News

Emotet botnet resumed its activity

After a pause, management servers of the Emotet botnet resumed its activity.

Researchers at Cofense Labs were the first to discover a resurgence of the botnet infrastructure.

“The Emotet botnet arose from a grave yesterday and began serving up new binaries. We noticed that the C2 servers began delivering responses to POST requests around 3PM EST on Aug 21. Stay vigilant and keep an eye out for any updates as we monitor for any changes”, – wrote Cofense Labs specialists.

Additionally, researchers from Black Lotus have published a list of active servers.

Emotet was previously known as a banking trojan, but then changed course and turned into a botnet, distributing various types of ransomware.

Emotet is now one of the most dangerous threats in the world. The network is used to distribute the Trickbot banking Trojan and Ryuk ransomware. This combination of malware was called the “triple threat” and was used as part of attacks on state administrations in the United States in July 2019.

Read also: Global Threat Index claimed, that Emotet botnet suspended its activities

Researchers noticed that Emotet operators took a break at the beginning of June and correctly assumed that it would not be for long. No new campaigns were observed since then, and the consensus in the infosec community was that the servers were down for maintenance.

According to experts, the servers have just resumed their activity and there have not made any attempts to spread malware. It is assumed that operators need time to restore systems and prepare a new malicious campaign. Security researcher Benkøw provides a tweet-size list of the stages necessary for respawning the malicious activity.

“They reuse the old IPs so they need time to:
– Grab old/new bots
– remove ALL the AV bots from today on the panel lol
– Run some tests for bypassing anti spam product
– Prepare the campaign for the next Clients
etc it takes time”, — wrote Benkøw.

The servers are located in various countries, including Brazil, Mexico, Argentina, Germany, Japan and the USA.

Given the intense activity, experts expect a new malicious campaign in the near future. According to them, the attackers will adhere to the old ransomware distribution scheme.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

6 hours ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

6 hours ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

6 hours ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

7 hours ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

10 hours ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

10 hours ago