Mirrors/cert-orangecyberdefense-cti
1
0
Fork 0
mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-08 14:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update readme.md

Browse Source
This commit is contained in:
Mar-Pic
2025-03-14 09:46:28 +01:00
committed by GitHub
parent 1a033e0ee8
commit 0644a91e53
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
emmenhtal/readme.md
+2 -2
View File
@@ -18,9 +18,9 @@ Emmenhtalv2 has been mainly distributed through fake CAPTCHAs and “ClickFix”
Emmenhtal v3
Emmenhtal v3 surfaced in early March 2025, with many changes added to the HTA, JS and last Powershell stages.
Emmenhtal v3 surfaced in early March 2025, with many changes added to the HTA, JS and last Powershell stages, including new mouse movements speed check.
Current infection chains seem to leverage either fake CAPTCHAs verification on a compromised or malicious website leading to .mp4 files, or trojanized .mp3 files masquerading as songs and likely downloaded from file sharing platform MediaFire.
Most of these chains includes a new intermediary stage (a Powershell with AMSI bypass feature which loads a .NET stage) in charge of delivering stealers.
Most of these chains includes a new intermediary stage (a Powershell with AMSI bypass feature which loads in memory a .NET stage) in charge of delivering stealers.