SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user experience. In this dynamic, the platform continues to reinvent itself and evolve by regularly integrating new features while improving existing features. Discover in this article, all the news published in October 2021.
New Detection Rules
12 new detection rules added to the catalog!
These rules focus on the detection of the latest vulnerabilities such as Apache (CVE_2021-41773), as well as the most recent malware such as:
– MirrorBlast which is not exclusively associated with the cyber criminal group TA505.
– SquirrelWaffle which becomes the successor of Emotet, known as the number one threat used to download other malware like QakBot or Cobalt Strike.
New EDR rules
EDR rules have also been added to centralize and contextualize alerts from HarfangLab EDR in SEKOIA.IO XDR as part of the Open XDR Platform.
HarfangLab, is a publisher of EDR (Endpoint Detection and Response) software, a technology that allows to anticipate and neutralize modern and unknown cyberattacks, on computers and servers. Certified by ANSSI since 2020, HarfangLab counts among its clients large companies of international scope, operating in very sensitive sectors.
As a reminder, during the Cybersecurity Conference in Monaco last October, SEKOIA, HarfangLab, Pradeo, GLIMPS, Vade, announced the creation of the Open XDR Platform. Objective: to federate expertise in cybersecurity within a unified solution, to simplify deployment and strengthen the cyber defense of organizations.
Tracking Cyber Threats
7 new trackers
These trackers allow, among other functions, to monitor the Command & Control (C2) infrastructure of the following threats:
ManaTools is a tool for distributing malware and controlling it via a Command & Control (C2) panel. It has already been associated with several malware, such as RevengeRat, AzoRult, Lokibot, Formbook and AgentTesla.
FinFisher is spyware sold exclusively to governments and intelligence agencies and used in criminal investigations.
BazarLoader is a widespread malware that allows attackers to penetrate the victim’s environment. Access to the system compromised by BazarLoader is often resold to ransomware gangs.
TodayZoo is a phishing kit used since December 2020 and newly documented by Microsoft.
We have observed and enriched our Observables and Cyber Threat Intelligence base with intelligence from the implementation of several honeypots exposing Apache services vulnerable to CVE-2021-41773 and CVE-2021-42013.
In order to share our analysis of the modus operandi of attackers operating these different vulnerabilities, SEKOIA.IO analysts have produced and published a new FLINT on this topic!