The indicator of compromise mentioned in the Google TAG report that corresponds to a C2 server of #Rhadamanthys is 104.156.149[.]126, active at least from January 16, 2023 to end of March according to our Sekoia.io C2 trackers. It was also publicly shared by R. on ThreatFox!

🎉 Breaking News! Sekoia.io has raised €35M in a new round of financing, a record amount for a European cybersecurity company in series A! 🚀 #funding #fundraising #cybersecurity

Our #TDR analysts just released their latest blogpost, aiming at understanding the #Iran Cyber Threat over the 2022-2023 period 🇮🇷 1/6 blog.sekoia.io/iran-cyber-thr…

🥷 A newly registered member on the XSS cybercrime forum known as "berya” was observed recruiting “pentesters” (partners/affiliates in the ransomware-related slang) to possibly distribute #ransomware in vulnerability exploitation campaigns.

Awesome report from The DFIR Report! C2 for #CobaltStrike and #Metasploit were in Sekoia.io CTI feed since October 2022! To learn more about our #C2Trackers capabilities: blog.sekoia.io/command-contro… Shoutout to C2IntelFeedsBot for reporting CobaltStrike C2 first in open-source

🎮 We analyzed an ongoing campaign targeting online gamers. Multiple malware families are delivered through fake video game websites such as #Epsilon, #Doenerium, #BByStealer, and #NovaSentinel. blog.sekoia.io/game-over-gami… #CTI #infostealer

#DarkGate gained popularity among threat actors (e.g: #TA577, #DuckTail), our #RE analysis details the internals of the malware, how it implements technique to evade defenses: Union-API, token theft via UpdateProcThreadAttribute, APC injection. blog.sekoia.io/darkgate-inter…

🏦 Our latest report provides insights on the cyber threats impacting the #financial sector in 2023. We analysed the trends in lucrative and state-sponsored ecosystems and outlined the most notable evolutions. For more details, check out our blog post: blog.sekoia.io/unmasking-the-…

Domain was serving af03329a869288967859384dd3b56b8baf30d280919497dc6de927a97017aee7 Don't really know if the Anunak/Carbanak detection is good or not on VT.

🧵 Sekoia.io tracks C2 infrastructures for main #stealer families sold as a Malware-as-a-Service (MaaS). Our view of active C2s, combined with our observations from telemetry, forum monitoring and sample tracking, gives us a global understanding of the stealer threat. ⬇️

Very glad to share a part of our 2023 work, don't hesitate if you have any question

🔍Discover how to proactively detect malicious activities with Censys data in our next webinar with  Sekoia.io. Explore challenges in monitoring decentralized infrastructures and see MalleableC2 in action📈Book your spot now: go.censys.com/April-Lunch-an…

👀 Discover our new report, which provides an in-depth analysis of cyber threats to elections based on past targeted elections. It identifies various types of cyber operations and proposes an assessment of threats regarding the major elections in 2024. blog.sekoia.io/guarding-democ…

Have you ever heard about “#DoppelGänger”? 👀 In our new report, the Sekoia #TDR team analysed the #DoppelGänger campaign's relays, technical infrastructure, and shared narratives. blog.sekoia.io/master-of-pupp… #Influence #InformationWarfare #CTI

🚨 Sekoia TDR uncovered key insights into the infrastructure behind #Emmenthal Loader distribution using #WebDAV as a service! Thanks to CERT Orange Cyberdefense & Mandiant (part of Google Cloud) for their research, which helped shed light on this! 🙏 Read the full report here: blog.sekoia.io/webdav-as-a-se…

Since mid-2023, the Sekoia #TDR team has investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes (#ORBs) used to support operations of multiple 🇨🇳 intrusion sets. Check out the full report ⤵️ blog.sekoia.io/bulbature-bene…

🚨 Discover #Mamba2FA, a previously unknown adversary-in-the-middle (AiTM) #phishing kit, sold as phishing-as-a-service (PhaaS) ⚠️ blog.sekoia.io/mamba-2fa-a-ne…

🔍 TDR investigated the emerging #ClickFix social engineering tactic, which several intrusion sets adopted in 2024 to distribute their malware. Our research provides a chronological overview of the observed ClickFix campaigns and their victimology. blog.sekoia.io/clickfix-tacti…

🇨🇳 We're excited to announce the publication of the latest Sekoia #TDR team report, « A Three Beats Waltz: The ecosystem behind Chinese state-sponsored cyber threats." blog.sekoia.io/a-three-beats-…