Tag: Osman Demir

BatLoader Malware Detection
BatLoader Malware Detection: Evasive Downloader on the Rise

Security experts warn of the notorious stealthy malware dubbed BatLoader, which has been increasingly infecting instances worldwide over the last few months. The notorious threat acts as a malware downloader dropping a variety of malicious payloads on the victims’ systems. During the latest campaigns, BatLoader has been observed delivering banking Trojans, ransomware samples, information stealers, […]

Read More
SOC Prime Threat Bounty — October 2022 Results

October ‘22 Publications In October, the members of Threat Bounty Program actively contributed detections for critical emerging threats. After the SOC Prime validation, 256 detections were successfully released on the Platform and thus were included into monetization based on the client’s activities. Read Blog Explore Detections However, 375 rules were rejected to be published. SOC […]

Read More
SOC Prime Threat Bounty — September 2022 Results

September ‘22 Publications In September, members of the Threat Bounty Community submitted 441 rules for review by the SOC Prime team via the Developer Portal and Sigma rules Slack Bot. However, only 183 rules have successfully passed the verification and were approved for publication on the SOC Prime Platform. When creating new rules and submitting […]

Read More
SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
Redeemer 2.0 Ransomware
Redeemer Ransomware Detection: New Version Distributed on Underground Forums

The Redeemer ransomware builder’s author put a new spin on the malware’s software, distributing its new version on cybercrime forums. Redeemer 2.0 ransomware version is written in C++ and is built to infect Windows OS hosts. The first version of Redeemer was released in the Summer of 2021, followed by its upgraded variant published last […]

Read More
Luca Stealer Malware
Luca Malware Detection: Novel Infostealer Grabs The Headlines

A new infostealer is getting traction after its source code was shared earlier this month on cybercrime forums. Researchers suggest that the malware developers took this step as a marketing ploy to build a reputation and increase future sales. The malware developer has also included instructions on how to edit this Rust-based stealer and compile […]

Read More
Multistage ZuoRAT Malware
ZuoRAT Malware Detection

A stealthy fly-under-the-radar remote access trojan (RAT) dubbed ZuoRAT has been compromising a relatively easy target – small office/home office (SOHO) routers. The malware has been in use since 2020, mainly affecting remote workers based in the U.S. and Western Europe with access to corporate networks. Researchers warn that the observed tactics, techniques and procedures […]

Read More
New Voicemail Phishing Scam
Fake Voicemail Campaign Detection: New-Old Phishing Attack Hits the U.S.

A new phishing campaign is on the rise, impacting a wide range of industries and organizations in the U.S., including critical infrastructures such as security, healthcare and pharmaceuticals, the military, and also manufacturing supply chain. The scam began sweeping across the U.S. in May 2022 and is still going on. The targets receive a phishing […]

Read More
YourCyanide Ransomware
YourCyanide Detection: New Self-Propagating Ransomware Variant

New ransomware variant follows in the footsteps of the GonnaCope ransomware, the first strain in the family of CMD-based ransomware that first surfaced in April 2022. Other similar samples that were uploaded to VirusTotal in May 2022 are known as Kekpop and Kekware. The rising player is dubbed YourCyanide and presumably has all it takes […]

Read More
EnemyBot Malware
EnemyBot Malware Detection: IoT Botnet Exploits More Bugs

Keksec, aka Nero and Freakout, the threat actor behind the advanced EnemyBot botnet, is expanding its reach by leveraging more exploits, compromising multiple organizations regardless of their industry vertical. The EnemyBot malware authors took all the best and left behind the obsolete of code used in other botnets such as Gafgyt, Qbot, or Mirai. The […]

Read More