Tag: IOC Rule

Practical Guide to Converting IOCs to SIEM Queries with Uncoder AI
Practical Guide to Converting IOCs to SIEM Queries with Uncoder AI

What are IOCs, and what is their role in cybersecurity?  In cybersecurity operations, Indicators of Compromise — such as IP addresses, file hashes, domains, and URLs — serve as crucial forensic evidence for identifying malicious activities within the organization’s network. These artifacts are essential to enabling security teams to detect potential cyber threats. To leverage […]

Read More
IOC Sigma: Mock Folders Creation
IOC Sigma: Mock Folders Creation

Today we want to pay attention to the community IOC Sigma rule submitted by Ariel Millahuel to detect the creation of mock directories that can be used to bypass User Account Control (UAC): https://tdm.socprime.com/tdm/info/KB1bISN0mbzm/Hua9s3MBSh4W_EKGTlO2/?p=1 A mock folder is a specific imitation of a Windows folder with a trailing space in its name, and the security […]

Read More
IOC Sigma: GreenBug APT Group Activities
IOC Sigma: GreenBug APT Group Activities

Greenbug APT is an Iranian-based cyber-espionage unit that has been active since at least June 2016. The group most likely uses spear-phishing attacks to compromise targeted organizations. Adversaries use multiple tools to compromise other systems on the network after an initial compromise, and steal user names and passwords from operating systems, email accounts, and web […]

Read More
IOC Rule: Banking Trojan Grandoreiro
IOC Rule: Banking Trojan Grandoreiro

A recently published article “SIGMA vs Indicators of Compromise” by Adam Swan, our Senior Threat Hunting Engineer demonstrates the benefits of threat hunting Sigma rules over IOCs-based content. Although we can’t brush off IOC Sigma rules, since they can help identify a fact of compromise, in addition, not all adversaries quickly make changes to their malware, […]

Read More