Emotet returned to the email threat landscape in early November for the first time since July 2022. It is once again one of the most high-volume actors observed by Proofpoint, distributing hundreds of thousands of emails per day.
Proofpoint observed multiple changes to Emotet and its payloads including the lures used, and changes to the Emotet modules, loader, and packer.
Emotet was observed dropping IcedID.
The new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families.
New operators or management might be involved as the botnet has some key differences with previous deployments.