Mummy Spider’s Emotet Malware is Back After a Year Hiatus,; Wizard Spider’s TrickBot Observed in Its Return

Mummy Spider (TA542, Emotet) recently-resumed their malicious activity with the notorious information-stealing malware, Emotet, after a year-long hiatus.[1] As part of this return, the Emotet malware has been observed delivered via the TrickBot malware, which is organized by the Wizard Spider (TrickBot, UNC1878) group.[2] 

Emotet and Trickbot are dangerous families that have undergone numerous changes and upgrades over years, with Emotet being first discovered in 2014 and TrickBot in 2016.[3] The longevity of these malware families, even with international law enforcement taking down Emotet infrastructure as of January 2021, showcases the relentless nature of the threat actors behind them.

To assist in helping the community, especially with the online shopping season upon us, Anomali Threat Research has made available two, threat actor focused dashboards: Mummy Spider and Wizard Spider, for  Anomali ThreatStream customers. The Dashboards are preconfigured to provide immediate access and visibility into all known Mummy Spider and Wizard Spider indicators of compromise (IOCs) made available through commercial and open-source threat feeds that users manage on ThreatStream.

Customers using ThreatStream, Anomali Match, and Anomali Lens are able to immediately detect any IOCs present in their environments and quickly consume threat bulletins containing machine-readable IOCs. This enables analysts to quickly operationalize threat intelligence across their security infrastructures, as well as communicate to all stakeholders if/how they have been impacted.

Anomali recently added thematic dashboards that respond to significant global events as part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts. In addition to Mummy Spider and Wizard Spider, ThreatStream customers currently have access to multiple dashboards announced as part of our November quarterly product release.

Customers can integrate the Mummy Spider and Wizard Spider dashboard, among others, in the “+ Add Dash ..

Support the originator by clicking the read the rest link below.