Erwan Chevalier

At #VB2023 Sekoia.io's Guillaume Couchard & @r1chev will outline the infection chains used by commodity malware, common detection methods used against them, & how generic detection rules on these chains can help in the fight against botnets. virusbulletin.com/conference/vb2…

Possible #Bluenoroff #TA444 #APT38 activity 142.11.209[.]144 dma.linkpc[.]net association.linkpc[.]net world.linkpc[.]net 23.254.204[.]173 docsend.com-proapple[.]cloud.line[.]pm docsend-cloud.espcap[.]fun 23.254.129[.]6 c-money.linkpc[.]net 23.254.167[.]226 decentryk[.]online

Today, @sekoia_io TDR team published their analysis of DDoSia blog.sekoia.io/following-nona…🧵 1/6

🔴 Yesterday, the 🇷🇺 Russian-affiliated hacktivist group #NoName057 leveraged its #DDoS tool #DDoSia to target #PMCWagner websites wagner2022[.]ru / wagnercentr[.]ru💣

🎉 Breaking News! @sekoia_io has raised €35M in a new round of financing, a record amount for a European cybersecurity company in series A! 🚀 #funding #fundraising #cybersecurity

During daily threat monitoring, our Threat & Detection Research (TDR) team identified new #NoName057's #DDoSia 🇫🇷 targets ⤵️ www[.]assemblee-nationale[.]fr www[.]gendarmerie[.]interieur[.]gouv[.]fr cnes[.]fr dares[.]travail-emploi[.]gouv[.]fr

The indicator of compromise mentioned in the Google TAG report that corresponds to a C2 server of #Rhadamanthys is 104.156.149[.]126, active at least from January 16, 2023 to end of March according to our @sekoia_io C2 trackers. It was also publicly shared by @0xrb on ThreatFox!

@sekoia_io TDR analysts just published a blogpost on #VulkanFiles 🇷🇺, in cooperation with @lemondefr, a member of the international consortium lead by @paper_trail_m #thread 🧵 blog.sekoia.io/sekoia-io-anal…

Today TDR analysts released a blogpost related to 🇰🇵 #DPRK associated #Reaper #APT (aka #APT37), based on their observations of this group's C2 🧵 1/6 blog.sekoia.io/peeking-at-rea…

Last week, we published an analysis of the newly discovered infostealer named #Stealc. Here is the part 2 with the reverse engineering of the #malware. blog.sekoia.io/stealc-a-copyc…

💣 Among others, @sekoia_io discovered yesterday 55 #PyPI malicious packages pushed by the same Threat actor. It's not the first time that we are seeing this actor pushing this kind of malicious packages. PyPI contacted and packages removed 👌 Related packages and IoCs below ↘️

SEKOIA.IO uncovered a new #infostealer advertised as #Stealc on underground forums since early 2023 and already widespread in the wild. In a nutshell, Stealc is a copycat of the prominent #Vidar and #Raccoon stealers. blog.sekoia.io/stealc-a-copyc…

As the ongoing 🇷🇺 Russo-Ukrainian 🇺🇦 conflict is about to mark its first year anniversary, our analysts share through our latest blogpost their analysis pertaining to the #cyber picture. blog.sekoia.io/one-year-after…

We are pleased to share our analysis of our infrastructure's tracking project ⤵️ blog.sekoia.io/command-contro… #CTI #Thread

Netzob is back with its v2.0.0 major release. New datatypes, new relationships, and a brand new fuzzing module for message format and state machine! #ProtocolModelization #TrafficGeneration #ReverseEngineering Release: github.com/netzob/netzob/… New doc: netzob.github.io/netzob/

Our new blog post aims at presenting a typical infection chain distributing #Raccoon and #Vidar stealers by leveraging SEO poisoned websites. SEKOIA.IO illuminated a large and resilient infrastructure of 250+ domains. blog.sekoia.io/unveiling-of-a…

Our new blog post aims at contextualising and analysing trends pertaining to cyber malicious activities associated to the 🇰🇵 Democratic People’s Republic of Korea-nexus Intrusion Sets reported in open sources in 2022 ⤵️ blog.sekoia.io/the-dprk-delic… #CTI #DPRK

Rules Catalog updates! (#OKTA, #AWS, #Cybereason, #WAF, ISO-LNK) feedback.sekoia.io/changelog/1516…

#IcedID is distributed on sites impersonating popular enterprise software applications, such as Zoom or Slack. Such infection chains are usually used by threat actors distributing infostealers (Raccoon, Vidar, Redline, Aurora, etc.) ⬇️

#Vidar stealer (botnet 1821) distributed using a fake website that mimics MSI Afterburner software and uses Google Ads mslaftrebunrer.]us (ping @Namecheap) tria.ge/221208-p35zzsd…