French version: 🇫🇷


First spotted in 2014 as a banking Trojan, Emotet evolved towards a modular structure. Since 2017, this Malware-as-a-Service has been distributing, within networks it infects, malicious codes operated by others cybercriminals who are customers of TA542.

Currently, Emotet distributes TrickBot, QakBot and SilentNight. Attack campaigns do not appear to target specific industries, although geographic targeting can sometimes be identified.

This report provides a summary of ANSSI's knowledge on Emotet and references trusted sources of IOCs.