A malspam campaign involving Emotet saw a resurgence after five months of laying low, Malwarebytes detected on Friday, July 17. This operation used the well-known method of sending attack emails as a reply within an existing email thread. From there, the emails invited the recipient to open an attachment. The attachment opened a Microsoft Word document that informed the user of the need to enable content content. The user inadvertently enabled a heavily-obfuscated macro embedded within the document. That macro then proceeded to call Windows Management Instrumentation (WMI), which in turn launched.”]
Source: https://securityintelligence.com/news/emotet-malware-returns/