A new Rust-based stealer malware dubbed Fickle Stealer has come to the scene, capable of extracting sensitive data from compromised users. The new stealer masquerades itself as GitHub Desktop software for Windows and employs a wide range of anti-malware and detection evasion techniques, posing a growing threat to its potential victims. Detect Fickle Stealer Malware […]

The post Fickle Stealer Malware Detection: New Rust-Based Stealer Disguises as Legitimate Software to Steal Data from Compromised Devices appeared first on SOC Prime.

Hot on the heels of the recent wave of cyber-attacks leveraging a highly evasive Strela Stealer in Central and Southwestern Europe, a new infostealer comes into the spotlight targeting sensitive data within the government and education sectors across Europe and Asia. Defenders have observed an ongoing info-stealing campaign attributed to Vietnamese-speaking adversaries who leverage a […]

The post PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia appeared first on SOC Prime.

Cybersecurity researchers have identified an ongoing in-the-wild adversary campaign, which leverages a known RCE vulnerability in Microsoft Office tracked as CVE-2017-0199 exploited by a malicious Excel file used as a lure attachment in phishing emails. The phishing campaign is designed to distribute a new fileless version of the notorious Remcos RAT malware and take full […]

The post New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant appeared first on SOC Prime.

Adversaries employ new Interlock ransomware in recently observed big-game hunting and double-extortion attacks against U.S. and European organizations in multiple industry sectors. Defenders assume with low confidence that Interlock ransomware might be a newly diversified group linked to the Rhysida ransomware affiliates or developers, based on comparable TTPs and encryptor binaries. Detect Interlock Ransomware Ransomware […]

The post Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant appeared first on SOC Prime.

Threat Bounty Rules Releases Welcome to the October results edition of our traditional Threat Bounty Monlty digest.  Last month, our global community of cybersecurity professionals participating in crowdsourced detection engineering promptly addressed emerging cyber threats with actionable detection content. As a result, 81 new detection rules by Threat Bounty Program members were released on the […]

The post SOC Prime Threat Bounty Digest — October 2024 Results appeared first on SOC Prime.

Essential Tips to Level Up in SOC Prime Threat Bounty Program As a detection engineer, SOC analyst, and threat hunter, joining SOC Prime’s Threat Bounty Program opens the door to significant professional growth within a globally recognized cybersecurity community. The Program is designed to harness the expertise in detection engineering, enabling members to contribute high-value […]

The post From Beginner to Pro: Your Successful Path in Threat Bounty appeared first on SOC Prime.

Security researchers have revealed a stealthy campaign targeting users in Central and Southwestern Europe with an email credential stealer. Dubbed Strela, this evasive malware is deployed via phishing emails, utilizing obfuscated JavaScript and WebDAV to circumvent conventional security measures. Since its emergence two years ago, Strela Stealer has significantly enhanced its malicious capabilities, allowing it […]

The post Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe appeared first on SOC Prime.

The nefarious hacking group UAC-0050, known for its persistent phishing attacks against Ukraine, has been observed massively distributing tax-related spoofed emails with PDF attachments imitating requests from the State Tax Service of Ukraine and exploiting a LITEMANAGER tool to gain unauthorized remote access to the targeted systems. Detect UAC-0050 Phishing Attacks Covered in the CERT-UA#11776 […]

The post UAC-0050 Phishing Attack Detection: The russia-Backed Group Massively Spreads Tax-Related Phishing Emails and Exploit LITEMANAGER appeared first on SOC Prime.

What are IOCs, and what is their role in cybersecurity?  In cybersecurity operations, Indicators of Compromise — such as IP addresses, file hashes, domains, and URLs — serve as crucial forensic evidence for identifying malicious activities within the organization’s network. These artifacts are essential to enabling security teams to detect potential cyber threats. To leverage […]

The post Practical Guide to Converting IOCs to SIEM Queries with Uncoder AI appeared first on SOC Prime.

The notorious Russian state-sponsored hacking group known as APT28 or UAC-0001, which has a history of launching targeted phishing attacks on Ukrainian public sector organizations, has resurfaced in the cyber threat landscape. In the latest adversary campaign covered by CERT-UA, attackers weaponize a PowerShell command embedded in the clipboard as an entry point to further conduct offensive […]

The post UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point appeared first on SOC Prime.