Analyzing Emotet infections

Brad Duncan: Analyzing Emotet infections Emotet is a long-running malware that targets organizations across the globe. This malware generates distinctive traffic pattern during infection and post-infection activity. This presentation reviews Emotet malware, and it dives into analyzing packet captures (pcaps) of traffic seen during these malware infections. This talk will provide detailed analysis of previously unreleased pcaps for BSides Tampa 2021. I will focus on traffic analysis which can provide valuable insight to people interested in near-real-time detection and monitoring, incident handling, and malware analysis. The presentation covers three areas: 1) Introduction to Emotet 2) Chain of Events for an Infection 3) Examples of Emotet Infection Traffic and Post-Infection Activity Participants should have a basic knowledge of network traffic and understand how to use Wireshark. This presentation can be beneficial to beginners through those with intermediate experience in traffic analysis. Fire up Wireshark and follow along! It’s easier if you’ve customized your Wireshark column display according to the first section of this video from my 2019 workshop: https://www.youtube.com/watch?v=eQItiKZpuSc ----------- WEB: https://www.bsidestampa.net DISCORD: https://discord.gg/FhdkSNa24P TWITTER: https://twitter.com/bsidestampa MERCH: https://bsides-tampa.launchcart.store/ About BSides Tampa: B-Sides Tampa is an Information Technology Security Conference hosted by the Tampa Bay Chapter of (ISC)², a registered 501(c)3 non-profit organization. The purpose of the B-Sides Tampa is to provide an open platform for Information Security industry professionals to collaborate, exchange ideas and develop long standing relationships with others in the community. The B-Sides Tampa IT Security Conference took place Virtually on March 27th, 2021.