Tag: Threat Bounty Program

Detection Content: Phorpiex Trojan
Detection Content: Phorpiex Trojan

In one of our Threat Hunting Content blog posts, we already observed a rule to detect Avaddon ransomware, a new Ransomware-as-a-Service variant that was first spotted in early June. One of the most active distributors of Avaddon ransomware is Phorpiex botnet, which recently recovered from losses incurred earlier this year. Infected systems can send tens […]

Read More
Threat Hunting Content: CertReq.exe Lolbin
Threat Hunting Content: CertReq.exe Lolbin

Living off the Land binaries (Lolbins) are legitimate binaries that advanced adversaries often misuse to perform actions beyond their original purpose. Cybercriminals actively use them to download malware, to ensure persistence, for data exfiltration, for lateral movement, and more. Just yesterday we wrote about a rule that detects attacks of the Evil Corp group, which […]

Read More
Detection Content: WastedLocker Ransomware
Detection Content: WastedLocker Ransomware

The new WastedLocker ransomware was first spotted in May 2020. It was developed by the high-profile Evil Corp group, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. Last year, part of the attackers left the group and started their own […]

Read More
Threat Hunting Content: DropboxAES RAT Detection
Threat Hunting Content: DropboxAES RAT Detection

Today we want to tell you about the DropboxAES trojan used by the APT31 group in cyber espionage campaigns and also give a link to the Community Sigma rule to detect this malware. In general, DropboxAES does not stand out from the rest of the remote access trojan. This is a relatively new tool in […]

Read More
Rule Digest: Trojans and Ransomware
Rule Digest: Trojans and Ransomware

In today’s digest, we want to highlight the content provided by members of the Threat Bounty Program that will help security solutions to detect Saefko RAT, Ursa trojan, and a pack of actively spreading ransomware strains.  The Saefko RAT is a relatively fresh remote-access trojan written in .NET that was first spotted in the midst […]

Read More
Rule of the Week: Thanos Ransomware
Rule of the Week: Thanos Ransomware

Today in the Rule of the Week section, we suggest paying attention to the rule published by Emir Erdogan. The new rule helps detect Thanos ransomware, which weaponized RIPlace tactic to bypass anti-ransomware solutions: https://tdm.socprime.com/tdm/info/QvmZLqPG91bq/LYA4D3MBSh4W_EKGVfTV/?p=1 Thanos ransomware first appeared at the end of last year, and its authors advertised it in underground forums and closed […]

Read More
Detection Content: Ransom X Behavior
Detection Content: Ransom X Behavior

Another ransomware family appeared this spring and is actively used in targeted attacks against enterprises and government agencies. In mid-May, cybercriminals attacked the network of the Texas Department of Transportation, but unauthorized access was discovered, and as a result, only part of the systems was encrypted. In this attack was used new ransomware – Ransom […]

Read More
Threat Hunting Content: Taurus Stealer Detection
Threat Hunting Content: Taurus Stealer Detection

Taurus information-stealing malware is a relatively new tool created by Predator The Thief team that promotes it on hacker forums. The infostealer can steal sensitive data from browsers, cryptocurrency wallets, FTP, email clients, and various apps. The malware is highly evasive and includes techniques to evade sandbox detection. Adversaries developed a dashboard where their customers […]

Read More
Detection Content: PsiXBot Malware Behavior
Detection Content: PsiXBot Malware Behavior

As Google and Mozilla bring the widespread use of DNS over HTTPS protocol, more malware authors also adopt this perfect opportunity to hide malicious traffic. The recently discovered versions of PsiXBot abuse Google’s DoH service to retrieve the IPs for the command-and-control infrastructure. The malware appeared in 2017 as a simple infostealer that is capable […]

Read More
Rule of the Week: Cobalt Strike Delivered via Multi-Stage APT Attack
Rule of the Week: Cobalt Strike Delivered via Multi-Stage APT Attack

This month, researchers discovered a multi-stage attack conducted by an undefined APT group. During this attack, adversaries used the Malleable C2 feature in Cobalt Strike to perform C&C communications and deliver the final payload. Researchers note that attackers use advanced evasion techniques. They observed an intentional delay in executing the payload from the malicious Word […]

Read More