Over a period of just five years, Emotet has managed to evolve into one of the most notorious cyber threats in existence – one that causes incidents that cost up to $1 million dollars to rectify, according to US-CERT. We recently reported about Emotet’s activities as well as its two infrastructure setups. This follow-up blog post focuses on Emotet’s multilayer operating mechanisms, which is one of the malware’s noteworthy features mentioned in the first blog. More extensive insight on the way this modular malware operates — as well as a discussion of the possibility that Emotet is tied to Russian-speaking actors — can be found in our research paper “Exploring Emotet’s Activities.”