How It Works 1. IOC Extraction Uncoder AI scans the threat report (left panel) and identifies malicious network infrastructure associated with: HATVIBE and CHERRYSYSPY loaders Suspicious communication and command-and-control domains like: trust-certificate.net namecheap.com enrollmenttdm.com n247.com mtw.ru Explore Uncoder AI These domains are associated with: Fake certificate lures Python-based loaders Malicious HTA stagers Credential theft via […]

The post Domain-Based IOC Detection for Carbon Black in Uncoder AI appeared first on SOC Prime.

As GenAI continues to shape modern cybersecurity with its powerful advantages for strengthening defense mechanisms, it simultaneously introduces new risks as threat actors increasingly exploit the technology for malicious activities. Adversaries have been recently observed using fake AI installers as lures to spread diverse threats, including the CyberLock and Lucky_Gh0$t ransomware strains and a newly […]

The post CyberLock, Lucky_Gh0$t, and Numero Detection: Hackers Weaponize Fake AI Tool Installers in Ransomware and Malware Attacks appeared first on SOC Prime.

Threat actors often exploit cloud services for C2 to disguise their actions as normal, legitimate traffic. The nefarious Chinese state-backed APT41 hacking collective has been observed employing the TOUGHPROGRESS malicious strain delivered through a hacked government website and targeting multiple other governmental entities. What sets this attack apart is that the malware uses Google Calendar […]

The post APT41 Attack Detection: Chinese Hackers Exploit Google Calendar and Deliver TOUGHPROGRESS Malware Targeting Government Agencies appeared first on SOC Prime.

How It Works Uncoder AI processes threat reports like CERT-UA#14045 on DarkCrystal RAT and generates Carbon Black-compatible detection logic. This feature maps observed file hashes, execution patterns, and C2 infrastructure into a rule that’s ready to deploy within Carbon Black’s behavioral telemetry stack. On the left, the threat report details the DarkCrystal campaign, including: Malicious […]

The post AI-Generated Carbon Black Detection Rule for DarkCrystal RAT Campaign appeared first on SOC Prime.

How It Works Uncoder AI converts complex threat intelligence—like the CERT-UA#14283 report on the WRECKSTEEL PowerShell stealer—into Splunk’s Search Processing Language (SPL) for direct deployment in security analytics workflows. It parses IOC-rich reports containing hashes, URLs, domains, and behavioral indicators to generate multi-index SPL queries aligned with Splunk’s native event and network telemetry. On the […]

The post AI-Powered SPL Rule Generation for WRECKSTEEL IOC Detection appeared first on SOC Prime.

Following the disclosure of CVE-2025-4427 and CVE-2025-4428, two Ivanti EPMM vulnerabilities that can be chained for RCE, another critical security issue has emerged, posing a severe threat to organizations that rely on Active Directory (AD). A recently uncovered privilege escalation vulnerability in Windows Server 2025 gives attackers the green light to gain control over any […]

The post BadSuccessor Detection: Critical Windows Server Vulnerability Can Compromise Any User in Active Directory appeared first on SOC Prime.

How It Works Uncoder AI streamlines threat detection in SentinelOne by automatically transforming raw intelligence into executable event queries. In this case, it focuses on WRECKSTEEL (CERT-UA#14283), a PowerShell-based stealer campaign, by parsing dozens of malicious indicators — including over 30 domains and download URLs — and converting them into a single EventQuery targeting DNS […]

The post AI-Generated SentinelOne DNS Query for WRECKSTEEL Detection appeared first on SOC Prime.

How It Works Uncoder AI automates the decomposition of complex IOC-driven detection logic authored in CrowdStrike Endpoint Query Language (EQL). This example centers around the CERT-UA#14283 report, targeting WRECKSTEEL — a PowerShell-based infostealer. The AI engine interprets an extensive detection rule designed to match various execution chains linked to WRECKSTEEL, enabling analysts to quickly understand […]

The post AI-Powered IOC Parsing for WRECKSTEEL Detection in CrowdStrike appeared first on SOC Prime.

How It Works 1. IOC Extraction from Threat Report Uncoder AI automatically parses and categorizes indicators from the incident report (on the left), including: Malicious domains, such as: mail.zhblz.com docs.google.com.spreadsheets.d.l1p6eeakedbmwteh36vana6hu-glaekssht-boujdk.zhblz.com doc.gmail.com.gyehdhhrggdi1323sdnhnsiwvh2uhdqjwdhhfjcjeuejcj.zhblz.com These domains are linked to phishing documents, spoofed login portals, and data exfiltration endpoints. Explore Uncoder AI 2. SentinelOne-Compatible Query Generation On the right, […]

The post IOC-to-Query Conversion for SentinelOne in Uncoder AI appeared first on SOC Prime.

How It Works 1. IOC Parsing from Threat Report Uncoder AI automatically identifies and extracts key observables from the threat report, including: Malicious domains like: docs.google.com.spreadsheets.d.l1p6eeakedbmwteh36vana6hu-glaekssht-boujdk.zhblz.com mail.zhblz.com doc.gmail.com.gyehdhhrggdi1323sdnhnsiwvh2uhdqjwdhhfjcjeuejcj.zhblz.com These IOCs are used by the adversary for phishing and staging access to victim mailboxes. Explore Uncoder AI 2. Sentinel-Compatible KQL Generation On the right, Uncoder AI […]

The post IOC Query Generation for Microsoft Sentinel in Uncoder AI appeared first on SOC Prime.