Today is Saturday, which means it’s time for our next Rule Digest, in which we will tell you about interesting content for malware detection released this week. And yes, we again pay particular attention to the rules that participants in the Threat Bounty Program have published. We start with the rule published by Ariel Millahuel, […]
This week our Rule Digest covers more content than usual. It compiles rules for detecting recent attacks of state-sponsored actors, malware campaigns conducted by cybercriminals, and abusing Windows telemetry. Mustang Panda is the China-based threat group that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations. This APT group […]
Hello everyone, we are back with five fresh rules submitted this week by participants of the Threat Bounty Program. You can check our previous digests here, and if you have any questions, then welcome to the chat. Pykspa worm-like malware can install itself to maintain persistence, listen to incoming port for additional commands, and drop […]
We are pleased to present to you the latest Rule Digest, which, unlike the previous digest, consists of rules developed by the SOC Prime Team only. This is a kind of thematic selection since all of these rules helps to find malicious activity via cmdline by analyzing sysmon logs. But before moving directly to the […]
This digest includes rules from both members of the Threat Bounty Program and the SOC Prime Team. Let’s start with rules by Arunkumar Krishna which will debut in our Rule Digest with CVE-2020-0932: A Remote Code Execution Bug in Microsoft SharePoint. CVE-2020-0932 was patched in April, it allows authenticated users to execute arbitrary code on […]
We continue to draw your attention to rules whose capabilities are beyond the more common detection content analyzing Sysmon logs. Today in our digest there are two rules for detecting attacks on Web Servers, a continuation of a series of rules (1, 2) for discovering traces of Outlaw hacking group attacks, and detection content that […]
This week, the rules to detect malware and APT activity from both our team and the participants of the SOC Prime Threat Bounty Program got into the spotlight. In digests, we try to draw your attention to interesting rules published over the past week. APT StrongPity by Ariel Millahuel https://tdm.socprime.com/tdm/info/lC2OEeruDxdg/fos3nHEB1-hfOQir9NI-/?p=1 StrongPity APT (aka Promethium) […]
SOC Prime brings to your attention a small digest of the latest community rules developed by participants of the Threat Bounty Program (https://my.socprime.com/en/tdm-developers). The digest includes 5 rules that help to detect Trojans and Hidden Tear Ransomware. In the future, we will continue to publish such selections of content to detect specific threat actors or […]