25:
87:, updated the trojan and reconfigured it to work primarily as a "loader," a type of malware that gains access to a system, and then allows its operators to download additional payloads. Second-stage payloads can be any type of executable code, from Emotet's own modules to malware developed by other cybercrime gangs.
295:
According to MITRE's ATT&CK Framework, Emotet employs a variety of techniques across different stages of an attack. These techniques are part of the MITRE ATT&CK matrix, which helps categorize the tactics used by malware to achieve various objectives such as initial access, persistence, and
164:
On 14 November 2021, new Emotet samples emerged that were very similar to the previous bot code, but with a different encryption scheme that used elliptic curve cryptography for command and control communications. The new Emotet infections were delivered via TrickBot, to computers that were
139:, which are used to steal banking credentials and spread inside networks. Some of the malspam campaigns contained malicious documents with names such as "form.doc" or "invoice.doc". According to security researchers, the malicious document launches a
76:, was first detected in 2014 and deemed one of the most prevalent threats of the decade. In 2021, the servers used for Emotet were disrupted through global police action in Germany and Ukraine and brought under the control of law enforcement.
1118:
567:
769:
1525:
2988:
1545:
1061:
193:
It leverages techniques like social engineering to trick victims into opening the email and enabling macros in the document, which then installs the malware.
809:
2922:
2842:
2766:
1033:
165:
previously infected with TrickBot, and soon began sending malicious spam email messages with macro-laden
Microsoft Word and Excel files as payloads.
1006:
161:
allowed investigators to take control of and disrupt the Emotet infrastructure. The reported action was accompanied with arrests made in
Ukraine.
2812:
1237:
835:
2692:
1211:
2873:
1090:
2159:
3023:
1697:
1515:
1141:
1505:
611:
3380:
2978:
2807:
2792:
1459:
977:
633:
2968:
2973:
1166:
652:
2797:
2093:
725:
853:
700:
2756:
2718:
1274:
1629:
2893:
83:
aimed at stealing banking credentials from infected hosts. Throughout 2016 and 2017, Emotet operators, sometimes known as
3184:
2802:
2043:
1510:
109:(IaaS) model, referred in the cybersecurity community as MaaS (Malware-as-a-Service), Cybercrime-as-a-Service (CaaS), or
744:
2888:
2685:
2177:
1660:
1438:
1204:
3234:
2183:
1709:
1670:
1305:
2243:
2189:
1764:
1655:
1484:
2237:
168:
On 3 November 2022, new samples of Emotet emerged attached as a part of XLS files attached within email messages.
2998:
1591:
1428:
1330:
674:
3375:
2751:
2640:
1650:
1423:
1392:
1069:
3370:
3365:
2903:
2898:
2713:
2678:
1530:
1443:
1242:
1232:
1197:
529:
783:
3080:
2883:
2822:
2404:
1794:
1581:
1520:
1479:
1377:
2141:
243:
Once inside a network, it can compromise multiple machines, significantly increasing the damage potential.
2947:
1899:
1634:
1397:
106:
1734:
98:. The infected email is a legitimate-appearing reply to an earlier message that was sent by the victim.
3070:
2942:
2827:
2817:
2588:
1929:
1784:
1576:
1469:
1413:
1335:
926:
3179:
2863:
2069:
2038:
1665:
2937:
1624:
240:, allowing it to spread within a network by brute-forcing credentials or exploiting vulnerabilities.
3355:
3018:
2207:
1774:
1692:
1598:
1571:
80:
355:
Requires the user to enable macros in malicious documents, typically in
Microsoft Office formats.
3125:
3060:
2932:
2363:
2027:
1500:
1433:
1279:
1095:
535:
511:
3246:
3130:
2847:
1924:
1586:
901:
264:
infrastructure, allowing attackers to remotely control infected systems and update the malware.
1566:
592:
3222:
3040:
2868:
2832:
2425:
2378:
2286:
2213:
1997:
1361:
1608:
1464:
2776:
2022:
1387:
985:
879:
286:, and disruption of IT systems, particularly in businesses and governmental organizations.
190:, often disguised as invoices, payment notifications, or other business-related documents.
8:
3330:
2837:
2771:
2512:
1540:
1356:
1869:
101:
It has been widely documented that the Emotet authors have used the malware to create a
38:
Please help update this article to reflect recent events or newly available information.
3309:
3090:
2761:
2650:
2645:
2542:
2171:
1934:
1860:
1550:
1351:
952:
1873:
1382:
631:
373:
Emotet adds itself to the
Windows startup folder or registry to maintain persistence.
3163:
3158:
3045:
2963:
2927:
2655:
2537:
2507:
2111:
1967:
1325:
1289:
118:
3360:
3055:
2983:
2583:
2435:
2358:
2007:
1944:
1819:
1268:
95:
2281:
131:
In July 2020, Emotet campaigns were detected globally, infecting its victims with
3252:
3085:
3030:
2593:
2568:
2532:
2460:
2373:
2368:
2012:
1804:
1714:
1418:
1171:
1007:"Emotet malware gang is mass-harvesting millions of email in mysterious campaign"
427:
Emotet attempts to brute-force passwords to gain unauthorized access to systems.
143:
script to pull the Emotet payload from malicious websites and infected machines.
770:"July 2020's Most Wanted Malware: Emotet Strikes Again After Five-Month Absence"
3204:
3075:
2332:
2327:
2017:
2002:
1992:
1987:
1919:
1894:
1889:
1884:
1829:
1603:
1284:
836:
Authorities plan to mass-uninstall Emotet from infected hosts on March 25, 2021
147:
1474:
214:
After infecting a machine, Emotet can download additional payloads, including
3349:
3325:
3168:
3140:
2455:
1914:
1865:
523:
445:
Emotet looks for network shares it can use to spread within an environment.
3135:
3035:
2993:
2399:
2353:
2153:
2117:
1972:
1962:
1855:
1850:
1845:
1719:
1535:
678:
632:
European Union Agency for
Criminal Justice Cooperation (January 27, 2021).
517:
337:
Emotet often arrives via malicious emails containing attachments or links.
3210:
2878:
2635:
2625:
2573:
2481:
2337:
2147:
1977:
1839:
1704:
1038:
857:
481:
Uses HTTP/HTTPS for communication with command and control (C2) servers.
391:
Exploits known software vulnerabilities to gain higher-level privileges.
257:
and regular updates to avoid detection by traditional antivirus software.
91:
124:
As of
September 2019, the Emotet operation ran on top of three separate
3198:
3115:
3105:
2670:
2578:
2563:
2491:
2231:
2135:
2087:
2063:
2051:
1909:
1834:
1824:
1814:
1799:
1759:
1684:
1315:
1189:
810:"World's most dangerous malware EMOTET disrupted through global action"
634:"World's most dangerous malware EMOTET disrupted through global action"
463:
Uses administrative shares and SMB to move laterally across a network.
140:
114:
65:
854:"Emotet botnet returns after law enforcement mass-uninstall operation"
3264:
3216:
3050:
2746:
2609:
2486:
2450:
2440:
2312:
2129:
1879:
1809:
1749:
1310:
110:
1167:"Several institutions affected by email virus in Lithuania – center"
3293:
3240:
3228:
3192:
3100:
2517:
2445:
2430:
2249:
2225:
2099:
2081:
1982:
1904:
1739:
1724:
158:
132:
1119:"Trojaner-Befall: Uni Gießen nutzt Desinfec't für Aufräumarbeiten"
409:
Uses obfuscation techniques to avoid detection by security tools.
3288:
3258:
3110:
3095:
2547:
2420:
2383:
2317:
2296:
2266:
2219:
2201:
2123:
2057:
1754:
1744:
1729:
154:
69:
61:
1062:"Emotet: Wie ein Trojaner das höchste Gericht Berlins lahmlegte"
526:
Berlin, the highest court of the state of Berlin, Germany (2019)
499:
Emotet can automatically exfiltrate data from infected systems.
290:
3150:
3065:
2630:
2522:
2476:
2291:
2105:
2075:
1954:
1939:
1769:
1320:
978:"Malware infection poised to cost $ 1 million to Allentown, Pa"
704:
542:
125:
102:
113:. Emotet is known for renting access to infected computers to
3120:
2255:
2195:
2165:
1011:
840:
748:
90:
Initial infection of target systems often proceeds through a
79:
First versions of the Emotet malware functioned as a banking
2527:
2322:
1142:"Les pirates informatiques ont pu voler tous les courriels"
745:"Emotet, today's most dangerous botnet, comes back to life"
136:
1506:
726:"North Korean APT(?) and recent Ryuk Ransomware attacks"
612:"Emotet Reigns in Sandbox's Top Malware Threats of 2019"
1091:"Trojaner greift Netzwerk von Humboldt-Universität an"
105:
of infected computers to which they sell access in an
1034:"Emotet: Trojaner-Angriff auf Berliner Kammergericht"
568:"Emotet Malware Taken Down By Global Law Enforcement"
153:
In
January 2021, international action coordinated by
701:"Emotet's Central Position in the Malware Ecosystem"
514:, city located in Pennsylvania, United States (2018)
784:"Emotet uses parked domains to distribute payloads"
520:, publishing house based in Hanover, Germany (2019)
2923:Munster Technological University ransomware attack
3347:
2813:Waikato District Health Board ransomware attack
1546:Russian interference in the 2016 U.S. elections
650:
2874:Anonymous and the Russian invasion of Ukraine
2686:
1205:
291:Emotet's Techniques Based on MITRE ATT&CK
2843:National Rifle Association ransomware attack
2767:United States federal government data breach
1121:(in German). Heise Online. December 19, 2019
953:"Emotet, Software S0367 | MITRE ATT&CK®"
171:
1516:Democratic National Committee cyber attacks
1099:(in German). Heise Online. November 9, 2019
653:"Emotet Downloader Trojan Returns in Force"
2808:Health Service Executive ransomware attack
2693:
2679:
1460:Office of Personnel Management data breach
1212:
1198:
627:
625:
541:Department of Justice of the province of
474:Application Layer Protocol: Web Protocols
456:Remote Services: SMB/Windows Admin Shares
2700:
1219:
505:
2798:Ivanti Pulse Connect Secure data breach
743:Cimpanu, Catalin (September 16, 2019).
742:
672:
622:
16:Cybercrime operation and malware strain
3348:
1139:
698:
609:
532:, university in Berlin, Germany (2019)
128:called Epoch 1, Epoch 2, and Epoch 3.
2979:Ukrainian cyberattacks against Russia
2757:European Medicines Agency data breach
2674:
1193:
565:
668:
666:
651:Christiaan Beek (December 6, 2017).
18:
2974:Change Healthcare ransomware attack
2803:Colonial Pipeline ransomware attack
1511:Commission on Elections data breach
1140:Joncas, Hugo (September 12, 2020).
699:Brandt, Andrew (December 2, 2019).
675:"Trojaner-Befall: Emotet bei Heise"
610:Ilascu, Ionut (December 24, 2019).
274:The presence of Emotet can lead to
13:
366:Registry Run Keys / Startup Folder
348:User Execution: Malicious Document
68:operation believed to be based in
14:
3392:
3381:Information technology in Ukraine
1671:Jeff Bezos phone hacking incident
663:
207:for other malware, often used in
2793:Microsoft Exchange Server breach
2244:Microarchitectural Data Sampling
1480:Ukrainian Power Grid Cyberattack
1388:Cyberterrorism attack of June 25
772:(Press release). August 7, 2020.
673:Schmidt, JĂĽrgen (June 6, 2019).
566:Ikeda, Scott (August 28, 2020).
23:
2999:IRLeaks attack on Iranian banks
1592:2017 Ukraine ransomware attacks
1429:2014 JPMorgan Chase data breach
1159:
1133:
1111:
1083:
1054:
1026:
999:
970:
945:
919:
902:"Cryptolaemus (@Cryptolaemus1)"
894:
872:
846:
827:
802:
776:
762:
402:Obfuscated Files or Information
182:Emotet is typically spread via
1424:2014 celebrity nude photo leak
1070:Frankfurter Allgemeine Zeitung
736:
718:
692:
644:
603:
585:
559:
538:, university in Germany (2019)
146:In November 2020, Emotet used
1:
2994:Fur Affinity domain hijacking
2899:Shanghai police database leak
2889:Costa Rican ransomware attack
1661:Bulgarian revenue agency hack
1439:Russian hacker password theft
552:
530:Humboldt University of Berlin
384:Exploitation of Vulnerability
72:. The malware, also known as
2823:Kaseya VSA ransomware attack
1795:Bangladesh Black Hat Hackers
1271:(publication of 2009 events)
1042:(in German). October 4, 2019
882:. SANS Internet Storm Center
548:Lithuanian government (2020)
7:
2948:British Library cyberattack
2938:Insomniac Games data breach
1656:Baltimore ransomware attack
184:malicious email attachments
107:Infrastructure-as-a-Service
10:
3397:
2943:Polish railway cyberattack
2828:Transnet ransomware attack
2818:JBS S.A. ransomware attack
1930:Tailored Access Operations
1577:WannaCry ransomware attack
1470:Ashley Madison data breach
1414:Anthem medical data breach
1331:PlayStation network outage
3318:
3302:
3281:
3274:
3177:
3149:
3011:
2956:
2915:
2856:
2785:
2752:Twitter account hijacking
2739:
2732:
2706:
2618:
2602:
2556:
2500:
2469:
2413:
2392:
2346:
2305:
2274:
2265:
2036:
1953:
1783:
1683:
1666:WhatsApp snooping scandal
1643:
1617:
1559:
1531:Indian Bank data breaches
1493:
1452:
1406:
1370:
1344:
1298:
1261:
1254:
1225:
593:"Emotet's Malpedia entry"
172:Characteristics of Emotet
32:This article needs to be
2208:Speculative Store Bypass
1775:Ukrainian Cyber Alliance
1572:2017 Macron e-mail leaks
262:Command and Control (C2)
150:to distribute payloads.
117:operations, such as the
2884:DDoS attacks on Romania
1582:Westminster data breach
1501:Bangladesh Bank robbery
1444:2014 Yahoo! data breach
1434:2014 Sony Pictures hack
1393:2013 Yahoo! data breach
1378:South Korea cyberattack
1280:Operation Olympic Games
1275:Australian cyberattacks
927:"Emotet Malware | CISA"
512:Allentown, Pennsylvania
438:Network Share Discovery
248:Resilience and Evasion:
231:Propagation Mechanisms:
1925:Syrian Electronic Army
1635:SingHealth data breach
1398:Singapore cyberattacks
1336:RSA SecurID compromise
1146:Le Journal de Montréal
492:Automated Exfiltration
255:obfuscation techniques
238:worm-like capabilities
3376:Cybercrime in Germany
3223:Account pre-hijacking
2969:Kadokawa and Niconico
2869:Red Cross data breach
2214:Lazy FP state restore
1998:Kristoffer von Hassel
1651:Sri Lanka cyberattack
1521:Vietnam Airport Hacks
1362:Operation High Roller
506:Noteworthy infections
284:ransomware infections
3371:Hacking in the 2020s
3366:Hacking in the 2010s
2894:LastPass vault theft
2864:Ukraine cyberattacks
2777:Vastaamo data breach
2701:Hacking in the 2020s
2160:Silent Bob is Silent
1220:Hacking in the 2010s
986:The Washington Times
379:Privilege Escalation
260:Emotet also employs
177:Distribution Method:
2989:Trump campaign hack
2905:Grand Theft Auto VI
2772:EasyJet data breach
2094:SS7 vulnerabilities
1630:Atlanta cyberattack
1599:Equifax data breach
1357:Stratfor email leak
1306:Canadian government
1285:Operation ShadowNet
982:washingtontimes.com
860:. November 15, 2021
732:. January 10, 2019.
469:Command and Control
209:multi-stage attacks
3091:IT Army of Ukraine
2933:MOVEit data breach
2762:Nintendo data leak
2723:2030s →
2543:Petya and NotPetya
2172:ROCA vulnerability
1935:The Shadow Brokers
1861:Iranian Cyber Army
1787:persistent threats
1587:Petya and NotPetya
1551:2016 Bitfinex hack
1526:DCCC cyber attacks
1485:SWIFT banking hack
933:. October 24, 2020
843:, January 27, 2021
833:Cimpanu, Catalin,
790:. October 30, 2020
599:. January 3, 2020.
536:Universität Gießen
296:lateral movement.
269:Impact and Damage:
198:Modular Structure:
3343:
3342:
3339:
3338:
3164:maia arson crimew
3159:Graham Ivan Clark
3024:associated events
3007:
3006:
2964:XZ Utils backdoor
2928:Evide data breach
2848:Banco de Oro hack
2727:
2726:
2668:
2667:
2664:
2663:
2656:ZeroAccess botnet
1968:Mustafa Al-Bassam
1735:New World Hackers
1698:associated events
1679:
1678:
1475:VTech data breach
1326:Operation AntiSec
1290:Operation Payback
1249:
1248:
616:Bleeping Computer
503:
502:
415:Credential Access
203:Emotet acts as a
53:
52:
3388:
3279:
3278:
2984:2024 WazirX hack
2833:Epik data breach
2737:
2736:
2709:
2708:
2695:
2688:
2681:
2672:
2671:
2272:
2271:
1945:Yemen Cyber Army
1269:Operation Aurora
1259:
1258:
1228:
1227:
1214:
1207:
1200:
1191:
1190:
1184:
1183:
1181:
1179:
1163:
1157:
1156:
1154:
1152:
1137:
1131:
1130:
1128:
1126:
1115:
1109:
1108:
1106:
1104:
1087:
1081:
1080:
1078:
1076:
1058:
1052:
1051:
1049:
1047:
1030:
1024:
1023:
1021:
1019:
1003:
997:
996:
994:
992:
974:
968:
967:
965:
963:
957:attack.mitre.org
949:
943:
942:
940:
938:
923:
917:
916:
914:
912:
898:
892:
891:
889:
887:
880:"Emotet Returns"
876:
870:
869:
867:
865:
850:
844:
831:
825:
824:
822:
820:
806:
800:
799:
797:
795:
788:How To Fix Guide
780:
774:
773:
766:
760:
759:
757:
755:
740:
734:
733:
722:
716:
715:
713:
711:
696:
690:
689:
687:
685:
670:
661:
660:
648:
642:
641:
629:
620:
619:
607:
601:
600:
589:
583:
582:
580:
578:
563:
451:Lateral Movement
299:
298:
205:delivery vehicle
96:email attachment
48:
45:
39:
27:
26:
19:
3396:
3395:
3391:
3390:
3389:
3387:
3386:
3385:
3356:Windows trojans
3346:
3345:
3344:
3335:
3314:
3298:
3270:
3182:
3180:vulnerabilities
3173:
3145:
3031:Anonymous Sudan
3003:
2952:
2911:
2852:
2781:
2733:Major incidents
2728:
2702:
2699:
2669:
2660:
2614:
2598:
2552:
2496:
2465:
2409:
2388:
2342:
2301:
2261:
2041:
2039:vulnerabilities
2032:
1949:
1842:(confederation)
1805:Charming Kitten
1786:
1779:
1715:Goatse Security
1675:
1639:
1613:
1604:Deloitte breach
1555:
1541:Dyn cyberattack
1489:
1448:
1419:Operation Tovar
1402:
1366:
1340:
1294:
1255:Major incidents
1250:
1221:
1218:
1188:
1187:
1177:
1175:
1172:baltictimes.com
1165:
1164:
1160:
1150:
1148:
1138:
1134:
1124:
1122:
1117:
1116:
1112:
1102:
1100:
1089:
1088:
1084:
1074:
1072:
1060:
1059:
1055:
1045:
1043:
1032:
1031:
1027:
1017:
1015:
1005:
1004:
1000:
990:
988:
976:
975:
971:
961:
959:
951:
950:
946:
936:
934:
925:
924:
920:
910:
908:
900:
899:
895:
885:
883:
878:
877:
873:
863:
861:
852:
851:
847:
832:
828:
818:
816:
808:
807:
803:
793:
791:
782:
781:
777:
768:
767:
763:
753:
751:
741:
737:
724:
723:
719:
709:
707:
697:
693:
683:
681:
671:
664:
649:
645:
630:
623:
608:
604:
591:
590:
586:
576:
574:
564:
560:
555:
508:
397:Defense Evasion
293:
276:financial theft
174:
49:
43:
40:
37:
28:
24:
17:
12:
11:
5:
3394:
3384:
3383:
3378:
3373:
3368:
3363:
3358:
3341:
3340:
3337:
3336:
3334:
3333:
3328:
3322:
3320:
3316:
3315:
3313:
3312:
3306:
3304:
3300:
3299:
3297:
3296:
3291:
3285:
3283:
3276:
3272:
3271:
3269:
3268:
3262:
3256:
3250:
3244:
3238:
3232:
3226:
3220:
3214:
3208:
3205:PrintNightmare
3202:
3196:
3189:
3187:
3175:
3174:
3172:
3171:
3166:
3161:
3155:
3153:
3147:
3146:
3144:
3143:
3138:
3133:
3131:Sakura Samurai
3128:
3123:
3118:
3113:
3108:
3103:
3098:
3093:
3088:
3083:
3078:
3076:GnosticPlayers
3073:
3068:
3063:
3058:
3053:
3048:
3043:
3038:
3033:
3028:
3027:
3026:
3015:
3013:
3009:
3008:
3005:
3004:
3002:
3001:
2996:
2991:
2986:
2981:
2976:
2971:
2966:
2960:
2958:
2954:
2953:
2951:
2950:
2945:
2940:
2935:
2930:
2925:
2919:
2917:
2913:
2912:
2910:
2909:
2901:
2896:
2891:
2886:
2881:
2876:
2871:
2866:
2860:
2858:
2854:
2853:
2851:
2850:
2845:
2840:
2838:FBI email hack
2835:
2830:
2825:
2820:
2815:
2810:
2805:
2800:
2795:
2789:
2787:
2783:
2782:
2780:
2779:
2774:
2769:
2764:
2759:
2754:
2749:
2743:
2741:
2734:
2730:
2729:
2725:
2724:
2721:
2716:
2707:
2704:
2703:
2698:
2697:
2690:
2683:
2675:
2666:
2665:
2662:
2661:
2659:
2658:
2653:
2648:
2643:
2638:
2633:
2628:
2622:
2620:
2616:
2615:
2613:
2612:
2606:
2604:
2600:
2599:
2597:
2596:
2591:
2586:
2581:
2576:
2571:
2566:
2560:
2558:
2554:
2553:
2551:
2550:
2545:
2540:
2535:
2530:
2525:
2520:
2515:
2510:
2504:
2502:
2498:
2497:
2495:
2494:
2489:
2484:
2479:
2473:
2471:
2467:
2466:
2464:
2463:
2458:
2453:
2448:
2443:
2438:
2433:
2428:
2426:Black Energy 3
2423:
2417:
2415:
2411:
2410:
2408:
2407:
2402:
2396:
2394:
2390:
2389:
2387:
2386:
2381:
2376:
2371:
2366:
2361:
2356:
2350:
2348:
2344:
2343:
2341:
2340:
2335:
2333:Metulji botnet
2330:
2325:
2320:
2315:
2309:
2307:
2303:
2302:
2300:
2299:
2294:
2289:
2287:Black Energy 2
2284:
2278:
2276:
2269:
2263:
2262:
2260:
2259:
2253:
2247:
2241:
2235:
2229:
2223:
2217:
2211:
2205:
2199:
2193:
2187:
2181:
2175:
2169:
2163:
2157:
2151:
2145:
2142:Broadcom Wi-Fi
2139:
2133:
2127:
2121:
2115:
2109:
2103:
2097:
2091:
2085:
2079:
2073:
2067:
2061:
2055:
2048:
2046:
2034:
2033:
2031:
2030:
2025:
2020:
2015:
2010:
2005:
2003:Junaid Hussain
2000:
1995:
1993:Jeremy Hammond
1990:
1988:Elliott Gunton
1985:
1980:
1975:
1970:
1965:
1959:
1957:
1951:
1950:
1948:
1947:
1942:
1937:
1932:
1927:
1922:
1920:Stealth Falcon
1917:
1912:
1907:
1902:
1897:
1895:PLA Unit 61486
1892:
1890:PLA Unit 61398
1887:
1885:Numbered Panda
1882:
1877:
1863:
1858:
1853:
1848:
1843:
1837:
1832:
1830:Equation Group
1827:
1822:
1817:
1812:
1807:
1802:
1797:
1791:
1789:
1781:
1780:
1778:
1777:
1772:
1767:
1762:
1757:
1752:
1747:
1742:
1737:
1732:
1727:
1722:
1717:
1712:
1707:
1702:
1701:
1700:
1689:
1687:
1681:
1680:
1677:
1676:
1674:
1673:
1668:
1663:
1658:
1653:
1647:
1645:
1641:
1640:
1638:
1637:
1632:
1627:
1621:
1619:
1615:
1614:
1612:
1611:
1606:
1601:
1596:
1595:
1594:
1584:
1579:
1574:
1569:
1563:
1561:
1557:
1556:
1554:
1553:
1548:
1543:
1538:
1533:
1528:
1523:
1518:
1513:
1508:
1503:
1497:
1495:
1491:
1490:
1488:
1487:
1482:
1477:
1472:
1467:
1462:
1456:
1454:
1450:
1449:
1447:
1446:
1441:
1436:
1431:
1426:
1421:
1416:
1410:
1408:
1404:
1403:
1401:
1400:
1395:
1390:
1385:
1380:
1374:
1372:
1368:
1367:
1365:
1364:
1359:
1354:
1348:
1346:
1342:
1341:
1339:
1338:
1333:
1328:
1323:
1321:HBGary Federal
1318:
1313:
1308:
1302:
1300:
1296:
1295:
1293:
1292:
1287:
1282:
1277:
1272:
1265:
1263:
1256:
1252:
1251:
1247:
1246:
1240:
1235:
1226:
1223:
1222:
1217:
1216:
1209:
1202:
1194:
1186:
1185:
1158:
1132:
1110:
1082:
1053:
1025:
998:
969:
944:
918:
893:
871:
845:
826:
801:
775:
761:
735:
717:
691:
662:
643:
621:
602:
584:
557:
556:
554:
551:
550:
549:
546:
539:
533:
527:
521:
515:
507:
504:
501:
500:
497:
494:
489:
483:
482:
479:
476:
471:
465:
464:
461:
458:
453:
447:
446:
443:
440:
435:
429:
428:
425:
422:
417:
411:
410:
407:
404:
399:
393:
392:
389:
386:
381:
375:
374:
371:
368:
363:
357:
356:
353:
350:
345:
339:
338:
335:
332:
327:
325:Initial Access
321:
320:
315:
310:
305:
292:
289:
288:
287:
266:
265:
258:
245:
244:
241:
228:
227:
212:
195:
194:
191:
173:
170:
148:parked domains
51:
50:
31:
29:
22:
15:
9:
6:
4:
3:
2:
3393:
3382:
3379:
3377:
3374:
3372:
3369:
3367:
3364:
3362:
3359:
3357:
3354:
3353:
3351:
3332:
3329:
3327:
3326:Cyclops Blink
3324:
3323:
3321:
3317:
3311:
3308:
3307:
3305:
3301:
3295:
3292:
3290:
3287:
3286:
3284:
3280:
3277:
3273:
3266:
3263:
3260:
3257:
3254:
3251:
3248:
3245:
3242:
3239:
3236:
3233:
3230:
3227:
3224:
3221:
3218:
3215:
3212:
3209:
3206:
3203:
3200:
3197:
3194:
3191:
3190:
3188:
3186:
3181:
3176:
3170:
3167:
3165:
3162:
3160:
3157:
3156:
3154:
3152:
3148:
3142:
3141:Wizard Spider
3139:
3137:
3134:
3132:
3129:
3127:
3124:
3122:
3119:
3117:
3114:
3112:
3109:
3107:
3104:
3102:
3099:
3097:
3094:
3092:
3089:
3087:
3084:
3082:
3079:
3077:
3074:
3072:
3069:
3067:
3064:
3062:
3059:
3057:
3054:
3052:
3049:
3047:
3044:
3042:
3039:
3037:
3034:
3032:
3029:
3025:
3022:
3021:
3020:
3017:
3016:
3014:
3010:
3000:
2997:
2995:
2992:
2990:
2987:
2985:
2982:
2980:
2977:
2975:
2972:
2970:
2967:
2965:
2962:
2961:
2959:
2955:
2949:
2946:
2944:
2941:
2939:
2936:
2934:
2931:
2929:
2926:
2924:
2921:
2920:
2918:
2914:
2908:
2906:
2902:
2900:
2897:
2895:
2892:
2890:
2887:
2885:
2882:
2880:
2877:
2875:
2872:
2870:
2867:
2865:
2862:
2861:
2859:
2855:
2849:
2846:
2844:
2841:
2839:
2836:
2834:
2831:
2829:
2826:
2824:
2821:
2819:
2816:
2814:
2811:
2809:
2806:
2804:
2801:
2799:
2796:
2794:
2791:
2790:
2788:
2784:
2778:
2775:
2773:
2770:
2768:
2765:
2763:
2760:
2758:
2755:
2753:
2750:
2748:
2745:
2744:
2742:
2738:
2735:
2731:
2722:
2720:
2717:
2715:
2712:←
2711:
2710:
2705:
2696:
2691:
2689:
2684:
2682:
2677:
2676:
2673:
2657:
2654:
2652:
2649:
2647:
2644:
2642:
2639:
2637:
2634:
2632:
2629:
2627:
2624:
2623:
2621:
2617:
2611:
2608:
2607:
2605:
2601:
2595:
2592:
2590:
2587:
2585:
2582:
2580:
2577:
2575:
2572:
2570:
2567:
2565:
2562:
2561:
2559:
2555:
2549:
2546:
2544:
2541:
2539:
2536:
2534:
2531:
2529:
2526:
2524:
2521:
2519:
2516:
2514:
2511:
2509:
2506:
2505:
2503:
2499:
2493:
2490:
2488:
2485:
2483:
2480:
2478:
2475:
2474:
2472:
2468:
2462:
2459:
2457:
2456:Gameover ZeuS
2454:
2452:
2449:
2447:
2444:
2442:
2439:
2437:
2434:
2432:
2429:
2427:
2424:
2422:
2419:
2418:
2416:
2412:
2406:
2403:
2401:
2398:
2397:
2395:
2391:
2385:
2382:
2380:
2377:
2375:
2372:
2370:
2367:
2365:
2362:
2360:
2357:
2355:
2352:
2351:
2349:
2345:
2339:
2336:
2334:
2331:
2329:
2326:
2324:
2321:
2319:
2316:
2314:
2311:
2310:
2308:
2304:
2298:
2295:
2293:
2290:
2288:
2285:
2283:
2280:
2279:
2277:
2273:
2270:
2268:
2264:
2257:
2254:
2251:
2248:
2245:
2242:
2239:
2236:
2233:
2230:
2227:
2224:
2221:
2218:
2215:
2212:
2209:
2206:
2203:
2200:
2197:
2194:
2191:
2188:
2185:
2182:
2179:
2176:
2173:
2170:
2167:
2164:
2161:
2158:
2155:
2152:
2149:
2146:
2143:
2140:
2137:
2134:
2131:
2128:
2125:
2122:
2119:
2116:
2113:
2110:
2107:
2104:
2101:
2098:
2095:
2092:
2089:
2086:
2083:
2080:
2077:
2074:
2071:
2068:
2065:
2062:
2059:
2056:
2053:
2050:
2049:
2047:
2045:
2040:
2035:
2029:
2026:
2024:
2021:
2019:
2016:
2014:
2011:
2009:
2006:
2004:
2001:
1999:
1996:
1994:
1991:
1989:
1986:
1984:
1981:
1979:
1976:
1974:
1971:
1969:
1966:
1964:
1961:
1960:
1958:
1956:
1952:
1946:
1943:
1941:
1938:
1936:
1933:
1931:
1928:
1926:
1923:
1921:
1918:
1916:
1915:Rocket Kitten
1913:
1911:
1908:
1906:
1903:
1901:
1898:
1896:
1893:
1891:
1888:
1886:
1883:
1881:
1878:
1875:
1871:
1867:
1866:Lazarus Group
1864:
1862:
1859:
1857:
1854:
1852:
1849:
1847:
1844:
1841:
1838:
1836:
1833:
1831:
1828:
1826:
1823:
1821:
1818:
1816:
1813:
1811:
1808:
1806:
1803:
1801:
1798:
1796:
1793:
1792:
1790:
1788:
1782:
1776:
1773:
1771:
1768:
1766:
1763:
1761:
1758:
1756:
1753:
1751:
1748:
1746:
1743:
1741:
1738:
1736:
1733:
1731:
1728:
1726:
1723:
1721:
1718:
1716:
1713:
1711:
1708:
1706:
1703:
1699:
1696:
1695:
1694:
1691:
1690:
1688:
1686:
1682:
1672:
1669:
1667:
1664:
1662:
1659:
1657:
1654:
1652:
1649:
1648:
1646:
1642:
1636:
1633:
1631:
1628:
1626:
1623:
1622:
1620:
1616:
1610:
1609:Disqus breach
1607:
1605:
1602:
1600:
1597:
1593:
1590:
1589:
1588:
1585:
1583:
1580:
1578:
1575:
1573:
1570:
1568:
1565:
1564:
1562:
1558:
1552:
1549:
1547:
1544:
1542:
1539:
1537:
1534:
1532:
1529:
1527:
1524:
1522:
1519:
1517:
1514:
1512:
1509:
1507:
1504:
1502:
1499:
1498:
1496:
1492:
1486:
1483:
1481:
1478:
1476:
1473:
1471:
1468:
1466:
1463:
1461:
1458:
1457:
1455:
1451:
1445:
1442:
1440:
1437:
1435:
1432:
1430:
1427:
1425:
1422:
1420:
1417:
1415:
1412:
1411:
1409:
1405:
1399:
1396:
1394:
1391:
1389:
1386:
1384:
1383:Snapchat hack
1381:
1379:
1376:
1375:
1373:
1369:
1363:
1360:
1358:
1355:
1353:
1352:LinkedIn hack
1350:
1349:
1347:
1343:
1337:
1334:
1332:
1329:
1327:
1324:
1322:
1319:
1317:
1314:
1312:
1309:
1307:
1304:
1303:
1301:
1297:
1291:
1288:
1286:
1283:
1281:
1278:
1276:
1273:
1270:
1267:
1266:
1264:
1260:
1257:
1253:
1245: →
1244:
1241:
1239:
1236:
1234:
1231:←
1230:
1229:
1224:
1215:
1210:
1208:
1203:
1201:
1196:
1195:
1192:
1174:
1173:
1168:
1162:
1147:
1143:
1136:
1120:
1114:
1098:
1097:
1092:
1086:
1071:
1068:(in German).
1067:
1063:
1057:
1041:
1040:
1035:
1029:
1014:
1013:
1008:
1002:
987:
983:
979:
973:
962:September 10,
958:
954:
948:
937:September 10,
932:
928:
922:
907:
903:
897:
881:
875:
859:
855:
849:
842:
838:
837:
830:
815:
811:
805:
789:
785:
779:
771:
765:
754:September 19,
750:
746:
739:
731:
730:Kryptos Logic
727:
721:
710:September 19,
706:
702:
695:
680:
677:(in German).
676:
669:
667:
658:
654:
647:
639:
635:
628:
626:
617:
613:
606:
598:
594:
588:
573:
569:
562:
558:
547:
544:
540:
537:
534:
531:
528:
525:
524:Kammergericht
522:
519:
516:
513:
510:
509:
498:
495:
493:
490:
488:
485:
484:
480:
477:
475:
472:
470:
467:
466:
462:
459:
457:
454:
452:
449:
448:
444:
441:
439:
436:
434:
431:
430:
426:
423:
421:
418:
416:
413:
412:
408:
405:
403:
400:
398:
395:
394:
390:
387:
385:
382:
380:
377:
376:
372:
369:
367:
364:
362:
359:
358:
354:
351:
349:
346:
344:
341:
340:
336:
333:
331:
328:
326:
323:
322:
319:
316:
314:
311:
309:
306:
304:
301:
300:
297:
285:
281:
280:data breaches
277:
273:
272:
271:
270:
263:
259:
256:
252:
251:
250:
249:
242:
239:
235:
234:
233:
232:
225:
224:data stealers
221:
217:
213:
210:
206:
202:
201:
200:
199:
192:
189:
185:
181:
180:
179:
178:
169:
166:
162:
160:
156:
151:
149:
144:
142:
138:
134:
129:
127:
122:
120:
116:
112:
108:
104:
99:
97:
93:
88:
86:
82:
77:
75:
71:
67:
64:strain and a
63:
59:
55:
47:
35:
30:
21:
20:
3136:ShinyHunters
3036:Berserk Bear
2907:content leak
2904:
2400:CryptoLocker
2154:DoublePulsar
1973:Cyber Anakin
1963:Ryan Ackroyd
1856:Helix Kitten
1851:Hacking Team
1846:Guccifer 2.0
1720:Lizard Squad
1536:Surkov leaks
1465:Hacking Team
1176:. Retrieved
1170:
1161:
1149:. Retrieved
1145:
1135:
1125:December 22,
1123:. Retrieved
1113:
1103:November 10,
1101:. Retrieved
1094:
1085:
1075:November 12,
1073:. Retrieved
1065:
1056:
1046:November 12,
1044:. Retrieved
1037:
1028:
1018:November 12,
1016:. Retrieved
1010:
1001:
991:November 12,
989:. Retrieved
981:
972:
960:. Retrieved
956:
947:
935:. Retrieved
931:www.cisa.gov
930:
921:
909:. Retrieved
905:
896:
886:November 20,
884:. Retrieved
874:
864:November 20,
862:. Retrieved
848:
834:
829:
817:. Retrieved
813:
804:
792:. Retrieved
787:
778:
764:
752:. Retrieved
738:
729:
720:
708:. Retrieved
694:
684:November 10,
682:. Retrieved
679:Heise Online
656:
646:
637:
615:
605:
596:
587:
575:. Retrieved
571:
561:
518:Heise Online
491:
487:Exfiltration
486:
473:
468:
455:
450:
437:
432:
419:
414:
401:
396:
383:
378:
365:
360:
347:
342:
329:
324:
317:
313:Technique ID
312:
307:
302:
294:
283:
279:
275:
268:
267:
261:
254:
247:
246:
237:
230:
229:
223:
219:
215:
208:
204:
197:
196:
187:
183:
176:
175:
167:
163:
152:
145:
130:
123:
100:
89:
84:
78:
73:
57:
56:
54:
41:
33:
3211:FORCEDENTRY
3151:Individuals
3071:Ghostwriter
2879:Viasat hack
2636:NetTraveler
2574:LogicLocker
2482:Hidden Tear
2379:Red October
2238:Dragonblood
2148:EternalBlue
2112:Stagefright
1978:George Hotz
1955:Individuals
1705:CyberBerkut
1178:January 27,
1151:January 27,
1039:Der Spiegel
911:November 7,
858:The Records
819:January 27,
794:January 27,
572:Cpomagazine
420:Brute Force
361:Persistence
318:Description
236:Emotet has
92:macro virus
3350:Categories
3199:Thunderspy
3116:OceanLotus
3106:LightBasin
3056:DarkMatter
2579:Rensenware
2564:BrickerBot
2492:TeslaCrypt
2282:Bad Rabbit
2232:Foreshadow
2136:Cloudbleed
2088:Row hammer
2070:Shellshock
2064:Heartbleed
2052:Evercookie
2028:The Jester
1910:Red Apollo
1870:BlueNorOff
1840:GOSSIPGIRL
1835:Fancy Bear
1825:Elfin Team
1820:DarkMatter
1815:Dark Basin
1800:Bureau 121
1760:Teamp0ison
1685:Hacktivism
1316:DNSChanger
553:References
478:T1071.001
460:T1021.002
370:T1547.001
352:T1204.002
220:ransomware
141:PowerShell
115:ransomware
66:cybercrime
3331:Pipedream
3265:Sinkclose
3217:Log4Shell
3185:disclosed
3183:publicly
3081:Guacamaya
3051:Cozy Bear
3019:Anonymous
2747:BlueLeaks
2610:VPNFilter
2487:Rombertik
2451:FinFisher
2441:DarkHotel
2405:DarkSeoul
2313:Coreflood
2178:BlueBorne
2130:Dirty COW
2044:disclosed
2042:publicly
1880:NSO Group
1810:Cozy Bear
1750:PayPal 14
1693:Anonymous
1567:SHAttered
1311:DigiNotar
433:Discovery
343:Execution
308:Technique
111:Crimeware
44:June 2022
3310:Predator
3294:Drovorub
3253:Terrapin
3241:LogoFAIL
3235:Downfall
3229:Retbleed
3193:SMBGhost
3169:Kirtaner
3126:Sandworm
3101:Lapsus$
3061:DarkSide
3041:BlackCat
2719:Timeline
2651:Titanium
2594:XafeCopy
2589:WannaCry
2518:KeRanger
2446:Duqu 2.0
2431:Carbanak
2250:BlueKeep
2226:SigSpoof
2184:Meltdown
2100:WinShock
2082:Rootpipe
1983:Guccifer
1905:Pranknet
1900:PLATINUM
1874:AndAriel
1785:Advanced
1740:NullCrew
1725:LulzRaft
1625:Trustico
1238:Timeline
638:Eurojust
597:Malpedia
330:Phishing
253:It uses
159:Eurojust
133:TrickBot
85:Mealybug
3361:Botnets
3289:Adrozek
3275:Malware
3259:GoFetch
3111:LockBit
3096:Killnet
3086:Hafnium
2548:X-Agent
2538:Pegasus
2421:Brambul
2384:Shamoon
2328:Kelihos
2318:Alureon
2297:Stuxnet
2267:Malware
2220:TLBleed
2202:Exactis
2190:Spectre
2124:Badlock
2058:iSeeYou
2023:Topiary
1755:RedHack
1745:OurMine
1730:LulzSec
1066:faz.net
906:Twitter
814:Europol
216:trojans
155:Europol
126:botnets
70:Ukraine
62:malware
34:updated
3267:(2024)
3261:(2024)
3255:(2023)
3249:(2023)
3247:Reptar
3243:(2023)
3237:(2023)
3231:(2022)
3225:(2022)
3219:(2021)
3213:(2021)
3207:(2021)
3201:(2020)
3195:(2020)
3178:Major
3066:Dridex
3012:Groups
2631:Joanap
2584:Triton
2523:Necurs
2513:Jigsaw
2508:Hitler
2477:Dridex
2436:Careto
2359:Dexter
2292:SpyEye
2258:(2019)
2252:(2019)
2246:(2019)
2240:(2019)
2234:(2018)
2228:(2018)
2222:(2018)
2216:(2018)
2210:(2018)
2204:(2018)
2198:(2018)
2192:(2018)
2186:(2018)
2180:(2017)
2174:(2017)
2168:(2017)
2162:(2017)
2156:(2017)
2150:(2017)
2144:(2017)
2138:(2017)
2132:(2016)
2126:(2016)
2120:(2016)
2114:(2015)
2108:(2015)
2106:JASBUG
2102:(2014)
2096:(2014)
2090:(2014)
2084:(2014)
2078:(2014)
2076:POODLE
2072:(2014)
2066:(2014)
2060:(2013)
2054:(2010)
2037:Major
2018:Track2
1940:xDedic
1770:UGNazi
705:Sophos
657:McAfee
577:May 1,
545:(2020)
543:Quebec
496:T1020
442:T1135
424:T1110
406:T1027
388:T1068
334:T1566
303:Tactic
121:gang.
103:botnet
94:in an
81:trojan
60:is a
58:Emotet
3121:REvil
2714:2010s
2646:Tinba
2533:Mirai
2461:Regin
2374:Mahdi
2369:Flame
2354:Carna
2338:Stars
2256:Kr00k
2196:EFAIL
2166:KRACK
2118:DROWN
1243:2020s
1233:2000s
1012:ZDNet
841:zdnet
749:ZDnet
222:, or
188:links
74:Heodo
3319:2022
3303:2021
3282:2020
3046:Clop
2957:2024
2916:2023
2857:2022
2786:2021
2740:2020
2641:R2D2
2626:Grum
2619:2019
2603:2018
2569:Kirk
2557:2017
2528:MEMZ
2501:2016
2470:2015
2414:2014
2393:2013
2347:2012
2323:Duqu
2306:2011
2275:2010
2013:Sabu
1765:TDO
1710:GNAA
1644:2019
1618:2018
1560:2017
1494:2016
1453:2015
1407:2014
1371:2013
1345:2012
1299:2011
1262:2010
1180:2021
1153:2021
1127:2019
1105:2019
1077:2019
1048:2019
1020:2019
993:2019
964:2024
939:2024
913:2022
888:2021
866:2021
821:2021
796:2021
756:2019
712:2019
686:2019
579:2021
157:and
137:Qbot
135:and
119:Ryuk
2364:FBI
2008:MLT
1872:) (
1096:dpa
186:or
3352::
1169:.
1144:.
1093:.
1064:.
1036:.
1009:.
984:.
980:.
955:.
929:.
904:.
856:.
839:,
812:.
786:.
747:.
728:.
703:.
665:^
655:.
636:.
624:^
614:.
595:.
570:.
282:,
278:,
218:,
2694:e
2687:t
2680:v
1876:)
1868:(
1213:e
1206:t
1199:v
1182:.
1155:.
1129:.
1107:.
1079:.
1050:.
1022:.
995:.
966:.
941:.
915:.
890:.
868:.
823:.
798:.
758:.
714:.
688:.
659:.
640:.
618:.
581:.
226:.
211:.
46:)
42:(
36:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.