Many organisations across Australia have been targeted with the Emotet trojan in recent weeks. While originally a banking trojan targeting online transactions, Emotet has become a virtual swiss army knife able to perform a range of malicious activities. From stealing data, launching new attacks, moving laterally within victim domains, dropping ransomware, Emotet has demonstrated the rapid evolution of malware over the last few years. Phishing is its main delivery technique but sadly many email security gateway tools have proven ineffective. Emotet also displays clever persistence and anti-detection properties making it hard to find and eradicate. File-less and polymorphic trojans like Emotet can evade many traditional anti-virus tools, meaning non-signature based tools are now a must.