Tag: Detection Content

SOC Prime Threat Bounty Digest — March 2024 Results
SOC Prime Threat Bounty Digest — March 2024 Results

Threat Bounty Publications In March 2024, 40 threat detection rules were successfully published to SOC Prime’s Platform via the Threat Bounty Program after the review of our Content Team. Although we observe an overall improvement in the quality of submissions, there are also some typical misconceptions that can be recognized in the approaches to content […]

Read More
russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) Attack Detection: Adversaries Apply an Aggressive Infection Approach Leveraging Three Malware Branches
russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) Attack Detection: Adversaries Apply an Aggressive Infection Approach Leveraging Three Malware Branches

The state-sponsored russia-linked Gamaredon (aka Hive0051, UAC-0010, Armageddon APT) hacking collective comes to the spotlight launching a new wave of cyber attacks. Adversaries have been observed leveraging new iterations of Gamma malware, adopting DNS Fluxing to drop the malicious strains and leading to 1,000+ infections per day. The infection chain displays a novel, aggressive, multi-layered […]

Read More
VenomRAT Detection: A New Multi-Stage Attack Using ScrubCrypt to Deploy the Final Payload with Malicious Plugins
VenomRAT Detection: A New Multi-Stage Attack Using ScrubCrypt to Deploy the Final Payload with Malicious Plugins

Cybersecurity researchers have unveiled a novel sophisticated multi-stage attack, in which adversaries take advantage of the ScrubCrypt anti-malware evasion tool to drop VenomRAT along with multiple harmful plugins, including nefarious Remcos, XWorm, NanoCore RAT, and other malicious strains. Detect VenomRAT Deployed via ScrubCrypt  With cyber-attacks proliferating and employing increasingly sophisticated intrusion methods, cyber defenders require […]

Read More
Recognition Badges for Threat Bounty Members
Recognition Badges for Threat Bounty Members

As it was announced earlier, SOC Prime introduced digital badge recognition for Threat Bounty members.  As the first stage of the initiative, the badges were issued to Threat Bounty Program members who demonstrated outstanding results in the number of publications and whose Threat Bounty detection rules, categorized according to parameters mentioned further in this article, […]

Read More
CVE-2023-42931 Detection: Critical macOS Vulnerability Enabling Easy Privilege Escalation and Root Access
CVE-2023-42931 Detection: Critical macOS Vulnerability Enabling Easy Privilege Escalation and Root Access

Security researchers warn of a critical privilege escalation vulnerability in multiple macOS versions that enables unauthorized users, including those with guest rights, to gain full root access to the affected instance. Detect CVE-2023-42931 Exploitation Attempts With an exponential rise in attack volumes and sophistication, the threat landscape of 2024 is assumed to be even more […]

Read More
New Supply Chain Attack Detection: Hackers Apply Multiple Tactics to Target GitHub Developers Using a Fake Python Infrastructure
New Supply Chain Attack Detection: Hackers Apply Multiple Tactics to Target GitHub Developers Using a Fake Python Infrastructure

Hackers employ diverse TTPs in a multi-stage software supply-chain campaign going after GitHub users, including members of the widely recognized Top.gg community, with over 170,000+ users falling prey to the offensive operations. Adversaries took advantage of a fake Python infrastructure, causing the full compromise of GitHub accounts, the publication of harmful Python packs, and the […]

Read More
Kimsuky APT New Campaign Detection: North Korean Hackers Leverage Microsoft Compiled HTML Help Files in Ongoing Cyber Attacks
Kimsuky APT New Campaign Detection: North Korean Hackers Leverage Microsoft Compiled HTML Help Files in Ongoing Cyber Attacks

Hard on the heels of the DEEP#GOSU offensive campaign associated with the North Korean hacking collective Kimsuky APT, the group comes to the spotlight once again by shifting their adversary TTPs. Defenders have recently observed Kimsuky’s use of Microsoft Compiled HTML Help (CHM) files to spread malware and collect sensitive data from impacted instances. Detect […]

Read More
DEEP#GOSU Attack Campaign Detection: North Korean Kimsuky APT Is Likely Behind Attacks Using PowerShell and VBScript Malware
DEEP#GOSU Attack Campaign Detection: North Korean Kimsuky APT Is Likely Behind Attacks Using PowerShell and VBScript Malware

The nefarious cyber-espionage North Korean Kimsuky APT group has been in the limelight in the cyber threatscape since at least 2012. A new multi-stage Kimsuky-affiliated offensive campaign tracked as DEEP#GOSU hits the headlines, posing threats to Windows users and leveraging PowerShell and VBScript malware to infect targeted systems.  Detect DEEP#GOSU Attack Campaign Last year has […]

Read More
Detect ALPHA SPIDER Ransomware Attacks: TTPs Leveraged by ALPHV aka BlackCat RaaS Operators
Detect ALPHA SPIDER Ransomware Attacks: TTPs Leveraged by ALPHV aka BlackCat RaaS Operators

Ransomware remains a top threat to organizations globally, with a constant surge in the volume and sophistication of attacks. Among key players in the ransomware arena, the ALPHA SPIDER group stands out by taking credit for a series of recent high-profile attacks targeting the U.S. healthcare payment software processor Change and MGM gaming industry giant. […]

Read More
CVE-2024-21378 Detection: Vulnerability in Microsoft Outlook Leads to Authenticated Remote Code Execution
CVE-2024-21378 Detection: Vulnerability in Microsoft Outlook Leads to Authenticated Remote Code Execution

Hot on the heels of nasty JetBrains TeamCity vulnerabilities (CVE-2024-27198, CVE-2024-2719), security experts reveal a new RCE affecting Microsoft Outlook. Authenticated adversaries might leverage the security issue to execute malicious code on the impacted instance, achieving extensive control over it. Although the vulnerability was patched by Microsoft in February 2024, the vendor classifies it as […]

Read More