Researchers found hundreds of malicious Office documents being used to download Emotet in June.
A recent Emotet campaign with significant TTP changes reveal that attackers may be moving away from macros-based attacks given Microsoft’s recent plans to block VBA macros by default.
The known tactic, which helps attackers sidestep detection, has been observed in spam messages that deploy Emotet.
Proofpoint's Sherrod DeGrippo discusses the top malware trends of the past year, including Emotet's takedown and eventual return.
New versions of Emotet have been dropping Cobalt Strike beacons directly, rather than relying on intermediate payloads such as Trickbot.