Blog

Erase of Shadow Copies Detection Rules

Many of our publications lately have been devoted to various ransomware strains, and the rules for detecting Matrix ransomware characteristics will not help to identify Ragnar Locker or Maze. The malware is constantly changing: its authors change not only the IOCs known to security researchers but also the behavior to make threat hunting content useless […]

Read More
EKING Variant of Phobos Ransomware Detection

Today we would like to draw your attention to another Ransomware as a Service, which has been used for a long time in attacks against organizations and cybercriminals use different variants that have already received their own names. We are talking about the Phobos ransomware family, which is based on Dharma ransomware and was created […]

Read More
FONIX Ransomware as a Service Detection

Another Ransomware as a Service platform is preparing to play a high-stakes game with organizations. Researchers at Sentinel Labs discovered the first attacks using the FONIX platform about three months ago. Now, this RaaS platform is still under active development, but their first customers are already trying their capabilities. So far, FONIX is quite inconvenient […]

Read More
AZORult Trojan Used in Targeted Attacks

Last week, researchers at Zscaler ThreatLabZ released a report on a massive campaign targeting the supply chain and government sectors in the Middle East. Cybercriminals sent phishing emails pretended to be from Abu Dhabi National Oil Company (ADNOC) employees that infected targets with the AZORult Trojan.  Campaign Targeted at organizations in the Middle East The […]

Read More
Cloud Security Challenges for Enterprise

Cloud services are an irreplaceable part of modern enterprise infrastructure, over 70% of the world’s organizations fully or partially operate on the cloud as reported by Cloud Security Alliance. Cloud service providers also provide extra security measures, such as automated threat detection. But according to statistics, up to 90% of all cybersecurity professionals are now […]

Read More
Mount Locker Ransomware

Companies worldwide are reported to have failed victims of the recent ransomware attack by Mount Locker. The new ongoing ransomware attack targets corporate networks and demands millions of dollars ransom payment is Bitcoins, and the hackers utter threats to reveal the encrypted data publicly if the victims refuse to pay ransom. Mount Locker ransomware activity […]

Read More
Sumo Logic Integration with Threat Detection Marketplace

SOC Prime is always striving to extend the support for the most popular SIEM, EDR, NSM and other security tools, including cloud-native solutions, to add more flexibility to Threat Detection Marketplace. This enables security performers to use the tools they prefer most and solves the problem of migration to another back-end environment.  We are thrilled […]

Read More
Interview with Developer: Roman Ranskyi

Today, we want to introduce to our readers one of the detection content authors whose name you can see on the SOC Prime Threat Detection Marketplace Leaderboards. Meet Roman Ranskyi, Threat Hunting/Content Developer Engineer at SOC Prime. Read about Threat Bounty Program  – https://my.socprime.com/tdm-developers   More interviews with Threat Bounty Program developers – https://socprime.com/tag/interview/ Roman, […]

Read More
Detection for Critical Vulnerability in Aruba ClearPass (CVE-2020-7115)

Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]

Read More