Indicator of compromise (IoC) of Emotet Malware
by CIRT Team
About Emotet Malware:
Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link.
The spam emails contain either a URL or an attachment, and purport to be sending a document in reply to existing email threads – a known trick of Emotet.The document attachments contain a heavily obfuscated macro and ask recipients to enable content.Once the macro is enabled, Windows Management Instruction then launches a PowerShell to retrieve the Emotet binary from a remote compromised websites. Finally, the payload is executed and connects to a malicious command and control (C&C) server.
BGD e-GOV CIRT detect possible Updated Indicator of compromise (IoC) of Emotet Malware, from its (BGD e-GOV CIRT) trusted sources.
Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.
The possible IOC details information is provided in