Tag: Detection Content

SOC Prime Threat Bounty Digest — January 2024 Results
SOC Prime Threat Bounty Digest — January 2024 Results

Threat Bounty Content In January, the members of the Threat Bounty Program were very active in submitting detections for review by SOC Prime’s content verification team. After the verification and examination of the suggested rules, 44 detections were published to the Threat Detection Marketplace, although some rules required minor changes and were returned to the […]

Read More
Nation-Backed APT Attack Detection: Microsoft and OpenAI Warn of AI Exploitation by Iranian, North Korean, Chinese, and russian Hackers 
Nation-Backed APT Attack Detection: Microsoft and OpenAI Warn of AI Exploitation by Iranian, North Korean, Chinese, and russian Hackers 

Throughout 2023, the frequency and sophistication of attacks have increased along with the swift evolution and adoption of AI technology. Defenders are just starting to grasp and leverage the potential of generative AI for defensive purposes to outpace adversaries, while the offensive forces don’t fall behind. Hackers have been abusing AI-powered technologies, like ChatGPT, to […]

Read More
Troll Stealer Detection: Novel Malware Actively Leveraged by North Korean Kimsuky APT
Troll Stealer Detection: Novel Malware Actively Leveraged by North Korean Kimsuky APT

The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]

Read More
Volt Typhoon Attacks: Chinese Nation-Backed Actors Focus Malicious Efforts at the US Critical Infrastructure
Volt Typhoon Attacks: Chinese Nation-Backed Actors Focus Malicious Efforts at the US Critical Infrastructure

State-sponsored hackers acting on behalf of the Beijing government have been organizing offensive operations aimed at collecting intelligence and launching destructive campaigns against the US and global organizations for years, with multiple observed attacks being related to such groups as Mustang Panda or APT41. The latest joint alert by the intelligence agencies of the US, […]

Read More
SOC Prime Platform Now Supports the MITRE ATT&CK® Framework v14.1 
SOC Prime Platform Now Supports the MITRE ATT&CK® Framework v14.1 

MITRE ATT&CK acts as a periodic table to categorize and track the methods employed by attackers and enables defenders to profile, identify, and compare threat actors and prioritize threat detection goals. Leveraging ATT&CK, cyber defenders are equipped with a single framework they can rely on to retrospectively document common techniques employed in cyber attacks. SOC […]

Read More
Mispadu Stealer Detection: A New Banking Trojan Variant Targets Mexico While Exploiting CVE-2023-36025
Mispadu Stealer Detection: A New Banking Trojan Variant Targets Mexico While Exploiting CVE-2023-36025

Cybersecurity researchers recently unveiled a new variant of a stealthy info-stealing malware known as Mispadu Stealer. Adversaries behind the latest attacks against Mexican users leveraging Mispadu banking Trojan have been observed exploiting a recently fixed Windows SmartScreen vulnerability tracked as CVE-2023-36025. Detect Mispadu Stealer  With dozens of new malware samples emerging in the cyber domain […]

Read More
The Prime Hunt v1.4.2: Chronicle Security Support & Mail Templates for Streamlined IOC Sharing
The Prime Hunt v1.4.2: Chronicle Security Support & Mail Templates for Streamlined IOC Sharing

In January 2023, SOC Prime launched The Prime Hunt, an open-source browser add-on acting as a single platform-agnostic UI for threat hunters, regardless of a security solution in use. For over one year since The Prime Hunt launch, we have been working on the tool enhancements, broadening the supported technology stack and adding handy features […]

Read More
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware
UAC-0027 Attack Detection: Hackers Target Ukrainian Organizations Using DIRTYMOE (PURPLEFOX) Malware

In addition to the rising frequency of cyber attacks by the infamous UAC-0050 group targeting Ukraine, other hacking collectives are actively trying to infiltrate the systems and networks of Ukrainian organizations. At the turn of February 2024, defenders identified over 2,000 computers infected with DIRTYMOE (PURPLEFOX) malware as a result of a massive cyber attack […]

Read More
SOC Prime Threat Bounty Digest — December 2023 Results
SOC Prime Threat Bounty Digest — December 2023 Results

Threat Bounty Content Acceptance Since the launch of the Threat Bounty Program, SOC Prime has been providing skilled and enthusiastic detection engineers to align their skills with the actual and real-time demand for threat detection content. During the year 2023, we continued to align the efforts of the Threat Bounty members with the Platform evolution, […]

Read More
CVE-2024-23897 Detection: A Critical Jenkins RCE Vulnerability Poses Growing Risks with PoC Exploits Released
CVE-2024-23897 Detection: A Critical Jenkins RCE Vulnerability Poses Growing Risks with PoC Exploits Released

Hot on the heels of the critical CVE-2024-0204 vulnerability disclosure in Fortra’s GoAnywhere MFT software, another critical flaw arrests the attention of cyber defenders. Recently, Jenkins developers have addressed nine security bugs affecting the open-source automation server, including a critical vulnerability tracked as CVE-2024-23897 that can lead to RCE upon its successful exploitation. With PoCs […]

Read More