We keep writing a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers). The previous interview is here: https://socprime.com/blog/interview-with-developer-lee-archinal/ Meet Florian Roth. Florian Roth is CTO of Nextron Systems GmbH. He is the creator of APT Scanner THOR – Scanner for Attacker Activity and Hack Tools and the developer of the Nextron’s most comprehensive handcrafted […]
Delaware, USA – September 25, 2019 – SOC Prime, Inc. is pleased to announce Thomas Patzke joins our Advisory Board. Thomas is one of the most inspiring experts in the cyber security community who has 13+ years of experience in the area of information security, currently works as blue teamer and threat hunter at thyssenkrupp […]
Delaware, USA – September 24, 2019 – In late summer, Fancy Bear launched a new campaign targeting Ministries of Foreign Affairs and embassies in Europe and Central Asia with rewritten Zebrocy backdoor. The campaign started on August 20, and two days later it was discovered by Telsy’s researchers. Unlike past companies, cybercriminals send an empty […]
The purpose of this blog is to explain the necessity for manual (non-alert based) analysis methods in threat hunting. An example of effective manual analysis via aggregations/stack counting is provided. Automation Is Necessary Automation is absolutely critical and as threat hunters we must automate where possible as much as possible. However, automation is built on […]
Delaware, USA – September 24, 2019 – Instead of stopping the campaign, the LookBack trojan operators changed the text of the phishing emails and continued to attack organizations in the US Utilities Sector. Proofpoint researchers continued their investigation of LookBack malware attacks and found that there were significantly more attacked companies, and the campaign itself […]
Delaware, USA – September 23, 2019 – Lazarus group expanded their toolset with Dtrack remote access trojan to attack research centers and financial organizations in India. Kaspersky Lab published the report describing the infection process and malware capabilities. Researchers discovered ATMDtrack malware used in attacks on Indian banks a year ago, and a search for […]
Delaware, USA – September 20, 2019 – The triumphant return of Emotet botnet with the new campaign this week made a lot of noise, and in addition to the scale of the campaign, researchers noted significant changes in both the botnet’s infrastructure and the infection methods. The campaign started on Monday, cybercriminals attacked users from […]
Delaware, USA – September 19, 2019 – The growth of the Monero cryptocurrency price provokes the return of major players to the race for other people’s computing power. Guardicore Labs uncovered winning streak of infamous Smominru botnet infecting about 4.7k systems per day. The botnet appeared in May 2017 and used mainly EternalBlue exploit to […]
Delaware, USA – September 18, 2019 – Another young hacking group hacks IT providers in the Middle East to prepare supply chain attacks. Symantec’s researchers have revealed the activity of the group, which they called Tortoiseshell, operating since last July. During this time, attackers compromised at least 11 IT providers, most of their targets are […]
Delaware, USA – September 17, 2019 – It took Emotet operators nearly a month to finally bring their monster back to life, remove bots of security firms from the infrastructure, and prepare a new spam campaign. Starting Monday morning, September 16, malicious emails began to appear in the United States, the United Kingdom, Italy, Germany, […]