ISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942, (Fri, May 22nd)

A new variant of the 'Emotet' malware has been spotted in the wild, targeting Windows systems via phishing emails with malicious attachments. The malware is known to spread through exploitation of unpatched vulnerabilities in Microsoft Office. Affected users are advised to update their software and be cautious of suspicious emails.

1. Emotet malware spreads via phishing emails with malicious Microsoft Office attachments.
2. Exploits unpatched vulnerabilities in Microsoft Office, specifically CVE-2021-40444.
3. Uses Windows Management Instrumentation (WMI) to persist on compromised systems.
4. Detection opportunity: suspicious email attachments and registry modifications related to WMI.

T1566.001 Spearphishing Attachment

Emotet malware, 9f4a5d4e5f6g7h8i9j0k, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WMI

Update Microsoft Office to the latest version and be cautious of suspicious emails with attachments. Implement email filtering and attachment scanning to prevent malware delivery.