Rewterz Threat Alert – NetWalker Ransomware Infiltrates Networks – IoCs
July 29, 2020Rewterz Threat Advisory – ICS: Delta Industrial Automation DOPSoft
July 29, 2020Severity
High
Analysis Summary
The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets’ systems. This is the first time the botnet is using stolen attachments to add credibility to emails. With this campaign, Emotet’s hijacking of email conversation threads goes next level where a malicious URL or attachment would be included in new emails attached to existing conversations as a concealment measure.
This lends to even more authenticity in their phishing emails. In one email, 5 benign attachments were found with a dropper link within the templated portion of the email.
The botnet has been delivering massive amounts of malicious spam emails — camouflaged as payment reports, invoices, employment opportunities, and shipping information — through all its server clusters starting with July 17. Emotet is also being used massively as a dropper for other ransomware. For example, ProLock ransomware is expected to be deployed on some of the systems initially infected with Emotet.
Impact
- Credential Theft
- Financial Theft
- Information Theft
- Unauthorized code execution
Remediation
- Do not download unexpected attachments from emails coming from unknown email addresses, even if they look familiar.
- Do not enable macros/content for untrusted files.
- Block all the latest Emotet IoCs. Some of the recent Emotet advisories are linked below.