Emotet Strikes Again - Lnk File Leads to Domain Wide Ransomware
released on 2022-11-28 @ 08:47:01 AM
The report describes a campaign in June of 2022 where the threat actor gained access to an environment via Emotet and operated over an eight-day period. During this time period, multiple rounds of enumeration and lateral movement occurred using Cobalt Strike. Remote access tools were used for command and control, such as Tactical RMM and Anydesk. The threat actors final actions included data exfiltration using Rclone and domain-wide deployment of Quantum Ransomware.