Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 02/03/2022

2nd of March 2022 - Winners of the 9th week : Redline, NjRAT and Emotet.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

02/03/2022

Distribution :

TLP : WHITE  

What's new?

Emotet (ID Mitre: S0367)

TrickBot operators slowly abandon the botnet and replace it with Emotet

Last week, samples from #Conti’s internal chats leaked. Among various addressed subjects, the group confirmed that the botnet #Trickbot has shut down this month. In addition, conversations showed relationships between #Conti ransomware group ,#Trickbot group, and #Emotet operators.

#Emotet malware is a #loader operated by the eponymous group on the loader-as-a-service model. After a takedown in January 2021, #Emotet malware came back in November 2021 with new features and techniques. The malware is now reemerging on the threat landscape, reaching Any.run submissions top 3 at this day.

Before disappearing, #Trickbot operators might move infected assets to other #botnets such as #Emotet to keep some monetization value, as suggested by #Intel 471 researchers. Historically,  #Trickbot and #Emotet were distributing each other on infected targets, facilitating the transition. It could sign a new rise of a Emotet.

https://www.csoonline.com/article/3651492/trickbot-operators-slowly-abandon-the-botnet-and-replace-it-with-emotet.html

 

Download the report

 

 

Print Email