Keeping Up with the Emotets: Tracking a Multi-infrastructure Botnet-Reference-Cited by-同舟云学术

Keeping Up with the Emotets: Tracking a Multi-infrastructure Botnet

Published:2023-09-30 Issue:3 Volume:4 Page:1-29
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats

Author:

Boyarchuk Oleg¹^ORCID,Mariani Sebastiano¹^ORCID,Ortolani Stefano¹^ORCID,Vigna Giovanni²^ORCID

Affiliation:

1. VMware, Inc.

2. VMware, Inc. and UC Santa Barbara

Abstract

Throughout its eight-year history, Emotet has caused substantial damage. This threat reappeared at the beginning of 2022 following a take-down by law enforcement in November 2021. Emotet is arguably one of the most notorious advanced persistent threats, causing substantial damage during its earlier phases and continuing to pose a danger to organizations everywhere. In this article, we present a longitudinal study of several waves of Emotet-based attacks that we observed in VMware’s customer telemetry. By analyzing Emotet’s software development life cycle, we were able to dissect how it quickly changes its command and control (C2) infrastructure, obfuscates its configuration, adapts and tests its evasive execution chains, deploys different attack vectors at different stages, laterally propagates, and continues to evolve using numerous tactics and techniques.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3594554

Reference50 articles.

1. Lawrence Abrams. 2019. Emotet Trojan Evolves Since Being Reawakend Here is What We Know. Retrieved September 2019 from https://www.bleepingcomputer.com/news/security/emotet-trojan-evolves-since-being-reawakend-here-is-what-we-know/.

2. Lawrence Abrams. 2021. Emotet starts dropping Cobalt Strike again for faster attacks. Retrieved December 2021 from https://www.bleepingcomputer.com/news/security/emotet-starts-dropping-cobalt-strike-again-for-faster-attacks/.

3. Lawrence Abrams. 2022. Emotet malware campaign impersonates the IRS for 2022 tax season. Retrieved March 2022 from https://cyware.com/news/emotet-malware-campaign-impersonates-the-irs-for-2022-tax-season-54d73dc3.

4. John Althouse. 2020. Easily Identify Malicious Servers on the Internet with JARM. Retrieved November 2020 from https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a/.

5. M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou. 2017. Understanding the mirai botnet. In Proceedings of the 26thSecurity Symposium. 1093–1110.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar;Future Internet;2024-07-23

2. Blockchain meets Internet of Things (IoT) forensics: A unified framework for IoT ecosystems;Internet of Things;2023-12

3. Static Analysis for Malware Classification Using Machine and Deep Learning;2023 XLIX Latin American Computer Conference (CLEI);2023-10-16