Seasons greetings: Now install my malware…

The Emotet botnet began sending holiday themed emails today. While this isn’t necessarily new to them, it does go to show that they are constantly experimenting with relevant themes along with their reply-chain style emails. Below are a few examples of emails that we saw cross our wires today:

Holiday Schedule Theme

Christmas Party 1

Christmas Part 2

Emotet has been going strong recently and has been seen utilizing templates that are based on package delivery services to catch those of us waiting on gifts by surprise. We have also observed emails with a medical theme that attempt to get the curious to click through. And inline with the end of the year, they have been leveraging the open enrollment period to push emails with an urgent message to review the attached document to secure your benefits.

While knowing this is great, Emotet never sticks with just one theme. On any given day, we see a vast number of emails that span from generic invoice style emails, to ones using reply-chain tactics that contain highly personal information related to the targets. It’s no wonder that this botnet is so effective in luring people to click through warnings at an alarming rate. With a high degree of variability in their emails, they are able to bypass many signature based tools and end up in users inboxes. Today alone we have already seen:

Over 38,000 unique subjects

100’s of unique payload urls

Over 200 unique attachment hashes

Over 5600 unique senders

Emotet remains one of the most prolific and dangerous botnets around and actively targets any email accounts it can get its hands on (e.g., personal, corporate, or government) with impunity.

Attachment Hashes Seen With This Holiday Campaign:



All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.