Tag: Threat Hunting Content

EMOTET IS BACK
Detect Emotet Activity: Infamous Malware Resurfaced to Target Systems Worldwide

The notorious Emotet is back, having its Epoch 5 resurgence after all the command and control (C&C) servers of the botnet were disrupted in a joint international law enforcement Operation Ladybird in early 2021. As per researchers, it was only a matter of time for Emotet’s C&C infrastructure to restore and begin a full-fledged cyber-attack […]

Read More
SOC Prime Unlocks Free Hunting Content to Defend Against Russia-Backed Cyber Threats

On February 24, 2022, Russia ignored international law and long-standing diplomatic agreements to launch a full-scale invasion of Ukraine by land, sea, and air. Disinformation campaigns continue to try and hide the facts that the Russian aggression has abandoned the basic principles of humanity, killing civilians, destroying cities, and creating a massive humanitarian crisis as […]

Read More
CVE-2021-22941
CVE-2021-22941: Citrix ShareFile Remote Code Execution Vulnerability Exploited by PROPHET SPIDER

A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]

Read More
Hacker Group APT41
Hacker Group APT41 on Months-Long Quest Breaching the U.S. State Government Networks

The APT41 actors compromised six and counting U.S. state government networks starting May last year. APT41 conducted numerous exploits of public-facing web applications, including using notorious zero-day in Log4j, and leveraging a CVE-2021-44207 in USAHERDS web application, which is used in 18 states to monitor and report on animal health. Recent attacks are characterized by […]

Read More
Threat Bounty Program 2022
SOC PRIME THREAT BOUNTY — FEBRUARY 2022 RESULTS

Power of Community Collaboration On Thursday, February 24, 2022, the independent country of Ukraine was brutally attacked by Russian military forces. Turning down the regulations of international law, existing diplomatic agreements, and basic principles of humanity, the armed forces of the Russian Federation actively and openly supported by the ruling regime, have been barbarously attacking […]

Read More
TA416 attack
PlugX Malware Used by China-Aligned APT Actor TA416 Targets European Allies to Cripple Ukrainian Refugee Services

The Chinese state-sponsored APT group TA416 (aka Mustang Panda/Red Delta) has been found targeting European government agencies and diplomatic entities that deliver services for Ukrainian refugees and migrants who flee from Russian aggression. A detailed analysis shows that attackers primarily aim at conducting long-term cyber-espionage campaigns rather than chasing immediate gains. The research conducted by […]

Read More
Dirty Pipe
Dirty Pipe Disclosure: Gives Root Privileges, Impacts the Latest Versions of Linux

A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processes’ interaction within the OS, dubbed a […]

Read More
ContiLeaks: Conti Ransomware Group’s Chat and Source Code Leaked by Ukrainian Cybersecurity Researcher

One of the fiercest Russia-backed ransomware actors, Conti Group, has become a victim of a data breach. On February 27, 2022, a mysterious Twitter member @ContiLeaks started publishing a series of posts linking to archives with private messages and the source code of Conti. Other posts of a whistleblower make it quite obvious that he […]

Read More
Withstanding Russian Military Aggression Together

On Feb 24, 2022, Ukraine woke up to multiple shelling attacks across the country as Russia aggressively invaded its neighbor, violating all current international agreements. Russian troops and tanks attacked Ukrainian borders on the East, West, and North, sent by the Kremlin as a next savage step in the continuous violation of territorial integrity of […]

Read More
Stop Russia’s DDoS Protection: SOC Prime Appeals to US Tech Leaders to Prevent Aggressors From Spreading Misinformation

On February 24, 2022, Russia launched a full-scale invasion of Ukraine. Russia has called this a “Special Military Operation” for peacekeeping aimed at the “Liberation of Ukraine”. The facts illustrate something altogether different as destruction has been massive and civilian populations have suffered greatly. The war has cost the lives of 2,000 civilians, and the […]

Read More