• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-0674 – Unpatched Internet Explorer Browser Zero-Day
January 20, 2020
Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
January 20, 2020

Rewterz Threat Alert – Emotet is Back from Holiday

January 20, 2020

Severity

High

Analysis Summary

Emotet is back from holiday after 3 weeks break and currently targeting 81 countries with spam emails with heavily targeting US and it’s neighboring countries. Threat actors using different email templates to lure users to click on the malicious links which includes subjects like invoices, reports, invite to holiday or even great thunberg climate change support requests.By clicking the malicious links will install emotet trojan.

final-report-spam.jpg
Proof of delivery spam

Every spam email campaign when clicked will be delivered a message will be presented with a message stating that this “document only available for desktop or laptop versions of Microsoft Office Word.” It then prompts the user to click on ‘Enable editing’ or ‘Enable Content’ to view the document.

Malicious Word doc

When a user opens the document, malicious macros will be executed that download the Emotet trojan from a remote server and executes it.

Impact

Exposure of sensitive information

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.