Tag: Osman Demir

New Voicemail Phishing Scam
Fake Voicemail Campaign Detection: New-Old Phishing Attack Hits the U.S.

A new phishing campaign is on the rise, impacting a wide range of industries and organizations in the U.S., including critical infrastructures such as security, healthcare and pharmaceuticals, the military, and also manufacturing supply chain. The scam began sweeping across the U.S. in May 2022 and is still going on. The targets receive a phishing […]

Read More
YourCyanide Ransomware
YourCyanide Detection: New Self-Propagating Ransomware Variant

New ransomware variant follows in the footsteps of the GonnaCope ransomware, the first strain in the family of CMD-based ransomware that first surfaced in April 2022. Other similar samples that were uploaded to VirusTotal in May 2022 are known as Kekpop and Kekware. The rising player is dubbed YourCyanide and presumably has all it takes […]

Read More
EnemyBot Malware
EnemyBot Malware Detection: IoT Botnet Exploits More Bugs

Keksec, aka Nero and Freakout, the threat actor behind the advanced EnemyBot botnet, is expanding its reach by leveraging more exploits, compromising multiple organizations regardless of their industry vertical. The EnemyBot malware authors took all the best and left behind the obsolete of code used in other botnets such as Gafgyt, Qbot, or Mirai. The […]

Read More
Malicious Python Package PyMafka
PyMafka Attack Detection

Earlier this month, security researchers discovered a malicious package in the Python Package Index (PyPI) registry. Once in the system, PyMafka fetches a relevant Cobalt Strike beacon based on the victim’s OS. The name suggests that PyMafka is an attempt at typosquatting a PyKafka – a cluster-aware Kafka protocol client for Python. Detect PyMafka In […]

Read More
SYK Crypter Detection: NET. Malware Spreading a Batch of RATs via Discord

As Discord is gaining extreme popularity among online user communities, with 150 million people using it as of 2021, hackers turn their sights to this chat, VoIP, and digital distribution platform. The possible attack surface is vast and promising, allowing threat actors to abuse Discord for malware distribution and other nefarious actions.  Recently, security researchers […]

Read More
Eternity MaaS
Eternity Malware Detection: Novel Modular MaaS

While cybersecurity professionals are working hard to augment SOC operations with more scalable and innovative solutions, threat actors are also putting an effort not to be left to bring up the rear in this everlasting security race. Security researchers detect the surge in the numbers of malware-as-a-service (MaaS) offers, with its operators coming with new […]

Read More
Operation restyLink Detection
Operation RestyLink: Detecting APT Campaign Targeting Japan

Since April 2022 researchers are observing a series of targeted cyber-attacks aimed specifically at Japanese organizations. The campaign, dubbed Operation RestyLink, is believed to be active since at least March 2022, with related malicious activity traced back to October 2021. The exact attribution is currently unclear, but the attack kill chain and its highly-targeted nature […]

Read More
Execution Tactic | TA0002

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Execution SOC Prime’s Detection as Code platform provides access to a constantly growing library of 180,000+ context-enriched detection and response algorithms aligned with the MITRE ATT&CK® framework v.10. The newly released On Demand subscription tiers for SOC Prime’s platform provide curated Sigma rules […]

Read More
Privilege Escalation | TA0004

Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Privilege Escalation SOC Prime cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules aligned with the MITRE ATT&CK® framework enabling teams to focus on threats they anticipate most. With the recently released On Demand subscriptions for SOC Prime’s […]

Read More
Lazarus APT Armed With TraderTraitor Malware
TraderTraitor Malware Detection: CISA, FBI, and U.S. Treasury Department Warn of Cyber-Attacks by Lazarus APT

Lazarus APT has become a frequent guest of our blog posts. According to the recent security reports, North Korean State-Sponsored APT acts quickly, jeopardizing financial and critical infrastructures, blockchain technology-oriented companies, and the cryptocurrency sector. The U.S. government organizations released details about malware-laced cryptocurrency applications under the umbrella term “TraderTraitor”, distributed via a phishing campaign […]

Read More