Threat Bounty Publications In February 2023, members of the Threat Bounty Program significantly contributed to the SOC Prime Platform. They provided detection rules that address the quality demands and security needs of hundreds of organizations that leverage the SOC Prime Platform for day-to-day operations. As all detections submitted via Threat Bounty Program are published for […]
New day, new malicious threat challenging cyber defenders! Recently, security researchers have revealed a novel malware strain being actively leveraged by Mustang Panda APT in their ongoing campaign against targets in Europe and Asia. Dubbed MQsTTang, the new custom backdoor has been developed from scratch to fly under the radar and make attribution harder while […]
Threat Bounty Publications The first month of 2023 has brought invaluable contributions from our Threat Bounty members to the global cyber community. The SOC Prime team received 626 rules for examination and review submitted by our detection content experts. As a result, 144 rules successfully passed the verification and were published to the SOC Prime […]
September ā22 Publications In September, members of the Threat Bounty Community submitted 441 rules for review by the SOC Prime team via the Developer Portal and Sigma rules Slack Bot. However, only 183 rules have successfully passed the verification and were approved for publication on the SOC Prime Platform. When creating new rules and submitting […]
August ā22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]
A notorious APT group tracked as NOBELIUM (aka APT29, Cozy Bear, and The Dukes) adds new threats to their set of malicious tricks. The threat actor, responsible for a 2020 headline-making hack of Texas-based SolarWinds company, remains a highly active criminal gang, impacting a wide range of industries and organizations in public, private, and non-governmental […]
Earlier this month, security researchers identified PyPi malware that exfiltrated usersā credentials, appsā cookies, and history, along with other sensitive data. The research data indicates that adversaries upload malicious packages to The Python Package Index (PyPI) ā a vast repository of open-source Python packages. The goal is to dupe the users into downloading them by […]
Amadey Bot, a notorious malware strain that first came to the cyber threat arena in 2018, is capable of stealing data and deploying other malicious payloads on the compromised system. It has been actively distributed across hacker forums to engage in offensive operations. Cybersecurity researchers have recently observed the distribution of a new version of […]
Financially motivated criminal hackers leverage a new infostealer dubbed Ducktail to exfiltrate browser cookies and take over victimsā Facebook Business accounts. The evidence suggests that the adversaries behind the campaign are Vietnam-based, primarily targeting professionals working in HR, management, and marketing. The beginning of the active development of the Ducktail campaign can be traced back […]
New ransomware variant follows in the footsteps of the GonnaCope ransomware, the first strain in the family of CMD-based ransomware that first surfaced in April 2022. Other similar samples that were uploaded to VirusTotal in May 2022 are known as Kekpop and Kekware. The rising player is dubbed YourCyanide and presumably has all it takes […]