Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

The resurgence of a crippling malware: How to threat hunt Emotet

December 2022 by Logpoint

Emotet keeps coming back with renewed force. Despite being taken down by authorities in 2021, it’s back again and rapidly evolving. Emotet is now a Loader-as-a-service downloading other malware and wreaking havoc for an increased number of organizations. Logpoint’s research team has closely monitored Emotet’s emergence, attack patterns, and possible detections to help organizations stop it before it becomes a threat.

An analysis of multiple malware samples reveals that Emotet has changed its tactics from stealing credentials in the banking sector to stealing other sensitive data and acting as a dropper to distribute other malware like IcedID, Trickbot, or Ruyk. Initial access is done mainly through malspam, emails in bulk containing malware, or a link to download it. From the static and dynamic analysis, Logpoint uncovered multiple files, domains, and botnet networks that are still active in the wild.

"Emotet is the most detected malware sample on many platforms. The fact that there has been a variant for several years and it still manages to bypass defenses is a true testament to its amazing adaptability," says Doron Davidson, VP Logpoint Global Services. "At Logpoint, we’re working to stop threats like Emotet in their tracks before they wreak havoc and cause detrimental damage."

To safeguard your organization against Emotet, Logpoint recommends to:
• Look out for common Tactics, Techniques and Procedures (TTPs) used by Emotet
• Familiarize yourself with known Indicators of Compromise (IoC) and ensure you can detect and block them.
• Look out for malicious macros, like a download of a macro-enabled document, and delete or isolate the spawned and child processes.
• Isolate the endpoints, i.e., in case of an attack, isolate the system, take proper logs, evaluate the situation and remediate.


See previous articles

    

See next articles



Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts