• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation
Home > Defense > RSM Defense > Intel Insights – Emotet recommences email spam operations after five-month break

Intel Insights – Emotet recommences email spam operations after five-month break

January 13, 2023 By Joel Belton

RSM Defense Analyst Notes: On November 2nd, 2022, Cryptolaemus researchers observed the Emotet malware operation spamming malicious emails after a nearly five-month period of little activity. The current campaign uses stolen email reply chains to distribute malicious Excel attachments. The attachments target users worldwide using various languages and files names, masquerading as invoices, scans, electronic forms, and other lures. 

The campaign also introduces a new Excel attachment template that instructs the users to copy the files into the trusted ‘Templates’ folders in order to bypass Microsoft’s Protected View, even for files containing a Mark of the Web flag. When launched from the Templates folder, the attachment will open and immediately execute macros that download Emotet as a DLL. 

The new infections have not begun to drop additional malware payloads on infected devices. Emotet was previously known for installing TrickBot malware, and more recently Cobalt Strike beacons, used for initial access by ransomware groups. Source

 

 

 

 

Whoarewe?

Knowledge is certainly power, and it can help you overcome any fear of the unexpected. This is also true in the world of cybersecurity where the ability know and understand more about the activities of threat actors strengthens organizations to do more about the dangers and risks organizations and its personnel face.

At RSM Defense, we leverage the power of our vast RSM network of clients to enhance visibility into your organizations threat landscape and provide tactical context around threats to your organization regardless of industry or location. This makes RSM Defense’s array of threat intelligence services uniquely intelligent and enables our clients to be proactive rather than reactive. RSM Defense has decades of experience in global cyber defense operations, specifically specializing in cyber threat intelligence collections and reporting.

Unmatched in dark web intelligence, our RSM Defense team continuously aggregates sophisticated techniques, tactics and procedures of known threat actors. RSM Defense utilizes technology that continuously monitors the dark web landscape of victim notifications posted on threat actor sites for clients and their third-party affiliates. RSM Defense delivers comprehensive and holistic threat management services that include but not limited to credential exposure monitoring to help prevent digital extortion attacks, dynamic malware analysis services, as well as continuous stream of customized threat intelligence reporting and mitigation recommendations that will help reduce your organizations overall attack surface to vulnerability intelligence to executive personnel monitoring to third party risk and supply chain intelligence services. We strive to assist clients in avoiding costly insurance liability payments, digital extortion attacks, as well as protection of brand, assets, and networks against security breaches.

If you or your client wishes to receive additional information pertaining to RSM Defense’s wide array of threat intelligence services and technologies to protect you or your clients’ assets, brand reputation, and financial interests, please reach out to your RSM representative for more information.

 

Share this...
  • Reddit
  • Email
  • Facebook
  • Twitter
  • Linkedin

Joel Belton

Joel Belton is a military veteran with subject matter expertise in intelligence analysis involving strategic military exercise planning, satellite imagery and full motion video analytics, and actionable tactical operations for USSOCOM special operations. He graduated from Purdue University with a bachelor’s degree in electrical engineering technology with a discipline in radio frequency communication engineering. Joel’s passion for security is driven enhancing his skills in red team offensive security and blue team operations strategies in mitigating compromise.

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.