Emotet Surges in Japan

Cybereason's tracking of Emotet malware in the first quarter of 2022, has identified a surge of Emotet activity against Japanese organizations. Emotet's distribution has been identified through malicious Excel documents that downloads the malware upon execution. The malware uses regsvr32 to execute a malicious DLL file however it also uses a .ocx file extension. Events following, involve the malware establishing persistence in the registry and conducting reconnaissance activity. Cybereason noticed Emotet in it's current attacks has not utilized PowerShell for deployment.