cert-orangecyberdefense-cti

mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-08 14:45:26 +00:00

Author	SHA1	Message	Date
Mar-Pic	d1188bc0fd	Create yara	2025-02-18 15:55:48 +01:00
Mar-Pic	99c310891f	Create iocs	2025-02-18 15:55:28 +01:00
Mar-Pic	27c603e792	Create iocs	2025-02-18 15:54:44 +01:00
CERT Orange CyberDefense	bba9de6d0c	Create readme Green Nailao investigation, IOCs and Yara	2025-02-18 14:25:33 +01:00
CERT Orange CyberDefense	98185b7c7f	Create readme MintsLoader IOCs	2025-02-18 14:12:54 +01:00
CERT Orange CyberDefense	741575c058	Create readme Uncovering R0BL0CH0N TDS: An affiliate marketing scam	2025-02-18 14:11:54 +01:00
CERT Orange CyberDefense	e9b6f36b3d	Create readme.md Edam investigaiton and IOCs	2025-02-18 14:10:20 +01:00
CERT Orange CyberDefense	6317971110	Create README.md	2025-02-18 14:08:40 +01:00
CERT Orange CyberDefense	2515e7e1c3	Emmenhtal investigation and IOCs In May and June 2024, our Managed Threat Detection (CyberSOC) team encountered a malicious campaign impacting two of our clients in France. The infection chain used by the threat actors typically leveraged fake videos – such as recent TV series episodes – to ultimately download CryptBot and Lumma stealer payloads. On July 31st, we identified a new ongoing iteration of this campaign, targeting organizations globally, which likely started around mid-July. Upon analysis, we identified a recurring piece of malware encompassing several malicious HTA, JavaScript, and PowerShell stages designed to drop additional payloads. Tracked internally as Emmenhtal, we assess this loader is highly likely used by multiple financially motivated threat actors since at least February 2024 to deploy commodity RATs and infostealers. Full report: https://www.orangecyberdefense.com/global/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide	2025-02-18 14:06:23 +01:00

9 Commits