SOC Prime Threat Bounty — September 2021 Results

Threat Bounty

In April 2019, SOC Prime announced a crowdsourcing initiative to unite the cyber security community to withstand emerging threats. Since the launch of the Threat Bounty Program, SOC Prime welcomed 300+ participants who published 2300+ Sigma rules, 100+ YARA rules, 25+ Snort Rules to Threat Detection Marketplace repository of the SOC Prime Platform. 

More than 20,000 security practitioners from 6,000+ organizations worldwide count upon the input of the Threat Bounty community for their daily security operations. This way, Threat Bounty developers constantly receive peers’ feedback and vetting on their detection content alongside the overview of the most critical threats in the arena. 

September ‘21 Results

In September 2021, Threat Bounty Program members published 120 new rules and provided updates and improvements to the previously published content.

Publication of new community content +9%

Publication of new exclusive content +50%

Most active Threat Bounty contributors:

Nattatorn Chuensangarun

Sittikorn Sangrattanapitak

Onur Atali

Threat Bounty Rewards

SOC Prime pays recurrent rewards for content published in the SOC Prime Platform via Threat Bounty Program. The average payout for previously active members in September 2021 was $700. The rewards calculation reflects how popular and useful the published content is with the SOC Prime clients based on the number of content views and downloads depending on the content type. 

Alongside financial benefits regularly paid for detection content, Threat Bounty participants can improve their threat hunting skills and expertise through collaborative research and peer-to-peer networking. Moreover, with SOC Prime Threat Bounty, individual content contributors can continuously develop their personal brand with the market leader and gain job opportunities.

Wanted! Content

To coordinate the community efforts, we inform Threat Bounty members about the most awaited, demanded, and Wanted content that has much higher chances to be downloaded and gain more traction and cash.

The Wanted List information about the content to address security threats, exploits, and even security controls for Threat Bounty developers to focus on is now available to the Program members in the Threat Bounty Community Slack. 

Most Popular Content by Threat Bounty Developers

CVE-2021-34527 Possible PrinterNightmare Exploit Detected (via printservice log) Sigma rule by Sittikorn detects the suspicious activity that is created from PoC code against Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-1675, CVE-2021-34527 (PrintNightmare)

CVE-2021-22005 VMware vCenter Server File Upload Vulnerability behavior-based Sigma rule by Onur Atali for detecting possible exploitation attempts of critical vulnerability (CVE-2021-22005) in VMware vCenter Server. Read more about the attack here.

CVE-2021-38647 OMIGOD RCE POC Exploit via ExecuteScript by Nattatorn Chuensangarun detects suspicious activities related to CVE-2021-38647 Remote Code Execution Vulnerability (OMIGOD).

CVE-2021-34473 Exchange Server RCE (Proxyshell) Sigma rule by Zer0 Ways (@0w4ys) helps to shoot the successful exploitation attempt of Exchange Server RCE (Proxyshell).

MSHTML RCE Vulnerability Detection (CVE-2021-40444) by Furkan Celik helps to detect possible exploitation of the zero-day flaw in MSHTML.

The provided detections are available for 20+ SIEM & XRD platforms and are mapped to MITRE ATT&CK methodology.

Explore the SOC Prime platform to make your threat detection experience faster, simpler, and more intelligent. Want to join our crowdsourcing initiative and become one of our content contributors? Get started with the industry-first Threat Bounty Program!

Go to Platform Join Threat Bounty