Tag: Detection Content

Threat Actors Leverage Spear-Phishing E-Mails Mimicking UKR.NET Service for Espionage
Threat Actors Leverage Spear-Phishing E-Mails Mimicking UKR.NET Service for Espionage

This article highlights the original research provided by CERT-UA: https://cert.gov.ua/article/37788  On March 16, 2022, the Computer Emergency Response Team from Ukraine CERT-UA identified a spear-phishing campaign aimed at infecting Ukrainian organizations with cyber-espionage malware. With a low level of confidence, given the tactics used, CERT-UA associates the identified activity with one of the top Russia-backed […]

Read More
HeaderTip Malware Hits Ukrainian Organizations: CERT-UA Warning
HeaderTip Malware Hits Ukrainian Organizations: CERT-UA Warning

On March 22, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) identified yet another nefarious malware targeting the infrastructure of Ukrainian state bodies and organizations across the country. Dubbed HeaderTip, the malicious strain is typically leveraged to drop additional DLL files to the infected instance.The revealed malicious activity is tracked under the UAC-0026 identifier, […]

Read More
DoubleZero Destructive Malware Used in Cyber-Attacks at Ukrainian Companies: CERT-UA Alert
DoubleZero Destructive Malware Used in Cyber-Attacks at Ukrainian Companies: CERT-UA Alert

This article is based on the original investigation by CERT-UA: https://cert.gov.ua/article/38088. On March 17, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) has found instances of yet another destructive malware used to target Ukrainian enterprises. The novel malware revealed by CERT-UA and dubbed DoubleZero adds to a strain of data destructive malware that recently […]

Read More
Cobalt Strike Beacon, GrimPlant, and GraphSteel Malware Massively Spread by UAC-0056 Threat Actors in Targeted Phishing Emails:  CERT-UA Alert
Cobalt Strike Beacon, GrimPlant, and GraphSteel Malware Massively Spread by UAC-0056 Threat Actors in Targeted Phishing Emails: CERT-UA Alert

This article covers the original research carried out by CERT-UA: https://cert.gov.ua/article/37704 On March 11, 2022, Ukraine’s Computer Emergency Response Team (CERT-UA) reported about the mass distribution of fake emails targeting the Ukrainian state bodies. According to the CERT-UA research, the detected malicious activity can be attributed to the UAC-0056 hacking collective also tracked as SaintBear, […]

Read More
FormBook/XLoader Malware Is Leveraged to Target Ukrainian Government Bodies: CERT-UA Warning
FormBook/XLoader Malware Is Leveraged to Target Ukrainian Government Bodies: CERT-UA Warning

This article highlights the original research conducted by CERT-UA: https://cert.gov.ua/article/37688  On March 9, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) reported that Ukrainian government bodies were hit by a cyber-attack using the FormBook/XLoader malware. The malware was delivered if the user opened a malicious email attachment. FormBook and its more recent successor XLoader […]

Read More
InvisiMole Cyber Espionage Group Resurfaces to Attack Ukrainian Government Entities Via Targeted Spear Phishing: CERT-UA Warning
InvisiMole Cyber Espionage Group Resurfaces to Attack Ukrainian Government Entities Via Targeted Spear Phishing: CERT-UA Warning

This article highlights the original research conducted by CERT-UA: https://cert.gov.ua/article/37829. On March 18, 2022, the Computer Emergency Response Team for Ukraine (CERT-UA) reported about the malicious activity associated with InvisiMole (UAC-0035) hacking collective that launched a targeted spear-phishing campaign against Ukrainian organizations to deliver a LoadEdge backdoor. InvisiMole is a sophisticated cyberespionage group that is […]

Read More
Vermin (UAC-0020) Hacking Collective Hits Ukrainian Government and Military with SPECTR Malware
Vermin (UAC-0020) Hacking Collective Hits Ukrainian Government and Military with SPECTR Malware

This article covers the original investigation by CERT-UA: https://cert.gov.ua/article/37815.  On March 17, 2022, the government emergency response team of Ukraine CERT-UA revealed that the Ukrainian government infrastructure was hit by a massive spear-phishing campaign aimed at SPECTR malware delivery. The campaign was launched by Vermin (UAC-0020) hacking collective associated with the so-called Luhansk People’s Republic […]

Read More
SOC Prime Unlocks Free Access to Uncoder CTI
SOC Prime Unlocks Free Access to Uncoder CTI

Hunt at No Cost Through May 25, 2022 Furthering its mission to transform threat detection, SOC Prime has boosted threat hunting velocity by continuing to evolve its Detection as Code platform. Uncoder CTI powered by SOC Prime’s platform allows security researchers to automatically convert IOCs of multiple types into custom queries enabling instant IOC searching […]

Read More
Detect Gh0stCringe RAT
Detect Gh0stCringe RAT

Gh0stCringe Malware: Variant of Notorious Gh0st RAT The Gh0stCringe, or CirenegRAT malware, based on the code of Gh0st RAT, is back, jeopardizing poorly protected Microsoft SQL and MySQL database servers. This remote access trojan (RAT) was first spotted in December 2018, and resurfaced in 2020 in China-linked cyber espionage attacks against governmental and corporate networks […]

Read More
NIGHT SPIDER Zloader Detection: Defend Against Malicious Trojan Activity with SOC Prime
NIGHT SPIDER Zloader Detection: Defend Against Malicious Trojan Activity with SOC Prime

NIGHT SPIDER’s Zloader trojan has been quietly operating for the last few months at a global scale, conducting an intrusion campaign on a number of enterprises in various industries. The primary way to install malware was hidden within the legitimate software. For leveraging initial access, attackers used bundled .msi installers. The payloads were aimed at […]

Read More