Each month SEKOIA.IO updates the configuration of its OSINT collection playbooks to automatically gather Indicators of Compromise (IoCs). Our collection playbooks are aggregating, enriching and contextualizing IoCs from several community threat intelligence feeds such as URLhaus, ThreatFox, Triage and others. This time, we have added:

• Linux malware such as Stealthworker / GoBrut which bruteforce servers running CMS and services such as SSH and MySQL.
• IoT malware such as Kaiji which spread via SSH brute force and is used for DDoS attacks
• Cyber criminal tools such as Ave Maria, sold on underground forums.

We also added new trackers for known threats such as Cobalt Strike in order to be more exhaustive in our detection.

Related resource:

• Ave Maria in the intelligence center
• Stealthworker in the intelligence center
• Kaiji in the intelligence center