Posts

Showing posts from July, 2020

Emotet Returns

Image
#Emotet botnet Incoming! pic.twitter.com/HxPYNAhxhM— Will | BushidoToken 👁‍🗨 (@BushidoToken) July 17, 2020

The infamous Emotet botnet has returned. In February 2020, the Emotet botnet, largely made up of compromised WordPress servers, ceased to send spam emails. This period of inactivity has now ended with threat intelligence sources now observing an even large number of URLs and C&C servers than before.
Emotet botnet activity resumed around 15-17 July 2020. That was when the first confirmed emails leading to Emotet infection were first observed. Emotet aims to not only steal information, but also send spam emails using stolen credentials from infected terminals and attempts to spread the malware further.
The typical Emotet infection chain:


Current Emotet documents with embedded macros (as of July 2020):


Media coverage of Emotet since its return:
MSTIC:https://twitter.com/MsftSecIntel/status/1284206817136926720
Malwarebytes:https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emo…