About a week ago we got this info from one of our partners “We are seeing phishing emails flying in our environment (Internal to Internal)” along with sharing an email sample with us. Today we’re going to analyze the recent phishing attacks targeted at Fortune 500 and Global 2000 companies dubbed “Stealthphish” aimed at compromising […]
The research is based on OSINT evidence analysis, local evidence, feedback from attack victims and MITRE ATT&CK methodology used for actor attribution. SOC Prime would like to express gratitude to independent security researchers and specialized security companies who shared the reverse engineering reports and attack analysis on the public sources and their corporate blogs. On […]
It’s been a hot summer for security industry: in less than a week since the initially suspected ransomware Petya.A has turned out to be much more than meets the eye. Security researchers around the world have rightfully dubbed it NotPetya and EternalPetya, as the malware was never meant to ask for ransom – it was […]
Good news everyone! After a rather long day, night and morning of studying the news, researching and hunting the #WannaCry ransomwareworm there are some discoveries to be shared.. This includes Host and Network IOCs, their analysis obtained with help of fellow security researchers and practitioners, review of C2 infrastructure and its interactions with Tor. Last but not least are some free SIEM use cases that […]
Hello everyone! Today we will focus on the fresh example of the simple phishing from the actual practice as always. Let’s analyze the following letter:
Let’s proceed to studying a stage of attack called “Delivery” from Lockheed Martin Cyber Kill Chain. Much can be said about this stage, but today I’ll just share parsing of one sample which I have recently received for analysis. The sample attracted my attention because of its simplicity on one hand and its sophistication on […]