Emotet was first discovered in 2014 as a “simple” banking Trojan aimed at stealing financial data. Simple is in quotes because, over time, it has not only evolved into a botnet but also added modularity, such as the ability to deliver malware using worm-like capabilities. This is why the US Department of Homeland Security has identified it as “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”
Emotet is still highly active, and its daily activity is noted not only by the organizations affected by this pervasive threat, but by researchers and first responders worldwide trying to understand the latest additions and attack methodologies the Emotet authors have added to their war chest. This latest playbook focuses on a specific Emotet attack campaign that FortiGuard Labs has observed as recently as a few weeks ago. While this playbook is not meant to be an exhaustive analysis of Emotet, as that would be impossible due to time constraints, but it does serve as a small glimpse into an otherwise impressive campaign of criminal behavior.