Incident with unknown and undetected malware

Responding to an alert at one of our customers we came across the following incident.

The customer was phished with a seemingly targetted phishing attack back in late April through the site diymania[.]eu (behind cloudflare) (URL: hxxp://diymania[.]eu/hvilke-fordele-er-der-ved-bredygtig-energi.html (dead now)). The original link was most probably delivered through a mail to the user (not recovered).

Only a single client machine was affected....

A large number of events happen in your systems every day. In this article, we’ll examine what “bad” events show up in the network when the Emotet malware is executed in your systems.

The network traffic sample has been downloaded from malware-traffic-analysis.net. It is an excellent site to find different types of malwares and the corresponding traffic. The specific malware sample we will use in this article were collected originally by Palo Alto’s Unit42 Threat...