Delaware, USA ā October 31, 2017 ā Coinhive remains the most popular platform for mining Monero cryptocurrency in user’s browsers. Despite the creation of a cryptocurrency miner modification, which allows users to control mining process in their browser and even disable it, the original version of the Coinhive JavaScript miner is actively used by attackers […]
Delaware, USA ā October 31, 2017 ā Cybercriminals from Gaza group have been known since 2012, and they continue to carry out large-scale cyberespionage campaigns targeted organizations and politicians in the countries of the Middle East and North Africa. According to researchers from Kaspersky Lab, attackers in mid-2016 managed to penetrate networks of oil and […]
Delaware, USA ā October 30, 2017 ā The researcher from Malwarebytes reported the return of the Matrix Ransomware. This malware was discovered at the end of the last year and adversaries frequently updated this threat, but for several months there have been no campaigns with its use. Currently, the virus spreads through malvertising, targeting vulnerabilities […]
In the previous article, we have examined simple integration with external web resources using drilldowns. If you missed it, follow the link:Ā https://socprime.com/en/blog/simple-virus-total-integration-with-splunk-dashboards/ Today we will get acquainted with one more interesting variant of drilldowns in Splunk: using depends panels. Depends panels in Splunk: an interesting way to use drilldowns in dashboards Very often there is […]
Delaware, USA ā October 27, 2017 āĀ Researchers from IBM X-Force shared information about the campaign using a new modification of the banking Trojan Ursnif (Gozi). This September, Adversaries started the campaign that targeted financial institutions in Japan. Ursnif is distributed not only through malicious email attachments but also through malvertising via Rig exploit kit. Currently, […]
Delaware, USA ā October 25, 2017 ā Bad Rabbit Detector for ArcSight, QRadar and Splunk is released. You can download this SIEM case for free from Use Case Cloud. It contains all known Indicators of Compromise to detect the malicious activity of Bad Rabbit Ransomware worm. This threat was used to commit cyber-attacks on multiple […]
The research is based on OSINT evidence analysis, local evidence, feedback from attack victims and MITRE ATT&CK methodology used for actor attribution. SOC Prime would like to express gratitude to independent security researchers and specialized security companies who shared the reverse engineering reports and attack analysis on the public sources and their corporate blogs. On […]
The efficient SIEM operation directly depends on fixing detected vulnerabilities and issues in its functioning. The primary method for this is updating the system to the latest version. Updates can include fixing security issues, releasing new functionality, improving system performance, patches, and so on. In my recent article, we reviewed how to create backups in […]
Delaware, USA ā October 23, 2017 ā Researchers from Proofpoint and Cisco Talos companies report on the growing activity of Fancy Bear group, also known as APT28. On October 18, researchers discovered a hastily planned attack on a number of companies in the US and Europe. Attackers sent MS Word documents containing ActiveX objects that […]
Almost all of the ArcSight beginners face a situation when there are a high incoming EPS from the log sources, especially when it is critical to License limits or causes performance issues. To reduce incoming EPS, ArcSight has two native methods for event processing: Event Aggregation and Filtration. In this article, I will try to […]