Tag: Sigma

SYK Crypter Detection: NET. Malware Spreading a Batch of RATs via Discord

As Discord is gaining extreme popularity among online user communities, with 150 million people using it as of 2021, hackers turn their sights to this chat, VoIP, and digital distribution platform. The possible attack surface is vast and promising, allowing threat actors to abuse Discord for malware distribution and other nefarious actions.  Recently, security researchers […]

Read More
AveMariaRAT, BitRAT, and PandoraHVNC
Fileless Malware Detection: AveMariaRAT / BitRAT / PandoraHVNC Attacks

Cybercrooks are targeting Microsoft Windows users with three fileless malware strains used at once in a new phishing campaign. The phishing mail mimics a payment report from a trusted source, with a brief request to view an attached Microsoft Excel document. The file contains weaponized macros and, once launched, drops the malware aimed to steal […]

Read More
Operation restyLink Detection
Operation RestyLink: Detecting APT Campaign Targeting Japan

Since April 2022 researchers are observing a series of targeted cyber-attacks aimed specifically at Japanese organizations. The campaign, dubbed Operation RestyLink, is believed to be active since at least March 2022, with related malicious activity traced back to October 2021. The exact attribution is currently unclear, but the attack kill chain and its highly-targeted nature […]

Read More
CVE-2022-30525 Detection: Critical Vulnerability Allows for Command Injection Attacks

A newly discovered bug in Zyxel products endangers tens of thousands of users in Europe and the U.S.. The critical vulnerability affecting Zyxel’s ATP series, VPN series, and USG FLEX series business firewalls is tracked as CVE-2022-30525, with a severity score of 9.8 CVSS. The vulnerability paves the way for hackers to execute arbitrary code […]

Read More
SIGMA Rules: The Beginner’s Guide

This blog post argues for SIGMA as a detection language, covers the most critical SIGMA rule components (logsource & detection), SIGMA taxonomy, testing SIGMA Rules, and generally prepares analysts who are new to SIGMA to write their first rules. A short discussion on detection engineering with SIGMA is also provided regarding noise, ideas, log sources, […]

Read More
Threat Bounty Program
SOC Prime Threat Bounty — April 2022 Results

In April, the Threat Bounty Program members contributed to the defense of the global community against the most recent cyber threats. Notably, the keen members of the Threat Bounty community have contributed detections helping to withstand recent FIN7 attacks, the TraderTraitor Malware,  Quantum Ransomware, and many others. Read More Go to Platform April ‘22 Results […]

Read More
Saitama Malware
Saitama Backdoor Detection: APT34 Aims New Malware at Jordan’s Foreign Ministry

Iranian hackers known as APT34 have launched a spear-phishing campaign distributing a novel backdoor named Saitama. This time, APT34 targets officials from Jordan’s Foreign Ministry. APT34 is associated with other monikers, such as OilRig, Cobalt Gypsy IRN2, and Helix Kitten, and has been active since at least 2014, mostly attacking entities in finance and government, […]

Read More
Armageddon Cyber Espionage Group
Armageddon APT Known As UAC-0010 Drops GammaLoad.PS1_v2 Espionage Malware in a New Phishing Campaign Against Ukraine

The infamous Russian state-sponsored hacking collective, Armageddon, recently involved in phishing attacks targeting Ukrainian and European state bodies, continues its malicious activity. Based on the latest CERT-UA investigations, Armageddon threat actors also identified as UAC-0010 have been observed in another cyber-attack against Ukraine distributing phishing emails and spreading malicious software dubbed GammaLoad.PS1_v2.  Armageddon APT Targeting […]

Read More
Novel Nerbian RAT
Nerbian RAT Detection: Novel Trojan That Leverages Covid-19 Lures to Target European Users

Another day, another RAT is sniffing its way into systems of hackers’ interest. This time the trojan called Nerbian RAT is in the limelight, leveraging Covid-19 and World’s Health Organization lures to proceed with targeted attacks against users in Italy, Spain, and the UK. The newly-discovered threat is written in Go, making the malware OS-agnostic […]

Read More
CVE-2022-26923 Detection: Active Directory Domain Privilege Escalation Vulnerability

Privilege exploitation attacks in Microsoft’s Windows Active Directory (AD) Domain environments are expanding their scope and growing in scale to target millions of devices. The Microsoft Security Response Center (MSRC) has recently updated information on security flaws that affect the company’s products and services, highlighting the newly discovered Active Directory Domain Services elevation of privilege […]

Read More