Cybercrime, second Emotet campaign via real stolen email conversation
The xls attachment directly contacts an internal list of URLs and downloads the dll, starting the malware infection.
Cybercrime, a real stolen email conversation spread Emotet
The zip attachment contains a file that runs a PS and downloads the dll from an internal list of url, starting the malware infection.
Cybercrime, beware: Emotet campaign is working again
Cryptolaemus cybersecurity experts detect new password-protected ZIP files and shortcuts. The command to create-execute VBS to install the malware works properly.
Cybercrime, new Emotet campaign in Italy via botnet Epoch 5
The xlsm attachment of the email contacts a single url and downloads the dll, starting the malware infection chain.
Cybercrime, new Emotet campaign in Italy via EA Arpa
The zip attachment contains an xls file that contacts an internal list of URLs and downloads the dll from Epoch5 botnet, starting malware infection.
Cybercrime, Emotet again in Italy via “RE: email @”
The zip attachment contains an xlsm file: This contacts url from a list of 4 and downloads the dll, activating the malware infection.
Cybercrime, Emotet returns to Italy via “RE: Email” email
The zip attachment contains an xls file: This starts a powershell script, which contacts various URLs and downloads the dll, activating the malware infection chain.
Cybercrime, Emotet is spread via fake Adobe Windows App Installer
Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Cybercrime, Emotet is back with the “Operation Reacharound”
Cryptolaemus cybersecurity experts: It is spread via spam emails with a zip, an xls or a doc attachment, which downloads a dll starting the malware infection.
Cybercrime, Clop ransomware gang disrupted by an international operation
US, South Korean and Ukrainian law enforcements shut down the infrastructure and seized the servers. Egregor, NetWalker and Emotet suffered the same fate.