Playbooks, YARA rules, IoCs… explanation about the news

Aug 4, 2021

SEKOIA.IO XDR and SEKOIA.IO CTI are constantly evolving to meet the needs of our users, while taking into account their approach and user experience. Each month, we review and explain the new features to explain the new features and improvements of the existing.

Happy reading of the news of August.

Playbooks ready to use! 🏁

Easily automate time-consuming activities with pre-designed, ready-to-use playbook templates. A playbook is a list of steps (blocks) and actions required to successfully respond to an incident or a threat. It provides a step-by-step approach to orchestration, helping security teams establish standardized incident response processes. Discover our 4 playbooks available now on SEKOIA.IO and stay tuned for the upcoming ones!

10 new detection rules in the catalog! 🕵️

Our analysts added 10 new detection rules to the rules catalog in July to detect, among others:
  • Exploiting the PrintNightmare vulnerability.
  • Several TTPs used by Ransomware groups as stop services, disabling Windows Defender in PowerShell, etc.
  • The North Korean APT group Lazarus.
About ten existing rules have also been improved.

25 new YARA rules and C2 Tracker 🎁

These trackers and rules have been integrated to continue tracking the latest cyber threats!

  • In July, 25 new YARA rules were implemented by our SEKOIA.IO CTI teams to track and collect IOCs mainly to detect ransomware (Avaddon, Avoslocker, Cuba, Hades, REvil and Thanos) as well as APTs such as APT31, Lazarus, Thallium or Turla.
  • New SEKOIA C2 Tracker have also been added to allow our analysts to better detect APTs such as StrongPity or commercial or open source offensive tools such as TrevorC2, BruteRatel, Caldera, GoBot2, NorthStar, PowerHub or Satellite.

New IOCs for the Chinese APT group APT31! 🔎

  • Following ANSSI’s publication on July 21, 2021 regarding a series of APT31 attacks targeting France, the campaign in point was mapped in the SEKOIA.IO CTI database and new IOCs were integrated in addition to those already known by SEKOIA.IO.
  • 94 new malicious domains and IPs attributed with high confidence to the APT31 infrastructure were found through the investigations of SEKOIA.IO analysts.

Until September, we hope you enjoy these new features and will be able to manage your cybersecurity even more efficiently.

Chat with our team!

Would you like to know more about our solutions? Do you want to discover our XDR and CTI products? Do you have a cyber security project in your organization? Make an appointment and meet us!

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ? Vous voulez découvrir nos produits de XDR et de CTI ? Vous avez un projet de cybersécurité dans votre organisation ? Prenez rendez-vous et rencontrons-nous !