Each month SEKOIA.IO updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added:

• Some new or recent cybercrime malware: LDR4 (variant of Ursnif), DarkCloud (variant of BluStealer), XWorm, LgoogLoader, Harly;
• Malware used by different APT groups: BEATDROP, FurBall, CrimsonRAT, PoisonIvy;
• And other malware families or attack frameworks, such as Evilginx.

SEKOIA.IO also proactively tracks these threats using our internal tools, exclusive IoCs can be found in the SEKOIA.IO Intelligence Center with the sources SEKOIA (SEKOIA C2 Tracker, SEKOIA YARA Tracker, etc.).