Tag: Sigma

Raspberry Robin Malware Detection: New Connections Revealed
Raspberry Robin Malware Detection: New Connections Revealed

In late July, Microsoft researchers released new evidence linking Raspberry Robin Windows worm to the activity of the russia-backed Evil Corp gang. Raspberry Robin, a USB-based worm designed as a malware loader, shows similar functionality and structural elements to those of Dridex malware, indicating that a notorious Evil Corp group may be behind the new […]

Read More
AgentTesla Spyware Massively Distributed in Phishing Campaigns Targeting Ukrainian, Austrian, and German Organizations
AgentTesla Spyware Massively Distributed in Phishing Campaigns Targeting Ukrainian, Austrian, and German Organizations

On August 30 and 31, 2022, CERT-UA revealed a burst of adversary activity massively distributing phishing emails among Ukrainian, Austrian, and German organizations. According to the corresponding CERT-UA#5252 alert, hackers exploit the email attachment vector spreading the notorious AgentTesla info-stealing malware. The malicious activity can be attributed to the behavior patterns of the hacking collective […]

Read More
HYPERSCRAPE Detection: Iranian Cyberespionage Group APT35 Uses a Custom Tool to Steal User Data
HYPERSCRAPE Detection: Iranian Cyberespionage Group APT35 Uses a Custom Tool to Steal User Data

The malicious campaigns of the Iran-backed APT34 hacking collective also tracked as Charming Kitten, have been causing a stir in the cyber threat arena in 2022, including the cyber-attacks exploiting Microsoft Exchange ProxyShell vulnerabilities. In late August 2022, cybersecurity researchers revealed the ongoing malicious activity posing a serious threat to Gmail, Yahoo!, and Microsoft Outlook […]

Read More
SOC Prime Threat Bounty — July 2022 Results
SOC Prime Threat Bounty — July 2022 Results

July ‘22 Updates During the previous month, we introduced several improvements to content validation and Sigma Rules Bot for Threat Bounty, released a number of blog articles providing an extended context to the threat detection rules published by Threat Bounty Program members, and worked in close cooperation with content authors on improving the already existing […]

Read More
Zeppelin Ransomware Detection: CISA and FBI Issue a Joint Advisory for Enhanced Protection Against RaaS Threats
Zeppelin Ransomware Detection: CISA and FBI Issue a Joint Advisory for Enhanced Protection Against RaaS Threats

According to SOC Prime’s Detection as Code Innovation Report covering the threat landscape of 2021-2022, the Ransomware-as-a-Service (RaaS) model is gaining a monopoly in the cyber threat arena, with the majority of ransomware affiliates involved in diverse RaaS campaigns. On August 11, 2022, CISA, in conjunction with the FBI, issued a joint cybersecurity advisory on […]

Read More
BlueSky Ransomware Detection: Targets Windows Hosts and Leverages Multithreading for Faster Encryption
BlueSky Ransomware Detection: Targets Windows Hosts and Leverages Multithreading for Faster Encryption

BlueSky ransomware represents a rapidly evolving malware family that involves sophisticated anti-analysis capabilities and constantly enhances its evasion techniques. BlueSky ransomware targets Windows hosts and relies on a multithreading technique for faster file encryption. Cybersecurity researchers attribute the revealed ransomware patterns to the adversary activity of the infamous Conti ransomware group, which has long been […]

Read More
Cuba Ransomware Detection: Tropical Scorpius Threat Actors Deploy Novel RAT Malware in Targeted Attacks
Cuba Ransomware Detection: Tropical Scorpius Threat Actors Deploy Novel RAT Malware in Targeted Attacks

High-profile ransomware attacks illustrate a growing trend in the cyber threat arena in 2021-2022, with the majority of ransomware affiliates engaged in various ransomware-as-a-service (RaaS) programs. In May 2022, cybersecurity researchers noticed novel adversary campaigns deploying Cuba ransomware attributed to the malicious activity of a hacking group tracked as Tropical Scorpius. In these latest attacks, […]

Read More
Armageddon APT aka UAC-0010 Uses GammaLoad and GammaSteel Malware in Targeted Cyber-Attacks on Ukraine
Armageddon APT aka UAC-0010 Uses GammaLoad and GammaSteel Malware in Targeted Cyber-Attacks on Ukraine

With the outbreak of the global cyber war, the malicious activity of the Armageddon cyber-espionage group aka Gamaredon or UAC-0010 has been in the limelight in the cyber threat arena targeting Ukrainian state bodies. The hacking collective launched a series of phishing cyber-attacks, including campaigns in May spreading GammaLoad.PS1_v2 malware and in April 2022. On […]

Read More
CVE-2022-27925 Detection: Mass Exploitation of Remote Code Execution (RCE) Vulnerability in Zimbra Collaboration Suite
CVE-2022-27925 Detection: Mass Exploitation of Remote Code Execution (RCE) Vulnerability in Zimbra Collaboration Suite

Exploitation attempts of vulnerabilities found in Zimbra Collaboration Suite (ZCS) are coming into the spotlight in the cyber threat arena, like in the case of CVE-2018-6882 used in a targeted cyber-espionage campaign against Ukrainian state bodies in mid-April 2022. Throughout July and August 2022, cybersecurity researchers were investigating a series of security breaches affecting ZCS […]

Read More
Cisco Hacked by Yanluowang: Detect Relevant Malicious Activity With Sigma Rules Kit
Cisco Hacked by Yanluowang: Detect Relevant Malicious Activity With Sigma Rules Kit

On August 10, 2022, Cisco officially confirmed its corporate network hack by the Yanluowang ransomware group earlier this year. The tech giant claims that the breach was reported internally on May 24 and was further investigated by Cisco Security Incident Response (CSIRT) team. This Cisco’s security incident made the headlines after the Yanluowang threat actors […]

Read More