Skip to content

2021-06-01

Start your own graph exploration from scratch.

A new option has been added to the Graph explorations feature.

You can now create your own graph explorations starting from scratch by simply selecting the desired element(s) in the "Add Object(s)" section to start your investigation.

Graph_exploration

When a graph exploration is saved, it is available to all members of your community.

2 extra FLINTs each month.

In addition to the FLINTs you receive several times a week, SEKOIA delivers an analysis of the latest trends and operating methods used by cybercriminal or state-run groups operating ransomware for extortion or sabotage purposes in FLINT format on a bi-monthly frequency.

3 new SEKOIA C2 trackers in May.

In the pursuit of current threat monitoring, we have set up 3 new SEKOIA trackers during the month of May. They allow us to track the Command & Control infrastructure of the APT Gamaredon group and new MalleableC2 (Cobalt Strike) profiles used by affiliates of Ransomware groups.

25 new detection rules added to the catalog!

Since last month, 25 new detection rules have been implemented in the SEKOIA.IO rules catalog.

Several of them are related to :

  • Escalation of suspicious and malicious alerts produced by the SentinelOne EDR.
  • Detection of phishing and spear-phishing threats, including the downloading of documents with specific file extensions and from domains with specific TLDs.
  • Detection of techniques aimed at disabling security tools (antivirus for example) by certain malware (such as Agent Tesla).
  • Detection of a particular DLL loading technique (Gziploader) of the IcedID malware
  • Detection of the STRRAT Trojan that pretends to be a ransomware to extort its victims by creating a scheduled task.
  • Detection of the Phorpiex botnet used to distribute spam and other malware (cryptocurrency miners and ransomware) via certain techniques used to replicate on removable media.

Detection_rules

Enable new verified rules automatically!

Activating new rules verified by SEKOIA.IO analysts can now be done automatically.  Simply activate the option in the rule catalog settings and choose the desired effort level.

Automatic_rules

Find your rules faster and easier thanks to the filters!

The new filters available on the rule catalog greatly simplify their review. Find activated and deactivated rules in your community using the filters "Rule: Enabled" and "Rule: Disabled" respectively. You can also use the "Rule: Custom" and "Rule: Verified" filters to find rules created by you as well as those added by SEKOIA analysts.

Rules_filters

These filters allow you to enable or disable all selected rules with a mouse click.