【図表】
Indexed volume of email messages containing Emotet, TA542’s signature payload (from 5/1/17-5/1/19)
Timeline of major milestones in TA542 activity
出典: https://hackernews.blog/2019/05/15/threat-actor-profile-ta542-from-banker-to-malware-distribution-service/
Description of the countries with observed Emotet email campaigns. Note that this list is not considered exhaustive.
Country | Language | Note |
---|---|---|
Germany | German | Consistently targeted |
Austria | German | Intermittently targeted: First targeted in 2015; since then intermittently targeted until April 9, 2019, when we began to observe regular targeting |
Switzerland | German | Intermittently targeted: First targeted in 2015; since then intermittently targeted until April 9, 2019, when we began to observe regular targeting |
United Kingdom | English | Consistently targeted |
United States | English | Consistently targeted |
Canada | French | Intermittently targeted |
Japan | Japanese | Proofpoint observed campaigns on April 12-16, 2019 |
China, Hong Kong, Taiwan | Chinese | Proofpoint observed campaigns on April 12-16, 2019 |
Australia | English | Proofpoint observed several campaigns in April 2019 |
Latin America | Spanish, Portuguese | Proofpoint regularly observes countries targeted in this region, including: Mexico, Uruguay, Argentina, Colombia, Chile, Bolivia, Paraguay, Brazil, Ecuador, Costa Rica, El Salvador, Guatemala |
Caribbean | Spanish | Countries such as the Dominican Republic |
Poland | Polish | Last observed in 2017 Update: Proofpoint researchers detected a campaign targeting Poland on May 15, 2019 |
【ブログ】
◆Threat Actor Profile: TA542, From Banker to Malware Distribution Service (Proofpoint, 2019/05/15)
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service
【関連まとめ記事】
◆全体まとめ
◆攻撃組織 / Actor (まとめ)
◆サイバー犯罪組織 (まとめ)
◆TA542 (まとめ)
https://malware-log.hatenablog.com/entry/TA542
◆マルウェア / Malware (まとめ)
◆バンキングマルウェア (まとめ)
◆Emotet (まとめ)
http://malware-log.hatenablog.com/entry/Emotet