Tag: Kyaw Pyiyt Htet

SOC Prime Threat Bounty — October 2022 Results

October ‘22 Publications In October, the members of Threat Bounty Program actively contributed detections for critical emerging threats. After the SOC Prime validation, 256 detections were successfully released on the Platform and thus were included into monetization based on the client’s activities. Read Blog Explore Detections However, 375 rules were rejected to be published. SOC […]

Read More
SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
DangerousSavanna
DangerousSavanna Detection: Attacks Targeting Various Financial Orgs Revealed

Security analysts revealed a two-year-long spear-phishing campaign aimed at entities in the financial sector in French-speaking African countries – Morocco, Togo, Ivory Coast, Cameroon, and Senegal. The campaign is codenamed DangerousSavanna, and its operators are heavily relying on social engineering techniques for initial access, consequently employing customized malware such as AsyncRAT, PoshC2, and Metasploit. The […]

Read More
North Korean Hackers APT37
APT37 Detection: North Korean Hackers Distribute Konni RAT, Target Orgs in Czechia and Poland

The APT37, aka Reaper, Ricochet Chollima, and ScarCruft, is a hacking group affiliated with North Korea. The hackers have been active since at least 2012, mostly targeting orgs in the public and private sectors in South Korea. Starting in 2017, the adversaries expanded their targeting, now seeking victims globally. The affected sectors include but are […]

Read More
Spyware Vendor Candiru
Spyware Group Candiru: Targets Journalists in the Middle East With DevilsTongue Malware

Spyware dubbed DevilsTongue is causing a fair share of trouble for journalists and free speech advocates in the Middle East, especially those Lebanon-based. Adversaries exploit a Chrome zero-day assigned CVE-2022-2294 that Google patched earlier this month to achieve shellcode execution, elevate privileges, and gain file-system permissions on the breached device’s memory. Researchers discovered that the […]

Read More
Vyveva: New Custom Malware in Lazarus Toolkit

Experts from ESET have uncovered a new malicious sample leveraged by Lazarus APT to target an unnamed South African freight company. The malware, dubbed Vyveva, obtains impressive backdoor capabilities, which are used by the nation-backed actor for reconnaissance and cyber-espionage. Vyveva Backdoor Overview Vyveva is a custom threat applied by the North Korean state-sponsored group […]

Read More
Interview with Developer: Kyaw Pyiyt Htet

Catch the latest newscast about the SOC Prime community! Today we want to introduce you to Kyaw Pyiyt Htet, an active member of our Threat Bounty Program. Kyaw joined the Program in Q3 2020 and swiftly became one of the most prolific authors with a variety of Sigma, YARA, and SNORT rules published. You can […]

Read More