The difference here is that Emotet is now hiding the IP addresses in Hexadecimal and Octal formats to avoid pattern detection systems. Most operating systems will happily convert these back to dotted decimal format for easy connection.
Going into a little more detail than above Emotet leverages the older Excel 4.0 Macro system because it is easier to set up and has less controls in place to prevent abuse. By utilizing this and the Auto_Open function they get the macro to execute as soon as the document is opened by the target. Now, in most cases Excel will alert the user that the spreadsheet was created in an older version of Excel and ask the target to enable macros to view the content.
Once the user does this it enables the 4.0 Macro functions, and the embedded code can execute. The command string and URL that is part of the command is obfuscated via carets (i.e., h^tt^p^:/^/^
This evolution has also come with what appears to be a new selectivity in targets. The possibility that the attackers are identifying where they need to use this level of obfuscation and/or gathering intel on their intended targets is a bit new for this campaign, but not for attacks in general.
Security teams will need to alter their response to these new changes, if they are relying on pattern detection. They can expand that to look for non-standard commands or the use of hexadecimal and octal formats. These should then be treated as suspicious and potentially linked to attacker activity. It is also highly advised to completely disable Excel 4.0 Macros in your environment.