Each month Sekoia.io updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added mostly cyber criminal threats sold on underground forums: * RATs and backdoors: AllaKore, Black RAT, Gh0stRAT, L3mon, LPEClient, OxtaRAT, RShell, SombRAT, Xeno RAT, XploitSpy; * Downloaders, droppers and loaders: BrbBot, HanaLoader, Latrodectus, LazarLoader, LetMeOut, SigLoader, SmartLoader, SSLoad; * Infostealers and spywares: ACR Stealer, DOSTEALER, Easy Stealer, IconicStealer, KrakenKeylogger, NimGrabber, Nova Stealer, Pegasus, PureLog, Typhon Stealer. Sekoia.io proactively monitors new threats and invites you to read our latest blogpost about Mallox affiliate leveraging PureCrypter! Sekoia.io proactively monitors new threats and invites you to read our latest [blog post on Mallox affiliate leveraging PureCrypter in MS-SQL exploitation campaigns](https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/), both malware monitored by our OSINT collection playbooks.