Emotet is a virus infection that is propagated by spam email attachments that contain malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s computer, which is then used to steal email and install further malware.
Emotet used to install the TrickBot or Qbot trojans on affected devices. These Trojans would eventually install Cobalt Strike on an affected device or engage in other malicious activity.
Cobalt Strike is a legal penetration testing toolset that allows attackers to install “beacons” on compromised machines in order to undertake remote network surveillance or execute additional instructions.
Unfortunately, Cobalt Strike is particularly popular with threat actors who employ cracked versions as part of their network breaches, and it is frequently used in ransomware attacks.
As we’ve previously reported Emotet botnet has been reactivated by its previous operator, who was persuaded by members of the Conti ransomware group.
This happened after a lengthy period of malware loader scarcity and the decrease of decentralized ransomware operations, the botnet has resurfaced, allowing organized criminal syndicates to resurface.
This is concerning as it