18+ hour, 48+ min ago  (195+ words) SOC Prime Bias: High Threat actors are distributing malicious LNK files disguised as privacy consent forms to deceive users into opening them. When executed, these shortcut files launch obfuscated Power Shell commands that retrieve and run additional payloads using fileless…...

2+ day, 13+ hour ago  (202+ words) SOC Prime Bias: High A low-skilled threat actor known as "Poisson" carried out a multi-stage credential theft campaign aimed at French individuals and a small business. The attacker used Havoc C2, a custom Python keylogger, and built resilient access through Open…...

3+ day, 12+ hour ago  (197+ words) SOC Prime Bias: Critical The threat actor UNC6240, also known as Shiny Hunters, is running an active compromise and extortion campaign against Oracle People Soft environments. The attackers abuse a zero-day remote code execution flaw in the Environment Management component to…...

3+ day, 13+ hour ago  (246+ words) SOC Prime SOC Prime Bias: High Onyx C2: A New Stealer Targeting 210 Applications Onyx C2 is an emerging malware-as-a-service stealer designed to target credentials, two-factor authentication extensions, and cryptocurrency wallets across roughly 210 applications. The platform offers a full commercial-style toolkit, including a…...

3+ day, 20+ hour ago  (210+ words) SOC Prime SOC Prime Bias: Critical Analyzing SHEET#CREEP: The Malware Returns with New Config Obfuscation An active espionage operation known as SHEETCREEP relies on a C# remote access trojan that uses the Google Sheets API for command and control....

4+ day, 20+ hour ago  (298+ words) SOC Prime SOC Prime Bias: High [Op Report] From SSA Phish to Adaptix C2: A Multi-RAT Intrusion A threat actor carried out a layered commodity intrusion beginning with a phishing email themed around the U. S. Social Security Administration. The operation relied on…...

1+ week, 3+ day ago  (433+ words) SOC Prime SOC Prime Bias: Critical From Crypto Wallets to a 100 M-User VPN: Inside an Active STX RAT Supply Chain Campaign Researchers uncovered an active supply chain campaign in which a threat actor abused DLL sideloading with a malicious CRYPTBASE....

1+ week, 3+ day ago  (273+ words) SOC Prime Bias: Medium Cofense traced the campaign from the spoofed sender address through the malicious domains, the Power Shell downloader, and the final malware payload. Dynamic analysis of mysql. exe revealed outbound communication with a command-and-control server at 185. 193. 127. 44 and…...

1+ week, 3+ day ago  (129+ words) SOC Prime Bias: High Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

1+ week, 4+ day ago  (751+ words) SOC Prime SOC Prime Bias: Critical Gamma Steel: Inside Gamaredon's Unfolding Malware Chain The report describes Gamma Steel, a new Gamaredon ( UAC-0010 ) intrusion chain built around a fileless Power Shell stealer. The malware stores 71 encrypted functions in the HKCU\Printers…...