Tag: Threat Bounty Program

MacStealer macOS Malware Detection: Novel Malicious Strain Steals User Credentials from iCloud KeyChain

Heads up! A novel infostealer is making a splash in the cyber threat arena targeting macOS users. Cybersecurity researchers have observed a novel MacStealer macOS malware that steals user credentials and other sensitive data stored in the iCloud KeyChain, web browsers, and crypto wallets.  Detecting MacStealer MacOS Malware Being yet another infostealing malware surfacing in […]

Read More
SOC Prime Threat Bounty —  February 2023 Results

Threat Bounty Publications In February 2023, members of the Threat Bounty Program significantly contributed to the SOC Prime Platform. They provided detection rules that address the quality demands and security needs of hundreds of organizations that leverage the SOC Prime Platform for day-to-day operations. As all detections submitted via Threat Bounty Program are published for […]

Read More
BlackLotus UEFI Bootkit Detection: Exploits CVE-2022-21894 to Bypass UEFI Secure Boot and Disables OS Security Mechanisms

An increasing number of Unified Extensible Firmware Interface (UEFI) security flaws uncovered in the last couple of years give the green light to offensive forces to exploit them. In 2022, the infamous in-the-wild MoonBounce malware caused a massive stir in the cyber threat arena distributed via the UEFI bootkit. Another malware of such kind, called […]

Read More
ScrubCrypt Attack Detection
ScrubCrypt Attack Detection: 8220 Gang Applies Novel Malware in Cryptojacking Operations Exploiting Oracle WebLogic Servers

Threat actors tracked as 8220 Gang have been observed leveraging a new crypter called ScrubCrypt, which targets Oracle WebLogic servers. According to cybersecurity researchers, the infection chain is triggered by the successful exploitation of compromised Oracle WebLogic servers and leads to spreading the ScrubCrypt by downloading a PowerShell script. Detect ScrubCrypt Attacks Targeting Oracle Weblogic […]

Read More
MQsTTang Backdoor Detection: New Custom Malware by Mustang Panda APT Actively Used in the Latest Campaign Against Government Entities  

New day, new malicious threat challenging cyber defenders! Recently, security researchers have revealed a novel malware strain being actively leveraged by Mustang Panda APT in their ongoing campaign against targets in Europe and Asia. Dubbed MQsTTang, the new custom backdoor has been developed from scratch to fly under the radar and make attribution harder while […]

Read More
PlugX Remote Access Trojan Detection
Detect PlugX Trojan Masquerading as a Legitimate Windows Debugger Tool to Fly Under the Radar

Old dog, new tricks! Security researchers revealed PlugX remote access Trojan (RAT) is masquerading as a popular open-source Windows debugger tool dubbed x65dbg. Relying on DLL side-loading for this spoofing trick, nefarious RAT is able to slip past security controls and gain full control over the targeted instance.  PlugX Remote Access Trojan Detection The PlugX […]

Read More
Mirai V3G4 Variant Detection
Mirai Variant V3G4 Detection: New Botnet Version Exploiting 13 Vulnerabilities to Target Linux Servers, IoT Devices

Threat actors are constantly enriching their offensive toolkits while experimenting with new sophisticated malware variants to expand the scope of attacks. Cyber defenders have observed a new Mirai botnet variant called V3G4 come into the spotlight in the cyber threat landscape. The novel malware variant has been leveraged in multiple adversary campaigns threatening targeted users […]

Read More
A new crypto-mining ProxyShellMiner campaign
ProxyShellMiner Detection: Novel Crypto-Mining Attacks Abusing CVE-2021-34473 and CVE-2021-34523 ProxyShell Vulnerabilities in Windows Exchange Servers 

Stay alert! Threat actors once again set eyes on Microsoft Windows Exchange servers, attempting to compromise them by exploiting infamous ProxyShell vulnerabilities. Cybersecurity researchers have observed a new evasive malicious campaign dubbed “ProxyShellMiner” that exploits two Microsoft Exchange ProxyShell flaws tracked as CVE-2021-34473 and CVE-2021-34523 to deliver cryptocurrency miners.  Detect ProxyShellMiner Attacks Exploiting Microsoft Exchange […]

Read More
Threat Bounty Program January23
SOC Prime Threat Bounty —  January 2023 Results

Threat Bounty Publications The first month of 2023 has brought invaluable contributions from our Threat Bounty members to the global cyber community. The SOC Prime team received 626 rules for examination and review submitted by our detection content experts. As a result, 144 rules successfully passed the verification and were published to the SOC Prime […]

Read More
SOC Prime Threat Bounty —  December 2022 Results

December ‘22 Publications During the last month of the year 2022,  Threat Bounty developers managed to submit 441 rules to review by SOC Prime Team for a chance of publication to the Platform for monetization. The submitted rules were reviewed by a team of seasoned engineers, and based on the collective decisions, 126 rules were […]

Read More