Tag: Ariel Millahuel

Detection Content: RDAT Backdoor
Detection Content: RDAT Backdoor

Last week, researchers published details of the attacks targeted at Middle Eastern telecommunications carried out by APT34 (aka OilRig and Helix Kitten), and updated tools in the arsenal of this group. Of course, participants in the Threat Bounty Program did not pass by and published a couple of rules for detecting RDAT Backdoor, but more […]

Read More
Detection Content: GoldenHelper Behavior
Detection Content: GoldenHelper Behavior

This week we will not highlight any rule in the “Rule of the Week” section, because the hottest rules have already been published in yesterday’s special digest dedicated to the rules that detect exploitation of a critical vulnerability in Windows DNS Servers, CVE-2020-1350 (aka SIGRed). Today’s publication is dedicated to the detection of GoldenHelper malware […]

Read More
Threat Hunting Content: SamoRAT Behavior
Threat Hunting Content: SamoRAT Behavior

Today in the Threat Hunting Content section, we want to pay attention to the community rule released in Threat Detection Marketplace by Ariel Millahuel that detects fresh samples of SamoRAT malware: https://tdm.socprime.com/tdm/info/38LTISI1kgNm/w6aTR3MBQAH5UgbBM9Gi/?p=1 This remote access trojan appeared on the radars of researchers recently, the first SamoRAT samples were discovered about a month ago. The trojan […]

Read More
Detection Content: WastedLocker Ransomware
Detection Content: WastedLocker Ransomware

The new WastedLocker ransomware was first spotted in May 2020. It was developed by the high-profile Evil Corp group, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. Last year, part of the attackers left the group and started their own […]

Read More
Threat Hunting Content: DropboxAES RAT Detection
Threat Hunting Content: DropboxAES RAT Detection

Today we want to tell you about the DropboxAES trojan used by the APT31 group in cyber espionage campaigns and also give a link to the Community Sigma rule to detect this malware. In general, DropboxAES does not stand out from the rest of the remote access trojan. This is a relatively new tool in […]

Read More
Rule Digest: Trojans and Ransomware
Rule Digest: Trojans and Ransomware

In today’s digest, we want to highlight the content provided by members of the Threat Bounty Program that will help security solutions to detect Saefko RAT, Ursa trojan, and a pack of actively spreading ransomware strains.  The Saefko RAT is a relatively fresh remote-access trojan written in .NET that was first spotted in the midst […]

Read More
Detection Content: Ransom X Behavior
Detection Content: Ransom X Behavior

Another ransomware family appeared this spring and is actively used in targeted attacks against enterprises and government agencies. In mid-May, cybercriminals attacked the network of the Texas Department of Transportation, but unauthorized access was discovered, and as a result, only part of the systems was encrypted. In this attack was used new ransomware – Ransom […]

Read More
Detection Content: PsiXBot Malware Behavior
Detection Content: PsiXBot Malware Behavior

As Google and Mozilla bring the widespread use of DNS over HTTPS protocol, more malware authors also adopt this perfect opportunity to hide malicious traffic. The recently discovered versions of PsiXBot abuse Google’s DoH service to retrieve the IPs for the command-and-control infrastructure. The malware appeared in 2017 as a simple infostealer that is capable […]

Read More
Rule Digest: RATs, Infostealers, and Emotet Malware
Rule Digest: RATs, Infostealers, and Emotet Malware

Today is Saturday, which means it’s time for our next Rule Digest, in which we will tell you about interesting content for malware detection released this week. And yes, we again pay particular attention to the rules that participants in the Threat Bounty Program have published. We start with the rule published by Ariel Millahuel, […]

Read More
Rule Digest: APT Groups, Malware Campaigns and Windows Telemetry
Rule Digest: APT Groups, Malware Campaigns and Windows Telemetry

This week our Rule Digest covers more content than usual. It compiles rules for detecting recent attacks of state-sponsored actors, malware campaigns conducted by cybercriminals, and abusing Windows telemetry.   Mustang Panda is the China-based threat group that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations. This APT group […]

Read More