Tag: Rule Digest

Erase of Shadow Copies Detection Rules

Many of our publications lately have been devoted to various ransomware strains, and the rules for detecting Matrix ransomware characteristics will not help to identify Ragnar Locker or Maze. The malware is constantly changing: its authors change not only the IOCs known to security researchers but also the behavior to make threat hunting content useless […]

Read More
Rule Digest: Valak and HanaLoader Malware, MSBuild Abuse, and More

And again, we are pleased to present our Rule Digest, which this time shows the detection content of not only the participants in the Threat Bounty Program but also the SOC Prime Team. Today we will tell you a little about Valak and HanaLoader malware, detection of data dump and MSBuild abuse, and commandline argument […]

Read More
Rule Digest: Trojans and Ransomware

In today’s digest, we want to highlight the content provided by members of the Threat Bounty Program that will help security solutions to detect Saefko RAT, Ursa trojan, and a pack of actively spreading ransomware strains.  The Saefko RAT is a relatively fresh remote-access trojan written in .NET that was first spotted in the midst […]

Read More
Rule Digest: RATs, Infostealers, and Emotet Malware

Today is Saturday, which means it’s time for our next Rule Digest, in which we will tell you about interesting content for malware detection released this week. And yes, we again pay particular attention to the rules that participants in the Threat Bounty Program have published. We start with the rule published by Ariel Millahuel, […]

Read More
Rule Digest: APT Groups, Malware Campaigns and Windows Telemetry

This week our Rule Digest covers more content than usual. It compiles rules for detecting recent attacks of state-sponsored actors, malware campaigns conducted by cybercriminals, and abusing Windows telemetry.   Mustang Panda is the China-based threat group that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations. This APT group […]

Read More
Rule Digest: Emotet, Ransomware, and Trojans

Hello everyone, we are back with five fresh rules submitted this week by participants of the Threat Bounty Program. You can check our previous digests here, and if you have any questions, then welcome to the chat. Pykspa worm-like malware can install itself to maintain persistence, listen to incoming port for additional commands, and drop […]

Read More
Rule Digest: Detection Content by SOC Prime Team

We are pleased to present to you the latest Rule Digest, which, unlike the previous digest, consists of rules developed by the SOC Prime Team only. This is a kind of thematic selection since all of these rules helps to find malicious activity via cmdline by analyzing sysmon logs. But before moving directly to the […]

Read More
Rule Digest: RCE, CVE, OilRig and more

This digest includes rules from both members of the Threat Bounty Program and the SOC Prime Team. Let’s start with rules by Arunkumar Krishna which will debut in our Rule Digest with CVE-2020-0932: A Remote Code Execution Bug in Microsoft SharePoint. CVE-2020-0932 was patched in April, it allows authenticated users to execute arbitrary code on […]

Read More
Rule Digest: Web Server Security and Trojan Detection

We continue to draw your attention to rules whose capabilities are beyond the more common detection content analyzing Sysmon logs. Today in our digest there are two rules for detecting attacks on Web Servers, a continuation of a series of rules (1, 2) for discovering traces of Outlaw hacking group attacks, and detection content that […]

Read More