How It Works 1. IOC Parsing from Threat Report Uncoder AI automatically identifies and extracts key observables from the threat report, including: Malicious domains like: docs.google.com.spreadsheets.d.l1p6eeakedbmwteh36vana6hu-glaekssht-boujdk.zhblz.com mail.zhblz.com doc.gmail.com.gyehdhhrggdi1323sdnhnsiwvh2uhdqjwdhhfjcjeuejcj.zhblz.com These IOCs are used by the adversary for phishing and staging access to victim mailboxes. Explore Uncoder AI 2. Sentinel-Compatible KQL Generation On the right, Uncoder AI […]

The post IOC Query Generation for Microsoft Sentinel in Uncoder AI appeared first on SOC Prime.

How It Works 1. IOC Extraction from Threat Reports Uncoder AI automatically parses structured threat reports to extract: Domains and subdomains (e.g., mail.zhblz.com, doc.gmail.com.gyehdhhrggdi…) URLs and paths from phishing and payload delivery servers Related IPs, hashes, and filenames (seen on the left) This saves significant manual effort compared to copying and normalizing IOCs from multiple […]

The post IOC-to-Query Generation for Google SecOps (Chronicle) in Uncoder AI appeared first on SOC Prime.

How It Works 1. IOC Extraction from Threat Reports Uncoder AI automatically parses structured threat reports to extract: Domains and subdomains (e.g., mail.zhblz.com, doc.gmail.com.gyehdhhrggdi…) URLs and paths from phishing and payload delivery servers Related IPs, hashes, and filenames (seen on the left) This saves significant manual effort compared to copying and normalizing IOCs from multiple […]

The post IOC-to-Query Generation for Google SecOps (Chronicle) in Uncoder AI appeared first on SOC Prime.

How It Works Uncoder AI translates threat intelligence into Cortex XSIAM detection logic by ingesting structured IOCs and extracting relevant execution behaviors. This example focuses on the WRECKSTEEL campaign (CERT-UA#14283), a PowerShell-based stealer that abuses native tools and network requests to exfiltrate data. On the left, Uncoder AI parses dozens of SHA256 hashes, filenames, scripts […]

The post AI-Driven IOC Conversion for Palo Alto Cortex XSIAM Queries appeared first on SOC Prime.

How It Works Uncoder AI translates threat intelligence into Cortex XSIAM detection logic by ingesting structured IOCs and extracting relevant execution behaviors. This example focuses on the WRECKSTEEL campaign (CERT-UA#14283), a PowerShell-based stealer that abuses native tools and network requests to exfiltrate data. On the left, Uncoder AI parses dozens of SHA256 hashes, filenames, scripts […]

The post AI-Driven IOC Conversion for Palo Alto Cortex XSIAM Queries appeared first on SOC Prime.

A coordinated advisory from cybersecurity and intelligence agencies across North America, Europe, and Australia confirms a two-year-long cyberespionage campaign by russian GRU Unit 26165 (APT28, Forest Blizzard, Fancy Bear). The campaign targets logistics and tech providers facilitating foreign aid to Ukraine. Detect APT28 (Forest Blizzard, Fancy Bear) Attacks Against Western Companies Since a full-scale invasion […]

The post Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign appeared first on SOC Prime.

A coordinated advisory from cybersecurity and intelligence agencies across North America, Europe, and Australia confirms a two-year-long cyberespionage campaign by russian GRU Unit 26165 (APT28, Forest Blizzard, Fancy Bear). The campaign targets logistics and tech providers facilitating foreign aid to Ukraine. Detect APT28 (Forest Blizzard, Fancy Bear) Attacks Against Western Companies Since a full-scale invasion […]

The post Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign appeared first on SOC Prime.

In today’s fast-evolving ransomware landscape, threat actors are accelerating their tactics to gain access and deploy payloads with alarming speed. Increasingly, attackers are leveraging known vulnerabilities as entry points, as seen in a recent attack where adversaries exploited CVE-2023-22527, a maximum-severity template injection flaw in Atlassian Confluence, to compromise an internet-exposed system. Just 62 hours […]

The post ELPACO-Team Ransomware Attack Detection: Hackers Exploit Atlassian Confluence Vulnerability (CVE-2023-22527) to Gain RDP Access and Enable RCE appeared first on SOC Prime.

Following the disclosure of CVE-2025-31324, an unauthenticated file upload vulnerability in SAP NetWeaver enabling RCE, two more security flaws have surfaced in Ivanti Endpoint Manager Mobile (EPMM) software. Identified as CVE-2025-4427 and CVE-2025-4428, these vulnerabilities can be chained together to achieve RCE on vulnerable devices without requiring authentication. Detect CVE-2025-4427 and CVE-2025-4428 Exploit Chain With […]

The post CVE-2025-4427 and CVE-2025-4428 Detection: Ivanti EPMM Exploit Chain Leading to RCE  appeared first on SOC Prime.

A newly revealed SAP NetWeaver critical vulnerability, an unauthenticated file upload flaw that allows RCE and tracked as CVE-2025-31324, is being actively exploited by several China-linked nation-state groups to attack critical infrastructure systems. Defenders attribute the observed intrusions to Chinese cyber-espionage groups, which are likely linked to China’s Ministry of State Security (MSS) or its […]

The post Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure appeared first on SOC Prime.