Each month Sekoia.io updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, it includes the following threats:

• Remote access trojans: GoldDigger, Millenium RAT, Sakula RAT, Venom RAT, Viper RAT, Xtreme RAT, 888RAT;
• Infostealers: Epsilon Stealer, Luna Grabber, PureLogs (aka zgRAT), Realst;
• Other threats, including ClearFake, TA577, GoShellcode, Socks5Systemz.

Sekoia.io proactively monitors new "fake updates" threats and malware they deliver. If you want to know more about the newcomer "fake updates" threat ClearFake, you can read our analysis in the blogpost on ClearFake!