Tag: Detection Content

SOC Prime presents at the Tenth EU MITRE ATT&CK® Community Workshop
SOC Prime to Present at the Tenth EU MITRE ATT&CK® Community Workshop

We are thrilled to announce SOC Prime’s participation in the Tenth EU MITRE ATT&CK® Community Workshop taking place in Brussels on 7 October 2022. The upcoming event will host cybersecurity professionals around the globe who will provide insights into best industry practices and share their unique use cases of leveraging the MITRE ATT&CK framework for […]

Read More
ProxyNotShell: Detecting CVE-2022-41040 and CVE-2022-41082, Novel Microsoft Exchange Zero-Day Vulnerabilities Actively Exploited in the Wild

Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]

Read More
NullMixer Dropper
NullMixer Malware Detection: Hackers Spread a Dropper Using SEO to Deploy Multiple Trojans at Once

Cybersecurity researchers have recently revealed a new wave of adversary campaigns leveraging a malware tool named NullMixer spread via malicious websites. The malware dropper is a lure masquerading as legitimate software, which further deploys a set of Trojans infecting the victim’s system. NullMixer hackers apply advanced SEO tactics to distribute the malware affecting popular search […]

Read More
Top MSSP and MDR Challenges
Top Challenges for MSSPs and MDRs and How to Overcome Them

Some things never grow old. In the world of security providers, there will always be a lack of professionals, time, and real-deal vendors, while you will always face an abundance of risks, complexity, and cost pressure. However, there are some less obvious challenges that impede the growth and scalability of your MSSP or MDR. Let’s […]

Read More
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001

What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers don’t break in, they won’t be able to take their kill chain to another level.  Earlier this year, Microsoft paid $13.7 million in bug […]

Read More
New Shikitega Malware
Shikitega Malware Detection: Executes Multistage Infection Chain, Grants Full Control

A new stealthy Linux malware named Shikitega is on the prowl for its victims. Its operators set up highly evasive attacks, targeting Linux and IoT devices. The Shikitega malware analysis shows that adversaries have adopted a multi-stage infection chain, aiming to achieve full control of the compromised system, exploit vulnerabilities, establish persistence, and drop additional […]

Read More
SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
What is Ransomware Detection? How to Detect Ransomware

The method of a secure cryptographic key exchange was introduced by Whitfield Diffie and Martin Hellman in 1976. Cool thing about the public and private key pair is that the decryption key cannot be deciphered in any way from an encryption key.  This feature is exactly what’s exploited by ransomware actors who encrypt data and […]

Read More
GO#WEBBFUSCATOR Attack Campaign
Golang Attack Campaign Tracked as GO#WEBBFUSCATOR Applies James Webb Space Telescope Images as Lures to Infect Systems

The modern cyber threat landscape illustrates a growing trend in the use of Golang-based malware, which is actively adopted by multiple hacking collectives. Cybersecurity researchers have recently uncovered a novel Golang-based malicious campaign tracked as GO#WEBBFUSCATOR, in which hackers leverage a notorious deep field image taken from NASA’s James Webb Space Telescope as a lure […]

Read More
AgentTesla Mass Distribution
AgentTesla Spyware Massively Distributed in Phishing Campaigns Targeting Ukrainian, Austrian, and German Organizations

On August 30 and 31, 2022, CERT-UA revealed a burst of adversary activity massively distributing phishing emails among Ukrainian, Austrian, and German organizations. According to the corresponding CERT-UA#5252 alert, hackers exploit the email attachment vector spreading the notorious AgentTesla info-stealing malware. The malicious activity can be attributed to the behavior patterns of the hacking collective […]

Read More