Tag: Investigation
SOC Prime Integration with Microsoft Azure Sentinel, New Features
  • April 21, 2020

All SOC Prime Team is currently working remotely (hope you do the same) but such conditions didn’t influence our effectiveness and striving to improve Threat Detection Marketplace (TDM) platform. In this blog we’re thrilled to announce SOC Prime’s 4 new TDM features that come thanks to our 3d party integration with Microsoft Azure Sentinel, which […]

Read More
Stealthphish investigation: 528 domains involved in BEC attack against Fortune 500 companies
  • February 28, 2018

About a week ago we got this info from one of our partners “We are seeing phishing emails flying in our environment (Internal to Internal)” along with sharing an email sample with us. Today we’re going to analyze the recent phishing attacks targeted at Fortune 500 and Global 2000 companies dubbed “Stealthphish” aimed at compromising […]

Read More
Security Advisory. Bad Rabbit Ransomware worm.
  • October 25, 2017

The research is based on OSINT evidence analysis, local evidence, feedback from attack victims and MITRE ATT&CK methodology used for actor attribution. SOC Prime would like to express gratitude to independent security researchers and specialized security companies who shared the reverse engineering reports and attack analysis on the public sources and their corporate blogs. On […]

Read More
Petya.A / NotPetya is an AI-powered cyber weapon, TTPs lead to Sandworm APT group
  • July 02, 2017

It’s been a hot summer for security industry: in less than a week since the initially suspected ransomware Petya.A has turned out to be much more than meets the eye. Security researchers around the world have rightfully dubbed it NotPetya and EternalPetya, as the malware was never meant to ask for ransom – it was […]

Read More
WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules
  • May 13, 2017

Good news everyone! After a rather long day, night and morning of studying the news, researching and hunting the #WannaCry ransomwareworm there are some discoveries to be shared.. This includes Host and Network IOCs, their analysis obtained with help of fellow security researchers and practitioners, review of C2 infrastructure and its interactions with Tor. Last but not least are some free SIEM use cases that […]

Read More
Phishing of the DHL accounts: «DHL & PASSWORDS»
  • July 01, 2016

Hello everyone! Today we will focus on the fresh example of the simple phishing from the actual practice as always. Let’s analyze the following letter:

Read More
Infrastructure infiltration via RTF
  • May 20, 2016

Let’s proceed to studying a stage of attack called “Delivery” from Lockheed Martin Cyber Kill Chain. Much can be said about this stage, but today I’ll just share parsing of one sample which I have recently received for analysis. The sample attracted my attention because of its simplicity on one hand and its sophistication on […]

Read More

This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties. Cookie Policy. Details

Refuse Cookies Accept Cookies

You previously chose to disable cookies. This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties. Cookie Policy. Details

Details Accept Cookies