{"id":38839,"date":"2020-12-22T22:50:00","date_gmt":"2020-12-22T22:50:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/emotet-campaign-restarts-after-seven-week-hiatus\/d\/d-id\/1339792"},"modified":"2020-12-22T22:50:00","modified_gmt":"2020-12-22T22:50:00","slug":"emotet-campaign-restarts-after-seven-week-hiatus","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/","title":{"rendered":"Emotet Campaign Restarts After Seven-Week Hiatus"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.<\/span><\/p>\n<p class>In October, three surges of spam laden with the Emotet downloader worked to spread the malware to vulnerable users&#8217; systems, starting a sequence that often results in a Ryuk ransomware infection or attempts to steal bank account credentials via the Trickbot banking Trojan.<\/p>\n<p>On Oct. 30, with the completion of the third campaign, the group&#8217;s spamming died down and almost no subsequent traffic appeared. Until now.<\/p>\n<p>Seven weeks after the last major Emotet campaign, the cybercriminals behind the downloader have started up their attempts to compromise more systems, according to multiple cybersecurity organizations. Anti-spam crusader Abuse.ch <a href=\"https:\/\/twitter.com\/abuse_ch\/status\/1341360939329875970\" target=\"_blank\" rel=\"noopener noreferrer\">noted on Dec. 22<\/a> that the cybercrime group had ramped up activity right before Christmas. The day before, messaging security provider Proofpoint noted that its systems were seeing more than 100,000 messages in various languages and with a variety of attachments or links.<\/p>\n<p>The latest campaign could lead to compromised systems and threats to business networks, as most employees continue to work from home.<\/p>\n<p>&#8220;What makes Emotet particularly dangerous for organizations is that it has been the primary foothold for the future deployment of other banking Trojans,&#8221; says Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. &#8220;At this point, any mainstream banking Trojan may lead to devastating ransomware attacks.&#8221;<\/p>\n<p>While the company is still analyzing the latest Emotet variant, the US Department of Homeland Security&#8217;s Cybersecurity &amp; Infrastructure Security Agency (CISA) called the malware campaigns <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-280a\" target=\"_blank\" rel=\"noopener noreferrer\">&#8220;one of the most prevalent ongoing threats&#8221;<\/a> in an advisory published in early October. The US government had seen an increase in Emotet-associated indicators since July, and which specifically targeted state and local governments, the advisory stated.<\/p>\n<p>&#8220;Emotet is an advanced Trojan primarily spread via phishing email attachments and links that, once clicked, launch the payload,&#8221; the advisory stated. &#8220;The malware then attempts to proliferate within a network by brute forcing user credentials and writing to shared drives.&#8221;<\/p>\n<p>While the latest Emotet campaign started around mid-December, the activity became most apparent in the last few says. Proofpoint issued a short statement on Twitter on Dec. 21 that also displayed a screenshot of the social engineering used to attempt to get victims to turn off features of Microsoft 365 that block malicious documents.<\/p>\n<p>&#8220;#Emotet returns after a short break just in time for the holidays,&#8221; Proofpoint <a href=\"https:\/\/twitter.com\/threatinsight\/status\/1341129142486650882\" target=\"_blank\" rel=\"noopener noreferrer\">tweeted as part of the statement<\/a>. &#8220;We&#8217;re seeing 100k+ messages in English, German, Spanish, Italian, and more. Lures use thread hijacking with Word attachments, pw-protected zips, and URLs.&#8221;<\/p>\n<p>Emotet has often been the initial attack of a triad of malware: the Emotet downloader, the Ryuk ransomware, and the Trickbot banking trojan. The triple threat of malware has had enormous success. In June, the Cisco Talos Incident Response team stated that the majority of its engagements over the last year had been to <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/ryuk-continues-to-dominate-ransomware-response-cases\/d\/d-id\/1338092\" target=\"_blank\" rel=\"noopener noreferrer\">clean up Ryuk ransomware<\/a>. In early December, security services firm CrowdStrike stated that, of the more than 200 incidents the company investigated, <a href=\"https:\/\/www.darkreading.com\/application-security\/ransomware-makes-up-half-of-all-major-incidents\/d\/d-id\/1339667\" target=\"_blank\" rel=\"noopener noreferrer\">63% were financially motivated, and 81% of those incidents were ransomware attacks<\/a> or an early stage attack that typically leads to ransomware.<\/p>\n<p>Cybersecurity companies continue to attempt to disrupt the profitable cybercriminal attacks. In October, Microsoft, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and other cybersecurity firms banded together to <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/security-firms-and-financial-group-team-up-to-take-down-trickbot\/d\/d-id\/1339155\" target=\"_blank\" rel=\"noopener noreferrer\">attempt to disrupt the Trickbot botnet<\/a>.&nbsp;<\/p>\n<p>The <a href=\"https:\/\/urlhaus.abuse.ch\/browse\/tag\/emotet\/\" target=\"_blank\" rel=\"noopener noreferrer\">latest data from the URLhaus database<\/a>, which tracks malicious and suspicious domains, shows that Emotet spam activity has quickly increased in the past week.<\/p>\n<p>This is not the first time that the Emotet group has taken a break. Spam volumes dropped in February 2020 and did not return until July, according to data from Cisco Talos.&nbsp;<\/p>\n<p>&#8220;Emotet occasionally takes periodic breaks from sending malicious spam emails, as seen earlier this year,&#8221; <a href=\"https:\/\/blog.talosintelligence.com\/2020\/11\/emotet-2020.html\" target=\"_blank\" rel=\"noopener noreferrer\">the company stated in a blog post<\/a>.<\/p>\n<p>While this version of Emotet could be similar to past versions, the developer of the malware chose to use dynamic libraries to allow for its functions to be easily updated, the CISA noted in its advisory.<\/p>\n<p>&#8220;Emotet is difficult to combat because of its &#8216;worm-like&#8217; features that enable network-wide infections,&#8221; the agency stated. &#8220;Additionally, Emotet uses modular Dynamic Link Libraries to continuously evolve and update its capabilities.&#8221;<\/p>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/emotet-campaign-restarts-after-seven-week-hiatus\/d\/d-id\/1339792?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/emotet-campaign-restarts-after-seven-week-hiatus\/d\/d-id\/1339792?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-38839","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Emotet Campaign Restarts After Seven-Week Hiatus 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emotet Campaign Restarts After Seven-Week Hiatus 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-22T22:50:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Emotet Campaign Restarts After Seven-Week Hiatus\",\"datePublished\":\"2020-12-22T22:50:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/\"},\"wordCount\":767,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/\",\"name\":\"Emotet Campaign Restarts After Seven-Week Hiatus 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2020-12-22T22:50:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/emotet-campaign-restarts-after-seven-week-hiatus\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emotet Campaign Restarts After Seven-Week Hiatus\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emotet Campaign Restarts After Seven-Week Hiatus 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/","og_locale":"en_US","og_type":"article","og_title":"Emotet Campaign Restarts After Seven-Week Hiatus 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-12-22T22:50:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Emotet Campaign Restarts After Seven-Week Hiatus","datePublished":"2020-12-22T22:50:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/"},"wordCount":767,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/","url":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/","name":"Emotet Campaign Restarts After Seven-Week Hiatus 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2020-12-22T22:50:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/emotet-campaign-restarts-after-seven-week-hiatus\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Emotet Campaign Restarts After Seven-Week Hiatus"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=38839"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38839\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=38839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=38839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=38839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}