• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   EMOTET

Exploring Emotet: Examining Emotet’s Activities, Infrastructure
  • Posted on:November 16, 2018 at 4:43 am
  • Posted in:Botnets, Malware, Spam
  • Author:
    Trend Micro
0

Discovered by Trend Micro in 2014, the banking Trojan Emotet has been brought back to life by malware authors last year with its own spamming module that has allowed it to spread, target new industries and regions, and evade sandbox and malware analysis techniques. This year, we examined Emotet’s activities to learn more about how this modular malware wreaks havoc: We did a comprehensive research on Emotet’s artifacts — 8,528 unique URLs, 5,849 document droppers, and 571 executables collected between June 1, 2018 and September 15, 2018 — to discover Emotet’s infrastructure as well as possible attribution information.

Read More
Tags: EMOTET

New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis
  • Posted on:November 15, 2017 at 6:43 am
  • Posted in:Malware
  • Author:
    Rubio Wu (Threats Analyst)
0

We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a few changes in its usual behavior and new routines that allow it to elude…

Read More
Tags: EMOTETsandbox evasionWindows API

EMOTET Returns, Starts Spreading via Spam Botnet
  • Posted on:September 7, 2017 at 9:10 am
  • Posted in:Botnets, Malware
  • Author:
    Don Ladores (Threat Response Engineer)
0

We first detected the banking malware EMOTET back in 2014, we looked into the banking malware’s routines and behaviors and took note of its information stealing abilities via network sniffing. After a period of relative inactivity, it appears it’s making a comeback with increased activity from new variants that have the potential to unleash different types of payloads in the affected system.

Read More
Tags: botnetEMOTETMalwareTrojan

Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game
  • Posted on:December 29, 2016 at 11:20 pm
  • Posted in:Malware, Ransomware, Spam
  • Author:
    Trend Micro
0

In early December, GoldenEye ransomware  (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human resource department. GoldenEye, a relabeled version of the Petya (RANSOM_PETYA) and Mischa (RANSOM_MISCHA) ransomware combo, not only kept to the James Bond theme of its earlier iteration, but also its attack vector.

Given ransomware’s likely outlook to reach a plateau, persistence in the threat landscape and diversification of target victims are the names of the game. GoldenEye exemplifies bad guys trying to gain scale, leverage, and profit with rehashed malware.

Read More
Tags: CERBERDRIDEXEMOTETGoldenEyeMischapetyaSharikZBOT

New Banking Malware Uses Network Sniffing for Data Theft
  • Posted on:June 27, 2014 at 8:47 am
  • Posted in:Malware, Spam
  • Author:
    Joie Salvio (Threat Response Engineer)
0

With online banking becoming routine for most users, it comes as no surprise that we are seeing more banking malware enter the threat landscape. In fact, 2013 saw almost a million new banking malware variants—double the volume of the previous year. The rise of banking malware continued into this year, with new malware and even…

Read More
Tags: EMOTETMalwareonline banking

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  • Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  • Fake Banking App Found on Google Play Used in SMiShing Scheme
  • Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.