Tag: Detection Content

AgentTesla Information-Stealing Malware Delivered in Cyber-Attacks on Ukrainian Government Entities
AgentTesla Information-Stealing Malware Delivered in Cyber-Attacks on Ukrainian Government Entities

Due to the global cyber war fueled by Russia’s full-scale invasion of Ukraine, the attacks in the cyber domain against Ukrainian government entities are continuously on the rise. A week after the phishing campaign by the UAC-0056 group delivering Cobalt Strike Beacon, another cyber-attack targeting Ukrainian officials using information-stealing malware comes on the scene.   On […]

Read More
CVE-2022-33891 Detection: New Apache Spark Shell Command Injection Vulnerability
CVE-2022-33891 Detection: New Apache Spark Shell Command Injection Vulnerability

According to the latest SOC Prime’s Detection as Code Innovation report, proactive detection of vulnerability exploitation remains one of the top 3 security use cases throughout 2021-2022, which resonates with a growing number of revealed vulnerabilities affecting open-source products. The cybersecurity researcher has recently revealed a new vulnerability in Apache Spark, an open-source unified analytics […]

Read More
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions

Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines.  […]

Read More
H0lyGh0st Detection: New Ransomware Tied to North Korean APT
H0lyGh0st Detection: New Ransomware Tied to North Korean APT

New day, the headache for cyber defenders! Microsoft Threat Intelligence Center (MSTIC)  reports a new ransomware strain attacking small to middle-sized businesses across the globe since June 2021. Dubbed H0lyGh0st, the malware has been initially developed by an emerging North Korean APT tracked under the DEV-0530 moniker. The ransomware attacks are explicitly financially motivated, targeting […]

Read More
SOC Prime Provides a Smoking Guns Sigma Rules List to Give Organizations a Competitive Advantage in Cyber War
SOC Prime Provides a Smoking Guns Sigma Rules List to Give Organizations a Competitive Advantage in Cyber War

On July 6, 2022, SOC Prime introduced a Smoking Guns Sigma Rules list enabling the organization of any scale to proactively detect cyber-attacks, perform Threat Hunting for the latest adversarial TTPs, and get a tactical defense advantage for their business during the global cyber war. SOC Prime’s Detection as Code platform users are now equipped […]

Read More
SOC Prime Threat Bounty — June 2022 Results
SOC Prime Threat Bounty — June 2022 Results

June ‘22 Updates This June we introduced several significant updates related to SOC Prime’s Threat Bounty Program to acknowledge the contribution of the Program members and smooth their experience with Sigma rules creation. Now, all SOC Prime users can access detailed information about Threat Bounty authors’ achievements on a dedicated page. Also, the beta version […]

Read More
UAC-0056 Threat Actors Deliver Cobalt Strike Beacon Malware in Yet Another Phishing Campaign Against Ukraine
UAC-0056 Threat Actors Deliver Cobalt Strike Beacon Malware in Yet Another Phishing Campaign Against Ukraine

Hot on the heels of the cyber-attack on July 5 targeting Ukrainian state bodies and attributed to the notorious UAC-0056 hacking collective, yet another malicious campaign launched by this group causes a stir in the cyber domain. On July 11, 2022, cybersecurity researchers at CERT-UA warned the global community of an ongoing phishing attack leveraging […]

Read More
Cobalt Strike Beacon Malware Detection: A New Cyber-Attack on Ukrainian Government Organizations Attributed to the UAC-0056 Group
Cobalt Strike Beacon Malware Detection: A New Cyber-Attack on Ukrainian Government Organizations Attributed to the UAC-0056 Group

The notorious Cobalt Strike Beacon malware has been actively distributed by multiple hacking collectives in spring 2022 as part of the ongoing cyber war against Ukraine, mainly leveraged in targeted phishing attacks on Ukrainian state bodies. On July 6, 2022, CERT-UA released an alert warning of a new malicious email campaign targeting Ukrainian government entities. […]

Read More
Raccoon Stealer Detection: A Novel Malware Version 2.0 Named RecordBreaker Offers Hackers Advanced Password-Stealing Capabilities
Raccoon Stealer Detection: A Novel Malware Version 2.0 Named RecordBreaker Offers Hackers Advanced Password-Stealing Capabilities

The notorious Raccoon Stealer, which was earlier distributed under the Malware-as-a-Service (MaaS) model, comes back to the cyber threat arena as a new version 2.0 enriched with more advanced capabilities. Raccoon Stealer malware was previously reported to have been replaced with Dridex Trojan by the RIG exploit kit as part of an ongoing campaign that […]

Read More
CVE-2022-28219 Detection: Critical RCE Vulnerability in Zoho ManageEngine ADAudit Plus
CVE-2022-28219 Detection: Critical RCE Vulnerability in Zoho ManageEngine ADAudit Plus

Zoho’s ManageEngine operates cost-effective network management frameworks leveraged by over 40,000 enterprises worldwide. Due to the software popularity and its wide use across the globe, cyber threats detected in Zoho’s products could have a severe impact on thousands of compromised businesses, which earlier happened with the critical zero-day vulnerability in ManageEngine Desktop Central products.  On […]

Read More