The Emotet gang has started using the emails it stole in October 2018 marking a major milestone for the group and its activities.
Cofense reported the group has so far sent more than 1,000 unique emails, with their own subject line, sent and is part of an effort to get away from using template-based emails which can be easy to spot. The gang sends the emails to someone from the contact list belonging to one of the stolen emails and then, place an Re: and the original subject line in and send it to someone who would have received the original email in the past.
“All of this is done to add relevance and authenticity to the emails being sent. Currently, the emails are only leveraging document download links and do not contain attachments. We are only seeing email content that appears to be from the Oct./Nov. timeframe, but expect that this will change over time,” Cofense said.
Emotet’s new tactic is only being used on the Epoch 1 botnet, Cofense said.