Each month SEKOIA.IO updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we added:

• Some new or recent information stealers: Stealc, Titan Stealer, ViperSoftX, BlackCap Grabber;
• Active intrusion sets: the Akur Group (pro-Russian hacktivists), the TA558 threat group;
• Havoc, a post-exploitation C2 framework available on GitHub;
• Other threats leveraged by cybercriminals or APT groups: Phonk cryptominer, Rshell RAT;

SEKOIA proactively monitors new information stealers and we invite you to read our latest blogposts about Stealc!

References:

• Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1
• Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 2