Rewterz Threat Alert – Emotet is Back from Holiday

Tuesday, January 14, 2020



Analysis Summary

Emotet is back from holiday after 3 weeks break and currently targeting 81 countries with spam emails with heavily targeting US and it’s neighboring countries. Threat actors using different email templates to lure users to click on the malicious links which includes subjects like invoices, reports, invite to holiday or even great thunberg climate change support requests.By clicking the malicious links will install emotet trojan.

Proof of delivery spam

Every spam email campaign when clicked will be delivered a message will be presented with a message stating that this “document only available for desktop or laptop versions of Microsoft Office Word.” It then prompts the user to click on ‘Enable editing’ or ‘Enable Content’ to view the document.

Malicious Word doc

When a user opens the document, malicious macros will be executed that download the Emotet trojan from a remote server and executes it.


Exposure of sensitive information


  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 20, January 2020 Rewterz Threat Alert – Iranian APT Group “MuddyWater” Resurfaces
  • 20, January 2020 Rewterz Threat Alert – STOP (djvu) Ransomware Actively Spread
  • 20, January 2020 Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Copyright © Rewterz. All rights reserved.