Tag: Sigma

Threat Hunting Content: Uncover Bladabindi Backdoor
Threat Hunting Content: Uncover Bladabindi Backdoor

Bladabindi backdoor has been known since at least 2013, its authors monitor cybersecurity trends and improve backdoor to prevent its detection: they recompile, refresh, and rehash it, so IOCs-based detection content is almost useless. In 2018, the Bladabindi backdoor became fileless and was used as a secondary payload delivered by njRAT / Njw0rm malware. The […]

Read More
Sigma Rule: Sophos Firewall Asnarok Malware Campaign
Sigma Rule: Sophos Firewall Asnarok Malware Campaign

An emergency security update for Sophos XG Firewall was released this Saturday. The update patches a zero-day SQL injection remote code execution vulnerability that is actively exploited in the wild. It allows cybercriminals to compromise Sophos firewalls via their management interface and deploy Asnarok malware. The Trojan steals the firewall’s license and serial number, user […]

Read More
Detection Content: Finding Ursnif Trojan Activity
Detection Content: Finding Ursnif Trojan Activity

The ‘Process Injection by Ursnif (Dreambot Malware)’ exclusive rule by Emir Erdogan is released on Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/IIfltgwf9Tqh/piHTv3EBjwDfaYjKDztK/  Ursnif banking Trojan has been used by adversaries in various modifications for about 13 years, constantly gaining new features and acquiring new tricks to avoid security solutions. Its source code was leaked in 2014, and since […]

Read More
Threat Hunting Content to Spot Traces of Buer Loader
Threat Hunting Content to Spot Traces of Buer Loader

New community rule by Ariel Millahuel that enables detection of Buer loader is available on Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/5F93tXFdZmx9/ Buer is a modular loader that was first spotted at the end of last summer and since then this malware has been actively promoted on the underground marketplaces. Proofpoint researchers tracked multiple campaigns spreading Buer loader, […]

Read More
Interview with Developer: Den Iuzvyk
Interview with Developer: Den Iuzvyk

SOC Prime is presenting another interview with a participant of the SOC Prime Threat Bounty Developer Program (https://my.socprime.com/en/tdm-developers). We want to introduce to you Den Iuzvyk who published 60+ community rules of the highest quality and detection value during six months of his participation in the Threat Bounty Program. Read more interviews with content developers […]

Read More
Rule Digest: Fresh Content to Detect Trojans and Ransomware
Rule Digest: Fresh Content to Detect Trojans and Ransomware

SOC Prime brings to your attention a small digest of the latest community rules developed by participants of the Threat Bounty Program (https://my.socprime.com/en/tdm-developers). The digest includes 5 rules that help to detect Trojans and Hidden Tear Ransomware. In the future, we will continue to publish such selections of content to detect specific threat actors or […]

Read More
Detection content that uncovers attempts to steal AccessKey for the current session in Azure
Detection content that uncovers attempts to steal AccessKey for the current session in Azure

‘The Suspicious Command Line Contains Azure TokenCache.dat as Argument’ community rule by the SOC Prime‍ team is available at Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/MzSiYeDJ9PvW/ The TokenCache.dat file contains the AccessKey for the current session and is stored as a plaintext JSON file. Any manipulations with this file via the command line may indicate an attempt to steal […]

Read More
Threat Bounty Program: To Infinity… and Beyond!
Threat Bounty Program: To Infinity… and Beyond!

+30% bonus on Threat Bounty Payout for March and Steady Income Generation on Threat Research in times of WFH and COVID19 “We are witnessing the cyber security industry transformation. Software has progressed from waterfall and kanban to agile processes and CI/CD. The discipline of threat detection engineering has evolved too. This became possible due to […]

Read More
Interview with Developer: Osman Demir
Interview with Developer: Osman Demir

We present to your attention new interview with the participant in SOC Prime’s Developer Program (https://my.socprime.com/en/tdm-developers). Meet Osman Demir. Tell us a bit about yourself and your experience in threat-hunting. Hello, I’m Osman Demir. I live in Istanbul, Turkey, and I’m 25 years old. I finished my education in Computer Engineering in 2017, and I […]

Read More
Interview with Developer: Ariel Millahuel
Interview with Developer: Ariel Millahuel

We took another interview with one of the participants in SOC Prime’s Developer Program (https://my.socprime.com/en/tdm-developers). We want to introduce to you Ariel Millahuel. Ariel, could you please introduce yourself and tell us about your Threat Hunting experience? I’m Ariel Millahuel from Buenos Aires, Argentina and I’m 30 years old. I started in the Threat Hunting […]

Read More