{
	"id": "b6ba4a1a-834c-4b72-aa7f-484995f173e9",
	"created_at": "2026-04-06T00:20:19.725766Z",
	"updated_at": "2026-04-10T03:21:20.511208Z",
	"deleted_at": null,
	"sha1_hash": "46c6bcf45392568f0ce386babb724bf0a2ba8d07",
	"title": "Emotet returns just in time for Christmas",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1126635,
	"plain_text": "Emotet returns just in time for Christmas\r\nBy Mark Stockley\r\nPublished: 2020-12-21 · Archived: 2026-04-05 21:25:55 UTC\r\nDecember 22, 2020\r\nSome of the malicious emails we collected used COVID-19 as a lure. This tactic was already seen in the spring\r\nbut is still being leveraged, perhaps due to the massive second wave observed in the US as well as news about the\r\nhttps://blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/\r\nPage 1 of 4\n\nvaccine rollout.\r\nChristmas campaign repeat?\r\nEmotet is most feared for its alliances with other criminals, especially those in the ransomware business. The\r\nEmotet – TrickBot – Ryuk triad wreaked havoc around Christmas time in 2018.\r\nWhile some threat actors observe holidays, it is also a golden opportunity to launch new attacks when many\r\ncompanies have limited staff available. This year is even more critical in light of the pandemic and the recent\r\nSolarWinds debacle.\r\nWe urge organizations to be particularly vigilant and continue to take steps to secure their networks, especially\r\naround security policies and access control.\r\nMalwarebytes users were already protected against Emotet thanks to our signature-less Anti-Exploit protection.\r\nIndicators of Compromise\r\nYou can downloads indicators of compromise related to Emotet’s infrastructure on our GitHub page.\r\nEmotet is a threat we have been tracking very closely throughout the year thanks to its large email distribution\r\ncampaigns. Once again, and for about two months, the botnet stopped its malspam activity only to return days\r\nbefore Christmas.\r\nIn typical Emotet fashion, the threat actors continue to alternate between different phishing lures in order to social\r\nengineer users into enabling macros. However, in this latest iteration the Emotet gang is loading its payload as a\r\nDLL along with a fake error message.\r\nhttps://blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/\r\nPage 2 of 4\n\nSome of the malicious emails we collected used COVID-19 as a lure. This tactic was already seen in the spring\r\nbut is still being leveraged, perhaps due to the massive second wave observed in the US as well as news about the\r\nvaccine rollout.\r\nChristmas campaign repeat?\r\nEmotet is most feared for its alliances with other criminals, especially those in the ransomware business. The\r\nEmotet – TrickBot – Ryuk triad wreaked havoc around Christmas time in 2018.\r\nWhile some threat actors observe holidays, it is also a golden opportunity to launch new attacks when many\r\ncompanies have limited staff available. This year is even more critical in light of the pandemic and the recent\r\nSolarWinds debacle.\r\nArticle continues below this ad.\r\nWe urge organizations to be particularly vigilant and continue to take steps to secure their networks, especially\r\naround security policies and access control.\r\nMalwarebytes users were already protected against Emotet thanks to our signature-less Anti-Exploit protection.\r\nhttps://blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/\r\nPage 3 of 4\n\nIndicators of Compromise\r\nYou can downloads indicators of compromise related to Emotet’s infrastructure on our GitHub page.\r\nSource: https://blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/\r\nhttps://blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.malwarebytes.com/cybercrime/2020/12/emotet-returns-just-in-time-for-christmas/"
	],
	"report_names": [
		"emotet-returns-just-in-time-for-christmas"
	],
	"threat_actors": [],
	"ts_created_at": 1775434819,
	"ts_updated_at": 1775791280,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/46c6bcf45392568f0ce386babb724bf0a2ba8d07.pdf",
		"text": "https://archive.orkl.eu/46c6bcf45392568f0ce386babb724bf0a2ba8d07.txt",
		"img": "https://archive.orkl.eu/46c6bcf45392568f0ce386babb724bf0a2ba8d07.jpg"
	}
}