Emotet malware is back and using TrickBot to rebuild its botnet


Emotet would then utilise infected devices to carry out additional spam campaigns and install other payloads like the QakBot (Qbot) and Trickbot malware. These payloads would subsequently be utilised to give threat actors, such as Ryuk, Conti, ProLock, Egregor, and others, early access to deploy ransomware.

This absence of spam activity is most likely due to the Emotet infrastructure being rebuilt from the ground up, as well as new replychain emails being stolen from victims in future spam campaigns.

Read More…