Pierre Le Bourhis

The Sharp Taste of Mimo'lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS Analysis of the CVE-2025-32432 compromise chain by Mimo: exploitation, loader, crypto miner, proxyware, and detection opportunities.

Sekoia has identified Mimo, a threat actor that exploits a recently patched Craft CMS zero-day to deploy its own loader, cryptominers, and residential proxyware on hacked websites

The operators appear to be based in the Middle East

blog.sekoia.io/the-sharp-ta...

27.05.2025 16:32 — 👍 3    🔁 2    💬 1    📌 0

#ClearFake variant is now spreading #Rhadamanthys Stealer via #Emmenhtal Loader.

cc @plebourhis.bsky.social @sekoia.io

1. ClearFake framework is injected on compromised WordPress and relies on EtherHiding

2. The #ClickFix lure uses a fake Cloudflare Turnstile with unusual web traffic

⬇️

06.03.2025 10:50 — 👍 3    🔁 2    💬 2    📌 0

Image of disassembly showing a new macOS backdoor using the deprecated CLI tool 'SetFile'.

This #macOS backdoor uses /usr/bin/SetFile to hide itself in the Finder. SetFile was deprecated in Xcode 6 (that's 2014 to humans)...not sure why it makes sense to declare smth 'deprecated' then leave it in the OS for 10+ years. 🤷‍♂️ #apple #malware
SHA1: 609088c54b99432aab212f35cfe74030b52f0320

20.01.2025 15:53 — 👍 24    🔁 8    💬 2    📌 0

Happy YARA Christmas! Discover daily YARA usage at Sekoia.io TDR. Learn how YARA rules identify threats and aid in investigations and DFIR engagements.

Happy Yara Xmas ! ⤵️

blog.sekoia.io/happy-yara-c...

19.12.2024 09:01 — 👍 10    🔁 3    💬 0    📌 3

Proud to share an insightful article on ransomware-driven data exfiltration techniques, written by my colleagues at Sekoia.io! 👏🔐

28.11.2024 08:14 — 👍 4    🔁 0    💬 0    📌 0