Tag: Threat Hunting Content

NetDooka Malware Detection: NetDooka Enables Data Theft and Hijacking
NetDooka Malware Detection: NetDooka Enables Data Theft and Hijacking

Adversaries utilize the PrivateLoader pay-per-install (PPI) malware distribution platform to spread a new malware framework dubbed NetDooka. This comprehensive malware framework possesses several components, such as a loader, a dropper, a kernel-mode process, a file protection driver, and a remote access trojan (RAT). The launching element of the infection chain ⁠of the NetDooka framework is […]

Read More
BPFDoor Malware Detection: Evasive Surveillance Tool Used to Spy on Linux Devices
BPFDoor Malware Detection: Evasive Surveillance Tool Used to Spy on Linux Devices

Bad luck for Linux-based system maintainers – security experts have revealed a sophisticated surveillance implant that has flown under the radars of endpoint protection vendors for five years, secretly infecting thousands of Linux environments. Dubbed BPFDoor, the malware abuses the Berkeley Packet Filter (BPF) to act as a backdoor and proceed with reconnaissance. This makes […]

Read More
Jester Stealer Malware Detection: Phishing Attacks Spreading Info-Stealing Malware by the UAC-0104 Hacking Group
Jester Stealer Malware Detection: Phishing Attacks Spreading Info-Stealing Malware by the UAC-0104 Hacking Group

A wave of new phishing cyber-attacks has recently swept Ukraine. Hard on the heels of an attack by the APT28 threat actors spreading the CredoMap_v2 info-stealing malicious software, another hacking group has recently distributed phishing emails deploying malware called Jester Stealer, as CERT-UA reports. This latest malicious activity has been tracked as UAC-0104 based on […]

Read More
CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability
CVE-2022-1388 Detection: BIG-IP iControl REST Vulnerability

F5 Networks, a company that specializes in the development and distribution of software and hardware solutions, has released a Security Advisory on May 4, 2022, addressing a number of issues in their products. Shortly after, the BIG-IP family of products was hit with multiple exploitations in the wild following the publicly published proof-of-concept for a […]

Read More
Russia-Linked APT28 (UAC-0028) Threat Actors Spread CredoMap_v2 Malware in a Phishing Attack on Ukraine
Russia-Linked APT28 (UAC-0028) Threat Actors Spread CredoMap_v2 Malware in a Phishing Attack on Ukraine

Over the course of an ongoing cyber war, Russia-linked hacking collectives are looking for new ways to cripple the Ukrainian organizations in the cyber domain. On May 6, 2022, CERT-UA issued an alert warning of yet another phishing attack targeting Ukrainian state bodies. The cyber-attack has been attributed to the malicious activity of notorious Russian […]

Read More
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom
BlackByte Ransomware Detection: New Go-Based Variants With Enhanced File Encryption Continue Breaching Organizations and Demand Ransom

BlackByte ransomware targeting critical infrastructures in the U.S. and across the globe since mid-summer 2021 has recently morphed into a more advanced variant. Adversaries are known to exfiltrate data before deploying ransomware and then threaten organizations to leak the stolen data if a ransom is not paid. The ransomware samples were originally written in C# […]

Read More
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability
Detect AvosLocker Ransomware: Abuses a Driver File to Disable Anti-Virus Protection, Scans for Log4Shell Vulnerability

Recent cybersecurity research has uncovered AvosLocker ransomware samples abusing the Avast Anti-Rootkit Driver file to disable anti-virus, which allows adversaries to evade detection and block defense. AvosLocker is known to represent a relatively novel ransomware family that appeared in the cyber threat arena to replace the infamous REvil, which was one of the most active […]

Read More
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes
Novel BEATDROP and BOOMMIC Malware Families Used by APT29: Phishing Campaigns with HTML Smuggling Techniques, Long-Term Access for Espionage Purposes

APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]

Read More
Instant Threat Hunting Success with Detection as Code On-Demand
Instant Threat Hunting Success with Detection as Code On-Demand

SOC Prime Launches New Subscription Plans to Accelerate Threat Detection with Customized, On-Demand Content In general, detection engineering suffers from the need to continuously hunt for aggressive, damaging, current and long-impactful cyber threats. The need for automated, systematic, repeatable, predictable and shareable approaches is glaring. Especially for most detection engineers that must function as threat […]

Read More
Metasploit Meterpreter Malware Detection: New Phishing Cyber-Attack on Ukrainian Government Entities Linked to UAC-0098 and TrickBot Groups
Metasploit Meterpreter Malware Detection: New Phishing Cyber-Attack on Ukrainian Government Entities Linked to UAC-0098 and TrickBot Groups

On April 28, 2022, CERT-UA published a heads-up notifying of the latest phishing cyber-attack on Ukrainian government entities using the Metasploit framework. The malicious activity can be attributed to the adversary behavior patterns of a group tracked as UAC-0098. Moreover, this most recent attack is believed to be traced to the activity of the TrickBot […]

Read More