Tag: Threat Hunting Content

SOC Prime Unlocks Free Access to Uncoder CTI
SOC Prime Unlocks Free Access to Uncoder CTI

Hunt at No Cost Through May 25, 2022 Furthering its mission to transform threat detection, SOC Prime has boosted threat hunting velocity by continuing to evolve its Detection as Code platform. Uncoder CTI powered by SOC Prime’s platform allows security researchers to automatically convert IOCs of multiple types into custom queries enabling instant IOC searching […]

Read More
Detect Gh0stCringe RAT
Detect Gh0stCringe RAT

Gh0stCringe Malware: Variant of Notorious Gh0st RAT The Gh0stCringe, or CirenegRAT malware, based on the code of Gh0st RAT, is back, jeopardizing poorly protected Microsoft SQL and MySQL database servers. This remote access trojan (RAT) was first spotted in December 2018, and resurfaced in 2020 in China-linked cyber espionage attacks against governmental and corporate networks […]

Read More
NIGHT SPIDER Zloader Detection: Defend Against Malicious Trojan Activity with SOC Prime
NIGHT SPIDER Zloader Detection: Defend Against Malicious Trojan Activity with SOC Prime

NIGHT SPIDER’s Zloader trojan has been quietly operating for the last few months at a global scale, conducting an intrusion campaign on a number of enterprises in various industries. The primary way to install malware was hidden within the legitimate software. For leveraging initial access, attackers used bundled .msi installers. The payloads were aimed at […]

Read More
Detect CaddyWiper: Another Destructive Data Wiper to Attack Ukrainian Networks
Detect CaddyWiper: Another Destructive Data Wiper to Attack Ukrainian Networks

Cyberspace is yet another frontier in the Russia-Ukraine war. Russia-backed large-scale сyber-attacks accompany military aggression against Ukraine, aiming to bring key elements of Ukrainian infrastructure offline. The newly spotted CaddyWiper malware adds to a strain of previously revealed cyber threats – HermeticWiper, WhisperGate, and IsaacWiper. The novel data wiping malware does not bear a resemblance […]

Read More
Detect Emotet Activity: Infamous Malware Resurfaced to Target Systems Worldwide
Detect Emotet Activity: Infamous Malware Resurfaced to Target Systems Worldwide

The notorious Emotet is back, having its Epoch 5 resurgence after all the command and control (C&C) servers of the botnet were disrupted in a joint international law enforcement Operation Ladybird in early 2021. As per researchers, it was only a matter of time for Emotet’s C&C infrastructure to restore and begin a full-fledged cyber-attack […]

Read More
SOC Prime Unlocks Free Hunting Content to Defend Against Russia-Backed Cyber Threats
SOC Prime Unlocks Free Hunting Content to Defend Against Russia-Backed Cyber Threats

On February 24, 2022, Russia ignored international law and long-standing diplomatic agreements to launch a full-scale invasion of Ukraine by land, sea, and air. Disinformation campaigns continue to try and hide the facts that the Russian aggression has abandoned the basic principles of humanity, killing civilians, destroying cities, and creating a massive humanitarian crisis as […]

Read More
CVE-2021-22941: Citrix ShareFile Remote Code Execution Vulnerability  Exploited by PROPHET SPIDER
CVE-2021-22941: Citrix ShareFile Remote Code Execution Vulnerability Exploited by PROPHET SPIDER

A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]

Read More
Hacker Group APT41 on Months-Long Quest Breaching the U.S. State Government Networks
Hacker Group APT41 on Months-Long Quest Breaching the U.S. State Government Networks

The APT41 actors compromised six and counting U.S. state government networks starting May last year. APT41 conducted numerous exploits of public-facing web applications, including using notorious zero-day in Log4j, and leveraging a CVE-2021-44207 in USAHERDS web application, which is used in 18 states to monitor and report on animal health. Recent attacks are characterized by […]

Read More
SOC PRIME THREAT BOUNTY — FEBRUARY 2022 RESULTS
SOC PRIME THREAT BOUNTY — FEBRUARY 2022 RESULTS

Power of Community Collaboration On Thursday, February 24, 2022, the independent country of Ukraine was brutally attacked by Russian military forces. Turning down the regulations of international law, existing diplomatic agreements, and basic principles of humanity, the armed forces of the Russian Federation actively and openly supported by the ruling regime, have been barbarously attacking […]

Read More
PlugX Malware Used by China-Aligned APT Actor TA416 Targets European Allies to Cripple Ukrainian Refugee Services
PlugX Malware Used by China-Aligned APT Actor TA416 Targets European Allies to Cripple Ukrainian Refugee Services

The Chinese state-sponsored APT group TA416 (aka Mustang Panda/Red Delta) has been found targeting European government agencies and diplomatic entities that deliver services for Ukrainian refugees and migrants who flee from Russian aggression. A detailed analysis shows that attackers primarily aim at conducting long-term cyber-espionage campaigns rather than chasing immediate gains. The research conducted by […]

Read More