Recently Minerva prevented a new wave of Emotet attacks, a special Christmas-themed campaign. The Emotet Grinch infection starts with an email containing a link to a malicious document named Your Holidays eCard.doc The document lures the victim to enable the embedded malicious macro: Your Holidays. The macro executes the next stage of the attack: the macro executes cmd.exe with the following string as its argument: The script includes some dummy lines, hiding the string powershell in multiple variables, carefully assembling it.”]
Source: https://blog.minerva-labs.com/the-emotet-grinch-is-back