Mirrors/cert-orangecyberdefense-cti
1
0
Fork 0
mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-08 14:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
44 Commits 1 Branch 0 Tags
414ef42617e993f74ae8d5547a62bac12243a6cf
Commit Graph

44 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mar-Pic 414ef42617 Create iocs 2025-06-05 15:10:57 +02:00
Mar-Pic bbf344d112 Rename yara emmenhtal to yara emmenhtalv1 2025-03-14 10:13:45 +01:00
Mar-Pic 6d1c7d8400 Rename iocs (November 2024) to iocs (November 2024) - Emmenhtalv1 2025-03-14 10:13:23 +01:00
Mar-Pic dfce5051e3 Rename iocs (August 2024) - Emmenhtal v1 to iocs (August 2024) - Emmenhtalv1 2025-03-14 10:13:10 +01:00
Mar-Pic ddf42a11f4 Rename iocs (August 2024) to iocs (August 2024) - Emmenhtal v1 2025-03-14 10:12:51 +01:00
Mar-Pic 5389d24e61 Update readme.md 2025-03-14 09:47:22 +01:00
Mar-Pic 34ec8ee5f1 Update readme.md 2025-03-14 09:47:12 +01:00
Mar-Pic 0644a91e53 Update readme.md 2025-03-14 09:46:28 +01:00
Mar-Pic 1a033e0ee8 Update readme.md 2025-03-14 09:45:02 +01:00
Mar-Pic e5183bf0ef edit 2025-03-14 09:44:34 +01:00
Mar-Pic 1ef551e258 Create readme 2025-03-14 09:43:24 +01:00
Mar-Pic 2825aeefeb Create yara emmenhtalv3 2025-03-14 09:09:43 +01:00
CERT Orange Cyberdefense 60cf82992f history typo 2025-03-13 17:04:13 +01:00
Mar-Pic fc54b3d94e Create iocs (March 2025) - Emmenhtalv3 2025-03-12 18:24:32 +01:00
SVernin 234a8b6bfb Smartloader IoCs 2025-03-12 11:26:22 +01:00
Mar-Pic fd3756972e Create iocs 2025-03-11 16:49:02 +01:00
Mar-Pic 1d2f974c80 Update iocs 2025-02-26 11:05:40 +01:00
Mar-Pic bad1111d3b Update readme 2025-02-25 16:38:36 +01:00
Mar-Pic 7beca67ec7 Create iocs 2025-02-25 16:30:24 +01:00
Mar-Pic af4e71a652 Update yara 2025-02-25 16:18:01 +01:00
Mar-Pic ba48cb8a6d Update readme 2025-02-25 15:56:07 +01:00
Mar-Pic c88357aee8 Update readme 2025-02-25 15:54:57 +01:00
CERT Orange Cyberdefense 67420d4961 Create readme 
blue_stylthon IOCs
 2025-02-21 11:00:08 +01:00
Mar-Pic 991af23e7f Create yara 2025-02-18 16:02:06 +01:00
Mar-Pic 2852c6b441 Create iocs 2025-02-18 16:01:49 +01:00
Mar-Pic 2b8e6840fc Create yara 2025-02-18 16:01:08 +01:00
Mar-Pic 304b300649 Create iocs 2025-02-18 16:00:51 +01:00
Mar-Pic 8d64efe406 Create proxy_download_susp_lnk_webdav_user_agent.yml 2025-02-18 15:59:32 +01:00
Mar-Pic 9754be959c Create proc_creation_win_rundll32_webdav_client_execution_lnk.yml 2025-02-18 15:59:14 +01:00
Mar-Pic b886097035 Create proc_creation_win_powershell_aes_decrypt.yml 2025-02-18 15:58:54 +01:00
Mar-Pic 86de9de4ab Create yara emmenhtal 2025-02-18 15:58:19 +01:00
Mar-Pic f8653616ec Create yara emmenhtalv2 2025-02-18 15:58:00 +01:00
Mar-Pic 55f4a45dec Create iocs (December 2024) - Emmenhtalv2 2025-02-18 15:57:23 +01:00
Mar-Pic b9bcc63bb6 Create iocs (November 2024) 2025-02-18 15:57:05 +01:00
Mar-Pic 5bd68e727f Update and rename iocs to iocs (August 2024) 2025-02-18 15:56:43 +01:00
Mar-Pic d1188bc0fd Create yara 2025-02-18 15:55:48 +01:00
Mar-Pic 99c310891f Create iocs 2025-02-18 15:55:28 +01:00
Mar-Pic 27c603e792 Create iocs 2025-02-18 15:54:44 +01:00
CERT Orange CyberDefense bba9de6d0c Create readme 
Green Nailao investigation, IOCs and Yara
 2025-02-18 14:25:33 +01:00
CERT Orange CyberDefense 98185b7c7f Create readme 
MintsLoader IOCs
 2025-02-18 14:12:54 +01:00
CERT Orange CyberDefense 741575c058 Create readme 
Uncovering R0BL0CH0N TDS: An affiliate marketing scam
 2025-02-18 14:11:54 +01:00
CERT Orange CyberDefense e9b6f36b3d Create readme.md 
Edam investigaiton and IOCs
 2025-02-18 14:10:20 +01:00
CERT Orange CyberDefense 6317971110 Create README.md 2025-02-18 14:08:40 +01:00
CERT Orange CyberDefense 2515e7e1c3 Emmenhtal investigation and IOCs 
In May and June 2024, our Managed Threat Detection (CyberSOC) team encountered a malicious campaign impacting two of our clients in France. The infection chain used by the threat actors typically leveraged fake videos – such as recent TV series episodes – to ultimately download CryptBot and Lumma stealer payloads.

On July 31st, we identified a new ongoing iteration of this campaign, targeting organizations globally, which likely started around mid-July. Upon analysis, we identified a recurring piece of malware encompassing several malicious HTA, JavaScript, and PowerShell stages designed to drop additional payloads. Tracked internally as Emmenhtal, we assess this loader is highly likely used by multiple financially motivated threat actors since at least February 2024 to deploy commodity RATs and infostealers.

Full report: https://www.orangecyberdefense.com/global/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide
 2025-02-18 14:06:23 +01:00