Author: Jason Meurer

Yes… another Emotet post, but they just keep on changing things up! We were having a look around our data from the Emotet botnet and came across an interesting example of the reply-chain tactic that has become the new normal for them.

As can be seen in the example above, …

Continue Reading

The Emotet botnet began sending holiday themed emails today. While this isn’t necessarily new to them, it does go to show that they are constantly experimenting with relevant themes along with their reply-chain style emails. Below are a few examples of emails that we saw cross our wires today:

Holiday
Continue Reading

Ran across this brand new angle on sextortion today. Instead of looking for creds to use for authenticity in a sexotortion email, this actor has decided to send a very small and generic email with a link to a blog site. Reviewing the site leads to what amounts to a …

Continue Reading

The Emotet botnet updated their clients this morning around 6am EST.

We came across these hashes for the clients:

E1
4969b8145150d8c9d92abd66db2d17b1b54efcece75812ef77e7ef72d955bd19
E2
812e7a6ebdb40271ec0f878a559c29b459527f2e21ef6208e27d34c6808cd662

The following is a list of the C2 that were pulled from the binaries. Please use these to catch any infections that may be present within your …

Continue Reading

We have been tracking the Emotet botnet for quite some time now and noticed that they began standing up their C2 (command and control) infrastructure again on Aug 21.  Our systems caught the first servers coming alive for Epoch 2 of the botnets clients around 3pm EST.  The first servers …

Continue Reading