Each month SEKOIA.IO updates the configuration of its collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualizing IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added:
For information on Follina, read our last blog post MSDT abused to achieve RCE on Microsoft Office in which we analyzed the vulnerability as well as documents that exploit it.