Emotet. Rendering of graphs and diagrams ...
  July 9, 2024 ∘ 5 days ago
MaaS Botnet Cybercrime Group Bank Trojan Stealer Loader

Emotet (also known as Heodo) is a banking Trojan that later transformed into a self-propagating worm and created the largest botnet in history from infected computer equipment around the world.

Currently, it is used by operators as a service for targeted delivery of malware of other cybercriminal groups according to the MaaS business model («malicious software as a service»).

A distinctive feature of Emotet is polymorphism - the ability to change its program code to bypass detection by anti-virus protection based on signature analysis.

Emotet was first discovered in 2014.

In 2020, it was used to deliver TrickBot and QakBot Trojans to the target computer equipment.

In 2021, the functioning of the servers used by Emotet was terminated as a result of a joint special operation by law enforcement agencies of the European Union and Ukraine.

On November 14, 2021, new Emotet samples were discovered, which were delivered to target computer systems via the TrickBot Trojan. Currently, there is a significant increase in Emotet activity and the reincarnation of the botnet.


Activity dynamics 

Malicious infrastructure growth dynamics  

Countries where most part of the malicious infrastructure is located 
Malicious infrastructure map 

Malicious infrastructure rose 

Extensions of captured samples 

March 22, 2022, noon

The king of the botnet world is rapidly restoring his former greatness in cyberspace and is building up an army of infected users' computers around the world
April 14, 2022, 1:22 p.m.

One of the most popular stealers among the cybercriminal underground became a victim of the dramatic events in Ukraine and ceased to exist