Each month SEKOIA.IO updates the configuration of its OSINT collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualizing IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added:

• Malware families that have come to light as a result of the cyberattacks in Ukraine (OutSteel, SaintBot, WhisperGate);
• New or recent malware families (44Caliber, BlackGuard, PurgeStealer);
• And other malware families that were not yet tracked on all our community sources, to name a few: BluStealer (aka a310Logger), Aberebot, MoqHao, WSHRAT, etc.

For information, BlackGuard is a new stealer sold on underground forums under the malware-as-a-service model and is not much documented in OSINT to date. To know more about this threat, you can visit its page on SEKOIA.IO.