Cybercrime, why Emotet stopped and resumed its operations
Cybersecurity experts: The malware core infrastructure was originally located in Ukraine. After the Russian invasion, it has moved “at home” or in Belarus.
Cybercrime, Emotet still in Italy with a document-themed campaign
The email xls attachment contacts a link from an internal list and downloads the dll, using the epoch 4 botnet, starting the malware infection.
Cybercrime, Emotet is back in Distro Mode
Cryptolaemus cybersecurity experts detect that Epoch 4 and 5 began spamming again. Malware infections passes by direct attached XLS files and zipped-password protected XLS.
Cybercrime, Emotet via real stolen email conversation is back
The zip attachment contains an xls file, which contacts an internal list of URLs and downloads the dll, starting the malware infection.
Cybercrime, second Emotet campaign via real stolen email conversation
The xls attachment directly contacts an internal list of URLs and downloads the dll, starting the malware infection.
Cybercrime, a real stolen email conversation spread Emotet
The zip attachment contains a file that runs a PS and downloads the dll from an internal list of url, starting the malware infection.
Cybercrime, beware: Emotet campaign is working again
Cryptolaemus cybersecurity experts detect new password-protected ZIP files and shortcuts. The command to create-execute VBS to install the malware works properly.
Cybercrime, new Emotet campaign in Italy via botnet Epoch 5
The xlsm attachment of the email contacts a single url and downloads the dll, starting the malware infection chain.
Cybercrime, new Emotet campaign in Italy via EA Arpa
The zip attachment contains an xls file that contacts an internal list of URLs and downloads the dll from Epoch5 botnet, starting malware infection.
Cybercrime, Emotet again in Italy via “RE: email @”
The zip attachment contains an xlsm file: This contacts url from a list of 4 and downloads the dll, activating the malware infection.