Cybercriminals behind Emotet, one of the most prolific botnets in recent history, have ramped up a new Christmas-themed phishing attack. It lures victims to download malicious attachments related to "menus" for an upcoming Christmas party.
***
See the hashes, what engines are detecting and other details in PolySwarm:
Party Menu.doc -> https://polyswarm.network/scan/results/file/c8af63a2812c5103a1cb5cc3631576f4b51ed869cef7bd53f35f8c479f7f63c7
Christmas Party.doc -> https://polyswarm.network/scan/results/file/ed7ed7ad748f0cdfb6f2e13b9b5736e17ed595eb4e69b681d35cd96fcfdb5508
***
Using subject lines like “Christmas” or “Christmas Party” clearly their tapping into the timeliness of the holiday to get their victims to click.
One of the phishing emails reads as follows:
“I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know. Don't forget to get your donations in for the money tree. Also, wear your tackiest/ugliest Christmas sweater to the party.”
Once installed victims could be subject to ransomware downloads, spam and other phishing emails.
Emotet is well-known as a banking Trojan but appears to have new functionality as a malware loader, using victims as a malware distribution network.
***
Related dropper samples from this Christmas email phishing campaign, currently active:
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915
Scan permalink: https://polyswarm.network/scan/results/file/099d9114cf9b28c2283d5da4550cec51027a271f0773a2af0f45e9249ee2da81
Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b
Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b
Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b
Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b
Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b
***
About PolySwarm:
PolySwarm is a threat intelligence platform that focuses on new and emerging malware. It uses an open source, crowdsourced model where specialized individual experts and niche antivirus companies compete to detect 0-day threats in real-time to protect enterprises. Accuracy and early detection are rewarded, and the coverage of their anti-malware engines is combined into a single access point. Try it out at polyswarm.network.