2022-04-25 (MONDAY) - EMOTET EPOCH 4 ACTIVITY (LNK FILES)

REFERENCE:

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Email, attachment, and command from the Windows shortcut.

 


Shown above:  VBS script run from the victim's AppData\Local\Temp directory.

 


Shown above:  Emotet persistent on an infected Windows host.

 


Shown above:  Traffic from an infection filtered in Wireshark.

 

Click here to return to the main page.