Month: November 2017

Ursnif v3 Attacks Business and Corporate Banking Users in Australia

Delaware, USA – November 30, 2017 – Researchers from IBM X-Force discovered a new version of Ursnif banking trojan (also known as Gozi). This version is although created on the basis of the code that was leaked in 2010 and it significantly differs from the other trojans of this family, which allows suggesting that there […]

Read More
Necurs Botnet Started to Spread Scarab Ransomware

Delaware, USA – November 28, 2017 – The infamous botnet Necurs has recently begun to distribute new Scarab Ransomware. In the first wave of a spam campaign, the botnet sent over 12 million malicious emails. Attackers used the tactic that was tested in Locky campaigns: the subject of phishing emails was “Scanned from [Lexmark, Canon, […]

Read More
DNS Security Check Advanced for Arcsight is available in UCC

Delaware, USA – November 27, 2017 – DNS Security Check Advanced for ArcSight was released. Basic version of this use case is one of the most popular turn-key content in Use Case Cloud as it helps provide a basis for DNS protocol monitoring. It visualizes and automatically notifies the SIEM administrator about all discovered misconfigurations […]

Read More
Integrating QRadar with VirusTotal

Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

Read More
Shadow IT Framework is released

Delaware, USA – November 24, 2017 – Shadow IT Framework for ArcSight and Splunk is available in Use Case Cloud. Any company has a lot of systems to meet the needs of information interaction between employees or business tasks, but sometimes employees decide to accelerate the process and make innovations bypassing IT and security by […]

Read More
Hackers from Cobalt group changed their tactic

Delaware, USA – November 23, 2017 – Attackers from the infamous Cobalt hacker group have changed their primary targets and techniques to install malicious payload on victims’ systems. The campaign against organizations in the CIS countries began this summer, adversaries used RTF which exploited CVE-2017-0199 to attack small and medium business. Researchers from Trend Micro […]

Read More
Terdot banking trojan has become a tool for cyber espionage

Delaware, USA – November 22, 2017 – Terdot banking trojan appeared about a year ago; it was created on the basis of Zeus trojan code and targeted Canadian banks. Recently, researchers from Bitdefender found that threat actors behind this trojan had significantly modified it and added several features. A new version of malware monitors almost […]

Read More
SOC Prime team is heading to SHIELD 2017!

Delaware, USA – November 20, 2017 – SOC Prime, Inc. announces that Andrii Bezverkhyi, Ruslan Mikhalov and Sergii Tyshchenko are now preparing to meet you at the annual cybersecurity event in Istanbul – SHIELD 2017! Come by our booth G6, talk to experts, try our products and experience their effectiveness for yourself.   SHIELD 2017 […]

Read More
Splunk. How to make color table rows based on conditions.

In the previous article I have demonstrated how to create a simple dashboard that monitors accessibility of sources in Splunk. Today I want to demonstrate you how to make any table in the dashboard more obvious and convenient. Let’s look at my last article and continue to improve the functionality of the table that I […]

Read More
Active Lists in ArcSight, Automatic Clearing. Part 2

A very common task for all ArcSight content developers is cleaning active lists on a scheduled basis or on-demand automatically. In the previous post I have described how to clear Active Lists on scheduled basis using trends: https://socprime.com/en/blog/active-lists-in-arcsight-automatic-clearing-part-1/ Today I will show you another two ways how this can be achieved. Automatic clearing of Active Lists […]

Read More