Month: November 2017

Delaware, USA – November 15, 2017 – Attackers extremely rarely use CPL files to disguise malware, and usually, such attacks are performed by the notorious cybergangs. Using this file format allows them to bypass Windows AppLocker and causes less suspicion when cybersecurity officers investigate suspicious activity on a compromised system. The Palo Alto Networks unit […]

Delaware, USA – November 14, 2017 – Cybercriminals’ arsenal is expanded with banking Trojan IcedID. It was discovered by researchers from IBM X-Force, and they argue that this is not a modification of any of the existing malware, but an entirely new one. IcedID targeted North American banks, and it is distributed via botnet associated […]

Delaware, USA – November 13, 2017 – SOC Prime team will participate in SHIELD 2017 conference in Istanbul on November, 21: http://shield.innoverabt.com/ This event is conducted by Innovera company, leading IT security and IT continuity consulting shop in the Turkish territory. This year, SHIELD conference will be held for the third time and will gather […]

Delaware, USA – November 10, 2017 – On October, the hacker group which infects corporate servers with LockCrypt Ransomware increased the number of attacks. Researchers from Alien Vault report that for the first time this Ransomware strain was seen in June and linked it with the same group that used Satan Ransomware in previous attacks. Unlike […]

In the previous article, we have examined using depends panel for creating convenient visualizations in dashboards. If you missed it, follow the link: https://socprime.com/blog/using-depends-panels-in-splunk-for-creating-convenient-drilldowns/ Many people who begin to study Splunk have questions about monitoring the availability of incoming data: when the last time the data came from a particular source, when the data ceased […]

Delaware, USA – November 9, 2017 – Cybercriminals from Fancy Bear, also known as APT28, started using DDE techniques in their phishing campaigns. Researchers from McAfee on Tuesday published a report in which they revealed the details of the recent campaign of this hacker group. The primary activity of this group is cyber espionage. On […]

Delaware, USA – November 8, 2017 – A month ago, SensePost published an article about the threat of exploiting the Dynamic Data Exchange feature used in Microsoft Office. The usage of DDE allows attackers to execute PowerShell scripts and download malicious files from external servers. A few days after that, Cisco Researchers detected sophisticated APT […]

Delaware, USA – November 8, 2017 – ChessMaster is a cyber espionage campaign that has been conducted for several months against organizations, mainly located in Japan. Trend Micro links this campaign with a group of APT 10, also known as Stone Panda. Attackers use a wide range of backdoors and Trojans, and the number of […]

Delaware, USA – November 7, 2017 – After a two-year break, attacks using the banking Trojan Corebot are resumed. The campaign against a number of Canadian banks was discovered by researchers from Deep Instinct, who continues to analyze this malware. The attackers changed their tactics and armed the Trojan with tools to avoid detailed analysis […]

Delaware, USA – November 6, 2017 – Researchers at the University of Maryland conducted a study on the leveraging of compromised digital certificates for signing malware. They managed to find 111 certificates that are used to bypass antivirus solutions. More than a third of them were issued for front companies that are not related to […]