{
	"id": "de8d7213-88e4-420f-ade3-266022dda583",
	"created_at": "2026-04-06T00:13:25.616053Z",
	"updated_at": "2026-04-10T03:21:57.306546Z",
	"deleted_at": null,
	"sha1_hash": "0e76e9818a93042e4356a41452eeaaaf58463a61",
	"title": "Emotet malware's new 'Red Dawn' attachment is just as dangerous",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3034347,
	"plain_text": "Emotet malware's new 'Red Dawn' attachment is just as dangerous\r\nBy Lawrence Abrams\r\nPublished: 2020-08-29 · Archived: 2026-04-05 17:13:51 UTC\r\nThe Emotet botnet has begun to use a new template for their malicious attachments, and it is just as dangerous as ever.\r\nAfter a five-month \"vacation,\" the Emotet malware returned in July 2020 and began to spew massive amounts of malicious\r\nspam worldwide.\r\nThese spam campaigns pretend to be invoices, shipping information, COVID-19 information, resumes, financial documents,\r\nor scanned documents, as shown below.\r\nhttps://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nExample Emotet spam email\r\nAttached to these spam emails are malicious Word (.doc) attachments or link to download one.\r\nWhen opened, these attachments will prompt a user to 'Enable Content' so that malicious macros will run to install the\r\nEmotet malware on a victim's computer.\r\nTo trick a user into enabling the macros, Emotet has been using a document template that tells uses that the document was\r\ncreated on iOS and cannot be properly viewed unless the 'Enable Content' button is clicked.\r\nOlder Emotet iOS template\r\nOn August 25th, the botnet switched to a new template that Emotet expert Joseph Roosen has named 'Red Dawn' due to its\r\nred accent colors. \r\nhttps://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/\r\nPage 3 of 5\n\nThe Red Dawn template also moves away from its iOS theme and now states that \"This document is protected\" and that\r\npreviewing is not available.\r\nIt then prompts the user to click on 'Enable Editing' and 'Enable Content' to view the document.\r\nNew 'Red Dawn' Emotet attachment\r\nLike the previous template, once enable content is clicked, malicious macros will be executed that download and install the\r\nEmotet malware on a victim's computer.\r\nWhy it's essential to recognize Emotet attachments?\r\nEmotet is considered the most widely spread malware targeting users today. It is also particularly harmful as it will install\r\nother dangerous malware such as Trickbot and QBot onto a victim's computer.\r\nWhile TrickBot and QBot can perform different malicious activities, they both will attempt to steal stored passwords,\r\ncookies, banking information, and assorted other information from a victim's computer.\r\nTo make matters worse, both trojans are known to provide access to threat actors who install ransomware such as Conti\r\n(TrickBot) or ProLock (QBot) throughout the network.\r\nDue to this, it is vital to recognize the malicious document templates used by Emotet so that you do not accidentally become\r\ninfected. \r\nhttps://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/\r\nhttps://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/"
	],
	"report_names": [
		"emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous"
	],
	"threat_actors": [],
	"ts_created_at": 1775434405,
	"ts_updated_at": 1775791317,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0e76e9818a93042e4356a41452eeaaaf58463a61.pdf",
		"text": "https://archive.orkl.eu/0e76e9818a93042e4356a41452eeaaaf58463a61.txt",
		"img": "https://archive.orkl.eu/0e76e9818a93042e4356a41452eeaaaf58463a61.jpg"
	}
}