Emotet
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Emotet](https://attack.mitre.org/software/S0367) is a modular malware variant which is primarily used as a downloader for other malware variants such as [TrickBot](https://attack.mitre.org/software/S0266) and [IcedID](https://attack.mitre.org/software/S0483). Emotet first emerged in June 2014, initially targeting the financial sector, and has expanded to multiple verticals over time.(Citation: Trend Micro Banking Malware Jan 2019)
Associated Techniques (47)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.001 | LSASS Memory | - |
| T1016.002 | Wi-Fi Discovery | - |
| T1021.002 | SMB/Windows Admin Shares | - |
| T1027.001 | Binary Padding | - |
| T1027.002 | Software Packing | - |
| T1027.009 | Embedded Payloads | - |
| T1027.010 | Command Obfuscation | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1033 | System Owner/User Discovery | - |
| T1036.004 | Masquerade Task or Service | - |
| T1040 | Network Sniffing | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1047 | Windows Management Instrumentation | - |
| T1053.005 | Scheduled Task | - |
| T1055.001 | Dynamic-link Library Injection | - |
Aliases (105)
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Geodo
Used by Actors (1)
Metadata
| ID: | 129 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |