Each month Sekoia.io updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added mostly cyber criminal threats sold on underground forums:

• Information stealers: Prynt, SectopRAT, CopperStealer, DUCKTAIL, EvilExtractor, Nemesis, ZStealer, zgRAT;
• Some Android malware such as SpyNote or Godfather;
• And other threats such as the TA570 group (Qbot malware affiliates),
• Ransomware and droppers such as Royal Ransom, AresLoader and NetDooka.

Sekoia.io proactively monitors new information stealers and we invite you to read our latest blogpost about Russian-speaking infostealer ecosystem!