Meet Babadeda, a new notorious crypter in the arsenal of threat actors. The malware has been actively leveraged by adversaries since May 2021 to bypass security protections and covertly deliver a variety of threats to unsuspecting victims. Multiple infostealers and remote access Trojans (RATs) have been deployed with the help of Babadeda. Moreover, LockBit maintainers […]
Relying on Public Sources of Information Think about it — every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, – doesn’t it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]
A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]
Make sure you have secured your Microsoft Exchange Servers against ProxyShell vulnerabilities since hackers are inventing new tricks to benefit from the exposed instances. Currently, researchers observe multiple phishing campaigns that utilize the nefarious flaws for malware delivery. Additionally, ProxyShell bugs are increasingly used in a range of operations aimed at ransomware infection. New Attack […]
SOC Prime’s Detection as Code platform for collaborative cyber defense, threat hunting, and discovery continuously evolves to empower the global community with more accessible and efficient cyber defense capabilities. Striving to unlock threat hunting to a wider cybersecurity audience, SOC Prime introduced Quick Hunt, a new cutting-edge module, enabling both newcomers and seasoned experts alike […]
The infamous Lazarus APT strikes again, with security professionals being under attack during the most recent campaign. State-sponsored actor leverages a pirated version of the widely-used IDA Pro reverse engineering application to compromise researchers’ devices with backdoors and remote access Trojans (RATs). NukeSpeed RAT Delivered via Trojanized IDA Pro According to the research by ESET, […]
SOC Prime Threat Bounty Program provides enthusiastic cyber security defenders with the opportunity to share detections with the global community, and get publicly recognized and rewarded for their contributions. Threat Bounty participants are motivated to share detections that can address security needs of 20K+ users. Thus, content authors gain each time their detection is consumed […]
To enable organizations to address the risks posed by critical vulnerabilities outlined in Binding Operational Directive (BOD) 22-01, SOC Prime provides an extensive list of curated detections to identify possible exploit attempts in your infrastructure and isolate potentially affected assets while patching procedures are in progress. The increasing sophistication of malicious activities threatening the private […]
BlackMatter ransomware is on the rise, hitting high-profile targets across the US, Europe, and Asia. Being an off-spring of the infamous DarkSide hacking collective, BlackMatter adopted the most prolific tactics from its predecessor to crash into the big ransomware game during July 2021. The joint advisory by CISA, FBI, and NSA attributes multiple attacks against […]
Infamous Nobelium APT group strikes again! This time covert Russia-backed threat actor goes after technology service providers at a global scale to spy on their downstream customers. Hackers have targeted at least 140 IT service orgs since May 2021, with 14 of them being successfully compromised. NOBELIUM APT Group NOBELIUM APT group (APT29, CozyBear, and […]