Threat Bounty Publications In May, members of the Threat Bounty community submitted 426 rules for a chance of publication to the SOC Prime Platform for monetization. After consideration and validation by SOC Prime’s team, 81 detections were successfully published. Explore Detections We are happy to report that the information provided during the Threat Bounty Developer […]
Today, we want to introduce to SOC Prime’s community one of the most active members of the Threat Bounty Program and the author of validated detections available on the SOC Prime Platform. Meet Mustafa Gürkan Karakaya, who has been demonstrating his expert cybersecurity knowledge and the potential for further development since he joined the Program […]
A novel hacking collective tracked as Lacefly APT has been recently observed applying a custom Merdoor backdoor to attack organizations in the government, telecom, and aviation sectors across South and Southeastern Asia. According to the latest reports, these targeted intrusions point to a long-running adversary campaign leveraging Merdoor sample, with the first traces dating back […]
Threat Bounty Publications In April, the active members of the SOC Prime Threat Bounty community submitted 430 detection rules for review by the SOC Prime team for verification and to earn a chance to monetize their content. However, only 64 rules passed validation and were successfully published to the SOC Prime Platform. Explore Detections We […]
Adversaries are constantly looking for novel ways to overcome security protections. After Microsoft started blocking macros for Office documents by default last year, cybercriminals adapted their deployment methods to slip through the defense. APT37 follows this major trend, using Windows shortcut (LNK) files to proceed with the ROKRAT (aka DOGCALL) campaigns successfully. Detect ROKRAT Malware […]
Cybersecurity researchers have uncovered a new malware family called Domino attributed to the adversary activity of the financially motivated russia-backed FIN7 APT group. Cyber defenders also link the use of Domino with another former hacking group known as Trickbot aka Conti, which has been applied in the malicious campaign by the latter threat actors since […]
The notorious North Korean hacking collective Lazarus Group, also tracked as APT38, Dark Seoul, or Hidden Cobra, has earned its reputation as high-profile nation-backed threat actors, mainly targeting cryptocurrency companies. In the newly discovered malicious campaign dubbed DeathNote, adversaries are shifting their focus by primarily setting eyes on the defense organizations along with automotive and […]
With the tax season in full swing, threat actors are setting eyes on financial organizations. According to the latest cybersecurity reports, U.S. accounting firms and other financial institutions have fallen prey to a series of adversary campaigns spreading GuLoader malware since March 2022. Threat actors spread the GuLoader malicious samples by leveraging a phishing attack […]
Threat Bounty Publications During March, our keen Threat Bounty content authors submitted 423 rules for verification by SOC Prime. However, all Threat Bounty detections undergo validation by our internal content verification team, who examine the rules one by one and make decisions on content publication to the SOC Prime Platform. Notwithstanding the persistence and objection […]
Heads up! A novel infostealer is making a splash in the cyber threat arena targeting macOS users. Cybersecurity researchers have observed a novel MacStealer macOS malware that steals user credentials and other sensitive data stored in the iCloud KeyChain, web browsers, and crypto wallets. Detecting MacStealer MacOS Malware Being yet another infostealing malware surfacing in […]