Tag: TDM

Sumo Logic Integration with Threat Detection Marketplace

SOC Prime is always striving to extend the support for the most popular SIEM, EDR, NSM and other security tools, including cloud-native solutions, to add more flexibility to Threat Detection Marketplace. This enables security performers to use the tools they prefer most and solves the problem of migration to another back-end environment.  We are thrilled […]

Read More
Company Dashboard: Insights Into Your Threat Detection Marketplace Activity

SOC Prime Threat Detection Marketplace (TDM) has been created as a SaaS content platform that helps companies advance their security analytics. Therefore, supercharging analytical capabilities and providing real-time statistics is one of the core features we at SOC Prime consider of paramount value. Data visualization helps deliver data in a more intuitive way and allows […]

Read More
Extended Community Access and Free Trials at the Threat Detection Marketplace

At SOC Prime, we are constantly developing our products that help cybersecurity practitioners to be in sync about the latest threats and attack methods as well as have detections and analytical data tailored to each corporate environment at their fingertips. For more transparency, the newly introduced Dashboard page allows getting a line on activities of […]

Read More
Detection Content: Finding DLLs Loaded Via MS Office

It’s no secret that phishing attacks are one of the most effective ways to infect the target with malware. Typically, adversaries expect to convince a user to open a malicious document and enable macros or use vulnerabilities in MS Office for deploy malware. We regularly publish rules (1, 2, 3) for detecting phishing campaigns or […]

Read More
Threat Hunting Content: Higaisa APT

Higaisa APT has been known since November 2019, when Tencent researchers first documented its activities. The group was discovered recently, but attackers have been operating for several years and use common tools to complicate the attribution. They mainly use mobile malware and the Gh0st and PlugX trojans. Researchers believe that Higaisa APT is a South […]

Read More
Rule of the Week: Command Execution on Azure VM

In the Rule of the Week section, we present you the Command Execution on Azure VM (via azureactivity) rule by SOC Prime Team: https://tdm.socprime.com/tdm/info/A5uYMlcWOmeq/RYxlfnIB1-hfOQirCXZy/?p=1#   Adversaries can misuse Azure VM functionality to establish a foothold in an environment, which could be used to persist access and escalate privileges. They can exploit the Run Command feature that […]

Read More
Threat Hunting Content: Devil Shadow Botnet

Nowadays, during the lockdown, many organizations continue to use Zoom at the corporate level to conduct conference meetings, despite the security issues found in this application. Attackers have been exploiting the increased popularity of this application for several months, and you can partially protect your organization from attacks by hardening Zoom service. But this will […]

Read More
Rule Digest: Detection Content by SOC Prime Team

We are pleased to present to you the latest Rule Digest, which, unlike the previous digest, consists of rules developed by the SOC Prime Team only. This is a kind of thematic selection since all of these rules helps to find malicious activity via cmdline by analyzing sysmon logs. But before moving directly to the […]

Read More
Detection Content: Scarab Ransomware

Scarab ransomware was spotted for the first time in June 2017 and had been reappearing with new versions since then. This ransomware is one of the many HiddenTear variants, an open source ransomware Trojan released in 2015.  The recently discovered versions of ransomware use an improved RSA encryption method and add various extensions to infected […]

Read More
IOC Sigma: GreenBug APT Group Activities

Greenbug APT is an Iranian-based cyber-espionage unit that has been active since at least June 2016. The group most likely uses spear-phishing attacks to compromise targeted organizations. Adversaries use multiple tools to compromise other systems on the network after an initial compromise, and steal user names and passwords from operating systems, email accounts, and web […]

Read More