{"id":46365,"date":"2022-04-26T12:00:05","date_gmt":"2022-04-26T12:00:05","guid":{"rendered":"http:\/\/b5b8db42-7566-47e9-9cb5-f4c528f53494"},"modified":"2022-04-26T12:00:05","modified_gmt":"2022-04-26T12:00:05","slug":"the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/","title":{"rendered":"The Emotet botnet is back, and it has some new tricks to spread malware"},"content":{"rendered":"<div class=\"share-bar-wrapper\">\n<div class=\"full-byline\">\n<div class=\"author-avatars\"> <a rel=\"author\" class=\"thumb author-modal-open\" data-component=\"authorModal\" data-author-modal-options=\"{&quot;selector&quot;:&quot;danny-palmer-modal&quot;,&quot;hoverSelector&quot;:&quot;.full-byline&quot;}\" href=\"https:\/\/www.zdnet.com\/meet-the-team\/uk\/dannypalmerzdnet\/\"> <span class=\"img \"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\" class alt=\"Danny Palmer\" height=\"50\" width=\"50\"><\/span> <\/a> <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>A prolific botnet has reemerged with new techniques to infect Windows PC with malware.&nbsp;<\/p>\n<p>Once described as the <a href=\"https:\/\/www.zdnet.com\/article\/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation\/\" target=\"_blank\" rel=\"noopener\">most dangerous malware botnet<\/a> in existence, Emotet helped cyber criminals to distribute <a href=\"https:\/\/www.zdnet.com\/article\/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software\/\" target=\"_blank\" rel=\"noopener\">malware<\/a> and <a href=\"https:\/\/www.zdnet.com\/article\/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a> to victims around the world, before being disrupted by a coordinated global law enforcement takedown in <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/world%e2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">January 2021<\/a>.&nbsp;<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"> <span class=\"int\">ZDNet Recommends<\/span> <\/h3>\n<\/p><\/div>\n<p>But <a href=\"https:\/\/www.zdnet.com\/article\/emotet-once-the-worlds-most-dangerous-malware-is-back\/\" target=\"_blank\" rel=\"noopener\">Emotet reemerged 10 months later<\/a> and has resumed campaigns. It is sending out millions of phishing emails in mass spam campaigns, with the aim of infecting devices with malware that ropes them into a botnet controlled by cyber criminals.&nbsp;<\/p>\n<p><strong><strong>SEE:&nbsp;<\/strong><\/strong><a href=\"http:\/\/www.zdnet.com\/topic\/a-winning-strategy-for-cybersecurity\/\"><strong><strong>A winning strategy for cybersecurity<\/strong><\/strong><\/a><strong>&nbsp;<strong>(ZDNet special report)<\/strong><\/strong><\/p>\n<p>According to <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/emotet-tests-new-delivery-techniques\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">cybersecurity researchers at Proofpoint<\/a>, Emotet appears to be testing new attack techniques at a small scale, which could potentially be adopted for much larger campaigns. These techniques are designed to make attacks more difficult to detect, ultimately increasing the chances of them being successful. &nbsp;<\/p>\n<p>The emergence of new attack techniques has coincided with a period when it seemed widespread Emotet campaigns were put on hold, with new activity occurring at low volume.&nbsp;<\/p>\n<p>One of these new&nbsp;campaigns exploits compromised email accounts to send out <a href=\"https:\/\/www.zdnet.com\/article\/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more\/\" target=\"_blank\" rel=\"noopener\">spam-phishing emails<\/a>&nbsp;with one-word subject lines \u2013 researchers note that one of them is simply &#8216;Salary&#8217;, a subject line that could encourage a user to click out of curiosity.&nbsp;<\/p>\n<p>The message bodies contain only a OneDrive URL, which hosts zip files containing Microsoft Excel Add-in (XLL) files with a similar name to the email subject line.&nbsp;<\/p>\n<p>If the XLL files are opened and executed, Emotet is dropped on the machine, infecting it with malware. Emotet can be used to steal information from victims and serves as a backdoor for deploying other malware onto the compromised Windows system \u2013 it has <a href=\"https:\/\/www.zdnet.com\/article\/this-trojan-malware-is-now-your-biggest-security-headache\/\" target=\"_blank\" rel=\"noopener\">commonly been used as a backdoor to deploy ransomware attacks<\/a>.&nbsp;<\/p>\n<p>What makes this campaign distinct from previous Emotet campaigns is the use of OneDrive URLs \u2013 typically, Emotet attempts to spread itself via the use of Microsoft Office attachments or phishing URLs that link to Office files.&nbsp;<\/p>\n<p>The use of XLL files is also unusual, as Emotet has traditionally been distributed using Microsoft Excel or Word documents containing Visual Basic for Applications (VBA) scripts or macros.<\/p>\n<p><strong>SEE: <\/strong><a href=\"https:\/\/www.zdnet.com\/article\/clueless-hackers-spent-months-inside-a-network-and-nobody-noticed-then-a-ransomware-gang-took-over\/#link=%7B%22role%22:%22standard%22,%22href%22:%22https:\/\/www.zdnet.com\/article\/clueless-hackers-spent-months-inside-a-network-and-nobody-noticed-then-a-ransomware-gang-took-over\/%22,%22target%22:%22_blank%22,%22absolute%22:%22%22,%22linkText%22:%22Clueless%20hackers%20spent%20months%20inside%20a%20network%20and%20nobody%20noticed.%20But%20then%20a%20ransomware%20gang%20turned%20up%22%7D\"><strong>Clueless hackers spent months inside a network and nobody noticed. But then a ransomware gang turned up<\/strong><\/a><\/p>\n<p>This switch comes after <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-to-make-enabling-untrusted-office-macros-tougher-in-the-name-of-security\/\" target=\"_blank\" rel=\"noopener\">Microsoft announced<\/a>&nbsp;it would begin blocking macros obtained from the internet by default from April. That move is part of an effort to help protect users from a technique commonly used in phishing attacks, so gangs are likely testing new techniques to get around this.&nbsp;<\/p>\n<p>&#8220;After months of consistent activity, Emotet is switching things up. It is likely the threat actor is testing new behaviors on a small scale before delivering them to victims more broadly, or to distribute via new TTPs (Tactics, Techniques, and Procedures) alongside its existing high-volume campaigns,&#8221; said Sherrod DeGrippo, vice president of threat research and detection at Proofpoint.<\/p>\n<p>&#8220;Organisations should be aware of the new techniques and ensure they are implementing defenses accordingly,&#8221; she added.&nbsp;<\/p>\n<p>ZDNet has contacted Microsoft for comment.&nbsp;<\/p>\n<h3><strong>MORE ON CYBERSECURITY<\/strong><\/h3>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The botnet appears to have used a short break to test new methods for infecting Windows systems with backdoor malware.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-46365","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Emotet botnet is back, and it has some new tricks to spread malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Emotet botnet is back, and it has some new tricks to spread malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-26T12:00:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The Emotet botnet is back, and it has some new tricks to spread malware\",\"datePublished\":\"2022-04-26T12:00:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/\"},\"wordCount\":544,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/\",\"name\":\"The Emotet botnet is back, and it has some new tricks to spread malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-04-26T12:00:05+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/d31db2eb85c51031247ce810263a83caae1ca2c5\\\/2020\\\/02\\\/06\\\/6f24b751-729c-4ed9-9fae-979667f1d3b3\\\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Emotet botnet is back, and it has some new tricks to spread malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Emotet botnet is back, and it has some new tricks to spread malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/","og_locale":"en_US","og_type":"article","og_title":"The Emotet botnet is back, and it has some new tricks to spread malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-04-26T12:00:05+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The Emotet botnet is back, and it has some new tricks to spread malware","datePublished":"2022-04-26T12:00:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/"},"wordCount":544,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/","url":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/","name":"The Emotet botnet is back, and it has some new tricks to spread malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","datePublished":"2022-04-26T12:00:05+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/d31db2eb85c51031247ce810263a83caae1ca2c5\/2020\/02\/06\/6f24b751-729c-4ed9-9fae-979667f1d3b3\/dp-zdnet-headshot-feb-20201.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-emotet-botnet-is-back-and-it-has-some-new-tricks-to-spread-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"The Emotet botnet is back, and it has some new tricks to spread malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46365"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46365\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}