In January 2023, French newspaper Le Monde offered SEKOIA.IO to cooperate on investigating exfiltrated Russian-written documents related to the Moscow-based private company Vulkan.
In this blogpost you will find the results of a survey conducted by our analysts on two Command and Control servers (C2s) of the North Korea-nexus intrusion set Reaper (aka APT37). This investigation led...
Because collecting data from endpoints can sometimes be a pain (to say the least), SEKOIA.IO provides its own agent allowing to collect all relevant logs, from your workstations and servers, with a minimal configuration overhead. It is currently...
This blogpost is a technical analysis of Stealc infostealer, detailing different characteristics of the malware, including anti analysis, strings de-obfuscation and C2 communication techniques.
As the ongoing Russo-Ukrainian conflict started on 24 February 2022 is about to mark its first year anniversary, SEKOIA.IO analysts share their analysis pertaining to the cyber picture. This report does not list all...
This blogpost aims at presenting the activities of the Stealc’s alleged developer, a technical analysis of the malware and its C2 communications, and how to track it.
This blogpost aims at analysing and highlighting trends within the ransomware ecosystem in the second half of 2022
Throughout 2022, SEKOIA.IO's Threat & Detection Research (TDR) team continued to proactively track and monitor the Command & Control (C2) infrastructures set up and used by cybercriminal or state sponsored intrusion sets to carry...
As many botnets and worms, SEKOIA.IO analysts demonstrate through this article that Raspberry Robin can be repurposed by other threat actors to deploy their own implants.
This blogpost aims at presenting the current infection chain, payloads and the whole infrastructure used to distribute infostealers