Tag: Nattatorn Chuensangarun

SOC Prime Threat Bounty —  December 2022 Results

December ‘22 Publications During the last month of the year 2022,  Threat Bounty developers managed to submit 441 rules to review by SOC Prime Team for a chance of publication to the Platform for monetization. The submitted rules were reviewed by a team of seasoned engineers, and based on the collective decisions, 126 rules were […]

Read More
Threat Bounty Program November
SOC Prime Threat Bounty —  November 2022 Results

November ‘22 Publications During the previous month, members of Threat Bounty community submitted 433 rules for publication to the SOC Prime Platform. A number of rules were automatically rejected on the stage of automated checks because of structure, syntax, logic mistakes, or content duplication and were not sent to review by SOC Prime experts. In […]

Read More
SOC Prime Threat Bounty — October 2022 Results

October ‘22 Publications In October, the members of Threat Bounty Program actively contributed detections for critical emerging threats. After the SOC Prime validation, 256 detections were successfully released on the Platform and thus were included into monetization based on the client’s activities. Read Blog Explore Detections However, 375 rules were rejected to be published. SOC […]

Read More
SOC Prime Threat Bounty — September 2022 Results

September ‘22 Publications In September, members of the Threat Bounty Community submitted 441 rules for review by the SOC Prime team via the Developer Portal and Sigma rules Slack Bot. However, only 183 rules have successfully passed the verification and were approved for publication on the SOC Prime Platform. When creating new rules and submitting […]

Read More
SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
Vice-Society-Gang
LAUSD Ransomware Attack: Vice Society Claims Compromising the Largest School District in the US

Ransomware operators constantly seek lucrative and feasible extortion opportunities, affecting a wide array of organizations across industries. One of the latest examples of successful breaches is the Vice Society gang’s attack against the Los Angeles Unified School District that happened over the Labor Day weekend. The attack caused widespread disruption, affecting several information management systems. […]

Read More
Novel Moobot
New Mirai Botnet Variant Detection: MooBot Sample Targets D-Link Routers

Security researchers are raising the alarm on a new Mirai botnet variant dubbed MooBot that targets D-Link devices. The novel threat employs multiple exploitation techniques.  MooBot first surfaced in 2019, hijacking LILIN digital video recorders and Hikvision video surveillance products and co-opting them into a family of denial-of-service bots. Detect MooBot  To detect the signature […]

Read More
Agenda Ransomware
Golang-Based Agenda Ransomware Detection: New Strain Began Sweeping Across Asia and Africa

Researchers warn of a new ransomware family: a novel strain called Agenda sails in, targeting healthcare and education entities. Similar to another emerging piece written in Go language (aka Golang) dubbed BianLian, this cross-platform threat is gaining popularity with affiliates for its versatility and easy-to-tweak elements of the campaign, including encryption extension, personalized ransomware note […]

Read More
Manjusaka Offensive Framework
Manjusaka Offensive Framework Detection: New Malware Family Quickly Catapults Into Operation

A novel attack framework called “Manjusaka” is currently making rounds in the wild. The name “Manjusaka,” which means “cow flower,” is far from denoting the high level of offense potential the attack framework bears. Deriving from ample evidence, the campaign operators behind this malware family are believed to be China-based. Developers of Manjusaka have designed […]

Read More
SmokeLoader Detection: Distributes Amadey Bot Malware via Software Cracks

Amadey Bot, a notorious malware strain that first came to the cyber threat arena in 2018, is capable of stealing data and deploying other malicious payloads on the compromised system. It has been actively distributed across hacker forums to engage in offensive operations. Cybersecurity researchers have recently observed the distribution of a new version of […]

Read More