The challenging year of 2020 saw many businesses increase their reliance on the internet, shifting to work-from-home workforces. Such a trend resulted in a blasting spike in video conferencing apps usage. Cyber criminals didn’t miss the chance to advantage their malicious perspectives. Starting from spring 2020, they registered many fake domains to deliver malicious ads […]
Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasar’s code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]
At SOC Prime, we are captured with the mission of deriving maximum value from each security tool and enabling the effective protection from the emerging threats. In August 2020, the SIGMA project adopted SOC Prime’s Sysmon backend. The backend generates Sysmon rules to be added to a Sysmon configuration, which is mold-breaking for anyone using […]
A recently-disclosed security issue in Sudo provides unauthenticated hackers with the ability to escalate their privileges to root on any Linux device. The flaw was imported back in 2011 and remained undetected for nearly a decade. Linux Sudo Vulnerability Description Sudo is a standard service for system administrators, which is ubiquitously applied across the majority […]
Threat analysts from Google warn of a current malicious campaign aimed at vulnerability researchers and Red Team members. Reportedly, a North Korean nation-backed actor stands behind this operation, leveraging novel social engineering methods to approach individual security practitioners via bogus social media profiles. Attack Against Security Researchers The campaign overview from the Google Threat Analysis […]
A new sophisticated APT group, dubbed Dark Halo (UNC2452, SolarStrom), has recently emerged in the cyber-security arena, gathering top press headlines during the last months. Researchers believe this advanced actor might stand behind the historical SolarWinds hack as well as the attack against Malwarebytes security vendor. Who is Dark Halo? Security experts from Volexity estimate […]
Data theft malware continues to get the ride of popularity among financially-motivated hackers. Increased interest boosts the development of new sophisticated strains promoted on the underground market. Obviously, the cheapest and simultaneously functional offerings grab attention first. This is where Oski stealer comes to the spotlight as highly dangerous and relatively low-priced malware. Oski Stealer […]
Introduction On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and, like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS […]
The in-depth inspection of the SolarWinds breach revealed the fourth piece of malicious software connected to this historical incident. According to the infosec experts, the new threat, dubbed Raindrop, is a Cobalt Strike downloader. It was applied in the post-compromise phase of attack to enhance lateral movement across a selected number of targeted networks. Raindrop […]
Threat actors constantly search for new ways to circumvent Windows security restrictions and drop malware onto the targeted network. Native Windows executables, known as LoLbins, are frequently being misused for this purpose. Recently, the Windows Finger feature was added to this list since hackers abused it for MineBridge backdoor delivery. Windows Finger Misused for Malware […]