OSINT collection playbooks updated with new threats: Creal Stealer, Emmenhtal, HellDown, RedTail, ToxicPanda, etc. 🦠

Each month, Sekoia updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualising IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. The latest update primarily includes cyber criminal threats, as well as malware leveraged by APT groups:

  • Backdoors: RedTail, InvisibleFerret, REDCAP, LightSpy, Rozena;
  • RATs and Banking Trojans: ToxicPanda, Fakecalls, Chisel, Chalubo, GobRAT;
  • Wipers an ransomware: SHARPKNOT, Akira, HellDown, Play, BlackRouter;
  • Infostealers: Creal Stealer, 0bj3ctivity Stealer, PhemedroneStealer, 44Caliber stealer, Copybara Android trojan;
  • Loaders: Emmenhtal.

Sekoia proactively monitors new threats and we invite you to read our latest blog posts about the ClickFix tactic, that we depicted in a trilogy, as follows:

What do you think about this update?