Tag: Sigma

Detection Content: APT38 Malware
Detection Content: APT38 Malware

We recently published a rule to discover one of the latest tools of the notorious APT38 group more known as Lazarus or Hidden Cobra. And it is time to continue publishing content to discover this sophisticated cybercriminal group. In today’s article, we will give the links on fresh detection content from one of the first […]

Read More
Threat Hunting Content: Devil Shadow Botnet
Threat Hunting Content: Devil Shadow Botnet

Nowadays, during the lockdown, many organizations continue to use Zoom at the corporate level to conduct conference meetings, despite the security issues found in this application. Attackers have been exploiting the increased popularity of this application for several months, and you can partially protect your organization from attacks by hardening Zoom service. But this will […]

Read More
Rule Digest: Detection Content by SOC Prime Team
Rule Digest: Detection Content by SOC Prime Team

We are pleased to present to you the latest Rule Digest, which, unlike the previous digest, consists of rules developed by the SOC Prime Team only. This is a kind of thematic selection since all of these rules helps to find malicious activity via cmdline by analyzing sysmon logs. But before moving directly to the […]

Read More
Detection Content: Scarab Ransomware
Detection Content: Scarab Ransomware

Scarab ransomware was spotted for the first time in June 2017 and had been reappearing with new versions since then. This ransomware is one of the many HiddenTear variants, an open source ransomware Trojan released in 2015.  The recently discovered versions of ransomware use an improved RSA encryption method and add various extensions to infected […]

Read More
Threat Hunting Content: PipeMon malware detection
Threat Hunting Content: PipeMon malware detection

PipeMon is a modular backdoor that is signed with a certificate belonging to a video game company, which was compromised by Winnti group in 2018. Researchers at ESET discovered this backdoor used in attacks on companies in South Korea and Taiwan that develop popular Massively Multiplayer Online games. They named the backdoor PipeMon because the […]

Read More
IOC Sigma: GreenBug APT Group Activities
IOC Sigma: GreenBug APT Group Activities

Greenbug APT is an Iranian-based cyber-espionage unit that has been active since at least June 2016. The group most likely uses spear-phishing attacks to compromise targeted organizations. Adversaries use multiple tools to compromise other systems on the network after an initial compromise, and steal user names and passwords from operating systems, email accounts, and web […]

Read More
Interview with Developer: Sreeman Shanker
Interview with Developer: Sreeman Shanker

Meet Sreeman, one of the most active participants of SOC Prime Threat Bounty Program. Sreeman has been participating in the Threat Bounty Program since December 2019. Before he started publishing his own developed content to Threat Detection Marketplace, Sreeman had contributed a bulk of changes and improvement to the existing TDM content translations for Azure […]

Read More
Detection Content: Malspam Downloads Zloader Malware
Detection Content: Malspam Downloads Zloader Malware

Zloader Trojan (also known as Zeus Sphinx and Terdot) was initially spotted in August 2015. It is based on the Zeus v2 Trojan’s leaked source code and cybercriminals used it in attacks on financial organizations across the globe collecting sensitive data via web injections. In early 2018, the use of this banking Trojan in the […]

Read More
Rule Digest: Trojans, Cyberspies and RATicate group
Rule Digest: Trojans, Cyberspies and RATicate group

This week in our digest there are rules exclusively developed by participants of the Threat Bounty Program. Threat actor behind the recent Ursnif variant possibly conducts targeted cybercrime operations that are still ongoing. At the heart of these campaigns is a variant of the Ursnif Trojan that was repurposed as a downloader and reconnaissance tool […]

Read More
Rule of the Week: QakBot Malware Detection
Rule of the Week: QakBot Malware Detection

QakBot banking trojan (aka QBot) has been used in attacks on organizations for over 10 years, and its authors continuously monitor threat landscape trends adding new features or removing them if they don’t work properly. In 2017, this malware possessed worm-like capabilities and was capable of locking Active Directory users to make additional damage to […]

Read More