In February 2024, I discovered a whisper campaign targeting folks in critical infrastructure with a pirate streaming box. While Illicit streaming devices are not new, this one is particularly ""chatty"". When I discovered it was communicating to qq[dot]com, I knew I needed to start ingesting logs and needed a SIEM. I was able to quickly deploy Graylog and collect and correlate logs to understand behavior of the device.

What I found is....interesting.

Key Takeaways

1. Rapid Threat Detection - Learn how to use Graylog to investigate suspicious activity and gather critical insights in real-time.
2. Unexpected Findings - Discover the surprising behavior of an illicit streaming device and the potential risks it posed to critical infrastructure.

Checkout Documentation
https://go2docs.graylog.org/current/home.htm

Direct Downloads Page
https://graylog.org/downloads

Subscribe to Our Blog
https://graylog.org/blog/

Join the Community
https://community.graylog.com/company/graylog

Twitter: https://twitter.com/graylog2
Facebook: https://www.facebook.com/graylog/
LinkedIn: https://www.linkedin.com/company/graylog
Reddit: https://www.reddit.com/r/graylog/
Mastodon: https://infosec.exchange/@Graylog
Bluesky: https://bsky.app/profile/graylog.bsky.social

Want to contact us?
https://graylog.org/contact-us/