EMOTET Exposed: Inside the Cybercriminals’ Supply Chain

On-Demand Webcast|1 Hour

New analysis from VMware delves deep into the most recent waves of the Emotet botnet, providing never-before-seen insights into the malware delivery mechanism’s malicious components and modules, its execution chains and its software development lifecycle.  

This webcast will reveal key findings and takeaways from VMware’s researchers, who managed to bypass anti-analysis techniques in order to map Emotet’s dynamic infrastructure. This presentation will offer: 

  • A review of Emotet’s infection chain process, along with its TTPs and IOCs. Plus, similarity metrics that allow for the clustering of similar infection techniques. 
  • An inside look at Emotet’s command-and-control network infrastructure, and its AGILE-like software development life cycle. 
  • “How-tos” for creating Emotet sock puppets (for fetching modules) and extracting its recently updated configuration. 
  • An analysis of two recently updated modules that differ from previous Emotet attacks – one that steals credit card info from users of Google Chrome and one that exploits the SMB protocol to proliferate. 
  • Tips and recommendations for mounting a more ironclad defense.



Giovanni Vigna

Sr. Director of Threat Intelligence


Giovanni Vigna is the Sr. Director of Threat Intelligence at VMware. He is also a Professor in the Department of Computer Science at the University of California in Santa Barbara (on leave). His research interests include malware analysis, vulnerability assessment, the underground economy, binary analysis, web security, and the applications of machine learning to security problems. Giovanni Vigna is also the founder of the Shellphish hacking group, who has participated in more DEF CON CTF competitions than any other group in history. He is an IEEE Fellow and an ACM Fellow.


Stefano Ortolani

Staff Engineer 2, Threat Research Lead at VMware


Stefano Ortolani is Staff Engineer 2 / Threat Research Lead at VMware, formerly Director of Threat Research at Lastline, where he joined in 2015 as a Security Researcher. In his current role, Stefano focuses on finding novel approaches to investigate, classify, and detect unknown cyber tradecraft. Prior to Lastline, he was part of the Global Research and Analysis Team at Kaspersky Lab, in charge of fostering operations with CERTs, governments, universities, and law enforcement agencies, as well as conducting research of the global threat landscape. He received his Ph.D. in Computer Science from VU University Amsterdam.


Bill Brenner

VP, Content

CyberRisk Alliance

Bill Brenner is VP of Content Strategy at CyberRisk Alliance -- an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology's Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.