure
Avaddon Emotet Kimsuky
2020-05-28VMWare Carbon BlackRyan Murphy, Tom Kellermann
Modern Bank Heists 3.0
Emotet
2020-05-24Palo Alto Networks Unit 42Ajaya Neupane, Stefan Achleitner
Using AI to Detect Malicious C2 Traffic
Emotet Sality
2020-05-21PICUS SecuritySüleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-05-05HornetsecuritySecurity Lab
Awaiting the Inevitable Return of Emotet
Emotet
2020-04-22Youtube (Infosec Alpha)Raashid Bhat
FlattenTheCurve - Emotet Control Flow Unflattening | Episode 2
Emotet
2020-04-14Intel 471Intel 471
Understanding the relationship between Emotet, Ryuk and TrickBot
Emotet Ryuk TrickBot
2020-04-03Bleeping ComputerSergiu Gatlan
Microsoft: Emotet Took Down a Network by Overheating All Computers
Emotet
2020-03-31Youtube (Infosec Alpha)Raashid Bhat
Emotet Binary Deobfuscation | Coconut Paradise | Episode 1
Emotet
2020-03-30SymantecMingwei Zhang, Nguyen Hoang Giang
Emotet: Dangerous Malware Keeps on Evolving
Emotet
2020-03-30IntezerMichael Kajiloti
Fantastic payloads and where we find them
Dridex Emotet ISFB TrickBot
2020-03-12Digital ShadowsAlex Guirakhoo
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation
Emotet
2020-03-11Twitter (@raashidbhatt)Raashid Bhat
Tweet on Emotet Deobfuscation with Video
Emotet
2020-03-06TelekomThomas Barabosch
Dissecting Emotet - Part 2
Emotet
2020-03-06Binary DefenseJames Quinn
Emotet Wi-Fi Spreader Upgraded
Emotet
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-03-02c'tChristian Wölbert
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen
Emotet Ryuk
2020-02-29ZDNetCatalin Cimpanu
Meet the white-hat group fighting Emotet, the world's most dangerous malware
Emotet
2020-02-18CERT.PLMichał Praszmo
What’s up Emotet?
Emotet
2020-02-13TalosEdmund Brumaghin, Nick Biasini
Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT
2020-02-10MalwarebytesAdam Kujawa, Chris Boyd, David Ruiz, Jérôme Segura, Jovi Umawing, Nathan Collier, Pieter Arntz, Thomas Reed, Wendy Zamora
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor
2020-02-08PICUS SecuritySüleyman Özarslan
Emotet Technical Analysis - Part 2 PowerShell Unveiled
Emotet
2020-02-07Binary DefenseJames Quinn
Emotet Evolves With New Wi-Fi Spreader
Emotet
2020-02-03TelekomThomas Barabosch
Dissecting Emotet – Part 1
Emotet
2020-01-30IBM X-Force ExchangeAshkan Vila, Golo Mühr
Coronavirus Goes Cyber With Emotet
Emotet
2020-01-30PICUS SecuritySüleyman Özarslan
Emotet Technical Analysis - Part 1 Reveal the Evil Code
Emotet
2020-01-27T-SystemsT-Systems
Vorläufiger forensischer Abschlussbericht zur Untersuchung des Incidents beim Berliner Kammergericht
Emotet TrickBot
2020-01-17Hiroaki Ogawa, Manabu Niseki
100 more behind cockroaches?
MoqHao Emotet Predator The Thief
2020-01-17JPCERT/CCTakayoshi Shiigi
Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT
2020-01-14Bleeping ComputerLawrence Abrams
United Nations Targeted With Emotet Malware Phishing Attack
Emotet
2020-01-13GigamonEd Miles, William Peteroy
Emotet: Not your Run-of-the-mill Malware
Emotet
2020-01-10CSISCSIS
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
2020-01-07Hatching.ioTeam
Powershell Static Analysis & Emotet results
Emotet
2020-01-01SecureworksSecureWorks
GOLD CRESTWOOD
Emotet MUMMY SPIDER
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-12-10JPCERT/CCJPCERT/CC
[Updated] Alert Regarding Emotet Malware Infection
Emotet
2019-12-07SecureworksKeith Jarvis, Kevin O’Reilly
End-to-end Botnet Monitoring... Botconf 2019
Emotet ISFB QakBot
2019-12-04JPCERT/CCKen Sajo
How to Respond to Emotet Infection (FAQ)
Emotet
2019-11-06Heise SecurityThomas Hungenberg
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail
Emotet Ryuk TrickBot
2019-10-30ZscalerAbhay Yadav, Atinderpal Singh
Emotet is back in action after a short break
Emotet
2019-10-14Marco Ramilli
Is Emotet gang targeting companies with external SOC?
Emotet
2019-09-24Dissecting MalwareMarius Genheimer
Return of the Mummy - Welcome back, Emotet
Emotet
2019-09-16MalwarebytesThreat Intelligence Team
Emotet is back: botnet springs back to life with new spam campaign
Emotet
2019-08-13AdalogicsDavid Korczynski
The state of advanced code injections
Dridex Emotet Tinba
2019-08-12Schweizerische EidgenossenschaftSchweizerische Eidgenossenschaft
Trojaner Emotet greift Unternehmensnetzwerke an