{"id":36619,"date":"2020-08-13T13:00:00","date_gmt":"2020-08-13T13:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/emotet-return-brings-new-tactics-and-evasion-techniques\/d\/d-id\/1338654"},"modified":"2020-08-13T13:00:00","modified_gmt":"2020-08-13T13:00:00","slug":"emotet-return-brings-new-tactics-evasion-techniques","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/","title":{"rendered":"Emotet Return Brings New Tactics &amp; Evasion Techniques"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools. <\/span><\/p>\n<p class>The Emotet botnet recently resurfaced following five months of quiet. Now, researchers tracking the prolific threat share details about what&#8217;s new and different in its latest wave \u2014 in particular, evasion detection tactics that help attackers fly under the radar of security tools.<\/p>\n<p>Emotet is often used as the entry point for infecting a business, after which criminals stay in an environment for days or weeks. They often use the time to drop secondary payloads; in its latest iteration, Emotet has used TrickBot and QakBot to spread laterally and steal credentials.<\/p>\n<p>Over the last few years, this threat has been &#8220;coming in waves,&#8221; says Shimon Oren, vice president of research at Deep Instinct, where researchers have been analyzing its recent activity. &#8220;We see periods of very, very high volume of activity, both in terms of new samples that are generated and are being distributed and users, and also in terms of the targets.&#8221;<\/p>\n<p>Emotet has been spotted across sectors and business sizes, using social engineering scams \u2014 from invoices and financial statements to COVID-19-related emails \u2014 to convince victims to click. Most of its recent victims appear to be in the US and UK; however, operators have been known to diversify distribution with local languages, says Adam Kujawa, director of Malwarebytes Labs.<\/p>\n<p>&#8220;Usually it involves an email which claims to be a response to an active e-mail threat (for example, &#8216;RE: That thing I sent ya&#8217;) and includes an attached Office document,&#8221; Kujawa says. &#8220;Once opened, it activates a macro script [that] downloads the malware and installs it on the system.&#8221;<\/p>\n<p>In addition to hijacking existing email threads, Emotet has begun to add stolen attachments to emails in order to make them seem legitimate. One of its main capabilities, Kujawa notes, is establishing a spam module on the victim&#8217;s system, stealing email contacts, and automatically sending phishing attacks to a victim&#8217;s colleagues. The usual methods of avoiding sketchy emails don&#8217;t apply: Emotet may send an email from someone you&#8217;d expect, in a thread you&#8217;re part of.<\/p>\n<p>&#8220;The folks behind Emotet are masters of development when it comes to making Emotet more capable on the system, but they are also very good at finding unique ways of spreading threats on corporate networks,&#8221; he adds.<\/p>\n<p>Emotet has become a vast and <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/emotet-resurfaces-to-drive-145--of-threats-in-q4-2019\/d\/d-id\/1337147\" target=\"_blank\" rel=\"noopener noreferrer\">evasive piece<\/a> of malware that continues to expand its capabilities, including the ways it bypasses increasingly advanced security tools.<\/p>\n<p>Deep Instinct researchers evaluated a dataset of 38,000 samples from Emotet activity from July 17 to July 28; they divided these samples into three epochs, or botnets operating independently. They also broke the samples down into 170 templates, most of which were found in one epoch, indicating operators behind each have their own Emotet loaders.<\/p>\n<p>The Emotet loader, they found, contains a lot of benign code as part of its evasion techniques and could manipulate artificial intelligence\u2013based security products that rely on both malicious and benign code when classifying files. Inserting benign code into executable files can reduce the chances of detection, and it appears Emotet&#8217;s operators are using legitimate Microsoft code to do this.<\/p>\n<p><a href=\"https:\/\/www.deepinstinct.com\/2020\/08\/12\/why-emotets-latest-wave-is-harder-to-catch-than-ever-before\/\" target=\"_blank\" rel=\"noopener noreferrer\">Analysis revealed<\/a> the benign code of recent Emotet activity may be pulled from Microsoft DLL files that are part of the Visual C++ runtime environment, or even benign software unrelated to how the malware operates, researchers explain in a blog post on their findings. Only a small portion of code used is actually malicious, hidden in code that won&#8217;t raise a red flag.<\/p>\n<p>&#8220;A lot of the code is there in order to confuse, especially when examining statically, but a lot of it isn&#8217;t even executed,&#8221; Oren explains. &#8220;A lot of it isn&#8217;t even reached during the execution.&#8221;<\/p>\n<p>The malware has several steps to execution, which can also trip up security tools. An attack starts with a document; this downloads a file, which decrypts another file, which brings it to the final payload. Its multistage nature is complex, Oren says, because the malicious business logic is never found on disk. It resides in memory and is decrypted and unpacked in runtime.<\/p>\n<p><strong>Coming Back Stronger<\/strong><br \/>The group or groups behind Emotet are conscious of the fact that your organization is more successful and can last longer when it operates in this mode of high-volume activity, Oren says. They increase their efficiency and infection rate, and the wave starts to drop as the industry gains a greater understanding of the threat.&nbsp;<\/p>\n<p>&#8220;Then it&#8217;s time to go back to the lab, go under the radar completely, and start working on the next wave and making that as good as possible, as evasive as possible,&#8221; he explains. The tactic seems to be working: After going dark for a few months, Emotet reemerges more evasive than before, with techniques that security tools often aren&#8217;t equipped to handle.<\/p>\n<p>Emotet usually takes breaks throughout the year, Kujawa says. Sometimes it&#8217;s during summer, sometimes in winter \u2014 sometimes both. It&#8217;s believed the attackers use this downtime to upgrade their tools and find new distribution methods. This time, however, there was another factor.<\/p>\n<p>&#8220;It seems that once folks started working from home, we saw an increase in use of tools not meant to infect corporate networks, but to be used to infect and conduct information gathering operations on employees working from home,&#8221; he says of the COVID-19 pandemic.&nbsp;<\/p>\n<p>There may have been too few people working in offices, at corporate endpoints, to allow for a successful campaign, he continues. The chaos of everyone establishing work-from-home policies may have made corporate networks too unstable to attack a specific target, and the bad guys were waiting until things slowed down.<\/p>\n<p>It&#8217;s important to note that Emotet&#8217;s&nbsp;attackers know that their malware will be detected, stopping its functions, and there will be efforts to block their threat. &#8220;The malware developer vs. malware detector battle will rage forever,&#8221; Kujawa says. They also know many organizations fail to completely secure their networks from outside access or internal infection, allowing families like TrickBot to move laterally throughout internal systems.<\/p>\n<p>&#8220;So they&#8217;ve doubled down on the one vulnerability they can most count on, and that is fooling users,&#8221; he continues. While new functionality has been added to the botnet itself, researchers have seen even more focus on how it&#8217;s distributed.<\/p>\n<p><strong>Related Content:<\/strong><\/p>\n<p> <span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/emotet-return-brings-new-tactics-and-evasion-techniques\/d\/d-id\/1338654?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools. Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/emotet-return-brings-new-tactics-and-evasion-techniques\/d\/d-id\/1338654?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-36619","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Emotet Return Brings New Tactics &amp; Evasion Techniques 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emotet Return Brings New Tactics &amp; Evasion Techniques 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-13T13:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Emotet Return Brings New Tactics &amp; Evasion Techniques\",\"datePublished\":\"2020-08-13T13:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/\"},\"wordCount\":1130,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/\",\"name\":\"Emotet Return Brings New Tactics &amp; Evasion Techniques 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2020-08-13T13:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-return-brings-new-tactics-evasion-techniques\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emotet Return Brings New Tactics &amp; Evasion Techniques\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emotet Return Brings New Tactics &amp; Evasion Techniques 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/","og_locale":"en_US","og_type":"article","og_title":"Emotet Return Brings New Tactics &amp; Evasion Techniques 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-08-13T13:00:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Emotet Return Brings New Tactics &amp; Evasion Techniques","datePublished":"2020-08-13T13:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/"},"wordCount":1130,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/","url":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/","name":"Emotet Return Brings New Tactics &amp; Evasion Techniques 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2020-08-13T13:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/emotet-return-brings-new-tactics-evasion-techniques\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Emotet Return Brings New Tactics &amp; Evasion Techniques"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36619","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36619"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36619\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36619"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36619"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36619"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}