The On Again, Off Again Emotet is Now Back On
The On Again, Off Again Emotet is Now Back On
Category: Malware Campaign | Industry: Global | Level: Tactical | Source: Cofense
Emotet campaigns have fluctuated between surging and dormant since the infamous malware returned in November 2022. As of the morning of Tuesday, March 7th, 2023, at 8:00 AM EST, new malicious emails containing Emotet were circulating. The latest campaigns were discovered by security researcher, Cryptolaemus and researchers from Cofense, who have discovered the spam emails are carrying a weaponized Office document. The malicious document contains embedded macros contained within a compressed zip file. After the user accepts the “Enable Content” prompt, the malicious macros execute to retrieve Emotet DLLS from a remote site and execute them on the host machine.
Anvilogic Scenario:
- Malicious File Delivering Malware
Anvilogic Use Cases:
- Compressed File Execution
- Malicious Document Execution
- Wscript/Cscript Execution