World Watch OCD
@ocdworldwatch.bsky.social
World Watch CTI team from Orange Cyberdefense
https://www.orangecyberdefense.com/global/offering/managed-services/threat-and-risk-management/world-watch
https://www.orangecyberdefense.com/global/offering/managed-services/threat-and-risk-management/world-watch
☣ The main lure deploys a full Python environment and runs a Python script responsible for fetching the next stage from a remote C2. Then it opens a decoy file in Word. C2 are now inactive but have been tied to Pure malware family.
September 23, 2025 at 9:38 AM
☣ The main lure deploys a full Python environment and runs a Python script responsible for fetching the next stage from a remote C2. Then it opens a decoy file in Word. C2 are now inactive but have been tied to Pure malware family.
Written in C++, #NailaoLocker is relatively unsophisticated and poorly designed. The ransomware uses the “.locked” extension. It is loaded through DLL search-order hijacking.
February 20, 2025 at 8:16 AM
Written in C++, #NailaoLocker is relatively unsophisticated and poorly designed. The ransomware uses the “.locked” extension. It is loaded through DLL search-order hijacking.