OSINT collection playbooks updated with new threats: XWorm, LodaRAT, Rhadamanthys, DarkCloud etc. 🦠

Each month SEKOIA.IO updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added: * Some new or recent information stealers: Mint Stealer, DarkCloud Stealer, Rhadamanthys, Astaroth; * Remote Access Trojans: XWorm, Bitter RAT, LodaRAT, Gh0stRAT, Running RAT, ReverseRAT, NetSupport RAT; * And other malware families: Spyder, RapperBot, Deimos, CryCryptor. SEKOIA.IO already tracked several of these threats by using internal tools, such as SEKOIA C2 Tracker or SEKOIA YARA Tracker. You can find the associated exclusives IoCs by browsing the malware pages in the Intelligence Center.