Orange Cyberdefense CERT
@ocd-cert.bsky.social
The CERT Orange Cyberdefense brings together experts on Cyber Threat Intelligence (CTI), Cybercrime Monitoring (MCM), Vulnerability Operation Center (VOC) and digital forensics and incident responders (CSIRT).
https://www.orangecyberdefense.com/
https://www.orangecyberdefense.com/
🔎Our CERT is releasing a new technical report on 🇰🇵Operation #DreamJob, focusing on recent evolution in its tooling.
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
November 20, 2025 at 2:37 PM
🔎Our CERT is releasing a new technical report on 🇰🇵Operation #DreamJob, focusing on recent evolution in its tooling.
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
During our analysis, we noticed a surprising line, likely written by threat actors to prevent AI-powered file scanning
This is actually the first time we observed such an attempt, even though we found it to be unsuccessful with GPT-4o.
This is actually the first time we observed such an attempt, even though we found it to be unsuccessful with GPT-4o.
March 17, 2025 at 3:56 PM
During our analysis, we noticed a surprising line, likely written by threat actors to prevent AI-powered file scanning
This is actually the first time we observed such an attempt, even though we found it to be unsuccessful with GPT-4o.
This is actually the first time we observed such an attempt, even though we found it to be unsuccessful with GPT-4o.
🆕New version of #Emmenhtal loader actively distributed worldwide since early March, leading to #Lumma or #Rhadamanthys stealers.
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
March 17, 2025 at 3:56 PM
🆕New version of #Emmenhtal loader actively distributed worldwide since early March, leading to #Lumma or #Rhadamanthys stealers.
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
🆕New version of our #ransomware mapping is out on our GitHub!
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel
March 5, 2025 at 4:32 PM
🆕New version of our #ransomware mapping is out on our GitHub!
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel
➡️https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel