Tag: Threat Hunting Content

Threat Bounty Program May
SOC Prime Threat Bounty — May 2022 Results

In May 2022, the members of SOC Prime Threat Bounty Program contributed 184 unique detections to the Detection as Code platform. The published detections help the global cyber community timely detect emerging threats such as the APT29 phishing campaign, BlackByte Ransomware attack, Microsoft SharePoint RCE (CVE-2022-29108), and many others. The information about the recent detections […]

Read More
SVCReady Malware Detection: A New Loader Massively Distributed via Phishing

Meet SVCReady, a new malicious loader on the arena! The novel strain is heavily distributed via phishing campaigns since April 2022, leveraging an unusual infection routine. According to experts, SVCReady relies on shellcode hidden within the properties of the Microsoft Office document allowing it to fly under the radar of security solutions. Since malware is […]

Read More
CVE-2022-32275 and CVE-2022-32276 Detection of Exploitation Attempts: New Vulnerabilities Affecting Grafana

Steel yourself for new vulnerabilities revealed in the open-source observability platform leveraged by millions of users from across the globe, which in 2021 was in the spotlight in the cyber threat arena due to a notorious CVE-2021-43798 zero-day flaw actively exploited in the wild. Grafana, the open-source analytics and monitoring platform leveraged by global organizations […]

Read More
Black Basta ransomware
Black Basta Ransomware Detection: New Collaboration with QBot

QBot, aka Qakbot, has been around since 2007, while its companion, a threat actor group tagged Black Basta, first surfaced just a few months ago – in April 2022. According to the latest insights into a partnership between Qakbot and Black Basta, the latter uses this modular information stealer to travel through the compromised system […]

Read More
POLONIUM
POLONIUM Detection: Hacker Group Abuses Microsoft OneDrive

A hacker group tagged POLONIUM has been observed abusing Microsoft OneDrive personal storage service to drop custom malicious implants and launch supply chain attacks. Adversaries had succeeded in targeting more than 20 Israeli organizations before they were uncovered. There is substantial evidence that the hackers behind the attacks were based in Lebanon and were supported […]

Read More
CVE-2022-26134
CVE-2022-26134 Detection: Atlassian Confluence Zero-Day Vulnerability

Adversaries launch headline-making attacks against vulnerable Confluence Servers worldwide. Atlassian alerts their users to the security risks associated with an RCE flaw detected in all supported versions of Confluence (Server and Data Center). The bug is tracked as CVE-2022-26134, with the vendor rating it to be of the highest severity level. As of the 3d […]

Read More
CVE-2021-40444 and CVE-2022-30190 Exploit Detection: Cobalt Strike Beacon Delivered in a Cyber-Attack on Ukrainian State Bodies

Just two days after the nefarious CVE-2022-30190 aka Follina was revealed, security researchers report in-the-wild attacks leveraging the exploits to target state institutions of Ukraine. On June 2, 2022, CERT-UA issued a heads-up warning of an ongoing campaign spreading Cobalt Strike Beacon malware by exploiting Windows CVE-2021-40444 and CVE-2022-30190 zero-day vulnerabilities, which have been recently in […]

Read More
EnemyBot Malware
EnemyBot Malware Detection: IoT Botnet Exploits More Bugs

Keksec, aka Nero and Freakout, the threat actor behind the advanced EnemyBot botnet, is expanding its reach by leveraging more exploits, compromising multiple organizations regardless of their industry vertical. The EnemyBot malware authors took all the best and left behind the obsolete of code used in other botnets such as Gafgyt, Qbot, or Mirai. The […]

Read More
Grandoreiro Banking Malware
Grandoreiro Banking Malware Detection

Banking malware has been a true-and-tried cash cow for adversaries for a long time now. One of such efficient tools in malware distribution campaigns that target the banking sector is a remote-overlay banking trojan Grandoreiro. The trojan was first detected in 2016 (yet, some researchers claim the malware first surfaced in 2017), being used against […]

Read More
CVE-2022-30190 aka Follina
CVE-2022-30190 Detection: Updates on Microsoft Windows RCE Vulnerability

Let’s start with a short rundown of developments regarding Windows zero-day vulnerability (CVE-2022-30190), aka Follina. Back in April 2022, a research team known under the moniker CrazymanArmy warned Microsoft of a new zero-day RCE vulnerability in one of their products. The tech corporation opted not to address the issue at that point. On May 27, […]

Read More