Quick Post — Emotet: The Mummy Returns (Again)

Quick Post — Emotet: The Mummy Returns (Again)

Emotet is a modular malware that consistently dominated the threat landscape as a favored delivery platform for adversaries to gain initial access. It had evolved from a straightforward banking trojan around 2014 into a full-fledged malware distribution service, which delivered a variety of payloads for other threat groups. The U.S. Department of Homeland Security previously stated that Emotet…

Quick Post: Mummy Spider Delivers Emotet Maldocs for the Holidays

Quick Post: Mummy Spider Delivers Emotet Maldocs for the Holidays

Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections cost state…

Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs

Quick Post: Spooky New PowerShell Obfuscation in Emotet Maldocs

Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections cost state…

New Obfuscation Techniques in Emotet Maldocs

New Obfuscation Techniques in Emotet Maldocs

Summary Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet infections…

Quick Post: Analyzing Maldoc with “Do While” Loop in VBA Downloader

Quick Post: Analyzing Maldoc with “Do While” Loop in VBA Downloader

Summary Emotet is a modular malware delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that…

Quick Post: Host Artifacts from a Recent Emotet Infection

Quick Post: Host Artifacts from a Recent Emotet Infection

Summary If you’ve been following malware threats and/or the information security happenings of the past couple weeks in general, then you are likely aware that Emotet, everyone’s favorite malware downloader, has returned to active spamming operations. There has been a ton of great coverage on many aspects of its return to active campaigns. Shameless plug:…

Analysis of a New Emotet Maldoc with VBA Downloader

Analysis of a New Emotet Maldoc with VBA Downloader

Summary Emotet is a modular delivery platform that has consistently dominated the commodity malware threat landscape over the past couple of years. It has evolved from a straightforward banking trojan into a full-fledged malware distribution service, delivering a variety of payloads for other threat actor groups. The U.S. Department of Homeland Security states that Emotet…

A Quick Look at Emotet’s Updated JavaScript Dropper

A Quick Look at Emotet’s Updated JavaScript Dropper

Summary Emotet is an advanced, modular downloader that primarily functions as a dropper of other opportunistic malware variants. Emotet continues to be among the most widely distributed and destructive malware variants affecting organizations throughout the private and public sectors. In a previous joint Technical Alert, US-CERT identified that Emotet infections have cost organizations up to…

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 3

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 3

read time = 5 minutes Summary This is the third in a series of posts exploring fundamental malware analysis techniques. Please check out Part 1 and Part 2 for some additional background. The following techniques are presented as an alternative to automated sandboxing, which are effective and powerful tools. However, as we showed in Part…

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 2

How To: Extract Network Indicators of Compromise (IOCs) from Maldoc Macros — Part 2

read time = 4 minutes Summary This is the second in a series of posts exploring fundamental malware analysis techniques. Please check out Part 1 for some additional background,. The following techniques are presented as an alternative to automated sandboxing, which are effective and powerful tools. However, as we showed in Part 1, they may…