Tag: Detection Content

Detection Content: APT38 Malware
Detection Content: APT38 Malware

We recently published a rule to discover one of the latest tools of the notorious APT38 group more known as Lazarus or Hidden Cobra. And it is time to continue publishing content to discover this sophisticated cybercriminal group. In today’s article, we will give the links on fresh detection content from one of the first […]

Read More
Detection Content: Malspam Downloads Zloader Malware
Detection Content: Malspam Downloads Zloader Malware

Zloader Trojan (also known as Zeus Sphinx and Terdot) was initially spotted in August 2015. It is based on the Zeus v2 Trojan’s leaked source code and cybercriminals used it in attacks on financial organizations across the globe collecting sensitive data via web injections. In early 2018, the use of this banking Trojan in the […]

Read More
Detection Content: Kpot Info Stealer Campaign
Detection Content: Kpot Info Stealer Campaign

COVID-19 is by far the most popular topic exploited by cybercriminals in phishing and malspam campaigns. Recently, attackers have found a new and effective way to convince the user to open a malicious attachment. Researchers at IBM X-Force discovered a malicious campaign that used emails pretended to be messages from the U.S. Department of Labor. […]

Read More
Detection Content: Hunting for Netwire RAT
Detection Content: Hunting for Netwire RAT

NetWire is a publicly-available Remote Access Trojan that is a part of the NetWiredRC malware family used by cybercriminals since 2012. Its primary functionality is focused on credentials stealing and keylogging, but it also has remote control capabilities. Adversaries often distribute NetWire through malspam and phishing emails.  In a recent campaign, cybercriminals targeted users in […]

Read More
Detection Content: Floxif Trojan
Detection Content: Floxif Trojan

Floxif Trojan is primarily known for being used by the Winnti group, they distributed it with the infected CCleaner, which was downloaded by users from the official site. The attack occurred in September 2017, attackers allegedly gained access to CCleaner’s build environment. Floxif Trojan was used with Nyetya Trojan to collect information about infected systems […]

Read More
Detection Content: COVID-19 Related Attack at Medical Suppliers
Detection Content: COVID-19 Related Attack at Medical Suppliers

New Sigma rule by Osman Demir helps to detect COVID-19 related phishing attacks targeted at medical suppliers. https://tdm.socprime.com/tdm/info/IkntTJirsLUZ/uowd33EB1-hfOQirsQZO/ The campaign became known at the end of last week, and researchers believe that it is associated with 419 scammers who exploit the COVID-19 pandemic for Business Email Compromise attacks. Adversaries send highly targeted phishing emails with […]

Read More
Detection Content: Finding Ursnif Trojan Activity
Detection Content: Finding Ursnif Trojan Activity

The ‘Process Injection by Ursnif (Dreambot Malware)’ exclusive rule by Emir Erdogan is released on Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/IIfltgwf9Tqh/piHTv3EBjwDfaYjKDztK/  Ursnif banking Trojan has been used by adversaries in various modifications for about 13 years, constantly gaining new features and acquiring new tricks to avoid security solutions. Its source code was leaked in 2014, and since […]

Read More