March 22, 2022

IRS Themed Phishing with Emotet

Industry: N/A | Level: Tactical | Source: Cofense

In the spirit of the U.S. 2022 tax season, Emotet has tailoring its latest phishing campaign to the financial event. Cofense Intelligence has repeatedly identified Emotet using this particular theme in past years, masquerading as the Internal Revenue Service (IRS) to lure victims into opening an attached zip file containing a malicious document. The document if executed drops the Emotet .dll file onto the victim’s workstation.

  • Anvilogic Use Cases:
    • Compressed File Execution
    • Malicious Document Execution
    • Suspicious File written to Disk