Blog

Detection for Critical Vulnerability in Aruba ClearPass (CVE-2020-7115)

Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]

Read More
In a Quest for Dridex Malware

To reach their evil goals, hackers are sending waves of malspam to targeted victims. Numerous strains of Dridex malware flatten out institutions and customers of the financial sector, and a new iteration of Dridex attack was noticed again after a period of inactivity earlier this month, Unit 42 reports. About Dridex Attacks First malspam attacks […]

Read More
Zerologon Attack Detection (CVE-2020-1472)

After a very hot July, especially fruitful for critical vulnerabilities (1, 2, 3), Microsoft’s Patch Tuesday in August went relatively quiet. Yes, once again more than a hundred vulnerabilities were patched, yes, 17 flaws were rated as Critical, and Microsoft didn’t point at bugs of the “We All Doomed” level. Although back then security researchers […]

Read More
Smaug Ransomware Detector (Sysmon Behavior)

Today we would like to draw your attention to a relatively recent threat and content for its detection. Smaug Ransomware-as-a-Service appeared on researchers’ radars at the end of April 2020, attackers look for affiliates exclusively on Russian-language Dark Web forums and offer using their platform for a fairly large initial payment and 20% of further […]

Read More
Behaviour Analysis of Redline Stealer

Infostealers occupy a special place among malware, since, with their simplicity, they very effectively cope with their primary tasks: to collect all potentially valuable information in the system, exfiltrate it to the command-and-control server, and then delete themselves and traces of their activities. They are used by both beginners and advanced threat actors, and there are […]

Read More
PyVil RAT by Evilnum Group

The Evilnum group operations were first discovered in 2018. The group is highly focused on attacks on large financial technology organizations, especially on investment platforms and cryptocurrency-related companies. Most of their targets are located in Europe and the United Kingdom, but the group also carried out separate attacks on organizations in Canada and Australia. Researchers […]

Read More
Threat Detection Marketplace Updates: August 2020

At SOC Prime, we are constantly looking for ways to encourage the growth of our SaaS content community by enabling more security practitioners to join Threat Detection Marketplace: https://tdm.socprime.com/ We believe in the power of community that connects almost 10,000+ security specialists from 5,000 organizations across the globe and is expanding at a dynamic pace […]

Read More
Economic Espionage Campaign by TA413

The use of COVID19 related lures is already perceived as common practice among both financially motivated groups and state-sponsored cyber espionage units. Researchers released a report last week about another group that has been using COVID19 themed phishing emails for six months to deliver their new tool. Yes, we are talking about the Chinese APT […]

Read More
Nanocore RAT Detection

Nanocore RAT has been used in cyberattacks for about 7 years, and there are a huge number of modifications of this trojan. Official, “semi-official” and cracked versions of this malware are sold on forums on the DarkNet, and sometimes even given away for free, so it is not surprising that the number of attacks using […]

Read More
Snatch Ransomware Attack Detection

Ransomware continues to be one of the most serious threats to corporate networks, and Snatch ransomware is one of the most annoying “guests” that emerged relatively recently. The first infections were recorded about two years ago, but serious attacks on organizations began only in April 2019, and since then, the appetites and skills of the […]

Read More