Threat Intelligence analyst @CERTCyberdef 🇫🇷 | GCTI | Virtual Routes
Joined October 2022
- Tweets 61
- Following 171
- Followers 1,239
- Likes 270
9 Photos and videos
Mar_Pich retweeted
Our CERT is releasing a new research into #UNC2465, a #ransomware affiliate actively distributing #Qilin across Europe🇪🇺.
A TLP:RED version of this research was presented during @Botconf 2026.
➡️orangecyberdefense.com/globa…
1
11
15
2,036
Mar_Pich retweeted
24 Nov 2025
Last week, our International CyberSOC team detected a wave of #phishing emails sent to several customers in Germany🇩🇪. Designed for Microsoft 365 credentials harvesting, the campaign relies on #bubbleapps subdomains spoofing company names.
1
5
12
2,145
Check out our latest report on a DPRK intrusion related to #OpDreamJob 🇰🇵!Shoutout to @_alexb___ for his reverse engineering and to the whole @CERTCyberdef team for their contributions! 🤗
20 Nov 2025
🔎Our CERT is releasing a new technical report on 🇰🇵Operation #DreamJob, focusing on recent evolution in its tooling.
Following an IR engagement at a large manufacturing client based in 🇪🇺, we investigated artefacts we attribute to #UNC2970.
➡️Full blog: ow.ly/V4mr50Xug1l
1
6
389
🆕 Just released a blogpost on a #Sorillus RAT campaign our @CERTCyberdef observed in March.
Likely 🇧🇷 threat actors, use of numerous tunneling services like ngrok[.]app, ngrok[.]dev, ngrok[.]pro, localto[.]net, ply[.]gg, campaign still active…
➡️ orangecyberdefense.com/globa…
1
3
7
1,569
Mar_Pich retweeted
27 May 2025
#CyCon2025 Workshop Day is underway! Today, we're diving into9️⃣dynamic sessions exploring the future of cyber conflict and defence. More photos: flic.kr/s/aHBqjCfJfS
2
9
1,545
Mar_Pich retweeted
29 May 2025
#CyCon2025 mission accomplished! 🎯 #VirtualRoutes workshop Ransomware : Crime, Conflict, and Cyber Defences is done. Thank you to the brilliant leads @Maxwsmeets, @gijsvloon, @Mar_Pich, @r0xanaradu & James Shires, everyone who joined us and @ccdcoe for having us!
2
4
403
Mar_Pich retweeted
9 May 2025
Everything ready for #PIVOTcon25 Day2! Quick morning ☕️ and we are prepared to listen to the top #ThreatIntel #ThreatResearch #CTI Let’s pivot ! 🤟
3
18
983
Mar_Pich retweeted
23 Apr 2025
💡Our colleagues from Orange Cyberdefense CyberSOC 🇩🇪 just published insights on several December 2024 intrusions leveraging #socialengineering tactics to distribute #DarkGate, #BlackBasta, as well as a custom credential harvester.
➡️orangecyberdefense.com/de/bl…
1
3
12
1,565
Happy to join the 2025-2026 @VirtualRoutes European Cybersecurity Fellowship 🇪🇺☺️
25 Mar 2025
👋Say hello to the 2025-2026 European Cybersecurity Fellows! 12 months, 15 fellows from 10 countries across Europe, one goal ⏩ To make it count. Learn more about the fellows: virtual-routes.org/initiativ…
1
5
377
Mar_Pich retweeted
14 Mar 2025
🆕New version of #Emmenhtal loader actively distributed worldwide since early March, leading to #Lumma or #Rhadamanthys stealers.
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
1
30
69
10,813
Mar_Pich retweeted
12 Mar 2025
🔎In recent campaigns, TAs create new #GitHub repositories populated with an AI-generated README and filled with fake backdated commits.
We also observed similar distributions via inactive repositories typically forked with a new release containing #SmartLoader ultimately added.
1
1
636
Mar_Pich retweeted
5 Mar 2025
🆕New version of our #ransomware mapping is out on our GitHub!
➡️github.com/cert-orangecyberd…
V28 (!) includes latest newcomers and recent ecosystem evolutions.🔍
As always, feedback is welcome!
#cti #threatintel #blackbasta #ransomhub #lockbit
3
130
318
32,348
Mar_Pich retweeted
26 Feb 2025
🧵/ Over the last months, our CyberSOC & CERT teams have been tracking a malicious cluster leveraging #WsgiDAV servers to distribute commodity #RATs, including in Europe🇪🇺.
⛓️Multistage infection chain: LNK>VBS>BAT>Powershell>ZIP>Python
We track this activity as Blue Stylthon🧀
2
28
78
7,395
👀2025 starting with a deep-dive investigation into a 🇨🇳campaign targeting 🇪🇺entities!
Extremely happy to share our new research, conducted with @_alexb___, on #NailaoLocker, a previously undocumented #ransomware.
Link to the full article: orangecyberdefense.com/globa…
1
2
10
907
This report is the result of a fruitful collaboration between teams inside @CERTCyberdef including our #DFIR team, @WorldWatch_OCD and our reverse engineers.
We also with discussed with @thehellu, who also published a great analysis on this campaign: trendmicro.com/fr_fr/researc…
1
3
135
The deployment of a ransomware stage after the use of traditional Chinese #cyberespionage tools like #shadowpad and #plugx is quite surprising. Our report include several hypotheses on the motivations of the threat actors, which overlap with a recent study from @symantec.
2
155
Mar_Pich retweeted
20 Dec 2024
New variant of #Emmenhtal loader actively distributed since early December and leading to #Lumma #DarkGate and/or #SectopRAT.
🚩#Emmenhtalv2 adopts new obfuscation features and is currently not well detected by AV solutions.
Initial access: fake CAPTCHA, #ClickFix, phishing.
2
8
14
2,234
Mar_Pich retweeted
5 Dec 2024
While monitoring recent #Emmenhtal iterations, we observed a distinct politically-aligned cluster 🇪🇺, strongly differing from usual financially motivated Emmenhtal distribs.
This cluster drops another malware we dubbed #Edam Dropper🧀
🔗 github.com/cert-orangecyberd…
1
11
26
2,771
Mar_Pich retweeted
20 Nov 2024
📍For more than 8 months, our threat researchers from @orangecyberdef have worked on mapping 🇨🇳 China's civil-military–industrial complex when it comes to #cyberespionage operations.
⛯ Consult our newly published deep-dive report and interactive map here: research.cert.orangecyberdef…
33
80
5,956
Mar_Pich retweeted
24 Oct 2024
Several weeks ago, our #CERT analysts @Mar_Pich @vhinderer and @_alexb___ investigated a malicious ongoing campaign targeting one of our client and leveraging a little documented multistage #loader we dubbed #MintsLoader🥬🧀.
github.com/cert-orangecyberd…
⬇️
2
13
19
3,347