This blog post on BlueFox Stealer is an extract of the “FLINT 2022-053 – BlueFox Stealer: a newcomer designed for traffers teams” report (SEKOIA.IO Flash Intelligence) sent to our clients on October 20, 2022. Table...

Introduction In this blogpost we present SEKOIA.IO’s process to create detection rules, which first requires explaining our detection workflow as well as understanding SEKOIA.IO XDR history and specificities.

Background Pay-Per-Install (PPI) is a malware service widely used in the cybercrime ecosystem that monetises the installation of malicious software. As generally observed, a malware operator provides a Pay-per-Install service operator with a payload,...

Traffers are threat actors playing a key role in the augmentation of the threat surface, and more generally in non-legitimate traffic generation. SEKOIA observed hundreds of advertisements aiming at recruiting traffers to distribute information...

This blog post on LuckyMouse is an extract of the “FLINT 2022-045 – LuckyMouse uses a backdoored Electron app to target MacOS” report (SEKOIA.IO Flash Intelligence) sent to our clients on August 10, 2022. Note:...

SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points: Ransomware victimology – recent evolutions A busy first half of the year – several newcomers in the...

This blog post on Roaming Mantis group is an extract of the “FLINT 2022-037 – Ongoing Roaming Mantis smishing campaign targeting France” report (SEKOIA.IO Flash Intelligence) sent to our clients on July 07, 2022. Summary...

This blog post on Vice Society ransomware group was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 29, 2022. What is Vice Society? Vice Society is a little-known double...

Raccoon Stealer was one of the most prolific information stealers in 2021, being used by multiple cybercriminal actors. Due to its wide stealing capabilities, the customizability of the malware and its ease of use,...

This blog post on CALISTO threat actor is an extract of a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 16, 2022. March 30, 2022, Google TAG published several IOCs related to...