In TruSTAR we see that Emotet has been on the rise, particularly over the last two weeks. Also, because of crossover with Dridex C&C servers, we're seeing an increase in Dridex activity as well.
Another piece of malware to be on the lookout for is Mylobot. Mylobot is a highly sophisticated botnet that was mentioned this summer but has picked up in activity.
There is also a resurgence in Globeimposter activity and a new malware on the scene called Darkgate. Darkgate is cryptocurrency miner and ransomware campaign.