2019-11-27 - EMOTET EPOCH 3 INFECTED WINDOWS CLIENT AS SPAMBOT

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Infection traffic filtered in Wireshark.

 


Shown above:  Filtering to see if any of the malspam was sent using unencrypted SMTP.

 


Shown above:  Exporting IMF (Internet Mail Format) items from the pcap.

 


Shown above:  Filtering on HTTP post-infection traffic for Emotet in this pcap.

 

Click here to return to the main page.