Tag: Den Iuzvyk

Rule of the Week: Microsoft Teams Updater Abuse

Since the start of the pandemic, video conferencing solutions have become an integral part of the workflow in many organizations. First, Zoom took the lead, and many cybercriminals immediately began using it in phishing campaigns, taking advantage of the fact that a huge number of employees had not previously used this technology. Soon, security researchers […]

Read More
Threat Hunting Rules to Detect Exploitation of CVE-2020-1350 (SIGRed)

Today we introduce a special digest of content that helps to detect exploitation of a critical vulnerability in Windows DNS Servers. The vulnerability became known only two days ago, but since then, both the SOC Prime team (represented by Nate Guagenty) and the Threat Bounty Program participants have published 7+ rules for detecting various ways […]

Read More
Threat Hunting Content: CertReq.exe Lolbin

Living off the Land binaries (Lolbins) are legitimate binaries that advanced adversaries often misuse to perform actions beyond their original purpose. Cybercriminals actively use them to download malware, to ensure persistence, for data exfiltration, for lateral movement, and more. Just yesterday we wrote about a rule that detects attacks of the Evil Corp group, which […]

Read More
Detection Content: Grandoreiro Banking Trojan

Latin American banking trojans are just about to make a separate trend in malware writing. Adversaries regularly create new Trojans or Exploit Kits to attack bank users in Brazil, Mexico, and Peru, and with each new malicious campaign expand their target lists first to neighboring countries, and then to worldwide campaigns. In our recently published […]

Read More
Rule Digest: APT Groups, Malware Campaigns and Windows Telemetry

This week our Rule Digest covers more content than usual. It compiles rules for detecting recent attacks of state-sponsored actors, malware campaigns conducted by cybercriminals, and abusing Windows telemetry.   Mustang Panda is the China-based threat group that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations. This APT group […]

Read More
Interview with Developer: Den Iuzvyk

SOC Prime is presenting another interview with a participant of the SOC Prime Threat Bounty Developer Program (https://my.socprime.com/en/tdm-developers). We want to introduce to you Den Iuzvyk who published 60+ community rules of the highest quality and detection value during six months of his participation in the Threat Bounty Program. Read more interviews with content developers […]

Read More