On January 27, 2021, IBM released an official patch for a serious remote code execution vulnerability affecting its QRadar SIEM. CVE-2020-4888 Description The security hole occurs because the Java deserialization function fails to deserialize a user-supplied input securely. As a result, remote low-privileged hackers can execute arbitrary commands on the affected system by sending a […]
On February 23, 2021, VMware addressed a critical unauthorized remote code execution (RCE) bug (CVE-2021-21972) in its default vCenter Server plugin. Right after the announcement and the advisory release, threat actors started mass scans for publicly exposed instances. To date, researchers have detected 6700 VMware vCenter servers exposed to the attacks. As far as public […]
At SOC Prime, we are captured with the mission of deriving maximum value from each security tool and enabling the effective protection from the emerging threats. In August 2020, the SIGMA project adopted SOC Prime’s Sysmon backend. The backend generates Sysmon rules to be added to a Sysmon configuration, which is mold-breaking for anyone using […]
The in-depth inspection of the SolarWinds breach revealed the fourth piece of malicious software connected to this historical incident. According to the infosec experts, the new threat, dubbed Raindrop, is a Cobalt Strike downloader. It was applied in the post-compromise phase of attack to enhance lateral movement across a selected number of targeted networks. Raindrop […]
Many of our publications lately have been devoted to various ransomware strains, and the rules for detecting Matrix ransomware characteristics will not help to identify Ragnar Locker or Maze. The malware is constantly changing: its authors change not only the IOCs known to security researchers but also the behavior to make threat hunting content useless […]
Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the world’s largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]
Today, we want to introduce to our readers one of the detection content authors whose name you can see on the SOC Prime Threat Detection Marketplace Leaderboards. Meet Roman Ranskyi, Threat Hunting/Content Developer Engineer at SOC Prime. Read about Threat Bounty Program – https://my.socprime.com/tdm-developers More interviews with Threat Bounty Program developers – https://socprime.com/tag/interview/ Roman, […]
After a very hot July, especially fruitful for critical vulnerabilities (1, 2, 3), Microsoft’s Patch Tuesday in August went relatively quiet. Yes, once again more than a hundred vulnerabilities were patched, yes, 17 flaws were rated as Critical, and Microsoft didn’t point at bugs of the “We All Doomed” level. Although back then security researchers […]
Nanocore RAT has been used in cyberattacks for about 7 years, and there are a huge number of modifications of this trojan. Official, “semi-official” and cracked versions of this malware are sold on forums on the DarkNet, and sometimes even given away for free, so it is not surprising that the number of attacks using […]
The Lazarus APT group is one of the few state-sponsored cyber espionage units that also handle financially motivated cybercrimes and it is the most profitable threat actor in the cryptocurrency scene which managed to steal about $2 billion. In 2017 alone, the group stole more than half a billion dollars in cryptocurrency, so their interest […]