SEKOIA YARA Tracker 🔬

It has been quite a while since SEKOIA.IO's analysts use YARA rules for research and collection purposes. We use YARA rules – posted on multiple malware analysis platforms – as a constant source of Indicators of Compromise. These indicators are now available in the Intelligence Center with the source SEKOIA YARA Tracker. At least twice a week, we collect all the hashes from YARA matches, and we collect them in the Intelligence Center. For rules which are still in the testing process, these results are manually filtered to detect and remove all potential false positives and improve the rules.

ic_intelligence_sekoia_yara_tracker.png

SEKOIA.IO create new YARA rules regularly, based on threats that we see active at the moment (recently MarsStealer, EtterSilent maldoc, BlackCat ransomware, etc.) or files abusing malicious techniques (such as CSV files exploiting DDE technique).

You can find these IOCs in SEKOIA.IO by going to the page https://app.sekoia.io/intelligence/objects and filtering on the source "SEKOIA YARA Tracker".

What do you think about this update?