Tag: Uncoder AI

AI-Generated Carbon Black Detection Rule for DarkCrystal RAT Campaign
AI-Generated Carbon Black Detection Rule for DarkCrystal RAT Campaign

How It Works Uncoder AI processes threat reports like CERT-UA#14045 on DarkCrystal RAT and generates Carbon Black-compatible detection logic. This feature maps observed file hashes, execution patterns, and C2 infrastructure into a rule that’s ready to deploy within Carbon Black’s behavioral telemetry stack. On the left, the threat report details the DarkCrystal campaign, including: Malicious […]

Read More
AI-Powered SPL Rule Generation for WRECKSTEEL IOC Detection
AI-Powered SPL Rule Generation for WRECKSTEEL IOC Detection

How It Works Uncoder AI converts complex threat intelligence—like the CERT-UA#14283 report on the WRECKSTEEL PowerShell stealer—into Splunk’s Search Processing Language (SPL) for direct deployment in security analytics workflows. It parses IOC-rich reports containing hashes, URLs, domains, and behavioral indicators to generate multi-index SPL queries aligned with Splunk’s native event and network telemetry. On the […]

Read More
AI-Generated SentinelOne DNS Query for WRECKSTEEL Detection
AI-Generated SentinelOne DNS Query for WRECKSTEEL Detection

How It Works Uncoder AI streamlines threat detection in SentinelOne by automatically transforming raw intelligence into executable event queries. In this case, it focuses on WRECKSTEEL (CERT-UA#14283), a PowerShell-based stealer campaign, by parsing dozens of malicious indicators — including over 30 domains and download URLs — and converting them into a single EventQuery targeting DNS […]

Read More
AI-Powered IOC Parsing for WRECKSTEEL Detection in CrowdStrike
AI-Powered IOC Parsing for WRECKSTEEL Detection in CrowdStrike

How It Works Uncoder AI automates the decomposition of complex IOC-driven detection logic authored in CrowdStrike Endpoint Query Language (EQL). This example centers around the CERT-UA#14283 report, targeting WRECKSTEEL — a PowerShell-based infostealer. The AI engine interprets an extensive detection rule designed to match various execution chains linked to WRECKSTEEL, enabling analysts to quickly understand […]

Read More
IOC-to-Query Conversion for SentinelOne in Uncoder AI
IOC-to-Query Conversion for SentinelOne in Uncoder AI

How It Works 1. IOC Extraction from Threat Report Uncoder AI automatically parses and categorizes indicators from the incident report (on the left), including: Malicious domains, such as: mail.zhblz.com docs.google.com.spreadsheets.d.l1p6eeakedbmwteh36vana6hu-glaekssht-boujdk.zhblz.com doc.gmail.com.gyehdhhrggdi1323sdnhnsiwvh2uhdqjwdhhfjcjeuejcj.zhblz.com These domains are linked to phishing documents, spoofed login portals, and data exfiltration endpoints. Explore Uncoder AI 2. SentinelOne-Compatible Query Generation On the right, […]

Read More
IOC Query Generation for Microsoft Sentinel in Uncoder AI
IOC Query Generation for Microsoft Sentinel in Uncoder AI

How It Works 1. IOC Parsing from Threat Report Uncoder AI automatically identifies and extracts key observables from the threat report, including: Malicious domains like: docs.google.com.spreadsheets.d.l1p6eeakedbmwteh36vana6hu-glaekssht-boujdk.zhblz.com mail.zhblz.com doc.gmail.com.gyehdhhrggdi1323sdnhnsiwvh2uhdqjwdhhfjcjeuejcj.zhblz.com These IOCs are used by the adversary for phishing and staging access to victim mailboxes. Explore Uncoder AI 2. Sentinel-Compatible KQL Generation On the right, Uncoder AI […]

Read More
IOC-to-Query Generation for Google SecOps (Chronicle) in Uncoder AI
IOC-to-Query Generation for Google SecOps (Chronicle) in Uncoder AI

How It Works 1. IOC Extraction from Threat Reports Uncoder AI automatically parses structured threat reports to extract: Domains and subdomains (e.g., mail.zhblz.com, doc.gmail.com.gyehdhhrggdi…) URLs and paths from phishing and payload delivery servers Related IPs, hashes, and filenames (seen on the left) This saves significant manual effort compared to copying and normalizing IOCs from multiple […]

Read More
AI-Driven IOC Conversion for Palo Alto Cortex XSIAM Queries
AI-Driven IOC Conversion for Palo Alto Cortex XSIAM Queries

How It Works Uncoder AI translates threat intelligence into Cortex XSIAM detection logic by ingesting structured IOCs and extracting relevant execution behaviors. This example focuses on the WRECKSTEEL campaign (CERT-UA#14283), a PowerShell-based stealer that abuses native tools and network requests to exfiltrate data. On the left, Uncoder AI parses dozens of SHA256 hashes, filenames, scripts […]

Read More
Uncovering Insider Risks with Full Summary in Uncoder AI: A Microsoft Defender for Endpoint Case
Uncovering Insider Risks with Full Summary in Uncoder AI: A Microsoft Defender for Endpoint Case

Identifying unauthorized access to sensitive data—especially passwords—remains a critical concern for cybersecurity teams. When such access happens through legitimate tools like Notepad, visibility becomes a challenge. But with Uncoder AI’s Full Summary feature, security analysts can immediately understand the logic behind detection rules targeting exactly that type of threat. Explore Uncoder AI In a recent […]

Read More
Investigating Suspicious Rsync Shell Activity with Uncoder AI and Carbon Black Query Language
Investigating Suspicious Rsync Shell Activity with Uncoder AI and Carbon Black Query Language

Monitoring remote file transfer utilities like rsync is essential in detecting stealthy lateral movement or data exfiltration across Unix-based environments. But not all rsync usage is equal. In some cases, it can silently launch shell processes under the hood—making threat detection harder for defenders. That’s where Uncoder AI’s Full Summary becomes invaluable. When used alongside […]

Read More