Emotet, one of the most active recent malspam campaigns has launched a new malicious document which pretends to be a message from windows update, as reported by Bleeping Computer.

The document launches a PowerShell process which will try to connect to one of its hardcoded C&C servers to download an additional payload.

Without any prior knowledge of this malware, Minerva Armor blocks the malicious payload with our Macro Protection module, thus preventing the Emotet loader from even being downloaded to disk



bc7fdd41e05d0a99d8a4b6d1e54b14df58107e6adcbb037566e7a3a51b436479 (doc