Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- The Emotet botnet is divided into several botnets. Researchers named them Era 1 and 2 because they received payload updates at different times.
- Each epoch has its own unique RSA key that is used for C2 communication. On September 17, 2019, part of the epoch 1 botnet was split off into the epoch 3 botnet.
- Each botnet connects to the C2 servers of its era. When a recipient is infected by an Emotet document belonging to epoch 1, the document downloads the Emotet loader from the epoch 1 infrastructure and then becomes part of epoch 1.
- The current structure of the Emotet botnetβs Tier 1 C2 server is as follows:
- Changes are first implemented in the E2 botnet. It is possible this was done as a test to ensure that in the event of changes introduced that do not work, only a portion of the entire botnet is lost.
Add Comment
Please, Sign In to add comment