Tracking new threats with SEKOIA C2 Tracker: RedWarden, TrueBot, Aurora, Cova, Nosu, Squarephish, ChaosRAT 🕵️

When SEKOIA.IO analysts are coming across new or trendy threats (malware, threat groups, phishing, etc.), we generally try to find heuristics to track their infrastructure. This proactive hunting approach allows us to collect exclusive indicators of compromise (IoCs) on a weekly basis. In recent weeks, we have added Command & Control (C2) trackers for:

  • Newly supervised threats: Cryptocurrency phishing, WhiteSoftware websites and SEO poisoning infrastructures, TrueBot, Cova, Nosu, RedWarden, Squarephish, ChaosRAT, DuckLogs;
  • Already tracked threats: Aurora, BatLoader, FakeUpdates, Callisto, Evilginx2, PrivateLoader.

IoCs collected from these trackers can be found in the SEKOIA.IO Intelligence Center by filtering on the source "SEKOIA C2 Tracker". If you want to know more about the above-mentioned threats, please visit their card and their model made by the analysts!

changelog_tracker_20230110.png

What do you think about this update?