From darkreading.com
Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.
In October, three surges of spam laden with the Emotet downloader worked to spread the malware to vulnerable users’ systems, starting a sequence that often results in a Ryuk ransomware infection or attempts to steal bank account credentials via the Trickbot banking Trojan.
On Oct. 30, with the completion of the third campaign, the group’s spamming died down and almost no subsequent traffic appeared. Until now.