- Emotet returned to the email threat landscape in early November for the first time since July 2022. It is once again one of the most high-volume actors observed by Proofpoint, distributing hundreds of thousands of emails per day.
- Proofpoint observed multiple changes to Emotet and its payloads including the lures used, and changes to the Emotet modules, loader, and packer.
- Emotet was observed dropping IcedID.
- The new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families.
- New operators or management might be involved as the botnet has some key differences with previous deployments.
4818 links
