Mirrors/cert-orangecyberdefense-cti
1
0
Fork 0
mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-08 14:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update readme.md

Browse Source
This commit is contained in:
Mar-Pic
2025-03-14 09:47:22 +01:00
committed by GitHub
parent 34ec8ee5f1
commit 5389d24e61
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
emmenhtal/readme.md
+1
View File
@@ -2,6 +2,7 @@ Emmenhtal is a malicious loader likely distributed since early 2024, and first p
Emmenhtal is an obfuscated multistage payload that spawns an execution of the LOLBIN mshta.exe to read a first HTA stage that embeds a malicious JavaScript code. Once interpreted and executed, the JavaScript decodes and runs a PowerShell script. The latter decrypts an obfuscated PowerShell loader which finally downloads and runs final-stage stealers and commodity RATs.
Blogpost URL: https://www.orangecyberdefense.com/no/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide
World Watch advisory (for our clients): https://portal.cert.orangecyberdefense.com/worldwatch/advisory/1778
As of March 2025, our CERT has identified three versions of the loader, all actively distributed.