Emotet returns with a malspam vengeance
The pernicious botnet returned on the scene in early November. Researchers last spotted it in action back in July. Researchers at Proofpoint report it’s being used as part of a massive malspam campaign, designed to deliver IcedID and Bumblebee malware payloads. Current volume from Emotet sits at hundreds of thousands of emails per day. Targets include the US, UK, Japan, Germany, Italy, France, Spain, Mexico, and Brazil. One sign that Emotet hasn’t kept up with the times, it’s attempting to lure users to click on maliciously Office documents, despite Microsoft disabling Office macros by default. To get around it, emails try to get victims to copy the file to a Microsoft Office Template location, where it would be trusted. Google publishes YARA rules for Cobalt Strike
The Google Cloud Threat Intelligence team published open-source YARA rules to help detect components of Cobalt […]