Emotet banking Trojan delivered by fake invoice reminder emails appearing to come from a known contact — 1 Comment

  1. There are many other IOC’s related to this specific campaign. Many more URL’s than the ones displayed here in the PowerShell dropper script and email. Other potentially useful indicators include the VBA macros that the word doc runs, it is primarily used to construct the PowerShell dropper script which is hidden as a base64 encoded string within the files metadata (usually in a custom “comments” attribute).

Leave a Reply

Your email address will not be published. Required fields are marked *