Tag: Developer Program

interview Onur Atali
Interview with Threat Bounty Developer: Onur Atali

Meet the latest newscast about the SOC Prime Developers community! Today we want to introduce Onur Atali, a keen developer contributing to our Threat Bounty Program since June 2021. Onur is an active content creator, concentrating his efforts on Sigma rules. You can refer to Onur’s detections of the highest quality and value in Threat […]

Read More
DevilsTongue Detection
DevilsTongue Spyware Detection

Israeli spyware firm Candiru supplied zero-day exploits to the nation-baked actors globally, Microsoft and Citizen Lab revealed. According to the analysis, Candiru leveraged previously unknown zero-day bugs in Windows and Chrome to power its high-end spyware dubbed DevilsTongue. Although DevilsTongue was marketed as a “mercenary software” facilitating surveillance operations for government agencies, it was identified […]

Read More
BazarLoader Malware Detection

Experts warn about an unusual approach to infect targets with BazarLoader — a notorious strain frequently used to deliver ransomware. The hacker collective, dubbed BazarCall, abuses call center functionality to trick victims into downloading the malicious payload. The campaign has been active since at least February 2021, continuously adding new tricks to increase its notoriety. […]

Read More
LockBit Ransomware Detection

Despite being a relatively new player in the cyber threat arena, LockiBit ransomware quickly earned the fame of a prolific and dangerous malware strain. During 2020-2021, LockBit was consistently included in the list of the most active and notorious malicious samples. To achieve this, LockBit maintainers leverage Ransomware-as-a-Service (RaaS) model to involve more affiliates and […]

Read More
Novel Epsilon Red Ransomware Targets Unpatched Microsoft Exchange Servers

REvil gang may stand behind the brand-new malware variant that explicitly attacks enterprise Microsoft Exchange servers to penetrate corporate networks. The new threat relies on a batch of PowerShell scripts weaponized to exploit known vulnerabilities for final payload delivery. Currently, researchers confirmed at least one successful attack ended up in a 4.29BTC ($210,000) ransom payment. […]

Read More
NOBELIUM APT Targets Governments Worldwide in a Massive Spear-Phishing Campaign

Microsoft experts have revealed a significant shift in a spear-phishing campaign launched by Russia-affiliated NOBELIUM APT against major government agencies, think tanks, and NGOs globally. According to researchers, the hacker collective attacked more than 150 organizations across 24 countries with the intent to infect victims with malware and gain covert access to the internal networks. […]

Read More
Detect Wormable RCE Vulnerability (CVE-2021-31166) in Windows HTTP.sys

Microsoft has recently fixed a highly critical bug (CVE-2021-31166), which enables remote code execution with kernel rights on the machines running Windows 10 and Windows Server. The vendor warns that this flaw is wormable and could self-propagate across multiple servers inside the organizational network to cause maximum harm. The Proof of Concept (PoC) exploit has […]

Read More
SOC Prime Attends Seventh EU MITRE ATT&CK® Community Workshop

SOC Prime is excited to announce our participation in the Seventh EU MITRE ATT&CK® Community Workshop taking place online on June 1-2, 2021. This workshop is supported by CERT-EU, CIRCL, and the MITRE Engenuity Center for Threat-Informed Defense to boost the experience exchange among security professionals interested in the use of the MITRE ATT&CK Framework […]

Read More
Interview with Threat Bounty Developer: Michel de Crevoisier

Catch the latest newscast about the SOC Prime Developers community! Today we want to introduce Michel de Crevoisier, a prolific developer contributing to our Threat Bounty Program since November 2020. Michel is an active content creator, concentrating his efforts on Sigma rules. You can refer to Michel’s detections of the highest quality and value in […]

Read More
Detect DarkSide Ransomware with SOC Prime

DarkSide ransomware, a relatively novel player in the cyber threat arena, continues to gather news headlines for successful attacks against world-leading vendors. The list of the recent intrusions includes the chemical distribution company Brenntag, which paid adversaries $4.4 million ransom, and Colonial Pipeline, a company providing fuel supply for the US East Coast. DarkSide Ransomware […]

Read More