Tag: Detection Content

OWASSRF Exploit Detection: New Exploit Method Abuses Exchange Servers to Bypass ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) Mitigations and Gain RCE
OWASSRF Exploit Detection: New Exploit Method Abuses Exchange Servers to Bypass ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) Mitigations and Gain RCE

On December 20, 2022, cybersecurity researchers uncovered a novel exploit method dubbed OWASSRF that involves chaining CVE-2022-41080 and CVE-2022-41082 vulnerabilities to gain RCE through privilege escalation via Outlook Web Access (OWA). OWASSRF is capable of bypassing ProxyNotShell mitigations. Cyber defenders highlight that these ongoing attacks pose a threat to an increasing number of Microsoft Exchange […]

Read More
Trident Ursa aka Gamaredon APT Attack Detection: Russia-Backed Hackers Escalate Offensive Activity by Targeting a Petroleum Refinery in a NATO Country 
Trident Ursa aka Gamaredon APT Attack Detection: Russia-Backed Hackers Escalate Offensive Activity by Targeting a Petroleum Refinery in a NATO Country 

Since russia’s full-scale invasion of Ukraine in February 2022, the infamous Trident Ursa russia-affiliated hacking group also tracked as Armageddon APT aka Gamaredon or UAC-0010 has been launching its offensive operations targeting Ukraine and its allies. For over ten months, the hacking collective has performed a series of phishing cyber attacks covered in the corresponding […]

Read More
FateGrab/StealDeal Detection: Phishing Attacks by the UAC-0142 Group Against Ukrainian Government Entities Targeting DELTA Users 
FateGrab/StealDeal Detection: Phishing Attacks by the UAC-0142 Group Against Ukrainian Government Entities Targeting DELTA Users 

Phishing attacks on Ukrainian state bodies spreading diverse malware strains have not been a rarity throughout 2022. Hard on the heels of a phishing cyber attack against Ukraine distributing DolphinCape malware, another phishing campaign is causing a stir in the cyber threat arena. On December 18, 2022, CERT-UA researchers issued the latest alert tracked as […]

Read More
Detecting Fantasy Data Wiper Leveraged by Agrius APT in a Supply-Chain Attack
Detecting Fantasy Data Wiper Leveraged by Agrius APT in a Supply-Chain Attack

Security experts from ESET revealed a destructive operation launched by Iran-backed Agrius APT to target organizations with a novel data wiper. Dubbed Fantasy, the destructive malware has been deployed via a coordinated supply-chain attack abusing the software updates of an unnamed Israeli vendor. Among the victims are HR and IT consulting company, diamond wholesaler, and […]

Read More
SOC Prime Threat Bounty —  November 2022 Results
SOC Prime Threat Bounty —  November 2022 Results

November ‘22 Publications During the previous month, members of Threat Bounty community submitted 433 rules for publication to the SOC Prime Platform. A number of rules were automatically rejected on the stage of automated checks because of structure, syntax, logic mistakes, or content duplication and were not sent to review by SOC Prime experts. In […]

Read More
DolphinCape Malware Detection: Phishing Campaign Against Ukrainian Railway Transport Organization of Ukraine “Ukrzaliznytsia” Related to the Use of Iranian Shahed-136 Drones
DolphinCape Malware Detection: Phishing Campaign Against Ukrainian Railway Transport Organization of Ukraine “Ukrzaliznytsia” Related to the Use of Iranian Shahed-136 Drones

Since the outbreak of the global cyber war, SOC Prime stays on the frontline helping Ukraine and its allies defend from russian aggression. On December 8, 2022, CERT-UA researchers received information from the cybersecurity department of the state Railway Transport Organization of Ukraine “Ukrzaliznytsia” about the distribution of phishing emails impersonating the State Emergency Service […]

Read More
AppleJeus Malware Detection: North Korea-Linked Lazarus APT Spreads Malicious Strains Masquerading as Cryptocurrency Apps
AppleJeus Malware Detection: North Korea-Linked Lazarus APT Spreads Malicious Strains Masquerading as Cryptocurrency Apps

A notorious North Korea-backed APT group, Lazarus, continuously broadens its attack surface, leveraging fraudulent cryptocurrency apps to distribute the AppleJeus malware. In this latest adversary campaign, Lazarus hackers use fake cryptocurrency apps dubbed BloxHolder to drop AppleJeus malware, gain initial access to networks, and steal crypto assets. During the last four years, Lazarus APT group […]

Read More
CVE-2022-41974, CVE-2022-41973, CVE-2022-3328 Exploit Detection: Three Linux Vulnerabilities Chained to Gain Full Root Privileges
CVE-2022-41974, CVE-2022-41973, CVE-2022-3328 Exploit Detection: Three Linux Vulnerabilities Chained to Gain Full Root Privileges

Security experts from Qualys’ Threat Research Unit warn of a novel vulnerability  (CVE-2022-3328) in Snapd, a popular software management tool for Linux, that might be exploited for local privilege escalation and arbitrary code execution. The security issue in the spotlight can be chained with older vulnerabilities revealed in multipathd (CVE-2022-41973 & CVE-2022-41974) to escalate privileges […]

Read More
Emotet Detection: Infamous Botnet Resurfaces to the Email Threat Landscape
Emotet Detection: Infamous Botnet Resurfaces to the Email Threat Landscape

Cybersecurity researchers have observed a burst of the new malicious activity of the Emotet botnet, which has been under the radar for almost half a year. The infamous Trojan attributed to the malicious activity of the TA542 hacking group came back in November 2022, expanding its dominance and impact in the email threat landscape. In […]

Read More
SOC Prime Platform Now Supports the MITRE ATT&CK® Framework v12 
SOC Prime Platform Now Supports the MITRE ATT&CK® Framework v12 

MITRE ATT&CK is a globally-accessible knowledge base leveraged by all cyber defenders no matter their role in cybersecurity and the technology stack in use. Acting as a periodic table, the MITRE ATT&CK framework enables cybersecurity experts to profile, identify, and compare threat actors, while setting priorities for threat detection goals. Leveraging MITRE ATT&CK, the global […]

Read More