Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot

2020-07-21 21:48

"The new campaign sports longtime Emotet tactics: emails carrying links or documents w/ highly obfuscated malicious macros that run a PowerShell script to download the payload from 5 download links," according to Microsoft Security Intelligence researchers on Twitter.

The spam emails contain either a URL or an attachment, and purport to be sending a document in reply to existing email threads - a known trick of Emotet.

While the malspam emails bear various hallmarks of Emotet campaigns, researchers have noted that malicious URLs are now being distributed in PDFs, in addition to maldocs and malicious URLs in email body, representing "a shift in Emotet payload delivery," according to Proofpoint researchers.

Emotet Update - We are detecting #QBot being dropped by Emotet infections on all epochs instead of #Trickbot gtag Mor today.

"The real damage that an Emotet compromise causes happens when it forms alliances with other malware gangs and in particular threat actors interested in dropping ransomware."

News URL

https://threatpost.com/emotet-returns-in-malspam-attacks-dropping-trickbot-qakbot/157604/

#attack #malspam #trickbot