{"id":51014,"date":"2023-03-14T14:30:39","date_gmt":"2023-03-14T14:30:39","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34417\/Botnet-That-Knows-Your-Name-And-Quotes-Your-Email-Is-Back-With-New-Tricks.html"},"modified":"2023-03-14T14:30:39","modified_gmt":"2023-03-14T14:30:39","slug":"botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/","title":{"rendered":"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/email-notification-800x534.jpg\" alt=\"Botnet that knows your name and quotes your email is back with new tricks\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/03\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">33<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 1:single\/related:b39175d2428905d2a3305030f67a8071 --><!-- empty --><\/p>\n<p>Widely regarded as one of the Internet\u2019s <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/10\/dhs-warns-that-emotet-malware-is-one-of-the-most-prevalent-threats-today\/\">top threats<\/a>, the Emotet botnet has returned after a months-long hiatus\u2014and it has some new tricks.<\/p>\n<p>Last week, Emotet <a href=\"https:\/\/www.deepinstinct.com\/blog\/emotet-again-the-first-malspam-wave-of-2023\">appeared for the first time<\/a> this year after a four-month hiatus. It returned with its trademark activity\u2014a wave of malicious spam messages that appear to come from a known contact, address the recipient by name, and seem to be replying to an existing email thread. When Emotet has returned from previous breaks, it has brought new techniques designed to evade endpoint security products and to trick users into clicking on links or enabling dangerous macros in attached Microsoft Office documents. Last week\u2019s resumption of activity was no different.<\/p>\n<p>A malicious email sent last Tuesday, for instance, attached a Word document that had a massive amount of extraneous data added to the end. As a result, the file was more than 500MB in size, big enough to prevent some security products from being able to scan the contents. This technique, known as binary padding or file pumping, works by adding zeros to the end of the document. In the event someone is tricked into enabling the macro, the malicious Windows DLL file that\u2019s delivered is also pumped, causing it to mushroom from 616kB to 548.1MB, researchers from security firm Trend Micro <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/c\/emotet-returns-now-adopts-binary-padding-for-evasion.html\">said on Monday<\/a>.<\/p>\n<p>Another evasion trick spotted in the attached document: excerpts from the Herman Melville classic novel <em>Moby Dick<\/em>, which appear in a white font over a white page so the text isn\u2019t readable. Some security products automatically flag Microsoft Office files containing just a macro and an image. The invisible text is designed to evade such software while not arousing the suspicion of the target.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/emotet-moby-dick.png\" class=\"enlarge\" data-height=\"944\" data-width=\"820\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/emotet-moby-dick-640x737.png\" width=\"640\" height=\"737\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/emotet-moby-dick.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">Deep Instinct<\/div>\n<\/figcaption><\/figure>\n<p>When opened, the Word documents present a graphic that says the content can\u2019t be accessed unless the user clicks the \u201cenable content\u201d button. Last year, Microsoft began <a href=\"https:\/\/arstechnica.com\/gadgets\/2022\/02\/microsoft-will-block-downloaded-macros-in-office-versions-going-back-to-2013\/\">disabling macros<\/a> downloaded from the Internet by default.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/enable-editing-enable-content.jpg\" class=\"enlarge\" data-height=\"731\" data-width=\"936\" alt=\"The graphic that appears immediately after opening a malicious Word document. It says the content can't be accessed unless the &quot;enable content&quot; button is clicked.\"><img loading=\"lazy\" decoding=\"async\" alt=\"The graphic that appears immediately after opening a malicious Word document. It says the content can't be accessed unless the &quot;enable content&quot; button is clicked.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/enable-editing-enable-content-640x500.jpg\" width=\"640\" height=\"500\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/enable-editing-enable-content.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/enable-editing-enable-content.jpg\" class=\"enlarge-link\" data-height=\"731\" data-width=\"936\">Enlarge<\/a> <span class=\"sep\">\/<\/span> The graphic that appears immediately after opening a malicious Word document. It says the content can&#8217;t be accessed unless the &#8220;enable content&#8221; button is clicked.<\/div>\n<div class=\"caption-credit\">Trend Micro<\/div>\n<\/figcaption><\/figure>\n<p>Clicking the &#8220;enable content&#8221; button undoes that default and allows the macro to run. The macro causes Office to download a .zip file from a legitimate website that has been hacked. Office will then unzip the archive file and execute the inflated Emotet DLL that infects the device.<\/p>\n<p>Once it has infected a victim\u2019s device, the malware pilfers passwords and other sensitive data and uses the device to send malicious spam to other users. The malware can also download additional malware such as the Ryuk ransomware or the TrickBot malware. The infection chain looks like this:<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/emotet-infection-chain.jpg\" class=\"enlarge\" data-height=\"1164\" data-width=\"1430\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/emotet-infection-chain-640x521.jpg\" width=\"640\" height=\"521\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/emotet-infection-chain-1280x1042.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">Trend Micro<\/div>\n<\/figcaption><\/figure>\n<p>The attention to detail seen in this latest revival is signature Emotet behavior. For years, the botnet has painstakingly copied received email conversations from infected machines and embedded them into malicious spam sent to other parties in the thread. By following up on an email from someone the target has communicated with in the past, the malicious spam message stands a better chance of going undetected. Emotet can also&nbsp;<a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/02\/one-of-the-most-destructive-botnets-can-now-spread-to-nearby-wi-fi-networks\/\">gain access to Wi-Fi networks<\/a> and infect connected devices.<\/p>\n<p>With the return of Emotet, people should be on the lookout for malicious emails, even if they appear to come from trusted sources, call the target by name, and include previously sent and received emails. There is rarely a good reason for enabling macros in documents sent by email. People should refuse to allow them to run without first communicating with the sender by phone, instant message, or another non-email medium.<\/p>\n<p>Countries hit the hardest in the latest Emotet run are European, Asian Pacific, and Latin American.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34417\/Botnet-That-Knows-Your-Name-And-Quotes-Your-Email-Is-Back-With-New-Tricks.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":51015,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8802],"class_list":["post-51014","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwarebotnet"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-14T14:30:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/email-notification-800x534.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks\",\"datePublished\":\"2023-03-14T14:30:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/\"},\"wordCount\":647,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg\",\"keywords\":[\"headline,hacker,malware,botnet\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/\",\"name\":\"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg\",\"datePublished\":\"2023-03-14T14:30:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,botnet\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarebotnet\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/","og_locale":"en_US","og_type":"article","og_title":"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-03-14T14:30:39+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/email-notification-800x534.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks","datePublished":"2023-03-14T14:30:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/"},"wordCount":647,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg","keywords":["headline,hacker,malware,botnet"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/","url":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/","name":"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg","datePublished":"2023-03-14T14:30:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/03\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,botnet","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarebotnet\/"},{"@type":"ListItem","position":3,"name":"Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51014"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51014\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/51015"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}