• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – NetWalker Ransomware Infiltrates Networks – IoCs
July 29, 2020
Rewterz Threat Advisory – ICS: Delta Industrial Automation DOPSoft
July 29, 2020

Rewterz Threat Alert – Emotet Malware Steals Email Attachments to Attack Contacts

July 29, 2020

Severity

High

Analysis Summary

The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets’ systems. This is the first time the botnet is using stolen attachments to add credibility to emails. With this campaign, Emotet’s hijacking of email conversation threads goes next level where a malicious URL or attachment would be included in new emails attached to existing conversations as a concealment measure. 

Emotet phishing email with stolen attachments

This lends to even more authenticity in their phishing emails. In one email, 5 benign attachments were found with a dropper link within the templated portion of the email.

The botnet has been delivering massive amounts of malicious spam emails — camouflaged as payment reports, invoices, employment opportunities, and shipping information — through all its server clusters starting with July 17. Emotet is also being used massively as a dropper for other ransomware. For example, ProLock ransomware is expected to be deployed on some of the systems initially infected with Emotet. 

Impact

  • Credential Theft
  • Financial Theft
  • Information Theft
  • Unauthorized code execution

Remediation

  • Do not download unexpected attachments from emails coming from unknown email addresses, even if they look familiar. 
  • Do not enable macros/content for untrusted files. 
  • Block all the latest Emotet IoCs. Some of the recent Emotet advisories are linked below. 
Rewterz Threat Alert – Emotet IOCs
Rewterz Threat Alert – Emotet Still Active – IoCs
Rewterz Threat Alert – Emotet – Latest IOCs
Rewterz Threat Alert – Emotet Malware – IOCs
Rewterz Threat Alert – Latest Emotet IOCs
Rewterz Threat Alert – Latest Emotet IOCs
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.