top of page
Search
Writer's pictureStormsec

Dead or Alive? An Emotet Story

A look back at the Emotet malware intrusion from May 2022 and the post-exploitation framework used by threat actors to launch a Cobalt Strike payload on one of the network's servers.




MALWARE FAMILIES: Cobalt Strike, Emotet


ATT&CK IDS: T1036 - Masquerading, T1187 - Forced Authentication, T1104 - Multi-Stage Channels, T1569 - System Services, T1560 - Archive Collected Data, T1016 - System Network Configuration Discovery, T1003 - OS Credential Dumping, T1018 - Remote System Discovery, T1021 - Remote Services, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1069 - Permission Groups Discovery, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1087 - Account Discovery, T1135 - Network Share Discovery, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1482 - Domain Trust Discovery, T1547 - Boot or Logon Autostart Execution, T1550 - Use Alternate Authentication Material, T1558 - Steal or Forge Kerberos Tickets, T1559 - Inter-Process Communication, T1566 - Phishing, T1567 - Exfiltration Over Web Service, T1570 - Lateral Tool Transfer


Read More:

3 views

Comments


Commenting has been turned off.
bottom of page