Each month Sekoia.io updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) as well as analysis of Hatching Triage sandbox. This time, we have added mostly cyber criminal threats sold on underground forums:

• Infostealers: AcridRain, AllcomeClipper, DynamicStealer, Fabookie, Icarus, Loda, Meduza, RisePro;
• Loaders or botnets: CustomerLoader, DarkGate, HoraBot, Lu0bot, SocGholish (aka FakeUpdates);
• Ransomware: Djvu (aka STOP), TargetCompany (aka Mallox);
• Remote access trojans: JanelaRAT, Parallax.

Sekoia.io proactively monitors new loaders, as well as the malware downloaded in next-stage payload. If you want to know more about the newly discovered loader CustomerLoader, you can read our analysis in the blogpost on CustomerLoader!