Emotet Surges in Japan

  |  Source: 

Emotet Surges in Japan

Industry: N/A | Level: Tactical | Source: Cybereason

Cybereason's tracking of Emotet malware in the first quarter of 2022, has identified a surge of Emotet activity against Japanese organizations. Emotet's distribution has been identified through malicious Excel documents that downloads the malware upon execution. The malware uses regsvr32 to execute a malicious DLL file however it also uses a .ocx file extension. Events following, involve the malware establishing persistence in the registry and conducting reconnaissance activity. Cybereason noticed Emotet in it's current attacks has not utilized PowerShell for deployment.

  • Anvilogic Scenarios:
  • Emotet Behaviors
  • Malicious Document Delivering Malware
  • Anvilogic Use Cases:
  • Malicious Document Execution
  • regsvr32 Execution
  • New AutoRun Registry Key
  • Common Reconnaissance Commands

Get trending threats published weekly by the Anvilogic team.

Sign Up Now