Botnet sends 1,000 unique emails using harvested data

News by Doug Olenick

The Emotet gang has started using the emails it stole in October 2018 marking a major milestone for the group and its activities.

The Emotet gang has started using the emails it stole in October 2018 marking a major milestone for the group and its activities.

Cofense reported the group has so far sent more than1,000 unique emails, with their own subject line, sent and is part of an effort to get away from using template-based emails which can be easy to spot. The gang sends the emails to someone from the contact list belonging to one of the stolen emails and then, place an Re: and the original subject line in and send it to someone who would have received the original email in the past.

"All of this is done to add relevance and authenticity to the emails being sent. Currently, the emails are only leveraging document download links and do not contain attachments. We are only seeing email content that appears to be from the October/November timeframe, but expect that this will change over time," Cofense said.

Emotet’s new tactic is only being used on the Epoch 1 botnet, Cofense said.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop