My account

Year: 2016

24.11.2016 SOC Prime, Inc hosted the first international conference on cyber security “Cyber For All” in Kyiv, Ukraine. SOC Prime staff and business partners made presentations and several customers shared their real success stories of their usage of SOC Prime products. Conference was attended mainly by representatives of the telecom and finance business community of Ukraine. Kyiv […]

Mirai botnet digest: threat overview, analytics and remediation


A quote of a famous professor “Good news everyone!” would be best fit to the recent events when the Internet of sheit Things has set the hell loose in the whole digital world, with Mirai botnet being one of its infamous minions. In before broken sarcasm-detectors: the situation is indeed tense, reputable researchers in the […]

Hello everyone! Today we will focus on the fresh example of the simple phishing from the actual practice as always. Let’s analyze the following letter:

Infrastructure infiltration via RTF


Let’s proceed to studying a stage of attack called “Delivery” from Lockheed Martin Cyber Kill Chain. Much can be said about this stage, but today I’ll just share parsing of one sample which I have recently received for analysis. The sample attracted my attention because of its simplicity on one hand and its sophistication on […]

Attack on domain controller database (NTDS.DIT)


So, as I have promised, we start the process of analyzing separate Cyber Kill Chain stages of the previously described attack. Today we will review one of the attack vectors on the Company infrastructure, which we can count as two stages: «Actions on Objectives» and «Reconnaissance». Our goals are:



Abordage  – the act of boarding an enemy ship as part of an attack. In today’s post, I will describe a part of investigation of one cyber security incident that has eventually evolved into a global investigation connected with an attack based on BlackEnergy that has hit a number of industries in Ukraine. As we progressed […]

Threat hunting assisted by BlackEnergy mark


First, let me thank everyone for the feedback and comments on the previous article. It was quite thrilling to see how the theory holds up in practice.



I will not make a speech on what a BlackEnergy framework is since a lot was written about it already and without me, however I want to refer to information from this particular review:

Let us skip the long introduction on BlackEnergy threat and go straight to studying the malware component called “ololo.exe” also known to the public as KillDisk. KillDisk is a module of BlackEnergy framework aimed at data destruction and creating havoc / distraction during the APT operations.

Hello again! As a follow up to multitude of releases, blog entries and news, we would like to provide more details on the latest BlackEnergy incarnation in Ukraine and how the attacks on Media industry & Electric companies are related, and more over – provide an insight into more indicators of compromise (IOCs). Let us […]