Threat Bounty Publications
In May, members of the Threat Bounty community submitted 426 rules for a chance of publication to the SOC Prime Platform for monetization. After consideration and validation by SOC Prime’s team, 81 detections were successfully published.
We are happy to report that the information provided during the Threat Bounty Developer Roundup session а was really useful for content authors, which resulted in the improvement of the quality of the submitted content.
However, there was still a great number of detection duplications amongst the rules received for review by the SOC Prime Team. To avoid this common situation, we recommend content authors invest more time into preparation before submitting rules for review and search for the existing detections on the Threat Detection Marketplace using the Lucene search option.
Also, we are thrilled to present an interview with Threat Bounty developer Mustafa Gürkan KARAKAYA who kindly told the readers of the SOC Prime blog about his journey in cyber security, emphasized the importance of the quality of the detection rules, and shared his thoughts on priorities for building an efficient cyber defense. Also, Mustafa shared his experience as a Threat Bounty content author and provided handy tips for those who just started their journey with Threat Bounty content contribution.
Uncoder AI for Threat Bounty
As was announced at the Eleventh EU MITRE ATT&CK® Community Workshop, SOC Prime launched Uncoder AI, the new augmented intelligence framework within the SOC Prime Platform. Uncoder AI was developed with Threat Bounty developers in mind and is aimed at improving your experience of developing high-quality detections. All Threat Bounty members can get free access to Uncoder AI through June 26 using the Promo Code, which was distributed in the dedicated Threat Bounty channels on the Discord server. For Threat Bounty program members whose Sigma rules are published to the SOC Prime Platform, the Promo Code will be extended to 2 months of free access to premium features of Uncoder AI.
The members of the Threat Bounty community can benefit from using Uncoder AI, which provides them, among other features and capabilities, the new experience of developing Sigma rules.
Boosted by other features providing insightful information into detections, Uncoder AI provides the next-level experience of creating Sigma rules, helping to avoid common Sigma mistakes and providing means to create better quality rules that have higher chances to be accepted for publication to the SOC Prime Platform and further monetization.
SOC Prime Team is now actively working on transforming Uncoder AI into a comprehensive platform for all activities related to Threat Bounty Program. Our goal is to provide you with a seamless and efficient experience with one tool throughout your journey of researching, coding, verifying, and submitting detections.
With Uncoder AI as your go-to platform, you can expect a simplified and streamlined process for creating flawless detection code. Say goodbye to complexities and welcome a user-friendly interface designed to enhance your productivity and accelerate your threat detection velocity. Experience the power of Uncoder AI today and unlock the full potential of your detection engineering skills while earning even more bounties with SOC Prime´s Threat Bounty Program!
TOP Threat Bounty Detection Rules
Snake Infostealer Malware Detection (Persistence Technique) threat hunting Sigma rule by Osman Demir, which detects potential Snake malware, which is an information-stealing malware that is implemented in the .NET programming language. They suspect that the malware authors themselves named the malware Snake, since the malware’s name is present in the data that Snake exfiltrates from compromised systems. Malicious actors distribute Snake as attachments to phishing emails with various themes, such as payment requests.
Possible Rancoz Ransomware Post Exploitation Activity by Detection of Associated Commands (via process_creation) threat hunting Sigma rule by Emre Ay, which detects the Rancoz Ransomware behavior that attempts to delete RDP connection settings to clear evidence of their ransomware activity.
Possible Active Directory Enumeration Activity by Detection of Associated Commands (via process_creation) threat hunting Sigma rule by Emre Ay, which detects Adversaries that attempt to enumerate Active Directory by using Adget command, which is an administrative tool to gather information about Active Directory.
Akira Ransomware Group Utilizes Cloudflare’s Free Tunneling Software (via cmdline) threat hunting Sigma rule by Kaan Yeniyol detects malicious activity when leveraging Cloudflare’s no-cost tunneling software, the Akira ransomware group promptly installs remote software like Radmin onto the compromised system following the establishment of the tunnel connection.
Possible Blind Eagle (APT-Q-98) Execution by Invoking PowerShell to Inject RemcosRAT Payload (via process_creation) threat hunting Sigma rule by Nattatorn Chuensangurun detects suspicious Blind Eagle (APT-Q-98) activity by executing a PowerShell command through malicious VBS code to deploy the RemcosRAT payload.
Top Authors
Threat Bounty detections of these Threat Bounty content developers achieved the most clients’ attention and thus brought authors to the top positions in rating:
The average payout to Threat Bounty content developers for the April content traction is $1595.
Boost your detection engineering skills and monetize your exceptional expertise by developing Sigma rules and contributing to the global cyber defense with SOC Prime Threat Bounty program.