2018-06-20 - MALSPAM PUSHES EMOTET & EMOTET PUSHES ICEDID BANKING MALWARE (AGAIN)
ASSOCIATED FILES:
- 2018-06-20-Emotet-malspam-101-email-examples.txt.zip 17.4 kB (17,384 bytes)
- 2018-06-20-Emotet-malspam-IOCs-and-notes.txt.zip 6.8 kB (6,798 bytes)
- 2018-06-20-Emotet-malspam-infection-malware-and-artifacts.zip 647 kB (646,730 bytes)
- 2018-06-20-Emotet-malspam-infection-traffic-both-pcaps.zip 3.3 MB (3,253,415 bytes)
NOTES:
- This one is a quick post. IOCs are in one of the above archives.
- I generated 2 pcaps of infection traffic.
- One pcap is as a normal home user on an isolated Windows host.
- The other pcap is on a Windows client logged into a domain controller in an Active Directory (AD) environment.
- Today, I only saw IcedID in the pcap with the AD environment.
- Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: Traffic from an infection filtered in Wireshark.
Shown above: Malware from this infection persistent on the infected Windows host.
Click here to return to the main page.