{ "id": "4aa1cdcb-a355-470c-8d16-067374a21d39", "created_at": "2026-04-06T00:15:44.601156Z", "updated_at": "2026-04-10T03:24:23.516367Z", "deleted_at": null, "sha1_hash": "08f3b8c107d05b61a1705394f7bbadd827d5cc9a", "title": "Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap from 2022-02-08", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1494948, "plain_text": "Quick Malware Analysis: Emotet Epoch 5 and Cobalt Strike pcap\r\nfrom 2022-02-08\r\nArchived: 2026-04-05 23:43:21 UTC\r\nThanks to Brad Duncan for sharing this Emotet Epoch 5 pcap!\r\nhttps://www.malware-traffic-analysis.net/2022/02/08/index.html\r\nWe did a quick analysis of this pcap on the latest version of Security Onion via so-import-pcap:\r\nhttps://docs.securityonion.net/en/2.3/so-import-pcap.html\r\nThe screenshots below show some of the interesting Suricata alerts, Zeek logs, session transcripts, and\r\nobservables.\r\nAbout Security Onion\r\nSecurity Onion is a versatile and scalable platform that can run on small virtual machines and can also scale up to\r\nthe opposite end of the hardware spectrum to take advantage of extremely powerful server-class machines. \r\nSecurity Onion can also scale horizontally, growing from a standalone single-machine deployment to a full\r\ndistributed deployment with tens or hundreds of machines as dictated by your enterprise visibility needs.\r\nTo learn more about Security Onion, please see:\r\nhttps://securityonion.net\r\nhttps://securityonion.net/docs\r\nMore Samples\r\nFind all of our Quick Malware posts at:\r\nhttps://blog.securityonion.net/search/label/quick%20malware%20analysis\r\nScreenshots\r\nClick the first image to start the screenshot tour:\r\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 1 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 2 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 3 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 4 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 5 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 6 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 7 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 8 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 9 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 10 of 12\n\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 11 of 12\n\nSource: https://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nhttps://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html\r\nPage 12 of 12", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://blog.securityonion.net/2022/02/quick-malware-analysis-emotet-epoch-5.html" ], "report_names": [ "quick-malware-analysis-emotet-epoch-5.html" ], "threat_actors": [ { "id": "610a7295-3139-4f34-8cec-b3da40add480", "created_at": "2023-01-06T13:46:38.608142Z", "updated_at": "2026-04-10T02:00:03.03764Z", "deleted_at": null, "main_name": "Cobalt", "aliases": [ "Cobalt Group", "Cobalt Gang", "GOLD KINGSWOOD", "COBALT SPIDER", "G0080", "Mule Libra" ], "source_name": "MISPGALAXY:Cobalt", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434544, "ts_updated_at": 1775791463, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/08f3b8c107d05b61a1705394f7bbadd827d5cc9a.pdf", "text": "https://archive.orkl.eu/08f3b8c107d05b61a1705394f7bbadd827d5cc9a.txt", "img": "https://archive.orkl.eu/08f3b8c107d05b61a1705394f7bbadd827d5cc9a.jpg" } }