win.geodo (Back to overview)

Geodo

aka: Emotet, Heodo

Actor(s): Mealybug

URLhaus                        

There is no description at this point.

References
https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/
http://blog.trendmicro.com/trendlabs-security-intelligence/emotet-returns-starts-spreading-via-spam-botnet/
https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-emotet-variant-part-2.html
https://blog.kryptoslogic.com/malware/2018/08/01/emotet.html
https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/
https://github.com/d00rt/emotet_research
https://www.us-cert.gov/ncas/alerts/TA18-201A
https://blog.trendmicro.com/trendlabs-security-intelligence/new-emotet-hijacks-windows-api-evades-sandbox-analysis/
https://blog.kryptoslogic.com/malware/2018/10/31/emotet-email-theft.html
http://blog.fortinet.com/2017/05/03/deep-analysis-of-new-emotet-variant-part-1
https://www.intezer.com/mitigating-emotet-the-most-common-banking-trojan/
https://research.checkpoint.com/emotet-tricky-trojan-git-clones/
https://www.cert.pl/en/news/single/analysis-of-emotet-v4/
https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor
https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-february-mummy-spider/
https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/Trojaner_Emotet_greift_Unternehmensnetzwerke_an.html
https://blog.trendmicro.com/trendlabs-security-intelligence/exploring-emotet-examining-emotets-activities-infrastructure/
https://cloudblogs.microsoft.com/microsoftsecure/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/?source=mmpc
https://www.fidelissecurity.com/threatgeek/2017/07/emotet-takes-wing-spreader
https://securelist.com/analysis/publications/69560/the-banking-trojan-emotet-detailed-analysis/
https://feodotracker.abuse.ch/?filter=version_e
https://www.gdata.de/blog/2017/10/30110-emotet-beutet-outlook-aus
https://malfind.com/index.php/2018/07/23/deobfuscating-emotets-powershell-payload/