Tag: Detection Content

Jester Stealer Malware Detection: Phishing Attacks Spreading Info-Stealing Malware by the UAC-0104 Hacking Group
Jester Stealer Malware Detection: Phishing Attacks Spreading Info-Stealing Malware by the UAC-0104 Hacking Group

A wave of new phishing cyber-attacks has recently swept Ukraine. Hard on the heels of an attack by the APT28 threat actors spreading the CredoMap_v2 info-stealing malicious software, another hacking group has recently distributed phishing emails deploying malware called Jester Stealer, as CERT-UA reports. This latest malicious activity has been tracked as UAC-0104 based on […]

Read More
CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability
CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability

F5 Networks, a company that specializes in the development and distribution of software and hardware solutions, has released a Security Advisory on May 4, 2022, addressing a number of issues in their products. Shortly after, the BIG-IP family of products was hit with multiple exploitations in the wild following the publicly published proof-of-concept for a […]

Read More
Russia-Linked APT28 (UAC-0028) Threat Actors Spread CredoMap_v2 Malware in a Phishing Attack on Ukraine
Russia-Linked APT28 (UAC-0028) Threat Actors Spread CredoMap_v2 Malware in a Phishing Attack on Ukraine

Over the course of an ongoing cyber war, Russia-linked hacking collectives are looking for new ways to cripple the Ukrainian organizations in the cyber domain. On May 6, 2022, CERT-UA issued an alert warning of yet another phishing attack targeting Ukrainian state bodies. The cyber-attack has been attributed to the malicious activity of notorious Russian […]

Read More
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom

BlackByte ransomware targeting critical infrastructures in the U.S. and across the globe since mid-summer 2021 has recently morphed into a more advanced variant. Adversaries are known to exfiltrate data before deploying ransomware and then threaten organizations to leak the stolen data if a ransom is not paid. The ransomware samples were originally written in C# […]

Read More
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability

Recent cybersecurity research has uncovered AvosLocker ransomware samples abusing the Avast Anti-Rootkit Driver file to disable anti-virus, which allows adversaries to evade detection and block defense. AvosLocker is known to represent a relatively novel ransomware family that appeared in the cyber threat arena to replace the infamous REvil, which was one of the most active […]

Read More
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes

APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]

Read More
Instant Threat Hunting Success with Detection as Code On-Demand
Instant Threat Hunting Success with Detection as Code On-Demand

SOC Prime Launches New Subscription Plans to Accelerate Threat Detection with Customized, On-Demand Content In general, detection engineering suffers from the need to continuously hunt for aggressive, damaging, current and long-impactful cyber threats. The need for automated, systematic, repeatable, predictable and shareable approaches is glaring. Especially for most detection engineers that must function as threat […]

Read More
Metasploit Meterpreter Malware Detection: New Phishing Cyber-Attack on Ukrainian Government Entities Linked to UAC-0098 and TrickBot Groups
Metasploit Meterpreter Malware Detection: New Phishing Cyber-Attack on Ukrainian Government Entities Linked to UAC-0098 and TrickBot Groups

On April 28, 2022, CERT-UA published a heads-up notifying of the latest phishing cyber-attack on Ukrainian government entities using the Metasploit framework. The malicious activity can be attributed to the adversary behavior patterns of a group tracked as UAC-0098. Moreover, this most recent attack is believed to be traced to the activity of the TrickBot […]

Read More
CVE-2022-29799 and CVE-2022-29800 Detection: Novel Privilege Escalation Vulnerabilities in Linux OS Known as Nimbuspwn
CVE-2022-29799 and CVE-2022-29800 Detection: Novel Privilege Escalation Vulnerabilities in Linux OS Known as Nimbuspwn

On April 26, Microsoft 365 Defender Research Team discovered a couple of novel vulnerabilities collectively dubbed Nimbuspwn, enabling adversaries to escalate privileges on multiple Linux desktop environments. The newly detected Nimbuspwn flaws have been identified as CVE-2022-29799 and CVE-2022-29800. Once chained together, these flaws give hackers the green light to obtain root privileges, lead to […]

Read More
Lateral Movement Tactic | TA0008
Lateral Movement Tactic | TA0008

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Lateral Movement SOC Prime operates the world’s largest and most advanced platform for collaborative cyber defense that enables threat-centric selection of detection content backed by particular adversary tactics, techniques, and sub-techniques as per the MITRE ATT&CK® framework v.10. In this blog article, we […]

Read More