1+ day, 5+ hour ago  (190+ words) SOC Prime Bias: Medium Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative directly reflect the identified TTPs and aim to generate the exact telemetry expected by…...

2+ week, 4+ day ago  (427+ words) SOC Prime SOC Prime Bias: Critical Silver Fox Wraps Valley RAT in ZPAQ and a Byte Dance Binary: A Telegram Chinese Language Pack MSI Lure A rogue MSI installer posing as a Telegram Chinese language pack delivers a layered infection…...

2+ week, 4+ day ago  (175+ words) SOC Prime Bias: Medium Remove the Security Health Run value and delete Spotify. lnk from the user's Startup folder. Delete the Windows Update directory under App Data\Local\Programs and remove the temporary Win Gettools folder. Reset stored passwords, enable…...

2+ week, 6+ day ago  (400+ words) SOC Prime SOC Prime Bias: Critical UAT-10608 Exposed: Automated Credential Theft at Scale Against Web Applications Cisco Talos reports a large-scale operation abusing the React2 Shell weakness in Next. js apps to steal credentials in bulk. The attackers use a purpose-built…...

2+ week, 6+ day ago  (220+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

2+ week, 6+ day ago  (120+ words) SOC Prime Bias: Critical The Kimsuky threat actor drops two malicious files to the victim host: The attacker invokes these scripts directly using the native Windows script hosts to stay "living'off'the'land: Both executions generate a Process Creation event with the…...

3+ week, 12+ hour ago  (274+ words) SOC Prime SOC Prime Bias: High Unpacking Augmented Marauder's Multi-Pronged Casbaneiro Campaigns Researchers reconstructed the end-to-end chain from the initial attachment through execution of the final payload. They analyzed an HTA stage that triggers mshta. exe, followed by a two-step…...

3+ week, 1+ day ago  (220+ words) SOC Prime Bias: High The report references behaviors such as chunked payload delivery that is reassembled in memory, credential-stealing extensions, AI-assisted spear-phishing, and prompt-injection attempts aimed at agentic browsing workflows. It also cites data points indicating a meaningful share of…...

3+ week, 1+ day ago  (106+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

3+ week, 1+ day ago  (146+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...