* Emotet resumed spamming operations on March 7, 2023, after a months-long hiatus. * Initially leveraging heavily padded Microsoft Word documents to attempt to evade sandbox analysis and endpoint protection, the botnets switched to distributing malicious OneNote documents on March 16. * Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems. * The initial emails delivered to victims are consistent with what has been observed from Emotet over the past several years.