Threat Awareness – Emotet Up to its Old Trick(bot) and Some New Ones Too

Since last month’s re-emergence of Emotet – Everybody’s Email Enemy #1 – we’ve observed its rekindling with Trickbot to spread and propensity for proliferating ransomware attacks. However, the last 10 months since its global takedown effort appear to have been time well-spent for the malware as it has come up with some new tricks. From propagating through fake software installers and improving its encryption algorithm, Emotet has recently been observed directly dropping Cobalt Strike beacons instead of relying on its old pals (Trickbot or Qakbot) to do the dirty work. This immediate Cobalt Strike deployment now gives Emotet’s threat actors more immediate network access to perform activities such as remote network surveillance or execute further commands. Members are encouraged to maintain awareness on Emotet’s ever-evolving escapades. For more on this week’s activities, visit BleepingComputer, Threatpost, and DarkReading. For a more in-depth review, system administrators are encouraged to review this recent report by CheckPoint.