mirror of
https://github.com/cert-orangecyberdefense/cti
synced 2026-06-08 22:47:22 +00:00
CERT Orange CyberDefense
2515e7e1c3
In May and June 2024, our Managed Threat Detection (CyberSOC) team encountered a malicious campaign impacting two of our clients in France. The infection chain used by the threat actors typically leveraged fake videos – such as recent TV series episodes – to ultimately download CryptBot and Lumma stealer payloads. On July 31st, we identified a new ongoing iteration of this campaign, targeting organizations globally, which likely started around mid-July. Upon analysis, we identified a recurring piece of malware encompassing several malicious HTA, JavaScript, and PowerShell stages designed to drop additional payloads. Tracked internally as Emmenhtal, we assess this loader is highly likely used by multiple financially motivated threat actors since at least February 2024 to deploy commodity RATs and infostealers. Full report: https://www.orangecyberdefense.com/global/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide
2 lines
1 B
Plaintext
2 lines
1 B
Plaintext
|