Tag: Nattatorn Chuensangarun

MedusaLocker Ransomware Detection: Federal Authorities Release a Joint CSA
MedusaLocker Ransomware Detection: Federal Authorities Release a Joint CSA

MedusaLocker ransomware first surfaced in September 2019 and has been impacting a wide range of industries and organizations, primarily in healthcare, ever since. Assuming how adversaries divide the ransom money, MedusaLocker appears to be run as a RaaS. Sources claimed that payments for ransomware seem to be divided between the affiliate and the developer, with […]

Read More
PingPull Malware Detection: New Stealthy RAT Used by Gallium APT
PingPull Malware Detection: New Stealthy RAT Used by Gallium APT

Researchers report new attacks with an upgraded remote access trojan (RAT) dubbed PingPull launched by Gallium hackers. The Gallium APT has been around since at least 2012 and bears the markings of what is likely a nation-state threat actor, believed to be backed by the Chinese government. Their latest activity is characterized by APT’s strive […]

Read More
POLONIUM Detection: Hacker Group Abuses Microsoft OneDrive
POLONIUM Detection: Hacker Group Abuses Microsoft OneDrive

A hacker group tagged POLONIUM has been observed abusing Microsoft OneDrive personal storage service to drop custom malicious implants and launch supply chain attacks. Adversaries had succeeded in targeting more than 20 Israeli organizations before they were uncovered. There is substantial evidence that the hackers behind the attacks were based in Lebanon and were supported […]

Read More
Grandoreiro Banking Malware Detection
Grandoreiro Banking Malware Detection

Banking malware has been a true-and-tried cash cow for adversaries for a long time now. One of such efficient tools in malware distribution campaigns that target the banking sector is a remote-overlay banking trojan Grandoreiro. The trojan was first detected in 2016 (yet, some researchers claim the malware first surfaced in 2017), being used against […]

Read More
BumbleBee Malware Detection
BumbleBee Malware Detection

Security researchers report on malicious activity associated with the distribution of BumbleBee malware traced back to the initial access broker (IAB) dubbed Exotic Lily. Research data suggest that adversaries use the file transfer tools such as TransferXL, TransferNow, and WeTransfer, to spread BumbleBee malware. The malware is used to launch Cobalt Strike attacks. Detect BumbleBee […]

Read More
CVE-2022-30525 Detection: Critical Vulnerability Allows for Command Injection Attacks
CVE-2022-30525 Detection: Critical Vulnerability Allows for Command Injection Attacks

A newly discovered bug in Zyxel products endangers tens of thousands of users in Europe and the U.S. The critical vulnerability affecting Zyxel’s ATP series, VPN series, and USG FLEX series business firewalls is tracked as CVE-2022-30525, with a severity score of 9.8 CVSS. The vulnerability paves the way for hackers to execute arbitrary code […]

Read More
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom

BlackByte ransomware targeting critical infrastructures in the U.S. and across the globe since mid-summer 2021 has recently morphed into a more advanced variant. Adversaries are known to exfiltrate data before deploying ransomware and then threaten organizations to leak the stolen data if a ransom is not paid. The ransomware samples were originally written in C# […]

Read More
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability

Recent cybersecurity research has uncovered AvosLocker ransomware samples abusing the Avast Anti-Rootkit Driver file to disable anti-virus, which allows adversaries to evade detection and block defense. AvosLocker is known to represent a relatively novel ransomware family that appeared in the cyber threat arena to replace the infamous REvil, which was one of the most active […]

Read More
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes

APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]

Read More
Privilege Escalation | TA0004
Privilege Escalation | TA0004

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Privilege Escalation SOC Prime cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules aligned with the MITRE ATT&CK® framework enabling teams to focus on threats they anticipate most. With the recently released On Demand subscriptions for SOC Prime’s […]

Read More