Tag: Developer Program

Zeoticus 2.0: Nasty Ransomware Strain Receives Major Upgrade

Starting from December 2020, a new version of Zeoticus ransomware has been actively targeting users in the wild. Zeoticus 2.0 comes with better performance and enhanced offline capabilities, posing a bigger threat to businesses worldwide.  What is Zeoticus Ransomware? Zeoticus is a relatively new malware sample that appeared in the cyber threat arena in December […]

Read More
MuddyWater APT Uses ScreenConnect to Spy on Middle East Governments

Security experts from Anomali have revealed a targeted cyber-espionage operation aimed at the United Arab Emirates (UAE) and Kuwait governments. The malicious campaign was launched by an Iranian state-sponsored actor known as MuddyWater (Static Kitten, MERCURY, Seedworm). According to the researchers, adversaries relied on the legitimate software tool ConnectWise Control (formerly ScreenConnect) to move laterally […]

Read More
Oracle WebLogic Server Vulnerability (CVE-2021-2109) Results in Complete Server Takeover

A high-severity remote code execution issue in Oracle Fusion Middleware Console enables full Oracle WebLogic Server compromise. New Oracle WebLogic Server Vulnerability The flaw allows an authenticated actor with high privileges to misuse the “JndiBinding” Handler and launch a JNDI (Java Naming and Direction Interface) injection. This, in turn, enables retrieving and deserialization of a […]

Read More
Skyrocketing Threat Bounty Program: Monthly Meetings with Developers

Uniting the cybersecurity community and boosting ideas exchange has always been a core goal for SOC Prime. In April 2019, we launched a Threat Bounty Developer Program for Threat Detection Marketplace to create a dedicated space where cybersecurity researchers, threat hunters, and security analysts might signify their joint input to the proactive defense against emerging […]

Read More
New Zoom Phishing Abuses Constant Contact to Bypass SEGs

The challenging year of 2020 saw many businesses increase their reliance on the internet, shifting to work-from-home workforces. Such a trend resulted in a blasting spike in video conferencing apps usage. Cyber criminals didn’t miss the chance to advantage their malicious perspectives. Starting from spring 2020, they registered many fake domains to deliver malicious ads […]

Read More
Quasar RAT: Detecting Malicious Successors

Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasar’s code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]

Read More
Oski Info Stealer Empties Crypto Wallets, Extracts Browser Data

Data theft malware continues to get the ride of popularity among financially-motivated hackers. Increased interest boosts the development of new sophisticated strains promoted on the underground market. Obviously, the cheapest and simultaneously functional offerings grab attention first. This is where Oski stealer comes to the spotlight as highly dangerous and relatively low-priced malware. Oski Stealer […]

Read More
Affiliates vs Hunters: Fighting the DarkSide

Introduction On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and, like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS […]

Read More
TA551 Hackers Spread IcedID Trojan in a New Wave of Malspam Campaign

Starting from July 2020 security researchers observe notable changes implemented to the TA551 (aka Shathak) malspam routine. Threat actors behind the TA551 campaign have switched from Ursnif and Valak distribution to IcedID banking Trojan infections. TA551 Overview TA551 is a long-lasting malspam campaign that emerged in February 2019. Initially, it was focused on delivering Ursnif […]

Read More
Warzone RAT Malware Used by Confucius APT in Targeted Attacks

Security researchers have spotted an ongoing Confucius APT campaign that leverages Warzone RAT malware to compromise its targets. The campaign is presumably aimed at the governmental sector of China and other South Asia countries. Warzone RAT Description Warzone remote access Trojan (RAT), a prolific successor of AveMaria stealer, first emerged in 2018 as a malware-as-a-service […]

Read More