Emotet was on a break
Researchers observed that the command and control servers of the Emotet botnet were shut down since June.
Raashid Bhat, a security researcher at Spamhaus, told ZDNet, “Initially, they didn't start sending out spam right away. For the past few weeks, the C&C servers have been sitting idly, serving binaries for the Emotet ‘lateral movement’ and ‘credentials stealing’.”
The latest news
Cofense Labs has also analyzed the Emotet’s return. Observations made by security researchers indicate that the campaign sends emails with financial themes.
Infected systems are added to the Emotet’s botnet, following which malicious modules are delivered.
The Cryptolaemus research group has published Indicators of Compromise (IOCs) for this Emotet campaign that you can monitor in your systems.