Tag: Aytek Aytemur

SOC Prime Threat Bounty —  February 2023 Results

Threat Bounty Publications In February 2023, members of the Threat Bounty Program significantly contributed to the SOC Prime Platform. They provided detection rules that address the quality demands and security needs of hundreds of organizations that leverage the SOC Prime Platform for day-to-day operations. As all detections submitted via Threat Bounty Program are published for […]

Read More
MQsTTang Backdoor Detection: New Custom Malware by Mustang Panda APT Actively Used in the Latest Campaign Against Government Entities  

New day, new malicious threat challenging cyber defenders! Recently, security researchers have revealed a novel malware strain being actively leveraged by Mustang Panda APT in their ongoing campaign against targets in Europe and Asia. Dubbed MQsTTang, the new custom backdoor has been developed from scratch to fly under the radar and make attribution harder while […]

Read More
Threat Bounty Program January23
SOC Prime Threat Bounty —  January 2023 Results

Threat Bounty Publications The first month of 2023 has brought invaluable contributions from our Threat Bounty members to the global cyber community. The SOC Prime team received 626 rules for examination and review submitted by our detection content experts. As a result, 144 rules successfully passed the verification and were published to the SOC Prime […]

Read More
SOC Prime Threat Bounty — September 2022 Results

September ‘22 Publications In September, members of the Threat Bounty Community submitted 441 rules for review by the SOC Prime team via the Developer Portal and Sigma rules Slack Bot. However, only 183 rules have successfully passed the verification and were approved for publication on the SOC Prime Platform. When creating new rules and submitting […]

Read More
SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
Nobelium APT
MagicWeb Detection: NOBELIUM APT Uses Sophisticated Authentication Bypass

A notorious APT group tracked as NOBELIUM (aka APT29, Cozy Bear, and The Dukes) adds new threats to their set of malicious tricks. The threat actor, responsible for a 2020 headline-making hack of Texas-based SolarWinds company, remains a highly active criminal gang, impacting a wide range of industries and organizations in public, private, and non-governmental […]

Read More
PyPi Malware
PyPi Malware Detection: Stealing Discord Tokens to Spread Malware

Earlier this month, security researchers identified PyPi malware that exfiltrated users’ credentials, apps’ cookies, and history, along with other sensitive data. The research data indicates that adversaries upload malicious packages to The Python Package Index (PyPI) – a vast repository of open-source Python packages. The goal is to dupe the users into downloading them by […]

Read More
SmokeLoader Detection: Distributes Amadey Bot Malware via Software Cracks

Amadey Bot, a notorious malware strain that first came to the cyber threat arena in 2018, is capable of stealing data and deploying other malicious payloads on the compromised system. It has been actively distributed across hacker forums to engage in offensive operations. Cybersecurity researchers have recently observed the distribution of a new version of […]

Read More
Ducktail Infostealer Malware
Ducktail Infostealer Detection: Criminal Hackers Hijack Business Accounts With New Malware

Financially motivated criminal hackers leverage a new infostealer dubbed Ducktail to exfiltrate browser cookies and take over victims’ Facebook Business accounts. The evidence suggests that the adversaries behind the campaign are Vietnam-based, primarily targeting professionals working in HR, management, and marketing. The beginning of the active development of the Ducktail campaign can be traced back […]

Read More
YourCyanide Ransomware
YourCyanide Detection: New Self-Propagating Ransomware Variant

New ransomware variant follows in the footsteps of the GonnaCope ransomware, the first strain in the family of CMD-based ransomware that first surfaced in April 2022. Other similar samples that were uploaded to VirusTotal in May 2022 are known as Kekpop and Kekware. The rising player is dubbed YourCyanide and presumably has all it takes […]

Read More