Tag: Emir Erdogan

Lazarus Group Resurfaces, Exploiting Log4j Vulnerability and Spreading MagicRAT

Lazarus Group, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, has garnered a reputation as a highly-qualified and well-funded state-sponsored cluster of criminal hackers, wreaking havoc since 2009. In the most recent campaign, Lazarus deployed novel MagicRAT malware after exploiting vulnerabilities in VMWare Horizon platforms, such as a high-profile Log4j flaw. The notorious […]

Read More
Redeemer 2.0 Ransomware
Redeemer Ransomware Detection: New Version Distributed on Underground Forums

The Redeemer ransomware builder’s author put a new spin on the malware’s software, distributing its new version on cybercrime forums. Redeemer 2.0 ransomware version is written in C++ and is built to infect Windows OS hosts. The first version of Redeemer was released in the Summer of 2021, followed by its upgraded variant published last […]

Read More
Manjusaka Offensive Framework
Manjusaka Offensive Framework Detection: New Malware Family Quickly Catapults Into Operation

A novel attack framework called “Manjusaka” is currently making rounds in the wild. The name “Manjusaka,” which means “cow flower,” is far from denoting the high level of offense potential the attack framework bears. Deriving from ample evidence, the campaign operators behind this malware family are believed to be China-based. Developers of Manjusaka have designed […]

Read More
The 8220 Cryptomining Group
8220 Gang Crimeware Group: Infects Cloud Hosts and Operates a Botnet and PwnRig Cryptocurrency Miner

8220 Gang, aka 8220 Mining Group, has ramped up activity in the last year, growing the cloud botnet of infected hosts from 2,000 in mid-2021 to 30,000 and counting as of now. In their previous attacks, the threat group focused on leveraging existing vulnerabilities and launching brute-force attacks to compromise cloud servers and drop cryptocurrency […]

Read More
Matanbuchus Loader
Matanbuchus Malware Detection: New Malspam Campaign Distributes Malware Loader and Cobalt Strike

Matanbuchus first surfaced in early 2021 as a malware-as-a-service (MaaS) project at a rental price of $2,500. Matanbuchus is a loader that uses two DLLs during the malware’s run cycle. This year the malware is delivered in phishing attacks aimed at deploying Cobalt Strike beacons. Detect Matanbuchus Malware For an efficient Matanbuchus malware detection, use […]

Read More
AveMariaRAT, BitRAT, and PandoraHVNC
Fileless Malware Detection: AveMariaRAT / BitRAT / PandoraHVNC Attacks

Cybercrooks are targeting Microsoft Windows users with three fileless malware strains used at once in a new phishing campaign. The phishing mail mimics a payment report from a trusted source, with a brief request to view an attached Microsoft Excel document. The file contains weaponized macros and, once launched, drops the malware aimed to steal […]

Read More
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes

APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]

Read More
Lateral Movement Tactic | TA0008

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Lateral Movement SOC Prime operates the world’s largest and most advanced platform for collaborative cyber defense that enables threat-centric selection of detection content backed by particular adversary tactics, techniques, and sub-techniques as per the MITRE ATT&CK® framework v.10. In this blog article, we […]

Read More
Execution Tactic | TA0002

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Execution SOC Prime’s Detection as Code platform provides access to a constantly growing library of 180,000+ context-enriched detection and response algorithms aligned with the MITRE ATT&CK® framework v.10. The newly released On Demand subscription tiers for SOC Prime’s platform provide curated Sigma rules […]

Read More
Privilege Escalation | TA0004

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Privilege Escalation SOC Prime cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules aligned with the MITRE ATT&CK® framework enabling teams to focus on threats they anticipate most. With the recently released On Demand subscriptions for SOC Prime’s […]

Read More