Emotet Returns
Emails from a newly-revived Emotet botnet have one of three types of attachments:
Microsoft Excel spreadsheet
Microsoft Word document
Password-protected zip archive (password: BMIIVYHZ) containing a Word document These emails were all spoofed replies that used data from stolen email chains, presumably gathered from previously infected Windows hosts. Infection traffic for Emotet is similar to what we saw before the takedown in January 2021.
The only real difference is Emotet post-infection C2 is now encrypted HTTPS instead of unencrypted HTTP.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe