Emotet is still active in the wild with its July 2020 campaign. The campaign uses a malicious Microsoft Word document, and gets creative with the appeal to enable content. Below is the attack flow.
VMRay Analyzer Report showing verdict and process graph of a sample from Emotet campaign July 2020.
The document uses a highly obfuscated macro that begins to be executed when opened. The macro starts a Powershell instance with encoded commands as a program argument. These commands then try to download Emotet from five hardcoded hosts and save it with a fixed name specified in the command itself (later moved to %AppData%\msvcr100\).