Emerging Threats
Malware2022, 2020, 2019
Emotet
3Rules
10References
3Folders
2024-08-15Latest
Summary
Emotet is tracked here as a malware family or toolset with 3 Sigma detections spanning 2022, 2020, 2019. Coverage centers on windows / process_creation.
Related Detections
Search this threatEmerging Threathightest
Emotet Loader Execution Via .LNK File
Detects the Emotet Epoch4 loader as reported by @malware_traffic back in 2022. The ".lnk" file was delivered via phishing campaign.
WindowsProcess Creation
TA0002 · ExecutionT1059.006 · Pythondetection.emerging-threats
kostastsaleFri Apr 222022
Emerging Threatcriticaltest
Potential Emotet Rundll32 Execution
Detecting Emotet DLL loading by looking for rundll32.exe processes with command lines ending in ,RunDLL or ,Control_RunDLL
WindowsProcess Creation
TA0005 · StealthT1218.011 · Rundll32detection.emerging-threats
FPT.EagleEyeFri Dec 252020
Emerging Threathighstable
Potential Emotet Activity
Detects all Emotet like process executions that are not covered by the more generic rules
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShellTA0005 · StealthT1027 · Obfuscated Files or Information+1
Florian Roth (Nextron Systems)Mon Sep 302019
References