Threat Bounty Publications In February 2023, members of the Threat Bounty Program significantly contributed to the SOC Prime Platform. They provided detection rules that address the quality demands and security needs of hundreds of organizations that leverage the SOC Prime Platform for day-to-day operations. As all detections submitted via Threat Bounty Program are published for […]
An increasing number of Unified Extensible Firmware Interface (UEFI) security flaws uncovered in the last couple of years give the green light to offensive forces to exploit them. In 2022, the infamous in-the-wild MoonBounce malware caused a massive stir in the cyber threat arena distributed via the UEFI bootkit. Another malware of such kind, called […]
Threat actors tracked as 8220 Gang have been observed leveraging a new crypter called ScrubCrypt, which targets Oracle WebLogic servers. According to cybersecurity researchers, the infection chain is triggered by the successful exploitation of compromised Oracle WebLogic servers and leads to spreading the ScrubCrypt by downloading a PowerShell script. Detect ScrubCrypt Attacks Targeting Oracle Weblogic […]
New day, new malicious threat challenging cyber defenders! Recently, security researchers have revealed a novel malware strain being actively leveraged by Mustang Panda APT in their ongoing campaign against targets in Europe and Asia. Dubbed MQsTTang, the new custom backdoor has been developed from scratch to fly under the radar and make attribution harder while […]
Old dog, new tricks! Security researchers revealed PlugX remote access Trojan (RAT) is masquerading as a popular open-source Windows debugger tool dubbed x65dbg. Relying on DLL side-loading for this spoofing trick, nefarious RAT is able to slip past security controls and gain full control over the targeted instance. PlugX Remote Access Trojan Detection The PlugX […]
Threat actors are constantly enriching their offensive toolkits while experimenting with new sophisticated malware variants to expand the scope of attacks. Cyber defenders have observed a new Mirai botnet variant called V3G4 come into the spotlight in the cyber threat landscape. The novel malware variant has been leveraged in multiple adversary campaigns threatening targeted users […]
Stay alert! Threat actors once again set eyes on Microsoft Windows Exchange servers, attempting to compromise them by exploiting infamous ProxyShell vulnerabilities. Cybersecurity researchers have observed a new evasive malicious campaign dubbed “ProxyShellMiner” that exploits two Microsoft Exchange ProxyShell flaws tracked as CVE-2021-34473 and CVE-2021-34523 to deliver cryptocurrency miners. Detect ProxyShellMiner Attacks Exploiting Microsoft Exchange […]
Threat Bounty Publications The first month of 2023 has brought invaluable contributions from our Threat Bounty members to the global cyber community. The SOC Prime team received 626 rules for examination and review submitted by our detection content experts. As a result, 144 rules successfully passed the verification and were published to the SOC Prime […]
December ‘22 Publications During the last month of the year 2022, Threat Bounty developers managed to submit 441 rules to review by SOC Prime Team for a chance of publication to the Platform for monetization. The submitted rules were reviewed by a team of seasoned engineers, and based on the collective decisions, 126 rules were […]
No matter the holiday season, adversaries have no vacation inventing new malicious tricks to target unsuspecting victims. Last week, security researchers uncovered an enhanced variant of the worm-like Raspberry Robin malware dropper leveraged to target financial and insurance companies across European countries. Experts specifically note that Rasperry Robin received a significant upgrade, including complex obfuscation […]