Emotet Gets Political

Share On Facebook
Share On Twitter
Share On Linkedin

Author: Nick Sundvall

TLP: WHITE

From 16 to 19 October, we observed a malspam campaign that referenced political themes in the subject lines of the emails and in the attached file name. The campaign distributed the Emotet banking trojan. The threat actors spreading Emotet have previously used popular topics such as COVID-19 as lures.1

In this campaign, the threat actor used the upcoming presidential election as a lure by sending politically-themed messages. Subjects of the emails included Re: Trump-Ends Another Obama-Era Program and Marc, Save up to 30% on health insurance w/ TrumpCare. Each of the emails had an attached file named Debate Trump VS Biden October 22th.doc, referencing the upcoming final presidential debate.

Infoblox’s full report on this campaign will be available soon on our Threat Intelligence Reports page.

Endnotes

  1. https://securityintelligence.com/posts/emotet-activity-rises-as-it-uses-coronavirus-scare-to-infect-targets-in-japan/

Labels:

Infoblox Threat Intel

Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access give us a backstage pass to the internet's inner workings. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox DNS Detection and Response solutions, so customers automatically get the benefits of it, along with ridiculously low false positive rates.

View All Posts

You might also be interested in

You might also be interested in

×