{"id":82984,"date":"2017-12-06T15:00:25","date_gmt":"2017-12-06T23:00:25","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=82984"},"modified":"2025-06-01T20:06:37","modified_gmt":"2025-06-02T03:06:37","slug":"emotet-downloader-trojan-returns-in-force","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/","title":{"rendered":"Emotet Downloader Trojan Returns in Force"},"content":{"rendered":"<p>During the past couple of days, we have seen an increase in activity from <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/emotet-trojan-acts-as-loader-spreads-automatically\/\" target=\"_blank\" rel=\"noopener\">Emotet.<\/a> This Trojan downloader spreads by emails that lure victims into downloading a Word document, which contains macros that after executing employ PowerShell to download a malicious payload.<\/p>\n<p>We have observed Emotet downloading a variety of payloads, including ransomware, Dridex, Trickbot, Pinkslipbot, and other banking Trojans.<\/p>\n<p>During a wave of attacks in early December we discovered a campaign spreading the ransomware family HydraCrypt. The sample we received had a compilation date of December 5.<\/p>\n<p>The initial Word documents were downloaded from a number of URLs; some examples follow:<\/p>\n<ul>\n<li>hxxp:\/\/URL\/DOC\/Invoice\/<\/li>\n<li>hxxp:\/\/URL\/scan\/New-invoice-[Number]\/<\/li>\n<li>hxxp:\/\/URL \/scan\/New-invoice- Number]\/<\/li>\n<li>hxxp:\/\/URL \/LLC\/New-invoice- Number]\/<\/li>\n<\/ul>\n<p>The document topics are crafted to entice users to open them because they appear to impact our finances or official documentation.<\/p>\n<ul>\n<li>Invoice<\/li>\n<li>Paypal<\/li>\n<li>Rechnung (with or without a number)<\/li>\n<li>Dokumente vom Notar<\/li>\n<\/ul>\n<p>The documents have typical characteristics used by Emotet attackers. When a user opens the document, it claims the file is protected and asks the victim to enable the content, which launches the code hidden in the macros.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-82987 size-large\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png\" alt=\"\" width=\"1024\" height=\"401\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-300x118.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-768x301.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1.png 1056w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p>In analyzing the macros, we see heavily obfuscated code to make detection difficult and cover up the real purpose of the document:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-82988 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-2.png\" alt=\"\" width=\"1366\" height=\"482\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-2.png 1366w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-2-300x106.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-2-768x271.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-2-1024x361.png 1024w\" sizes=\"auto, (max-width: 1366px) 100vw, 1366px\" \/><\/a><\/p>\n<p>The macro code uses a mix of command, wmic, and PowerShell to copy itself to disk, create a service, and contact its control server for a download URL.<\/p>\n<p>Emotet collects information about the victim\u2019s computer, for example running processes, and sends encrypted data to the control server using a POST request:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-82989 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-3.png\" alt=\"\" width=\"1748\" height=\"464\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-3.png 1748w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-3-300x80.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-3-768x204.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-3-1024x272.png 1024w\" sizes=\"auto, (max-width: 1748px) 100vw, 1748px\" \/><\/a><\/p>\n<p>The specific user-agent strings used in these requests:<\/p>\n<ul>\n<li>Mozilla\/4.0(compatible;MSIE7.0;WindowsNT6.1;Trident\/4.0;SLCC2;.NETCLR2.0.50727;<br \/>\n.NETCLR3.5.30729;.NETCLR3.0.30729;MediaCenterPC6.0;.NET4.0C;.NET4.0E)<\/li>\n<li>Mozilla\/4.0(compatible;MSIE7.0;WindowsNT6.1;Trident\/4.0;SLCC2;.NETCLR2.0.50727;<br \/>\n.NETCLR3.5.30729;.NETCLR3.0.30729;MediaCenterPC6.0;InfoPath.3)<\/li>\n<li>Mozilla\/5.0(WindowsNT6.1;WOW64;rv:39.0)Gecko\/20100101Firefox\/38.0\u2022Mozilla\/5.0<br \/>\n(compatible;MSIE8.0;WindowsNT5.1;SLCC1;.NETCLR1.1.4322)<\/li>\n<\/ul>\n<p>The payload samples are downloaded to %Windir%\\System32 using a random name, either in GUID format or a five-digit random name.<\/p>\n<p>The control servers and URLs hosting the malicious documents are covered within McAfee Global Threat Intelligence, with which we provide coverage for the samples detected. The McAfee Advanced Threat Research team proactively monitors any new developments regarding Emotet.<\/p>\n<h2><strong>Detection<\/strong><\/h2>\n<p>The new variants of Emotet are detected by McAfee DAT files as Emotet-FEJ!&lt;Partial Hash&gt; since December 3. Real Protection technology within McAfee Endpoint Security Adaptive Threat Protection provides zero-day detection of these new variants as Real Protect-SS!&lt;Partial Hash&gt;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>During the past couple of days, we have seen an increase in activity from Emotet. This Trojan downloader spreads by&#8230;<\/p>\n","protected":false},"author":653,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[76,4452,338,180,5124],"coauthors":[3576],"class_list":["post-82984","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybercrime","tag-cybersecurity","tag-endpoint-protection","tag-malware","tag-trojan"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Emotet Downloader Trojan Returns in Force<\/title>\n<meta name=\"description\" content=\"During the past couple of days, we have seen an increase in activity from Emotet, a Trojan downloader which spreads by email.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emotet Downloader Trojan Returns in Force\" \/>\n<meta property=\"og:description\" content=\"During the past couple of days, we have seen an increase in activity from Emotet, a Trojan downloader which spreads by email.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-06T23:00:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-02T03:06:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1056\" \/>\n\t<meta property=\"og:image:height\" content=\"414\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christiaan Beek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChristiaanBeek\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christiaan Beek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/\"},\"author\":{\"name\":\"Christiaan Beek\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\"},\"headline\":\"Emotet Downloader Trojan Returns in Force\",\"datePublished\":\"2017-12-06T23:00:25+00:00\",\"dateModified\":\"2025-06-02T03:06:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/\"},\"wordCount\":417,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png\",\"keywords\":[\"cybercrime\",\"cybersecurity\",\"endpoint protection\",\"malware\",\"trojan\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/\",\"name\":\"Emotet Downloader Trojan Returns in Force\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png\",\"datePublished\":\"2017-12-06T23:00:25+00:00\",\"dateModified\":\"2025-06-02T03:06:37+00:00\",\"description\":\"During the past couple of days, we have seen an increase in activity from Emotet, a Trojan downloader which spreads by email.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Emotet Downloader Trojan Returns in Force\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\",\"name\":\"Christiaan Beek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"caption\":\"Christiaan Beek\"},\"description\":\"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \\\"Hacking Exposed\\\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christiaanbeek\/\",\"https:\/\/x.com\/ChristiaanBeek\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emotet Downloader Trojan Returns in Force","description":"During the past couple of days, we have seen an increase in activity from Emotet, a Trojan downloader which spreads by email.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Emotet Downloader Trojan Returns in Force","og_description":"During the past couple of days, we have seen an increase in activity from Emotet, a Trojan downloader which spreads by email.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-12-06T23:00:25+00:00","article_modified_time":"2025-06-02T03:06:37+00:00","og_image":[{"width":1056,"height":414,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1.png","type":"image\/png"}],"author":"Christiaan Beek","twitter_card":"summary_large_image","twitter_creator":"@ChristiaanBeek","twitter_site":"@McAfee","twitter_misc":{"Written by":"Christiaan Beek","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/"},"author":{"name":"Christiaan Beek","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79"},"headline":"Emotet Downloader Trojan Returns in Force","datePublished":"2017-12-06T23:00:25+00:00","dateModified":"2025-06-02T03:06:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/"},"wordCount":417,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png","keywords":["cybercrime","cybersecurity","endpoint protection","malware","trojan"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/","name":"Emotet Downloader Trojan Returns in Force","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png","datePublished":"2017-12-06T23:00:25+00:00","dateModified":"2025-06-02T03:06:37+00:00","description":"During the past couple of days, we have seen an increase in activity from Emotet, a Trojan downloader which spreads by email.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/12\/20171206-Emotet-1-1024x401.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/emotet-downloader-trojan-returns-in-force\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Emotet Downloader Trojan Returns in Force"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79","name":"Christiaan Beek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","caption":"Christiaan Beek"},"description":"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \"Hacking Exposed\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.","sameAs":["https:\/\/www.linkedin.com\/in\/christiaanbeek\/","https:\/\/x.com\/ChristiaanBeek"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=82984"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82984\/revisions"}],"predecessor-version":[{"id":214753,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/82984\/revisions\/214753"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=82984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=82984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=82984"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=82984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}