Tag: Threat Hunting Content

KNOTWEED Activity Detection: CVE-2022-22047 Vulnerability and Multiple Windows & Adobe Zero-Day Exploitation by the European Private-Sector Offensive Actor (PSOA)
KNOTWEED Activity Detection: CVE-2022-22047 Vulnerability and Multiple Windows & Adobe Zero-Day Exploitation by the European Private-Sector Offensive Actor (PSOA)

On July 27, 2022, Microsoft cybersecurity researchers published a notice observing the recently revealed malicious activity of the European private-sector offensive actor (PSOA) tracked as KNOTWEED, which leverages a set of Windows and Adobe zero-day exploits, including the newly patched CVE-2022-22047 vulnerability. According to the research, threat actors launch targeted cyber-attacks against organizations in Europe […]

Read More
Spyware Group Candiru: Targets Journalists in the Middle East With DevilsTongue Malware
Spyware Group Candiru: Targets Journalists in the Middle East With DevilsTongue Malware

Spyware dubbed DevilsTongue is causing a fair share of trouble for journalists and free speech advocates in the Middle East, especially those Lebanon-based. Adversaries exploit a Chrome zero-day assigned CVE-2022-2294 that Google patched earlier this month to achieve shellcode execution, elevate privileges, and gain file-system permissions on the breached device’s memory. Researchers discovered that the […]

Read More
Threat Bounty Program: First Steps to Monetizing Your Detection Engineering Skills
Threat Bounty Program: First Steps to Monetizing Your Detection Engineering Skills

SOC Prime Threat Bounty Program has been connecting skilled freelance detection engineers for over three years and has undergone many changes and improvements. Today, the Program is a unique opportunity to improve Detection Engineering skills, monetize the created detections, and make a personal portfolio with the leading Detection as Code platform. Introduction to Threat Bounty […]

Read More
8220 Gang Crimeware Group: Infects Cloud Hosts and Operates a Botnet and PwnRig Cryptocurrency Miner
8220 Gang Crimeware Group: Infects Cloud Hosts and Operates a Botnet and PwnRig Cryptocurrency Miner

8220 Gang, aka 8220 Mining Group, has ramped up activity in the last year, growing the cloud botnet of infected hosts from 2,000 in mid-2021 to 30,000 and counting as of now. In their previous attacks, the threat group focused on leveraging existing vulnerabilities and launching brute-force attacks to compromise cloud servers and drop cryptocurrency […]

Read More
CloudMensis Detection: New Malware to Steal macOS Users’ Data
CloudMensis Detection: New Malware to Steal macOS Users’ Data

New CloudMensis malware springs into action with highly targeted attacks. Researchers have yet to establish the techniques attackers used to gain initial access to victims’ devices; however, the small number of documented attacks happened since February indicate that the CloudMensis malware was deployed to exfiltrate information as part of a targeted campaign aimed at a […]

Read More
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions
BlackCat Ransomware Attacks: Threat Actors Use Brute Ratel and Cobalt Strike Beacons for Advanced Intrusions

Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines.  […]

Read More
H0lyGh0st Detection: New Ransomware Tied to North Korean APT
H0lyGh0st Detection: New Ransomware Tied to North Korean APT

New day, the headache for cyber defenders! Microsoft Threat Intelligence Center (MSTIC)  reports a new ransomware strain attacking small to middle-sized businesses across the globe since June 2021. Dubbed H0lyGh0st, the malware has been initially developed by an emerging North Korean APT tracked under the DEV-0530 moniker. The ransomware attacks are explicitly financially motivated, targeting […]

Read More
CVE-2022-32223 Detection: New Vulnerability in Node.js
CVE-2022-32223 Detection: New Vulnerability in Node.js

Researchers discovered that Node.js, an open source server environment, is susceptible to dynamic link library (DLL) hijacking if OpenSSL is installed on the target. The affected versions include all of the 16.x, and 14.x releases lines. Detect CVE-2022-32223 To timely identify possible system breaches through the exploitation of the CVE-2022-32223 flaw, download a Sigma rule […]

Read More
SOC Prime Provides a Smoking Guns Sigma Rules List to Give Organizations a Competitive Advantage in Cyber War
SOC Prime Provides a Smoking Guns Sigma Rules List to Give Organizations a Competitive Advantage in Cyber War

On July 6, 2022, SOC Prime introduced a Smoking Guns Sigma Rules list enabling the organization of any scale to proactively detect cyber-attacks, perform Threat Hunting for the latest adversarial TTPs, and get a tactical defense advantage for their business during the global cyber war. SOC Prime’s Detection as Code platform users are now equipped […]

Read More
XMRig Coin Miner: Adversaries Employ New Approaches to Illegal Crypto Mining
XMRig Coin Miner: Adversaries Employ New Approaches to Illegal Crypto Mining

With a mounting number of cyber criminal operations pursuing the illicit installation of crypto mining software on victim devices and systems, increasing awareness of crypto-jacking is paramount. Earlier this Summer, US-CERT released a malware analysis report related to XMRig coin miner, detailing new approaches to hijacking victims’ devices and leveraging them for crypto mining. CISA […]

Read More