World Watch OCD
@ocdworldwatch.bsky.social
World Watch CTI team from Orange Cyberdefense
https://www.orangecyberdefense.com/global/offering/managed-services/threat-and-risk-management/world-watch
https://www.orangecyberdefense.com/global/offering/managed-services/threat-and-risk-management/world-watch
🎣🧀 Since early September 2025, the Orange Cyberdefense CSIRT and CyberSOC teams have detected phishing campaigns impersonating Meta, AppSheet and Paypal, leading to malware delivery. Our team tracks this activity under the alias "Metappenzeller".
#CTI #ThreatIntel #Metappenzeller #phishing
#CTI #ThreatIntel #Metappenzeller #phishing
September 23, 2025 at 9:38 AM
🎣🧀 Since early September 2025, the Orange Cyberdefense CSIRT and CyberSOC teams have detected phishing campaigns impersonating Meta, AppSheet and Paypal, leading to malware delivery. Our team tracks this activity under the alias "Metappenzeller".
#CTI #ThreatIntel #Metappenzeller #phishing
#CTI #ThreatIntel #Metappenzeller #phishing
🧀 Update on MintsLoader: a thread 🔽
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
July 3, 2025 at 7:43 AM
🧀 Update on MintsLoader: a thread 🔽
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader
🆕We publish today the result of a deep-dive investigation into a malicious campaign leveraging #ShadowPad and #PlugX to distribute a previously-undocumented ransomware, dubbed #NailaoLocker.
This campaign targeted 🇪🇺 organizations during S2 2024 and is tied to Chinese TA 🇨🇳.
This campaign targeted 🇪🇺 organizations during S2 2024 and is tied to Chinese TA 🇨🇳.
February 20, 2025 at 8:16 AM
🆕We publish today the result of a deep-dive investigation into a malicious campaign leveraging #ShadowPad and #PlugX to distribute a previously-undocumented ransomware, dubbed #NailaoLocker.
This campaign targeted 🇪🇺 organizations during S2 2024 and is tied to Chinese TA 🇨🇳.
This campaign targeted 🇪🇺 organizations during S2 2024 and is tied to Chinese TA 🇨🇳.
While monitoring recent #Emmenhtal iterations, we observed a distinct politically-aligned cluster 🇪🇺, strongly differing from usual financially motivated Emmenhtal distribs.
This cluster drops another malware we dubbed #Edam Dropper🧀
github.com/cert-orangec...
Targets: European #energy sector🔋
This cluster drops another malware we dubbed #Edam Dropper🧀
github.com/cert-orangec...
Targets: European #energy sector🔋
GitHub - cert-orangecyberdefense/edam: Edam dropper
Edam dropper. Contribute to cert-orangecyberdefense/edam development by creating an account on GitHub.
github.com
December 5, 2024 at 10:55 AM
While monitoring recent #Emmenhtal iterations, we observed a distinct politically-aligned cluster 🇪🇺, strongly differing from usual financially motivated Emmenhtal distribs.
This cluster drops another malware we dubbed #Edam Dropper🧀
github.com/cert-orangec...
Targets: European #energy sector🔋
This cluster drops another malware we dubbed #Edam Dropper🧀
github.com/cert-orangec...
Targets: European #energy sector🔋
📍For more than 8 months, our threat researchers from OCD
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...
Orange Cyberdefense CERT Threat Research: The hidden network map
research.cert.orangecyberdefense.com
November 25, 2024 at 10:59 AM
📍For more than 8 months, our threat researchers from OCD
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...
have worked on mapping China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here:
research.cert.orangecyberdefense.com/hidden-netwo...