A recent Emotet campaign with significant TTP changes reveal that attackers may be moving away from macros-based attacks given Microsoft’s recent plans to block VBA macros by default.
The known tactic, which helps attackers sidestep detection, has been observed in spam messages that deploy Emotet.
Proofpoint's Sherrod DeGrippo discusses the top malware trends of the past year, including Emotet's takedown and eventual return.
New versions of Emotet have been dropping Cobalt Strike beacons directly, rather than relying on intermediate payloads such as Trickbot.
Almost a year after law enforcement disrupted its infrastructure, the Emotet malware has returned.