US CERT, SANS Internet Storm center, and other security firms are sharing awareness of increased malicious spam (malspam) featuring Emotet malware. As noted in these warnings, Emotet continues to evolve with new capabilities:

https://www.us-cert.gov/ncas/alerts/TA18-201A

https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/

Overview Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans.  Emotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.

Description — Emotet is a polymorphic banking Trojan that can evade typical signature-based detection. It has several methods for maintaining persistence, including auto-start registry keys and services. It uses modular Dynamic Link Libraries (DLLs) to continuously evolve and update its capabilities. Furthermore, Emotet is Virtual Machine-aware and can generate false indicators if run in a virtual environment.

Emotet is disseminated through malspam (emails containing malicious attachments or links) that uses branding familiar to the recipient; it has even been spread using the MS-ISAC name. As of July 2018, the most recent campaigns imitate PayPal receipts, shipping notifications, or “past-due” invoices purportedly from MS-ISAC. Initial infection occurs when a user opens or clicks the malicious download link, PDF, or macro-enabled Microsoft Word document included in the malspam. Once downloaded, Emotet establishes persistence and attempts to propagate the local networks through incorporated spreader modules.