SOC PrimeSep 1, 2023

#UAC0057 sets eyes on Ukraine exploiting #WinRAR #zeroday #vulnerability (СVE-2023-38831) to spread #PicassoLoader and #CobaltStrike Beacon, as #CERTUA reports. Proactively detect #cyberattacks with #SigmaRules from SOC Prime Platform.

https://socprime.com/blog/cve-2023-38831-detection-uac-0057-group-exploits-a-winrar-zero-day-to-spread-a-picassoloader-variant-and-cobaltstrike-beacon-via-rabbit-algorithm/ #CVE #malware

CVE-2023-38831 Detection: UAC-0057 Group Exploits a WinRAR Zero-Day to Spread a PicassoLoader Variant and CobaltStrike Beacon via Rabbit Algorithm - SOC Prime

Detect CVE-2023-38831 exploitation attempts in attacks by UAC-0057 spreading PicassoLoader & CobaltStrike Beacon with Sigma rules from SOC Prime Platform.

SOC Prime
SOC PrimeJun 16, 2023

#CERTUA notifies cyber defenders of new attacks against Ukraine by #UAC0057 aka #GhostWriter spreading #PicassoLoader and #CobaltStrike Beacon to target the country's national military education institution. Detect associated malicious activity with a set of curated #Sigma rules in the SOC Prime Platform.

https://socprime.com/blog/shuckworm-espionage-group-attack-detection-russia-backed-threat-actors-repeatedly-attack-ukrainian-military-security-and-government-organizations/
#DFIR #APT #threathunting #threatdetection #BlueTeam #GreenTeam #cyberdefense

Shuckworm Espionage Group Attack Detection: russia-backed Threat Actors Repeatedly Attack Ukrainian Military, Security, and Government Organizations - SOC Prime

Detect Shuckworm espionage group cyber-attacks with a set of curated Sigma rules in the SOC Prime Platform.

SOC Prime