Discovered by Trend Micro in 2014, the banking Trojan Emotethas been brought back to life by malware authors last year with its own spamming module that has allowed it to spread, target new industries and regions, and evade sandbox and malware analysis techniques. This year, we examined Emotet’s activities to learn more about how this modular malware wreaks havoc: We did a comprehensive research on Emotet’s artifacts — 8,528 unique URLs, 5,849 document droppers, and 571 executables collected between June 1, 2018 and September 15, 2018 — to discover Emotet’s infrastructure as well as possible attribution information.