2020-07-17 - QUICK POST: EMOTET INFECTION
- 2020-07-17-Emotet-infection-traffic.pcap.zip 2.1 MB (2,062,309 bytes)
- 2020-07-17-Emotet-malware-and-artifacts.zip 727 kB (727,082 bytes)
- The pcap has been carved, so the only traffic in it is directly related to the Emotet infection.
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: Chain of events for this infection.
Shown above: Checking a link I found for an Emotet Word doc.
Shown above: Screenshot of the downloaded Word document.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: Emotet persistent on the infected Windows host.
Click here to return to the main page.