ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)

A new variant of the Emotet malware is being distributed via phishing emails, targeting Windows systems with vulnerabilities in Microsoft Office and Windows. Affected users are at risk of data theft and ransomware attacks. The attack vector is via malicious attachments and links.

1. Emotet malware is being distributed via phishing emails with malicious Microsoft Office attachments and links.
2. The malware targets Windows systems with vulnerabilities in Microsoft Office and Windows, specifically affecting versions prior to Windows 10 and Microsoft Office 2016.
3. The attack chain involves the delivery of the malware via phishing emails, followed by the installation of the Emotet malware, which then establishes persistence on the compromised system.
4. Detection opportunities include monitoring for suspicious email attachments and links, as well as looking for signs of Emotet malware activity, such as registry modifications and network connections to suspicious domains.

T1566.001 Spearphishing Attachment, T1204 User Execution

Emotet malware, phishing emails with malicious Microsoft Office attachments and links, suspicious registry keys, registry key: HKCU\Software\Emotet

Apply the latest security patches for Microsoft Office and Windows, and configure email filters to block suspicious attachments and links.