Tag: Sittikorn

SOC Prime Threat Bounty Digest — June 2024 Results
SOC Prime Threat Bounty Digest — June 2024 Results

Detection Content Submission & Release In June, SOC Prime’s Threat Bounty Program members started using Uncoder AI to create, validate, and submit rules for review before the release on the SOC Prime Platform. We are happy to provide authors with the tool that assists them in creating high-quality detection rules for Threat Bounty and supports […]

Read More
Matanbuchus Malware Detection: New Malspam Campaign Distributes Malware Loader and Cobalt Strike
Matanbuchus Malware Detection: New Malspam Campaign Distributes Malware Loader and Cobalt Strike

Matanbuchus first surfaced in early 2021 as a malware-as-a-service (MaaS) project at a rental price of $2,500. Matanbuchus is a loader that uses two DLLs during the malware’s run cycle. This year the malware is delivered in phishing attacks aimed at deploying Cobalt Strike beacons. Detect Matanbuchus Malware For an efficient Matanbuchus malware detection, use […]

Read More
NetDooka Malware Detection: NetDooka Enables Data Theft and Hijacking
NetDooka Malware Detection: NetDooka Enables Data Theft and Hijacking

Adversaries utilize the PrivateLoader pay-per-install (PPI) malware distribution platform to spread a new malware framework dubbed NetDooka. This comprehensive malware framework possesses several components, such as a loader, a dropper, a kernel-mode process, a file protection driver, and a remote access trojan (RAT). The launching element of the infection chain ⁠of the NetDooka framework is […]

Read More
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability

Recent cybersecurity research has uncovered AvosLocker ransomware samples abusing the Avast Anti-Rootkit Driver file to disable anti-virus, which allows adversaries to evade detection and block defense. AvosLocker is known to represent a relatively novel ransomware family that appeared in the cyber threat arena to replace the infamous REvil, which was one of the most active […]

Read More
TraderTraitor Malware Detection: CISA, FBI, and U.S. Treasury Department Warn of Cyber-Attacks by Lazarus APT
TraderTraitor Malware Detection: CISA, FBI, and U.S. Treasury Department Warn of Cyber-Attacks by Lazarus APT

Lazarus APT has become a frequent guest of our blog posts. According to the recent security reports, North Korean State-Sponsored APT acts quickly, jeopardizing financial and critical infrastructures, blockchain technology-oriented companies, and the cryptocurrency sector. The U.S. government organizations released details about malware-laced cryptocurrency applications under the umbrella term “TraderTraitor”, distributed via a phishing campaign […]

Read More
Detect Gh0stCringe RAT
Detect Gh0stCringe RAT

Gh0stCringe Malware: Variant of Notorious Gh0st RAT The Gh0stCringe, or CirenegRAT malware, based on the code of Gh0st RAT, is back, jeopardizing poorly protected Microsoft SQL and MySQL database servers. This remote access trojan (RAT) was first spotted in December 2018, and resurfaced in 2020 in China-linked cyber espionage attacks against governmental and corporate networks […]

Read More
MysterySnail Attack Detection
MysterySnail Attack Detection

Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]

Read More
Detecting Atom Silo Ransomware Infections
Detecting Atom Silo Ransomware Infections

Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]

Read More
SOC Prime Threat Bounty — September 2021 Results
SOC Prime Threat Bounty — September 2021 Results

In April 2019, SOC Prime announced a crowdsourcing initiative to unite the cyber security community to withstand emerging threats. Since the launch of the Threat Bounty Program, SOC Prime welcomed 300+ participants who published 2300+ Sigma rules, 100+ YARA rules, 25+ Snort Rules to Threat Detection Marketplace repository of the SOC Prime Platform.  More than […]

Read More
Novel Epsilon Red Ransomware Targets Unpatched Microsoft Exchange Servers
Novel Epsilon Red Ransomware Targets Unpatched Microsoft Exchange Servers

REvil gang may stand behind the brand-new malware variant that explicitly attacks enterprise Microsoft Exchange servers to penetrate corporate networks. The new threat relies on a batch of PowerShell scripts weaponized to exploit known vulnerabilities for final payload delivery. Currently, researchers confirmed at least one successful attack ended up in a 4.29BTC ($210,000) ransom payment. […]

Read More