New day, the headache for cyber defenders! Microsoft Threat Intelligence Center (MSTIC) Â reports a new ransomware strain attacking small to middle-sized businesses across the globe since June 2021. Dubbed H0lyGh0st, the malware has been initially developed by an emerging North Korean APT tracked under the DEV-0530 moniker. The ransomware attacks are explicitly financially motivated, targeting […]
On July 6, 2022, SOC Prime introduced a Smoking Guns Sigma Rules list enabling the organization of any scale to proactively detect cyber-attacks, perform Threat Hunting for the latest adversarial TTPs, and get a tactical defense advantage for their business during the global cyber war. SOC Prime’s Detection as Code platform users are now equipped […]
Brace yourself for the new ransomware threat! On July 6, 2022, the FBI, CISA, and the Department of Treasury issued a joint Cybersecurity Advisory (CSA) to warn about Maui ransomware actively leveraged by the North Korean APT group to target organizations in the U.S. healthcare and public health sectors. The attacks have been observed since […]
June ‘22 Updates This June we introduced several significant updates related to SOC Prime’s Threat Bounty Program to acknowledge the contribution of the Program members and smooth their experience with Sigma rules creation. Now, all SOC Prime users can access detailed information about Threat Bounty authors’ achievements on a dedicated page. Also, the beta version […]
Automatically Pull Queries Tailored to Custom Data Schemas Directly Into Snowflake Environment At SOC Prime, we are committed to delivering Detection-as-Code operations embracing an innovation-driven approach to cybersecurity. In response to a rising trend across global organizations to transition to the cloud, SOC Prime’s Detection as Code platform continuously broadens the support for next-gen cloud-based […]
Hot on the heels of the cyber-attack on July 5 targeting Ukrainian state bodies and attributed to the notorious UAC-0056 hacking collective, yet another malicious campaign launched by this group causes a stir in the cyber domain. On July 11, 2022, cybersecurity researchers at CERT-UA warned the global community of an ongoing phishing attack leveraging […]
Adversaries adopted yet another legitimate red-teaming simulation tool to evade detection. In replacement of Cobalt Strike and Metasploit’s Meterpreter comes Brute Ratel (aka BRc4) – a red team and adversary simulation software released in late 2020 that does not assist in creating exploits, designed to operate undetected by security solutions. A single-user one-year license currently […]
The notorious Cobalt Strike Beacon malware has been actively distributed by multiple hacking collectives in spring 2022 as part of the ongoing cyber war against Ukraine, mainly leveraged in targeted phishing attacks on Ukrainian state bodies. On July 6, 2022, CERT-UA released an alert warning of a new malicious email campaign targeting Ukrainian government entities. […]
Adjust Content Deployments to Non-Standard and Alternative Data Schemas At the core of SOC Prime’s Detection as Code platform is the world’s largest library of SOC content. Rules are initially written in the Sigma language, a platform-agnostic rule format that allows leveraging the expertise of a global community of 23,000+ security experts. Then the Sigma […]
The notorious Raccoon Stealer, which was earlier distributed under the Malware-as-a-Service (MaaS) model, comes back to the cyber threat arena as a new version 2.0 enriched with more advanced capabilities. Raccoon Stealer malware was previously reported to have been replaced with Dridex Trojan by the RIG exploit kit as part of an ongoing campaign that […]