DoppelPaymer ransomware is gaining momentum as a leading threat to critical infrastructure assets. According to the FBI warning released in December 2020, DoppelPaymer has targeted multiple organizations in healthcare, educational, governmental and other sectors. The attack routine is highly sophisticated and aggressive, allowing its operators to extort six- and seven-digit ransoms from their victims. Notably, […]
Catch the latest newscast about the SOC Prime community! Today we want to introduce you to Kyaw Pyiyt Htet, an active member of our Threat Bounty Program. Kyaw joined the Program in Q3 2020 and swiftly became one of the most prolific authors with a variety of Sigma, YARA, and SNORT rules published. You can […]
Threat actors exploit a recently discovered Zyxel secret backdoor in the wild. It’s high time to patch since adversaries are instantly searching for vulnerable installations to gain momentum before updates are installed. CVE-2020-29583 Overview The bug occurs since a number of Zyxel products incorporate an undocumented root account leveraging hardcoded login details accessible in the […]
The banking sector has always been an attractive target for cyber-criminals. After Zeus and Gozi emerged in 2007, prominent banking Trojans regularly made the headlines by emptying accounts of customers. Recently, security researchers have spotted yet another member of the financial malware family. This time the campaign is aimed at the US and Canadian banking […]
IceRAT is a relatively new tool in the malicious arena, being a unique strain in regard to its features and unprecedented evasion tactics. Remarkably, the threat has very low detection rates, acting as a stealth malware able to steal sensitive data and financial assets from the targeted machines. What is IceRAT malware? Despite its name, […]
Zoho ManageEngine ServiceDesk Plus Exploit Detection Security researchers warn that hackers continue to exploit Zoho ManageEngine ServiceDesk Plus (SDP) vulnerability in the wild. Despite the patch released in Q1 2019, many instances remain vulnerable, allowing adversaries to deploy web shell malware and compromise targeted networks. CVE-2019-8394 Analysis The vulnerability (CVE-2019–8394) was disclosed on February 18, […]
The infamous Lazarus APT group (aka HiddenCobra, APT37) was yet again spotted agitating the world of cyber. This time security analysts revealed a highly targeted cyber-espionage campaign aimed at major manufacturing and electrical industry enterprises across Europe. Lazarus Toolset and Attack Scenario The initial attack vector used by Lazarus hackers was similar to that leveraged […]
In late October 2020, the world of cybersecurity spotted malicious activity targeted at the Oracle WebLogic servers. This activity took the form of recurring exploitation of a RCE weakness in the Oracle WebLogic server console component known as CVE-2020-14882. This CVE was rated as critical by gaining 9,8 scores on the CVSS scale. CVE-2020-14882 Overview […]
Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the world’s largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]
Another Ransomware as a Service platform is preparing to play a high-stakes game with organizations. Researchers at Sentinel Labs discovered the first attacks using the FONIX platform about three months ago. Now, this RaaS platform is still under active development, but their first customers are already trying their capabilities. So far, FONIX is quite inconvenient […]