I don’t normally post much about Emotet here for a few reasons. I don’t see much sent to me in UK, although it is prolific. The emails are generally so generic and are fake invoices or orders, with nothing particularly interesting or alerting to warn about. They either attach macro enabled word docs or as in this case are using links in emails to dozens or even hundreds of compromised sites to deliver malicious word docs. Each word doc is individually generated and the file hash either changes on each visit to the compromised site or changes every few minutes. … Continue reading →