Tag: Threat Hunting

BumbleBee Malware
BumbleBee Malware Detection

Security researchers report on malicious activity associated with the distribution of BumbleBee malware traced back to the initial access broker (IAB) dubbed Exotic Lily. Research data suggest that adversaries use the file transfer tools such as TransferXL, TransferNow, and WeTransfer, to spread BumbleBee malware. The malware is used to launch Cobalt Strike attacks. Detect BumbleBee […]

Read More
AveMariaRAT, BitRAT, and PandoraHVNC
Fileless Malware Detection: AveMariaRAT / BitRAT / PandoraHVNC Attacks

Cybercrooks are targeting Microsoft Windows users with three fileless malware strains used at once in a new phishing campaign. The phishing mail mimics a payment report from a trusted source, with a brief request to view an attached Microsoft Excel document. The file contains weaponized macros and, once launched, drops the malware aimed to steal […]

Read More
CVE-2022-29108
CVE-2022-29108 Detection: Newly Discovered Flaw in Microsoft SharePoint Server

Microsoft Patch Tuesday for May 2022 brought to the daylight 74 flaws in Microsoft products, among them critical vulnerabilities, such as a CVE-2022–26923, along with the necessary fixes to mitigate them. The new SharePoint Server remote code execution (RCE) vulnerability is similar to another Microsoft SharePoint RCE tagged CVE-2022-22005 that was discovered in February this […]

Read More
SOC Prime Selected as a Finalist in the 2022 SC Awards

Company’s Recognition for Excellence Awards Finalist in the Most Promising Early-Stage Startup Category Ranked as the industry’s most prestigious and competitive accomplishment, the SC Awards recognizes future-proof solutions, progressive organizations, and leaders that are driving innovation and transforming cybersecurity. This year marks the 25th anniversary of the SC Awards initiative, which includes two main award […]

Read More
SIGMA Rules: The Beginner’s Guide

This blog post argues for SIGMA as a detection language, covers the most critical SIGMA rule components (logsource & detection), SIGMA taxonomy, testing SIGMA Rules, and generally prepares analysts who are new to SIGMA to write their first rules. A short discussion on detection engineering with SIGMA is also provided regarding noise, ideas, log sources, […]

Read More
What Is MITRE ATT&CK® and How to Use It for Self-Advancement?

INTRODUCTION Many blue teams are using MITRE ATT&CK® for advancement in the maturity of their detection and response. Blue team’s arsenal of EDR tools, event logs, and triage tools are all opening up the story of what’s occurring on endpoints. However, anomalies are normal and these alerts and data sources need to be triaged to […]

Read More
Uncoder CTI
Uncoder CTI: Step-by-step Guidelines

SOC Prime is thrilled to announce that Uncoder CTI, introduced with the release of the SOC Prime platform for collaborative cyber defense, is now available for public use at https://cti.uncoder.io/. From now, threat intelligence analysts and threat hunters regardless of their experience in the field can try on-the-spot IOC-based hunting for threats using Uncoder CTI. […]

Read More
Interview with Threat Bounty Developer: Shelly Raban

Meet a fresh and hot newscast highlighting the power of our community! Today we want to introduce you to Shelly Raban, a keen developer contributing to SOC Prime’s Threat Bounty Program since November 2020. Shelly swiftly became a prolific SOC content creator, concentrating her efforts on YARA rules. You can refer to Shelly’s detections of […]

Read More
Interview with Developer: Roman Ranskyi

Today, we want to introduce to our readers one of the detection content authors whose name you can see on the SOC Prime Threat Detection Marketplace Leaderboards. Meet Roman Ranskyi, Threat Hunting/Content Developer Engineer at SOC Prime. Read about Threat Bounty Program  – https://my.socprime.com/tdm-developers   More interviews with Threat Bounty Program developers – https://socprime.com/tag/interview/ Roman, […]

Read More
Threat Hunting Basics: Getting Manual

The purpose of this blog is to explain the necessity for manual (non-alert based) analysis methods in threat hunting. An example of effective manual analysis via aggregations/stack counting is provided. Automation Is Necessary Automation is absolutely critical and as threat hunters we must automate where possible as much as possible. However, automation is built on […]

Read More