Hot on the heels of the critical SAP NetWeaver CVE-2025-31324 exploitation campaign active since April 2025, another zero-day vulnerability has surfaced in the spotlight. Google recently issued emergency patches for three Chrome vulnerabilities, including one actively weaponized in in-the-wild attacks. The most critical, tracked as CVE-2025-5419, lets remote attackers trigger heap corruption using a crafted […]

The post CVE-2025-5419 Vulnerability: New Google Chrome Zero-Day Actively Exploited in the Wild appeared first on SOC Prime.

How It Works This feature in Uncoder AI translates complex threat intelligence into structured CrowdStrike CSQL (CrowdStrike Search Query Language), enabling instant use within Falcon Endpoint Search. In this example, indicators from CERT-UA#13738 describe a Gamaredon (UAC-0173 / LITENKODER) campaign leveraging ZIP files and cloud-hosted payloads. Uncoder AI processes the report and outputs a valid, […]

The post IOC-to-CSQL Detection for Gamaredon Domains appeared first on SOC Prime.

How It Works This Uncoder AI feature showcases its ability to analyze and validate Chronicle UDM queries involving multiple domain-based conditions. In this example, Uncoder AI processes a threat-hunting query associated with Sandworm (UAC-0133) activity, which targets a set of .sh and .so domains. The platform automatically identifies that the detection logic uses a field-level […]

The post AI-Validated Hostname Filtering for Chronicle Queries appeared first on SOC Prime.

How It Works This Uncoder AI feature enables instant creation of detection queries for VMware Carbon Black Cloud using structured threat intelligence, such as that from CERT-UA#12463. In this case, Uncoder AI processes indicators associated with UAC-0099 activity and formats them into a syntactically correct domain query. Parsed Threat Data The source threat report includes […]

The post AI-Assisted Domain Detection Logic for Carbon Black in Uncoder AI appeared first on SOC Prime.

How It Works This feature in Uncoder AI demonstrates how to validate and optimize URL-based detection logic for Microsoft Defender for Endpoint, using Kusto Query Language (KQL). In the example shown, the input consists of remote access indicators from CERT-UA#11689 (WRECKSTEEL), which include phishing domains and command-and-control endpoints. Detection Pattern: The KQL query performs the […]

The post URL-Based IOC Validation for Microsoft Defender KQL appeared first on SOC Prime.

A critical vulnerability in Cisco’s Identity Services Engine (ISE) enables unauthenticated remote attackers to retrieve sensitive information and perform administrative actions across various cloud environments upon exploitation. With a PoC code exploit now publicly accessible, the flaw, tracked as CVE-2025-20286, poses a serious threat to global organizations that take advantage of the corresponding Cisco product […]

The post CVE-2025-20286 Vulnerability Exploitation: Critical Cisco ISE Flaw Affects AWS, Microsoft Azure, and OCI Cloud Deployments appeared first on SOC Prime.

How It Works This feature of Uncoder AI transforms structured threat intel into Microsoft Defender for Endpoint-compatible KQL detection rules. In this case, it ingests IOCs from CERT-UA#11689, focusing on a known APT28 tradecraft: clipboard-based PowerShell payloads fetching staging scripts from malicious domains. IOC Extraction from Reported Behavior The left panel shows observables extracted from […]

The post AI-Generated MDE Queries from APT28 Clipboard Attacks appeared first on SOC Prime.

How It Works This Uncoder AI feature generates a broad-spectrum KQL detection query for Microsoft Sentinel, based on indicators from CERT-UA#14045 (DarkCrystal RAT). The AI processes a threat report and outputs a query to search logs for strings such as: “Розпорядження.zip” – a suspicious Ukrainian-language file name used to disguise malware “imgurl.ir” – a known […]

The post Zip Archive & C2 Domain Detection in Microsoft Sentinel via Uncoder AI appeared first on SOC Prime.

How It Works This Uncoder AI feature analyzes a complex CERT-UA#1170 threat report describing the LITERNAMAGER malware family and generates a Cortex XSIAM-compatible XQL rule. The AI extracts structured indicators and behaviors, then maps them to different Cortex datasets: 1. Process & Command Line Activity The rule detects suspicious command-line execution of: YOURClient.exe YOURServer.exe including […]

The post Full Detection Logic for LITERNAMAGER in Cortex XSIAM via Uncoder AI appeared first on SOC Prime.

How It Works This feature in Uncoder AI ingests structured IOCs from threat reports — in this case, dozens of malicious domains tied to credential phishing (e.g., fake Google, Microsoft, and Telegram login portals). The tool processes and structures the data to automatically output a Splunk-compatible detection query. Domain-Based Filtering with dest_host The output query […]

The post Instant Domain Matching Logic for Splunk via Uncoder AI appeared first on SOC Prime.