Last week, researchers published details of the attacks targeted at Middle Eastern telecommunications carried out by APT34 (aka OilRig and Helix Kitten), and updated tools in the arsenal of this group. Of course, participants in the Threat Bounty Program did not pass by and published a couple of rules for detecting RDAT Backdoor, but more […]
For never was a story of more woe than this of once again returning Emotet. This time, there were no full-scale campaigns for about seven months, although isolated cases of infection were recorded and researchers found documents distributing this malware. The attacks resumed last Friday, with the botnet sending about 250,000 emails in a matter […]
Again, we go off the usual publication schedule due to the emergence of an exploit for the critical vulnerability CVE-2020-3452 in Cisco ASA & Cisco Firepower, as well as the emergence of rules for detecting exploitation of this vulnerability. CVE-2020-3452 – one more headache in July CVE-2020-3452 was discovered late last year, but it wasn’t […]
The Covid19 outbreak has revealed a number of blind sides of cybersecurity. We do our best to keep you in the picture of the latest trends on our Weekly Talks, webinars, relevant content Digests. However, human curiosity in the flood of information may be a weak spot. FormBook, the infostealer known since 2016, has been […]
July turned out to be fruitful for disclosed critical vulnerabilities: CVE-2020-5903 (F5 BIG-IP), CVE-2020-8193 (Citrix ADC / Netscaler), CVE-2020-2034 (Palo Alto PAN-OS), CVE-2020-6287 (SAP Netweaver), CVE-2020-3330 (Cisco VPN / Firewalls), and CVE-2020-1350 (aka SIGRed, the vulnerability in Microsoft Windows DNS Server). Last week, Threat Bounty Program contributors and the SOC Prime team published a series […]
Today’s post is about fresh versions of Hancitor trojan and a couple of rules released by Threat Bounty Program participants which enables security solutions to detect them. Hancitor Trojan (Evasion Technique) community rule by Emir Erdogan: https://tdm.socprime.com/tdm/info/GwJ4Y7k7tzaz/1rBKXHMBSh4W_EKGF2on/?p=1 Hancitor infection with Ursnif exclusive rule by Osman Demir: https://tdm.socprime.com/tdm/info/DXrFgt0kTBg1/Z9TBUXMBPeJ4_8xc-IFm/ This malware appeared in 2013 and at the […]
This week we will not highlight any rule in the “Rule of the Week” section, because the hottest rules have already been published in yesterday’s special digest dedicated to the rules that detect exploitation of a critical vulnerability in Windows DNS Servers, CVE-2020-1350 (aka SIGRed). Today’s publication is dedicated to the detection of GoldenHelper malware […]
Today we introduce a special digest of content that helps to detect exploitation of a critical vulnerability in Windows DNS Servers. The vulnerability became known only two days ago, but since then, both the SOC Prime team (represented by Nate Guagenty) and the Threat Bounty Program participants have published 10+ rules for detecting various ways […]
Today in the Threat Hunting Content section, we want to pay attention to the community rule released in Threat Detection Marketplace by Ariel Millahuel that detects fresh samples of SamoRAT malware: https://tdm.socprime.com/tdm/info/38LTISI1kgNm/w6aTR3MBQAH5UgbBM9Gi/?p=1 This remote access trojan appeared on the radars of researchers recently, the first SamoRAT samples were discovered about a month ago. The trojan […]
In one of our Threat Hunting Content blog posts, we already observed a rule to detect Avaddon ransomware, a new Ransomware-as-a-Service variant that was first spotted in early June. One of the most active distributors of Avaddon ransomware is Phorpiex botnet, which recently recovered from losses incurred earlier this year. Infected systems can send tens […]