Each month SEKOIA.IO updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added:

• Some new or recent information stealers: Erbium, Lumma, LOLI Stealer, YTStealer, Zingo;
• Widespread loaders: PrivateLoader, PureCrypter, NullMixer, Colibri, IceXLoader;
• And other malware families or C2 frameworks, such as Sorillus RAT, TinyNuke, Empire, Brute Ratel C4, etc.

SEKOIA proactively monitors emerging information stealers, as well as the traffers teams operating them. If you want to know more about the ecosystem of information stealer, you can read our blogpost on the subject!