Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

KNOW your malware of the week: Emotet

With over 2,300 online references, Emotet easily becomes our malware of the week.

Post by Rajarshi Mitra Sep 01, 2020

As detected by KNOW’s threat intel dashboard, Emotet is, by far, the most referenced malware of the last seven days.

Emotet malware

Introduction to Emotet

Emotet, also known as Geodo and Mealybug, is a malware strain and a cybercrime operation. It was first detected in 2014 and primarily spread through spam emails.

These spam emails pretend to be invoices, shipping information, COVID-19 information, resumes, financial documents, or scanned documents. As with any other crimeware, Emotet’s goal is purely financial. Emotet delivers modular payloads to monetize infections. These payloads include:

  • Godzilla loader
  • Dridex
  • Gootkit
  • Qbot
  • Qakbot
  • BitPaymer

Emotet has been lately called the “Red Dawn” due to its doc attachment’s red accents.

emotet malware

Industries affected by Emotet

As per KNOW, Emotet has affected the following industries:

  • Finance
  • Manufacturing
  • Media and entertainment
  • Healthcare
  • Education
  • Banking

Threat actors taking advantage of Emotet

As per cybersecurity news, the infamous threat actor “TA542” has been prolifically using Emotet to install QBot. Along with that, Mummy Spider and Mealybug are two more well-known threat actors associated with the malware.

What do I do after getting hit by Emotet?

If you have been affected by Emotet, then you need to do two things asap:

  • First, do not panic.
  • Second, immediately isolate yourself from your network (if connected).

Isolation is essential because of the way Emotet has been designed to operate. Its sole purpose is to spread across all the connected systems as much as possible and hold your data hostage.

Once you have isolated, you need to patch and clean up your system immediately. To make sure that your network doesn’t get re-infected, each system needs to be isolated and patched. While this is definitely a very tedious process, it’s the only way to protect yourself against future Emotet attacks.

The best way to protect yourself against Emotet is to not get infected in the first place. The way that you can do that is by being proactive. Netenrich’s Attack Surface Intelligence (ASI) continuously monitors and protects your company, brand, and assets from external adversaries. Understand your exposure, prioritize risk, and remediate issues before they turn into incidents.

By the way, ASI also comes with a 30-day free trial wherein you can check how compatible it is with your systems. You can find out more here.

Thoughts from Twitter


#emotet seems quiet (for now), why not use this time to take down these domains? Some of them are active since July. Raw list:


TA542 Returns With Emotet: What’s Different Now


Researchers observed that the Emotet gang had incorporated a new “Red Dawn” template into their weaponized Word Documents delivered to users.

What is KNOW?

KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now.

One of KNOW’s handiest tools is the trending threats dashboard, which gives you a bird’s eye view of the most potent malware, threat actors, methods, and vulnerabilities in the following time frames:

  • Last 7 days.
  • Last 60 days.

So, want to check out KNOW some more? Why don’t you sign up? It’s completely free.

About the Author

Rajarshi Mitra

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat.

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Jun 28 2021

KNOW this week – Clop ransomware and Molerats resurface agai

Clop ransomware launches a series of new attacks, ...

Read More
Jun 18 2021

KNOW this week – Avaddon, Fancy Lazarus, CVE-2021-3195

Deploy a reliable endpoint detection and resolutio...

Read More
Jun 07 2021

KNOW what’s trending this week – Darkside ransomware, Sodino

There’s an increasing trend in ransomware attacks ...

Read More