Emotet Surges in Japan

Industry: N/A | Level: Tactical | Source: Cybereason

Cybereason's tracking of Emotet malware in the first quarter of 2022, has identified a surge of Emotet activity against Japanese organizations. Emotet's distribution has been identified through malicious Excel documents that downloads the malware upon execution. The malware uses regsvr32 to execute a malicious DLL file however it also uses a .ocx file extension. Events following, involve the malware establishing persistence in the registry and conducting reconnaissance activity. Cybereason noticed Emotet in it's current attacks has not utilized PowerShell for deployment.

• Anvilogic Scenarios:
• Emotet Behaviors
• Malicious Document Delivering Malware
• Anvilogic Use Cases:
• Malicious Document Execution
• regsvr32 Execution
• New AutoRun Registry Key
• Common Reconnaissance Commands