Sekoia.io

@[email protected]
133 Followers
1 Following
211 Posts
A #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
Websitehttps://sekoia.io
Bloghttps://blog.sekoia.io
GitHubhttps://github.com/SEKOIA-IO
Show threadSekoia.io4d ago
Agile and persistent, Silver Fox successfully blends into the noise of traditional cybercrime while maintaining the capacity for advanced intelligence collection.
Show threadSekoia.io4d ago
Key findings:
🎣 Deceptive Lures: Consistently impersonates national taxation authorities or uses fake payroll documents to trick victims into executing payloads.
🌊 3-Wave Arsenal Evolution: Between 2025 and 2026, their attack chains shifted significantly to evade detection.
Show threadSekoia.io4d ago
In this deep-dive analysis, our Threat Detection & Research (#TDR) team unmasks their massive 2025-2026 campaign and rapidly evolving infection chains.
Sekoia.io4d ago
#SilverFox is a China-based intrusion set operating on a unique "dual-track" model. While often tracked for their APT-style espionage, our telemetry shows they continuously run broad, opportunistic cybercrime campaigns targeting entities across South Asia. https://buff.ly/KPXIytD
Show threadSekoia.io4d ago
🛠️ RMM Abuse: Transitioned from deploying ValleyRAT via malicious PDFs to abusing Chinese RMM tools.
🐍 Custom Payloads: Recently observed dropping a custom Python-based stealer embedded in a Python installer.
Show threadSekoia.ioFeb 12
🎭 Advanced Evasion: Packed with TextShell for enhanced obfuscation (custom LZMA); utilizes API "hammering" and anti-debug traps to bypass detection and delay manual analysis.
Show threadSekoia.ioFeb 12
🔐 Custom Obfuscation: Leverages non-standard Base64 encoding with randomized shifts to evade automated detection.
🖼️ Steganography: Hides payloads within innocuous-looking icon images retrieved from the C2.
Sekoia.ioFeb 12

#OysterLoader (aka #Broomstick or #Cleanup) is not just another downloader. Often serving as a precursor to #Rhysida #ransomware campaigns or distributing commodity malware such as #Vidar, this threat has evolved significantly as we enter 2026.

https://blog.sekoia.io/oysterloader-unmasked-the-multi-stage-evasion-loader/

#Reverse

Show threadSekoia.ioFeb 12

In this deep-dive analysis, our Threat Detection & Research (TDR) team uncovers a sophisticated, multi-stage infection designed to bypass security controls. Key findings:

📦 Deceptive Distribution: Spreads via fake sites impersonating IT tools like PuTTY or WinSCP.

Show threadSekoia.ioJan 29

The attacker is abusing the open-source URL shortener YOURLS as a Traffic Distribution System (TDS), filtering visitors by device type and protecting their infrastructure.

To our knowledge, this is the first time cybercriminals have used YOURLS as a TDS.