Each month, Sekoia updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of recent threats. Our collection playbooks aggregate, enrich, and contextualise IoCs from community threat intelligence feeds (such as URLhaus, ThreatFox, and others) and from analysis conducted with Hatching Triage sandbox. The latest update primarily includes cybercriminal threats, as well as malware used by APT groups:

Infostealers: AMOS Stealer, DroidWatcher, Lumar Stealer, Panda Stealer
RATs: CraxsRAT, DarkVision RAT, DiscordRAT, ValleyRAT
Ransomware: Darkylock, Termite
Droppers and loaders: ARS VBS Loader, VenomLNK

Sekoia proactively monitors new threats and we invite you to read our latest blog posts about ransomware threats:

FLINT 2024-040 - Helldown Ransomware: an overview of this emerging threat
FLINT 2024-041 - Ransomware-driven data exfiltration: techniques and implications