Tag: Threat Detection Marketplace

LockBit 3.0
LockBit 3.0 Ransomware Detection: Operation Revamped

LockBit group returns, introducing a new strain of their ransomware, LockBit 3.0. Adversaries dubbed their latest release LockBit Black, enhancing it with new extortion tactics and introducing an option to pay in Zcash, adding to existing Bitcoin and Monero crypto payment options. This time, LockBit hackers are making the headlines by kicking off the first […]

Read More
Content Customization Capabilities Powered by SOC Prime Platform: Step-by-Step Guidelines for Seamless Deployments

Adjust Content Deployments to Non-Standard and Alternative Data Schemas At the core of SOC Prime’s Detection as Code platform is the world’s largest library of SOC content. Rules are initially written in the Sigma language, a platform-agnostic rule format that allows leveraging the expertise of a global community of 23,000+ security experts. Then the Sigma […]

Read More
Detect Raccoon Stealer 2.0
Raccoon Stealer Detection: A Novel Malware Version 2.0 Named RecordBreaker Offers Hackers Advanced Password-Stealing Capabilities

The notorious Raccoon Stealer, which was earlier distributed under the Malware-as-a-Service (MaaS) model, comes back to the cyber threat arena as a new version 2.0 enriched with more advanced capabilities. Raccoon Stealer malware was previously reported to have been replaced with Dridex Trojan by the RIG exploit kit as part of an ongoing campaign that […]

Read More
CVE-2022-28219 Detection: Critical RCE Vulnerability in Zoho ManageEngine ADAudit Plus

Zoho’s ManageEngine operates cost-effective network management frameworks leveraged by over 40,000 enterprises worldwide. Due to the software popularity and its wide use across the globe, cyber threats detected in Zoho’s products could have a severe impact on thousands of compromised businesses, which earlier happened with the critical zero-day vulnerability in ManageEngine Desktop Central products.  On […]

Read More
SOC Prime's and EchoTrail.io integration
SOC Prime Launches Integration With EchoTrail.io to Accelerate Threat Investigation

Instantly Explore the Executable Binary References Linked to Sigma Rules for More Insightful Contextual Information SOC Prime has recently released integration for its cyber threats search engine with EchoTrail.io database. Now, SOC Prime users can streamline threat investigation with the comprehensive information about executable binaries (filenames or hashes) launched on Windows, accessible right from our […]

Read More
Multistage ZuoRAT Malware
ZuoRAT Malware Detection

A stealthy fly-under-the-radar remote access trojan (RAT) dubbed ZuoRAT has been compromising a relatively easy target – small office/home office (SOHO) routers. The malware has been in use since 2020, mainly affecting remote workers based in the U.S. and Western Europe with access to corporate networks. Researchers warn that the observed tactics, techniques and procedures […]

Read More
Log4Shell in VMware Horizon and UAG Servers
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability

The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]

Read More
DarkCrystal RAT
DarkCrystal RAT Detection: Russia-Affiliated APT Targets Ukrainian Telecom Companies

On June 24, 2022, CERT-UA warned about a new malicious campaign targeting telecommunication providers in Ukraine. According to the investigation, russia-linked adversaries launched a massive phishing campaign delivering DarkCrystal remote access Trojan (RAT), able to perform reconnaissance, data theft, and code execution on the affected instances. The malicious activity is tracked as UAC-0113, which with […]

Read More
Matanbuchus Loader
Matanbuchus Malware Detection: New Malspam Campaign Distributes Malware Loader and Cobalt Strike

Matanbuchus first surfaced in early 2021 as a malware-as-a-service (MaaS) project at a rental price of $2,500. Matanbuchus is a loader that uses two DLLs during the malware’s run cycle. This year the malware is delivered in phishing attacks aimed at deploying Cobalt Strike beacons. Detect Matanbuchus Malware For an efficient Matanbuchus malware detection, use […]

Read More
CVE-2022-1040
CVE-2022-1040 Detection: DriftingCloud APT Group Exploits RCE Flaw in Sophos Firewall

A notorious Chinese APT group known under the moniker “DriftingCloud” targets a cybersecurity firm Sophos. Namely, the threat actor is believed to be behind the active exploitation of a security hole in Sophos firewall. The flaw, tracked as CVE-2022-1040, scores 9.8 in severity and has been affecting Sophos Firewall versions 18.5 MR3 and older since […]

Read More