From 5389d24e6184d47809c5e60b8a5517371eded460 Mon Sep 17 00:00:00 2001
From: Mar-Pic <marpic268@gmail.com>
Date: Fri, 14 Mar 2025 09:47:22 +0100
Subject: [PATCH] Update readme.md

---
 emmenhtal/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/emmenhtal/readme.md b/emmenhtal/readme.md
index c6aafc4..239198f 100644
--- a/emmenhtal/readme.md
+++ b/emmenhtal/readme.md
@@ -2,6 +2,7 @@ Emmenhtal is a malicious loader likely distributed since early 2024, and first p
 Emmenhtal is an obfuscated multistage payload that spawns an execution of the LOLBIN mshta.exe to read a first HTA stage that embeds a malicious JavaScript code. Once interpreted and executed, the JavaScript decodes and runs a PowerShell script. The latter decrypts an obfuscated PowerShell loader which finally downloads and runs final-stage stealers and commodity RATs.
 
 Blogpost URL: https://www.orangecyberdefense.com/no/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide
+
 World Watch advisory (for our clients): https://portal.cert.orangecyberdefense.com/worldwatch/advisory/1778
 
 As of March 2025, our CERT has identified three versions of the loader, all actively distributed.