When Sekoia.io analysts are coming across new or trendy threats (malware, threat groups, phishing, etc.), we generally try to find heuristics to track their infrastructure. This proactive hunting approach allows us to collect exclusive indicators of compromise (IoCs) on a weekly basis. In recent weeks, we have added Command & Control (C2) trackers for:

• Newly supervised threats: KeepSpy, Bandit Stealer, Meduza Stealer, Observer Stealer, AndoryuBot;
• Already tracked threats: Ducktail, CryptBot, Stealc, Lumma Stealer, PikaBot, SideWinder, phishing infrastructure.

IoCs collected from these trackers can be found in the Sekoia.io Intelligence Center by filtering on the source "Sekoia.io C2 Tracker". If you want to know more about the above-mentioned threats, please visit their card and their model made by the analysts!