Max_Malyutin on Twitter: "#Emotet is back after a few days, new TTPs 🚨 Excel MalDoc with protected VBA macro VBS dropped to %ProgramData% PowerShell encoded command [-split and .replace] Regsvr32 instated of rundll32 exec: regsvr32.exe /s c:\programdata\[Random].dll C2: 175.107.196[.]192 Port 80 https://t.co/rwsBzRGp7E" / Twitter
https://twitter.com/Max_Mal_/status/1496186689374638088