Tuesday, October 24, 2017

New Emotet Tactics Employing Embedded URL Links

Emotet is a credential stealing trojan with the ability to drop payloads and move laterally through networks. Emotet spreads by E-mail to addresses gained from the address books of previous victims. In October of 2017, Wapack Labs observed a new Emotet campaign targeting multiple industries. This recent campaign is characterized by changes in Tactics, Techniques, and Procedures (TTPs). These changes include the use of embedded URLs (or links) instead of attachments, and newly adopted obfuscation techniques. Emotet’s ability to spread to compromised email contacts aids in the increase of infections. E-mails propagated in this manner likely have a higher infection rate as they originate from a known contact. This report looks at the new TTPs observed including changes in delivery, obfuscation, and the Visual Basic embedded macros...READ MORE

Wapack Labs has cataloged and reported on Emotet malware and campaigns in the past. An archive of related reporting can be found in the Red Sky Alliance portal.