Emotet is a sophisticated modular banking trojan that first appeared in 2014 and evolved into one of the most prolific malware-as-a-service platforms in cybercrime, distributing other payloads including Trickbot, Qakbot, and Ryuk ransomware. It spreads primarily through phishing emails carrying malicious Office documents with macros, and once installed it harvests credentials, propagates across local networks, and downloads secondary payloads. CISA has called Emotet one of the most costly and destructive malware affecting state, local, tribal, and territorial governments. International law enforcement disrupted its infrastructure in January 2021, though operations have since resumed. Defense requires email filtering, macro disablement, and network segmentation.
This family has been observed using the following ATT&CK techniques: T1566.001 T1059.001 T1071.001 T1547.001 T1055
CISA has published an advisory on this family: https://www.cisa.gov/news-events/alerts/2020/10/06/emotet-malware
Emotet is a sophisticated modular banking trojan that first appeared in 2014 and evolved into one of the most prolific malware-as-a-service platforms in cybercrime, distributing other payloads including Trickbot, Qakbot, and Ryuk ransomware. It spreads primarily through phishing emails carrying malicious Office documents with macros, and once installed it harvests credentials, propagates across local networks, and downloads secondary payloads. CISA has called Emotet one of the most costly and destructive malware affecting state, local, tribal, and territorial governments. International law enforcement disrupted its infrastructure in January 2021, though operations have since resumed. Defense requires email filtering, macro disablement, and network segmentation.
Emotet spreads primarily through phishing emails with malicious Word, Excel, or OneNote attachments, hijacked email threads, and password-protected ZIP archives.
Outbound SMTP from unexpected processes, scheduled tasks with random alphanumeric names, secondary infections (Trickbot, Qakbot, Ryuk) appearing within hours, and antivirus detections for Emotet, Geodo, or Heodo indicate compromise.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/emotet.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.