The prolific #Emotet malware - tracked under the actor #MummySpider and #TA542 - is back after a 3 month break, delivering inflated (~500MB) macro-enabled Word documents via invoice-themed Phishing emails.

https://www.bleepingcomputer.com/news/security/emotet-malware-attacks-return-after-three-month-break/

The Word documents are contained in a password protected archive, and once opened and the malicious content is enabled, will download the Emotet payload - a similarly bloated dll file, designed to bypass automated scanning solutions that typically can't process large files.

Malware analyst Max Malyutin has a great summary of the ATT&CK techniques and IOCs seen in this campaign so far: https://twitter.com/Max_Mal_/status/1633102894328168448?t=Kn9N3dUIcqul_TTCu1aqzQ&s=19

Analysts may find debloat - a tool that strips guff from intentionally bloated executables - useful in processing samples: https://github.com/Squiblydoo/debloat

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #security #technology #malware #soc #threatintel #threatintelligence #phishing