Tag: Emir Erdogan

AveMariaRAT, BitRAT, and PandoraHVNC
Fileless Malware Detection: AveMariaRAT / BitRAT / PandoraHVNC Attacks

Cybercrooks are targeting Microsoft Windows users with three fileless malware strains used at once in a new phishing campaign. The phishing mail mimics a payment report from a trusted source, with a brief request to view an attached Microsoft Excel document. The file contains weaponized macros and, once launched, drops the malware aimed to steal […]

Read More
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes

APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]

Read More
Lateral Movement Tactic | TA0008

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Lateral Movement SOC Prime operates the world’s largest and most advanced platform for collaborative cyber defense that enables threat-centric selection of detection content backed by particular adversary tactics, techniques, and sub-techniques as per the MITRE ATT&CK® framework v.10. In this blog article, we […]

Read More
Execution Tactic | TA0002

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Execution SOC Prime’s Detection as Code platform provides access to a constantly growing library of 180,000+ context-enriched detection and response algorithms aligned with the MITRE ATT&CK® framework v.10. The newly released On Demand subscription tiers for SOC Prime’s platform provide curated Sigma rules […]

Read More
Privilege Escalation | TA0004

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Privilege Escalation SOC Prime cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules aligned with the MITRE ATT&CK® framework enabling teams to focus on threats they anticipate most. With the recently released On Demand subscriptions for SOC Prime’s […]

Read More
Quantum Ransomware Attack Detection: Malware Deployed at Lightning Speed

Quantum ransomware has been in the limelight since late summer 2021, being involved in high-speed and dynamically escalating intrusions that left cyber defenders only a short window to timely detect and mitigate threats. According to the DFIR cybersecurity research, the latest Quantum ransomware attack observed ranks as one of the fastest cases that has taken […]

Read More
SystemBC Malware Increasingly Used as Ransomware Backdoor

A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]

Read More
Lazarus APT Targets Japanese Organizations with VSingle and ValeforBeta Malware

Security researchers are observing an ongoing malicious activity launched by the infamous Lazarus APT against Japanese organizations. Most of the infections follow the same routine and rely on VSingle and ValeforBeta malware samples. VSingle and ValeforBeta Analysis The latest inquiry by Shusei Tomonaga shows that VSingle malware acts as an HTTP bot designed to download […]

Read More
Chinese APT Targets 5G Providers Around The Globe

McAfee Advanced Threat Research (ATR) Strategic Intelligence team has uncovered a long-lasting cyber-espionage operation targeting major telecommunication providers worldwide. According to security researchers, Chinese nation-baked hackers have planted malware to the networks of multiple US, EU, and SouthEast Asian telecom firms to carry out reconnaissance and steal secret information linked to 5G technology. The malicious […]

Read More
Oracle WebLogic Server Vulnerability (CVE-2021-2109) Results in Complete Server Takeover

A high-severity remote code execution issue in Oracle Fusion Middleware Console enables full Oracle WebLogic Server compromise. New Oracle WebLogic Server Vulnerability The flaw allows an authenticated actor with high privileges to misuse the “JndiBinding” Handler and launch a JNDI (Java Naming and Direction Interface) injection. This, in turn, enables retrieving and deserialization of a […]

Read More