When a Botnet Cries: Detecting Botnet Infection Chains
Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used...Read More
XDR detection engineering at scale: crafting detection rules for SecOps efficiency
In this blogpost we present SEKOIA.IO’s process to create detection rules, which first requires explaining our detection workflow as well as understanding SEKOIA.IO XDR history and specificities.Read More
Sekoia.io Mid-2022 Ransomware Threat Landscape
Sekoia.io presents its Ransomware threat landscape for the first semester of 2022, with the following key points:Read More
Vice Society: a discreet but steady double extortion ransomware group
This blog post on Vice Society ransomware group was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 29, 2022. What is Vice Society?...Read More
An insider insights into Conti operations – Part Two
The first blog post was focusing on Conti’s evolution and the leak’s context and analysis. In this second blog post, we will look into how to make simple detection rules to...Read More
An insider insights into Conti operations – Part One
This is the first of two blog posts, where we focus on the Conti ransomware group whose training material was recently leaked on a cybercrime forum. To provide some...Read More
Hunting and detecting Cobalt Strike
In the last SEKOIA.IO Threat & Detection Lab we dealt with a Man-in-the-middle (MITM) phishing attack leveraging Evilginx2, an offensive tool allowing two-factor authentication bypass. Here, we are tackling...Read More