Tag: Rule Digest

FireEye Breach: Leaked Red Team Toolkit Detection
FireEye Breach: Leaked Red Team Toolkit Detection

This week the cybersecurity community was struck by the news that one of the top security firms was compromised by an unnamed sophisticated APT group. Adversaries were interested in Red Team tools used by FireEye to test their customers ’security and looked for information related to government customers. An investigation is ongoing and F.B.I. Cyber […]

Read More
Erase of Shadow Copies Detection Rules
Erase of Shadow Copies Detection Rules

Many of our publications lately have been devoted to various ransomware strains, and the rules for detecting Matrix ransomware characteristics will not help to identify Ragnar Locker or Maze. The malware is constantly changing: its authors change not only the IOCs known to security researchers but also the behavior to make threat hunting content useless […]

Read More
Rule Digest: Valak and HanaLoader Malware, MSBuild Abuse, and More
Rule Digest: Valak and HanaLoader Malware, MSBuild Abuse, and More

And again, we are pleased to present our Rule Digest, which this time shows the detection content of not only the participants in the Threat Bounty Program but also the SOC Prime Team. Today we will tell you a little about Valak and HanaLoader malware, detection of data dump and MSBuild abuse, and commandline argument […]

Read More
Rule Digest: Trojans and Ransomware
Rule Digest: Trojans and Ransomware

In today’s digest, we want to highlight the content provided by members of the Threat Bounty Program that will help security solutions to detect Saefko RAT, Ursa trojan, and a pack of actively spreading ransomware strains.  The Saefko RAT is a relatively fresh remote-access trojan written in .NET that was first spotted in the midst […]

Read More
Rule Digest: RATs, Infostealers, and Emotet Malware
Rule Digest: RATs, Infostealers, and Emotet Malware

Today is Saturday, which means it’s time for our next Rule Digest, in which we will tell you about interesting content for malware detection released this week. And yes, we again pay particular attention to the rules that participants in the Threat Bounty Program have published. We start with the rule published by Ariel Millahuel, […]

Read More
Rule Digest: APT Groups, Malware Campaigns and Windows Telemetry
Rule Digest: APT Groups, Malware Campaigns and Windows Telemetry

This week our Rule Digest covers more content than usual. It compiles rules for detecting recent attacks of state-sponsored actors, malware campaigns conducted by cybercriminals, and abusing Windows telemetry.   Mustang Panda is the China-based threat group that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations. This APT group […]

Read More
Rule Digest: Emotet, Ransomware, and Trojans
Rule Digest: Emotet, Ransomware, and Trojans

Hello everyone, we are back with five fresh rules submitted this week by participants of the Threat Bounty Program. You can check our previous digests here, and if you have any questions, then welcome to the chat. Pykspa worm-like malware can install itself to maintain persistence, listen to incoming port for additional commands, and drop […]

Read More
Rule Digest: Detection Content by SOC Prime Team
Rule Digest: Detection Content by SOC Prime Team

We are pleased to present to you the latest Rule Digest, which, unlike the previous digest, consists of rules developed by the SOC Prime Team only. This is a kind of thematic selection since all of these rules helps to find malicious activity via cmdline by analyzing sysmon logs. But before moving directly to the […]

Read More
Rule Digest: Trojans, Cyberspies and RATicate group
Rule Digest: Trojans, Cyberspies and RATicate group

This week in our digest there are rules exclusively developed by participants of the Threat Bounty Program. Threat actor behind the recent Ursnif variant possibly conducts targeted cybercrime operations that are still ongoing. At the heart of these campaigns is a variant of the Ursnif Trojan that was repurposed as a downloader and reconnaissance tool […]

Read More
Rule Digest: RCE, CVE, OilRig and more
Rule Digest: RCE, CVE, OilRig and more

This digest includes rules from both members of the Threat Bounty Program and the SOC Prime Team. Let’s start with rules by Arunkumar Krishna which will debut in our Rule Digest with CVE-2020-0932: A Remote Code Execution Bug in Microsoft SharePoint. CVE-2020-0932 was patched in April, it allows authenticated users to execute arbitrary code on […]

Read More