Archived: EMOTET Exposed: Inside the Cybercriminals’ Supply Chain
New analysis from VMware delves deep into the most recent waves of the Emotet botnet, providing never-before-seen insights into the malware delivery mechanism’s malicious components and modules, its execution chains and its software development lifecycle.
This webcast will reveal key findings and takeaways from VMware’s researchers, who managed to bypass anti-analysis techniques in order to map Emotet’s dynamic infrastructure. This presentation will offer:
- A review of Emotet’s infection chain process, along with its TTPs and IOCs. Plus, similarity metrics that allow for the clustering of similar infection techniques.
- An inside look at Emotet’s command-and-control network infrastructure, and its AGILE-like software development life cycle.
- “How-tos” for creating Emotet sock puppets (for fetching modules) and extracting its recently updated configuration.
- An analysis of two recently updated modules that differ from previous Emotet attacks – one that steals credit card info from users of Google Chrome and one that exploits the SMB protocol to proliferate.
- Tips and recommendations for mounting a more ironclad defense.
Giovanni Vigna
Sr. Director of Threat Intelligence
VMware
Giovanni Vigna is the Sr. Director of Threat Intelligence at VMware. He is also a Professor in the Department of Computer Science at the University of California in Santa Barbara (on leave). His research interests include malware analysis, vulnerability assessment, the underground economy, binary analysis, web security, and the applications of machine learning to security problems. Giovanni Vigna is also the founder of the Shellphish hacking group, who has participated in more DEF CON CTF competitions than any other group in history. He is an IEEE Fellow and an ACM Fellow.
Stefano Ortolani
Staff Engineer 2, Threat Research Lead at VMware
VMware
Stefano Ortolani is Staff Engineer 2 / Threat Research Lead at VMware, formerly Director of Threat Research at Lastline, where he joined in 2015 as a Security Researcher. In his current role, Stefano focuses on finding novel approaches to investigate, classify, and detect unknown cyber tradecraft. Prior to Lastline, he was part of the Global Research and Analysis Team at Kaspersky Lab, in charge of fostering operations with CERTs, governments, universities, and law enforcement agencies, as well as conducting research of the global threat landscape. He received his Ph.D. in Computer Science from VU University Amsterdam.
Speakers
Stefano Ortolani is Staff Engineer 2 / Threat Research Lead at VMware, formerly Director of Threat Research at Lastline, where he joined in 2015 as a Security Researcher. In his current role, Stefano focuses on finding novel approaches to investigate, classify, and detect unknown cyber tradecraft. Prior to Lastline, he was part of the Global Research and Analysis Team at Kaspersky Lab, in charge of fostering operations with CERTs, governments, universities, and law enforcement agencies, as well as conducting research of the global threat landscape. He received his Ph.D. in Computer Science from VU University Amsterdam.
InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.