Each month SEKOIA.IO updates the configuration of its OSINT collection playbooks to automatically gather Indicators of Compromise (IoCs) of new threats. Our collection playbooks are aggregating, enriching and contextualizing IoCs from community threat intelligence feeds (URLhaus, ThreatFox, and others) and analysis of Hatching Triage sandbox. This time, we have added:

• Malware tied to the conflict in Ukraine, especially wipers (CaddyWiper, HermeticWiper, IsaacWiper, ...)
• Malware families that have been active recently such as BumbleBee, Vulturi or PurpleFox
• Malware families that we were already tracking but under other names (we take advantage of playbook's update to complete the nomenclature of these threats)
• Threats that may be old compared to the threats mentioned above, but still widely used in the cybercriminal ecosystem (SmsSpy, TriumphLoader, Vjw0rm, GCleaner...)

For information, Vulturi is an information stealer written in C# able to steal numerous data from the infected host, shared for free since June 2021. To know more about this threat, you can visit its page on SEKOIA.IO or read the FLINT "Vulturi: another information stealer".

Related Resources:

• FLINT 2022-017 - Vulturi another information stealer
• Vulturi in the Intelligence Center