As per our analysts’ assessment, Emotet has resumed operations after a holiday break on January 13, 2020. Emotet is a widespread threat to businesses and organizations that uses infected computers to send an email with malicious document attachments that will infect computers to deliver additional malware, including ransomware. Spamming kicked off early this morning around 8 AM EST. The threat group is heavily targeting the US and Canada with spam email containing document files with malicious macros. The Trickbot malware with a gtag of “mor74” was also dropped on all botnets infected with Emotet. The gtag value represents a particular campaign or version number of Trickbot malware. The last version observed before the holiday break was “mor70” which indicates Trickbot continued to evolve even while Emotet was not operating. Our analysts will continue tracking the infrastructure, but at this moment there are no known templates to report.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is