Each month SEKOIA.IO updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added:

• Malware sold on forums: PureCrypter, 404 KeyLogger, XFileStealer;
• New or recent malware families on multiple environments (Windows, Android and Linux): NetDooka, Octo (Android Banking Trojan), AbstractEmu, Symbiote, IceXLoader;
• New aliases for Raccoon Stealer;
• And other malware families such as BitterAPT, PrivateLoader, BluStealer, DOUBLEBACK, DarkVNC, PhotoLoader, BasBanke (Android stealer), SectopRat and Meteor wiper.

For information on Raccoon Stealer v2, read our last two blog posts in which we contextualise and analyse this new threat which will certainly gain in popularity in the coming months.

Related resources:

• Raccoon Stealer v2 – Part 1: The return of the dead
• Raccoon Stealer v2 – Part 2: In-depth analysis