Sekoia.io analysts published a FLINT which introduces our tracking methodology for the prevalent infostealer families. It also presents the number of active C2 servers detected in recent weeks and our analysis of the infostealer trends.

In the report, we shared our tracking methods based on server fingerprinting and pattern searching, for the most widespread infostealers sold as Malware-as-a-Service: Lumma, Mystic, Raccoon, Rhadamanthys, RisePro, Stealc and Vidar.

The detailed heuristics are used to proactively collect exclusive IoCs and provide our customers with actionable intelligence. Their results can be found in the Intelligence Center under the "Sekoia.io C2 Tracker" source.

Related resources:

• FLINT 2023-033 - Tracking the C2 infrastructures of the prevalent infostealer families